Privacy Policy – DrMediCart

Effective Date: 03-Sep-2025

DrMediCart ("we", "our", "us") respects your privacy. This Privacy Policy explains what personal data we collect, why we collect it, how it is used and shared, and the choices and rights available to you. By accessing or using DrMediCart.com (the "Site") or purchasing from us, you agree to this Policy.

If you have questions or wish to exercise your rights, contact us at support@drmedicart.com.

1. Who We Are & Scope

Data Controller: DrMediCart, Tamil Nadu, India.

This Policy applies to the Site, checkout and payment flows, user accounts, marketing communications, customer support interactions (email/chat), and related services.

Important: We do not request or process medical records or sensitive health data. Please do not submit such information in free-text fields.

2. Information We Collect

We collect only information necessary to operate and improve our services.

A. Device & Usage Data

• IP address and approximate location (city/region)
• Browser type, operating system, device identifiers
• Cookies and similar technologies
• Pages viewed, session timestamps, referrer/UTM data
• Security and fraud-prevention signals

B. Order & Account Data

• Name, email address, phone number
• Billing and shipping addresses
• Order details, invoice value, transaction status
• Payment details are processed securely by payment gateways (e.g., PayPal, Stripe, Razorpay) and are not stored by us

C. Communications

• Emails, chats, and support tickets
• Reviews, ratings, and survey responses
• Evidence you provide for claims (photos/videos)

D. Marketing Preferences

• Newsletter subscriptions and opt-out status
• Cookie and advertising preferences

E. Third-Party Sources

• Payment processors (transaction confirmation)
• Shipping carriers (tracking and delivery updates)
• Analytics and advertising partners

3. Why We Use Your Data (Legal Bases)

• Contractual necessity: to process orders, deliver products, provide support, manage returns, and maintain accounts.
• Legitimate interests: site security, fraud prevention, analytics, service improvement, and limited direct marketing to existing customers where permitted.
• Consent: newsletters, optional cookies, advertising, surveys.
• Legal obligation: tax, accounting, regulatory compliance, sanctions and export-control checks.

4. How We Share Information

We do not sell your personal information. We share data only as necessary with:

• Service providers under contract: payment processors, shipping partners, email/CRM tools, hosting providers, analytics and advertising platforms, and fraud-prevention services.
• Authorities or regulators when required by law or to protect rights, safety, or the public.
• Business transfers: mergers, acquisitions, or asset sales. Successors remain bound by this Policy.

California (CPRA): We do not "sell" personal information for monetary value. We may "share" limited identifiers with advertising partners for cross-context behavioral advertising only with your consent. You may opt out at any time (see Section 9).

5. Cookies & Tracking Technologies

• Strictly necessary cookies – required for checkout, login, and security
• Performance/analytics cookies – improve Site functionality
• Advertising cookies – personalize and measure ads

Manage preferences via our cookie banner or browser settings. Disabling cookies may affect certain features. See our Cookie Policy for details.

6. International Data Transfers

Your data may be processed in India and other countries where our service providers operate. We apply appropriate safeguards, including Standard Contractual Clauses and vendor due-diligence, to protect your data.

7. Data Retention

• Orders and invoices: up to 7 years (tax/regulatory)
• Accounts and support records: active period + up to 3 years
• Analytics and device logs: 12–24 months
• Marketing data: until consent is withdrawn

Data is securely deleted or anonymized after retention periods, unless required longer by law or for dispute resolution.

8. Security

We use administrative, technical, and organizational safeguards, including TLS encryption, access controls, least-privilege principles, audit logs, and vendor security reviews. No system is 100% secure; if a data breach poses risk, we will notify affected users and authorities as required by law.

9. Your Rights & Choices

Your rights depend on your location and applicable law:

• EEA/UK (GDPR): access, rectification, erasure, restriction, portability, objection, and withdrawal of consent.
• India (DPDP Act): access, correction, erasure, grievance redressal, and withdrawal of consent where applicable.
• United States: access, delete, correct, opt-out of sale/share/targeted ads, and non-discrimination.

To exercise rights, email support@drmedicart.com from your registered email. Identity verification may be required. Advertising preferences can be managed via the cookie banner or platform tools (e.g., Google Ad Settings, Meta Preferences).

Do Not Track: We do not currently respond to browser DNT signals.

10. Children's Privacy

The Site is not intended for children under 13 (or under 16 in certain jurisdictions). We do not knowingly collect personal data from children. If such data is identified, it will be deleted.

11. Automated Decision-Making

We do not engage in automated decision-making that produces legal or similarly significant effects. Fraud-risk indicators may be used to flag transactions for manual review.

12. Complaints & Disputes

Please contact us first at support@drmedicart.com. EEA/UK users may also lodge complaints with their local data protection authority.

13. Governing Law & Jurisdiction

This Policy is governed by the laws of Tamil Nadu, India. Exclusive jurisdiction lies with the courts of Coimbatore, Tamil Nadu.

14. Changes to This Policy

We may update this Policy to reflect changes in services, laws, or best practices. The latest version published on the Site applies to future use. Material changes will be highlighted on the Site or via email.

This Privacy Policy is designed to be transparent, firm, and compliant while preserving your statutory rights. Where local laws provide stronger protections, those laws prevail.