Privacy Policy
Your personal and medical information is treated with the same confidentiality standards we apply in our clinical practice — with honesty about what we collect, why, and how it is protected.
Dinaaz Hair & Skin Clinic is a registered medical practice. Health and medical data we collect is classified as Sensitive Personal Data under Indian law and is processed under the clinical confidentiality standards applicable to all registered medical practitioners. Your medical information will never be shared without your consent, except where required by Indian law.
Who We Are
Dinaaz Hair & Skin Clinic ("Dinaaz", "we", "us", "our") is a dermatology clinic operated under the clinical supervision of Dr. Nazia Iqbal Rajeeb (MBBS, MD Dermatology; KMC Registration No. KRL-2012-0001079-KTK). We operate clinics at Chandra Layout, HBR Layout (Bangalore) and Shimoga, Karnataka, India.
This Privacy Policy applies to all personal and health-related information we collect through our website (dinaaz.in), booking systems, WhatsApp communications, in-clinic consultations, and any other interaction you have with us.
For the purposes of the Digital Personal Data Protection Act 2023 (DPDPA), Dinaaz is the Data Fiduciary responsible for the collection and processing of your personal data.
What Information We Collect
We collect information in two categories:
Name, date of birth, gender, residential address, mobile number, email address, and any emergency contact details you provide.
This includes your medical history and current health conditions, medications, allergies and contraindications, photographs of the treatment area (scalp, skin, face) taken before, during and after treatment for clinical documentation and comparison, investigation reports, trichoscopy or dermatoscopy findings, procedure notes and surgical records, and records of treatments administered, products used and dosages.
WhatsApp messages, SMS, emails and phone call records where you contact us for appointments, follow-up, or queries.
IP address, browser type, pages visited on dinaaz.in, and referral source — collected automatically through standard website analytics tools.
Transaction reference numbers and payment confirmation details. We do not store full card numbers or UPI credentials — payments are processed through third-party PCI-DSS compliant gateways.
Why We Collect Your Information
We process your information for the following purposes:
To provide safe, personalised dermatological and aesthetic treatment. Medical records — including your history, photographs and procedure notes — are essential to your clinical care and to tracking your progress over time.
To schedule, confirm and send reminders for consultations and follow-up appointments via SMS, WhatsApp, or email.
Indian Medical Council guidelines require us to maintain patient records for a minimum of 3 years from the date of last treatment. Some records may need to be retained longer in the event of ongoing treatment or legal requirements.
Clinical photographs taken before and after procedures are used exclusively for your medical record and progress tracking. With your explicit, separately obtained consent, we may use anonymised or identifiable photographs for educational or marketing purposes — you are never obligated to provide this consent and it does not affect your treatment.
To issue invoices, process payments, and maintain financial records as required by Indian tax law.
To understand how visitors use our website and improve our online content. Analytics data is aggregate and not used to make decisions about your clinical care.
To comply with requirements from the Karnataka Medical Council, the Medical Council of India, tax authorities, and any court or regulatory body.
Legal Basis for Processing
Under the Digital Personal Data Protection Act 2023, we process your data on the following lawful bases:
Your Consent — For health and medical information (sensitive personal data), we obtain your explicit, informed consent at the time of your first consultation through our registration form and consent documents. You may withdraw consent at any time, subject to the constraints described in the Retention section below.
Contractual Necessity — Processing necessary to provide the medical services you have engaged us for, including booking, billing and clinical documentation.
Legal Obligation — Processing required to comply with regulations applicable to registered medical practitioners under Indian law.
Legitimate Interests — Website analytics, internal quality improvement, and fraud prevention — where these do not override your privacy interests.
Clinical Photographs — Special Notice
Clinical photographs are a standard and essential part of dermatological and aesthetic practice. We photograph treatment areas to:
These photographs are stored securely as part of your confidential medical record and are accessible only to Dr. Nazia Iqbal and clinic staff directly involved in your care.
Your photograph will never be shared publicly, on social media, or in marketing materials without your separate, explicit, written consent — obtained on a specific consent form separate from your general registration.
You have the right to decline this consent without it affecting your access to treatment. If you have previously provided consent for photographs to be used for educational or promotional purposes, you may withdraw this consent at any time by writing to us at hello@dinaaz.in.
How We Store and Protect Your Information
Your medical records are stored in a password-protected, access-controlled practice management system. Clinical photographs are stored in an encrypted, cloud-based storage system with restricted access.
Physical documents (consent forms, registration forms) are stored in locked cabinets at the clinic premises, accessible only to authorised staff.
Access to your records is restricted to Dr. Nazia Iqbal and clinic staff who require it to provide your care. All staff are bound by confidentiality obligations.
We use industry-standard encryption for data in transit (HTTPS/TLS) on our website. Despite our best efforts, no method of electronic storage or transmission is 100% secure — we cannot guarantee absolute security. In the event of a data breach that is likely to harm you, we will notify you in accordance with our obligations under the DPDPA.
How Long We Keep Your Information
Medical Records: Indian Medical Council guidelines require us to retain patient records for a minimum of 3 years from the date of last treatment. In practice, we retain records for 7 years to comply with broader Indian medical and tax law requirements. Records may be retained longer in the event of ongoing treatment, a legal claim, or where required by regulatory direction.
Clinical Photographs: Retained for the duration of your treatment relationship with us and for 7 years thereafter, as part of your medical record.
Communication Records: WhatsApp and email communications related to your care are retained as part of your medical record for the same period as above.
Website Analytics: Aggregate, anonymised analytics data may be retained indefinitely. No individually identifiable analytics data is retained beyond 26 months.
Payment Records: Retained for 8 years as required by Indian tax law.
After the applicable retention period, your data is securely deleted or anonymised.
Your Rights Under Indian Law
Under the Digital Personal Data Protection Act 2023, you have the following rights:
Right to Access — You may request a copy of the personal data we hold about you, including your medical records. Requests for medical records will be fulfilled within 30 days.
Right to Correction — You may request correction of inaccurate or incomplete personal data.
Right to Erasure — You may request deletion of your personal data. Note that this right is subject to our legal obligation to retain medical records for the minimum periods described above.
Right to Grievance Redressal — You may raise a complaint about how we handle your data with our Grievance Officer (details below).
Right to Nominate — You may nominate an individual to exercise these rights on your behalf in the event of your death or incapacity.
Right to Withdraw Consent — You may withdraw consent to process your personal data at any time for purposes where consent is the basis of processing, subject to our retention obligations.
To exercise any of these rights, contact our Grievance Officer:
Email: hello@dinaaz.in Subject line: "Data Rights Request — [Your Name]" Phone: +91 73384 22548
We will acknowledge your request within 7 days and resolve it within 30 days.
If you are not satisfied with our response, you may lodge a complaint with the Data Protection Board of India once operational under the DPDPA.
Children and Minors
Dinaaz provides paediatric dermatology services. Where a patient is under 18 years of age, we collect personal and medical data with the consent of the parent or legal guardian. The parent or guardian exercises all data rights on behalf of the minor.
Our website is not directed at children under 18 and we do not knowingly collect data from children through the website without parental consent. If you believe we have inadvertently collected such data, please contact us immediately at hello@dinaaz.in.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will update the "Last Updated" date at the top of this page. For significant changes affecting how we process your medical data, we will notify active patients directly.
Your continued use of our website or clinic services after a policy update constitutes acceptance of the updated policy.
Contact & Grievance Officer
For any privacy-related queries, complaints, or to exercise your rights:
Dr. Nazia Iqbal Rajeeb Dinaaz Hair & Skin Clinic 3rd Cross, Chandra Layout, Bengaluru – 560 040, Karnataka
Email: hello@dinaaz.in Phone: +91 73384 22548 WhatsApp: +91 73384 22548
We will respond to all privacy-related communications within 7 working days.
Questions about how we handle your data? We're happy to explain.
hello@dinaaz.in →