Privacy Policy
Last updated: November 6, 2025
1. Introduction
Heart To Heart ("we", "us" or "our") is committed to protecting your privacy. This Privacy Policy explains what personal and health data we collect, how we use it, who we share it with and your rights in relation to that data.
2. Controller
The data controller for personal data collected via this website and our Services is Heart To Heart. For privacy enquiries contact: [email protected].
3. Information We Collect
- Identity & contact data: name, email, phone number, postal address.
- Health data: clinical information, test requests and results, and any health information you provide when using our Services (special category data).
- Payment data: billing and payment information processed by our payment providers.
- Technical data: IP addresses, device/browser information and cookies.
4. How We Use Your Information
We use data to:
- Provide clinical services and pathology testing, including scheduling, sample collection and report delivery.
- Process payments and manage billing.
- Communicate with you about appointments, results and service updates.
- Comply with legal and regulatory obligations (for example public health reporting).
- Improve our services and for limited marketing when you have consented.
5. Lawful Bases for Processing
We rely on one or more of the following lawful bases to process your data: consent, the performance of a contract, compliance with legal obligations, and our legitimate interests (where appropriate). For processing health data we will generally rely on explicit consent or where necessary to provide healthcare services.
6. Sharing and Disclosure
We may share your data with:
- Healthcare professionals and partner laboratories involved in your care.
- Payment processors and billing agents.
- Regulators, public health authorities or law enforcement where required by law.
- Third-party service providers who support our operations (under confidentiality obligations).
7. Cookies and Tracking
We use cookies and similar technologies for site functionality, analytics and performance. You can manage cookies via your browser settings. For more detail request our Cookie Notice or contact us.
8. Data Retention
We retain personal and medical records only as long as necessary to provide the Services and to meet regulatory requirements. Retention periods depend on the type of record and applicable laws.
9. Security
We implement administrative, technical and physical safeguards to protect personal data. No system is completely secure; if you have concerns about transmitting sensitive information online please contact us for alternatives.
10. Your Rights
You may have rights to access, correct, delete or restrict processing of your personal data, and to object to certain processing. To exercise your rights contact: [email protected]. We may need to verify your identity before actioning requests.
11. Children's Data
We do not knowingly collect personal data from children without parental consent. If you believe we have collected data about a child, contact us and we will take steps to remove it where appropriate.
12. International Transfers
Where personal data is transferred outside Nepal, we will put in place appropriate safeguards as required by law.
13. Changes to this Policy
We may update this policy; the "Last updated" date above will reflect changes. Continued use of the Services after updates indicates acceptance.
14. Contact
If you have questions about this policy or our privacy practices please contact us at [email protected].