PRIVACY POLICY

Last Updated: 30 April 2026  •  Effective Date: 1 May 2026  •  Version 1.0

Orisalign Private Limited  |  MIG-1, 43/5, Housing Board Colony, Chandrasekharpur, Bhubaneswar – 751016, Odisha

This Privacy Policy explains how Orisalign Private Limited collects, uses, stores, shares, and protects your personal data. It applies to all patients, clients, website visitors, and users who interact with Orisalign Private Limited through any channel including our website, booking platform, and all consultation services.

By using any Orisalign Private Limited service or by booking an appointment, you acknowledge that you have read and understood this Privacy Policy. This policy is governed by the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act, 2000, and all other applicable Indian laws.

1. WHO WE ARE

Orisalign Private Limited is a healthcare and aesthetic services company incorporated and operating in the State of Odisha, India. We provide medical and aesthetic consultations and treatments through qualified practitioners registered with the Odisha Council of Medical Registration (OCMR).

Under the Digital Personal Data Protection Act, 2023, Orisalign Private Limited is the Data Fiduciary responsible for your personal data.

2. WHAT PERSONAL DATA WE COLLECT

We collect and process the following categories of personal data:

2.1 Data you provide directly

• Identity data: Full name, date of birth, age, gender.
• Contact data: Phone number, email address, residential address.
• Identity verification data: Government-issued ID type and number such as Aadhaar, PAN, or driving licence, collected where required for verification purposes.
• Health and medical data: Medical history, current medications, known allergies, previous procedures, treatment records, clinical notes, and any other health information you disclose to our practitioners. This is Sensitive Personal Data under the DPDP Act, 2023 and is handled with the highest level of care.
• Financial data: Payment details sufficient to process transactions. We do not store full card or bank account numbers.
• Visual data: Clinical photographs and video stills, where you have given specific consent under our Photography and Media Consent policy.
• Communication data: Records of communications between you and Orisalign Private Limited via phone, SMS, WhatsApp, and email.

2.2 Data we collect automatically

• Website usage data: IP address, browser type, pages visited, time and date of visit, and referral source, collected through cookies and similar tracking technologies when you visit our website.
• Booking platform data: Appointment history, service preferences, and booking behaviour collected through our booking system.

2.3 Data we receive from third parties

• Where you book through a third-party platform or are referred to us by another healthcare provider, we may receive basic identification and contact data from that source. Such data is handled in accordance with this policy from the point of receipt.

3. HOW WE USE YOUR PERSONAL DATA

We use your personal data only for the purposes for which it was collected or for purposes that are compatible with those original purposes.

4. LEGAL BASIS FOR PROCESSING

Under the Digital Personal Data Protection Act, 2023, we process your personal data on the following legal bases:

• Consent: For the collection of health data, photography, promotional communications, and marketing contact, we rely on your freely given, specific, informed, and unambiguous consent, provided at the time of booking or at a subsequent point.
• Legitimate interest and legal obligation: For maintaining clinical records, processing payments, complying with OCMR and NMC professional obligations, and responding to legal claims, we process data as necessary to fulfil our legal and professional duties.

You may withdraw any consent given to us at any time by contacting us at hello@orisalign.com. Withdrawal of consent does not affect the lawfulness of any processing carried out before the withdrawal.

5. WHO WE SHARE YOUR DATA WITH

Orisalign Private Limited does not sell your personal data to any third party. We share your personal data only in the following limited circumstances:

• Practitioners: Your health and appointment data is shared with the specific practitioner conducting your consultation or treatment. All practitioners are bound by professional confidentiality obligations.
• Payment processors: Basic transaction data is shared with payment processing partners solely for the purpose of processing your payment. We do not share health data with payment processors.
• Technology platforms: Where telemedicine sessions are conducted via third-party platforms such as WhatsApp, Zoom, or Google Meet, the communication itself passes through those platforms' infrastructure. We do not share your full medical record with these platforms.
• Legal and regulatory authorities: We may disclose your data to regulatory bodies, courts, law enforcement agencies, or the Data Protection Board of India where required by law or in response to a valid legal process.
• Professional advisors: We may share data with our legal advisors, auditors, or insurers on a strictly confidential basis where necessary.

In all cases of data sharing, we take reasonable steps to ensure that recipients handle your data with an equivalent standard of care.

6. COOKIES AND WEBSITE TRACKING

Our website uses cookies and similar tracking technologies to improve your browsing experience and to understand how visitors use our site.

6.1 What cookies we use

• Essential cookies: Necessary for the website to function correctly, including enabling the booking system to operate. These cannot be disabled.
• Analytics cookies: Used to collect aggregated information about how visitors use our website, such as pages visited and time spent. This data is anonymised and not linked to individual users.
• Functional cookies: Used to remember your preferences and improve your experience on return visits.

6.2 Managing cookies

You can manage or disable non-essential cookies through your browser settings at any time. Disabling certain cookies may affect the functionality of our website. A cookie consent banner will be displayed on your first visit to our website where required by applicable law.

7. HOW LONG WE KEEP YOUR DATA

• Medical and clinical records: Retained for a minimum of three years from the date of your last appointment, or for such longer period as is required under applicable Indian law or professional regulations.
• Photographs: Retained for the period covered by your photography consent, or until you withdraw that consent, subject to any mandatory clinical record-keeping requirements.
• Financial records: Retained for the period required under GST legislation and applicable tax law.
• Communication records: Retained for a period of two years from the date of the communication, or for longer where relevant to an ongoing dispute or legal matter.
• Website and booking data: Retained for a period of one year from your last interaction with our website or booking platform, unless a longer period is required.

After the applicable retention period, all personal data is securely and permanently deleted or anonymised in a manner that prevents re-identification.

8. HOW WE PROTECT YOUR DATA

Orisalign Private Limited takes the security of your personal data seriously and implements appropriate technical and organisational measures to protect it, including:

• Encrypted digital storage for all electronic patient records and clinical data.
• Access controls ensuring that only authorised personnel can access patient data, limited to what is necessary for their specific role.
• Locked physical storage for all paper-based records.
• Confidentiality obligations for all practitioners and staff who handle patient data.
• Regular review of data security practices.

In the event of a personal data breach, we will notify affected individuals and the Data Protection Board of India without undue delay, in accordance with the requirements of the DPDP Act, 2023.

9. YOUR RIGHTS UNDER THE DPDP ACT, 2023

As a data principal under the Digital Personal Data Protection Act, 2023, you have the following rights in relation to your personal data:

• Right to Access: You may request a copy of all personal data that Orisalign Private Limited holds about you.
• Right to Correction: You may request that any inaccurate or incomplete personal data be corrected or updated.
• Right to Erasure: You may request the deletion of your personal data. We will comply subject to any mandatory legal record-retention obligations that prevent immediate deletion.
• Right to Withdraw Consent: You may withdraw any consent you have given to us at any time. Withdrawal does not affect processing already carried out.
• Right to Grievance Redressal: You may raise a data protection complaint or concern directly with us. If you are not satisfied with our response, you may file a complaint with the Data Protection Board of India.
• Right to Nominate: You may nominate another individual to exercise your data rights on your behalf in the event of your death or incapacity.

To exercise any of these rights, please contact us at hello@orisalign.com. We will acknowledge your request within a reasonable time and respond within the period required under applicable law.

10. CHILDREN AND MINOR PATIENTS

Where services are provided to patients under 18 years of age, all data collection and processing is conducted through and with the consent of the parent or legal guardian. We do not knowingly collect data directly from individuals under 18 without verified parental or guardian consent.

Parents or guardians may exercise all data rights on behalf of a minor patient by contacting us at hello@orisalign.com.

11. THIRD-PARTY LINKS AND PLATFORMS

Our website may contain links to third-party websites or services. This Privacy Policy does not apply to those third-party sites. We are not responsible for the privacy practices of any third-party website or platform. We encourage you to read the privacy policy of any external site you visit.

For telemedicine consultations conducted via third-party platforms, those platforms' own privacy policies govern the data processed by their systems. Please review those policies before using those platforms.

12. CHANGES TO THIS PRIVACY POLICY

Orisalign Private Limited may update this Privacy Policy from time to time to reflect changes in our services, legal requirements, or data practices. The current version will always be available on our website and will include the effective date of the latest revision. Where changes are material, we will notify existing patients via email.

Continued use of our services after any update to this policy constitutes acceptance of the revised terms.

13. CONTACT AND GRIEVANCE

For all privacy-related queries, data access requests, consent withdrawals, or complaints, please contact:

We aim to respond to all data-related requests within seven working days. If you are not satisfied with our response, you may escalate your complaint to the Data Protection Board of India.