This Privacy Policy describes how Cure For Eyes (“we”, “our”, “us”) handles personal information collected through cureforeyes.com, our patient portal, in-clinic forms, and online payment flows. By using our website, booking an appointment, or completing a transaction, you consent to the practices described below.
01 Business Identity & Contact Details
Transparency starts with knowing exactly who you’re doing business with. The legal entity responsible for the processing of your personal data is:
Gurugram, Haryana – 122001, India
02 Information We Collect
We collect only the information necessary to deliver care, process transactions, and comply with applicable law. Categories of information collected are listed below.
| Category | What it includes |
|---|---|
| Personal Data | Full name, billing & shipping address, email address, mobile number, date of birth (where age verification is needed), and gender. |
| Clinical Data | Symptoms, prescriptions, examination findings, imaging and reports — collected only during clinical consultation, stored under medical confidentiality. |
| Transaction Data | Payment method (UPI / card / netbanking / wallet), order amount, invoice records, billing history, and refund history. |
| Technical Data | IP address, browser type, device identifier, pages visited, and approximate location (city-level) for fraud prevention & analytics. |
| Communication Data | Records of emails, WhatsApp chats, and call logs with our team for support, follow-up, and dispute resolution. |
03 Purpose of Data Usage
We use your information strictly for legitimate, disclosed purposes — never sold, never rented, never used for purposes you have not consented to.
- Service delivery — to schedule appointments, prepare consultation rooms, maintain medical records, and dispense spectacles, contact lenses, or prosthetics.
- Payment processing — to authorise and complete transactions, generate invoices, and reconcile settlements with banks.
- Fraud prevention & 2FA — to verify your identity, enforce Two-Factor Authentication on payments, and detect unusual or fraudulent activity.
- Refunds, chargebacks & disputes — to investigate and resolve transaction disputes, process refunds, and respond to chargeback claims raised with your bank.
- Customer support — to respond to your queries, follow up on care, and provide post-treatment guidance.
- Legal & regulatory compliance — to meet obligations under the IT Act, DPDP Act, Income Tax Act, and any RBI / health authority directive.
- Service improvements — to analyse anonymised usage patterns and improve our website, booking flow, and clinical services.
04 Data Sharing & Third Parties
We share information only with parties who genuinely need it to deliver, process, or regulate the service you have requested.
Payment Processors
Razorpay, CCAvenue, Stripe and other PCI-DSS certified gateways — for capturing, authorising, and settling transactions.
Banks & Card Networks
Acquiring banks, issuing banks, Visa, Mastercard, RuPay, UPI — to clear and settle payments and route refund or chargeback requests.
Logistics & Fulfilment Partners
Courier services for shipping spectacles, contact lenses, prosthetics, and lab reports — receive only name, address, and contact number.
Regulatory & Government Authorities
The Reserve Bank of India, Income Tax Department, courts, and law-enforcement agencies — when required by valid legal request, summons, or statutory mandate.
Cloud Infrastructure
Secure data centres located within or compliant with Indian data-localisation norms — bound by strict confidentiality and processing agreements.
Clinical Referrals
Only when you specifically authorise referral to another specialist or diagnostic centre for your continued care.
We do not sell or rent your personal data to advertisers, marketers, or any other commercial third party.
05 Security Practices
We employ industry-standard administrative, technical, and physical safeguards to protect your information from unauthorised access, alteration, or disclosure.
SSL / TLS Encryption
All data in transit between your browser and our servers is encrypted using TLS 1.2+.
PCI-DSS via Gateway
Card & UPI data is captured directly by certified gateways, never touching our servers.
2-Factor Authentication
OTP-based 2FA is enforced by your bank on every card or netbanking transaction.
Access Controls
Role-based access — only authorised clinical & finance staff can view sensitive records.
Audit Logging
Every access & change to personal data is logged with timestamps for security audits.
Regular Backups
Encrypted, geographically redundant backups with tested disaster-recovery procedures.
While no method of electronic transmission or storage is 100% secure, we use commercially reasonable means to protect your information. The payment gateway you transact with handles sensitive financial data in accordance with its respective security certifications and is independently audited under PCI-DSS standards.
06 Your Rights & Grievance Redressal
Under the Digital Personal Data Protection Act, 2023 and applicable Indian regulations, you have meaningful rights over your personal data.
Right to Access
Request a copy of the personal data we hold about you.
Right to Correct
Ask us to fix any information that is inaccurate or out of date.
Right to Erase
Request deletion of your data, subject to legal & medical retention rules.
Right to Data Portability
Receive your data in a structured, commonly used format.
Right to Withdraw Consent
Withdraw consent for non-essential processing at any time.
Right to Grievance Redressal
Raise a complaint with our designated Grievance Officer (below).
How to Exercise These Rights
To exercise any right, withdraw consent, or raise a privacy concern, email us at cureforeyes@gmail.com with the subject line “Privacy Request — [Your Request Type]”. We will respond within 30 days, as mandated by the DPDP Act.
Grievance Officer
In accordance with the Information Technology Act, 2000 and the DPDP Act, 2023, we have designated a Grievance Officer for any concerns about your personal data.
Mr. Sumit
07 Cookies & Tracking
Our website uses essential cookies to keep your session active during booking and checkout, and limited analytics cookies to understand which pages help patients most. You can disable non-essential cookies from your browser settings without affecting your ability to book appointments.
08 Retention & Policy Updates
We retain personal and transaction data for the period required by law — typically 8 years for tax and financial records, and as long as medically appropriate for clinical records. We may update this Privacy Policy from time to time. Material changes will be notified via our website, with an updated “Last Updated” date at the top of this page.