Aorta Laboratories

1. Scope & Applicability

This Privacy Policy applies to the use of our website and digital platforms operated by Aorta Laboratories Private Limited, including but not limited to domains operated or controlled by the Company.

The policy governs personal data collected from:

• Website visitors
• Registered users
• Buyers, sellers, and service users
• Business partners and stakeholders

This Privacy Policy is published in compliance with:

• The Information Technology Act, 2000
• The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
• Applicable guidelines, rules, and clarifications issued thereunder

2. Purpose of the Platform

Our website serves as a digital platform facilitating access to healthcare-related information, pharmaceutical products, and services offered by third-party sellers or partners, subject to applicable Terms of Use.

All relationships between users, sellers, and service providers are governed by the relevant contractual terms, including this Privacy Policy.

3. Information We Collect

3.1 Personal Information

“Personal Information” means any information that identifies or relates to an identifiable individual, directly or indirectly.

We may collect the following:

• Full name
• User ID or account credentials
• Email address
• Contact number
• Address and postal code
• Age and gender (where voluntarily provided)
• Login credentials
• Any other information voluntarily provided by the user

3.2 Sensitive Personal Data or Information (SPDI)

Sensitive Personal Data may include:

• Financial information (bank account, debit/credit card details)
• Passwords or authentication credentials
• Health or medical records (including prescriptions uploaded by users)
• Biometric or physiological data, if applicable

Information that is publicly available or accessible under the Right to Information Act, 2005, or other applicable law is not considered Sensitive Personal Data.

4. Information Usage & Purpose

Personal information is collected and used strictly for legitimate business purposes, including but not limited to:

• User registration and account management
• Processing transactions and service requests
• Billing and payment processing
• Customer support and grievance handling
• Website customization and system administration
• Improving platform functionality and service quality
• Communication regarding services, updates, or policy changes
• Compliance with legal, regulatory, or contractual obligations
• Enforcement of Terms of Use and dispute resolution

We do not collect personal data beyond what is necessary for lawful and stated purposes.

5. Cookies & Tracking Technologies

We may use cookies and similar technologies to:

• Improve website functionality
• Analyze usage trends
• Enhance user experience

Cookies may include:

• Session cookies (temporary, deleted after session ends)
• Persistent cookies (stored for a defined duration)

Cookies used by Aorta do not store personally identifiable information unless explicitly provided by the user.

Users may modify browser settings to manage or disable cookies; however, certain features may not function properly as a result.

6. Third-Party Advertising & Services

We may engage third-party service providers or advertising partners to support website operations or promotional activities. These third parties may collect anonymized usage data through lawful tracking technologies.

Aorta does not control third-party websites or services and is not responsible for their privacy practices. Users are encouraged to review third-party privacy policies independently.

7. Data Security Practices

Aorta implements reasonable security practices and procedures including administrative, technical, and physical safeguards to protect personal data against:

• Unauthorized access
• Disclosure
• Alteration
• Loss or destruction

While we follow industry-accepted standards, no system is entirely immune to risks inherent in internet-based data transmission. Users acknowledge and accept this limitation.

8. Data Disclosure & Transfer

Personal data may be shared:

• With authorized service providers strictly for service delivery
• Where required by law, regulation, or legal process
• To protect the rights, safety, or property of Aorta or users

All third parties receiving data are contractually obligated to maintain appropriate security standards.

9. User Responsibilities

Users are responsible for:

• Maintaining confidentiality of account credentials
• Ensuring accuracy and completeness of information provided
• All activities conducted through their account

Aorta reserves the right to suspend or terminate accounts where information is false, misleading, or violates applicable policies.

10. External Links Disclaimer

Our website may contain links to third-party websites. Aorta does not control or assume responsibility for the content, security, or privacy practices of such websites.

11. Policy Updates

Aorta may update this Privacy Policy periodically. Significant changes will be communicated via website notice or email, where applicable. Continued use of the website constitutes acceptance of the updated policy.

12. Grievance Redressal

In accordance with applicable law, Aorta has appointed a Grievance Officer to address complaints relating to data protection and privacy.

Grievances will be acknowledged and resolved within 30 days of receipt.

13. Contact & Communication

Aorta may communicate with users through:

• Email
• Website notifications
• Official announcements

Such communications are considered part of service delivery.