At Spero Healthcare Innovations Pvt. Ltd., in partnership with Apollo Hospitals, we are committed to protecting and respecting your privacy. This policy explains how we collect, use, share and protect your personal and health information through our joint healthcare services, applications and digital platforms.
This privacy policy complies with India's Digital Personal Data Protection Act, 2023 (DPDP Act) and DPDP Rules, 2025, along with ISO 9001:2015, ISO 27001:2022, ISO 22320:2018, HIPAA (for applicable services), GDPR (international patients).
As a Data Fiduciary under DPDP Sections 4-9, we process your digital personal and health data only for lawful healthcare purposes with your verifiable consent or permitted legitimate uses (medical emergencies, treatment, public health).
Directly from you: When you register for services, book appointments, use our telehealth apps, complete walk-in forms or interact with our emergency response center.
Indirectly: Through service providers (payment processors, cloud storage), healthcare partners (Apollo Hospitals network) and analytics tools.
Automatically: Website/app usage data, device information, cookies and location data to improve services.
Health information: Medical history, treatment records, vitals, allergies and insurance details – collected only with explicit consent and used solely for your care.
We process your information based on:
Verifiable Consent (DPDP Sections 5-6): Free, specific, informed agreement for healthcare services, communications and marketing (opt-out anytime).
Legitimate Healthcare Uses (DPDP Section 7): Medical emergencies, epidemics, disaster response, legal obligations – no consent required.
All processing follows data minimization, accuracy and purpose limitation principles.
We share data only when necessary with:
No selling or marketing sharing without explicit consent. Cross-border transfers comply with DPDP Section 16 restrictions.
Your data is protected through ISO 27001:2022 certified measures including encryption, access controls, regular audits, and staff training. In case of breach, we notify the Data Protection Board within 72 hours and affected individuals without delay (DPDP Rules 2025).
Data is retained only as long as needed for healthcare purposes or legal requirements, then securely erased (DPDP Section 8(7)).
Your DPDP Rights (Sections 11-14):
For children under 18 and persons with guardians, we require verifiable parental/guardian consent (DPDP Section 9). No child tracking or behavioural profiling.
Our website uses essential, analytics and functional cookies. Non-essential cookies require consent. See our Cookie Policy for details.
For unresolved grievances, contact Data Protection Board of India.
This policy is reviewed regularly. Material changes will be posted here with notice. Continued use constitutes acceptance.
This policy complies with DPDP Act Sections 4-9, 11-14, 16, 18-24 and Rules 2025, plus ISO 9001:2015, ISO 27001:2022, ISO 22320:2018, HIPAA, and GDPR.
Last Updated: December 19, 2025
Spero Healthcare Innovations Pvt. Ltd. in partnership with Apollo Hospitals
Effective: 19 December 2025
Small text files placed on your device to make websites secure, remember preferences, analyse usage, and personalize healthcare content. Set by Spero-Apollo (first-party).
Complies with DPDP Act 2023 & Rules 2025, ISO 27001:2022, GDPR, HIPAA. Non-essential cookies require verifiable consent (Sections 5-6); essential use legitimate operation (Section 7).
Secure platforms, improve EMS/telehealth, personalize experience, measure campaigns. Data: IP, device, pages visited.
DPDP Compliance: No child tracking (Section 9), erase post-purpose (Section 8(7)), rights access/erasure (Sections 11-14), 72-hr breach notification.
Your Choices
Cookies deleted post-purpose. Policy updated with notice.
Spero Healthcare Innovations Pvt. Ltd. with Apollo Hospitals