Privacy Policy

1. Introduction

1.1 About This Privacy Policy

This Privacy Policy (“Policy”) governs the collection, use, disclosure, and protection of your personal information by Dawabharat, the entity operating Dawabharat online pharmacy platform (“Dawabharat”, “we”, “us”, “our”, “Platform”). This Policy applies to your use of our website www.dawabharat.com, mobile application, and all related services (collectively referred to as the “Platform”).

1.2 Our Commitment to Privacy

At Dawabharat, we are committed to protecting your privacy and maintaining the confidentiality of your personal and medical information. We understand the sensitive nature of health data and adhere to the highest standards of data protection in compliance with applicable Indian laws and regulations.

1.3 Scope of Application

This Privacy Policy applies to all users (“you”, “your”, “User”) who access or use our Platform, whether as registered users, casual visitors, or customers purchasing products or services. By accessing or using our Platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

1.4 Legal Framework

This Privacy Policy is formulated in accordance with:

The Digital Personal Data Protection Act, 2023 (DPDP Act)
The Information Technology Act, 2000
The Drugs and Cosmetics Act, 1940
Other applicable Indian laws and regulations

2. Information We Collect

2.1 Personal Information

We collect various types of personal information to provide our services effectively. “Personal Information” means any information that relates to you as an individual and can be used to identify you directly or indirectly.

Basic Personal Details:

Full name
Date of birth/age
Gender
Contact information (phone number, email address)
Residential and shipping addresses
Emergency contact details

Account Information:

Username and password
Security questions and answers
Account preferences and settings
Communication preferences

2.2 Medical and Health Information

Prescription Information:

Prescription details and medical prescriptions uploaded
Medical history and health conditions
Medication allergies and adverse reactions
Previous medication purchases and patterns
Dosage and treatment information

Health Records:

Physical, physiological, and mental health conditions
Diagnostic reports and test results (when shared)
Doctor consultations and medical advice (where applicable)
Health insurance information

2.3 Financial Information

Payment method details (credit/debit card, UPI, net banking)
Billing and invoice information
Transaction history and order details
Insurance claim information

2.4 Technical Information

Device and Usage Data:

IP address and device identifiers
Browser type and operating system
Mobile device information
App usage statistics and behavior patterns
Location information (with consent)

Website Interaction Data:

Pages visited and time spent
Search queries and product interactions
Click patterns and navigation paths
Session recordings (anonymized)

2.5 Communication Records

Customer service interactions
Chat logs and support tickets
Phone call recordings (with notification)
Email correspondence and feedback

3. How We Collect Information

3.1 Direct Collection

Account registration and profile creation
Order placement and checkout process
Prescription uploads and medical information submission
Customer service interactions
Survey participation and feedback forms
Newsletter subscriptions and marketing communications

3.2 Automatic Collection

Cookies and similar tracking technologies
Web analytics and usage monitoring
Mobile app analytics and crash reports
GPS location (with explicit consent)

3.3 Third-Party Sources

Payment gateway providers
Logistics and delivery partners
Healthcare providers and laboratories (with consent)
Government databases for verification purposes

4. Purpose and Legal Basis for Data Processing

4.1 Primary Purposes

Service Provision:

Processing and fulfilling your orders
Verifying prescriptions and ensuring medication safety
Managing your account and user profile
Providing customer support and resolving queries
Facilitating delivery and logistics services

Healthcare Services:

Ensuring medication safety and preventing adverse drug interactions
Maintaining medication history for better healthcare outcomes
Supporting doctor consultations and telemedicine services
Managing chronic disease and medication adherence programs

Legal and Regulatory Compliance:

Complying with pharmaceutical and healthcare regulations
Maintaining records as required under the Drugs and Cosmetics Act
Responding to government authorities and legal processes
Preventing fraud and ensuring platform security

4.2 Secondary Purposes

Business Operations:

Improving our products and services
Conducting market research and analytics
Personalizing user experience and recommendations
Marketing and promotional activities (with consent)

Safety and Security:

Detecting and preventing fraudulent activities
Ensuring platform security and data integrity
Monitoring for suspicious behavior or misuse
Protecting against cyber threats and data breaches

5.1 Service Providers and Partners

We may share your information with trusted third-party service providers who assist us in delivering our services:

Essential Service Providers:

Licensed pharmacists for prescription verification
Payment processors and financial institutions
Logistics and delivery partners
Cloud hosting and data storage providers
Customer support service providers

Healthcare Partners:

Doctors and healthcare providers (with consent)
Diagnostic laboratories and imaging centers
Insurance companies for claim processing
Government health authorities (as required by law)

5.2 Legal Disclosures

We may disclose your information when required by law or in good faith belief that disclosure is necessary to:

Comply with legal obligations and court orders
Respond to government inquiries and regulatory requests
Protect our rights, property, or safety
Prevent fraud, illegal activities, or policy violations
Protect public health and safety

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal information may be transferred to the successor entity, subject to the same privacy protections outlined in this Policy.

5.4 Data Localization and Cross-Border Transfers

All sensitive personal data is stored within India as per regulatory requirements
Cross-border transfers, if any, will be conducted with appropriate safeguards
We ensure adequate data protection standards in recipient countries
User consent will be obtained for international transfers where required

6. Data Security Measures

6.1 Technical Safeguards

Encryption and Security:

End-to-end encryption for sensitive data transmission
Advanced encryption standards (AES-256) for data storage
Secure Socket Layer (SSL) technology for website communications
Multi-factor authentication for account access
Regular security audits and penetration testing

Access Controls:

Role-based access control systems
Principle of least privilege access
Regular access reviews and deactivation procedures
Audit trails for all data access activities

6.2 Physical and Administrative Controls

Secure data centers with restricted physical access
Background verification of employees handling personal data
Regular security training and awareness programs
Incident response procedures and breach notification protocols
Data retention and disposal policies

6.3 Healthcare-Specific Security

HIPAA-equivalent security measures for medical data
Segregated storage for prescription and medical information
Licensed pharmacist oversight for medical data access
Secure prescription handling and verification processes

7. Cookies and Tracking Technologies

7.1 Types of Cookies Used

Essential Cookies:

Authentication and security cookies
Shopping cart and session management
Website functionality and preferences

Analytics Cookies:

Website usage statistics and performance monitoring
User behavior analysis and optimization
Error tracking and debugging

Marketing Cookies:

Personalized advertising and content delivery
Social media integration
Third-party marketing platform integration

7.2 Cookie Management

You can control cookie settings through your browser
Opt-out mechanisms for non-essential cookies
Clear instructions for disabling cookies
Impact disclosure for disabled cookies on functionality

8. Your Rights and Choices

8.1 Data Principal Rights (Under DPDP Act 2023)

Access Rights:

Right to know what personal data we hold about you
Right to obtain copies of your personal information
Right to understand how your data is being processed

Correction and Update Rights:

Right to correct inaccurate personal information
Right to update outdated information
Right to complete incomplete data records

Erasure Rights:

Right to request deletion of personal data
Right to be forgotten (subject to legal retention requirements)
Right to data portability in a commonly used format

8.2 Consent Management

Consent Withdrawal:

Right to withdraw consent at any time
Easy-to-use consent withdrawal mechanisms
Clear information about consequences of consent withdrawal

Granular Consent Options:

Separate consent for different types of data processing
Opt-in/opt-out choices for marketing communications
Specific consent for sensitive medical data processing

8.3 Communication Preferences

Email and SMS communication preferences
Marketing and promotional message controls
Notification settings for health-related communications
Unsubscribe mechanisms in all communications

9. Data Retention and Deletion

9.1 Retention Periods

Medical and Prescription Data:

Prescription records: Minimum 3 years as per pharmaceutical regulations
Medical history: Retained for continuity of care purposes
Transaction records: 7 years for financial compliance

Account Information:

Active account data: Retained while account is active
Inactive accounts: Data retained for 2 years after last activity
Marketing data: Retained until consent is withdrawn

9.2 Secure Deletion

Secure data destruction methods and procedures
Verification of complete data removal
Certificate of destruction for sensitive data
Regular data purging and cleanup processes

10. Third-Party Services and Links

10.1 Third-Party Integrations

Payment gateways and financial service providers
Social media platforms and login services
Healthcare service providers and telemedicine platforms
Analytics and marketing service providers

10.2 Third-Party Privacy Policies

We are not responsible for third-party privacy practices
Users encouraged to review third-party privacy policies
Limited control over third-party data collection
Clear disclosure of third-party relationships

11. Children’s Privacy

11.1 Age Restrictions

Our services are intended for users 18 years and older
We do not knowingly collect information from children under 18
Parental consent required for users under 18
Special protection measures for minor’s data

11.2 Parental Controls

Parental access to children’s health information
Consent mechanisms for medical treatment of minors
Educational resources about online privacy for families

12. International Users and Data Transfers

12.1 Cross-Border Considerations

Primary operations and data storage within India
Limited international transfers with adequate safeguards
Compliance with destination country data protection laws
User notification for international data transfers

13. Privacy Policy Updates and Changes

13.1 Policy Modifications

Right to update this Privacy Policy as needed
Notification methods for significant changes
Effective date of policy updates
User options in case of material changes

13.2 Version Control

Clear versioning and dating of policy updates
Archive of previous policy versions
Summary of changes for user convenience
Continued service use implies acceptance of changes

14. Grievance Redressal and Complaints

14.1 Grievance Officer

In accordance with applicable data protection laws, we have appointed a Grievance Officer to address privacy-related concerns:

Contact Details:

Email: support@dawabharat.com
Address: Patna, Bihar
Response Time: Within 30 days of complaint receipt

14.2 Complaint Process

Internal Complaints:

Submit complaint via email or written communication
Provide detailed description of privacy concern
Include relevant account information and documentation
Expect acknowledgment within 48 hours
Resolution provided within 30 days

Regulatory Complaints:

Data Protection Board of India (under DPDP Act)
State and Central Drug Control authorities
Cyber Crime reporting portals
Consumer protection forums

15. Data Protection Officer

15.1 DPO Appointment

As a significant data fiduciary processing large volumes of sensitive health data, we have appointed a Data Protection Officer (DPO):

DPO Contact Information:

Email: support@dawabharat.com
Responsibilities: Overseeing data protection compliance and user rights

16. Compliance and Audit

16.1 Regular Compliance Reviews

Annual data protection compliance audits
Regular assessment of data processing activities
Third-party security certifications and validations
Continuous monitoring of regulatory changes

16.2 Transparency Reports

Annual transparency reports on data requests
Statistics on user rights requests and resolutions
Information about data breaches and incident responses
Compliance metrics and improvement initiatives

17. Special Circumstances and Emergencies

17.1 Medical Emergencies

Expedited data sharing for life-threatening situations
Emergency contact notification procedures
Collaboration with healthcare providers during emergencies
Post-emergency data handling and consent confirmation

17.2 Public Health Situations

Data sharing with health authorities during epidemics
Contact tracing and public health surveillance cooperation
Anonymized data contribution to research initiatives
Balance between privacy and public health needs

18. Contact Information and Support

18.1 General Privacy Inquiries

Customer Support:

Email: support@dawabharat.com
Live Chat: Available on website and mobile app

18.2 Data Protection Queries

Privacy Team:

Email: support@dawabharat.com
Response Time: 72 hours for privacy-related queries

19. Governing Law and Jurisdiction

19.1 Legal Framework

This Privacy Policy is governed by:

Indian data protection laws and regulations
Applicable pharmaceutical and healthcare laws
International data protection standards where applicable
State-specific privacy regulations

19.2 Dispute Resolution

Exclusive jurisdiction of Indian courts
Preference for alternative dispute resolution
Mediation and arbitration options
Compliance with regulatory authority decisions

20. Additional Resources

20.1 Privacy Education

Regular privacy tips and best practices
User guides for privacy settings and controls
Educational content about health data protection
Industry updates and regulatory changes

20.2 Technical Support

Privacy settings configuration assistance
Data download and deletion support
Account security enhancement guidance
Incident reporting and resolution support

Last Updated: 11 August 2025

Version: 1.0

This Privacy Policy represents our commitment to protecting your personal and health information. We encourage you to review this Policy regularly and contact us with any questions or concerns about how we handle your data. Your trust is essential to our mission of providing safe, secure, and accessible healthcare services.