P-Care Logo
Cart

Privacy Policy - P-Care Pharma & Eclinic

Last updated: September 8, 2025

1. INTRODUCTION

P-Care Pharma & Eclinic ("we," "our," or "us") is committed to protecting your privacy and ensuring the security of your personal and medical information. This Privacy Policy explains how we collect, use, store, and protect your data when you use our online pharmacy and telemedicine services.

2. INFORMATION WE COLLECT

2.1 Personal Information

  • Name, age, gender, and contact details
  • Identity verification documents (Aadhaar, PAN, etc.)
  • Address and delivery location information
  • Emergency contact details

2.2 Medical Information

  • Prescription details and medical history
  • Consultation records and treatment information
  • Health conditions and medication allergies
  • Diagnostic reports and lab results

2.3 Payment Information

  • Credit/debit card details (securely encrypted)
  • UPI IDs and digital wallet information
  • Transaction history and billing information
  • Refund and payment preference details

2.4 Technical Information

  • Device information and browser type
  • IP address and location data
  • App usage patterns and preferences
  • Login times and session duration

2.5 Communication Data

  • Chat transcripts with healthcare providers
  • Customer service interaction records
  • Email communications and preferences
  • SMS and notification records

3. HOW WE USE YOUR INFORMATION

3.1 Service Provision

  • Processing and fulfilling medicine orders
  • Facilitating online medical consultations
  • Prescription verification and medicine dispensing
  • Delivery scheduling and coordination

3.2 Healthcare Enhancement

  • Maintaining comprehensive medical records
  • Drug interaction and allergy checking
  • Treatment adherence monitoring
  • Healthcare provider coordination

3.3 Legal and Regulatory Compliance

  • Meeting CDSCO and regulatory requirements
  • Pharmacovigilance and adverse event reporting
  • Audit trail maintenance for regulatory inspections
  • Compliance with telemedicine guidelines

3.4 Customer Support

  • Resolving queries and complaints
  • Providing technical assistance
  • Processing returns and refunds
  • Account security maintenance

3.5 Business Operations

  • Fraud prevention and security monitoring
  • Service improvement and analytics
  • Marketing communications (with consent)
  • Research and development activities

4. LEGAL BASIS FOR PROCESSING

We process your personal data based on:

  • Consent: For marketing communications and optional services
  • Contract: For order fulfillment and service delivery
  • Legal Obligation: For regulatory compliance and reporting
  • Vital Interests: For emergency medical situations
  • Legitimate Interest: For fraud prevention and business operations

5. DATA SHARING AND DISCLOSURE

5.1 Healthcare Providers

Medical information shared with:

  • Consulting doctors for telemedicine services
  • Licensed pharmacists for prescription verification
  • Specialist healthcare providers as required
  • Emergency medical services when necessary

5.2 Service Partners

Limited data shared with:

  • Payment processors for transaction completion
  • Logistics partners for medicine delivery
  • Technology providers for platform maintenance
  • Customer service providers for support

5.3 Regulatory Authorities

Information disclosed to:

  • CDSCO for compliance verification
  • State drug controllers for licensing requirements
  • Law enforcement agencies when legally required
  • Courts and tribunals under legal orders

5.4 Data Protection Measures

  • All third parties bound by strict confidentiality agreements
  • Minimal data sharing principle followed
  • Regular security audits of partner systems
  • Immediate notification of any data breach

6. DATA STORAGE AND SECURITY

6.1 Data Localization

  • All personal data stored within India as per regulatory requirements
  • No transfer of health data outside Indian borders
  • Local backup and disaster recovery systems
  • Compliance with data sovereignty laws

6.2 Security Measures

  • ISO/IEC 27001:2022 certified security practices
  • End-to-end encryption for sensitive data
  • Multi-factor authentication for access
  • Regular security vulnerability assessments

6.3 Access Controls

  • Role-based access to personal information
  • Regular access audits and monitoring
  • Secure disposal of physical documents
  • Digital forensics for security incidents

6.4 Retention Periods

  • Medical records: Minimum 7 years as per legal requirements
  • Transaction data: 5 years for financial compliance
  • Communication logs: 3 years for dispute resolution
  • Marketing data: Until consent withdrawal

7. YOUR PRIVACY RIGHTS

7.1 Access Rights

  • View all personal data we hold about you
  • Request copies of medical records
  • Access transaction and communication history
  • Review data sharing and processing activities

7.2 Correction and Updates

  • Correct inaccurate personal information
  • Update contact and delivery details
  • Modify communication preferences
  • Rectify medical information errors

7.3 Deletion Rights

  • Request deletion of non-essential personal data
  • Remove marketing communication consent
  • Close account and delete associated data
  • Note: Medical records retained as per legal requirements

7.4 Consent Management

  • Withdraw consent for marketing communications
  • Opt-out of non-essential data processing
  • Manage cookie and tracking preferences
  • Control third-party data sharing

8. COOKIES AND TRACKING

8.1 Cookie Usage

  • Essential cookies for platform functionality
  • Analytics cookies for service improvement
  • Personalization cookies for better experience
  • Marketing cookies (with explicit consent)

8.2 Tracking Technologies

  • Web beacons for email open tracking
  • Session recording for user experience improvement
  • Location tracking for delivery services
  • Device fingerprinting for fraud prevention

8.3 Cookie Management

  • Cookie consent banner for user choice
  • Cookie preference center for granular control
  • Regular cookie audit and updates
  • Easy opt-out mechanisms provided

9. CHILDREN'S PRIVACY

9.1 Age Restrictions

  • Services primarily intended for users 18+ years
  • Parental consent required for minors
  • Special protection for children's health data
  • Limited data collection for pediatric services

9.2 Parental Controls

  • Parents can access child's medical information
  • Consent management for family accounts
  • Enhanced security for minor's data
  • Regular review of children's data processing

10. DATA BREACH NOTIFICATION

10.1 Breach Response Protocol

  • Immediate containment and investigation
  • Risk assessment and impact analysis
  • Regulatory notification within 72 hours
  • User notification for high-risk breaches

10.2 User Notification

  • Clear explanation of breach details
  • Steps taken to mitigate risks
  • Recommendations for user protection
  • Contact information for further queries

11. INTERNATIONAL DATA TRANSFERS

As per Indian regulations, we do not transfer personal data outside India. All data processing occurs within Indian borders with local service providers.

12. THIRD-PARTY INTEGRATIONS

12.1 Payment Gateways

  • Secure payment processing partners
  • PCI DSS compliant systems only
  • No storage of full payment card details
  • Tokenization for recurring payments

12.2 Healthcare Integrations

  • Integration with diagnostic laboratories
  • Hospital management systems connectivity
  • Insurance claim processing systems
  • Government health databases (where applicable)

13. MARKETING COMMUNICATIONS

13.1 Consent-Based Marketing

  • Explicit opt-in for promotional emails
  • SMS marketing with prior consent
  • WhatsApp communications (where permitted)
  • Personalized health tips and reminders

13.2 Unsubscribe Options

  • Easy one-click unsubscribe links
  • Granular preference management
  • Immediate processing of opt-out requests
  • Confirmation of successful unsubscription

14. PRIVACY POLICY UPDATES

14.1 Amendment Process

  • Regular review and updates as needed
  • Notification of material changes to users
  • Continued use implies acceptance of updates
  • Historical versions maintained for reference

14.2 User Notification Methods

  • Email notifications to registered users
  • In-app notifications for significant changes
  • Website banner for important updates
  • SMS alerts for critical privacy changes

15. GRIEVANCE REDRESSAL

15.1 Privacy Officer Contact

15.2 Complaint Resolution Process

  • Acknowledgment within 24 hours
  • Investigation and response within 7 days
  • Escalation to senior management if needed
  • External regulatory complaint options provided

16. REGULATORY COMPLIANCE

This Privacy Policy complies with:

  • Personal Data Protection Act (when enacted)
  • Information Technology Act, 2000 and Rules
  • Drugs and Cosmetics Act, 1940
  • Telemedicine Practice Guidelines, 2020
  • Consumer Protection Act, 2019

This Privacy Policy is reviewed annually and updated as necessary to reflect changes in our practices and applicable laws.