Privacy Policy

PRIVACY NOTICE

Effective Date: May 22nd, 2025

Introduction
Fortis ("we," "our," or "us") is committed to protecting your personal data. This Privacy Notice explains how we collect, store, use, disclose, and safeguard your information when you interact with us, whether you are a patient, patient relative, investor, vendor, or employee. Please read this notice carefully.
Types of Personal Data We Collect
Patients and Attendants:
1. Personal Identification Information: Name, date of birth, contact details, official identifier details, etc.
2. Health Information: Medical history, diagnosis, treatment details, test results, etc.
3. Financial Information: Insurance details, payment information, etc.
Employees:
1. Personal Identification Information: Name, date of birth, contact details, official identifier details, etc.
2. Employment Information: Name, contact details, job title, employment history, etc.
3. Payroll Information: Salary, bank account details, etc.
4. Performance and Attendance Records: Appraisals, attendance records, disciplinary actions, etc.
Vendors:
1. Business Information: Company name, contact details, business registration information, etc.
2. Financial Information: Payment details, bank account information, etc.
3. Contractual Information: Details of goods or services provided, terms of agreement, etc.
Investors:
1. Personal Identification Information: Name, contact details, official identifier details, etc.
2. Investment Details: Investment information, related correspondence, etc.

Personal Data Type	Illustrative Examples
Personal	Name, date of birth, gender, address, mobile number, email id, citizenship, marital status, etc. of yourself or any of your relatives. Department, supervisor, office address, work location, permit details, hire date, job title, designation, business unit, part-time or full-time position, work history, termination date and reason, retirement eligibility, performance, promotions and disciplinary records, date of transfers, reporting manager(s), compensation and benefits details, other details of employment Images and/or videos from which you may be identified, images captured on security systems, including CCTV and key card entry systems. Online identifiers, IP address, cookies, web beacons, device identification details, language settings
Financial	Bank account information, debit / credit card details. Insurance details Salary, bonus, payroll deductions
Health	Medical history and records including, but not limited to, drug prescriptions, tests and scan results, therapies and procedures, consultations, reports, and reviews.
Official Identifier	PAN, Aadhaar, Passport, Voter ID, and other similar documents
Biometric	Data relating to physical, physiological, or behavioural characteristics which allows to confirm the unique identification of that natural person, such as facial images or fingerprints
Genetic	Data relating to the inherited genetic characteristics of a person which give unique information about the physiology or the health of that natural person and which result from an analysis of a biological sample
Misc.	Transgender status, intersex status, sex life & orientation Registration with Government agencies, professional bodies, associations, etc. Pre-employment information like character certificate, police verification, reference checks, etc.

How We Use Your Personal Data
We use your personal data for the following purposes:
1. Patients and Attendants: To provide medical care and maintain medical history, process billing, manage operational processes, and communicate important health information.
2. Employees: To manage employment records, payroll, performance reviews, and comply with legal obligations.
3. Vendors: To process transactions, manage contracts, and ensure delivery of goods or services.
4. Investors: To manage investment information to fulfil legal and regulatory obligations.

Purpose for which used	Illustrative Examples
Provision of healthcare	Providing and administering medical care, health and wellness services including, but not limited to, ordering and providing medication, medical tests, scans, reports, reviews, consultations, therapy, procedures, informed clinical decision making, etc. Creating and maintaining account profiles and information including, but not limited to, health, medical, benefits entitlement, accreditation, transaction (enquiries and feedback, appointments, admissions, bills, purchases and/or payments, insurance claims, etc.) records to enable processing of requests including, but not limited to, subscriptions, registrations, applications, execution and conclusion of contracts, and providing customer service and support. Handling enquiries, feedback, and complaints; process improvement assessment and planning interventions, quality assurance and control, arranging and facilitating bookings, registrations, applications; providing notifications and reminders; and providing support to deliver contractual obligations and other reasonably related account and relationship management requests and matters.
Legal & Statutory obligations	Disclosure of personal data to regulatory entities as required. Disclosure when responding to legal process conducting investigations. Protect legitimate business interests; prevent or investigate potential and actual violations of law, breaches to terms of employment
Health, Safety & Security	Deploying and maintaining technical and organisational security measures, conducting internal audits, accreditations, and investigations, conducting assessments to verify conflict of interests, identifying and authenticating employees Managing network security and preventing data loss using automated technologies to identify malicious data on equipment or networks Detect confidential information from leaving our perimeters or from unauthorised access to that information. Recording of Personal Data through video or other digital, electronic, or wireless surveillance system or device to secure and maintain IT infrastructure, office equipment, facilities, and other property
Human resource management	Performing workforce analysis and planning including, but not limited to, internal surveys, performance evaluations, talent and career development, courses, and trainings; grievances, disciplinary matters, and terminations; maintaining internal employee directories and emergency contacts. Management and administration of outplacement, eligibility for employment, initial hiring, or rehiring; providing and verifying employment references and background checks Management of leave and other absences, compensation and benefits, taxes, loans, grants, business expense reimbursements, travel arrangements
Investor relation management	Processing of personal data as required by regulatory bodies including, but not limited to, conducting of board and other internal committee meetings, management of shareholders transactions, etc.
Internal management & control	Internal communications, scheduling work, recording time, managing, and allocating company and employee assets and human resources, ensuring business continuity and crisis management. Managing projects and costs, maintaining records relating to business activities, budgeting, financial management and reporting, and compilation of audit trails and other reporting tools Review, study, analyse, perform analytics and/or aggregate information on product and service consumption, patterns and trends of individual behavioural patterns, preferences to improve operations, services, product offerings, personalise experiences and other reasonably related activities and objectives. Facilitate payments to and receive payments from Individuals, service providers, vendors, suppliers and business and collaboration partners. Administering debt recovery and management and other reasonably related matters related to finance & accounts. Generation and management of intellectual property, standards management, etc. Pursuance of opportunities of alliances, mergers, acquisitions, divestures re-organisations, disposals, and integration with purchaser
Defence of legal claims	Establishment, exercise, or defence of legal claims we are subjected to, for e.g., responding to legal processes such as subpoenas, pursuing legal rights and remedies, defending litigation, and managing any internal complaints or claims (including any whistle-blower/ethics hotlines)

Your Rights
Depending on your relationship with us, you may have the following rights:
1. Access: Request a summary of your personal data.
2. Correction: Request correction of inaccurate or incomplete data.
3. Deletion: Request deletion of your personal data, subject to legal and contractual restrictions.
4. Nomination: Request nomination on your personal data.
5. Grievance Redressal: File a grievance regarding the processing of your personal data. Should you be unsatisfied with the response, you may approach the appropriate authority.
To exercise these rights, please contact us using the details provided below.
Changes to This Privacy Notice
We may update this Privacy Notice periodically to reflect changes in statutory/ legal requirements or our operational practices. You are encouraged to review this Privacy Notice regularly on our website to stay informed of any updates.
Contact Us
If you have any questions or concerns about this Privacy Notice or our data protection practices, please contact us at:
Data Protection Officer,
Fortis Healthcare Ltd.,
Tower A, Unitech Business Park,
Block - F, South City 1, Sector - 41,
Gurgaon, Haryana – 122001
Contact Numbers: +91 124 4921021 / +91 124 4921033 / +91 124 4921071
email: privacy@fortishealthcare.com
Thank you for trusting Fortis Healthcare for your healthcare needs.

Privacy Policy

STAY IN TOUCH