1. Introduction
Team Vimalakar Foundation ("we", "us", or "our") operates GI Cancer Screening Medical Camps as part of our Kunjara Yatra healthcare initiative. We are fully committed to safeguarding the privacy and confidentiality of all data collected from patients, volunteers, staff, and digital platforms. This Privacy Policy outlines our practices for handling personal data in compliance with:
- Health Insurance Portability and Accountability Act (HIPAA)
- General Data Protection Regulation (GDPR)
- Indian Digital Personal Data Protection Act, 2023
- Other regional and international health data regulations
2. Information We Collect
From Patients:
- Personal Identification: Full name, contact number, email (optional), gender, and age
- Demographics: Location, village/ward, occupation.
- Medical Data: Vitals, symptoms, consultation notes, screening, diagnostic and investigation records
- Consent & Acknowledgements: Digital or physical consent forms
- Photographs: For diagnosis, record-keeping, or case reference (with explicit consent)
From Volunteers & Staff:
- Basic identity and professional background
- Registration for participation in camp activities
- Training attendance, duties assigned, role-based access data
- Emergency contact details
Automatically Collected:
- IP address, device type, browser info when accessing our web app
- Activity timestamps, pages visited, form submissions (for optimization)
- Anonymous aggregated usage data for analytics
3. How We Use Information
- Medical Treatment: Enabling patient registration, diagnostics, and treatment workflows
- Camp Workflow: Managing 10-stage camp flow for optimal patient movement and care
- Staff Coordination: Assigning roles, shifts, and managing access based on staff responsibilities
- User Support: Responding to inquiries, complaints, and feedback
- Research & Planning: De-identified data for medical analysis and policy planning
- Performance Monitoring: Improving service delivery via analytics and feedback
4. Data Sharing & Disclosure
We do not sell or rent any data. Information is only shared under strict controls with:
- Internal Medical Team: Doctors and medical staff who require it for treatment
- Legal Authorities: Only if legally required under public health or compliance laws
- Technology Vendors: Such as Firebase and Google Workspace (with Data Processing Agreements)
- Academic Research: Only anonymized, aggregated data used in medical publications or reports
All recipients are bound by confidentiality and security clauses equivalent to our standards.
5. Data Storage & Security
Storage Practices:
- Encrypted data in Firebase Realtime Database and Firestore
- Controlled Google Drive-based Sheets with limited access
- Paper-based data digitized within 48 hours and securely destroyed
Security Protocols:
- 256-bit AES data encryption
- Role-based access control for staff and volunteers
- Google authentication for all app users
- Regular audits and logging of user activities
We investigate any suspected data breaches immediately and notify authorities as required by law.
6. Your Rights
For Patients:
- View your medical data on request
- Update or correct inaccurate data
- Withdraw consent from further communication
- Download your medical history in a secure format
- Request deletion (subject to legal constraints)
For Staff & Volunteers:
- Review participation and training history
- Update contact and profile information
- Opt out of future communication after service
- Raise privacy-related concerns or complaints
Email our Data Protection Officer at contact@teamvimalakarfoundation.org for all requests.
7. Data Retention
- Patient Records: Stored securely for up to 10 years as per medical retention norms
- Volunteer Records: Kept for 3 years after last engagement
- Audit Logs: Maintained for 2 years to track system access
- Web Data: Analytics retained for 26 months
- Financial Documents: Archived for 7 years as per statutory requirements
Data is deleted using certified wiping techniques and audit trails are maintained.
8. International Data Transfers
When working with international collaborators, your data is protected through:
- Standard Contractual Clauses (SCCs)
- Indian localization of sensitive health data
- Access restrictions for non-Indian servers
9. Cookies & Tracking
Our site uses cookies only where essential. We may optionally collect analytics data to:
- Understand visitor interaction with registration forms
- Track patient volume trends for planning
- Identify technical issues in the web app
You can control cookie preferences via your browser settings. No marketing cookies are used.
10. Changes to This Policy
This policy may be updated from time to time to reflect legal or operational changes. The latest version will always be available on our website. In case of significant updates, registered users will be notified via email or app.
11. Contact Information
Physical Address:
KIMS HOSPITALS SUNSHINE
Beside Jamia Masjid, Prakash Nagar
Begumpet, Hyderabad, Telangana, 500016
Last Updated: 12/04/2025