BookMyPatho
BrowseLab TestsHealth PackagesCustom Package
ToolsHealth TrackerPregnancy TrackerHealth Blog

Privacy Policy

How we collect, use, and protect your personal data.

Privacy Policy

This Privacy Policy explains how BookMyPatho collects, uses, stores, and protects your personal data in accordance with the Digital Personal Data Protection Act, 2023 (DPDPA), the Information Technology Act, 2000, and applicable Rules.

By using the BookMyPatho Platform, you consent to the collection and use of your data as described in this Policy. You have the right to withdraw consent at any time, subject to the conditions set out below.

1. Data We Collect

  • Personal Identification Data: Full name, date of birth, gender, mobile number, email address, Aadhaar number (collected only if required for partner KYC; not stored for patients), and home address for sample collection.
  • Health & Diagnostic Data: Test names, booked packages, booking history, diagnostic reports and test results received from LDPL, Health Tracker inputs, and Pregnancy tracker data (gestational week, health inputs).
  • Financial Data: Transaction ID and payment status (we do not store card numbers or UPI credentials) and commission records for Partners.
  • Technical Data: IP address, device type, browser, operating system, pages visited, session duration, and click behaviour (for analytics).

2. How We Use Your Data

  • To process diagnostic test bookings and coordinate sample collection.
  • To deliver reports to the patient via registered contact channels.
  • To operate the Health Tracker and Pregnancy Tracker features.
  • To send booking confirmations, report delivery alerts, and service notifications via SMS/WhatsApp/email.
  • To process commission payouts and maintain Partner financial records.
  • To comply with legal and regulatory obligations under Indian law.
  • To improve Platform features, fix issues, and analyse usage patterns (using anonymised data where possible).
  • We do NOT use your health data for advertising, profiling, or sale to third parties.

3. Data Sharing

  • LDPL (Labcorp Diagnostics Pvt. Ltd.): Patient booking data is shared with LDPL exclusively for the purpose of sample collection and test processing. LDPL handles this data in its capacity as a regulated diagnostic laboratory.
  • Partner Pharmacies / Clinics: Partners can view booking details and reports only for bookings made through their Partner Dashboard. Partners cannot access your data beyond the specific booking they facilitated.
  • Payment Gateway: Payment data is processed by our third-party payment gateway (e.g., Razorpay / Cashfree) under their own privacy policy. BookMyPatho does not store card details.
  • Legal Authorities: We may disclose data if required by law, court order, or a competent regulatory authority.
  • We do not sell, rent, or trade your personal data to any third party for commercial purposes.

4. Data Retention

  • Booking records and diagnostic reports: Retained for 7 years in accordance with applicable health and tax laws.
  • Partner KYC documents: Retained for the duration of the partnership plus 7 years.
  • Account data: Retained until account deletion is requested and processed.
  • Analytics data: Anonymised and retained indefinitely for platform improvement.

5. Your Rights Under DPDPA 2023

  • Right to Access: You may request a summary of what personal data BookMyPatho holds about you.
  • Right to Correction: You may request correction of inaccurate personal data.
  • Right to Erasure: You may request deletion of your personal data, subject to our legal retention obligations.
  • Right to Withdraw Consent: You may withdraw consent for data processing at any time, which will result in your account being deactivated and future bookings being unavailable.
  • Right to Grievance Redressal: You may raise a complaint with our Grievance Officer (privacy@bookmypatho.in) and, if unsatisfied, with the Data Protection Board of India once operational.

6. Data Security

  • All data is stored on encrypted servers. Diagnostic reports are accessible only to the patient through their registered account.
  • Partner Dashboard access is protected by OTP-based authentication.
  • We conduct periodic security reviews and access audits.
  • In the event of a data breach affecting your personal data, we will notify you within 72 hours of becoming aware of the breach, as required under DPDPA 2023.
  • While we take all reasonable precautions, no digital system is completely immune to breaches. We recommend using a strong password and not sharing your account credentials.

7. Additional Provisions

  • Cookies & Analytics: BookMyPatho uses cookies for session management, preference saving, and platform analytics. We use anonymised analytics data (e.g., via Google Analytics) to understand Platform usage and improve our services.
  • Children's Data: BookMyPatho does not knowingly collect personal data from children under 18 without verified parental or guardian consent.
  • Policy Updates: This Privacy Policy may be updated periodically. Material changes will be communicated via email or Platform notification at least 15 days before taking effect.
  • Contact for Privacy: For privacy concerns, email us at privacy@bookmypatho.in.