AURAPHA — PRIVACY POLICY

This Privacy Policy describes Our policies and procedures on the collection, use and disclosure of Your information when You use the Service and tells You about Your privacy rights and how the law protects You.

This Privacy Policy is governed by and compliant with the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

We use your personal data to provide and improve our Service. Personal Data is processed either on the basis of your consent or for legitimate uses as permitted under the Digital Personal Data Protection Act, 2023. Where consent is required, it is obtained in a free, specific, informed, unconditional, and unambiguous manner.. The Company may modify the Website or these Terms at any time without notice; you are advised to review them periodically.

“Personal Data” means any information that can identify you, directly or indirectly, including name, address, email, or phone number. Some features may be unavailable if you choose not to provide certain Personal Data. All personal data you provide will be handled according to this Privacy Policy

Minors

AuraPHA does not knowingly process Personal Data of any individual below the age of 18 years (“Child”) without obtaining verifiable consent from the child’s parent or lawful guardian, in accordance with the Digital Personal Data Protection Act, 2023.

Where processing of a Child’s Personal Data is necessary, AuraPHA shall obtain such verifiable parental or guardian consent through appropriate mechanisms as prescribed under applicable law.

Parents or lawful guardians have the right to access, correct, withdraw consent for, or request erasure of the Child’s Personal Data, subject to applicable legal or regulatory retention requirements.

If AuraPHA becomes aware that Personal Data of a Child has been collected without verifiable parental or guardian consent, such data shall be deleted within a reasonable period, unless retention is required under law.

Children should not submit any Personal Data on this website without the consent of their parent or lawful guardian.

Identity and Contact Details of the Data Controller

The data controller is AuraPHA, 203, Millenium Plaza, Sakinaka, Opp. Star Industrial Estate, Andheri East, Mumbai, Maharashtra – 400072. You may contact the data controller by mail or email info@aurapha.com.

The personal information we collect from you when you visit our website

On this website, we may request Personal Data about you. Examples of Personal Data that we may collect that directly identifies you includes your name, contact information, email address, and other information in combination with these identifiers. We may also collect certain Personal Data that does not directly identify you by name, but could be used to identify that a specific computer or device has accessed our website, activity data.

Personal Data relating to health, adverse events, or safety information collected in connection with AuraPHA’s pharmaceutical products (“Pharmacovigilance Data”) is processed to comply with statutory and regulatory obligations, including obligations under the Drugs and Cosmetics Act, 1940, applicable pharmacovigilance guidelines, and other healthcare regulations.

Such processing is carried out as a legal obligation and public interest in public health, and not on the basis of consent under the Digital Personal Data Protection Act, 2023.

.

Use personal information – We use personal information for the purposes described below, or as otherwise described at the time of collection:

Responding to Requests or Inquiries – We use the information you provide to respond to your requests — including medical inquiries, product questions, account registration, or newsletter subscriptions. Based on your request, we may collect your contact details, preferences, and any information you choose to share. We process this data under our legitimate usesto assist you, and if your request involves sensitive personal data, we do so only with your explicit consent.

Provide our Services – We use personal information to operate and provide our Services, including account registration and access to scientific and pharmaceutical information. If a contract exists, we use your data to fulfill our contractual obligations.

Communicate with you about our Services – It is in our legitimate business interests to use personal information to respond to your requests, provide support, and communicate with you about our Services, including by sending announcements, updates, security alerts and support and administrative messages.

Personalizing Your Experience – We may collect information about your preferences and past interactions to understand your interests and serve you better. This may include your contact and product preferences, language choices, marketing preferences, and demographic details. When collected automatically, this data is processed under our legitimate business interests; otherwise, it is processed based on your consent.

Website Analytics and Tracking – Where permitted by law, we may combine your Personal Data with information from our website, resources, or offline records. Cookie data may be transferred internationally per our Global Data Transfer policy. Non-essential cookies require your consent under Indian law. Automatically collected data is processed for legitimate business interests; all other data is processed with your consent.  AuraPHA maintains records of cookie consent in accordance with applicable law.

Tracking and Monitoring Adverse Events and Pharmacovigilance – Certain sections of our website may collect Personal Data related to adverse events for pharmacovigilance purposes. This information is essential for public health and is used to detect, assess, and prevent adverse events or other medicine-related issues.

To Run and Maintain our website – We automatically collect information such as your IP address, location, and accessed resources to operate, maintain, and secure our website, network systems, and other assets as part of our legitimate business interests.

Compliance and protection – We may use personal information to comply with legal obligations or protect our rights and interests, including safeguarding safety and property, auditing compliance, enforcing Terms of Service, preventing fraud or cyberattacks, and responding to lawful requests. Processing is based on legal requirements or our legitimate business interests.

Cookies and Other Web Trackers –

Cookies are small text files placed on your device when you visit a website. AuraPHA uses cookies and similar technologies to operate, secure, and improve its website and services.

AuraPHA uses the following categories of cookies:

(a) Essential Cookies – These cookies are strictly necessary for the functioning of the website and enable core features such as security, network management, and accessibility. Essential cookies do not require consent under applicable law.

(b) Non-Essential Cookies – These cookies are used for purposes such as analytics, performance measurement, personalisation, and marketing. AuraPHA uses non-essential cookies only with your clear and affirmative consent, as required under applicable Indian law.

When you first visit our website, you will be presented with a cookie banner that allows you to accept or reject non-essential cookies or to manage your cookie preferences. The cookie banner provides granular choices, enabling you to consent separately to different categories of non-essential cookies.

You may withdraw or modify your cookie consent at any time by accessing the “Cookie Settings” option available on the website footer or through your browser settings.

Our website may also collect basic technical and usage information (such as device type, browser information, IP address, and pages accessed) that does not directly identify you. Such information is collected automatically for the purposes of operating, securing, and improving the website and is processed as a legitimate use under the Digital Personal Data Protection Act, 2023.

You may choose to accept or decline non-essential cookies. Please note that declining non-essential cookies may affect certain website features or functionality. You may also manage or disable cookies through your browser settings. In addition to browser controls, you may manage your preferences for non-essential cookies through our cookie banner or Cookie Settings tool. Please note that disabling essential cookies may impact website functionality

Use of Data for Marketing – We do not sell or share your Personal Data with non-affiliated entities for direct marketing without your explicit consent. We may send you marketing communications about products or services that may interest you, either based on your consent or, where permitted by law, our legitimate business interests. We also work with advertising partners, including third-party and social media companies, who may use cookies or similar technologies to serve relevant ads. Where required by law, such advertising will only occur with your consent.

Information Sharing / Recipients of Personal Data

We may share your Personal Data with AuraPHA’s global affiliates, who will use it for the same purposes as us. We may also share it with third parties, including service providers, regulators, governments, law enforcement, advisors, and auditors, for purposes such as:

• Supporting business transactions;
• Maintaining our websites and platforms;
• Facilitating mergers, reorganizations, or financial arrangements;
• Complying with legal or regulatory requests;
• Conducting audits or addressing complaints or security threats.

International Transfers of Your Personal Data – For Indian data principals, cross-border transfers are carried out in accordance with Section 16 of the DPDPA 2023 and any country restrictions notified by the Government of India..

If your Personal Data is covered by the GDPR: Under the Digital Personal Data Protection Act, 2023 and IT Act, 2000, personal data may be transferred outside India in compliance with Section 16 of the DPDPA 2023 and applicable safeguards (e.g., Standard Contractual Clauses, UK IDTA, or DPDPA framework). AuraPHA ensures international recipients maintain adequate data protection. Personal data is never sold or traded; sharing occurs only for legitimate business, regulatory, or operational purposes.

Links to Other Websites – Our Service may include links to third-party websites. We are not responsible for their content, privacy policies, or practices. We recommend reviewing the privacy policy of any site you visit.

Retention / Storage Period of Your Personal Data –

AuraPHA retains Personal Data only for as long as necessary to fulfil the purposes for which it was collected and processed, in accordance with applicable laws, regulatory requirements, and internal retention policies. Retention periods vary depending on the nature and purpose of the data, as described below:

• Contact Queries and General Enquiries:Personal Data collected through contact forms, emails, or enquiries is retained for the period necessary to respond to the request and for a reasonable follow-up period thereafter, unless a longer retention period is required for record-keeping or legal purposes.
• Account Registration and Access to Services:Personal Data relating to registered users is retained for the duration of the user’s account and for a reasonable period thereafter to address account closure, dispute resolution, or compliance obligations.
• Marketing and Communications:Personal Data used for marketing communications is retained until you withdraw your consent or opt out, or until such data is no longer required for the relevant marketing purpose, whichever is earlier.
• Health-Related and Pharmacovigilance Data:Personal Data collected for adverse event reporting, safety monitoring, or pharmacovigilance purposes is retained for the period mandated under applicable laws and regulations, including the Drugs and Cosmetics Act, 1940, related rules, and pharmacovigilance guidelines.
• Website Analytics and Technical Data:Technical and usage data collected through cookies or similar technologies is retained for limited periods necessary to operate, secure, and improve the website, unless longer retention is required for security, audit, or compliance purposes.

Notwithstanding anything contained in this Privacy Policy, Personal Data that is required to be retained under applicable law, regulatory obligations, or for the establishment, exercise, or defence of legal claims shall be preserved for such mandated period, even if the data principal withdraws consent or requests deletion.

Your Rights

Under data privacy laws, you have:

• Right to access information
• Right to correction and erasure
• Right to withdraw consent
• Right to grievance redressal
• Right to nominate
• Restrict or object to processing;
• Data portability” (“where technically feasible and required by law”)

To exercise your rights, contact us as described in the ‘Contact Us’ section. Note: erasure or restriction applies only if processing is based on consent or legitimate uses as permitted under Section 7 of the Digital Personal Data Protection Act, 2023. Withdrawal of consent does not affect the lawfulness of prior processing. We may retain a copy of your data for record-keeping and to prevent re-entry into our systems

Data Security –

AuraPHA implements reasonable security practices and procedures to protect Personal Data against unauthorised access, disclosure, alteration, or destruction, in accordance with applicable law, including the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023.

While no system of transmission or storage is completely secure, AuraPHA regularly reviews, monitors, and enhances its technical, administrative, and organisational safeguards to address evolving security risks.

Data processors and service providers engaged by AuraPHA are required to implement appropriate security measures consistent with this Privacy Policy and applicable legal requirements.

AuraPHA limits access to Personal Data to authorised personnel on a need-to-know basis and conducts periodic security assessments.

Notification of Breach –

AuraPHA maintains procedures to detect, report, and respond to personal data breaches in accordance with applicable law.

In the event of a personal data breach, AuraPHA shall:

• Notify the Indian Computer Emergency Response Team (CERT-In) and any other competent authority within the timelines and in the manner prescribed under applicable law, where such notification is required;
• Notify affected Data Principals, where the breach is likely to cause harm or where notification is otherwise required under the Digital Personal Data Protection Act, 2023 or directions issued thereunder;
• Take appropriate remedial measures to contain, investigate, and mitigate the effects of the breach.

Where AuraPHA engages data processors, such processors are contractually required to notify AuraPHA without undue delay upon becoming aware of a personal data breach and to provide all information reasonably required to enable AuraPHA to comply with its legal obligations.

Updates to This Privacy Notice – From time to time, we may revise this Privacy Notice. Any such changes to this Privacy Notice will be reflected on this page. AuraPHA recommends that you review this Privacy Notice regularly for any changes. The date on which this notice was last revised is located at the top of this notice

Contact Us 

Grievance Officer

In accordance with the Information Technology Act, 2000, the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (to the extent applicable), and the Digital Personal Data Protection Act, 2023, AuraPHA has appointed a Grievance Officer to address grievances and complaints relating to the processing of Personal Data.

Grievance Officer Details:

• Name:Ashish Vadgama
• Designation:Executive Director
• Email:grievances@aurapha.com

The Grievance Officer shall acknowledge receipt of a grievance within seven (7) days and shall endeavour to resolve the grievance within thirty (30) days from the date of receipt, in accordance with applicable law.

If a Data Principal is not satisfied with the response received, or if the grievance is not resolved within the prescribed timeline, the Data Principal shall have the right to escalate the grievance to the Data Protection Board of India, in the manner prescribed under the Digital Personal Data Protection Act, 2023.  AuraPHA maintains records of grievances and actions taken, as required under applicable law.