1 Who We Are
Caring Vision Therapy ("we", "us", "our") is a board-certified neuro-optometric rehabilitation centre operating clinics in Chennai (Tamil Nadu) and Hyderabad (Telangana), India. We provide evidence-based vision therapy and neuro-visual rehabilitation services in-clinic and via structured telehealth programmes internationally.
Registered Address: Chennai, Tamil Nadu 600083, India
Email: caringvisiontherapy@gmail.com
Phone: +91 96936 30033
2 Data We Collect
We collect personal and health data only as necessary to deliver clinical care and manage our services.
2.1 Information You Provide
- Identity data: Full name, date of birth, gender, photograph (where clinically relevant)
- Contact data: Email address, phone number, postal address
- Health and clinical data: Vision history, medical history, diagnosis details, treatment records, clinical evaluation results, progress notes - this is classified as sensitive personal data under the DPDP Act 2023
- Guardian data: For patients under 18, the name and contact details of the parent or legal guardian
- Appointment data: Scheduled dates, attendance records, telehealth session logs
- Payment data: Transaction reference numbers; we do not store card numbers or UPI credentials
2.2 Information Collected Automatically
- Usage data: Pages visited, time on site, browser type, device type, referring URL
- IP address and approximate location (city level, not GPS)
- Cookie data: See Section 10 for full details
3 How We Use Your Data
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Provide clinical vision therapy services | Identity, health, appointment data | Consent + Contractual necessity |
| Appointment scheduling and reminders | Contact, appointment data | Contractual necessity |
| Clinical record-keeping (medical notes) | Health, identity data | Legal obligation |
| Telehealth service delivery | Identity, contact, health data | Consent + Contractual necessity |
| Billing and payment processing | Identity, payment reference | Contractual necessity |
| Website improvement (analytics) | Usage, cookie data (anonymised) | Legitimate interests |
| Clinical research and outcome reporting | De-identified/anonymised health data only | Consent (separately obtained) |
| Responding to enquiries | Contact, health data as shared | Consent + Legitimate interests |
4 Legal Basis for Processing
We process personal data under the following legal bases recognised by the Digital Personal Data Protection Act 2023 (India):
- Consent: You have given clear, informed consent for specific purposes (e.g., clinical treatment, telehealth enrolment, receiving updates)
- Contractual necessity: Processing is necessary to deliver the clinical services you have requested
- Legal obligation: Clinical records must be maintained under applicable medical and healthcare regulations in India
- Legitimate interests: Where we have a genuine and proportionate business interest that does not override your rights (e.g., site analytics)
For sensitive personal data (health data), we rely exclusively on your explicit informed consent and our legal obligation as a healthcare provider. You may withdraw consent at any time - see Section 9.
5 Data Sharing
We do not sell, rent, or trade your personal data. We share it only in the following limited circumstances:
- Referring clinicians: With your consent, we share relevant clinical records with optometrists, paediatricians, neurologists, or other healthcare professionals involved in your care
- Telehealth platform providers: Secure, encrypted video consultation platforms (e.g., Zoom Health, Doxy.me) process session connection data under strict data processing agreements
- Payment processors: Authorised payment gateways process transaction data under their own PCI-DSS compliant privacy policies
- IT and system providers: Our website hosting, email, and practice management software providers access data solely to operate services on our behalf under binding data processor agreements
- Legal requirements: Where required by law, court order, or regulatory body in India
- Anonymous research: Fully de-identified, aggregated clinical data may be used in academic publications (see Academic Contributions). No individual can be identified from this data
6 Telehealth & International Patients
We serve patients in 20+ countries via structured telehealth vision therapy programmes. For international patients, please note:
- Your data is stored on servers located in India and may be transferred to your home country only for the purpose of coordinating care with local referring clinicians (with your explicit consent)
- International transfers are governed by applicable data protection laws in your jurisdiction in addition to India's DPDP Act 2023
- Patients in the European Union or UK have additional rights under GDPR/UK GDPR; please contact our Privacy Officer for a GDPR-specific data processing agreement
- Telehealth sessions are not recorded without explicit prior consent from all participants
7 Data Retention
| Data Category | Retention Period | Reason |
|---|---|---|
| Clinical health records (adult) | Minimum 7 years from last appointment | Indian medical record regulations |
| Clinical health records (paediatric) | Until age 25 or 7 years from last visit (whichever is longer) | Paediatric clinical guidelines |
| Appointment and contact data | 3 years after last contact | Administrative and follow-up purposes |
| Website analytics data | 26 months (anonymised) | Site improvement |
| Enquiry emails | 2 years | Responding to follow-up queries |
8 Security Measures
We implement appropriate technical and organisational security measures, including:
- SSL/TLS encryption for all data transmitted via this website (HTTPS)
- Access controls ensuring only authorised clinical and administrative staff can access patient records
- Encrypted storage for sensitive health data
- Regular security reviews of our systems and third-party providers
- Staff training on data protection and patient confidentiality obligations
In the event of a data breach that affects your rights and freedoms, we will notify you and the relevant regulatory authority within the timelines required by the DPDP Act 2023.
9 Your Rights
Under the Digital Personal Data Protection Act 2023, you have the following rights regarding your personal data held by Caring Vision Therapy:
Right of Access
Request a copy of the personal data we hold about you
Right to Correction
Request correction of inaccurate or incomplete personal data
Right to Erasure
Request deletion of your data, subject to legal retention obligations
Right to Withdraw Consent
Withdraw consent for non-essential processing at any time
Right to Grievance
Lodge a complaint with our Privacy Officer or the Data Protection Board of India
Nominee Rights
Designate a nominee to exercise your rights in case of death or incapacity
To exercise any of these rights, contact our Privacy Officer at caringvisiontherapy@gmail.com with the subject line "Data Rights Request". We will respond within 30 days. We may need to verify your identity before processing your request.
11 Children's Privacy
A significant portion of our clinical services are delivered to children under 18. For paediatric patients:
- Consent for collection and use of a child's personal and health data is obtained from a parent or legal guardian
- Clinical records for children are retained until the patient reaches age 25 or for 7 years from the last visit, whichever is longer
- We do not direct marketing communications to children
- Parents and guardians may exercise all data rights on behalf of their child by contacting our Privacy Officer
12 Contact Our Privacy Officer
For all privacy-related questions, requests, or complaints, please contact:
Email: caringvisiontherapy@gmail.com
Phone: +91 96936 30033
Address: Caring Vision Therapy, Chennai, Tamil Nadu 600083, India
Response time: Within 30 business days
If you are not satisfied with our response, you may escalate your complaint to the Data Protection Board of India once constituted under the DPDP Act 2023, or the appropriate authority in your jurisdiction.