Privacy Policy

1. Who we are

Hyaat International Hospital ("we", "us", or "our") operates the public website at https://hyaat.com.pk (the "Website") and related digital services connected to scheduling, enquiries, and care coordination at our facility in Islamabad, Pakistan. Hyaat Hospital is used here as a short name for the same organisation where context allows.

This Privacy Policy explains what personal information we may collect, why we collect it, how we use and share it, how long we keep it, and the choices and rights available to you. It applies to visitors and users of the Website and to individuals who interact with us through channels linked from the Website (for example, appointment requests or contact details you submit to us).

For clinical care, medical records are governed by additional confidentiality rules and hospital policies. This policy focuses on information collected through the Website and related digital touchpoints, not on a full clinical records policy (which you may request from our front office or medical records team).

2. Scope and patient accounts

We do not offer public, self-service registration for patient portal accounts on this Website. If a patient portal or similar service is made available, access is managed by the hospital (for example, through staff-approved invitation or other controlled onboarding). Do not expect to create a patient login yourself from the public site unless we explicitly enable that feature and update this policy.

Staff and clinician portals are separate, access-controlled systems. This policy may still apply to limited personal data processed when you use the Website (for example, your name and contact details when you book an appointment).

3. Information we may collect

Depending on how you use the Website, we may collect:

• Identity and contact data: name, phone number, email address, city, date of birth or age where needed for scheduling, and similar details you provide when booking an appointment, submitting a form, or communicating with us.
• Appointment and visit-related data: preferred department or specialty, doctor or slot selections, reason for visit at a high level (if you choose to provide it), reference numbers, and status of requests.
• Technical and usage data: IP address, device and browser type, general location derived from IP (such as region or city), pages viewed, referring URLs, timestamps, and diagnostic data needed to keep the site secure and reliable.
• Security and anti-abuse data: for example, signals from security checks (such as CAPTCHA challenges) where we use them to reduce spam and automated abuse.
• Communications: content of messages you send us (including email or WhatsApp where linked from the site), and our responses, where retained in accordance with our retention practices.

We ask that you do not submit detailed medical information, diagnostic reports, or other highly sensitive health data through general website forms unless we specifically request it for a defined purpose (for example, a secure intake process). For clinical matters, use the channels we direct you to (in person, phone, or secure systems we provide).

4. Health and sensitive information

Information about your physical or mental health, treatment, or genetics is treated as sensitive. We only process such information where it is necessary for providing healthcare, managing appointments, complying with law, or where you have given clear consent for a specific purpose. Website booking flows are designed to minimise unnecessary health details; any additional processing follows hospital clinical governance and applicable professional standards.

5. Why we use your information (purposes)

We use personal information for purposes including:

• Scheduling, confirming, rescheduling, or cancelling appointments and related reminders.
• Operating and improving the Website, including performance, analytics, and user experience.
• Responding to enquiries and providing customer support.
• Security, fraud prevention, and protecting the rights, property, and safety of patients, staff, and visitors.
• Compliance with legal, regulatory, and audit requirements in Pakistan.
• Internal reporting and quality improvement, using aggregated or de-identified data where appropriate.

Where required by applicable law, we rely on appropriate legal bases such as performance of a contract (for example, arranging your visit), legitimate interests that are not overridden by your rights (for example, securing our systems), consent where we ask for it, or legal obligation.

6. Sharing and processors

We may share personal information with:

• Service providers who assist us with hosting, email, analytics, customer support tools, appointment and hospital information systems, backups, and security—only on our instructions and under contractual confidentiality and security obligations.
• Professional advisers such as lawyers or auditors where required.
• Authorities when we believe disclosure is required by law, court order, or regulatory request, or to protect vital interests.
• Successors in the event of a reorganisation, merger, or asset transfer, subject to applicable law.

We do not sell your personal information.

7. International transfers

Some of our service providers may process data in jurisdictions outside Pakistan. Where such transfers occur, we take steps consistent with applicable law to ensure appropriate safeguards (such as contractual clauses or equivalent measures).

8. Retention

We retain personal information only for as long as needed for the purposes described in this policy, including legal, regulatory, accounting, and reporting requirements. Medical records retention follows applicable healthcare record-keeping rules. Technical logs may be kept for shorter periods unless needed for security investigations.

9. Security

We implement administrative, technical, and organisational measures appropriate to the nature of the data we process, including access controls, encryption in transit where applicable, monitoring, and staff training. No method of transmission or storage is completely secure; we encourage you to use strong passwords where you have accounts we issue, and to contact us promptly if you suspect unauthorised access.

10. Your rights and choices

Subject to applicable law in Pakistan, you may have rights to request access, correction, or deletion of certain personal data; to restrict or object to processing; to withdraw consent where processing is consent-based; and to lodge a concern with a supervisory or regulatory authority where one exists.

To exercise rights related to Website data or general enquiries, contact us using the details below. Requests for medical records or clinical corrections may need to follow our hospital records process and identity verification.

11. Cookies and similar technologies

We may use cookies and similar technologies that are strictly necessary for the Website to function, remember preferences, maintain sessions where you log in, measure traffic, and improve performance. You can control cookies through your browser settings; disabling some cookies may affect functionality.

12. Children

The Website is not directed at children to collect data without parental involvement. If you are booking on behalf of a minor, you confirm you have authority to provide their information. If you believe we have collected a child's data inappropriately, please contact us so we can address it.

13. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top will change when we publish a revision. Material changes may be highlighted on the Website or communicated where appropriate. Continued use of the Website after changes constitutes notice of the updated policy where permitted by law.

14. Contact us

For privacy-related questions or requests regarding Hyaat International Hospital in Islamabad, please contact us at contact@hyaat.com.pk. You may also refer to our Terms and Conditions.