Nuclear Theranostics
Privacy Policy
Operated by: Theranostic Physicians Private Limited (“TPPL”) · CIN U86201DL2024PTC434517
Applies to: www.nucleartheranostics.com and its sub-domains, micro-sites and online services
Effective date: 19 June 2026 · Last updated: 19 June 2026 · Version: 1.0
Theranostic Physicians Private Limited (“TPPL”, “we”, “us” or “our”) respects your privacy and is committed to protecting the personal data you share with us. This Privacy Policy explains what personal data we collect through www.nucleartheranostics.com (the “Website”) and the services offered on it, why we collect it, how we use, store, share and protect it, the choices and rights available to you, and how you can contact us.
This Privacy Policy is published in accordance with the Digital Personal Data Protection Act, 2023 and the Digital Personal Data Protection Rules, 2025 (together, the “DPDP Law”), the Information Technology Act, 2000 and the rules made under it, and other applicable Indian law. For the purposes of the DPDP Law, TPPL is the Data Fiduciary in respect of the personal data processed through the Website, and you are the Data Principal.
Please read this Privacy Policy together with our Terms & Conditions. By accessing the Website, submitting information to us, or using any of our services, you confirm that you have read and understood this Privacy Policy.
The Website is not for medical emergencies. If you are experiencing a medical emergency, call your local emergency number (in India, dial 112) or go to the nearest hospital immediately. Do not use this Website to request urgent or emergency care.
1. Scope of this Policy
This Privacy Policy applies to personal data we collect:
- when you visit or browse the Website;
- when you complete a form, make an enquiry, or contact us by e-mail, telephone, WhatsApp or any messaging channel linked from the Website;
- when you use, or apply to use, any service offered through the Website, including the Online Consultation Service, the Second Read Service (an imaging review of PET-CT and related imaging) and PET Scan Booking Facilitation; and
- when you upload medical images, reports or clinical records to us.
The Online Consultation Service and the Second Read Service each have their own Service-Specific Terms, which include further detail on how data is handled for that service (the Online Consultation Terms and the Second Read Service Terms). Where those terms and this Policy differ in respect of a particular service, the Service-Specific Terms prevail for that service.
This Policy does not govern the privacy practices of any hospital, diagnostic facility, laboratory, payment provider or other third party that operates under its own privacy policy. In particular, where a PET-CT scan or other diagnostic procedure is performed at Fortis Memorial Research Institute (“FMRI”), Sector 44, Gurugram, or any other facility, the handling of your data by that facility is governed by that facility’s own policies (see Sections 8 and 17).
2. Key definitions
| Term | Meaning |
|---|
| Personal Data | Any data about an individual who is identifiable by or in relation to such data. |
| Health / Medical Data | Personal data relating to your physical or mental health, medical history, diagnosis, imaging, reports, prescriptions and treatment. This is treated by us as sensitive and handled with heightened care (Section 7). |
| Data Fiduciary | TPPL, which determines the purpose and means of processing your personal data. |
| Data Principal | You — the individual to whom the personal data relates. Where you act for a child or a person with a disability, it also includes their lawful guardian. |
| Data Processor | A third party that processes personal data on our behalf under a contract (for example, hosting, imaging or payment providers). |
| Processing | Any operation performed on personal data, including collection, storage, use, sharing, disclosure, retention, or erasure. |
| Cookies | Small files placed on your device that allow the Website to remember your actions or preferences for a period of time. |
3. Personal data we collect
Depending on how you interact with us, we may collect the following categories of personal data:
(a) Identity and contact data
- your name, age or date of birth, and sex/gender;
- e-mail address, telephone/WhatsApp number, city and country;
- the name and contact details of your treating doctor or referring physician, where you provide them;
- government-issued identification details where this is required to verify your identity for a teleconsultation (in line with the Telemedicine Practice Guidelines, 2020).
(b) Health and medical data
- PET-CT and other imaging files (including DICOM data), prior scans, and radiology or nuclear-medicine reports;
- clinical history, presenting complaints, diagnosis, pathology and laboratory results, prescriptions and treatment details;
- information you share during an Online Consultation, including audio/video recordings of the consultation where applicable (Section 7).
(c) Transaction and payment data
- records of the services you request, fees quoted and paid, invoices and transaction references.
We do not store full card numbers or banking credentials. Payments are processed by third-party payment providers; card and banking data are collected and handled directly by those providers under their own terms and privacy policies.
(d) Technical and usage data
- IP address, device and browser type, operating system, referring URLs, pages viewed, and similar information collected automatically through cookies and analytics tools (Section 13).
(e) Communications and feedback
- the content of your enquiries and correspondence with us, and any feedback, review or testimonial you choose to provide.
4. How we collect your data
- Directly from you: when you fill in a form, upload files, register for a service, write to us, or speak with our team.
- Automatically: through cookies, pixels and analytics when you use the Website.
- From others, with a lawful basis: where your treating doctor, a family member or a caregiver shares your records with us on your behalf or with your authorisation. Where someone else uploads your data, they confirm to us that they are authorised to do so and that you have been informed.
You may choose not to provide certain data or to limit cookies; however, this may prevent us from providing some or all of a service to you.
5. Purposes & legal bases for processing
We process your personal data only for lawful purposes and on a lawful basis under the DPDP Law — principally your consent, and certain “legitimate uses” permitted by law (such as where you have voluntarily provided data for a purpose, or to comply with law). Our purposes include:
| Purpose | Examples |
|---|
| Providing the services you request | Receiving and reviewing uploads; enabling specialist review and report delivery for the Second Read Service; scheduling teleconsultations; coordinating PET scan bookings. |
| Communicating with you | Confirmations, appointment details, answering queries, delivering reports and providing support. |
| Payments and records | Processing fees, issuing invoices, maintaining transaction records. |
| Quality, safety and security | Audit, quality assurance, fraud prevention, and securing our systems. |
| Legal and regulatory compliance | Meeting medical record-keeping, tax, accounting and other statutory obligations. |
We do not sell your personal data, and we do not use your health data for advertising.
6. Consent and how to withdraw it
Where we rely on your consent, we ask for it through a clear, affirmative action and, for health data, in a specific and informed manner before or at the time of collection. You may withdraw your consent at any time by contacting us using the details in Section 19. Withdrawal is as easy as giving consent.
Please note: withdrawing consent does not affect the lawfulness of processing carried out before withdrawal. Withdrawal may also mean we can no longer provide a service (for example, we cannot complete an imaging review without the images), and certain data may still be retained where the law requires us to keep it (Section 10).
7. Health and medical data
We recognise that your medical images, reports and clinical information are highly sensitive. We apply heightened safeguards to such data, including restricted internal access on a need-to-know basis, confidentiality obligations on our clinicians and staff, and secure storage.
- Consultations are not recorded. Online Consultations are not recorded — neither audio nor video — and you and the patient are likewise asked not to record them. The clinical record consists of the records you provide and the written summary issued after the consultation, which are treated as confidential.
- Use limited to your care. Health data is used to provide the service you requested and for the connected purposes in Section 5. It is not disclosed for unrelated purposes without a lawful basis.
- Accuracy depends on what you provide. Our clinical opinions are based on the materials you supply. Incomplete or poor-quality uploads may limit what can be assessed (see the service terms in our Terms & Conditions).
8. When we share your data
We share personal data only as necessary and only with appropriate safeguards. We may share it with:
- Our clinicians and authorised personnel — the registered medical practitioners and team members involved in reviewing your case, delivering your report, or supporting your service.
- Data Processors / service providers — hosting, secure storage, imaging/DICOM platforms, video-consultation platforms, payment processors, communication tools and analytics providers, each engaged under a contract that requires them to protect your data and use it only on our instructions.
- The hospital or diagnostic facility — where you ask us to facilitate a PET-CT scan or appointment (for example, at FMRI, Sector 44, Gurugram), we share the information needed to arrange it. That facility then processes your data under its own policies as an independent controller of that data.
- Persons you authorise — your treating doctor, hospital or family member, where you ask us to share your report or records with them.
- Authorities and advisers — where disclosure is required by law, court order, or a lawful request, or to establish, exercise or defend legal claims, prevent fraud, or protect the rights, safety and security of any person.
We do not sell, rent or trade your personal data.
9. Cross-border transfers
We store and process personal data primarily on servers located in India. Where any transfer of personal data outside India is necessary (for example, to a service provider or because you access your data from abroad), we carry out such transfer in accordance with the DPDP Law and any restrictions notified by the Central Government from time to time, and with appropriate contractual safeguards in place.
10. How long we keep data
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, to provide and support the service, to comply with our legal, regulatory, tax and audit obligations, and to establish or defend legal claims. Specific services define their own retention arrangements in their Service-Specific Terms, and those govern for that service.
- Service records (uploaded images, reports and case materials) for the Online Consultation and Second Read Services are retained on our primary, access-controlled systems for a limited operational period — currently 14 days — after which they are deleted or irreversibly anonymised from those systems, except where the law requires longer retention. The precise period and process are set out in each service’s Service-Specific Terms.
- Third-party backups. We use reputable third-party cloud, hosting and backup providers (for example, Amazon Web Services). Backup copies held by such providers may persist for longer than our primary retention period, in line with their backup-rotation and disaster-recovery cycles, over which we have only limited control.
- Transaction and other records required for tax, accounting, regulatory or legal-claim purposes are retained for as long as the applicable law requires; other data is deleted or anonymised once it is no longer needed.
11. How we protect data
We maintain reasonable technical and organisational security measures appropriate to the sensitivity of the data, including access controls, encryption in transit, secure hosting, internal confidentiality obligations and periodic review. No method of transmission or storage is completely secure, however, and we cannot guarantee absolute security. You are responsible for keeping any access credentials you are given confidential and for the security of the device and connection you use.
12. Data breach handling
If a personal data breach occurs, we will act in accordance with the DPDP Law, including by taking steps to contain and assess the breach and by notifying the Data Protection Board of India and affected Data Principals where and as required by law. If you suspect any unauthorised access to your data, please notify us immediately using the details in Section 19.
13. Cookies & tracking
We use cookies and similar technologies to operate the Website, remember preferences, maintain security, and understand how the Website is used so we can improve it. Some cookies are strictly necessary for the Website to function; others are optional (for example, analytics). You can manage or disable cookies through your browser settings or, where provided, our cookie controls. Disabling certain cookies may affect how the Website works.
14. Your rights
Subject to the conditions and exceptions in the DPDP Law, you have the right to:
- Access a summary of the personal data we process about you and the processing activities;
- Correction, completion or updating of your personal data, and erasure where it is no longer required for the purpose and the law does not require us to retain it;
- Withdraw consent (Section 6);
- Grievance redressal — to have your complaints addressed by us (Section 19); and
- Nominate another individual to exercise your rights in the event of your death or incapacity.
To exercise any right, contact us using the details in Section 19. We may need to verify your identity before acting on a request. We will respond within the timelines required by law.
You also have the right to lodge a complaint with the Data Protection Board of India if you are not satisfied with our response.
15. Children & guardianship
The Website and our services are intended for adults aged 18 and over. We do not knowingly process the personal data of a child (a person under 18) except where it is provided and consented to by the child’s parent or lawful guardian, and we will not undertake processing that is likely to cause harm to a child or track, behaviourally monitor or target advertising at children. Where a service concerns a patient who is a minor, it must be requested and authorised by the parent or lawful guardian, who is responsible for the information provided.
16. Third-party links
The Website may contain links to third-party websites, platforms or resources that we do not control. We are not responsible for the privacy practices or content of those third parties. We encourage you to read their privacy policies before providing them with any personal data.
17. International patients
If you contact us from outside India, you understand that your data will be processed in India for the purpose of providing the service you request, and you consent to that processing. Where the data-protection law of your own country also applies (for example, the GDPR in the European Union/EEA or the United Kingdom), we will handle your data consistently with the applicable requirements and the lawful basis on which you engage us. International patients should also note that any in-person diagnostic procedure or treatment is provided by the relevant hospital or facility under its own policies, and any travel, visa or immigration matters are your responsibility.
18. Changes to this Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or in the law. The updated version will be posted on this page with a revised “Last updated” date. Where the change is significant, we will take reasonable steps to bring it to your attention. Your continued use of the Website after an update constitutes acceptance of the revised Policy.
19. Grievance Officer & how to contact us
For any question, request, or complaint about this Privacy Policy or your personal data — including to exercise your rights or withdraw consent — please contact:
We aim to acknowledge requests promptly and to respond within the timelines prescribed by the DPDP Law and applicable rules. If you remain dissatisfied, you may approach the Data Protection Board of India.
Disclaimer. Information on the Website is provided for general information and does not constitute medical advice. Please consult a qualified healthcare professional for any medical concern or treatment decision. Nothing in this Privacy Policy limits any right you have under applicable law that cannot be limited or excluded.
© Theranostic Physicians Private Limited. All rights reserved.