Ujala Cygnus logo
Privacy Policy

Jodit Editor

1. Introduction

This Privacy Policy describes the approach and practices of Cygnus Medicare Private Limited including its subsidiaries and joint ventures (collectively referred to as “Ujala Cygnus,” “we,” “us,” or “CMPL”,) regarding the collection, use, disclosure, and protection of personal information gathered through or displayed on our official website: https://ujalacygnus.com/ (“Website”).

Ujala Cygnus is committed to protect the privacy and personal data of the users, employees/consultant, management profiles (“you”, “your”) who either visit our website or whose personal information is displayed thereon. We handle all such personal data collected or published via our Website responsibly and transparently, ensuring compliance with applicable laws including but not limited to the Information Technology Act, 2000, the Digital Personal Data Protection Act, 2023.

This Privacy Policy should be read in conjunction with any disclaimers, specific data protection policies, or privacy statements, if any, issued by Ujala Cygnus or its Group Companies, from time to time. This Policy supplements such other notices and is not intended to override them.

By accessing or using our Website, submitting information (e.g., for appointments or feedback), signing a consent form, interacting with our services, or by having your information published on the Website, you agree to be bound by this Privacy Policy and consent to the collection, use, processing, disclosure, retention and sharing of your personal data as described herein.

 

2. Definitions

For the purpose of this Privacy Policy, the following terms shall have the meanings ascribed herein:

  • 2.1. Cookies: Small data files placed on your computer, mobile device, or any other device by a website. Cookies typically store information such as your Browse history, preferences, and session details to enhance your Browse experience.
  • 2.2. DPDP Act: Refers to the Digital Personal Data Protection Act, 2023, read together with the Digital Personal Data Protection Rules, 2025, as may be amended from time to time.
  • 2.3. Personal Data: Any data about an individual who is identifiable by or in relation to such data, either directly or indirectly.
  • 2.4. Website: Refers to the official website of Ujala Cygnus, accessible at https://ujalacygnus.com/.
  • 2.5. You / User: Refers to the individual accessing or using the Website, or whose personal information is collected or displayed on the Website, including but not limited to patients, employees, consultants, management personnel, or any other visitor.

 

3. Information we collect and process

  • 3.1. We collect various categories of personal data when you visit, use, or interact with our Website. In addition, certain information may be collected through offline means (such as, for testimonials and case studies of the patients, or data collected during onboarding process of employees, doctors, consultants, board of directors, key management and Unit Heads), which may later be digitized and published on our Website. This data is collected primarily to provide and enhance the healthcare services offered through our network of hospitals, promote transparency, and to foster awareness and user engagement.
  • 3.2. The categories of data we may collect and process include:
    • 3.2.1. Identification Data: Includes your full name, date of birth, gender, photograph, and government-issued identification numbers such as Aadhaar or PAN, where voluntarily provided.
    • 3.2.2. Contact Information: Includes your residential address, email address, and phone number.
    • 3.2.3. Biometrics: Images, Audio and/or videos from which you may be identified, images captured on security systems, including CCTV systems.
    • 3.2.4. Health Information: Includes medical history, diagnostic reports, treatment records, prescriptions, immunization details, allergies, and other health-related data. This may be collected through the appointment booking process or for the purpose of case studies, at the discretion of the user.
    • 3.2.5. Payment Information: Includes bank account details, credit/debit card information, billing details, and related information. Such data may be processed through integrated third-party payment gateways.
    • 3.2.6. Digital Interaction Data: Includes data such as your IP address, browser type, device identifiers, location data, operating system, and details of your interactions with the Website (e.g., page views, time spent), as well as cookies and other online tracking mechanisms.
    • 3.2.7. User Account Information: Includes login credentials (e.g., username), personal details provided at the time of registration or profile update, and any other information stored within your user account.
    • 3.2.8. Professional Profile Data: Includes information displayed publicly about our employees, doctors, consultants, board of directors, key management and Unit heads such as name, photograph, qualifications, specialization, experience, and achievements. This may be collected directly from the individual or through our internal records.
    • 3.2.9. Any other information that is willingly shared by you.

 

4. Methods of Data Collection

We collect personal data through the following means:

  • 4.1 Online Forms: Information submitted by users via appointment booking forms, inquiry forms, or feedback forms on our Website or through email on the designated email Id mentioned on the website.
  • 4.2 User Account: Data provided during the creation of a user account.
  • 4.3 Offline Collection: Information obtained through physical registration or admission forms at our Hospital Units, onboarding documents of employees/consultants and data provided for testimonials, case studies, or profile publication purposes.
  • 4.4 Cookies and Tracking Technologies: Data collected through cookies, beacons, and similar technologies that help personalize and improve user experience. Users may manage or delete these through browser settings.
  • 4.5 Server Logs and Usage Analytics: Automatically collected technical information/ digital interaction data such as IP addresses, browser type, device identifiers, and usage patterns to monitor and improve our Website’s performance and security.

 

5. Purposes of Processing Personal Data

We collect and process your personal data for the following purposes:

  • 5.1. Healthcare Services: To provide medical diagnosis, treatment, and care; manage appointments, admissions, and discharges; maintain medical records in compliance with applicable laws and regulations.
  • 5.2. Patient and User Relationship Management: To respond to user queries, provide customer support, manage user accounts and relationships, and collect feedback and testimonials.
  • 5.3. Operations and Service Enhancement: To perform data analysis, conduct research and clinical audits, and improve the quality of healthcare services and the overall patient experience.
  • 5.4. Payments and Administration: To process payments, insurance claims, and billing.
  • 5.5. Communication and Engagement: To communicate health-related updates, appointment reminders, to publish testimonials, case studies or professional profiles, and other relevant service information. We may also send promotional or marketing material and conduct targeted advertising, with your explicit consent.
  • 5.6. Human Resources and Organizational Transparency: To announce the onboarding of professionals and manage their administrative processes, and to display relevant information about our staff and leadership on the Website, in accordance with applicable laws, internal policies, and based on individual consent or contractual terms.
  • 5.7. Compliance: To comply with legal and regulatory obligations under the applicable laws, including those related to data retention, health record maintenance, labour laws, and corporate transparency.

If we intend to use your personal data for any purpose not listed above, we will seek your specific consent and will only proceed upon receiving such consent, unless required to do so by law.

 

6. Legal Basis for Processing

We process personal data based on one or more of the following legal grounds:

  • 6.1. Consent: With your consent for specific purposes, such as appointment booking, promotional communication, or publication of testimonials, case studies or professional profiles. Consent may be withdrawn by the user at any time, in which case we will cease processing that data, as far as practicably feasible, unless otherwise required by law.
  • 6.2. Deemed Consent: We may rely on deemed consent under Section 7 of the DPDP Act when you voluntarily provide personal data for a reasonable purpose, such as accessing healthcare services, professional onboarding announcement or where processing is necessary for public interest (e.g., disease surveillance or outbreak, medical research), medical emergencies, legal compliance, or compliance with any judgment, decree or order of a court or tribunal.
  • 6.3. Performance of Contract: We process your personal data when it is necessary to carry out our responsibilities under a contract with you. This may include providing or managing healthcare services (such as scheduling appointments or maintaining medical records), employment or consultancy engagement (such as processing payroll), maintaining user account (such as processing account creation, login, and usage thereof) or fulfilling other service-related obligations.
  • 6.4. Legal Obligation: Where required to comply with applicable laws, including those governing medical record retention, health regulations, labour laws or other disclosures.

 

7. Data Sharing and Disclosure

  • 7.1. We may share your personal data with the following entities, strictly on a need-to-know basis and with appropriate safeguards:
    • Healthcare Professionals: Doctors, nurses, and clinical staff directly involved in your diagnosis, treatment, or care.
    • Third-Party Service Providers: Laboratories, diagnostic centers, pharmacies, IT service providers (such as hosting, payment gateways), and other vendors assisting in the delivery of healthcare or website functionality.
    • Insurance Providers: For processing insurance claims, and related activities.
    • Regulatory and Public Authorities: Government departments, accreditation bodies, or law enforcement agencies, where required under law, court order, or public interest obligations.
    • Research Institutions: In limited cases, anonymized or pseudonymized data may be shared for academic, statistical, or clinical research, ensuring no direct identification of individuals.
    • Internal Departments: In the case of employees, consultants, or management personnel, data may be shared with internal departments (e.g., HR, legal, marketing).
    • HR and Administrative Service Providers: In relation to employees, consultants, and management personnel, we may share information (such as identity details, bank account, PAN, salary components) with third-party service providers for HR functions, outsourced payroll processing, background verification, recruitment, or related administrative services.
  • 7.2. We do not sell or rent your personal data under any circumstances. Further, we do not process or store personal data outside India. All data is hosted and processed on servers located within India.
  • 7.3. We may use third-party services (such as YouTube, Google login, and social media integrations) that are based outside India. These services may collect or process your data outside India, in accordance with their own privacy policies.
  • 7.4. For enhanced security, technical information such as your IP address may be logged when certain actions are performed (e.g., password resets). This is for account safety and does not involve external sharing unless required under law or investigation.
  • 7.5. Cross-Border Data Transfer: Once you have freely consented to share your Personal data with us, You authorize us to exchange, transfer, share, part with all or any of Your Personal data, across borders and from Your country to any other countries across the world with our affiliates / agents / third party service providers / partners / banks and financial institutions or any other persons, for the Purposes specified under this Policy or as may be required by any applicable law, for the time being in force.

You acknowledge that some countries where we may transfer your personal data may not have data protection laws that are as stringent as the laws of Your own country. You acknowledge that it is adequate that when we transfer your personal data to any other entity within or outside Your country of residence, we will place contractual obligations on the transferee which will oblige the transferee to adhere to the provisions of this Privacy Policy.

 

8. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected or as required under applicable laws. In particular:

  • Medical records are retained in accordance with applicable legal and regulatory requirements. However, specific obligations, such as those relating to medico-legal cases or other statutory mandates, may necessitate the retention of certain data for extended durations.
  • Website Interactions and User Accounts are retained until the user deletes their account, withdraws consent, or unless retention is required by law.
  • Testimonials, Case Studies and Marketing Content are retained until consent is withdrawn or they are no longer relevant.
  • Information published about medical or management personnel is retained and displayed until consent is withdrawn or the individual is no longer associated with the organization or in compliance with labour laws, subject to applicable retention obligations or operational needs.

We follow data minimization and storage limitation principles, and ensure secure deletion, anonymization, or archival once the retention period expires or the purpose is fulfilled.

 

9. Data Principal Rights

User may exercise the following rights in relation to your personal data:

  • 9.1. Right to Access: You have the right to request access to your personal data held by us, including information on how it is being processed or shared.
  • 9.2. Right to Correction: You may request correction or updating of your personal data if it is inaccurate, incomplete, or outdated.
  • 9.3. Right to Withdraw Consent: You have the right to withdraw that consent at any time. Upon withdrawal, we will cease processing your data for those purposes, unless otherwise required under law.
  • 9.4. Right to Grievance Redressal: You have the right to raise a grievance regarding the processing of your personal data.
  • 9.5. Right to Nominate: You may nominate another individual to exercise your rights under this Policy in the event of your death or incapacity, as provided under the DPDP Act.
  • 9.6. Right to Erasure: You may request the deletion of your personal data where the data is no longer necessary for the purpose it was collected, or you have withdrawn your consent and no other lawful basis exists for retention. This right is subject to any retention obligations under applicable laws.

You may exercise your rights by contacting us at the details provided in the “Contact Us” section of this Policy. We may require reasonable verification of your identity before processing your request.

However, we may limit or refuse your requests to exercise these rights when the personal data has been lawfully made public through media, public records, or other sources, beyond our control.

 

10. Security

The security of your personal data is important to us. We are committed to protecting it through a combination of technical, physical, and administrative safeguards appropriate to the nature of the data and the risks involved in its processing.

We implement reasonable security practices and procedures, including but not limited to:

  • SSL/TLS encryption for secure transmission of data over the Internet
  • Data encryption at rest and in transit
  • Role-based access controls, password protection, and multi-factor authentication
  • Firewalls and intrusion detection/prevention systems
  • Regular vulnerability assessments and penetration testing (VAPT)
  • Timely patching and updates to software and IT infrastructure
  • Monitoring and access logging for detecting unauthorized access
  • Restricting access to personal data strictly on a need-to-know basis, applicable to our employees, affiliates, authorized third-party service providers, and partners—subject to contractual confidentiality and data protection obligations
  • Physical and environmental controls to secure servers and data centers
  • Offline protection where personal data is stored in physical form, with necessary operational safeguards.

While we take reasonable and appropriate measures to secure your personal data and prevent unauthorized access, you acknowledge that no method of online transmission or electronic storage is completely secure. Therefore, we cannot guarantee absolute security, and any data you share with us is at your own risk.

 

11. Use of Cookies

  • 11.1 We use cookies and similar tracking technologies for the following purposes:
    • Analyzing website traffic and user behavior
    • Improving website functionality and performance
    • Enhancing user experience by remembering preferences
    • Facilitating session management and authentication
    • Delivering targeted marketing and advertising content
  • 11.2 Users may manage their cookie preferences through browser settings. Disabling cookies may affect the functionality of the website.

 

12. Use of Embedded Content

  • 12.1. Our website may include social media features such as the Instagram feeds, Twitter/X posts, YouTube videos, or social login options (“Social Media Features”). These features are either embedded directly on our website or integrated through third-party services.
  • 12.2. When you visit a page with Social Media Features, your browser may automatically connect to the social media platform’s servers. This allows the platform to collect information such as your IP address, Browse behavior, and interactions with the embedded content—even if you do not interact with the features.
  • 12.3. By using these social media features or interacting on our social media pages, you acknowledge that your data may be collected and processed by the respective social media platforms according to their own privacy policies. We recommend reviewing the privacy policies of these platforms to understand how they manage your data.
  • 12.4. If you use social login options (e.g., “Sign in with Google” or “Sign in with Facebook”), we may collect certain profile information from the social media provider with your consent.

 

13. Updates to this Policy

We may update this Privacy Policy periodically to reflect changes in legal requirements, technological advancements, or our data processing practices. The updated policy shall be posted on this website and shall be effective from the date of publication. Users are encouraged to review the policy regularly.


14. Contact Us

We are committed to addressing your concerns regarding the processing of your personal data. For any questions, concerns, or requests related to this Privacy Policy or your personal data, please contact:

Cygnus Medicare Private Limited

Email:…………………

Phone: ……………………..

Address: ……………………


Appointment icon
Appointment
Call Us icon
Call Us
Hospitals icon
Hospitals
Doctors icon
Doctors
Specialities icon
Specialities
book appointment button
contact us button
whatsapp button
Corporate Office
ECE House, 3rd Floor, 28A, KG Marg, Connaught Place, New Delhi, Delhi 110001
info@ujalacygnus.com
+91 9146691466
Follow Us
Social icon -1
Social icon -2
Social icon -3
Social icon -4
About Us
Careers
Contact Us
Media
Privacy Policy
CMPL policy
Appointment Booking
Our Hospitals
Our Specialties
Key Procedures
Our Blogs
Our Doctors

Share Your Feedback

We value your opinion and would love to hear about your experience with us.

Disclaimer|Privacy Policy

Copyright ©2025 all rights reserved

Powered by AST Consulting