Privacy Policy
How We Protect Your Personal Information
Effective Date: May 16, 2026
This Privacy Policy explains how Sonia Narang Nutrition & Wellness ("we," "us," or "our") collects, uses, protects, and shares your personal information in accordance with India's Digital Personal Data Protection Act, 2023, and international privacy standards.
1. Information We Collect
1.1 Personal Information You Provide
| Data Type | Examples | Purpose |
|---|---|---|
| Contact Information | Name, email, phone number, address | Communication, session scheduling |
| Health Information | Medical history, dietary preferences, allergies | Personalized nutrition guidance |
| Lifestyle Data | Exercise habits, work schedule, stress levels | Holistic wellness planning |
| Payment Information | Billing details (processed by payment gateway) | Transaction processing |
1.2 Information Collected Automatically
- Website usage data (pages visited, time spent, device type)
- IP address and browser information
- Cookies and similar tracking technologies
- Session recordings for website improvement purposes
2. How We Use Your Information
2.1 Primary Uses
- Service Delivery: Provide personalized nutrition consultations and meal plans
- Communication: Send appointment reminders, follow-up messages, and wellness tips
- Health Tracking: Monitor your progress and adjust recommendations accordingly
- Safety: Identify potential health risks or contraindications
2.2 Secondary Uses (With Your Consent)
- Educational content and newsletter delivery
- Marketing communications about new services
- Anonymous testimonials and success stories (fully anonymized)
- Research and improvement of our services
2.3 Legal Basis for Processing
Under the Digital Personal Data Protection Act, 2023:
- Consent: You explicitly agree to data processing for specific purposes
- Contract Performance: Processing necessary to fulfill our consultation agreement
- Legal Obligation: Compliance with health and safety regulations
- Vital Interests: Protection of your health and safety
3. Data Sharing and Third Parties
3.1 Service Providers
We may share your information with trusted service providers who help us deliver our services:
- Payment Processors: Razorpay, Instamojo (for secure payment processing)
- Communication Tools: WhatsApp Business, Zoom (for consultations)
- Email Services: Mailchimp, ConvertKit (for newsletters and reminders)
- Website Analytics: Google Analytics, Meta Pixel (for website improvement)
3.2 We Do NOT Share Your Information With
- Insurance companies or employers
- Marketing companies for their own use
- Social media platforms (beyond anonymous analytics)
- Government agencies (except when legally required)
3.3 International Transfers
Some of our service providers (Google, Meta) may process data outside India. We ensure appropriate safeguards are in place through:
- Standard Contractual Clauses (SCCs)
- Adequacy decisions by relevant authorities
- Your explicit consent where required
4. Your Rights Under Indian Privacy Law
4.1 Digital Personal Data Protection Rights
Under the DPDP Act 2023, you have the right to:
- Access: Obtain confirmation of data processing and access your personal data
- Correction: Correct inaccurate or incomplete personal data
- Erasure: Request deletion of your personal data (subject to legal requirements)
- Data Portability: Receive your data in a structured, machine-readable format
- Withdraw Consent: Withdraw consent for processing (where consent is the legal basis)
- Grievance Redressal: File complaints with our Data Protection Officer
4.2 How to Exercise Your Rights
Data Protection Officer
Email: support@sonianarangdietclinics.com
Phone: +91 9211772772
WhatsApp: +91 9211772772
Response Time: 30 days maximum (as per DPDP Act)
Verification: We may request identity verification to process requests
5. Data Security and Retention
5.1 Security Measures
- End-to-end encryption for all sensitive communications
- Secure storage with access controls and audit trails
- Regular security assessments and updates
- Staff training on data protection and confidentiality
- Compliance with ISO 27001 security standards
5.2 Data Retention Periods
| Data Type | Retention Period | Reason |
|---|---|---|
| Health Records | 7 years after last consultation | Professional liability and continuity of care |
| Payment Records | 7 years | Tax and accounting requirements |
| Communication Records | 3 years | Service quality and dispute resolution |
| Marketing Consent | Until withdrawn | Ongoing marketing purposes |
6. Cookies and Website Technology
6.1 Types of Cookies
- Essential Cookies: Required for website functionality
- Analytics Cookies: Help us understand website usage (Google Analytics)
- Marketing Cookies: Track effectiveness of advertisements (Meta Pixel)
- Preference Cookies: Remember your settings and choices
6.2 Managing Cookies
You can control cookies through your browser settings. Note that disabling cookies may affect website functionality.
7. Children's Privacy
Our services are designed for adults (18+). We do not knowingly collect personal information from children under 18. For nutrition guidance for minors, we require:
- Parent or guardian consultation presence
- Explicit parental consent for data processing
- Pediatric nutrition specialist involvement when appropriate
8. Data Breach Notification
In the unlikely event of a data breach affecting your personal information:
- We will notify the Data Protection Board within 72 hours (as required by DPDP Act)
- Affected individuals will be notified immediately if high risk is determined
- We will provide clear information about the breach and remedial steps
- Free credit monitoring services will be provided if financial data is compromised
9. International Users
9.1 GDPR Compliance (EU Users)
For users in the European Union, additional protections apply under GDPR:
- Right to object to processing
- Right to restrict processing
- Right to lodge a complaint with supervisory authority
- Data Protection Impact Assessments for high-risk processing
9.2 Other International Users
We respect privacy rights equivalent to Indian standards for all international users, regardless of local requirements.
10. Changes to This Policy
We may update this Privacy Policy to reflect:
- Changes in applicable privacy laws
- New service features or technologies
- Feedback from privacy authorities or users
Notice of Changes: Significant changes will be communicated via email and website notice 30 days before taking effect. Continued use of our services constitutes acceptance of updated terms.
11. Contact Information
Privacy Inquiries and Data Requests
Data Protection Officer: Sonia Narang
Email: support@sonianarangdietclinics.com
Phone: +91 9211772772
Address: E 11, Block E, Anand Niketan, New Delhi, Delhi 110021
Response Time: 30 days maximum
Regulatory Authorities
Data Protection Board of India: Established under DPDP Act 2023
Consumer Forum: For consumer protection complaints
National Commission for Women: For women's health and nutrition concerns
Food Safety and Standards Authority: For food and nutrition related matters
Last Updated: May 16, 2026
Version 2.0 (Compliant with DPDP Act 2023)