Welcome to www.aayushlabs.com (“AHL”, “We”, “Our”, “Us”). We value your privacy and are committed to protecting your personal information. This Privacy Policy (“Policy”) describes how we collect, use, share, and protect your information when you use our Website/App.
The terms “you” and “your” refer to the user of the Website/App. The term “Services” refers to any services offered by the Us whether on the Website/App or otherwise.
Please read this Policy before using the Website/App or submitting any personal information to us. This Policy is a part of and incorporated within, and is to be read along with, the Terms of Use.
1 DEFINITIONS (NEW)
1.1. “Digital Personal Data Protection Act 2023” (“DPDP Act”) – India’s primary privacy statute.
1.2. “Personal Data” – any data about an individual who is identifiable by or in relation to that data; includes “Sensitive Personal Data” such as health information and government IDs.
1.3. “Controller/Fiduciary” – AHL, which determines the purpose and means of processing personal data.
1.4. “Processor” – any vendor or partner that processes data on AHL’s behalf (e.g., cloud host, payment gateway, partner lab).
1.5. Partners
1.6. Select third parties (including Aayush Wellness Entities) with whom we have contracts for the businesses described in this Privacy Notice.
1.7. Service Providers
1.8. Includes entities to whom we or other Aayush Wellness Entities will disclose your Data in order to process information for a specific purpose pursuant to written contract.
2 YOUR CONSENT
By using the Website/App and the Services, you agree and consent to the collection, transfer, use, storage, disclosure and sharing of your information as described and collected by us in accordance with this Policy. If you do not agree with the Policy, please do not use or access the Website/App.
3 POLICY CHANGES
We may occasionally update this Policy and such changes will be posted on this page. If we make any significant changes to this Policy, we will endeavour to provide you with reasonable notice of such changes, such as via prominent notice on the Website/App or to your email address on record and where required by Website/Applicable law, we will obtain your consent. To the extent permitted under the Website/Applicable law, your continued use of our Services after we publish or send a notice about our changes to this Policy shall constitute your consent to the updated Policy.
4 LINKS TO OTHER WEBSITES
The Website/App may contain links to other websites. Any personal information about you collected whilst visiting such websites is not governed by this Policy. Company shall not be responsible for and has no control over the practices and content of any website accessed using the links contained on the Website/App. This Policy shall not Website/Apply to any information you may disclose to any of our service providers/service personnel which we do not require you to disclose to us or any of our service providers under this Policy.
5 INFORMATION WE COLLECT FROM YOU:
We will collect and process the following information about you:
5.1 Information you give us - This includes information submitted when you:
5.1.1 Create or update your account on the Website/App, which may include your name, email, phone number, you will be allowing us to pass through and receive from the SNS your log-in information and other user data; or
5.1.2 Any information you provide while interacting chats, or submitting feedback.
5.1.3 Use our Services, we may collect and store information about you to process your requests and automatically complete forms for future transactions, including (but not limited to) your phone number, address, email, billing information and credit or payment card information.
5.1.4 Correspond with the Company for customer support;
5.1.5 Participate in the interactive services offered by the Website/App such as discussion boards, promotions or surveys, other social media functions or make payments etc., or
5.1.6 Enable features that require the Company/Website/App access to your address book or calendar;
5.1.7 Report problems for troubleshooting.
5.1.8 If you sign up to use our Services as a merchant or partner, we may collect location details, copies of government identification documents and other details (KYC), call and SMS details.
5.1.9 Health‑specific data: When you order a diagnostic test we collect gender, age, clinical notes, diagnostic images, and resulting laboratory values, which are classified as “Sensitive Personal Data” under the DPDP Act and Section 43A of the IT Act 2000.
5.1.10 Child data: If you add a minor as a Dependent, you represent that you are the lawful parent/guardian and you give consent on the child’s behalf. We do not knowingly collect data directly from children under 18.
5.1.11 Cookies & similar tech: We use first‑party cookies, session storage and for authentication, analytics and push notifications. You can clear or block cookies in your browser; doing so may impair some features.
5.2 Information we collect about you : With regard to each of your visits to the Website/App, we will automatically collect and analyse the following demographic and other information:
5.2.1 When you communicate with us (via email, phone, through the Website/App or otherwise), we may maintain a record of your communication.
5.2.2 Depending on the Services that you use, and your Website/App settings or device permissions, we may collect your real time information, or Website/Approximate location information as determined through data such as GPS, IP address;
5.2.3 We collect information as to how you interact with our Services, preferences expressed and settings chosen. The Website/App includes the Company’s advertising services (“Ad Services”), which may collect user activity and browsing history within the Website/App and across third-party sites and online services, including those sites and services that include our ad pixels (“Pixels”), widgets, plug-ins, buttons, or related services or through the use of cookies. Our Ad Services collect browsing information including without limitation your Internet protocol (IP) address and location, your login information, browser type and version, date and time stamp, user agent, time zone setting, browser plug-in types and versions, operating system and platform, and other information about user activities on the Website/App, as well as on third party sites and services that have embedded our Pixels, widgets, plug-ins, buttons, or related services;
5.2.4 We collect transaction details related to your use of our Services, and information about your activity on the Services, including the full Uniform Resource Locators (URL), the type of Services you requested or provided, comments, domain names, search results selected, number of clicks, information and pages viewed and searched for, the order of those pages, length of your visit to our Services, the date and time you used the Services, amount charged, details regarding Website/Application of promotional code, methods used to browse away from the page and any phone number used to call our customer service number and other related transaction details;
5.2.5 The Website/App may also access metadata and other information associated with other files stored on your mobile device. If you permit the Website/App to access the address book on your device, we may collect names and contact information from your address book to facilitate social interactions through our services and for other purposes described in this Policy or at the time of consent or collection. If you permit the Website/App to access the calendar on your device, we collect calendar information such as event title and description, your response (Yes, No, Maybe), date and time, location and number of attendees.
5.3 Information we receive from other sources :
5.3.1 We may receive information about you from third parties, such as other users, partners (including ad partners, analytics providers, search information providers), or our affiliated companies or if you use any of the other websites/Website/Apps we operate or the other Services we provide. Users of our Ad Services and other third-parties may share information with us such as the device ID, or demographic or interest data, and information about content viewed or actions taken on a third-party website, online services or Website/Apps. For example, users of our Ad Services may also be able to share customer list information (e.g., email or phone number) with us to create customised audience segments for their ad campaigns.
5.3.2 Payment service providers may share transaction details for processing purposes.
5.3.3 Diagnostic Partner Labs: For referred tests we receive only the analysed results and quality‑control metadata; partner labs never get your payment data.
6 APP PERMISSIONS THAT WE CAPTURE:
We ask for the following app permissions while onboarding, in order to optimize the experience for you:
6.1.1 SMS : To support automatic OTP confirmation, so that you don't have to enter the authentication code manually.
6.1.2 Receive SMS: This helps us to send you payment related SMS by our payment partner JustPay.
6.1.3 Record Audio: To enable video consultations with doctors.
6.1.4 Bluetooth: Bluetooth is used to redirect to bluetooth headset during video consultations.
7 USES OF YOUR INFORMATION:
7.1 We use the information we collect for following purposes, including:
7.1.1 To create and manage your user account, if applicable;
7.1.2 To process transactions and withdrawals securely;
7.1.3 To verify user identity, prevent fraud, and comply with regulatory requirements;
7.1.4 To detect and prevent fraudulent activities or cheating;
7.1.5 To provide, personalise, maintain and improve our products and services, such as to enabled services, enable features to personalise your account;
7.1.6 To carry out our obligations arising from any contracts entered into between you and us and to provide you with the relevant information and services;
7.1.7 To administer and enhance the security of our Website/App and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
7.1.8 To provide you with information about services we consider similar to those that you are already using, or have enquired about, or may interest you. If you are a registered user, we will contact you by electronic means (e-mail or SMS or telephone) with information about these services;
7.1.9 To understand our users (what they do on our Services, what features they like, how they use them, etc.), improve the content and features of our Services (such as by personalising content to your interests), process and complete your transactions, make special offers, provide customer support, process and respond to your queries;
7.1.10 To generate and review reports and data about, and to conduct research on, our user base and Service usage patterns;
7.1.11 To allow you to participate in interactive features of our Services, if any; or
7.1.12 To measure or understand the effectiveness of advertising we serve to you and others, and advertising to you.
We may combine the information that we receive from third parties with the information you give to us and information we collect about you for the purposes set out above. Further, we may anonymize and/or de-identify information collected from you through the Services or via other means, including via the use of third-party web analytic tools. As a result, our use and disclosure of aggregated and/or de-identified information is not restricted by this Policy, and it may be used and disclosed to others without limitation.
We analyse the log files of our Website/App that may contain Internet Protocol (IP) addresses, browser type and language, Internet service provider (ISP), referring, Website/App crashes, page viewed and exit websites and Website/Applications, operating system, date/time stamp, and clickstream data. This helps us to administer the website, to learn about user behaviour on the site, to improve our product and services, and to gather demographic information about our user base as a whole.
We rely on (a) your consent, (b) performance of a contract (to deliver the test you bought), and (c) “legitimate use” grounds allowed under Section 7 of the DPDP Act to process your data.
Anonymised analytics: Aggregate, de‑identified lab trends may be used for epidemiology dashboards or AHL blog posts; such data cannot re‑identify you.
8 DISCLOSURE AND DISTRIBUTION OF YOUR INFORMATION:
We may share your information that we collect for following purposes:
8.1 With Service Providers: We may share your information with our vendors, consultants, marketing partners, research firms and other service providers or business partners, such as Payment processing companies, to support our business. For example, your information may be shared with outside vendors to send you emails and messages or push notifications to your devices in relation to our Services, to help us analyse and improve the use of our Services, to process and collect payments. We also may use vendors for other projects, such as conducting surveys for us.
8.2 With Accredited Partner Laboratories: Your name initial, age, gender, booking ID and clinical notes are shared over encrypted channels strictly to perform the ordered test. Each partner holds valid NABL or ISO 15189 accreditation and signs a Data Processing Agreement mirroring AHL security obligations.
8.3 With Other Users: If you are a partner, we may share your name, phone number and/or profile picture (if Website/Applicable), tracking details with other users to provide them the Services.
8.4 For Crime Prevention or Investigation: We may share this information with governmental agencies or other companies assisting us, when we are:
8.4.1 Obligated under the Website/Applicable laws or in good faith to respond to court orders and processes; or
8.4.2 Detecting and preventing against actual or potential occurrence of identity theft, fraud, abuse of Services and other illegal acts;
8.4.3 Responding to claims that an advertisement, posting or other content violates the intellectual property rights of a third party;
8.4.4 Under a duty to disclose or share your personal data in order to enforce our Terms of Use and other agreements, policies or to protect the rights, property, or safety of the Company, our customers, or others, or in the event of a claim or dispute relating to your use of our Services. This includes exchanging information with other companies and organisations for the purposes of fraud detection and credit risk reduction.
8.4.5 Corporate Re‑organisation: If AHL is involved in a merger, acquisition or asset sale, your data may transfer to the successor entity subject to the same or stronger privacy commitments.
8.4.6 We do not sell your personal data.
8.5 For Internal Use: We may share your information with any present or future member of our “Group” (as defined below)or affiliates for our internal business purposes The term “Group” means, with respect to any person, any entity that is controlled by such person, or any entity that controls such person, or any entity that is under common control with such person, whether directly or indirectly, or, in the case of a natural person, any Relative (as such term is defined in the Companies Act, 1956 and Companies Act, 2013 to the extent Website/Applicable) of such person.
8.6 With Advertisers and advertising networks: We may work with third parties such as network advertisers to serve advertisements on the Website/App and on third-party websites or other media (e.g., social networking platforms). These third parties may use cookies, JavaScript, web beacons (including clear GIFs), Flash LSOs and other tracking technologies to measure the effectiveness of their ads and to personalise advertising content to you.
8.7 AHL’ PARTNER LIST: “Our” Partner List includes a list of trusted advertising network companies with which “We” work directly or indirectly, and which may receive your personal data and further process according to their own rules. We encourage you to review the privacy policies of our partners to ensure that you understand their treatment of personal data that they may process. Please note that “we” may not directly work or share personal data with all of the companies listed below. From time to time, we may add partners to this list when we make new agreements with partners who are committed to protecting your personal data.
While you cannot opt out of advertising on the Website/App, you may opt out of much interest-based advertising on third party sites and through third party ad networks (including DoubleClick Ad Exchange, Facebook Audience Network and Google AdSense). Opting out means that you will no longer receive personalised ads by third parties ad networks from which you have opted out, which is based on your browsing information across multiple sites and online services. If you delete cookies or change devices, your opt out may no longer be effective.
a) To fulfil the purpose for which you provide it.
b) We may share your information other than as described in this Policy if we notify you and you consent to the sharing.
9 DATA RETENTION:
We retain personal data only as long as necessary for the purposes mentioned in this policy or as required by law. Laboratory reports are archived for a minimum of 3 years in compliance with NABL Clause 5.8. If you request deletion, we will remove your data unless legal obligations prevent us from doing so.
10 DATA SECURITY PRECAUTIONS:
We have in place Website/Appropriate technical and security measures to secure the information collected by us.
We use vault and tokenization services from third party service providers to protect the sensitive personal information provided by you. The third-party service providers with respect to our vault and tokenization services and our payment gateway and payment processing are compliant with the payment card industry standard (generally referred to as PCI compliant service providers). You are advised not to send your full credit/debit card details through unencrypted electronic platforms. Where we have given you (or where you have chosen) a username and password which enables you to access certain parts of the Website/App, you are responsible for keeping these details confidential. We ask you not to share your password with anyone.
Please be aware that the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted through the Website/App. Once we have received your information, we will use strict physical, electronic, and procedural safeguards to try to prevent unauthorised access.
All card payments are processed by PCI‑DSS v4.0 compliant gateways; AHL never stores full card numbers, CVV or PIN.
Our primary data centre is ISO 27001 certified Data is stored in shopify.
Breach notification: in the unlikely event of a data breach causing risk of harm, we will inform affected users and CERT‑In within 6 hours, per the 2022 CERT‑In Direction.
11 YOUR RIGHTS & CHOICES:
We respect your rights regarding your personal information. Depending on your location and Website/Applicable laws, you may have the following rights and choices concerning your data:
12 Rights Under GDPR (For Users in the European Economic Area - EEA):
12.1 Right to Access: You can request a copy of the personal data we hold about you.
12.2 Right to Rectification: If your information is incorrect or incomplete, you can request a correction.
12.3 Right to Erasure ("Right to be Forgotten"): You may request deletion of your data unless we are legally required to retain it.
12.4 Right to Restrict Processing: You can request that we limit how we use your data in certain circumstances.
12.5 Right to Data Portability: You can request to receive your data in a structured, commonly used, and machine-readable format for transfer to another service.
12.6 Right to Object: You may object to our processing of your data for direct marketing or legitimate interests.
12.7 Right to Withdraw Consent: If we rely on consent for processing your data, you can withdraw your consent at any time.
12.8 Right to Lodge a Complaint: If you believe your rights have been violated, you can file a complaint with your local data protection authority.
If you are located in the EEA, you have the following rights under the General Data Protection Regulation (GDPR):
To exercise these rights, please contact us at info@aayushlabs.com.
If you are located in the European Countries, you have the following rights:
a) You can access or request deletion of your personal information by submitting a request through the Contact Us link within our Website/Applications or directly send us an email to our support team at info@aayushlabs.com.
b) You can correct or update your personal information through the settings within our Website/Applications or directly send us an email to our support team at info@aayushlabs.com.
c) You may object to processing of your personal information
d) You may ask us to restrict processing of your personal information or
e) You may request portability of your personal information through the Contact Us link within any of our Website/Applications or directly send us an email to our support team at info@aayushlabs.com.
f) You can opt-in or opt-out of marketing communications we send you by following the instructions in “Opting in / Opt out of marketing communications from us” below.
g) If we have collected and processed your personal information with your consent, then you can withdraw your consent at any time by requesting this change through the Contact Us link within our Website/Applications or directly send us an email to our support team at info@aayushlabs.com. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
h) You have the right to complain to a data protection authority about our collection and use of your personal information by contacting your local data protection authority. For more information, please contact such authorities.
13 Rights Under CCPA (For California Residents):
If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):
13.1 Right to Know: You can request information about the categories of personal data we have collected, the sources of that data, the purpose of collection, and any third parties we share it with.
13.2 Right to Access: You can request a copy of the specific personal data we have about you.
13.3 Right to Deletion: You can ask us to delete your personal data unless an exception Website/Applies (e.g., compliance with legal obligations).
13.4 Right to Opt-Out of Sale of Data: We do not sell your personal data. However, if we ever engage in data sales, you will have the right to opt out.
13.5 Right to Non-Discrimination: We will not discriminate against you for exercising your rights (e.g., by denying services or charging different prices).
To make a CCPA request, please contact us at info@aayushlabs.com . You may also designate an authorized agent to make requests on your behalf.
14 Rights Under Indian Laws (For Indian Users):
If you are in India, your data protection rights are governed by the Digital Personal Data Protection Act, 2023 (DPDPA) and the Information Technology Act, 2000 (IT Act) and IT Rules. Under these laws, you have the following rights:
14.1 Right to Access: You have the right to request confirmation on whether we process your personal data and to access such data.
14.2 Right to Correction & Erasure: You can request correction, completion, updating, or erasure of your personal data if it is inaccurate, outdated, or no longer necessary.
14.3 Right to Grievance Redressal: If you have concerns about how we handle your data, you can file a complaint with us. If unsatisfied, you may escalate it to the Data Protection Board of India once the Board is operational.
14.4 Right to Consent Withdrawal: If we rely on consent for processing your data, you can withdraw it at any time. However, withdrawal will not affect prior processing activities conducted based on consent.
14.5 Right to Nominate a Representative: You can nominate another individual to exercise your rights on your behalf in case of incapacity.
14.6 Right to Restrict Processing (Limited Scope): You may request restrictions on processing in certain situations, especially for sensitive personal data.
To exercise your rights, please contact us at info@aayushlabs.com .
15 General Choices Available to All Users:
Regardless of your location, you can:
a) Manage Your Account Information: Edit or update your details in the Website/App.
b) Opt-Out of Marketing Communications: Unsubscribe from emails using the "unsubscribe" link or contact us.
c) Disable Location Access: Revoke access via your device settings.
d) Deactivate or Delete Your Account: Request account deletion by contacting our support team.
To exercise any of your rights, please contact us at info@aayushlabs.com, with:
a) Your full name and registered email address (to verify your identity).
b) The specific right you wish to exercise.
c) Any additional details necessary for processing your request.
We will process your request within 30 days, or as required by law. If we require additional time or clarification, we will notify you accordingly.
16 SEVERABILITY:
If any court or competent authority finds that any provision of this Privacy Notice (or part of any provision) is invalid, illegal or unenforceable, that provision or part-provision will, to the extent required, be deemed to be deleted, and the validity and enforceability of the other provisions of this Privacy Notice will not be affected.
17 GRIEVANCE OFFICER AND PLATFORM SECURITY:
If you have any queries relating to the processing or usage of information provided by you in connection with this Policy, please email us at info@aayushlabs.com.
If you come across any abuse or violation of the Policy, please report to at info@aayushlabs.com, or call our support team at +91 720 8745 332.
Further, please note that the Website/App stores your data with the cloud platform of shopify provided by Aayush wellness limited, which may store this data on their servers located outside of India. Shopify has security measures in place to protect the loss, misuse and alteration of the information.
