Gabha Health Services Pvt. Ltd. is committed to ensuring the security, integrity, and
confidentiality of all data collected, processed, stored, and transmitted through its website,
mobile application, and associated systems. This Data Security Policy outlines the measures adopted to protect
information from unauthorized access, misuse, loss, or disclosure.
Purpose
The purpose of this policy is to establish a framework for safeguarding personal, medical, and
operational data in compliance with applicable laws, government healthcare guidelines, and industry
best practices.
Scope
This policy applies to:
- All users of the Gabha Health Services website and mobile application
- Hospitals, healthcare professionals, and scheme beneficiaries
- Employees, consultants, vendors, and third-party service providers
- All digital systems, servers, databases, and communication channels managed by Gabha Health Services
Types of Data Protected
We take appropriate measures to protect the following categories of data:
- Personal identification information
- Medical and health-related information
- Hospital and scheme operational data
- Login credentials and access-related information
- Communication and transaction records
Data Collection & Usage
- Data is collected only for legitimate and authorized purposes
- Usage is limited to service delivery, compliance, and operational needs
- Data access is granted strictly on a need-to-know basis
- Unauthorized use or disclosure of data is strictly prohibited
Security Measures
Gabha Health Services implements reasonable and appropriate security controls, including:
Technical Safeguards
- Secure servers and protected databases
- User authentication and access control mechanisms
- Encrypted data transmission where applicable
- Regular system updates and vulnerability assessments
Administrative Safeguards
- Defined data access roles and responsibilities
- Employee awareness and confidentiality obligations
- Internal policies governing data handling and security
Operational Safeguards
- Monitoring of systems to detect unauthorized activities
- Backup and recovery mechanisms to prevent data loss
- Controlled access to systems and infrastructure
Third-Party Data Security
Any third-party service provider or technology partner handling data on behalf of Gabha Health Services must:
- Comply with applicable data protection laws
- Follow equivalent or higher data security standards
- Maintain confidentiality and security of shared information
Failure to comply may result in termination of services.
Data Retention & Disposal
- Data is retained only for the period required to fulfill legal, regulatory, and operational obligations
- Secure methods are used for data deletion or destruction once retention requirements are met
- Unnecessary or outdated data is periodically reviewed and removed
Incident Management & Breach Response
In the event of a data security incident or breach:
- Immediate steps will be taken to contain and mitigate the issue
- Impacted systems will be secured and reviewed
- Necessary notifications will be made in accordance with applicable laws and regulations
- Preventive measures will be implemented to avoid recurrence
User Responsibilities
Users are responsible for:
- Maintaining confidentiality of login credentials
- Ensuring secure use of devices and networks
- Promptly reporting any suspected unauthorized access or security issues
Compliance & Review
This policy is reviewed periodically to ensure alignment with:
- Applicable data protection laws
- Government healthcare scheme requirements
- Industry security standards and best practices
Updates to this policy will be reflected on this page.
Contact Information
For questions, concerns, or reporting data security issues, please contact:
Email:gabhahealthservices@gmail.com
Phone: 9130321976/8055522666
Office Landline No: 02045157178
Policy Acceptance
By accessing or using our website, mobile application, or services, users acknowledge and agree to the terms
of this Data Security Policy.