Privacy Policy
How we collect, use, protect and share your personal data — and the rights you have under India’s Digital Personal Data Protection Act, 2023.
This Privacy Policy explains how Derma Essence (“we”, “us”, “the clinic”) handles the personal data of people who visit our website, fill in our enquiry forms, or contact us. For the purposes of the Digital Personal Data Protection Act, 2023 and the DPDP Rules, 2025, Derma Essence is the Data Fiduciary — the entity that decides why and how your personal data is processed.
1. Who we are
Derma Essence is a dermatology clinic in Sector 41, Noida, led by Dr. Reena Sharma (MD Dermatology). You can reach us at:
- Address: Shop C-25, 1st & 2nd Floor, Block C Market, Sector 41, Noida, Uttar Pradesh 201303
- Phone: +91 99997 67722
- Email: [email protected]
2. What personal data we collect, and why
We only collect what we need to respond to your enquiry and provide our services. Each item below is collected for the specific purpose stated next to it.
| Data we collect | Why we collect it (purpose) |
|---|---|
| Your name | To address you and respond to your enquiry. |
| Phone number | To call or message you back about your appointment or query. |
| Email address | To reply to your enquiry and send appointment information. |
| Area of concern / treatment of interest | To route your enquiry to the right specialist and prepare for your consultation. |
| Any message you choose to write | To understand your needs before your visit. |
| Technical & usage data (via cookies, with your consent) | To keep the site secure, measure traffic, and improve our services. See Section 4. |
We do not sell your personal data, and we do not collect more than is necessary for these purposes.
3. Our lawful basis: your consent
Under the DPDP Act, we process your personal data on the basis of your consent, which you give by a clear, affirmative action (for example, submitting our enquiry form). Your consent is free, specific, informed and unambiguous, and you can withdraw it at any time — withdrawing is as easy as giving it (see Section 7). Withdrawing consent does not affect processing that already happened lawfully before you withdrew.
4. Cookies and tracking
Essential cookies that are needed for the site to function are always on. Analytics and marketing cookies are switched off by default and load only after you opt in through our cookie banner. You can change your choice at any time using the Cookie Settings link in the footer. We keep a record of the consent you give, as the law requires.
5. How long we keep your data
We keep enquiry data only for as long as needed to handle your query and provide follow-up care, and then for any period that another law (for example, medical-records rules) independently requires. Once that purpose is served, or if you withdraw your consent, we delete your personal data unless we are legally required to retain it. If you become a patient, separate medical-record retention rules apply. We do not keep enquiry data for longer than is necessary for these purposes.
6. Who we share your data with
We use a small number of trusted service providers (“Data Processors”) who process data on our instructions. We remain responsible for your data and require each of them to apply equivalent security and breach-handling safeguards:
- Email delivery — ZeptoMail (Zoho), to deliver enquiry emails to the clinic.
- Website security & delivery — Cloudflare, to serve the site securely.
- Spam protection — Google reCAPTCHA, to stop automated abuse of our forms.
- Analytics & advertising (only with your consent) — Google, via Google Tag Manager and the analytics and advertising tags configured within it.
- Website hosting — our website hosting provider, which stores the site and its data on secured servers.
7. Your rights
As a Data Principal under the DPDP Act, you have the right to:
- Access — ask for a summary of the personal data we hold about you and how we process it.
- Correction & erasure — ask us to correct, update, or delete your personal data.
- Withdraw consent — withdraw your consent at any time.
- Nominate — nominate another person to exercise your rights on your behalf in the event of your death or incapacity.
To exercise any of these rights, email [email protected] with the subject line “DPDP Request”. We will respond within the timeline in Section 8.
8. Grievance redressal
If you have a concern or complaint about how your personal data is handled, please contact our Grievance Officer first — you must use this internal channel before approaching the Data Protection Board of India.
- Grievance Officer: The Grievance Officer, Derma Essence
- Email: [email protected]
- Response time: We will acknowledge and respond to your grievance within 90 days of receiving it.
9. Children and persons with disabilities
We do not knowingly process the personal data of anyone under 18 without verifiable consent from a parent or legal guardian, and we do not direct behavioural tracking or targeted advertising at children. An equivalent consent process applies for persons with disabilities who are represented by a lawful guardian. If a minor needs care, a parent or guardian must provide consent at the clinic.
10. How we protect your data
We use reasonable security safeguards including encryption in transit (HTTPS/TLS), access controls limited to authorised staff, and safeguards written into our vendor contracts. No method of transmission or storage is completely secure, but we work to protect your data and to review our safeguards.
11. Data breaches
In the event of a personal-data breach, we will notify the Data Protection Board of India and affected individuals as required by law, and file the prescribed report within the statutory timelines.
12. Cross-border processing
Some of our service providers may process data outside India. We only use providers in countries that are not restricted by the Central Government of India for this purpose.
13. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, ask for your consent again.
14. Contact us
For any privacy question, email [email protected] or call +91 99997 67722.
This notice is provided for transparency and does not constitute legal advice.