Skip to main content

Privacy Policy

How Dr. Karolin Rockson PT handles your personal and health information across our clinics, website, and messaging channels.

Effective date:

1. Who we are

Dr. Karolin Rockson PT operates the Vellore Physio clinics at Vellore, Katpadi, and Ranipet, and the website vellorephysio.com. We are the data controller for personal information collected through these channels.

2. Information we collect

  • Identity: name, date of birth, gender, address, phone, email.
  • Health: presenting complaint, medical history, medications, imaging reports, assessment findings, treatment notes.
  • Consent records: signed intake and consent forms, WhatsApp opt-ins.
  • Technical: IP address, device type, pages viewed, referrer, cookies (see cookie policy).

3. Why we collect it

  • To assess, plan, and deliver physiotherapy care.
  • To keep a lawful clinical record and issue invoices.
  • To coordinate with your referring doctor, insurer, or CMC Vellore consultants, only with your consent.
  • To answer enquiries via WhatsApp, phone, email, or web forms.
  • To improve the service (aggregated analytics; never sold).

4. Lawful basis

We rely on your explicit consent (Digital Personal Data Protection Act 2023, GDPR Article 9(2)(a) for health data) and on legitimate interest for basic operational data. You may withdraw consent any time by emailing care@vellorephysio.com.

5. Who we share with

  • Your treating team within the practice, on a need-to-know basis.
  • Referring doctors, insurers, or hospitals only with your explicit consent.
  • IT vendors under written data-processing agreements (hosting, WhatsApp Business, email).
  • Regulators or courts if legally required.

We never sell patient data. We do not use patient data for third-party advertising.

6. How long we keep it

Clinical records are retained for a minimum of 8 years after the last visit (adult) or until the patient is 21 (paediatric), in line with Indian Medical Council guidance. Marketing and website data are kept for up to 24 months, then deleted or anonymised.

7. Security

Records are stored on access-controlled servers with encryption in transit and at rest. Paper intake forms are locked in the flagship centre. Staff sign confidentiality agreements. We audit access logs quarterly.

8. Your rights

You may request access, correction, deletion, portability, or restriction of your data. Email care@vellorephysio.com with a copy of a government ID. We respond within 30 days. You may complain to India's Data Protection Board or your local regulator.

9. Children

For patients under 18, a parent or guardian must sign intake and consent forms. We limit collection to what is clinically necessary and never target minors with marketing.

10. Changes to this policy

Material changes are announced on this page and, where practical, by email. Continued use of the service after changes constitutes acceptance.