CoreMedix (“Company,” “we,” “us” or “our”) is the owner of, operates and manages, the www.CoreMedix.pro website and the mobile application CoreMedix (collectively, the “Site”), which provides an online cloud-based platform for facilitating retail pharmacies in India (“user,” “users,” “you” or “your”) to procure pharmaceutical products, inventory management including QR codes scanning, lot tracking, expiration date tracking, automating purchase orders, and a wide array of customer management solutions (“Services”) on the Site.

This Privacy Policy (or “Policy”) explains the types of information we collect when you access and use the Site. It also covers the purpose, methods, and sharing of such information, along with your rights regarding your personal data and sensitive information. You may withdraw your consent for the collection and use of your personal data at any time. However, withdrawing consent may limit our ability to provide certain services to you. Withdrawal does not affect processing that has already occurred.

We are committed to protecting your privacy. Please note, this policy does not apply to the practices of third parties not owned or controlled by us, including those you interact with on or through the Site.

By using our Site, you acknowledge that you have read, understood, and agreed to the terms outlined in this Privacy Policy. You consent to the collection, use, sharing, and disclosure of your information as described herein. We may modify this Privacy Policy at our discretion, and by continuing to use the Site, you accept any changes made. If you disagree with this Privacy Policy, do not use the Site or provide us with any information.

If you are using the Site or Services on behalf of another individual or entity, you confirm that you have the authority to accept this Privacy Policy on their behalf and consent to the collection and use of their information as described in this Policy.

This Privacy Policy governs your use of the Site and the Services. It does not apply to third-party companies or individuals you may interact with through the Site. We encourage you to read their privacy policies to understand how they handle your personal information.

We reserve the right to modify, update, or change this Privacy Policy at any time. We will post the revised version of the Privacy Policy on the Site. You are encouraged to review this page periodically for any updates or changes. If you continue to use the Site after any changes, you will be deemed to have accepted those modifications.

Information Collected

Voluntary Information

We collect personal information that you voluntarily provide to us when:

• You register on the Site.
• You express an interest in obtaining information about our products or Services.
• You participate in activities on the Site.
• You contact us directly.

The personal information we may collect includes:

• Name, password, contact details (e.g., mobile number, mailing address, email).
• Location, date of birth, and geographical information.
• Apple ID and gender.
• Identity documents like PAN card, Aadhaar card, election card, driving license.
• GST number, drug license, and pharmacist registration details.
• Photos of your pharmacy store and other relevant details as required.

We may also collect, process, or store certain **Sensitive Personal Data or Information (SPDI)**, such as:

• Passwords and financial information (e.g., bank account, credit/debit card details, UPI).
• Inventory, sales, purchase, and accounting information.
• Health-related data, including physical, physiological, and mental health conditions.
• Biometric information.

Note: Any publicly available information or information as per the Information Technology Rules, 2011, is not considered SPDI.

From Your Browser and Device

We automatically collect certain information during your interaction with the Site. This includes:

• IP address, browser and device characteristics, operating system, and language preferences.
• Device name, location, referring URLs, and usage details.
• Technical information needed for security and operational purposes.

We do not store cookies or similar tracking technologies. However, we may collect:

• Communications or interactions via chats or emails, such as support tickets.
• Feedback or testimonials shared voluntarily about our Services or the Site.
• Inventory data from retail pharmacies, to facilitate responses to partner companies about product availability.

Accuracy and Updates

All personal information you provide must be true, complete, and accurate. You are responsible for notifying us of any updates or changes.

Usage and Third-Party Access

We use the information collected for purposes outlined in this Privacy Policy. Please note:

• We are not responsible for how third-party services (e.g., Google Analytics, Firebase Analytics, Zoho Analytics) handle your information. Review their privacy policies for more details.

Use of Information

We use the information provided by you to enable us to provide, operate, improve, understand, customize, support, and market our Site and the Services. Below are the ways in which your information is utilized:

• Registration and Account Setup: We use your information to register you on the Site and create your account.
• Communication: Your email address and contact details are used to:
  • Send information about the Site and the Services.
  • Provide customer support and address inquiries.
  • Notify you about additional products, services, and offers from the Company.
• Improving User Experience: We collect information to:
  • Learn about your interactions with the Site and enhance your experience.
  • Support better customer service and develop new features.
• Personalization: Based on your interactions and preferences, we use your data to:
  • Infer your interests and suggest relevant content, products, and services.
  • Notify you about updates, upcoming events, and promotional offers.
  • Customize advertising, including off-site advertising.
• Order Management: We use your data to provide information about:
  • Order confirmations and invoices.
  • Technical notices and security alerts.
• Risk Mitigation: We use data to:
  • Identify and respond to potential risks such as spamming, phishing attempts, or violations of our Terms of Service.
  • Resolve grievances or issues related to the Site and the Services.
• Analytics and Research: We analyze data to:
  • Continuously improve the Site and the Services.
  • Enhance the healthcare, pharmaceutical, and allied sectors in India.
• Customer Relationship Management: Your information is used to:
  • Target email and engagement campaigns.
  • Provide better customer support.
  • Enhance application functionality based on user feedback and interactions.

Sharing of Information

We share your information to operate, provide, improve, understand, customize, support, and market our Site and the Services. Below are the ways your information may be shared:

• Third-Party Analytics Providers:
  • We may share information with advertisers and third-party analytics providers such as Google Analytics, Firebase Analytics, and Zoho Analytics.
  • These providers use data to enhance your experience by offering insights that improve our application's functionality and user engagement.
  • Such shared data does not specifically identify you by name or contact information.
  • We recommend reviewing the privacy policies of these third-party providers to understand their data practices.
• Third-Party Advertising Partners:
  • We may share information with advertising partners to deliver targeted advertisements relevant to you.
  • This helps us refine our service offerings and improve the Site's performance.
• Third-Party Service Providers:
  • We may share information with service providers facilitating the Services, such as payment gateway providers for processing transactions.
  • Financial information, like credit/debit card or bank account details, may be collected by payment gateways, which are encrypted and secure.
  • We are not liable for any disputes, breaches, or inactions by these third parties and recommend reviewing their policies.
• Pharmaceutical Manufacturers:
  • We may share analytics and aggregated data with pharmaceutical manufacturers to help them understand market trends, product performance, and other relevant insights.
  • This shared information does not include your name or contact details.
• Business Transfers:
  • Your information may be shared or transferred during reorganizations, mergers, sales of assets, financings, acquisitions, insolvencies, bankruptcies, or receiverships.
  • Such transfers are considered business assets as part of organizational changes.
• Legal Compliance:
  • We may disclose your information to law enforcement, regulators, or other authorities as required by law or in response to legal demands like court orders or regulatory requirements.
  • Information may also be disclosed to address fraud, security issues, protect safety, enforce our Terms of Service, or investigate legal violations.

Managing Your Information and the Retention Period

We value your rights regarding the management and retention of your Personal Information. Below are the key details:

• Access, Update, and Deletion:
  • You may request access to the Personal Information we collect about you.
  • You have the right to request changes or updates to your information to ensure accuracy.
  • In certain circumstances, you may also request the deletion of your Personal Information.
  • To review, update, or delete your information, please Contact Us.
• Retention Period:
  • We retain your information only as long as necessary to fulfill the purposes outlined in this Privacy Policy.
  • Retention periods may be extended if required or permitted under applicable laws.
  • We may also retain information to comply with legal obligations, resolve disputes, and enforce our agreements.
• Third-Party Data Storage:
  • We may use third-party service providers to store and maintain your data securely.
  • These providers are obligated to adhere to relevant privacy and data security standards.

Data Security Precautions

We prioritize the security of your Personal Information by implementing robust technical and organizational measures. Below are the key precautions and practices we follow:

• Storage and Hosting:
  • Your Personal Information is stored on databases hosted on either private or public clouds.
  • We employ appropriate firewalls and protections to secure stored information.
• Limitations:
  • Although we implement robust security measures, no system is completely hack-proof. Unauthorized hacking, virus attacks, and technical issues may lead to data breaches.
  • We take no liability for data pilferage due to such incidents but continue to strive for high security standards.
• Phishing Awareness:
  • Users should remain vigilant against "phishing" scams. We will never ask for your personal information via unsolicited emails.
• Sensitive Data Protection:
  • We use third-party vault and tokenization services to safeguard your Sensitive Personal Information.
  • Where applicable, we anonymize or pseudonymize personal data to prevent identification without additional information.
• Regular Security Practices:
  • We conduct regular security audits, assessments, and penetration testing to identify and mitigate vulnerabilities.
  • These activities are carried out by qualified professionals and adhere to industry best practices.
  • We comply with data protection standards, including but not limited to SOC 2 and ISO/IEC 27001.
• User Responsibility:
  • Users must keep their usernames and passwords confidential and should not share them with anyone.
  • Access to Services relies on secure credentials; responsibility for misuse due to credential sharing lies with the user.
• Post-Transmission Safeguards:
  • While we strive to protect data during transmission, we cannot guarantee absolute security for data transmitted over the internet.
  • Once received, we use strict physical, electronic, and procedural safeguards to prevent unauthorized access to stored data.

Privacy of Children’s Information

We are committed to protecting the privacy of children and ensuring that the Site and the Services are used responsibly. Below are the measures we follow:

• Age Restriction:
  • The Site and the Services are not intended for any person under the age of eighteen (“Child”).
• Information Collection:
  • We do not knowingly collect information from a Child.
  • If we become aware that a Child has provided us with their information, we take immediate steps to:
    • Remove such information from our systems.
    • Terminate the associated accounts on our platform.
• User Responsibility:
  • If you become aware of a Child using our Site, please Contact Us immediately so appropriate action can be taken.
• Limitation of Liability:
  • In the event a Child uses the Site or the Services in contravention of this Privacy Policy and the Terms of Service:
    • We shall not be held liable for any damage or injury caused or suffered by such a person.

Updating of Privacy Policy

We are committed to keeping you informed about changes to this Privacy Policy. Below are the key points regarding updates:

• Regular Updates:
  • We may update this Privacy Policy from time to time.
  • The updated version will include the label “Last Updated” to indicate the revision date.
  • The updated Privacy Policy becomes effective as soon as it is accessible.
• Material Changes:
  • If there are any material changes to this Privacy Policy, we will notify you through one of the following methods:
    • By prominently posting a notice of the change on our Site.
    • By directly sending you a notification about the update.
• Review and Acceptance:
  • We encourage you to review this Privacy Policy regularly to stay informed about how we are protecting your information.
  • Continued use of the Site and Services after updates constitutes your acceptance of the revised Privacy Policy.

Your Privacy Rights

This Privacy Policy complies with the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011, under Section 43A of the Information Technology Act, 2000, and the Information Technology (Intermediaries Guidelines) Rules, 2011 (as amended from time to time).

Account Information and Access

• You can access most of your information and data by logging into your account on our Site.
• Upon request and under applicable law, we can provide a copy of all information we hold about you.
• Please note that some information may not be disclosed if doing so would adversely affect the rights of others, as per applicable laws.

Review, Change Information, and Terminate Account

If you would like to review or change your account information or terminate your account, you can:

• Update Information: Modify your profile information via our mobile app (Android & iOS).
• Delete Account: Use the delete account option available on the mobile app (Android & iOS).

Upon your request to terminate your account, we will deactivate or delete your account and remove your information from our active databases. However, some information may be retained to:

• Prevent fraud.
• Troubleshoot problems.
• Assist with investigations.
• Enforce our Terms of Service.
• Comply with applicable legal requirements.

Object to Processing

• You have the right to object to the processing of your information in certain cases, such as processing based on legitimate interests or public interest.
• Upon objection, we will withhold processing your information unless there are reasonable legitimate grounds or legal requirements to continue processing.

Opting Out

• You can unsubscribe from non-essential, promotional, or marketing-related emails by clicking on the unsubscribe link in the emails sent to you.
• If you wish to unsubscribe from our marketing emails, you may also Contact Us directly.
• Even after opting out, we may still send you service-related communications necessary for account administration or responding to service requests.