01. Who we are

This website (gastrosurgeonnellore.com) is operated by the practice of Dr. Dwarakanath Reddy Vembuluru, Senior Consultant in Gastrointestinal and HPB Surgery at Apollo Speciality Hospitals, Nellore. For the purposes of India’s Digital Personal Data Protection Act, 2023 ("DPDP Act"), the practice is the Data Fiduciary for personal data collected through this site.

Operating address: No. 16/111/1133, Muthukur Road, Pinakini Nagar, Nellore, Andhra Pradesh 524004. Practice email: dwarak858@gmail.com.

Apollo Speciality Hospitals, Nellore separately maintains its own privacy practices for clinical records, hospital admissions, and inpatient care. This policy covers only the information collected through this website.

02. Data we collect

We collect data only when you choose to share it or use our site:

  • Contact form submissions: name, phone number, email address, preferred consultation date and time, reason for consultation, and any message you write.
  • WhatsApp messages: when you click a WhatsApp link from this site, your conversation with Dr. Reddy happens within WhatsApp, governed by Meta Platforms, Inc.’s privacy policy. We do not store WhatsApp messages on our servers.
  • Server logs: our hosting provider records standard web logs (IP address, browser type, referring page, timestamp) for security and performance.
  • Analytics data (if you consent): pageviews, device category, approximate city-level location, referrer source, and on-page interactions. Collected only after you accept analytics cookies.
  • Session recordings (if you consent): anonymous mouse movements, scroll depth, and clicks via Microsoft Clarity. No keystrokes from form fields are recorded.
  • Consent preferences: a small cookie/local-storage record of your cookie choices.

We do not collect health records, scans, prescriptions, or clinical data through this website. Any clinical material you share via WhatsApp is held by you and Dr. Reddy directly; the website does not see it.

03. Why we collect it

  • To respond to your consultation enquiries and schedule appointments
  • To send you confirmations and follow-ups about your enquiry
  • To improve the website based on aggregate usage patterns
  • To detect and prevent fraud, spam, and abuse
  • To comply with our legal and professional obligations

We do not sell, rent, or share your personal data for advertising or marketing by third parties.

04. Lawful basis for processing

Under the DPDP Act 2023, we rely on the following bases:

  • Consent: when you submit the contact form, message us on WhatsApp, or accept analytics cookies, you give explicit consent for the specific processing described.
  • Legitimate use: server logs and security-related data may be processed for fraud prevention and to keep the site available.

You may withdraw consent at any time, see "Your rights" below.

05. Who we share it with

We share data only with service providers who help us run this site, and only to the extent necessary:

  • Vercel Inc. (United States), web hosting and infrastructure.
  • Resend (United States), transactional email delivery for contact-form messages. (Activated only when you submit the form.)
  • GoDaddy, domain registrar and DNS provider.
  • Google LLC (Google Analytics 4, Google Search Console, Google Business Profile), analytics and search visibility. Activated only after you accept analytics cookies.
  • Microsoft Corporation (Microsoft Clarity), anonymised session analytics. Activated only after you accept analytics cookies.
  • Meta Platforms, Inc. (WhatsApp), if you choose to message us via WhatsApp links from the site.

We do not share your data with hospitals, insurers, or third parties for their independent marketing. If your enquiry leads to an appointment at Apollo Speciality Hospitals, Apollo will collect any further information directly from you under their own privacy terms.

06. Cookies and similar technologies

This site uses three categories of cookies. You control which ones load via the cookie banner that appears on your first visit.

Strictly necessary (always on)

  • Your cookie consent preference (so we don’t ask again)
  • Session continuity tokens used by the hosting provider

These cannot be disabled because the site cannot function without them.

Analytics (off by default, your choice)

  • Google Analytics 4 (when enabled): _ga, _ga_*
  • Microsoft Clarity (when enabled): _clck, _clsk, CLID

These help us understand how visitors use the site so we can improve content and layout.

Marketing (not currently used)

We do not currently run paid advertising or set marketing cookies. If we add Meta Pixel, Google Ads, or similar in the future, this policy will be updated and you will be re-prompted for consent.

You can change your cookie choices at any time by clearing your browser’s local storage and reloading the site, or by clicking the "Cookie preferences" link in the footer.

07. How long we keep it

  • Contact form submissions: 24 months, or longer if needed to provide ongoing care or to comply with medical record-keeping rules.
  • Server logs: approximately 30 days.
  • Analytics data: 14 months (Google Analytics 4 default).
  • Session recordings: 13 months (Microsoft Clarity default).
  • Consent preference: 12 months on your device, then we ask again.

08. Your rights

Under the DPDP Act 2023, you have the right to:

  • Obtain a summary of the personal data we hold about you
  • Correct, complete, or update your personal data
  • Erase your personal data, subject to applicable medical record-keeping rules
  • Withdraw consent for any processing that is based on your consent
  • Nominate another individual to exercise your rights in case of incapacity or death
  • File a grievance with our Grievance Officer (see section 13)
  • Approach the Data Protection Board of India if your grievance is not satisfactorily addressed

To exercise any of these rights, email dwarak858@gmail.com with the subject line "Privacy request" and a description of what you would like done. We will respond within 30 days.

09. Cross-border data transfers

Some of our service providers (Vercel, Resend, Google, Microsoft) operate servers outside India, principally in the United States and the European Union. The DPDP Act 2023 permits transfers to jurisdictions not specifically restricted by the Government of India. By using this site or accepting analytics cookies, you consent to your data being processed in these jurisdictions, with the same protections described in this policy.

10. Security

  • HTTPS / TLS 1.3 enforced for every page (encrypted in transit)
  • No payment data is collected on this website
  • Hosting provider (Vercel) operates SOC 2 Type II certified infrastructure
  • Email transit is TLS-encrypted via Resend
  • Limited internal access to contact-form submissions

No system is perfectly secure. If you become aware of a security incident, please email dwarak858@gmail.com immediately.

11. Children’s data

This website is intended for adults seeking information about gastrointestinal surgery. We do not knowingly collect personal data from children under 18 years of age without verifiable parental or guardian consent. If you believe a child has submitted personal data through this site, contact us and we will delete it.

12. Updates to this policy

We may update this privacy policy from time to time, for example, when we add new tools, when laws change, or when our practices evolve. The "Last updated" date at the top of this page reflects the most recent version. Material changes (especially to data sharing or new cookie categories) will trigger a re-prompt of the cookie consent banner so you can review your choices.

13. Grievance officer

As required by the DPDP Act 2023, the practice has designated the following Grievance Officer to address concerns regarding this privacy policy and the handling of your personal data:

Name: Dr. Dwarakanath Reddy Vembuluru
Designation: Senior Consultant and Data Fiduciary representative
Email: dwarak858@gmail.com
Address: No. 16/111/1133, Muthukur Road, Pinakini Nagar, Nellore, Andhra Pradesh 524004
Response time: within 30 days of a written grievance

If you remain dissatisfied with the resolution provided, you may approach the Data Protection Board of India as constituted under the DPDP Act 2023.