Effective Date: 16 July 2022

NeoGraft Hair Clinic (“NeoGraft”, “we”, “our”, or “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard the information you provide when you visit https://myneograftindia.com and any related sub‑domains, mobile applications, or online services we own and operate (collectively, the “Site”). It also describes your rights and choices regarding your personal data.

This Policy is drafted to comply with applicable privacy laws, including but not limited to India’s Digital Personal Data Protection Act 2023 (“DPDP Act”), the EU General Data Protection Regulation 2016/679 (“GDPR”), the UK GDPR, and the California Consumer Privacy Act / California Privacy Rights Act (“CCPA/CPRA”).

1. Information We Collect

We collect information in three primary ways:

### 1.1 Information You Provide Directly

Consultation details – medical history, photographs of scalp or skin, age, gender, lifestyle information, and any other data you voluntarily submit via our online forms, WhatsApp, Instagram, e‑mail, or during tele‑consults.
Account data – username, password, and profile information if you create an account on the Site.
Transaction data – billing address, shipping address, UPI ID, partial card details (the last four digits), order history, and communications with us.
Marketing preferences – your consent choices for newsletters, SMS, or WhatsApp alerts.

1.2 Information Collected Automatically When you interact with the Site, we and our service providers automatically collect certain information using cookies, pixels, log files, and similar technologies:

IP address, device type, operating system, and browser.
Referring/exit pages, clickstream data, pages viewed, and the dates/times of each visit.
Approximate geolocation derived from your IP address.

1.3 Information from Third Parties We may receive information about you from:

Social platforms – if you engage with us on Instagram, Facebook, or Google, subject to those platforms’ permissions.
Payment processors & logistics partners – confirmation of payments, shipping status, and delivery confirmations.

2. How We Use Your Information We process your personal data for the following purposes:

Medical consultation & treatment planning.
Order fulfilment & after‑sales support for products purchased via the Site.
Account creation and management.
Customer service – responding to your queries, feedback, or complaints.
Marketing & promotional communications, where permitted by law and based on your opt‑in consent.
Analytics & improvements – analysing Site traffic and user interactions to enhance user experience, services, and security.
Legal compliance & protection – complying with applicable laws, regulations, and enforcing our Terms of Service.

3. Legal Bases for Processing (GDPR/UK GDPR) We rely on one or more of the following legal grounds:

Consent (Article 6(1)(a)) – e.g., when you opt‑in to marketing.
Contractual necessity (Article 6(1)(b)) – to provide consultation or deliver products you order.
Legal obligation (Article 6(1)(c)).
Legitimate interests (Article 6(1)(f)) – e.g., fraud prevention, service improvement, minimal impact analytics.

4. Sharing & Disclosure of Information We do not sell or rent your personal data. We share it only:

With service providers acting on our behalf (payment gateways, cloud hosting, logistics, marketing platforms) under strict data‑processing agreements.
With medical collaborators (e.g., anaesthetists, dermatologists) when clinically relevant and with your knowledge.
For legal reasons – to comply with court orders, lawful requests, or defend our legal rights.
Business transfers – in the unlikely event of a merger, acquisition, or asset sale, your data may be transferred under equivalent safeguards.

5. International Data Transfers We host our servers in India, but some third‑party processors (e.g., email service providers, cloud infrastructure) may be located outside India. When we transfer data internationally, we rely on:

Adequacy decisions (for EU/UK transfers).
Standard Contractual Clauses (SCCs) or equivalent safeguards.
Your explicit consent, where required.

6. Cookies & Similar Technologies We use first‑party and third‑party cookies to:

Remember your preferences.
Keep you signed in.
Conduct analytics via Google Analytics 4. You may manage cookies through your browser settings. Blocking certain cookies may affect Site functionality.

7. Data Retention We retain personal data only as long as necessary to fulfil the purposes outlined in this Policy, unless a longer retention period is required or permitted by law (e.g., medical record retention standards under the Indian Medical Council regulations).

8. Your Rights Depending on your jurisdiction, you may have the right to:

Access, correct, or delete your personal data.
Withdraw consent at any time.
Object to or restrict processing.
Receive a copy of your data in a portable format.
Lodge a complaint with a supervisory authority.

To exercise these rights, please email neograftoffice@gmail.com

9. Marketing Communications You can opt‑out of marketing e‑mails by clicking the “unsubscribe” link. To opt‑out of WhatsApp or SMS campaigns, reply STOP or adjust your preferences in the My NeoGraft account.

10. Security We implement administrative, technical, and physical safeguards such as:

TLS 1.3 encryption for data‑in‑transit.
ISO‑27001‑certified data centre hosting.
Role‑based access controls (RBAC) and two‑factor authentication for staff. While we strive to protect your data, no method of transmission over the internet is 100 % secure.

11. Third‑Party Links & Integrations Our Site may contain links to external sites (e.g., YouTube, Instagram). We are not responsible for the privacy practices of those sites. Please read their policies before providing any data.

12. Children’s Privacy Our services are not directed to children under 16. We do not knowingly collect personal data from minors. If you believe a minor has provided data, contact us and we will delete it promptly.

13. Changes to This Privacy Policy We may update this Policy to reflect changes in law or our practices. We will post the revised version with an updated “Effective Date.” Significant changes will be notified via email or Site banner.

14. Contact Us Questions or concerns? Contact our Data Protection Officer (DPO):

Dr Nav Vikram Kamboj
NeoGraft Hair Clinic
SCO 3009‑3010, Sector 22‑D, Chandigarh 160022, India
Email: neograftoffice@gmail.com
Phone: +91‑90419‑99199

You are safe with Dr Vikram — artist and surgeon.

SCO 3009-3010, Sector 22D, Chandigarh 160022

Privacy Policy

Neograft Hair Clinic

1. Information We Collect

2. How We Use Your Information We process your personal data for the following purposes:

3. Legal Bases for Processing (GDPR/UK GDPR) We rely on one or more of the following legal grounds:

4. Sharing & Disclosure of Information We do not sell or rent your personal data. We share it only:

5. International Data Transfers We host our servers in India, but some third‑party processors (e.g., email service providers, cloud infrastructure) may be located outside India. When we transfer data internationally, we rely on:

6. Cookies & Similar Technologies We use first‑party and third‑party cookies to:

7. Data Retention We retain personal data only as long as necessary to fulfil the purposes outlined in this Policy, unless a longer retention period is required or permitted by law (e.g., medical record retention standards under the Indian Medical Council regulations).

8. Your Rights Depending on your jurisdiction, you may have the right to:

9. Marketing Communications You can opt‑out of marketing e‑mails by clicking the “unsubscribe” link. To opt‑out of WhatsApp or SMS campaigns, reply STOP or adjust your preferences in the My NeoGraft account.

10. Security We implement administrative, technical, and physical safeguards such as:

11. Third‑Party Links & Integrations Our Site may contain links to external sites (e.g., YouTube, Instagram). We are not responsible for the privacy practices of those sites. Please read their policies before providing any data.

12. Children’s Privacy Our services are not directed to children under 16. We do not knowingly collect personal data from minors. If you believe a minor has provided data, contact us and we will delete it promptly.

13. Changes to This Privacy Policy We may update this Policy to reflect changes in law or our practices. We will post the revised version with an updated “Effective Date.” Significant changes will be notified via email or Site banner.

14. Contact Us Questions or concerns? Contact our Data Protection Officer (DPO):

NAVIGATION

SERVICES WE OFFER

CONTACT US

Privacy Policy

Neograft Hair Clinic

1. Information We Collect

2. How We Use Your Information We process your personal data for the following purposes:

3. Legal Bases for Processing (GDPR/UK GDPR) We rely on one or more of the following legal grounds:

4. Sharing & Disclosure of Information We do not sell or rent your personal data. We share it only:

5. International Data Transfers We host our servers in India, but some third‑party processors (e.g., email service providers, cloud infrastructure) may be located outside India. When we transfer data internationally, we rely on:

6. Cookies & Similar Technologies We use first‑party and third‑party cookies to:

7. Data Retention We retain personal data only as long as necessary to fulfil the purposes outlined in this Policy, unless a longer retention period is required or permitted by law (e.g., medical record retention standards under the Indian Medical Council regulations).

8. Your Rights Depending on your jurisdiction, you may have the right to:

9. Marketing Communications You can opt‑out of marketing e‑mails by clicking the “unsubscribe” link. To opt‑out of WhatsApp or SMS campaigns, reply STOP or adjust your preferences in the My NeoGraft account.

10. Security We implement administrative, technical, and physical safeguards such as:

11. Third‑Party Links & Integrations Our Site may contain links to external sites (e.g., YouTube, Instagram). We are not responsible for the privacy practices of those sites. Please read their policies before providing any data.

12. Children’s Privacy Our services are not directed to children under 16. We do not knowingly collect personal data from minors. If you believe a minor has provided data, contact us and we will delete it promptly.

13. Changes to This Privacy Policy We may update this Policy to reflect changes in law or our practices. We will post the revised version with an updated “Effective Date.” Significant changes will be notified via email or Site banner.

14. Contact Us Questions or concerns? Contact our Data Protection Officer (DPO):

9. Marketing Communications You can opt‑out of marketing e‑mails by clicking the “unsubscribe” link. To opt‑out of WhatsApp or SMS campaigns, reply STOP or adjust your preferences in the My NeoGraft account.