This Privacy Policy governs the collection, use, storage, and disclosure of personal information by Medilife IV (a brand operated under Medilife Clinics Pvt. Ltd.) in accordance with the Digital Personal Data Protection Act, 2023 (DPDPA), the Information Technology Act, 2000, and all applicable Indian laws and regulations.
1. Who We Are
Medilife IV is India's premium at-home IV therapy and wellness service operated by Medilife Clinics Pvt. Ltd., registered under the Companies Act, 2013. Our registered office is at 1/609, 4th Floor, BSR Mall, Thoraipakkam, Chennai – 600097. We operate a website at www.medilifeiv.com and a mobile-optimised booking platform through which you may book IV therapy and wellness services.
For the purposes of applicable Indian data protection law, Medilife Clinics Pvt. Ltd. is the Data Fiduciary responsible for the processing of your personal data.
2. Information We Collect
2.1 Information You Provide Directly
- Identity data: Full name, date of birth, gender
- Contact data: Mobile number, email address, home/hotel/office address
- Health data: Medical history, current medications, health conditions disclosed during pre-session doctor consultation (collected verbally or in writing)
- Booking data: Preferred date and time, service selected, city and area
- Payment data: UPI reference IDs, card type (we do not store full card numbers; payment is processed through PCI-DSS compliant third-party gateways)
2.2 Information Collected Automatically
- Usage data: IP address, browser type, device type, operating system, referring URL, pages visited, time spent on pages
- Location data: City-level location inferred from IP address; precise location only if you explicitly enable it
- Cookies and tracking pixels: See Section 5 for details
2.3 Information from Third Parties
- Referral information if you were referred by a partner hotel, corporate client, or wellness platform
- Publicly available professional information if you contact us in a corporate capacity
3. How We Use Your Information
We process your personal data for the following purposes, each grounded in a lawful basis under the DPDPA 2023:
- Service delivery: To book, confirm, dispatch and conduct your IV therapy session, including pre-session doctor consultation
- Medical safety: To assess your suitability for a therapy and to maintain a clinical record of your sessions
- Communications: To send appointment confirmations, reminders, and post-session follow-up messages via SMS, WhatsApp, or email
- Customer support: To respond to enquiries, complaints, and service requests
- Billing and payments: To process payments, issue invoices, and resolve billing disputes
- Marketing (with consent): To send promotional offers, new therapy announcements, and wellness tips — only where you have provided explicit consent, and only until you withdraw it
- Analytics and improvement: To understand how our website and services are used, to identify service improvements, and to conduct internal research
- Legal compliance: To comply with applicable Indian laws, court orders, or regulatory requirements
Health data is sensitive personal data. We collect and process health information only to the extent necessary for your clinical safety and service delivery. This data is never shared with third parties for advertising, sold, or used for non-clinical purposes without your explicit consent.
4. Data Sharing and Disclosure
We do not sell your personal data. We may share it with the following categories of recipients only for the purposes listed above:
- Clinical staff: Medilife IV physicians and nurses assigned to your session, solely for clinical purposes
- Payment processors: RBI-regulated payment gateway partners (e.g., Razorpay, PhonePe, PayU) for transaction processing
- Technology providers: Cloud hosting, SMS, and communication service providers operating under confidentiality obligations and data processing agreements
- Analytics tools: Aggregated, anonymised data may be processed by analytics platforms (e.g., Google Analytics)
- Corporate clients: If you were booked through a corporate wellness programme, aggregated (non-identifiable) session statistics may be shared with your employer
- Law enforcement and regulators: Where required by law, a valid court order, or to protect the safety of individuals
All third-party service providers who access your data are required to maintain appropriate technical and organisational security measures and are prohibited from using your data for any purpose other than the services they provide to us.
5. Cookies and Tracking
Our website uses the following categories of cookies:
- Strictly necessary cookies: Required for the website to function (e.g., session management). These cannot be disabled.
- Analytics cookies: We use Google Analytics to understand site usage. These cookies collect anonymised, aggregated data. You can opt out via your browser settings or the Google Analytics opt-out tool.
- Preference cookies: Remember your choices (e.g., city, service preference) to improve your experience.
- Marketing cookies: Used to deliver relevant promotional content. These are only set with your consent via our cookie banner.
You can manage cookie preferences through your browser settings at any time. Disabling certain cookies may affect the functionality of the website.
6. Data Security
We implement industry-standard technical and organisational measures to protect your personal data, including:
- TLS/SSL encryption for all data transmitted to and from our website
- Access controls and role-based permissions limiting data access to authorised personnel only
- Encrypted storage for sensitive personal and health data
- Regular security assessments and vulnerability testing
- Staff training on data protection obligations
While we take all reasonable precautions, no method of electronic transmission or storage is 100% secure. In the event of a data breach that is likely to result in high risk to your rights, we will notify you and the relevant authorities as required under applicable law.
7. Data Retention
We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law:
- Clinical and session records: Retained for a minimum of 7 years from the date of your last session, in compliance with applicable Indian medical record-keeping standards
- Booking and transaction records: Retained for 7 years from the date of transaction for financial and tax compliance purposes
- Marketing consent records: Retained until consent is withdrawn, plus 2 years for compliance purposes
- Website analytics data: Anonymised data retained for up to 26 months
After the applicable retention period, data is securely deleted or anonymised.
8. Your Rights Under DPDPA 2023
Under the Digital Personal Data Protection Act, 2023, you have the following rights with respect to your personal data that we hold:
- Right of access: To obtain confirmation of whether we are processing your data and a summary of the data we hold
- Right to correction: To have inaccurate or incomplete personal data corrected or completed
- Right of erasure: To request deletion of your personal data, subject to our legal retention obligations
- Right to grievance redressal: To have your privacy grievances addressed in a timely manner
- Right to nominate: To nominate an individual to exercise these rights on your behalf in the event of your death or incapacity
- Right to withdraw consent: To withdraw marketing consent at any time (withdrawal does not affect lawfulness of prior processing)
To exercise any of these rights, please write to our Grievance Officer (details in Section 10). We will respond within 30 days of receiving a verifiable request.
9. Children's Privacy
Our services are not intended for children under 18 years of age. We do not knowingly collect personal data from children without verifiable parental or guardian consent. IV therapy for minors requires written parental/guardian consent and is conducted only under physician supervision. If you believe we have collected information from a child without proper consent, please contact our Grievance Officer immediately and we will take prompt action to delete such data.
10. Grievance Redressal
In accordance with the Information Technology Act, 2000 and the DPDPA 2023, we have appointed a Grievance Officer to address privacy-related complaints and concerns:
- Name: Grievance Officer, Medilife Clinics Pvt. Ltd.
- Email: admin@medilifeclinics.in
- Phone: +91 89390 33335
- Response time: We will acknowledge your complaint within 48 hours and resolve it within 30 days
If you are not satisfied with our resolution, you may escalate your complaint to the Data Protection Board of India once constituted under the DPDPA 2023, or seek other remedies available under applicable Indian law.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or applicable law. When we make material changes, we will notify you by posting the updated policy on our website with a revised "Last Updated" date. We encourage you to review this policy periodically. Your continued use of our services after any update constitutes acceptance of the revised policy.
For any questions, concerns, or requests related to this Privacy Policy or your personal data, please contact us:
This Privacy Policy is governed by the laws of India. Any disputes arising under this policy shall be subject to the exclusive jurisdiction of the competent courts in India.