Welcome to Mangol Tech — where innovation meets execution

Privacy Policy

Clinic & Telehealth Website Design + SEO Experts

Telehealth & Healthcare IT | HIPAA, GDPR & Global Compliance

MTech – High-Impact Web Design & SEO for Clinics and E-commerce

Welcome to MTech (“we”, “us”, “our”). We build content and solutions for telehealth, healthcare IT, and clinic automation. This Privacy Policy explains what we collect, why we collect it, how we protect it, and your rights. We follow HIPAA (for U.S. healthcare contexts), GDPR/UK GDPR (EU/UK), CCPA/CPRA (California), and other applicable laws in our markets (Middle East, Russia, China, Indo‑Pak).

Telehealth Privacy Policy
HIPAA privacy policy
Healthcare data privacy
Telemedicine Privacy Policy
GDPR healthcare privacy
CCPA healthcare privacy
Healthcare IT privacy
Patient data privacy
ePHI privacy policy
Medical website privacy
HIPAA compliance policy
Clinic privacy policy

Global freelance expert in content writing, blogging, SEO, graphic design & digital marketing. Serving USA, UK, UAE, EU & Pakistan.

Who we are

Entity: [MTech, Irfan Kausar Mangol], [Pakistan]
Address: [Hafizabad Road, Chak Uggu, Tehsil & District Gujranwala, Punjab, Pakistan]
Email: [info@irfanmangol.com]
Phone/WhatsApp: [+92-305-5090-937]
EU/UK Representative (if required): [Irfan Mangol/MTech]
Data Protection Officer (if appointed): [MangolTech, info@irfanmangol.com]

Suggested text: Our website address is: https://irfanmangol.com.

What we collect

A. Information you give us

Name, email, phone, role, organization
Form inputs (contact, consultation, demo, newsletter)
Support messages, meeting notes

B. Information we collect automatically

Device, browser, IP, region
Pages viewed, time on page, clicks (analytics)
Cookies (preferences, analytics, security)

C. Healthcare context (ePHI/PHI) — only if you provide it

We avoid collecting ePHI on the website. If you share sensitive info for consultations, we handle it under HIPAA‑aligned safeguards and Business Associate Agreements (BAAs) where applicable.

Telehealth & HIPAA specifics

We design flows to minimize ePHI on public forms.
If ePHI is processed, we use HIPAA‑aligned vendors, encryption in transit and at rest, role‑based access, MFA, audit logs, and signed BAAs.
You control what you share. We recommend patient portals for sensitive items.

Authoritative resources:

U.S. HHS Telehealth & HIPAA: https://www.hhs.gov/hipaa/for-professionals/special-topics/telehealth/index.html
HIPAA Security Rule: https://www.hhs.gov/hipaa/for-professionals/security/index.html

Why we collect it (lawful basis)

Provide services & support (contract)
Respond to inquiries & demos (legitimate interest / consent)
Email updates & newsletters (consent; opt‑out anytime)
Security & fraud prevention (legitimate interest / legal obligation)
Legal compliance (HIPAA, GDPR/UK GDPR, CPRA)

Cookies & tracking

Essential cookies: security, session, load balancing
Analytics: page views, engagement (aggregated)
Preferences: remember your choices

You can change preferences in our Cookie Settings (footer link) or your browser. Blocking some cookies may affect site features.

How we protect your data (security)

TLS/HTTPS everywhere
Encryption: TLS 1.2+ in transit; AES‑256 at rest (vendor dependent)
Access control: least privilege, unique IDs, MFA
Monitoring: logs, alerts, change tracking
Backups: encrypted, tested, limited retention
Vendor reviews: security, BAAs (where required)

Data sharing (what we share, why)

We do not sell your personal information. We share only when needed:

Processors/Sub‑processors: hosting, email, CRM, analytics, calendar. Bound by contracts and (where relevant) BAAs.
Legal: when required by law or to protect rights, safety, or security.
Business changes: merger, acquisition, or asset transfer (with notice).

See our current vendor list: /subprocessors (publish a page and keep updated).

Data retention

We keep data only as long as needed:

Inquiry & CRM records: [e.g., 24 months]
Contract & billing: per tax/audit laws
Analytics (aggregated): [e.g., 14 months]
ePHI (if any): per HIPAA‑aligned retention, then secure deletion

You can request deletion (subject to legal exceptions).

Your rights

EU/UK GDPR

Access, rectification, erasure, restriction, portability, objection
Withdraw consent anytime (does not affect past lawful processing)
Complain to a Data Protection Authority (e.g., ICO in the UK: https://ico.org.uk/)

California CCPA/CPRA

Know, delete, correct, opt‑out of “sale”/“sharing” of personal info
Non‑discrimination in exercising rights
California Privacy Protection Agency: https://cppa.ca.gov/

Other regions

We respect applicable local laws (e.g., UAE/Saudi PDPL). Contact us to exercise rights.

How to submit a request: email [privacy@irfanmangol.com] with subject “Privacy Request”.

International transfers

We serve clients globally. When data moves across borders, we use appropriate safeguards (e.g., Standard Contractual Clauses for EU/UK). We assess vendor risk and apply protective measures.

Children’s data

Our site and services are for 18+. We do not knowingly collect data from children. If you believe a child has provided data, contact us for deletion.

Do Not Sell or Share (California)

We do not sellor share your personal information for cross‑context behavioral advertising. If you wish to submit a request, use /do-not-sell or email [privacy@yourdomain.com].

Marketing preferences

Email: unsubscribe link in every message
WhatsApp/SMS (if used): opt‑in required; reply STOP to opt‑out
Ads: you can limit ad tracking in your device/browser

Managing your data

Request a copy of your data
Ask us to update or delete it (subject to legal holds)
Get info about our vendors and safeguards

Email [info@irfanmangol.com] or use /privacy-request.

Links to other sites

We link to trusted authorities (e.g., HHS, ICO, CPPA). We are not responsible for their content or policies. Review their privacy pages.

EU GDPR text: https://eur-lex.europa.eu/eli/reg/2016/679/oj
UK ICO: https://ico.org.uk/
California CPPA: https://cppa.ca.gov/

Region‑specific notes (simple overview)

USA (HIPAA/CPRA):BAAs for ePHI vendors; Security Rule safeguards; CPRA rights for Californians.
EU/UK (GDPR/UK GDPR): lawful basis, transparency, DPA rights, SCCs for transfers, DPO/rep if required.
Middle East (e.g., UAE, Saudi): follow local PDPL rules for consent and transfers; minimize data.
Russia/China: added care with localization and transfer rules; use local counsel; store only what’s necessary.
Indo‑Pak: comply with applicable data laws and sectoral guidance; minimize and secure data.

(This summary is informational. Always seek local legal advice for specifics.)

Changes to this policy

We update this page when we change how we collect or use data. The “Last Updated” date shows the latest version. Major changes will be announced on‑site or by email.

Contact us

[Irfan Mangol, MTech]
Email: [info@irfanmangol.com]
Phone/WhatsApp: [+92 305 5090 937]
Address: [Chak Uggu, Teh & Distt Chak Uggu, Gujranwala]
Contact form: /contact

For EU/UK users, you may also contact your Data Protection Authority (e.g., ICO: https://ico.org.uk/).
For California users, see CPPA: https://cppa.ca.gov/
For HIPAA questions, see HHS: https://www.hhs.gov/hipaa/

Helpful links (internal)

Terms of Service:/terms
Cookie Settings / Cookie Policy: /cookies
Data Processing Addendum (DPA): /data-processing-addendum
Sub‑processors: /subprocessors
Do Not Sell or Share: /do-not-sell
Notice of Privacy Practices (HIPAA): /hipaa-notice

We comply with HIPAA privacy standards as outlined by the U.S. Department of Health & Human Services.”
“Our policies follow GDPR regulations for EU users (GDPR official site).”
“For more details on consumer protection, visit the FTC Privacy & Security guidelines.”