Privacy Policy

Company: Greynote Health Care
Location: Siliguri, West Bengal, India
Email: info@greynotehc.com
Phone: +91-7338457987

1. Introduction

Greynote Health Care (“we,” “us,” “our,” or “Company”) is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, store, and protect your personal data when you use our services, website, mobile applications, or interact with us in any capacity.

By using our services or providing us with your personal information, you consent to the practices described in this Privacy Policy.

Our Commitment: We respect your privacy rights and comply with applicable data protection laws in India, including the Information Technology Act, 2000, and its rules, as well as emerging data protection regulations.

2. Information We Collect

2.1 Personal Information:

We collect personal information that you voluntarily provide to us, including:

Account Information:

• Full name and contact details
• Email address and phone number
• Residential and shipping addresses
• Date of birth and age verification
• Gender (optional)

Payment Information:

• Credit/debit card details (processed securely through payment gateways)
• Bank account information (for refunds)
• UPI IDs and wallet information
• Billing addresses

Health-Related Information:

• Dietary preferences and restrictions
• Allergy information (when provided voluntarily)
• Health conditions (only when relevant to product safety)
• Prescription details (if applicable for certain products)

Order and Transaction Data:

• Purchase history and order details
• Product preferences and browsing behavior
• Reviews and feedback
• Customer service interactions

2.2 Automatically Collected Information:

When you use our services, we may automatically collect:

Technical Information:

• IP address and device identifiers
• Browser type and version
• Operating system information
• Device characteristics and settings

Usage Information:

• Pages visited and time spent on our platform
• Click patterns and navigation paths
• Search queries and product interactions
• Referral sources and exit pages

Location Information:

• Approximate location based on IP address
• Precise location (only with your explicit consent)
• Delivery location for order fulfillment

2.3 Information from Third Parties:

• Social media login information (if you choose to register via social platforms)
• Payment processor information for transaction verification
• Delivery partner information for order tracking
• Marketing partner data (with appropriate consent)

3. How We Use Your Information

3.1 Primary Purposes:

Service Provision:

• Processing and fulfilling your orders
• Providing customer support and assistance
• Maintaining your account and preferences
• Delivering products and services

Communication:

• Sending order confirmations and updates
• Providing customer service responses
• Sharing important service announcements
• Responding to your inquiries and requests

Safety and Compliance:

• Ensuring product safety based on your health information
• Complying with legal and regulatory requirements
• Preventing fraudulent activities
• Maintaining security of our systems

3.2 Secondary Purposes:

Improvement and Analytics:

• Analyzing usage patterns to improve our services
• Conducting market research and customer surveys
• Developing new products and features
• Optimizing website performance

Marketing (with consent):

• Sending promotional materials and offers
• Personalizing marketing communications
• Conducting targeted advertising campaigns
• Sharing information about new products

Legal Compliance:

• Meeting regulatory requirements for health product sales
• Responding to legal requests and court orders
• Protecting our rights and interests
• Investigating potential violations

4. Legal Basis for Processing

We process your personal information based on:

• Consent: When you explicitly agree to processing for specific purposes
• Contract: To fulfill our contractual obligations for product delivery
• Legal Obligation: To comply with applicable laws and regulations
• Legitimate Interest: For business operations, fraud prevention, and service improvement

5. Information Sharing and Disclosure

5.1 When We Share Information:

We may share your information with:

Service Providers:

• Payment processors (for secure transaction processing)
• Delivery partners (for order fulfillment)
• IT service providers (for platform maintenance)
• Customer service providers (for support functions)

Business Partners:

• Marketing partners (with your consent)
• Analytics providers (for service improvement)
• Product suppliers (for order fulfillment)

Legal Requirements:

• Law enforcement agencies (when legally required)
• Regulatory authorities (for compliance purposes)
• Courts and tribunals (in legal proceedings)
• Government agencies (as mandated by law)

5.2 What We Don’t Share:

• We never sell your personal information to third parties
• We don’t share health information without explicit consent
• We don’t provide customer lists to competitors
• We don’t share sensitive financial information beyond necessary processing

5.3 Data Transfer:

• Data is primarily stored and processed within India
• International transfers (if any) are conducted with appropriate safeguards
• We ensure adequate protection for any cross-border data transfers

6. Data Security Measures

6.1 Technical Safeguards:

• Industry-standard encryption for data transmission (SSL/TLS)
• Secure storage systems with access controls
• Regular security audits and vulnerability assessments
• Firewall protection and intrusion detection systems

6.2 Administrative Safeguards:

• Employee training on data protection practices
• Access controls based on job responsibilities
• Regular review of security policies and procedures
• Incident response plans for data breaches

6.3 Physical Safeguards:

• Secure facilities for data storage
• Limited physical access to servers and systems
• Environmental controls for equipment protection
• Surveillance systems for facility monitoring

6.4 Health Data Protection:

• Special encryption for sensitive health information
• Restricted access to health-related data
• Regular deletion of unnecessary health information
• Compliance with medical data protection standards

7. Data Retention

7.1 Retention Periods:

Account Information:

• Retained while your account is active
• Archived for 3 years after account closure for legal compliance
• Permanently deleted after retention period expires

Transaction Data:

• Maintained for 7 years for tax and accounting purposes
• Order history retained for warranty and return purposes
• Payment information deleted after successful transaction completion

Health Information:

• Retained only as long as necessary for product safety
• Deleted upon request unless required for legal compliance
• Anonymized for research purposes (with consent)

Marketing Data:

• Retained until you withdraw consent
• Automatically deleted after 2 years of inactivity
• Updated preferences applied immediately

7.2 Deletion Process:

• Data is securely deleted using industry-standard methods
• Backups are purged according to our backup retention schedule
• Third-party processors are notified of deletion requirements
• Certificates of destruction are maintained for audit purposes

8. Your Rights and Choices

8.1 Access Rights:

• Request copies of your personal information
• Understand how your data is being used
• Receive information about data sharing practices
• Get details about data retention periods

8.2 Correction and Updates:

• Update your account information at any time
• Correct inaccurate personal data
• Add or modify health and preference information
• Update communication preferences

8.3 Deletion Rights:

• Request deletion of your personal information
• Close your account and remove associated data
• Withdraw consent for data processing
• Request anonymization of retained data

8.4 Communication Preferences:

• Opt-out of marketing communications
• Choose preferred communication channels
• Set frequency preferences for promotional content
• Manage subscription settings

8.5 Data Portability:

• Request your data in a portable format
• Transfer data to another service provider
• Receive structured data exports
• Access historical transaction records

9. Cookies and Tracking Technologies

9.1 Types of Cookies:

Essential Cookies:

• Required for basic website functionality
• Enable secure login and payment processing
• Maintain shopping cart contents
• Remember your preferences

Performance Cookies:

• Analyze website usage and performance
• Identify popular content and features
• Optimize user experience
• Generate usage reports

Marketing Cookies:

• Deliver personalized advertisements
• Track effectiveness of marketing campaigns
• Provide relevant product recommendations
• Enable social media sharing features

9.2 Cookie Management:

• Configure cookie preferences through our cookie banner
• Use browser settings to block or delete cookies
• Opt-out of third-party advertising cookies
• Access cookie policy for detailed information

10. Children’s Privacy

10.1 Age Restrictions:

• Our services are intended for users 18 years and older
• We do not knowingly collect information from children under 18
• Parents/guardians must provide consent for minors’ use
• Special protections apply for health-related information of minors

10.2 Parental Controls:

• Parents can request access to their child’s information
• Deletion of minor’s data can be requested by parents
• Communication preferences can be managed by parents
• We provide guidance on age-appropriate product use

11. International Users

11.3 Data Processing Location:

• Primary data processing occurs in India
• Some services may involve international data transfers
• Adequate protection measures are implemented for international transfers
• Users are informed of cross-border data sharing

11.2 Compliance:

• We comply with Indian data protection laws
• International standards are followed for global users
• Privacy rights are respected regardless of user location
• Local law requirements are considered for international users

12. Updates and Notifications

12.1 Policy Changes:

We may update this Privacy Policy to reflect:

• Changes in our business practices
• Updates to applicable laws and regulations
• Introduction of new services or features
• Improvements to our privacy practices

12.2 Notification Methods:

• Email notifications to registered users
• Prominent notices on our website and mobile app
• In-app notifications for material changes
• SMS notifications for critical privacy updates

12.3 Consent for Changes:

• Continued use implies acceptance of minor changes
• Explicit consent required for material changes
• Option to withdraw consent and close account
• Grace period provided for reviewing significant changes

13. Third-Party Links and Services

13.1 External Links:

• Our website may contain links to third-party websites
• We are not responsible for third-party privacy practices
• Users should review privacy policies of external sites
• Third-party services have separate privacy terms

13.2 Social Media Integration:

• Social media plugins may collect information about your visit
• Social media companies have their own privacy policies
• Sharing on social platforms is subject to their terms
• We recommend reviewing social media privacy settings

14. Data Breach Response

14.1 Incident Response:

• Immediate containment and assessment of any security incident
• Notification to authorities within 72 hours (if required by law)
• User notification for high-risk breaches
• Remediation measures to prevent future incidents

14.2 User Protection:

• Credit monitoring services (if applicable)
• Password reset requirements
• Enhanced security measures
• Ongoing monitoring and support

15. Contact Information

For privacy-related questions, concerns, or requests:

15.1 General Privacy Inquiries:

Email: info@greynotehc.com
Phone: +91-7338457987
Address: Greynote Health Care, Siliguri, West Bengal, India
Business Hours: Monday to Saturday, 9:00 AM to 6:00 PM (IST)

15.2 Data Protection Officer:

Email: info@greynotehc.com
Phone: +91-7338457987
Response Time: Within 30 days of receiving your request

15.3 Rights Requests:

To exercise your privacy rights, please:

• Send detailed requests to info@greynotehc.com
• Include proper identification for security purposes
• Specify the exact nature of your request
• Allow up to 30 days for processing

16. Legal Framework

16.1 Applicable Laws:

This Privacy Policy complies with:

• Information Technology Act, 2000 and IT Rules, 2011
• Consumer Protection Act, 2019
• Indian Contract Act, 1872
• Any applicable state laws in West Bengal

16.2 Dispute Resolution:

• Contact us first for informal resolution
• Complaints can be filed with appropriate authorities
• Legal disputes subject to jurisdiction of Siliguri/Kolkata courts
• Alternative dispute resolution mechanisms available

17. Acknowledgment

By using our services, you acknowledge that:

• You have read and understood this Privacy Policy
• You consent to the collection and use of your information as described
• You understand your rights regarding your personal data
• You agree to receive communications as outlined in this policy

---

IMPORTANT NOTICE: Your privacy is important to us. This Privacy Policy is designed to help you understand how we handle your personal information. If you have questions or concerns, please contact us at info@greynotehc.com or +91-7338457987.