How med96.in collects, uses, and protects your personal data โ in compliance with India's Digital Personal Data Protection Act, 2023.
med96.in is operated by Med96 Healthcare Private Limited ("med96", "we", "us", or "our"), a company incorporated under the Companies Act, 2013. We provide an online platform for purchase of pharmaceutical products, diagnostic services, doctor consultation services, and health information.
For the purposes of the DPDP Act, 2023, med96 acts as a Data Fiduciary โ meaning we determine the purpose and means of processing your personal data.
Contact: contact@med96.in
| Term | Meaning |
|---|---|
| Personal Data | Any data about an individual who is identifiable by or in relation to such data |
| Data Principal | You โ the individual to whom the personal data relates |
| Data Fiduciary | med96.in โ determines purpose and means of processing your data |
| Data Processor | Third parties who process data on our behalf under a written contract |
| Consent | Free, informed, specific, unconditional agreement to process personal data |
| Processing | Collection, storage, use, sharing, disclosure, or deletion of personal data |
We collect only such personal data as is necessary for the purposes described in this Policy ("data minimisation" principle under DPDP Act):
We do not collect sensitive personal data beyond what is strictly necessary to provide healthcare-related services. All sensitive data is collected with your explicit consent as required under the DPDP Act.
Under the DPDP Act, we process your data only on the following lawful bases:
| Purpose | Legal Basis (DPDP Act) |
|---|---|
| Account registration and authentication | Consent |
| Fulfilling medicine and diagnostic orders | Contractual necessity / Consent |
| Processing payments | Contractual necessity |
| Online doctor consultations | Consent |
| Sending order updates and notifications | Legitimate use / Consent |
| Personalised health recommendations | Consent |
| Legal compliance and fraud prevention | Legal obligation / Legitimate use |
| Safety and security of the platform | Legitimate use |
| Marketing communications (opt-in only) | Consent |
We will not use your personal data for any purpose other than those notified to you at the time of collection or subsequently with your explicit consent.
Before collecting any sensitive personal data (medical records, health information), we will present a clear notice and obtain your explicit consent as mandated by the DPDP Act.
We may share your personal data with the following categories of recipients, strictly on a need-to-know basis:
All Data Processors we engage are bound by written agreements requiring them to process data only as instructed by us, implement appropriate security measures, and not retain data beyond the agreed period โ consistent with Section 8 of the DPDP Act.
We do not sell your personal data to any third party for commercial purposes.
Your personal data is primarily stored and processed in India. Any transfer of personal data outside India will be carried out only to countries notified by the Central Government under the DPDP Act as providing adequate data protection, or under appropriate contractual safeguards.
We retain your personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by applicable law (e.g., medical record regulations, tax laws).
Once the retention period expires, or upon a valid erasure request from you (see Your Rights below), we will securely delete or anonymise your data. We will not retain data beyond the purpose for which it was collected, in line with the storage limitation principle of the DPDP Act.
The DPDP Act, 2023 grants you the following rights, which you may exercise by writing to us at contact@med96.in:
Obtain a summary of personal data we hold and processing activities
Correct inaccurate or incomplete personal data
Request deletion of personal data when no longer necessary
Withdraw consent at any time without affecting prior lawful processing
Lodge a complaint with our Data Protection Officer
Nominate a person to exercise rights on your behalf in case of incapacity
We will respond to your requests within 30 days. For unresolved grievances, you may approach the Data Protection Board of India established under the DPDP Act.
Our platform is not directed at children below the age of 18. In accordance with the DPDP Act, we will not process personal data of children without verifiable parental or guardian consent. We do not engage in behavioural tracking of children.
If you believe a child's data has been submitted to us without appropriate consent, please contact us immediately at contact@med96.in for prompt deletion.
We implement appropriate technical and organisational security measures to protect your personal data from unauthorised access, disclosure, alteration, or destruction. These include encryption of data in transit and at rest, access controls, audit logs, and regular security assessments.
In the event of a personal data breach that is likely to result in harm to Data Principals, we will notify the Data Protection Board of India and affected individuals as required under the DPDP Act.
We use cookies and similar technologies to improve your experience, remember preferences, and analyse platform usage. You may manage cookie preferences through your browser settings. Consent for non-essential cookies is obtained separately through our cookie consent mechanism.
We may update this Privacy Policy periodically to reflect changes in our practices or applicable law. When we make material changes, we will notify you via email or a prominent notice on our platform before the changes take effect, and obtain fresh consent where required.
The date of the latest update will always be displayed at the top of this page.
Med96 Healthcare Private Limited
Email: contact@med96.in
For escalated complaints unresolved within 30 days, you may approach the Data Protection Board of India at meity.gov.in