PRIVACY POLICY

Effective Date: 01/10/2025

1) Scope & Roles

This Policy explains how New Life Clinic collects, uses, shares, and protects personal data. We act as the data controller for patient records and as controller/processor for website analytics and communications.

2) Data We Collect

• Identity & Contact: name, DOB, phone, email, address.

• Medical Data: history, diagnoses, photos, treatment notes, prescriptions, consent forms.

• Appointments & Billing: bookings, invoices, payment confirmations (processed via secure gateways; we do not store full card details).

• Website & Device: IP, device/browser info, cookies/analytics, pages viewed, referral sources.

• Communications: emails, calls, chat (Zalo/Messenger), SMS, social messages.

• CCTV (on-premise): lobby and treatment-area corridors for safety (no audio; no filming inside treatment rooms without explicit notice/consent).

3) Why We Use Your Data (Purposes & Legal Bases)

• Clinical documentation, quality review, safety, and training (legitimate interests, legal obligation).

• Clinical documentation, quality review, safety, and training (legitimate interests, legal obligation).

• Booking management, reminders, billing (contract).

• Communications about services; marketing only with your consent (consent).

• Security, fraud prevention, and compliance (legitimate interests, legal obligation).

4) Cookies & Analytics

We use essential cookies (site operation) and, if enabled, analytics (e.g., Google Analytics 4) and marketing pixels (e.g., Meta Pixel) to understand usage and improve services. You can manage cookies in your browser; some features may not function without them.

5) Sharing Your Data

We may share limited data with:

• Treating clinicians and authorized staff;

• Laboratories, pharmacies, and partner providers involved in your care;

• IT hosting, email/SMS, payment processors under confidentiality;

• Regulators or law enforcement when required by law;

• With your written consent, for identifiable before/after photos or testimonials.

We do not sell your personal data.

6) International Transfers

If data is processed or stored outside Vietnam (e.g., cloud services), we apply safeguards consistent with this Policy and applicable laws.

7) Retention

• Medical records: retained in line with Vietnamese healthcare regulations and clinical necessity.

• Non-medical inquiries/marketing: retained until consent is withdrawn or after a reasonable period of inactivity.
  When no longer required, data is securely deleted or anonymized.

8) Security Measures

• Technical: encryption in transit/at rest where applicable, access controls, backups.

• Organizational: staff confidentiality agreements, role-based access, training.

• Physical: restricted access areas, CCTV in public zones.

9) Your Rights

Subject to law, you may request: access, rectification, erasure, restriction, portability, objection, and withdrawal of consent (for marketing). We will verify your identity and respond within a reasonable timeframe.

10) Minors

We do not knowingly collect data from children under 16 without parental/guardian consent.

11) Photos, Audio-Visual, Testimonials

Clinical photos are part of your record. External use (website/social/print) requires separate written consent; you may withdraw consent prospectively.

12) Data Breaches

If a data breach likely risks your rights, we will take remedial action and notify you and authorities as required by law.

13) Updates to This Policy

We may update this Policy; material changes will be posted with a new effective date.

14) Contact

New Life Clinic · 24 D6 Street, Saigon Pearl Villas, Binh Thanh, HCMC
(+84) 911 950 568