Privacy Policy

SOMA Wellness Clinic (Somafusion Wellness LLP)

Last updated: [06 January 2026]

This Privacy Policy explains how Somafusion Wellness LLP (operating as “SOMA Wellness Clinic”) (“Company”, “SOMA”, “we”, “our”, “us”) collects, uses, shares, stores, and protects personal data when you interact with our website, clinic, teleconsultations, programs, memberships, products, support channels, and other services (collectively, the “Services”).

By using the Services, you acknowledge that you have read and understood this Privacy Policy. Where required by applicable law, we will obtain your consent before collecting or processing your personal data.

We are committed to complying with applicable Indian data protection and privacy requirements, including the Digital Personal Data Protection Act, 2023 and the Digital Personal Data Protection Rules, 2025, and (to the extent applicable) the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

1. Definitions

For the purposes of this Policy:

• “Personal Data” means any data about an identifiable individual in digital form.
• “Sensitive / Health Data” includes medical, health, biometric, and wellness-related information you share with us or that is generated through your interactions with the Services.
• “Data Principal”, “Data Fiduciary”, and “Data Processor” have the meanings assigned under applicable Indian data protection law.
• “Child” means an individual who has not completed 18 years of age.

2. Scope

This Policy applies to personal data processed by us through:

• our website(s), web forms, and online booking/checkout flows;
• in-clinic registration, consultations, and services;
• teleconsultations (video/phone/chat) and related platforms;
• memberships, packages, programs, and follow-up care coordination;
• communications via email, phone, SMS, WhatsApp or similar messaging services, and customer support;
• payments processed through payment gateways and banking partners.

3. Information We Collect

We may collect the following categories of information (depending on what you choose to use):

• Identity & contact details: name, phone number, email address, postal address, date of birth/age, gender.
• Account & booking details: appointment requests, scheduling details, membership details, service preferences.
• Health & wellness information: medical history, symptoms, diagnoses (if any), vitals, lab reports, images/reports, prescriptions, allergies, lifestyle data, goals, and clinician notes.
• Payment & transaction data: payment status, transaction identifiers, invoices/receipts (we do not store full card details if processed by third-party gateways).
• Device/technical data: IP address, browser type, device identifiers, OS, referral URLs, log data, approximate location, cookies and similar tracking data.
• Communications: content you send to us (emails, chat messages, call recordings where enabled/required for quality and compliance), and your feedback.
• Third-party data: lab/diagnostic results from partner labs or clinicians, or data you authorize us to obtain from third parties.

4. How We Use Your Information

We use personal data for the following purposes:

• Provide and administer the Services (appointments, consultations, programs, memberships, product fulfilment).
• Clinical/wellness support, including reviewing health information and coordinating with licensed professionals and diagnostics partners.
• Process payments, prevent fraud, and handle disputes/chargebacks.
• Communicate with you regarding bookings, reminders, updates, and support requests.
• Improve quality, safety, and performance of our Services (including internal analytics and training, using aggregated or de-identified data where feasible).
• Comply with legal, regulatory, tax, medical record, and law-enforcement requirements.
• Marketing (only where permitted): newsletters, promotions, and service updates; you can opt-out anytime.

5. Legal Basis for Processing

We process personal data only on lawful grounds permitted under applicable Indian law, including:

• your consent (including explicit consent where required);
• processing necessary to provide the Services you request (including where you voluntarily provide data for a specified purpose);
• compliance with legal obligations, court orders, and lawful requests; and
• other grounds permitted under applicable law.

Where processing is based on consent, you may withdraw consent at any time; however, withdrawal may affect our ability to provide the Services, and the consequences of withdrawal will be borne by you as permitted by law.

Notice at collection: In addition to this Privacy Policy, we will provide (at or before the point of collection) a separate notice that is presented independently and in clear language, describing at minimum (i) an itemised description of the personal data collected, (ii) the specific purpose(s) for which it is processed and the goods/services enabled by such processing, and (iii) how you can withdraw consent, exercise your rights, and lodge a complaint with the competent authority, as required under applicable law.

Where consent is used as the basis for processing, we will make withdrawal as easy as the method by which consent was provided, subject to identity verification and applicable legal requirements.

6. Children’s Privacy

Our Services are primarily intended for adults. Where we process personal data of a Child, we will obtain verifiable consent from a parent or lawful guardian where required. We do not knowingly engage in tracking/behavioural monitoring of children or targeted advertising directed at children. If you believe a Child’s data has been provided to us without appropriate consent, please contact us.

7. Sharing and Disclosure

We do not sell personal data. We may share personal data only as necessary for the purposes described above, including with:

• Licensed medical practitioners and clinic personnel involved in your care.
• Diagnostic / laboratory partners and allied service providers (for tests, reports, fulfilment).
• Technology vendors and service providers (hosting, analytics, communications, CRM, appointment systems) acting as Data Processors under confidentiality and security obligations.
• Payment gateways, banks, and fraud-prevention partners to process transactions and manage disputes.
• Professional advisors (lawyers, auditors, accountants) under professional obligations.
• Government, regulators, law enforcement, courts or tribunals where required or permitted by law.
• In connection with a corporate transaction (merger, acquisition, restructuring) subject to appropriate safeguards.

We may also share aggregated or de-identified information that does not reasonably identify you.

8. Cross-Border Transfers

Your personal data may be processed or stored outside India by our service providers where necessary for the purposes above, subject to applicable law. Where required, we will ensure that such transfers comply with restrictions notified by the Government of India and any other applicable requirements.

9. Data Security

We maintain reasonable administrative, technical, and physical safeguards designed to protect personal data against unauthorized access, disclosure, alteration, or destruction. Safeguards may include role-based access controls, encryption where appropriate, secure transmission protocols, vendor due diligence, and confidentiality obligations.

However, no method of transmission or storage is completely secure. To the maximum extent permitted by law, we disclaim liability for unauthorized access where we have implemented reasonable safeguards and the incident occurs despite such safeguards.

10. Personal Data Breach Response

In the event of a personal data breach, we will take steps to contain, investigate, and remediate the incident. Where required by applicable law, we will notify affected individuals and/or the relevant authorities without delay, and provide information in plain language on what happened, the possible impact, steps taken to address it, and contact details for assistance.

11. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes described in this Policy, unless a longer retention period is required or permitted by law (including for medical records, taxation, accounting, and dispute resolution). When no longer required, data will be deleted, anonymized, or securely archived in accordance with our retention practices and applicable law.

12. Your Rights and Choices

Subject to applicable law and verification of your identity, you may have the right to:

• Access information about your personal data that we process.
• Request correction, updating, completion, or erasure of personal data.
• Withdraw consent for processing where consent is the basis for processing.
• Request grievance redressal and lodge complaints with the appropriate authority.
• Nominate another person to exercise your rights on your behalf (where supported by law).

To exercise these rights, contact us using the details in Section 15. We may ask you to verify your identity before processing a request. We will respond within the timelines required by applicable law (which may be up to 90 days for certain requests) and may retain or refuse to delete certain information where required or permitted by law, including for medical records, tax, fraud prevention, and dispute resolution.

13. Cookies and Tracking Technologies

We may use cookies, pixels, SDKs, and similar technologies to operate our website, remember preferences, understand usage, improve performance, and (where permitted) support marketing. You can manage cookies through your browser settings and, where offered, through our cookie preference tool. Disabling cookies may affect site functionality.

14. Third-Party Links and Platforms

Our website or communications may contain links to third-party websites or services. We do not control and are not responsible for their privacy practices. Your use of third-party sites is at your own risk, and you should review their policies before providing information.

15. Contact and Grievance

If you have questions, requests, or complaints regarding this Policy or our data practices, contact:

Somafusion Wellness LLP (operating as SOMA Wellness Clinic)
Address: Mumbai, Maharashtra

Email: info@somawellnessclinic.com
Where applicable, you may also have the right to escalate unresolved grievances to the Data Protection Board of India or other competent authorities, in accordance with applicable law.

16. Changes to this Policy

We may update this Privacy Policy from time to time. The updated version will be posted on our website with a revised ‘Last updated’ date. Your continued use of the Services after an update constitutes acceptance of the updated Policy, to the extent permitted by law.