Website Privacy Policy

Binding Agreement: This Privacy Policy constitutes a legally binding agreement between you (the "User", "Patient", or "Visitor") and Maxfac.in (referred to as "Maxfac", "we", "us", or "our"), defining how we handle personal data.

Jurisdictional Frameworks: This document is meticulously structured to comply simultaneously with national and international legislations, specifically the Indian Digital Personal Data Protection (DPDP) Act 2023, the US Health Insurance Portability and Accountability Act (HIPAA), and the European Union General Data Protection Regulation (GDPR).

Data Fiduciary Status: Under the DPDP Act 2023, Maxfac operates as a Data Fiduciary, determining the purpose and means of processing personal data. Under GDPR, we act as a Data Controller.

Covered Entities Status: Under US HIPAA rules, while the informational website is not itself a covered entity, the database systems syncing clinical appointment details with Dr. Saha's official surgical practice adhere strictly to Business Associate standards for Protected Health Information (PHI).

Policy Applicability: This policy applies to all users accessing Maxfac.in, submitting appointment inquiries, interacting with the iHANS AI Assistant, using the cookie consent preference manager, or visiting the administrative console.

Material Consent: Accessing, browsing, or utilizing the booking portals on Maxfac.in signifies your clear, unambiguous, and affirmative action representing consent to the collection and processing of data described herein.

Minors' Data Protection: We do not collect personal data from individuals under the age of 18 without explicit consent verified by a parent or legal guardian in accordance with Section 9 of the DPDP Act 2023 and GDPR Article 8.

Updates and Revisions: We reserve the right to modify this policy at any time. Changes will be posted to this page with an updated revision date. Continual use of the site implies acceptance of revised terms.

Definitions - Personal Data: In accordance with DPDP Section 2(t) and GDPR Article 4(1), "Personal Data" means any information relating to an identified or identifiable natural person.

Definitions - Sensitive Personal Data: This includes health datasets, clinical identifiers, biological gender, age, symptoms history, diagnostic files, and any elements relating to physical, physiological, or mental health conditions.

Patient Demographics: We collect full legal names, biological age, biological gender, current city of residence, state, and country of origin.

Contact Indicators: We collect primary telephone contact numbers, WhatsApp contact numbers, and email addresses.

Clinical Symptoms: We collect self-reported clinical symptoms, symptoms history, duration of illness, and specific clinical concern classifications (e.g. oral cancer, dental implants, cosmetic defects).

Urgency Indicators: We collect the user's self-assessed urgency flag (NORMAL or URGENT) to categorize triage priority.

Referral Identifiers: We collect information regarding how you discovered our portal, including doctor referrals or marketing campaign identifiers (UTM parameters).

Device Metadata: We collect hardware specifications, including operating system version, browser user agent, screen resolutions, and local timezone settings.

Network Indicators: We collect IPv4 and IPv6 network addresses, network routing sources, and geographical location indicators.

Session Timestamps: We record precise timestamps of session creation, initial page land, activity queues transmission, and overall visit frequency.

Search Queries: We capture search queries typed into the portal’s lookup fields to evaluate rising healthcare demands.

AI Chatbot Transcripts: Conversations and symptoms checked through the iHANS assistant are logged to facilitate user intent analysis, strictly subject to privacy permissions.

Protected Health Information (PHI): We classify clinical symptoms, emergency flags, and appointment records submitted to the site as Protected Health Information under US HIPAA Rules.

De-identification Standards: Any health data utilized for analytical reports, geographical demand rankings, or service volume charts is strictly de-identified in accordance with HIPAA Safe Harbor standards.

Encryption in Transit: All PHI transmitted between the browser client and the backend database server is encrypted using Secure Sockets Layer (SSL) and Transport Layer Security (TLS 1.3).

Encryption at Rest: Database tables containing sensitive user details are encrypted at rest using AES-256 standards, preventing physical storage access.

Database Decoupling: We store all visitor intelligence, cookies preferences, and tracking logs separately from core clinical surgical records to prevent cross-exposure of diagnostic data.

Role-Based Access Control (RBAC): Access to appointment datasets and whitelisting features in the admin console is strictly restricted based on roles (Admin, Manager, Employee) to enforce the "Minimum Necessary" standard.

Audit Trails: The backend maintains read/write audit logs tracking which administrator or employee accessed, modified, or canceled patient bookings.

Session Timeouts: Administrative sessions automatically terminate after a set period of inactivity to prevent unauthorized access at public terminals.

No Marketing Exploitation of PHI: We will never sell, rent, or lease clinical symptom profiles or PHI to third-party advertisers.

Business Associate Agreements: Any cloud storage providers, database hosting networks, or automated SMS/WhatsApp gateways handling PHI must execute Business Associate Agreements (BAAs) prior to data exchange.

Appointment Coordination: We process your name, contact phone, and preferred date/time to schedule consultation slots across our clinics.

Clinical Triage: Symptom submissions are analyzed to assess urgency levels and prioritize trauma or cancer inquiries over standard consults.

Verification & OTP Authentication: We process phone numbers to send booking confirmation OTPs and security verification alerts.

Lead Classification: We evaluate user activity metrics (scrolls, page views, click rates) to classify leads and optimize clinical resource allocation.

Market Research: Geolocation and page interest scores are analyzed to determine geographic demand trends for maxillofacial surgeries.

Performance Optimization: Interaction maps (rage clicks, dead clicks) are analyzed to debug user experience bottlenecks.

Legal Compliance: Data may be processed to comply with statutory healthcare directives, tax requirements, or judicial orders.

Consent as Legal Basis: Our primary legal basis for general visitor intelligence tracking and analytical cookies is your explicit, opt-in consent.

Performance of a Contract: The processing of appointment requests is justified on the grounds of fulfilling the request for a clinical consultation.

Legitimate Interests: Debugging UX flaws, monitoring system abuse, and evaluating general traffic volumes represent legitimate operational interests.

Cookie Consent Banner: A floating glassmorphic consent banner displays on the first visit, allowing the user to select specific preference categories.

Essential Cookies: Caching essential session variables, appointment tokens, and CSRF protection markers are always active by default.

Analytics Opt-in: Performance tracking scripts, event recorders, scroll watchers, and heatmap logs are blocked until analytics consent is granted.

Marketing Opt-in: Conversion pixels (Google Ads, Meta Pixel) are initialized only after the user selects "Marketing" or "Accept All" preferences.

AI Assistant Cookie Memory: The chatbot uses cookie identifiers to maintain conversation history across pages, active only with functional consent.

Preferences Caching: Consent choices are saved locally (`maxfac_consent_preferences`) to prevent consent banner repetition.

Revisitable Preference Widget: A floating shield icon is permanently accessible in the lower corner, enabling users to adjust consent settings at any time.

Client-side Geolocation: Real-time city and regional analysis is fetched via a secure client-side API lookup (`ipapi.co`) only if analytics tracking is accepted.

IP Address Storage: We do not log IP addresses in the database unless the visitor explicitly accepts the analytics policy.

Consent Revocation: Revoking consent immediately clears related tracking cookies and halts active tracking sessions.

Right of Access (Article 15): EU residents have the right to request confirmation of data processing and obtain a copy of their personal data.

Right to Rectification (Article 16): Users may request the correction of inaccurate or incomplete personal data stored in our systems.

Right to Erasure (Article 17): Also known as the "Right to be Forgotten", users can request the deletion of their records under specific conditions.

Right to Restriction of Processing (Article 18): Users can request the suspension of data processing while disputing data accuracy.

Right to Data Portability (Article 20): Users have the right to receive their personal data in a structured, machine-readable format.

Right to Object (Article 21): Users may object to data processing based on legitimate interests or for direct marketing purposes.

Automated Decision-Making (Article 22): Users have the right to contest decisions based solely on automated processing.

Right to Lodge a Complaint: EU residents have the right to report data concerns to their local Supervisory Authority.

No Fee for Requests: Exercising data subject rights is generally free of charge, unless the request is unfounded or excessive.

Response Window: We will respond to verified data requests within 30 days, as required by GDPR guidelines.

Right to Information (Section 11): Indian residents can request a summary of personal data processed and a list of fiduciaries with whom it has been shared.

Right to Correction & Erasure (Section 12): Users may request the correction, completion, updating, or erasure of their personal data.

Right of Grievance Redressal (Section 13): Users can register complaints with our Data Protection Officer regarding data handling practices.

Right to Nominate (Section 14): Users have the right to nominate an individual to act on their behalf in the event of death or incapacity.

Consent Withdrawal: Consent may be withdrawn at any time. Withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

Notice in Plain Language: Requests for consent are presented in plain language, describing the data collected and the purpose of processing.

Multilingual Notice Availability: Notice details are available in English, with translations available upon request in scheduled regional languages.

Escalation to DPBI: If grievance responses are unsatisfactory, users may escalate complaints to the Data Protection Board of India (DPBI).

Duties of Data Principal: Users are advised not to submit false information or impersonate others, as penalties may apply under Section 15 of the DPDP Act.

Specified Fiduciary Obligations: We implement necessary security measures to prevent data breaches and maintain records of processing activities.

Web Application Firewall (WAF): WAF protection is active to filter malicious traffic and block unauthorized intrusion attempts.

Intrusion Detection & Prevention: Systems monitor the server for anomalous file changes, brute force attempts, and code injection exploits.

Vulnerability Scanning: Regular security scans are performed on backend libraries and endpoints to detect and patch security flaws.

Secure Password Hashing: Staff passwords stored in the database are hashed using bcrypt with custom work factors.

Database Access Isolation: Database access is configured with restricted user accounts, limiting administrative permissions to authorized operations.

Google OAuth Integration: Admin authentication utilizes Google OAuth 2.0 Identity services to prevent local password storage vulnerabilities.

CSRF Tokens: State-modifying requests require CSRF token validation to block cross-site request forgery attacks.

Data Backup Protocols: Database tables are backed up daily using encrypted formats to prevent data loss.

Server Physical Security: Servers are hosted in secure datacenters featuring multi-factor biometric access controls and 24/7 monitoring.

Staff Security Training: Clinical and web support staff undergo regular training on phishing prevention and secure data handling procedures.

No Ad Network Sharing: We do not share clinical symptoms, urgency levels, or phone numbers with advertising networks or social media companies.

Clinical Team Integration: Demographics and appointment requests are shared with Dr. Saha's official clinical coordination staff to confirm bookings.

SMS/WhatsApp Gateways: Patient phone numbers are shared with secure gateways to send booking notifications and reminders.

Cloud Infrastructure Providers: Encrypted data tables are hosted on secure cloud infrastructure providers (e.g. AWS, Google Cloud, DigitalOcean).

Contractual Safeguards: Third-party processors are bound by data processing agreements (DPAs) detailing confidentiality and security obligations.

Cross-Border Transfers: Data may be transferred outside your country of residence for cloud hosting purposes, in compliance with GDPR Chapter V and DPDP Section 6.

Standard Contractual Clauses (SCCs): Transfers involving EU data to non-EU jurisdictions utilize standard contractual clauses approved by the European Commission.

No Transfer to Restricted Countries: We do not transfer personal data of Indian residents to countries restricted by the Government of India under the DPDP Act.

Legal Obligations: Data may be disclosed to government agencies or law enforcement if required by a valid legal order.

Corporate Transactions: In the event of a merger or acquisition, patient data will remain subject to the confidentiality commitments of this policy.

Retention Timeline - Sessions: Visitor tracking logs and analytics session files are automatically deleted after 180 days of inactivity.

Retention Timeline - Bookings: Booking demographics and symptoms history are retained as medical records in compliance with Indian healthcare regulations.

Retracted Bookings Deletion: Details of canceled appointments are archived and deleted after a period of 12 months, unless legal retention requirements apply.

Data Breach Assessment: In the event of a security incident, we will immediately evaluate the scope of the breach and identify affected datasets.

Notification to Regulatory Authorities: We will notify the Indian Computer Emergency Response Team (CERT-In) and the DPBI within 72 hours of confirming a personal data breach.

Notification to Affected Patients: If a breach is likely to result in high risk to patient rights, we will notify affected individuals directly without undue delay.

Data Protection Officer (DPO): For questions regarding this policy or to exercise data rights, contact our DPO at `dpo@maxfac.in` or via post at our Kolkata clinic address.

DPO Grievance Redressal: Grievance requests will be reviewed and addressed within 15 days of receipt.

Right to Amend this Notice: This privacy policy page was generated dynamically and is subject to regular updates to align with regulatory changes.

Consent Confirmation: By checking the consent box during booking, you acknowledge that you have read, understood, and voluntarily agree to this Privacy Policy.