Introduction
This Privacy Policy explains how Ginger Healthcare Private Limited (CIN: U93090DL2018PTC337505), a company incorporated in India with its registered office at 108, Himalaya Palace, 65 Vijay Block, Laxmi Nagar, East Delhi, Delhi โ 110092 ("Ginger Healthcare", "we", "us", or "our"), collects, uses, stores, shares, and protects your personal information when you visit ginger.healthcare (the "Website") or use our medical tourism facilitation services.
We take your privacy seriously. This Policy is designed to comply with the Digital Personal Data Protection Act, 2023 ("DPDP Act"), the Information Technology Act, 2000 and its Reasonable Security Practices rules, and other applicable Indian privacy laws.
By using the Website or our services, you agree to the practices described in this Policy. If you do not agree, please do not use the Website or our services.
Who This Policy Covers
This Policy applies to:
- Visitors to ginger.healthcare and its subdomains
- Patients and prospective patients who contact us through any channel โ chat, email, phone, WhatsApp, in-person meetings, or web forms
- Family members, attendants, or representatives who communicate with us on behalf of a patient
- Users who submit documents, photographs, medical records, or other files through our chat widget, email, or CRM portal
Information We Collect
We collect information that you provide to us voluntarily, information that is generated automatically when you use the Website, and information received from hospitals and healthcare providers in the course of coordinating your care.
Information You Provide Directly
- Identity and contact information: name, email address, phone number, country of residence, preferred language, and communication preferences
- Medical information: medical history, current symptoms, prior diagnoses, treatment history, medical reports, imaging files (X-rays, MRIs, CT scans), lab results, prescriptions, and any other health-related information you choose to share with us for the purpose of obtaining treatment recommendations or cost estimates
- Travel and identity documents: passport copies, visa documents, identification documents, and travel-related information shared for the purpose of visa facilitation, accommodation booking, or airport coordination
- Attendant information: similar information about family members or attendants accompanying you for treatment
- Communications: the content of your conversations with us across all channels โ including live chat on the Website, WhatsApp, Telegram, Facebook Messenger, Instagram direct messages, email threads, phone calls, and in-person meetings โ together with any documents, images, or files you choose to share through these channels. We may also expand to additional messaging channels in the future; this Policy will apply equally to any such channels
Information Collected Automatically
- Technical data: IP address, browser type and version, operating system, device type, screen resolution, referring URL, and similar technical information logged by our servers
- Usage data: pages visited, time spent on pages, links clicked, search queries, and navigation patterns on the Website
- Cookies and similar technologies: small data files stored on your device that help us recognise returning visitors, understand user behaviour, and improve the Website (see "Cookies" section below)
Information from Third Parties
- Healthcare providers: hospitals, doctors, and other medical professionals may share clinical opinions, treatment plans, cost estimates, appointment confirmations, medical reports, and other information related to your care
- Analytics providers: aggregated data about Website traffic and user behaviour from services such as Google Analytics
Sensitive Personal Data
We recognise that medical information, identity documents, and similar data are sensitive personal data under Indian law. We handle such data with additional care:
- We collect sensitive data only when you voluntarily provide it for a specific purpose (such as obtaining a treatment estimate)
- We store sensitive attachments separately from structured data, using encrypted cloud storage (see "How We Store Your Information")
- We share sensitive data only with the specific healthcare providers you have chosen to engage with, and only to the extent necessary for your care
- We retain sensitive data only for as long as needed for the purposes described in this Policy
How Your Information Flows Through Our Operations
Medical tourism involves coordination between many parties โ you, our counselors, hospital staff, doctors, visa support teams, and travel partners. To serve you well, information must move between these parties. We believe you deserve a clear picture of how this works.
How You Reach Us
Patients contact us through a variety of channels, including live chat on the Website, WhatsApp Business, Telegram, Facebook Messenger, Instagram direct messages, email, and phone. We may add further channels in the future. Information shared on any of these channels โ including medical reports, imaging files, passport copies, and photographs โ is received by the counselor managing the conversation and integrated into your CRM record.
Counselor Devices and Internal Handling
Our counselors use company-issued work phones with WhatsApp Business, Telegram, and other required applications installed under managed accounts. Every Ginger Healthcare counselor and staff member is bound by a written internal data and privacy policy that requires them to maintain the confidentiality of patient information, handle reports and identity documents with care, and use patient information only for the purposes of coordinating your care.
Violations of this internal policy are treated as serious disciplinary matters.
Internal Coordination
To plan your treatment and manage logistics, your counselor may share your information โ including medical reports, travel documents, and queries โ with other Ginger Healthcare team members (patient coordinators, senior counselors, management) through internal channels, including our CRM and internal WhatsApp groups. We share only what is necessary to serve you.
External Coordination with Partner Hospitals and Doctors
To obtain treatment plans, cost estimates, visa invitation letters, appointment confirmations, airport pickup arrangements, and other logistics, your counselor shares relevant parts of your information with the International Patient Services (IPS) teams at partner hospitals, the doctors you are being connected with, and those doctors' personal coordinators. This sharing is limited to what is genuinely required for the purpose โ for example, we would not share your passport with a doctor who only needs your medical report.
Third-Party Messenger Limitations
Some of the channels above โ WhatsApp, Telegram, Messenger, and Instagram โ are operated by third-party companies (Meta, Telegram Messenger Inc., etc.) whose own privacy policies and security practices apply to the transmission and storage of messages on their infrastructure. While these platforms offer encryption in transit (and, in the case of WhatsApp, end-to-end encryption), we do not control them and cannot extend the same level of security guarantee that applies to our own systems.
We recommend you share sensitive information only to the extent necessary for your care, and consider using secure channels (such as our email or CRM portal) for particularly sensitive documents where appropriate.
How We Use Your Information
We use the information we collect for the following purposes:
- Service delivery: understanding your medical needs, identifying suitable hospitals and doctors, obtaining treatment estimates and appointment availability, coordinating your travel and in-country logistics, and providing follow-up support
- Communication: responding to your queries, sharing relevant information about doctors, hospitals, treatment options, costs, timelines, and travel arrangements
- Quality and improvement: analysing user behaviour in aggregate to improve the Website, our counselor training, our content, and our services
- Safety and security: detecting and preventing fraudulent activity, protecting our systems from abuse, and ensuring the security of user data
- Legal compliance: fulfilling our obligations under applicable laws, responding to lawful requests from authorities, and defending our rights in legal proceedings
- Record-keeping: maintaining an accurate record of our interactions, which helps us serve you better across multiple conversations and over time
We do not sell your personal information, and we do not share it with third-party advertisers or data brokers for their own marketing purposes.
Testimonials, Reviews, and Patient Stories
We may publish reviews, testimonials, and patient stories on our Website, social media channels, marketing materials, and partner platforms. Such publications help other patients understand what to expect, build trust in our services, and celebrate the successful journeys of people we have served.
These publications may include:
- Your name or first name (or a pseudonym, if you prefer)
- Your country or city of residence
- General information about your health condition, treatment received, hospital or doctor engaged, and the outcome of treatment
- Quotes or excerpts from your feedback, emails, or conversations with us
- Photographs or videos you have voluntarily shared with us for this purpose
We will not publish sensitive medical details beyond a general description of your condition, and we will not publish identity documents, specific medical reports, or imaging files.
If you do not want your story, review, or any information about your treatment to be published in any form, please inform us expressly and in advance โ by chat, email to contact@ginger.healthcare, or in writing to the address provided at the end of this Policy. Your preference will be recorded in your CRM record and honoured fully. You may also withdraw consent at any later point, and we will take reasonable steps to remove previously published content where practicable (note that content shared with third-party platforms or already indexed by search engines may take longer to fully remove).
Absence of an objection will be treated as implicit consent for general, non-sensitive references to your treatment journey. Where you have voluntarily shared reviews, photographs, videos, or testimonials with us โ whether through Google, our chat, email, social media, or directly โ that act of sharing is treated as your consent for us to republish that content on our own channels, unless you specifically ask us not to.
How We Store Your Information
We use a combination of services to store and process your data securely:
- Structured data โ including your contact details, CRM records, counselor notes, enquiry history, and activity logs โ is stored in a PostgreSQL database hosted on Render (a cloud hosting provider). This data is protected by encryption in transit, encryption at rest, and strict access controls
- Attachments โ including medical reports, imaging files, passport scans, and other documents โ are stored in Cloudflare R2, an encrypted object storage service. Attachments are linked to your CRM record and accessible only to authorised Ginger Healthcare staff
- Chat transcripts are retained in full so that counselors can provide continuity of service across conversations and recall earlier details you have shared
- Email communications are stored in our authorised email systems with standard business-grade encryption and access controls
We review our security practices periodically and update our systems as technology evolves. However, no online system is completely secure, and we cannot guarantee the absolute security of information transmitted over the internet.
Who We Share Your Information With
We share your information only in the following circumstances, and only to the extent necessary for the stated purpose:
Healthcare Providers
Partner hospitals (through their International Patient Services teams), the doctors you are being connected with, and those doctors' coordinators โ so they can provide medical opinions, treatment plans, cost estimates, visa invitation letters, appointment availability, and logistical arrangements. We share only the specific information relevant to each provider's role, and only to the extent necessary.
Service Partners
- Analytics providers (e.g., Google Analytics) receive aggregated, anonymised usage data about the Website. They do not receive your name, medical information, or identity documents
- Cloud infrastructure providers (Render, Cloudflare) process data on our behalf as "data processors" and are contractually bound to maintain confidentiality and security
Legal and Safety
We may share information with courts, law enforcement, regulators, or other authorities when required by law, court order, or to protect the rights, safety, or property of Ginger Healthcare, our users, or the public.
Business Transfers
If Ginger Healthcare is involved in a merger, acquisition, reorganisation, or sale of assets, your information may be transferred to the successor entity, subject to the same confidentiality commitments contained in this Policy.
We do not share your personal information with advertisers, data brokers, or any third party for their own marketing purposes.
Cookies and Tracking Technologies
The Website uses cookies and similar technologies to:
- Remember your preferences and language settings
- Keep you logged in if you use any authenticated areas
- Measure Website traffic and usage patterns (via Google Analytics)
- Improve site performance and user experience
You can control cookies through your browser settings. Most browsers allow you to block or delete cookies, but please note that disabling cookies may affect the functionality of the Website.
We do not currently use advertising cookies or retargeting pixels.
Your Rights Under the DPDP Act
As a data principal under the Digital Personal Data Protection Act, 2023, you have the following rights:
- Right to access: you can request a summary of the personal data we hold about you
- Right to correction and erasure: you can ask us to correct inaccurate information or erase data that is no longer needed
- Right to grievance redressal: you can contact our Grievance Officer with any concerns (details below)
- Right to nominate: you can nominate another individual to exercise your rights in the event of your death or incapacity
- Right to withdraw consent: you can withdraw your consent to our processing of your personal data at any time; withdrawal will not affect the lawfulness of processing based on consent before its withdrawal
To exercise any of these rights, contact our Grievance Officer at contact@ginger.healthcare. We will respond within a reasonable period, typically within 30 days.
Age Restriction โ 18 Years and Above
The Website and our services are intended exclusively for individuals who are 18 years of age or older. The Website contains information, images, and descriptions of medical procedures โ including some that relate to intimate, cosmetic, or adult health matters โ that are not suitable for minors.
By accessing the Website or communicating with us through any channel, you confirm that you are 18 years of age or older. If you are under 18, please do not use the Website or engage with our services.
We do not knowingly collect personal data directly from minors. If we become aware that we have collected personal data from a minor, we will take prompt steps to delete that data from our systems.
Enquiries on Behalf of Minor Patients
If the patient seeking treatment is a minor (under 18 years of age), only a parent or legal guardian who is themselves 18 or older should contact us on the minor's behalf. In such cases:
- The parent or legal guardian is our user and is bound by this Policy and our Terms of Use
- The parent or legal guardian is responsible for the decisions they make about the minor's care, for providing accurate information, and for ensuring that the minor's best interests are considered
- We will handle the minor's information (including medical reports) with the same care described in this Policy, and will share it only with the healthcare providers engaged for the minor's treatment
Data Retention
We retain your personal data for as long as it is needed to provide our services, maintain accurate records of our interactions, comply with legal obligations, and resolve disputes. Specifically:
- Active enquiries and ongoing patient coordination: retained for the duration of our engagement and for a reasonable period thereafter for follow-up and reference
- Medical reports and imaging files: retained for the duration of your engagement with us and for a follow-up period that enables us to assist you with post-treatment queries, second opinions, or future care. You may request deletion of these files after your treatment is complete, and we will honour such requests (see "Deletion After Completion of Treatment" below)
- Chat and messenger transcripts: retained in full so that counselors can provide continuity of service and recall earlier details of your case
- Patient billing records: we maintain copies of billings issued by hospitals, invoices, and payment-related communications in order to monitor the fairness of billing, identify discrepancies, and protect our patients. These records are retained as part of our internal operational and compliance records
- Internal operational records: records of our engagement with you โ including enquiry history, counselor notes, and communication logs โ are retained as part of our CRM and business records for compliance, audit, and accountability purposes
- Aggregated and anonymised analytics data: retained indefinitely for statistical and improvement purposes
Deletion After Completion of Treatment
Once your treatment is complete, you may request that we delete your medical reports, imaging files, and similar clinical attachments from our systems. On receiving such a request, we will remove these files from our CRM and storage systems within a reasonable period.
However, certain information will continue to be retained after deletion of clinical attachments, including:
- Your basic identification details (name, country, contact history)
- A summary of the engagement (treatment type, hospital, counselor, dates)
- Billing and invoice records
- Communications related to the engagement
We retain the above for our internal operational records, statutory compliance, audit, and defence of legal claims. We will not use this retained information for any purpose beyond those stated in this Policy, and we will apply the same security and confidentiality standards to it.
If you require complete deletion of all records, please contact our Grievance Officer. We will evaluate such requests on a case-by-case basis and honour them to the extent permitted by law, while informing you of any information we are required to retain.
International Data Transfers
Some of the service providers we rely on (such as Cloudflare and analytics providers) may process data on servers located outside India. Where this is the case, we take reasonable steps to ensure that your information is protected to a standard consistent with this Policy and applicable Indian law.
Security
We implement administrative, technical, and physical safeguards to protect your information, including:
- Encryption of data in transit (HTTPS/TLS) and at rest
- Access controls limiting who at Ginger Healthcare can view sensitive data
- Regular security reviews of our infrastructure and code
- Logging of access to sensitive records
- Staff training on data handling and confidentiality
Despite these measures, no system is completely immune to breaches. In the unlikely event of a security incident affecting your data, we will notify you and the relevant authorities as required by applicable law.
Third-Party Websites
The Website may contain links to websites operated by hospitals, doctors, accreditation bodies, regulatory authorities, or other third parties. This Privacy Policy does not apply to those websites. We encourage you to review the privacy policies of any third-party websites you visit.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, our services, or applicable laws. The updated version will be posted on the Website with a revised "Last updated" date. For material changes, we will take reasonable steps to notify affected users.
Your continued use of the Website or our services after any update constitutes acceptance of the revised Privacy Policy.
Grievance Officer and Contact
For general questions or concerns about how your personal data is handled, you may contact us at the address or email below.
For grievances specifically related to personal data under the DPDP Act, 2023, please address your communication to the Grievance Officer at contact@ginger.healthcare, with the subject line "DPDP Grievance". We will acknowledge your complaint within a reasonable period and respond substantively within 30 days.
Ginger Healthcare Private Limited
108, Himalaya Palace, 65 Vijay Block, Laxmi Nagar
East Delhi, Delhi โ 110092, India
Email: contact@ginger.healthcare
Website: https://ginger.healthcare