Skip to main content
Skip to main content

Privacy Policy

Last updated: February 16, 2026

Policy Version: 2.0 (GDPR Compliant)

Quick Access

→ Data Controller Information→ Legal Basis for Processing→ Your GDPR Rights→ Cookie Policy→ Data Retention→ International Transfers

1. Introduction

MedsHood Pharmacy Private Limited ("MedsHood," "we," "us," or "our") is committed to protecting your privacy and complying with applicable data protection laws, including:

  • EU General Data Protection Regulation (GDPR) for EU/EEA customers
  • UK GDPR for UK customers
  • Digital Personal Data Protection Act (DPDP), 2023 for Indian customers
  • HIPAA principles for health data protection

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal and health information when you use our online pharmacy and healthcare services.

2. Data Controller Information

Data Controller: Access Biopharma

Registered Office: NO 3-6-365/C/301, Pavani Estates Himayath Nagar 500029 - Hyderabad Telangana, India

Email: info@medshood.com

Phone: +91 9063295781

Data Protection Officer (DPO): info@medshood.com

3. Information We Collect

3.1 Personal Information

  • Identity Data: Full name, date of birth, gender, government ID (for age verification)
  • Contact Data: Email address, phone number, billing/delivery address
  • Financial Data: Payment card details (tokenized), billing information
  • Account Data: Username, password (hashed), account preferences
  • Marketing Data: Communication preferences, marketing consent status

3.2 Special Category Data (Health Information)

⚠️ Sensitive Data - Enhanced Protection

The following health data is classified as "special category data" under GDPR Article 9 and receives enhanced protection:

  • Prescription Records: Medication names, dosages, prescribing physician, prescription images
  • Medical History: Current and past medical conditions, allergies, drug interactions
  • Treatment Information: Current medications, treatment plans, medication adherence
  • Health Metrics: Weight, blood pressure, lab results (if provided)

3.3 Technical Data

  • IP address, browser type, device information
  • Cookies and similar tracking technologies (see Cookie Policy below)
  • Usage data: pages visited, time spent, click patterns
  • Location data (general city/region only, not precise GPS)

3.4 Data We Do NOT Collect

  • Precise geolocation (GPS coordinates)
  • Biometric data (fingerprints, facial recognition)
  • Genetic/DNA information
  • Social media content (unless you choose to connect accounts)

5. How We Use Your Information

5.1 Primary Purposes

  • Order Fulfillment: Process prescriptions, verify eligibility, dispense medications
  • Delivery: Arrange secure delivery of medications to your address
  • Payment Processing: Process transactions and prevent fraud
  • Customer Support: Respond to inquiries, resolve issues, provide assistance
  • Regulatory Compliance: Maintain records as required by pharmaceutical regulations
  • Safety Monitoring: Track adverse drug reactions, drug interactions

5.2 Secondary Purposes (with consent or legitimate interest)

  • Service Improvement: Analyze aggregated, anonymized data to improve services
  • Marketing: Send promotional emails about new products/services (opt-in only)
  • Personalization: Customize website content based on your preferences
  • Research: Conduct anonymized health research (with explicit consent)

5.3 Automated Decision-Making

We do NOT use fully automated decision-making or profiling that produces legal effects or similarly significant effects on you.

All prescription approvals are reviewed by licensed pharmacists. You have the right to request human intervention if you believe an automated system has been used incorrectly.

6. Information Sharing and Third-Party Processors

We do NOT sell your personal or health information to third parties.

We share your information only with trusted processors under strict data protection agreements (DPAs):

6.1 Service Providers (Data Processors)

  • Cloud Hosting: Supabase (database), Vercel (web hosting) - See DPAs
  • Payment Processing: Razorpay, Stripe (PCI-DSS compliant, tokenization)
  • Delivery Partners: Licensed courier services (receive only delivery address + order ID)
  • Email Service: Transactional email provider (for order confirmations, receipts)
  • Analytics: Google Analytics (anonymized IP, cookie consent required)

6.2 Healthcare Providers

  • Licensed pharmacists (to verify prescriptions and dispense medications)
  • Prescribing physicians (to verify prescription authenticity if needed)

6.3 Legal Disclosures

We may disclose your information when legally required:

  • Court orders, subpoenas, or legal processes
  • Regulatory authorities (e.g., drug safety monitoring, inspections)
  • Law enforcement (with valid legal basis)
  • To protect rights, property, or safety of MedsHood, customers, or public

6.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity. We will notify you via email and prominent website notice 30 days before any such transfer.

7. International Data Transfers (GDPR Chapter V)

Your data is primarily stored in India. For EU/UK customers, some data may be transferred to processors outside the EU/EEA/UK. We ensure adequate protection through:

  • EU Standard Contractual Clauses (SCCs): Approved by the European Commission
  • UK International Data Transfer Agreement (IDTA): For UK transfers
  • Adequacy Decisions: Transfers only to countries with adequate data protection
  • Additional Safeguards: Encryption, access controls, regular audits

You can request a copy of the safeguards in place by contacting info@medshood.com

8. Data Retention (GDPR Article 5)

We retain your data only as long as necessary for the purposes collected and to comply with legal obligations:

Data TypeRetention PeriodLegal Basis
Prescription Records7 yearsPharmaceutical regulations
Order History5 yearsTax compliance
Account Information30 days after account deletion requestGrace period for cancellation
Marketing ConsentUntil withdrawnConsent-based processing
Cookie Consent12 monthsePrivacy Directive
Audit Logs7 yearsHIPAA compliance

After retention periods expire, data is either securely deleted or anonymized for statistical purposes.

9. Data Security (GDPR Article 32)

We implement state-of-the-art technical and organizational measures to protect your data:

9.1 Technical Measures

  • Encryption: AES-256 encryption at rest, TLS 1.3 in transit
  • Access Controls: Role-based access (RBAC), least privilege principle
  • Authentication: Multi-factor authentication (MFA) for staff
  • Database Security: Row-Level Security (RLS) policies in Supabase
  • Network Security: Firewalls, intrusion detection, DDoS protection
  • Monitoring: 24/7 security monitoring, automated threat detection
  • Backups: Daily encrypted backups with 30-day retention

9.2 Organizational Measures

  • Staff training on data protection and GDPR compliance
  • Confidentiality agreements for all employees
  • Regular security audits and penetration testing
  • Incident response plan with 72-hour breach notification
  • Data Protection Impact Assessments (DPIAs) for high-risk processing

⚠️ Data Breach Notification

In the unlikely event of a data breach, we will notify affected individuals and supervisory authorities within 72 hours as required by GDPR Article 33-34.

10. Your Data Protection Rights

Under GDPR, UK GDPR, and DPDP Act 2023, you have the following rights:

1. Right to Access (Article 15)

Request a copy of all personal data we hold about you in machine-readable format (JSON).

→ Export Your Data

2. Right to Rectification (Article 16)

Request correction of inaccurate or incomplete data.

→ Request Correction

3. Right to Erasure / "Right to be Forgotten" (Article 17)

Request deletion of your data (subject to legal retention requirements). 30-day grace period applies.

→ Delete Your Account

4. Right to Restriction of Processing (Article 18)

Request temporary suspension of data processing in certain circumstances.

→ Request Restriction

8. Right to Lodge a Complaint (Article 77)

Lodge a complaint with your local supervisory authority if you believe we've violated your rights.

→ Find Your Supervisory Authority (EU)
→ UK Information Commissioner's Office

How to Exercise Your Rights

  1. Email our Data Protection Officer: info@medshood.com
  2. We will respond within 30 days (extendable to 60 days for complex requests)
  3. We may request identity verification to prevent unauthorized access
  4. All requests are free of charge (unless manifestly unfounded or excessive)

11. Cookie Policy (ePrivacy Directive)

We use cookies and similar technologies to improve your experience. You can control your cookie preferences at any time.

11.1 Cookie Categories

✅ Necessary Cookies (Always Active)

Essential for website functionality. Cannot be disabled.

Examples: Session management, authentication, shopping cart, security

📊 Analytics Cookies (Opt-In Required)

Help us understand how visitors use our website (anonymized data).

Provider: Google Analytics (IP anonymization enabled)

🎯 Marketing Cookies (Opt-In Required)

Track your activity across websites to deliver personalized ads.

Providers: Google Ads, Facebook Pixel (if you consent)

⚙️ Preference Cookies (Opt-In Required)

Remember your settings and preferences (language, region, theme).

11.2 Manage Your Cookie Preferences

You can manage your cookie preferences through:

  • Our cookie consent banner (appears on first visit)
  • Privacy Settings Dashboard (under "Cookies" tab)
  • Your browser settings (will disable all cookies, including necessary ones)

Note: Disabling necessary cookies may prevent the website from functioning correctly.

11.3 Cookie Retention

Your cookie consent is stored for 12 months. After this period, we will ask for your consent again.

12. Children's Privacy

Our services are NOT intended for individuals under 18 years of age.

We do not knowingly collect personal data from children. If you are a parent/guardian and believe your child has provided us with personal data, please contact us immediately at info@medshood.com, and we will delete it within 72 hours.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements.

  • Minor Changes: We will update the "Last Updated" date at the top of this page
  • Material Changes: We will notify you via email (30 days notice) and prominent website banner
  • Version History: Previous versions are available upon request to info@medshood.com

Continued use of our services after changes indicates acceptance of the updated policy.

14. Contact Us

For questions, concerns, or to exercise your data protection rights, contact us:

MedsHood Pharmacy - Privacy Team

General Privacy Inquiries:

📧 info@medshood.com

📞 +91 9063295781

Data Protection Officer (DPO):

📧 info@medshood.com

📞 +91 9063295781

Mailing Address:

NO 3-6-365/C/301, Pavani Estates, Himayath Nagar, 500029 - Hyderabad, Telangana, India

Response Times:

  • ✅ General inquiries: 5 business days
  • ✅ Data subject access requests: 30 days (extendable to 60 days)
  • ✅ Urgent security concerns: 24 hours

15. Supervisory Authorities

You have the right to lodge a complaint with your local data protection authority:

🇪🇺 EU/EEA Residents

Find your local Data Protection Authority:

→ European Data Protection Board - Member List

🇬🇧 UK Residents

Information Commissioner's Office (ICO)

📧 casework@ico.org.uk

📞 0303 123 1113

→ File a Complaint

🇮🇳 Indian Residents

Data Protection Board of India (DPDP Act 2023)

Note: The Data Protection Board is being established. In the interim, contact us directly.

Medshood - India's Trusted Online Pharmacy | Authentic Medicines up to 70% Off