• +91 8976964693
  • info@enablemychild.org
New Horizons Child Development Centre
  • Home
  • About Us
  • Our Programs
    • New Horizons Developmental Program (NHDP)
    • E-nable (Parent Coaching Program)
  • Success Stories
    • Publications
  • FAQs
  • Blogs
  • Contact Us
  • Home
  • About Us
  • Our Programs
    • New Horizons Developmental Program (NHDP)
    • E-nable (Parent Coaching Program)
  • Success Stories
    • Publications
  • FAQs
  • Blogs
  • Contact Us

Privacy Policy

New Horizons Child Development Centre > Privacy Policy
FieldDetails
OrganizationNew Horizons Child Development Centre (NHCDC)
Registered AddressGoregaon East, Mumbai, Maharashtra
Contact Emailinfor@enablemychild.org
Applicable LawDigital Personal Data Protection Act, 2023 (DPDPA)
Effective Date27-06-26
Last Updated27-06-26
Version1.0

1. Introduction

New Horizons Child Development Centre (“NHCDC,” “we,” “our,” “us”) is a child development and therapy organization providing developmental assessment, intervention, and therapy services to children with special needs across multiple centres in Mumbai and online through our E-nable programme.

We are committed to protecting the privacy and personal data of every child, parent, guardian, and family that engages with our services. This Privacy Policy explains how we collect, use, store, share, and protect your personal data in compliance with the Digital Personal Data Protection Act, 2023 (DPDPA).

Given that our services are primarily directed at children (persons under 18 years of age), we treat all personal data with the highest standard of care and apply the enhanced protections mandated by Section 9 of the DPDPA for children’s data.

2. Who This Policy Applies To

This Privacy Policy applies to:

  • Children enrolled in NHCDC’s services (in-centre and online)
  • Parents, lawful guardians, and family members of enrolled children
  • Prospective families who inquire about our services
  • Visitors to our centres and website
  • Employees and consultants of NHCDC (employee data is governed by the Internal Data Protection Policy)

3. Personal Data We Collect

3.1 Children’s Data

  • Identity: Name, date of birth, gender, photograph, patient ID
  • Clinical/Health: Developmental history, diagnosis, assessments, evaluations, therapy notes, ITP, progress reports, behavioural observations, sensory profiles
  • Audio/Visual: Session recordings (video/audio), clinical photographs, CCTV footage
  • Online session data: Platform recordings, interaction logs (E-nable programme)

3.2 Parent / Guardian Data

  • Identity: Name, contact number, email address, residential address
  • Family context: Occupation, family medical history (where clinically relevant)
  • Financial: Payment details, fee receipts, billing records
  • Communication: Emails, messages, call records with NHCDC staff

3.3 Website / Digital Data

  • If you visit our website/SM platforms: IP address, browser type, pages visited, cookies (if any)
  • If you fill an enquiry form: Name, contact details, nature of inquiry

4. Purpose of Data Collection

We collect and process personal data only for the following legitimate purposes:

PurposeLegal Basis
Clinical assessment, therapy, intervention, and progress monitoringVerifiable parental consent (DPDPA Section 9)
Preparing clinical reports, ITP, evaluation, and discharge summariesVerifiable parental consent
Internal clinical review, supervision, and quality assuranceLegitimate clinical interest
Communication with parents regarding appointments, progress, and admin mattersContractual necessity
Billing, invoicing, and financial record-keepingContractual and legal obligation
Staff training (using anonymized data only)Legitimate organizational interest + separate consent
Compliance with legal obligations (POCSO reporting, court orders, regulatory filings)Legal obligation
Child safety (CCTV, session recording)Legitimate interest + parental consent
Research and outcome measurement (anonymized only)Separate explicit consent

We do NOT: sell your data; use it for marketing, advertising, or targeted content; engage in behavioural tracking of children; share it with third parties for commercial purposes; or use it for any purpose not described in this policy.

5. Consent

Since our services are directed at children, we obtain verifiable consent from the parent or lawful guardian before collecting any personal data of the child, in accordance with Section 9 of the DPDPA, 2023.

Consent is obtained through a signed Parental Consent Form at the time of enrolment. For the E-nable (online) programme, a digital consent form is completed before the first session.

Consent is specific, informed, and freely given. You are not required to consent to data processing that is not necessary for the clinical services you are seeking.

You may withdraw your consent at any time by submitting a written request to our Grievance Officer. Please note that withdrawal of consent may impact our ability to continue providing clinical services.

6. Data Storage & Security

We implement appropriate technical and organizational measures to protect your personal data:

  • Clinical data is stored on secure, access-controlled systems (Medixcel and authorized organizational platforms).
  • Physical records are maintained in locked file cabinets with restricted access at each centre.
  • Role-based access controls ensure that only authorized personnel can access patient data.
  • All staff are bound by Non-Disclosure Agreements (NDA) and are prohibited from storing patient data on personal devices.
  • CCTV footage is stored for a maximum of 30 days.
  • E-nable session recordings are stored on NHCDC’s authorized systems, not on individual therapists’ personal devices.
  • Data is stored within India. We do not transfer personal data outside India without explicit consent and adequate safeguards.

7. Data Sharing

We do not sell, rent, or trade personal data. Data may be shared only in the following limited circumstances:

  • Referral to external specialists: Only with explicit written consent of the parent/guardian.
  • Legal obligations: POCSO mandatory reporting to police/SJPU, court orders, regulatory inquiries.
  • Medical emergencies: With hospitals or emergency services in the vital interest of the child.
  • Internal clinical supervision: Within NHCDC’s authorized clinical team for quality assurance.
  • Anonymized research: Only with separate explicit consent, after complete de-identification.

8. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:

  • Clinical records: Until the child turns 25 years of age (7 years after attaining majority).
  • Financial records: 8 years from the financial year of creation.
  • CCTV footage: 30 days (unless required for investigation).
  • Communication records: Duration of active engagement + 2 years.
  • Online session recordings: Duration of active engagement + 1 year.

After the retention period, data is securely destroyed — physical records are shredded and digital records are permanently deleted.

9. Your Rights

Under the DPDPA, 2023, you have the following rights:

  • Right to Access: Request a summary of your child’s personal data and how it is processed.
  • Right to Correction: Request correction of inaccurate or incomplete data.
  • Right to Erasure: Request deletion of data, subject to legal retention obligations.
  • Right to Withdraw Consent: Withdraw consent at any time (does not affect prior lawful processing).
  • Right to Grievance Redressal: File a complaint with our Grievance Officer or the Data Protection Board of India.
  • Right to Nominate: Nominate a person to exercise your rights in case of your death or incapacity.

10. Special Provisions for Children’s Data

In accordance with Section 9 of the DPDPA, 2023:

  • We process children’s data only with verifiable parental consent.
  • We do not engage in tracking, behavioural monitoring, or targeted advertising directed at children.
  • We do not process children’s data in any manner that is likely to cause detrimental effect to the well-being of the child.
  • We apply the highest standard of data protection to all children’s data.

11. Data Breach Notification

In the event of a personal data breach that is likely to cause harm to any data principal, NHCDC shall:

  • Notify the Data Protection Board of India within 72 hours of becoming aware of the breach.
  • Notify affected parents/guardians without unreasonable delay.
  • Take immediate steps to contain the breach and mitigate its impact.
  • Document the breach, its effects, and the remedial actions taken.

12. Grievance Officer

For any questions, concerns, or requests regarding your personal data or this Privacy Policy:

FieldDetails
NameKern Rebello
DesignationQuality Manager
Emailinfo@enablemychild.org
AddressNew Horizons Child Development Centre, Goregaon East, Mumbai
Response TimelineWithin 7 working days of receiving your request

13. Updates to This Policy

This Privacy Policy may be updated from time to time to reflect changes in law, our services, or data processing practices. Any material changes will be communicated to you via email or notice at our centres. The latest version shall always be available at our website and at the reception of each centre.

Useful Links

  • Home
  • About Us
  • Success Stories
  • NHDP
  • E-NABLE
  • FAQs
  • Blog
  • Contact us

Get in Touch

Questions? Concerns? We're here to listen and guide your family toward brighter days ahead.
  • Corporate Office - 1st Floor, Vijay Vihar Apartment, Aarey Road, Shreyas Colony, Jay Prakash Nagar, Goregaon – East, Mumbai-400063.
  • +91 8976964693
  • info@enablemychild.org

Subscribe Now

Stay connected with stories of hope, practical tips and celebration moments from families just like yours.

    © 2026 New Horizons Child Development Centre. All rights reserved. Privacy Policy