Your Trust, Our Commitment

Introduction

This Privacy Policy (the "Policy") applies to the website munazaphysio.studio and all services, communications, and consultations provided by Munaza Physio Studio ("we", "us", "our", or "the Clinic"), operated by Dr. Munaza Ghani, based at Maqbool Street, Kareem Block, Allama Iqbal Town, Lahore, Pakistan.

We are committed to protecting and preserving the privacy of our visitors when visiting our site or communicating electronically with us. This Policy explains our practices for collecting, using, storing, and safeguarding your personal and health information, and outlines the rights available to you.

Types of Information We May Collect From You

In the course of providing physiotherapy services and operating our website, we may collect and process the following categories of information:

• Identity Data Full name, date of birth, gender, CNIC (only where legally required), and profession.
• Contact Data Residential or correspondence address, telephone and mobile numbers, WhatsApp number, and email address.
• Health Data Medical history, presenting conditions, diagnostic reports, treatment plans, clinical assessments, and progress notes.
• Appointment Data Dates, times, location preferences (clinic or home-visit), and session-related notes.
• Financial Data Payment method, transaction references, and billing records (we do not store card details).
• Technical Data IP address, device type, browser type, operating system, and referring URLs.
• Usage Data Pages visited, session duration, links clicked, and interaction patterns on our website.
• Communication Data Enquiries, feedback, testimonials, and correspondence submitted via forms, email, WhatsApp, or social channels.

Information You Supply to Us

You may provide information to us voluntarily through any of the following interactions:

• Completing the contact or appointment-booking forms on our website.
• Sending us a message via WhatsApp, email, or phone call.
• Registering as a patient and providing medical history during consultation.
• Subscribing to our newsletter or updates.
• Leaving a review, testimonial, or comment.
• Following, messaging, or engaging with us on social media (Instagram, YouTube).

All information you supply is provided on a voluntary basis. Where certain details are essential for providing safe clinical care such as relevant medical history we will notify you, and you may decline; however, doing so may limit the treatment we can responsibly offer.

Information Our Website Automatically Collects About You

When you visit our website, certain technical information is collected automatically to help us maintain, secure, and improve the online experience. This includes:

• Device Information Your IP address, device model, operating system, and screen resolution.
• Browser Information Browser type, version, and language preferences.
• Visit Analytics Pages viewed, time spent on each page, referring pages, and exit pages.
• Location (approximate) Country and city-level geolocation derived from your IP address.
• Log Files Server logs recording access date, time, and HTTP status, used for security and diagnostic purposes.

This data is aggregated and anonymised wherever possible and is not used to identify any individual visitor.

Cookies

Our website uses cookies small text files placed on your device to enhance functionality, analyse usage, and deliver a better browsing experience. You can accept, reject, or manage cookies at any time through your browser settings.

Disabling cookies may affect some features of the website. For more detail about specific cookies we use, please contact us using the details below.

How We May Use the Information We Collect

We use your personal information only for lawful, specific, and clearly defined purposes, including:

• Clinical Care Assessing, diagnosing, and delivering physiotherapy treatment safely and effectively.
• Appointment Management Scheduling, confirming, rescheduling, or reminding you of sessions.
• Communication Responding to enquiries, follow-up care, and post-treatment guidance.
• Record Keeping Maintaining accurate clinical and administrative records as required by professional and legal standards.
• Payment Processing Issuing invoices, receipts, and processing payments.
• Service Improvement Analysing feedback and usage patterns to improve our services and website.
• Marketing (with consent) Sending newsletters, wellness tips, or clinic updates, which you may unsubscribe from at any time.
• Legal Compliance Meeting obligations under applicable Pakistani law, including tax, professional, and regulatory requirements.

Legal Basis for Processing

We process your personal information only where we have a valid legal basis to do so. These bases include:

• Consent You have freely given explicit permission (e.g., signing a consent form, ticking an opt-in box).
• Performance of a Contract Processing is necessary to deliver the services you have requested.
• Legal Obligation Processing is required under Pakistani law or regulatory standards.
• Vital Interests Processing is necessary to protect your life or health in a medical emergency.
• Legitimate Interests Processing serves a genuine business purpose (e.g., service improvement), provided it does not override your rights.

Health & Sensitive Personal Data

Because we are a healthcare provider, we routinely handle sensitive personal information particularly health data which warrants the highest level of protection. We treat such data with strict confidentiality in line with established medical ethics and the principles set out in the Personal Data Protection Bill, 2023.

• Health records are accessible only to Dr. Munaza Ghani and authorised clinical staff directly involved in your care.
• Clinical notes are stored securely, whether in physical files (locked cabinets) or encrypted digital systems.
• We will never disclose your health information to any third party including family members without your explicit written consent, unless required by law or necessary to protect life.
• Sensitive personal data is not transferred outside Pakistan except as permitted under applicable law and with appropriate safeguards in place.

Disclosure of Your Information

We do not sell, rent, or trade your personal information. We may, however, share limited information in the following circumstances:

• Referring Practitioners With your consent, we may share information with referring doctors, specialists, or diagnostic centres to coordinate your care.
• Service Providers Trusted third parties who assist with hosting, payment processing, or communication tools, bound by strict confidentiality obligations.
• Legal & Regulatory Requirements Where disclosure is required by a court of law, law enforcement agency, the Pakistan Telecommunication Authority (PTA), or any other competent authority under applicable law.
• Emergency Situations To protect your vital interests, the health and safety of others, or to prevent imminent harm.
• Business Transfers In the unlikely event of a merger, restructuring, or sale of the practice, your data may be transferred to the successor entity under equivalent privacy protections.

Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Secure HTTPS (SSL/TLS) encryption on our website.
• Password-protected clinical record systems with role-based access.
• Physical safeguards for paper records (locked storage, restricted-access areas).
• Regular backups and system updates to minimise vulnerabilities.
• Staff training on confidentiality and data-handling responsibilities.

While we take every reasonable precaution, no method of transmission over the internet or electronic storage is entirely secure. In the event of a data breach affecting your personal data, we will notify you and the appropriate authorities without undue delay, in accordance with applicable law.

Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law:

• Clinical Records Retained for a minimum period as required by medical and professional standards, typically seven (7) years after your last visit.
• Financial Records Retained for six (6) years in accordance with tax and accounting obligations.
• Marketing Data Retained until you withdraw consent or unsubscribe.
• Website Analytics Anonymised and retained for up to twenty-four (24) months.

When no longer required, your information is securely destroyed, deleted, or permanently anonymised.

Third Party Links

Our website may contain links to third-party websites, plugins, or applications including our Instagram page, YouTube channel, WhatsApp chat, Google Maps, and payment gateways. Clicking on these links or enabling these connections may allow third parties to collect or share data about you.

We do not control these third-party websites and are not responsible for their privacy practices or content. We encourage you to read the privacy notice of every website you visit, as we cannot accept any responsibility or liability for their policies.

Your Rights Access to Your Personal Data

Under Pakistani law and our internal data-protection standards, you are entitled to the following rights concerning your personal information:

To exercise any of these rights, please contact us using the details in Section Seventeen. We will respond to your request within thirty (30) days. We may ask you to verify your identity before fulfilling certain requests, to protect your data from unauthorised access.

Children's Privacy

Our services are primarily intended for adults. Where we provide treatment to minors such as paediatric physiotherapy or cerebral palsy management we only collect and process personal information with the explicit consent of a parent or legal guardian. Parents and guardians may request access to, correction of, or deletion of a minor's records at any time.

International Data Transfers

Our services are operated from Pakistan. Some of our service providers (such as cloud hosting, email, or analytics services) may process data on servers located outside Pakistan. Wherever such transfers occur, we ensure appropriate safeguards are in place, including contractual protections consistent with Pakistan's Personal Data Protection Bill, 2023, and recognised international standards.

Critical personal data, as defined under Pakistani law, is stored and processed only within the territory of Pakistan.

Changes to Our Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the services we offer. Any revised version will be posted on this page with an updated "Last Updated" date. Where the changes are material, we will take reasonable steps to notify you directly for example, by email or a prominent notice on our website.

We encourage you to review this Policy periodically to stay informed about how we protect your information. Your continued use of our services after any changes indicates your acceptance of the updated Policy.