This Privacy Policy explains what personal and medical data Vinsfertility collects, why we collect it, how we use and protect it, who we share it with, and what rights you have over your data. We are committed to handling your information with the discretion and care that a sensitive fertility journey demands.
Who We Are
Vinsfertility ("we", "us", "our") is an ICMR-registered fertility centre operating across 15+ cities in India, specialising in IVF, altruistic surrogacy under the Surrogacy (Regulation) Act, 2021, and related assisted reproductive treatments.
For the purposes of data protection law, Vinsfertility is the Data Controller in respect of personal data you provide to us through our website, clinics, forms, or any other means of contact.
| Detail | Information |
|---|---|
| Company Name | Vinsfertility |
| Registered Address | New Delhi, India |
| Data Protection Contact | privacy@vinsfertility.com |
| Phone | +91-7303555015 |
| ICMR Registration | Registered — details available on request |
| Applicable Law | Digital Personal Data Protection Act, 2023 (DPDP Act); Information Technology Act, 2000; GDPR (for EU/UK users) |
What Data We Collect
We collect data in two ways: information you provide to us directly, and information collected automatically when you use our website.
2.1 Information You Provide Directly
| Category | Examples | When Collected |
|---|---|---|
| Contact Information | Name, phone number, email address, city | Consultation form, WhatsApp, email, phone call |
| Identity Documents | Aadhaar number, PAN (where required), marriage certificate | Surrogacy eligibility assessment — required by law |
| Medical History | Diagnosis, previous fertility treatments, test results (AMH, semen analysis, HSG), medications, surgical history | Clinical consultation, shared reports |
| Surrogacy-Specific Data | Eligibility documentation, surrogate relationship details, legal consent records, ART Board registration details | Surrogacy intake process — required under the Surrogacy (Regulation) Act, 2021 |
| Financial Information | Payment method type, transaction reference (not card numbers) | Treatment billing |
| Communications | Call recordings (where notified), WhatsApp messages, emails | Ongoing care and support |
2.2 Information Collected Automatically
| Data Type | Purpose |
|---|---|
| IP address | Security, fraud prevention, approximate location for clinic recommendations |
| Browser type & OS | Technical compatibility and performance monitoring |
| Pages visited & time on site | Understanding which content is most useful to visitors |
| Referral source | Understanding how people find us (e.g., search engine, social media) |
| Device type | Optimising website display for mobile and desktop users |
How We Use Your Data
We use your personal and medical data only for the purposes for which it was collected or for directly related purposes you would reasonably expect.
| Purpose | Data Used | Legal Basis |
|---|---|---|
| Providing fertility consultations and clinical care | Contact info, medical history, test results | Contract; Vital interests (healthcare) |
| Surrogacy eligibility assessment and legal compliance | Identity documents, medical records, ART Board data | Legal obligation (Surrogacy Act, 2021); ICMR guidelines |
| Responding to your enquiry or form submission | Name, phone, email, service interest | Legitimate interest; Consent |
| Booking and managing appointments | Contact info, location, service type | Contract |
| Treatment planning and clinical communication | Full medical record | Contract; Healthcare legal basis |
| Sending appointment reminders and care updates | Phone, email | Legitimate interest; Consent |
| Billing and financial administration | Contact info, treatment details, payment reference | Contract; Legal obligation |
| Improving our services (anonymised analytics) | Anonymised / aggregated website and clinical data | Legitimate interest |
| Sending relevant information about our services (if you opt in) | Email, phone | Consent (opt-in only) |
| Legal compliance and regulatory reporting | As required by ICMR, ART Board, and applicable law | Legal obligation |
We will only send you marketing or promotional communications if you have explicitly opted in. You can withdraw your consent at any time by emailing privacy@vinsfertility.com or clicking "unsubscribe" in any communication. Opting out does not affect your clinical care in any way.
Sensitive Medical & Personal Data
Medical and health data is classified as "Special Category" data under the DPDP Act, 2023 and GDPR, and receives the highest level of protection. This includes fertility diagnoses, treatment records, genetic information, and surrogacy-related documentation.
Given the nature of our services, we necessarily process sensitive health and personal data. This includes:
- Fertility diagnoses (e.g., PCOS, azoospermia, premature ovarian failure, uterine abnormalities)
- IVF cycle data — stimulation response, egg quality, embryo grading, genetic test results
- Reproductive history — miscarriages, previous pregnancies, surgical procedures
- Genetic testing results (PGT-A, PGT-M) where conducted
- Surrogate health and screening records
- Psychological assessment records (counselling)
- Identity and relationship documentation for surrogacy legal compliance
4.1 How We Protect Sensitive Data
Sensitive data is handled under strict access controls — only clinical staff directly involved in your care can access your full medical record. All medical records are stored on encrypted, access-controlled systems. Paper records are kept in secure, locked storage. Staff receive mandatory data protection training. Records are never shared without explicit written consent, except where legally required (e.g., ART Board reporting).
4.2 Surrogate Data
Data relating to surrogates — including health records, screening results, insurance details, and personal information — is handled with the same level of protection as intending parent data. Surrogates have the same rights over their personal data as described in Section 10 of this Policy. Surrogate data is shared only with parties directly involved in the surrogacy arrangement and legal process, as required under the Surrogacy (Regulation) Act, 2021.
Legal Basis for Processing
Under the Digital Personal Data Protection Act, 2023 (DPDP Act) and applicable data protection law, we are required to have a valid legal basis for processing your personal data. We rely on the following:
- Consent: Where you have freely, specifically, and unambiguously consented — for example, when submitting a contact form, opting into marketing communications, or consenting to specific clinical procedures. You may withdraw consent at any time.
- Contract: Where processing is necessary to provide the services you have requested — for example, booking and delivering an IVF or surrogacy consultation.
- Legal Obligation: Where we are required to process data to comply with Indian law — including ICMR regulations, ART Board reporting requirements, and the Surrogacy (Regulation) Act, 2021.
- Vital Interests: In emergency clinical situations where processing is necessary to protect a patient's health or safety.
- Legitimate Interests: For processing that is reasonably expected and does not override your rights — such as improving our website, preventing fraud, or sending appointment reminders to existing patients.
Who We Share Your Data With
We do not sell, rent, or trade your personal data. We share data only in the limited circumstances described below.
| Recipient | Purpose | Basis |
|---|---|---|
| Vinsfertility partner clinics & specialists | Delivering care across our network when you attend a partner centre | Contract; your explicit consent |
| National ART & Surrogacy Board | Mandatory ART Board registration and reporting under the Surrogacy (Regulation) Act, 2021 | Legal obligation |
| ICMR | Regulatory compliance and registration obligations | Legal obligation |
| Legal professionals (Adv. Malhotra's team) | Surrogacy legal process — magistrate orders, birth registration, consent documentation | Contract; Legal obligation; your consent |
| Diagnostic & genetics laboratories | Processing pathology samples, PGT-A testing — under strict data sharing agreements | Contract; your consent |
| Insurance providers | Arranging mandatory surrogate insurance under the Act, 2021 | Legal obligation; contract |
| IT & secure cloud infrastructure providers | Hosting patient records on encrypted, access-controlled servers | Legitimate interest; data processing agreements in place |
| Payment gateway providers | Processing treatment payments securely — they do not receive clinical data | Contract |
| Law enforcement / courts | Where legally compelled by a court order, judicial proceeding, or law enforcement request | Legal obligation |
All third-party service providers who access personal data on our behalf are bound by data processing agreements that require them to maintain equivalent standards of data protection.
How Long We Keep Your Data
We retain personal data only for as long as necessary for the purposes for which it was collected, and in accordance with applicable legal requirements.
| Data Type | Retention Period | Reason |
|---|---|---|
| Clinical & medical records | Minimum 7 years from last treatment date (adults); until age 25 where treatment commenced in childhood | ICMR requirements; Indian medical records regulations; clinical continuity |
| Surrogacy records (all parties) | 25 years from date of birth of surrogate-born child | Surrogacy (Regulation) Act, 2021 mandated retention for identity purposes |
| IVF embryo & genetic records | 10 years from last use or destruction of embryo | ICMR ART guidelines |
| Consultation enquiries (non-patients) | 12 months from last contact | Legitimate interest in follow-up; thereafter deleted |
| Financial / billing records | 7 years | Indian tax and accounting law |
| Website analytics (anonymised) | 26 months | Industry standard for performance monitoring |
| Marketing consent records | Until consent is withdrawn, plus 1 year | Proof of consent under DPDP Act |
Under the Surrogacy (Regulation) Act, 2021, surrogacy records must be retained for 25 years to allow children born through surrogacy to access information about their origin if they choose to in adulthood. This is a mandatory legal requirement, not a discretionary decision by Vinsfertility.
How We Keep Your Data Secure
We take data security seriously, particularly given the sensitive nature of fertility and medical data. Our security measures include:
- Encryption at rest and in transit: All electronic patient records are encrypted using industry-standard AES-256 encryption. All data transfers occur over TLS-secured connections.
- Role-based access controls: Only clinical staff directly involved in your care can access your full medical record. Administrative staff have access only to the information necessary for their role.
- Secure server infrastructure: Patient data is hosted on dedicated, access-controlled cloud servers located within India, operated by certified data centre providers.
- Physical security: Paper records and physical storage are kept in locked, restricted-access areas within our clinics.
- Staff training: All team members complete mandatory data protection and information security training annually.
- Data breach procedures: We maintain an incident response plan. In the event of a data breach affecting your data, we will notify you and the relevant authorities as required by the DPDP Act, 2023, within 72 hours of becoming aware of the breach.
- No card data stored: Payment card details are processed exclusively through PCI-DSS compliant payment gateways. We never store card numbers.
Cookies & Tracking Technologies
Our website uses cookies — small text files placed on your device — to improve functionality and understand how visitors use our site.
| Cookie Type | Purpose | Can You Opt Out? |
|---|---|---|
| Strictly Necessary | Essential for the website to function (e.g., session management, form security tokens) | No — these are required for the site to work |
| Analytics (e.g., Google Analytics) | Understanding which pages are most visited, how long visitors spend, and how they navigate the site — all anonymised | Yes — via cookie consent banner or browser settings |
| Functional | Remembering your preferences (e.g., language, city) to improve your experience | Yes — via cookie settings |
| Marketing / Remarketing | Showing relevant content to users who have previously visited our site (e.g., Google Ads, Meta Pixel — where used) | Yes — via cookie consent banner |
Managing Cookies
You can control cookies through your browser settings at any time. Please note that disabling certain cookies may affect the functionality of our website. Most browsers allow you to refuse all cookies, accept only certain types, or delete existing cookies. Instructions are available in your browser's help documentation.
For Google Analytics opt-out, you can install the Google Analytics opt-out browser add-on.
Your Rights Over Your Data
Under the Digital Personal Data Protection Act, 2023 (DPDP Act) and applicable law, you have the following rights in relation to your personal data held by Vinsfertility:
Right of Access
You can request a copy of the personal data we hold about you and confirmation of how it is being used.
Right to Correction
You can ask us to correct inaccurate or incomplete data. For medical records, corrections are annotated rather than deleted to maintain clinical integrity.
Right to Erasure
You can request deletion of your data where there is no legitimate reason for us to continue processing it. Note that medical retention obligations (Section 7) may limit this right.
Right to Object
You can object to processing based on legitimate interests, and to direct marketing at any time. We will stop unless we have compelling legitimate grounds.
Right to Portability
You can request your data in a structured, machine-readable format to transfer to another provider — applicable to data you provided under consent or contract.
Right to Restriction
You can ask us to restrict processing of your data in certain circumstances — for example, while a correction request is being assessed.
Right to Withdraw Consent
Where processing is based on consent, you can withdraw it at any time. This does not affect the lawfulness of processing before withdrawal.
Right to Complain
If you believe we have mishandled your data, you have the right to lodge a complaint with the Data Protection Board of India or relevant supervisory authority.
How to Exercise Your Rights
To exercise any of these rights, please contact our Data Protection Officer:
- Email: privacy@vinsfertility.com
- Phone: +91-7303555015
- Post: Data Protection Officer, Vinsfertility, New Delhi, India
We will respond to your request within 30 days. In complex cases, we may extend this by a further 30 days, and will inform you of the extension and reason. Requests are free of charge unless clearly unfounded or excessive.
We may need to verify your identity before processing your request to protect against unauthorised access to another person's data.
Children's Privacy
Our website and general services are intended for adults aged 18 and over. We do not knowingly collect personal data from anyone under 18 through our website, contact forms, or marketing channels.
In the context of clinical care, we may hold data about children born through surrogacy or IVF — this is held as part of the clinical and legal record as required by ICMR guidelines and the Surrogacy (Regulation) Act, 2021. Such data is held under enhanced protection and accessed only by clinical staff with a direct care relationship.
If you believe a child's data has been collected through our website without appropriate consent, please contact us immediately at privacy@vinsfertility.com and we will delete it promptly.
Third-Party Links & Services
Our website may contain links to third-party websites, including government portals (e.g., ART Board website, Ministry of Health), reference sources, and partner organisations. This Privacy Policy applies only to Vinsfertility's own website and services.
We are not responsible for the privacy practices of third-party websites. We recommend reading the privacy policy of any external site you visit. Links are provided for information and convenience only.
Third-party tools integrated into our website (such as Google Analytics, Google Maps, or WhatsApp) are subject to their own privacy policies. Where we use such tools, we ensure they are configured to minimise data collection and comply with applicable law.
Changes to This Privacy Policy
We review and update this Privacy Policy periodically to reflect changes in our services, legal requirements, or best practice. The "Last Updated" date at the top of this page will always reflect the most recent version.
Where we make material changes — for example, changes to how we use your sensitive medical data — we will notify existing patients by email or prominently on our website, and obtain fresh consent where required.
We encourage you to review this policy periodically. Continued use of our services after a policy update constitutes acceptance of the revised policy.
Contact Us About This Policy
If you have any questions, concerns, or requests relating to this Privacy Policy or how we handle your personal data, please contact our Data Protection Officer:
Data Protection Officer — Vinsfertility
We aim to resolve all privacy enquiries within 30 days. If you are unsatisfied with our response, you have the right to escalate your complaint to the Data Protection Board of India.