+91 8086000608 help@dermavue.com Open All Days · 7 Clinics
7 Locations Across South India EN
Home
All Conditions Acne Psoriasis Eczema Vitiligo Melasma Alopecia Dandruff Ringworm Rosacea Fungal Infection Seborrheic Dermatitis Acne Scars Hyperpigmentation Warts Contact Dermatitis Keloids Urticaria (Hives) Lichen Planus Folliculitis Skin Tags
Hair Transplant FUE Technique (SMART FUE) Hair Transplant Cost Beard & Mustache Transplant Eyebrow Transplantation Hair Loss Treatment Male Pattern Baldness Female Hair Loss GFC vs PRP Comparison PRP for Hair GFC PRP Platelet-Rich Fibrin (PRF) Mesotherapy Medical Treatments
Laser Hair Removal Botox Treatment Dermal Fillers HydraFacial & OxyGeneo Chemical & Enzyme Peels Laser Tattoo Removal Skin Whitening Treatment Glutathione IV Therapy MNRF Laser Toning Carbon Laser Peel Thread Lift Skin Booster Injections Non-Surgical Rhinoplasty Non-Surgical Jawline & Chin Fractional CO2 Lasers Surgical CO2 Ablation Surgical Tattoo Excision Mole, Wart & Skin Tag Removal Underarm Lightening Hand Rejuvenation Excessive Sweating Body Peel Hand and Foot Peel All Procedures →
Eye Bag Reduction Liposuction Gynecomastia Arm Fat Correction Ear Reshaping Surgery Cyst Excision Double Chin Reduction Fat Grafting
GLP-1 Injections Semaglutide (Ozempic & Wegovy) Tirzepatide (Mounjaro) Belly Fat Reduction Clinical Nutrition Plan Fitness & Mobility Protocol
Gallery
Coimbatore Thrissur Kochi Aluva Kottayam Thiruvalla Thiruvananthapuram Kollam
BOOK A SESSION
📞 +91 8086000608 ✉ help@dermavue.com

Privacy Policy

How DermaVue Skin & Hair Clinics collects, uses, stores and protects your personal data.

Last updated: 9 March 2026

Table of Contents

  1. Who We Are
  2. Data We Collect
  3. How We Collect Your Data
  4. Why We Use Your Data
  5. Legal Basis for Processing
  6. CRM & Lead Management
  7. Advertising & Remarketing
  8. Cookies & Tracking Technologies
  9. Third-Party Services
  10. Data Sharing & Transfers
  11. Data Retention
  12. Data Security
  13. Your Rights
  14. Children's Privacy
  15. Changes to This Policy
  16. Contact & Data Protection Officer

01 Who We Are

DermaVue Skin & Hair Clinics ("DermaVue", "we", "us", "our") is a physician-owned dermatology clinic network operating across Kerala and Tamil Nadu, India. We are registered under the laws of India and operate the website dermavue.com (the "Website").

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our Website, book appointments, use our services, or interact with us through social media, advertising platforms, or third-party tools.

By using our Website or services, you consent to the practices described in this policy. If you do not agree, please discontinue use of our services.

This policy is governed by India's Digital Personal Data Protection Act, 2023 (DPDPA) and, where applicable, the EU General Data Protection Regulation (GDPR), the UK GDPR, and the California Consumer Privacy Act (CCPA).

02 Data We Collect

Personal Data You Provide

CategoryExamples
IdentityFull name, title, date of birth, gender
ContactPhone number, email address, postal address, WhatsApp number
BookingPreferred clinic location, consultation type, preferred date/time, service requested
HealthMedical history, skin/hair condition details, photographs of affected areas, treatment records (collected only with explicit consent at the clinic)
FinancialPayment information for treatments or EMI processing (processed via secure payment gateways; we do not store card numbers)
CommunicationMessages sent via website forms, WhatsApp, email, or social media

Data Collected Automatically

CategoryExamples
Device & BrowserIP address, browser type and version, operating system, device identifiers, screen resolution
UsagePages visited, time on page, referral URL, click paths, scroll depth
LocationApproximate geographic location derived from IP address (city/region level)
CookiesSession IDs, preference tokens, analytics identifiers (see Section 8)

Sensitive Personal Data

Health-related data (skin/hair condition details, medical photographs, treatment history) is classified as sensitive personal data under the DPDPA 2023. We collect this data only when:

  • You provide it voluntarily during a consultation or booking
  • It is necessary for providing the medical service you requested
  • You give explicit, informed consent

03 How We Collect Your Data

  • Website forms — booking forms, contact forms, callback requests
  • Phone & WhatsApp — when you call or message our clinics
  • In-clinic — patient registration, consultation notes, treatment records
  • Social media — when you interact with us on Facebook, Instagram, YouTube, or other platforms
  • Advertising platforms — Meta (Facebook/Instagram), Google Ads, and YouTube may collect data when you click our ads or visit our Website (see Section 7)
  • Third-party integrations — our CRM system, analytics tools, and communication platforms (see Section 9)
  • Cookies and tracking pixels — placed on your device when you browse our Website (see Section 8)

04 Why We Use Your Data

PurposeData Used
Appointment booking & managementName, phone, email, clinic location, service type
Providing dermatological careHealth data, identity, contact details
Sending appointment remindersPhone, email, WhatsApp
Treatment follow-ups & aftercareHealth data, contact details, treatment records
CRM and lead managementName, phone, email, clinic location, enquiry details
WhatsApp automation & notificationsPhone number, name, booking status
Email marketing (with consent)Name, email, service interests
Advertising & remarketingCookie identifiers, device data, page visit history
Analytics & website improvementUsage data, device data, aggregated statistics
Legal complianceAll categories as required by law

06 CRM & Lead Management

We use a Customer Relationship Management (CRM) system to manage appointment bookings, patient enquiries, and follow-ups. When you submit a booking form on our Website or contact us via phone/WhatsApp, your information may be stored in our CRM.

What the CRM Processes

  • Name, phone number, email address, and preferred clinic location
  • Enquiry details and service interests
  • Lead status (new, contacted, booked, completed)
  • Communication history (calls, WhatsApp messages, emails)
  • Appointment scheduling and reminders

CRM Automation

Our CRM may send automated communications including:

  • Appointment confirmations — via WhatsApp or SMS
  • Reminders — before scheduled appointments
  • Follow-up messages — post-treatment care instructions
  • Feedback requests — to improve our services
You can opt out of non-essential CRM communications at any time by contacting us at help@dermavue.com or replying STOP to any WhatsApp message.

07 Advertising & Remarketing

We use advertising platforms to reach potential patients and measure campaign effectiveness. These platforms may collect data via pixels, SDKs, or server-side integrations placed on our Website.

Platforms We Use

PlatformPurposeData Shared
Meta (Facebook & Instagram) Lead generation ads, remarketing, conversion tracking, custom audiences, lookalike audiences Meta Pixel data (page views, events), hashed email/phone for custom audiences, conversion events
Google Ads Search ads, display remarketing, conversion tracking Google Ads tag data (page views, conversions), click identifiers (GCLID)
YouTube Video advertising, remarketing via Google Ads Video view events, cookie identifiers, ad interaction data
Google Analytics 4 Website analytics, audience building for ads Pseudonymised usage data, device data, page visit patterns

Meta (Facebook/Instagram) Specific Disclosures

In compliance with Meta's Platform Terms and Data Policy:

  • We use the Meta Pixel to track website events (PageView, Lead, Contact, Schedule) for conversion measurement and ad optimisation
  • We may upload customer lists (hashed email and phone) to create Custom Audiences for targeted advertising
  • We do not use Meta data for purposes beyond advertising and analytics
  • We do not share health data or sensitive categories with Meta
  • We honour Meta's Limited Data Use flag for users in applicable jurisdictions
  • You can opt out of Meta remarketing via Facebook Ad Preferences

Google & YouTube Specific Disclosures

  • We use Google Ads conversion tracking and remarketing tags to measure ad performance and show relevant ads
  • We use Google Analytics 4 with IP anonymisation enabled
  • YouTube embeds on our Website use privacy-enhanced mode (youtube-nocookie.com) where possible
  • We comply with Google's EU User Consent Policy and Personalised Advertising policies
  • You can opt out via Google Ad Settings or install the Google Analytics Opt-Out Browser Add-on

Healthcare Advertising Compliance

DermaVue does not use sensitive health data for advertising targeting. We do not create audience segments based on medical conditions. Our advertising complies with Google's Healthcare and Medicines Policy and Meta's Advertising Standards for health services.

08 Cookies & Tracking Technologies

Our Website uses cookies and similar technologies (pixels, local storage, beacons) to provide functionality, analyse usage, and serve relevant advertisements.

Cookie TypePurposeDuration
Strictly Necessary Session management, security, form submission (CSRF tokens, WordPress session) Session / 24 hours
Functional Remembering your preferred clinic location, language, form pre-fills Up to 1 year
Analytics Google Analytics 4 (_ga, _ga_*) — page views, traffic sources, user journeys Up to 2 years
Advertising Meta Pixel (_fbp, _fbc), Google Ads (GCLID, _gcl_*), remarketing audiences Up to 2 years

Managing Cookies

You can control cookies through:

  • Browser settings — most browsers let you block or delete cookies
  • Platform opt-outs — Google Ad Settings, Facebook Ad Preferences, Your Online Choices (youronlinechoices.eu)
  • Do Not Track — we respect DNT signals where technically feasible

Disabling cookies may affect website functionality, including the booking form and clinic selector.

09 Third-Party Services

We use trusted third-party services to operate our Website and deliver care. Each provider processes data under their own privacy policy and our contractual agreements.

ServiceProviderPurposeData Processed
CRMProDoc AILead management, appointment scheduling, WhatsApp automationName, phone, email, clinic, enquiry details
Website HostingWordPress / Hosting ProviderWebsite delivery, server logsIP address, request data
AnalyticsGoogle (GA4)Website usage analyticsPseudonymised browsing data
AdvertisingMeta Platforms, GoogleAd serving, conversion trackingCookie data, conversion events
EmailWordPress Mail / SMTP ProviderTransactional emails, booking confirmationsName, email, booking details
MapsGoogle MapsClinic location displayIP address, location data
VideoYouTube (Google)Embedded patient education videosCookie data, view events
MessagingWhatsApp (Meta)Patient communication, appointment remindersPhone number, message content
reCAPTCHAGoogleSpam prevention on formsDevice data, interaction patterns
FontsGoogle FontsTypography renderingIP address (at load time)
PaymentsPayment Gateway ProviderTreatment payment processingHandled entirely by the gateway (PCI DSS compliant)

10 Data Sharing & Transfers

We Share Data With

  • Our clinic staff — doctors, nurses, and administrative personnel involved in your care
  • Service providers — listed in Section 9, under data processing agreements
  • Advertising platforms — Meta and Google, via pixels and conversion APIs (pseudonymised/hashed data only)
  • Legal authorities — when required by law, court order, or regulatory proceedings

We Do NOT

  • Sell your personal data to any third party
  • Share your health data with advertisers or data brokers
  • Transfer data to third parties for their own marketing purposes without your explicit consent

International Data Transfers

Some of our third-party providers (Google, Meta) process data outside India, including in the United States and European Economic Area. These transfers are protected by:

  • Standard Contractual Clauses (SCCs) approved by relevant data protection authorities
  • The provider's certification under applicable data transfer frameworks
  • India's DPDPA provisions on cross-border data transfer (Section 16)

11 Data Retention

Data TypeRetention PeriodReason
Booking enquiries (non-patients)2 yearsLegitimate interest in follow-up
Patient medical recordsMinimum 3 years after last visit (or as required by Indian medical regulations)Legal compliance, continuity of care
CRM lead data2 years from last interactionLead management, service improvement
Payment records7 yearsTax and accounting laws
Website analytics26 months (GA4 default)Analytics and improvement
Advertising dataPer platform retention (typically 1-2 years)Campaign measurement
Communication records2 yearsService quality, dispute resolution

After the retention period, data is securely deleted or anonymised. You may request earlier deletion (see Section 13).

12 Data Security

We implement appropriate technical and organisational measures to protect your personal data:

  • Encryption — SSL/TLS encryption on all website traffic (HTTPS)
  • Access controls — role-based access to patient records and CRM data
  • Authentication — strong password policies and multi-factor authentication for staff systems
  • Secure forms — reCAPTCHA v3, CSRF protection, server-side validation, and rate limiting on all web forms
  • Payment security — all payments handled by PCI DSS-compliant gateways
  • Vendor security — third-party providers are selected based on security standards and contractual data protection obligations
  • Breach procedures — in the event of a data breach, we will notify affected individuals and the Data Protection Board of India within 72 hours as required under the DPDPA 2023

While we strive to protect your data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to industry best practices.

13 Your Rights

Depending on your location, you have the following rights regarding your personal data:

Under India's DPDPA 2023

  • Right to Access — obtain a summary of your personal data and processing activities
  • Right to Correction — request correction of inaccurate or incomplete data
  • Right to Erasure — request deletion of your data (subject to legal retention requirements)
  • Right to Withdraw Consent — withdraw previously given consent at any time
  • Right to Grievance Redressal — file a complaint with our Data Protection Officer or the Data Protection Board of India
  • Right to Nominate — nominate another person to exercise your rights in case of death or incapacity

Under GDPR (EU/UK Residents)

  • Right to Access (Art. 15) — obtain a copy of your personal data
  • Right to Rectification (Art. 16) — correct inaccurate data
  • Right to Erasure (Art. 17) — "right to be forgotten"
  • Right to Restriction (Art. 18) — restrict processing in certain circumstances
  • Right to Portability (Art. 20) — receive your data in a machine-readable format
  • Right to Object (Art. 21) — object to processing based on legitimate interest or direct marketing
  • Right re: Automated Decisions (Art. 22) — not be subject to decisions based solely on automated processing
  • Right to Lodge a Complaint — with your local supervisory authority

Under CCPA (California Residents)

  • Right to Know — what personal information we collect and how it is used
  • Right to Delete — request deletion of your personal information
  • Right to Opt-Out — of the sale or sharing of personal information (note: we do not sell personal data)
  • Right to Non-Discrimination — for exercising your privacy rights

How to Exercise Your Rights

Submit a request via:

  • Email: help@dermavue.com with subject line "Privacy Rights Request"
  • Phone: +91 8086 000 608
  • In person: at any DermaVue clinic

We will verify your identity and respond within 30 days (DPDPA/GDPR) or 45 days (CCPA). Complex requests may require an extension, in which case we will inform you.

14 Children's Privacy

Our Website is not directed at individuals under the age of 18. We do not knowingly collect personal data from children without verifiable parental or guardian consent.

For dermatological consultations involving minors, we require a parent or legal guardian to provide consent for data collection and treatment. This consent is obtained in-clinic and documented in the patient record.

If you believe we have inadvertently collected data from a child without appropriate consent, please contact us immediately and we will delete the data.

15 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or regulatory guidance. When we make material changes:

  • We will update the "Last updated" date at the top of this page
  • For significant changes, we may notify you via email or a prominent notice on our Website
  • Continued use of our Website after changes constitutes acceptance of the updated policy

We encourage you to review this policy periodically.

Data Protection Officer & Contact

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, contact us:

DermaVue Skin & Hair Clinics
Data Protection Officer
Email: help@dermavue.com
Phone: +91 8086 000 608
Address: TC 42/3003-2, Poojappura Main Rd, Kesari Nagar, Poojapura, Thiruvananthapuram, Kerala 695012

If you are not satisfied with our response, you have the right to file a complaint with the Data Protection Board of India (under DPDPA 2023) or your local data protection authority (under GDPR).

Scroll to Top

Book a Consultation