Privacy Policy

Effective Date: January 1, 2026

At Oneprick Labs Private Limited ( “Oneprick Labs”), we are committed to safeguarding the privacy of our patients ( “Data Principals”). This policy details how we collect, process, and protect your digital personal data in compliance with the Digital Personal Data Protection Act (DPDP), 2023, and NABL quality standards.

1. Data Collection and Purpose
We collect only the minimum necessary data required for accurate diagnosis and clinical reporting.

1. Identifiers: Name, age, gender, contact number, and email.
2. Health Data: Clinical history, symptoms, and biological samples (blood/urine).
3. Purpose: Data is used exclusively for performing diagnostic tests, generating reports, and notifying you of results via secure digital channels.

2. Outsourcing and Third-Party Sharing

1. NABL-Approved Partners: For specialized examinations, Oneprick Labs may share your samples and necessary identifiers with our network of NABL-accredited referral laboratories.
2. Strict Confidentiality: All third-party partners are bound by legally enforceable agreements to maintain the same level of data protection as Oneprick Labs. They are prohibited from using your data for any purpose other than the specified test.
3. Transparency: The final report will clearly state the identity of any referral laboratory involved in the testing process.

3. Patient Rights (Data Principal Rights)
Under the DPDP Act 2023, you have the following rights:

1. Right to Access: You may request a summary of the personal data we hold and a list of third parties with whom it has been shared.
2. Right to Correction/Erasure: You may request the updating of inaccurate data or the deletion of data once its clinical purpose is fulfilled (subject to legal retention mandates).
3. Right to Withdraw Consent: You may withdraw your consent for data processing at any time through our website or by contacting our grievance officer.

4. Data Security and Retention

1. Safeguards: We employ advanced security measures, including end-to-end encryption for digital reports and role-based access controls for our Laboratory Information System (LIS).
2. Retention: Patient records are retained as per the Clinical Establishments Rules (typically 3 years for in-patient records) or other statutory requirements. Once the legal retention period ends, data is securely anonymized or destroyed.

5. Children ’s Privacy
For patients under 18 years of age, we require verifiable consent from a parent or lawful guardian before sample collection or data processing. We do not use children's data for tracking, profiling, or targeted advertising.

6. Breach Notification
In the event of a personal data breach, Oneprick Labs will notify the Data Protection Board of India and the affected individuals without undue delay (typically within 72 hours).

7. Contact and Grievance Redressal
For any queries or to exercise your rights, please contact our designated officer:

• Grievance Officer: [Vikram Dagar]
• Address: Shop at Plot No. 14, KH 17/2 & 9, Sukhi Ram Park, Uttam Nagar, New Delhi, 110059
• Email: [onepricklabs@gmail.com]
• Response Time: We aim to resolve grievances within 30 days as per statutory norms.