Data Protection Agreement

This Data Protection Agreement (“Agreement”) is entered into by and between KSHITI Ayurveda (“Company”, “we”, “us”, “our”), located in Coimbatore, Tamil Nadu, India, and all users (“Users”, “you”, “your”) of the website www.kshitiayurveda.com and all its subdomains (collectively, the “Website”).

By accessing or using the Website and/or our services, you agree to be bound by this Agreement. If you do not agree, you should discontinue use of the Website and our online services.

1. PURPOSE AND SCOPE

1. This Agreement governs the collection, processing, protection, and security of personal data obtained through the Website and its subdomains, including in connection with:

• Online doctor consultations (chat, audio, and video)
• Offline (in-person) doctor consultations
• Ayurveda treatments and procedures
• Prescription and dispensing of Ayurveda medicines
• Any other healthcare or support services provided via or supported by the Website.

1. The Company is committed to complying with applicable data protection laws, including but not limited to:

• The Information Technology Act, 2000 and related rules under Indian law; and
• Where applicable, the General Data Protection Regulation (GDPR) for users located in the European Union (EU) / European Economic Area (EEA).

1. This Agreement applies to all personal data collected from:

• Patients and prospective patients
• Visitors and users of the Website and its subdomains
• Any other individual whose data is processed via the Website and associated online services.

2. TYPES OF DATA COLLECTED

We may collect and process the following categories of data:

2.1 Personal Information

• Name, title, and contact details (email address, phone number)
• Postal address (residential/communication)
• Age/date of birth and gender
• Account information (usernames, login details, preferences)
• Any identification information you voluntarily provide (e.g., ID details, where needed for compliance or verification).

2.2 Medical and Health Information

In order to provide Ayurvedic healthcare services, we collect sensitive personal data, including but not limited to:

• Medical history and current health concerns
• Symptoms, diagnoses, and clinical assessments
• Prescriptions, treatment plans, and therapy details
• Past and current medications (Ayurveda and other systems, as disclosed)
• Lifestyle information relevant to Ayurveda (dietary habits, sleep, routine, stress, etc.)
• Consultation details and records (online chat logs, audio/video consultation notes, offline consultation notes, follow-up records)
• Uploaded or shared medical reports and documents.

2.3 Financial Information

• Payment-related information (such as transaction IDs, payment method, billing details) as processed through third-party payment gateways.
• We do not typically store full payment card details on our own systems; such data is handled by compliant payment providers in accordance with their policies.

2.4 Technical and Usage Data

• IP address, browser type, operating system, and device information
• Date, time, and duration of your visits
• Referring URLs, pages visited, and interaction with Website features
• Cookies and similar technologies used to enhance user experience and analyze Website usage (subject to your browser settings and consent, where legally required).

2.5 Communication Data

• Information contained in emails sent to hi@kshitiayurveda.com
• Data submitted via contact forms or chat interfaces on the Website
• Information you provide to us during communication via phone or messaging platforms (e.g., WhatsApp, in-app chat, etc.), where applicable.

3. DATA PROCESSING AND USAGE

1. Personal data is collected and processed solely for legitimate and clearly defined purposes, including:

• Providing Ayurveda healthcare services (online and offline consultations, treatments, and medicines)
• Scheduling and managing appointments and follow-ups
• Creating and maintaining your patient record and treatment history
• Communicating with you about appointments, prescriptions, recommendations, and health-related guidance
• Facilitating payments and billing
• Operating, maintaining, and improving the Website and its user experience
• Ensuring security, preventing fraud, and complying with legal obligations.

1. Legal bases for processing (depending on your jurisdiction) may include:

• Your consent, particularly for processing health-related/sensitive data and for certain online activities
• Performance of a contract, i.e., the provision of healthcare services you request
• Compliance with legal obligations, such as record-keeping requirements
• Legitimate interests, such as improving services, maintaining security, and responding to your inquiries, where these do not override your fundamental rights and freedoms.

1. We do not sell, trade, or rent your personal or medical data to third parties.
2. Data may be used in an anonymized or aggregated form (with no identification of individual users) for purposes such as analytics, service improvement, or research and statistics, in compliance with applicable law.

4. DATA RETENTION AND DELETION

1. We retain personal and medical data only for as long as necessary to:

• Provide our services to you
• Maintain accurate medical records for continuity of care
• Comply with legal, regulatory, or professional obligations (including healthcare record retention requirements)
• Resolve disputes and enforce our agreements.

1. When personal data is no longer required for the purposes described above, we will:

• Securely delete it, or
• Anonymize it so that it can no longer be used to identify you.

1. You may request deletion of your personal data by contacting us at hi@kshitiayurveda.com or by phone at +91 95978 51971. We will process such requests subject to:

• Verification of your identity, and
• Any overriding legal or regulatory obligations to retain specific data (especially medical records).

5. USER RIGHTS AND CONTROLS

Subject to applicable laws (including Indian law and, where relevant, GDPR for EU/EEA users), you may have the following rights:

1. Right of Access

• To obtain confirmation whether we process your personal data and, if so, to request a copy of such data in a clear format.

1. Right to Rectification (Correction)

• To request correction or updating of inaccurate or incomplete personal data.

1. Right to Erasure (Deletion)

• To request deletion of your personal data where:
• The data is no longer necessary for the purposes collected;
• You have withdrawn consent (where consent was the legal basis); or
• There is no overriding legitimate or legal reason to retain it.

1. Right to Withdraw Consent

• To withdraw consent at any time for processing based on consent. This will not affect the lawfulness of processing carried out before withdrawal.

1. Right to Restrict or Object to Processing

• In certain circumstances, to restrict or object to specific processing activities, especially non-essential or marketing-related processing.

1. Right to Lodge a Complaint

• You may file a complaint with the appropriate data protection or regulatory authority in your jurisdiction, if you believe your rights have been violated.

To exercise any of these rights, please contact us at:

• Email: hi@kshitiayurveda.com
• Phone: +91 95978 51971

We may ask for additional information to verify your identity before acting on your request.

6. DATA SECURITY MEASURES

1. We implement technical and organizational measures designed to protect your personal and medical data from unauthorized access, alteration, disclosure, or destruction, including, as appropriate:

• Secure servers and restricted access controls
• Password protection and role-based access for authorized personnel
• Use of secure protocols (such as HTTPS) for data transmission where applicable
• Regular review of security controls and operational procedures.

1. Access to medical and sensitive data is restricted to authorized healthcare professionals and staff who require such access to provide services and support.
2. In the event of a data breach that poses a risk to your rights and freedoms, we will take appropriate measures under applicable law, including notification to affected users and, where required, to relevant authorities.

7. THIRD-PARTY PROCESSORS

1. We may engage third-party service providers (“Processors”) to support our operations, including but not limited to:

• Website hosting and infrastructure services
• Communication tools (email/SMS gateways, chat systems, teleconsultation platforms)
• Payment gateways and billing services
• Analytics and performance monitoring tools.

1. These third-party providers process data only on our instructions and are bound by contractual obligations to:

• Use data solely for the specified purposes
• Implement adequate data protection and security measures
• Comply with applicable data protection laws.

1. Each third-party provider may have its own privacy policy and terms governing the use of its services. We encourage you to review such policies where relevant (for example, for payment gateways).
2. We are not responsible for independent data practices of third parties that you access directly, outside the scope of our Website or instructions (e.g., by leaving our Website to visit another site).

8. COMPLIANCE WITH GDPR (FOR EU/EEA USERS)

For users located in the European Union or European Economic Area, the following additional provisions apply in accordance with the General Data Protection Regulation (GDPR):

1. Data Controller

• For purposes of GDPR, KSHITI Ayurveda is the “data controller” with respect to your personal data processed via the Website.

1. Additional Rights Under GDPR
2. In addition to the rights described in Section 5, EU/EEA Users may have:

• Right to Data Portability: To receive personal data in a structured, commonly used, and machine-readable format and to request that we transmit such data to another controller, where technically feasible and legally required.
• Right to Restrict Processing: To request restriction of processing in certain cases, such as during verification of disputed accuracy or where processing is contested.
• Right not to be Subject to Automated Decision-Making: We do not typically rely on automated decision-making with legal or similarly significant effects. If we ever do, you will be informed and provided all rights required by law.

1. Supervisory Authority

• EU/EEA users may lodge a complaint with their local Data Protection Authority (DPA) if they believe their GDPR rights have been infringed.

9. COOKIES AND ONLINE TRACKING

1. Our Website and subdomains may use cookies and similar technologies to:

• Enable core Website functionality
• Remember your preferences and settings
• Improve Website performance and user experience
• Conduct analytics on Website usage (in aggregated or pseudonymized form).

1. You can configure your browser settings to refuse or delete cookies. However, disabling certain cookies may impact the functionality and performance of the Website.
2. Where required by law (e.g., for certain regions), we will seek your consent before using non-essential cookies.

10. CHILDREN’S DATA

1. Our services are generally directed towards adults. If Ayurvedic consultation is required for a child (as defined by local law), we expect that:

• A parent or legal guardian provides consent and participates in the process; and
• Data is provided and managed under their supervision and authorization.

1. We do not knowingly collect personal data from children without appropriate parental or guardian consent. If you believe a child’s data has been provided without such consent, please contact us so we can address the issue.

11. CHANGES TO THIS AGREEMENT

1. We may modify or update this Data Protection Agreement from time to time in order to:

• Reflect changes in our services or Website
• Comply with evolving legal or regulatory requirements
• Enhance our data protection and security practices.

1. When changes are made, we will update the “Effective Date” at the top of this Agreement and, where appropriate, provide notification on the Website or via other communication channels.
2. Your continued use of the Website and our services after such changes constitutes your acceptance of the updated Agreement. If you do not agree with the changes, you should stop using the Website and our online services.

12. GOVERNING LAW AND DISPUTE RESOLUTION

1. This Agreement is governed by and construed in accordance with the laws of India.
2. Any disputes arising out of or related to this Agreement, the Website, or our data processing practices shall be subject to the exclusive jurisdiction of the competent courts in Coimbatore, Tamil Nadu, India, unless otherwise mandated by applicable law.
3. For EU/EEA users, any rights and remedies under the GDPR and applicable EU law remain available in parallel.

13. CONTACT INFORMATION

For questions, requests, or concerns regarding this Data Protection Agreement or our data practices, you may contact us at:

KSHITI Ayurveda

Coimbatore, Tamil Nadu, India

• Phone: +91 95978 51971
• Email: hi@kshitiayurveda.com
• Website: www.kshitiayurveda.com