Privacy Policy

Welcome to the Privacy Policy of Medli Platform.

These Terms of Use ("Terms") govern your access to and use of the website and mobile application made available by Sectirmeld (hereinafter referred to as the "Company"), having its registered address at Petlurivaripalem village, Narasaraopet Mandal, Palnadu District, Andhra Pradesh – 522603, India. The Company operates its digital healthcare facilitation platform under the brand name "Medli" (hereinafter referred to as "Medli" or the "Platform"). The Company is committed to safeguarding the privacy and confidentiality of personal data shared by Users. This Privacy Policy outlines the manner in which the Company collects, uses, processes, stores, and discloses personal data in connection with the use of the Platform.

In order to provide Users with seamless access to healthcare facilitation services, including appointment booking, consultations, and diagnostic services, the Company may collect and process certain personal data, including sensitive personal data such as health-related information. Such processing shall be carried out strictly in accordance with this Privacy Policy and applicable data protection laws, including the Digital Personal Data Protection Act, 2023.

1. Information We Collect

The Company is committed to protecting the privacy of Users and ensuring appropriate protection and management of personal data shared on the Platform. In order to provide and improve its services, the Company may collect the following categories of information:

1.1 Personal Information

The Company may collect personal information provided by Users at the time of registration, booking, or use of the Platform, including but not limited to:

• Full name;
• Mobile number and email address;
• Age, gender, and location details;
• Login credentials and account-related information;
• Information relating to appointments, consultations, and service preferences.

1.2 Health and Sensitive Personal Data

In connection with the healthcare services facilitated through the Platform, the Company may collect and process certain sensitive personal data, including:

• Medical history and health conditions;
• Symptoms, prescriptions, and diagnostic reports;
• Consultation records and treatment-related information.

Such data shall be collected and processed strictly for the purpose of facilitating healthcare services and in accordance with applicable data protection laws, including the Digital Personal Data Protection Act, 2023.

1.3 Transaction and Payment Information

The Company may collect information relating to payments made through the Platform, including:

• Transaction details;
• Billing information;
• Payment status and history.

The Company does not store complete payment card details and relies on secure third-party payment gateways for processing transactions.

1.4 Usage and Technical Information

The Company may automatically collect certain technical and usage-related information, including:

• IP address and device information;
• Browser type and operating system;
• Pages visited, features used, and time spent on the Platform;
• Log data, cookies, and similar tracking technologies.

Such information is used for analytics, security, and improvement of the Platform.

1.5 Information from Non-Registered Users

This Privacy Policy also applies to individuals who access or use the Platform without registering an account. The Company may collect limited information from such users, including:

• Browsing behaviour and navigation patterns;
• Pages viewed and interaction with content;
• Device and technical information.

1.6 Information from Third Parties

The Company may receive information about Users from third-party sources, including Service Providers or integrated services, to the extent necessary for providing services on the Platform.

This privacy policy also applies to data we collect from users who are not registered as members of this Platform, including, but not limited to, browsing behavior, pages viewed etc.

We only collect and use such information collected from you that we consider necessary for achieving a seamless, efficient, and safe experience in using the platform, customized to your needs including:

• To enable the provision of services opted for by you;
• To enable the viewing of content in your interest;
• To communicate the necessary account and service-related information from time to time;
• To allow you to receive quality customer care services and data Collection;
• To comply with applicable laws, rules and regulations;

Where any service requested by You involves a third party, such information as is reasonably necessary to carry out Your service request may be shared with such third party.

We also use your contact information to send you offers based on your interests and prior activity and also to show the content preferred by you. We shall immediately delete all such information upon withdrawal of your consent for the same through the 'unsubscribe' button or through an email to be sent to grievanceofficer@medli.in.

To the extent possible, we provide you with an option of not divulging any specific information that you wish for us not to collect, store, or use. You may also choose not to use a particular service or feature on the Platform and opt-out of any non-essential communications from the Platform.

Further, transacting over the internet has inherent risks which can only be avoided by you following security practices yourself, such as not revealing account/login-related information to any other person and informing our customer care team about any suspicious activity or where your account has/may have been compromised.

2. Our Use of Your Information

The Company processes personal data collected from Users for lawful purposes connected with the operation, improvement, and security of the Platform, and in accordance with applicable data protection laws, including the Digital Personal Data Protection Act, 2023.

2.1 Purpose of Processing

The information provided by Users may be used for the following purposes:

• To facilitate and provide healthcare-related services requested by the User, including appointment bookings, consultations, and diagnostic services;
• To enable communication between Users and Service Providers, including confirmations, reminders, and updates relating to appointments or services;
• To maintain internal records, including transaction history, consultation details, and operational logs;
• To improve, personalize, and enhance the quality, functionality, and performance of the Platform and Services;
• To comply with legal, regulatory, and statutory obligations, including record-keeping requirements;
• To detect, prevent, and address fraud, misuse, security breaches, or technical issues;
• To send important service-related communications, including notices, updates, and policy changes.

2.2 Use of Health and Sensitive Personal Data

Health-related and other sensitive personal data shall be processed strictly for the purpose of facilitating healthcare services, including enabling consultations, sharing relevant medical information with Service Providers, and maintaining medical records where required.

Such data shall not be used for any purpose unrelated to the provision of healthcare services, except as required or permitted under Applicable Laws.

2.3 Communication

The Company may use User contact information to send service-related communications, including appointment confirmations, reminders, transactional updates, and support-related messages.

Users may also receive limited notifications regarding Platform updates or service enhancements. For further details, Users may refer to the Terms of Use.

2.4 Usage Data and Analytics

The Company may use technical and usage-related information, including IP addresses, device identifiers, browser type, and interaction data, to:

• Identify Users and maintain account security;
• Analyse usage patterns and user behaviour;
• Improve Platform performance and user experience;
• Develop new features and services.

The Company may use third-party analytics and tracking tools to better understand User engagement and optimize the Platform. Such tools may use cookies and similar technologies in accordance with applicable laws.

2.5 Data Sharing and Disclosure

The Company does not sell, rent, or trade User personal data.

However, personal data may be shared in the following circumstances:

• With Service Providers (such as doctors, hospitals, and laboratories) to facilitate the requested services;
• With third-party service providers acting on behalf of the Company, including payment processors, communication service providers, and analytics providers, subject to confidentiality obligations;
• Where required to comply with legal obligations, enforce agreements, or respond to lawful requests by governmental or regulatory authorities.

2.6 System Administration and Security

Information collected through server logs, including IP addresses and browsing activity, may be used for system administration, monitoring, and troubleshooting purposes, as well as for maintaining the security and integrity of the Platform.

2.7 Personalization and Improvements

The Company may use collected information to tailor content, recommendations, and service offerings based on User preferences and usage patterns, with the objective of enhancing User experience.

3. How Information is Collected

Before or at the time of collecting personal information, we will identify the purposes for which information is being collected. If the same is not identified to you, you have the right to request the Company to explain the purpose of the collection of said personal information, pending the fulfillment of which you shall not be mandated to disclose any information whatsoever.

We will collect and use your personal information solely to fulfill those purposes specified by us, within the scope of the consent of the individual concerned or as required by law. We will only retain personal information as long as necessary for the fulfillment of those purposes. We will collect personal information by lawful and fair means and with the knowledge and consent of the individual concerned.

Personal data should be relevant to the purposes for which it is to be used, and, to the extent necessary for those purposes, should be accurate, complete, and up-to-date.

4. External Links on the Platform

The Platform may contain links to third-party websites, applications, services, or resources, including advertisements, integrations, and external service providers (collectively, "Third-Party Platforms").

Such Third-Party Platforms are not owned, operated, or controlled by the Company. The inclusion of any links or references on the Platform is provided solely for the convenience of Users and does not constitute any endorsement, sponsorship, or recommendation by the Company.

4.1 No Control or Responsibility

The Company does not control and shall not be responsible for:

• The availability, accessibility, or functionality of any Third-Party Platforms;
• The content, accuracy, completeness, or reliability of any information, advertisements, or materials available on such platforms;
• The services or products offered by such third parties.

Users acknowledge that access to and use of Third-Party Platforms is at their own risk.

4.2 No Liability

To the fullest extent permitted under Applicable Laws, the Company shall not be liable for any loss or damage, whether direct or indirect, arising out of or in connection with:

• The use of or reliance on any Third-Party Platforms;
• Any transactions, communications, or dealings between Users and such third parties;
• Any deficiencies, failures, or misconduct on the part of such third parties.

4.3 Third-Party Privacy Practices

Third-Party Platforms may have their own privacy policies and data handling practices governing the collection, storage, use, and disclosure of personal data.

The Company does not control or assume responsibility for such practices. Users are advised to review the privacy policies and terms of use of such Third-Party Platforms before accessing or using their services.

4.4 External Integrations

The Platform may integrate with third-party services, including but not limited to payment gateways, communication tools, and analytics providers. While the Company endeavours to work with reputable service providers, it does not guarantee the performance, security, or reliability of such integrations.

5. Cookies

A cookie is a small file of letters and numbers that we store on your browser or the hard drive of your computer if you agree. By continuing to browse the site, you are agreeing to our use of cookies. Cookies contain information that is transferred to your computer's hard drive. You can set your browser to refuse all or some browser cookies, or to alert you when Platforms set or access cookies. If you disable or refuse cookies, please note that some parts of this Platform may become inaccessible or not function properly. A list of the type of cookies we use is as follows:

• Strictly necessary cookies. These are cookies that are required for the operation of our Platform. They include, for example, cookies that enable you to log into secure areas of our Platform, use a shopping cart or make use of e-billing services.
• Analytical/performance cookies. They allow us to recognize and count the number of visitors and to see how visitors move around our Platform when they are using it. This helps us to improve the way our Platform works, for example, by ensuring that users are finding what they are looking for easily.
• Functionality cookies. These are used to recognize you when you return to our Platform. This enables us to personalize our content for you, greet you by name and remember your preferences (for example, your choice of language or region).
• Targeting cookies. These cookies record your visit to our Platform, the pages you have visited and the links you have followed. We will use this information to make our Platform and the advertising displayed on it more relevant to your interests. We may also share this information with third-parties for this purpose.

Please note that third-parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies. You can block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our Platform.

6. Your Rights

Unless subject to an exemption, you have the following rights concerning your data:

• The right to request a copy of your data which we hold about you;
• The right to request for any correction to any personal data if it is found to be inaccurate or out of date;
• The right to withdraw Your consent to the processing at any time;
• The right to object to the processing of personal data;
• The right to complain about a supervisory authority;
• The right to obtain information as to whether personal data are transferred to a third country or an international organization.

Where you hold an account with any of our services, you are entitled to a copy of all personal data which we hold concerning you. You are also entitled to request that we restrict how we use your data in your account when you log in.

The Company shall process personal data only for lawful purposes, including for the provision of services, compliance with legal obligations, and other legitimate uses permitted under applicable laws. Wherever required, the Company shall obtain the User's consent prior to the collection and processing of personal data.

At the time of seeking consent, the Company shall provide clear and adequate notice to the User specifying:

• the nature and categories of personal data being collected;
• the purpose(s) for which such data is being processed;
• the manner in which such data may be used or shared;
• the procedure for withdrawal of consent; and
• the mechanism available to the User for grievance redressal.

Consent obtained from Users shall be free, specific, informed, unconditional, and unambiguous, and shall be evidenced through a clear affirmative action.

Users shall have the right to withdraw their consent at any time by following the procedure specified on the Platform. Upon such withdrawal, the Company shall cease processing of the relevant personal data, unless such processing is required or permitted under applicable laws. The withdrawal of consent shall not affect the lawfulness of any processing carried out prior to such withdrawal.

Users acknowledge that withdrawal of consent or refusal to provide certain personal data may result in limited access to certain features or services on the Platform.

The Company implements reasonable technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, or destruction. However, while the Company endeavours to protect User information, it does not guarantee absolute security.

7. Compliances

1. This legal agreement is an electronic record in terms of the Indian Information Technology Act, 2000 and rules there under as applicable and the amended provisions about electronic records in various statutes as amended by the Indian Information Technology Act, 2000. This electronic record is generated by a computer system and does not require any physical or digital signatures.
2. This legal document is published in accordance with the provisions of Rule 3 (1) of the Indian Information Technology (Intermediaries guidelines) Rules, 2011 and Rule 4 of the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 of Information Technology Act, 2000 amended through Information Technology Amendment Act, 2008 that require publishing the Terms of Use and practices for access and usage of any functional Platform.
3. This Privacy Policy is formulated in compliance with the provisions of THE DIGITAL PERSONAL DATA PROTECTION ACT, 2023, and any other relevant data protection laws applicable to the processing of personal data. The policy outlines the principles and procedures for collecting, processing, and safeguarding personal data in adherence to the statutory requirements set forth by THE DIGITAL PERSONAL DATA PROTECTION ACT, 2023. Users are encouraged to review and understand this Privacy Policy in conjunction with the applicable data protection laws.

8. Data Fiduciary and Data Principal

For the purposes of this Privacy Policy and in accordance with applicable data protection laws, including the Digital Personal Data Protection Act, 2023:

• The Company shall act as the "Data Fiduciary," being the entity that determines the purpose and means of processing personal data collected through the Platform;
• The User shall be regarded as the "Data Principal," being the individual to whom the personal data relates;
• The Company, as the Data Fiduciary, shall process personal data in a lawful, fair, and transparent manner, and shall ensure that such processing is limited to the purposes specified in this Privacy Policy or as otherwise permitted under Applicable Laws;
• The Company shall implement appropriate technical and organizational measures to ensure compliance with its obligations as a Data Fiduciary, including ensuring data accuracy, security, and accountability in processing activities;
• The User, as the Data Principal, shall have rights in relation to their personal data, including the right to access, correct, and request deletion of such data, and to withdraw consent in accordance with Applicable Laws.

9. Processing of Children's Data

The Company recognizes the need for enhanced protection of personal data relating to children.

• For the purposes of this Policy, a "child" shall mean any individual below the age of eighteen (18) years;
• The Company shall not process personal data of a child without obtaining verifiable consent from the parent or lawful guardian, in such manner as may be prescribed under Applicable Laws;
• The Company shall implement appropriate measures to verify that consent for processing of a child's data has been provided by a parent or lawful guardian;
• The Company shall not undertake tracking, behavioural monitoring, or targeted advertising directed at children;
• The Company shall process children's data only for purposes that are necessary for providing healthcare facilitation services and in a manner that is in the best interests of the child;
• The Company shall implement enhanced safeguards, including restricted access controls and data minimization practices, while handling children's personal data.

10. Data Breach and Incident Response

The Company maintains appropriate technical and organizational measures to safeguard personal data against unauthorized access, disclosure, alteration, or destruction.

• In the event of a data breach or security incident involving personal data, the Company shall take prompt and reasonable steps to identify, contain, and mitigate the impact of such breach;
• The Company shall assess the nature and extent of the breach, including the type of data affected, the number of Users impacted, and the potential risks arising therefrom;
• Where required under Applicable Laws, the Company shall notify the relevant regulatory authorities and affected Users of such breach, within such timelines as may be prescribed;
• Such notification, where applicable, shall include relevant details of the breach, potential consequences, and measures taken or proposed to mitigate any adverse effects;
• The Company shall take appropriate remedial actions to prevent recurrence of such incidents, including strengthening security measures and reviewing internal processes;
• Users acknowledge that, despite reasonable safeguards, no system can be completely secure, and the Company shall not be liable for breaches occurring due to factors beyond its reasonable control.

11. Cross-Border Transfer of Data

The Company may, in the course of providing services, transfer, store, or process personal data outside the territory of India.

• Such cross-border transfer of personal data shall be carried out only in accordance with Applicable Laws, including restrictions or conditions prescribed under the Digital Personal Data Protection Act, 2023;
• The Company shall ensure that any recipient of personal data outside India provides an adequate level of data protection and implements appropriate safeguards to protect such data;
• Cross-border transfers may occur where necessary for service facilitation, including hosting, data storage, analytics, or use of third-party service providers;
• The Company shall take reasonable steps to ensure that such transfers do not compromise the security or confidentiality of personal data;
• By using the Platform and providing personal data, Users consent to such transfer, storage, and processing of their data in jurisdictions outside India, subject to Applicable Laws.

12. Confidentiality

12.1 Platform Confidential Information

Users acknowledge that the Platform may contain certain information, materials, and content that are proprietary and confidential to the Company ("Confidential Information"), including but not limited to technical data, business processes, platform features, and other non-public information.

Users agree not to disclose, reproduce, distribute, or otherwise use such Confidential Information without the prior written consent of the Company, except as expressly permitted under the Terms of Use.

12.2 Confidentiality of User Information

The Company treats all personal data shared by Users as confidential and shall take reasonable measures to protect such information against unauthorized access, use, disclosure, or alteration.

The Company shall not disclose personal data to third parties except:

• As required to facilitate services through the Platform (including sharing with hospitals, doctors, and diagnostic service providers);
• With third-party service providers acting on behalf of the Company, subject to appropriate confidentiality obligations;
• Where required to comply with Applicable Laws or lawful requests from governmental or regulatory authorities;
• With the consent of the User.

All such processing shall be carried out in accordance with applicable data protection laws, including the Digital Personal Data Protection Act, 2023.

12.3 Communication

The Company may use User contact information, including email and mobile number, to send communications strictly related to the provision of services, including appointment confirmations, reminders, updates, and support-related messages.

The Company shall not use User contact information for unsolicited communications unrelated to the Platform's services. Users may opt out of non-essential communications, where applicable, in accordance with the options provided on the Platform.

12.4 Exceptions

Notwithstanding the foregoing, the Company shall not be responsible for disclosure of information:

• Which is already in the public domain through no fault of the Company;
• Which is lawfully received from a third party without restriction;
• Which is disclosed pursuant to a legal obligation or court order;
• Which is disclosed with the User's consent.

12.5 No Absolute Security

While the Company implements reasonable security practices and procedures to safeguard User information, Users acknowledge that no method of transmission over the internet or method of electronic storage is completely secure, and the Company does not guarantee absolute security of information.

13. Other Information Collectors

Except as otherwise expressly included in this Privacy Policy, this document only addresses the use and disclosure of information we collect from you. To the extent that you disclose your information to other parties, whether they are on our Platform or other sites throughout the Internet, different rules may apply to their use or disclosure of the information you disclose to them. To the extent that we use third party advertisers, they adhere to their privacy policies. Since we do not control the privacy policies of third parties, you are subject to ask questions before you disclose your personal information to others.

14. Our Disclosure of Your Information

14.1 General Disclosure Principles

The Company is committed to protecting the confidentiality of User information and shall not disclose personal data except in accordance with this Privacy Policy and Applicable Laws, including the Digital Personal Data Protection Act, 2023.

While the Company implements reasonable security practices and safeguards, Users acknowledge that, due to the nature of digital communications and the regulatory environment, absolute confidentiality of information cannot be guaranteed.

14.2 No Sale of Personal Data

As a matter of policy, the Company does not sell, rent, or trade personally identifiable information of Users to any third party.

14.3 Disclosure for Service Facilitation

The Company may disclose personal data to third parties strictly to the extent necessary for providing services on the Platform, including:

• Healthcare Service Providers such as hospitals, doctors, and diagnostic laboratories for the purpose of facilitating consultations, bookings, and treatment;
• Third-party service providers engaged by the Company, including payment processors, communication service providers, and technical support providers, who are contractually bound by confidentiality obligations.

14.4 External Service Providers

The Platform may integrate or provide access to services offered by third-party providers. Where Users choose to avail such services and share information with such third parties:

• The collection and use of such information shall be governed by the respective third party's privacy policy;
• The Company shall not be responsible for the data practices of such third parties.

Users are advised to review the privacy policies of such third-party service providers before sharing their information.

14.5 Legal and Regulatory Disclosures

The Company may disclose personal data:

• To comply with Applicable Laws, legal processes, or regulatory requirements;
• In response to lawful requests from courts, law enforcement agencies, or government authorities;
• To enforce the Terms of Use, Partner Agreement, or other policies;
• To investigate, prevent, or address suspected fraud, security issues, or illegal activities;
• To protect the rights, property, or safety of the Company, Users, or the public.

Users expressly authorize the Company to make such disclosures where deemed necessary.

14.6 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of assets, User information may be transferred as part of such transaction, subject to applicable confidentiality and data protection obligations.

14.7 User Notification

Where required under Applicable Laws or where reasonably practicable, the Company may notify Users of disclosures of their personal data. However, the Company shall not be obligated to provide such notice where disclosure is required by law, regulatory direction, or where such notification is prohibited.

14.8 Limitation of Liability

To the fullest extent permitted under Applicable Laws, the Company shall not be liable for any disclosure of personal data:

• Made in compliance with legal obligations;
• Resulting from unauthorized access beyond the reasonable control of the Company;
• Arising from the actions or omissions of third-party service providers.

15. Accessing, Reviewing and Changing Your Profile

You can review and change the information you submitted except Email ID. An option for facilitating such change shall be present on the Platform and such change shall be facilitated by the User. If you change any information, we may or may not keep track of your old information. We will not retain in our files information you have requested to remove for certain circumstances, such as to resolve disputes, troubleshoot problems, and enforce our terms and conditions. Such prior information shall be completely removed from our databases, including stored 'back up' systems. If you believe that any information, we are holding on to you is incorrect or incomplete, or to remove your profile so that others cannot view it, the User needs to remediate, and promptly correct any such incorrect information.

16. Data Retention and Deletion

16.1 Retention of Personal Data

The Company shall retain personal data, including sensitive personal data such as health-related information, only for as long as necessary to:

• Fulfil the purposes for which such data was collected, including facilitating healthcare services, consultations, and transactions on the Platform;
• Comply with applicable legal, regulatory, and statutory obligations;
• Resolve disputes, enforce agreements, and maintain records for audit and compliance purposes.

Such retention shall be carried out in accordance with applicable laws, including the Digital Personal Data Protection Act, 2023.

16.2 Retention of Health Data

Health-related and medical information may be retained for longer durations where necessary:

• To ensure continuity of care and future consultations;
• To comply with applicable healthcare and record-keeping requirements;
• To address medico-legal obligations and claims.

The Company shall ensure that such data is retained only to the extent necessary and is subject to appropriate safeguards.

16.3 Criteria for Determining Retention Period

The duration for which personal data is retained shall be determined based on factors including:

• The nature and sensitivity of the data;
• The purpose for which the data was collected;
• Legal, regulatory, or contractual requirements;
• The need to prevent fraud, resolve disputes, or enforce rights.

16.4 Deletion of Personal Data

The Company shall delete or anonymize personal data:

• Upon fulfilment of the purpose for which it was collected;
• Upon withdrawal of consent by the User, unless retention is required or permitted under Applicable Laws;
• Upon receipt of a valid request for deletion, subject to verification and legal requirements.

16.5 User-Initiated Deletion Requests

Users may request deletion of their personal data by contacting the Company through the grievance redressal mechanism.

Upon receipt of such request:

• The Company shall verify the identity of the User;
• Evaluate the request in accordance with applicable laws;
• Delete or anonymize the data within a reasonable time, unless retention is required for legal or legitimate purposes.

Users acknowledge that deletion of certain data may result in the inability to access or use certain features of the Platform.

16.6 Exceptions to Deletion

The Company may retain certain personal data notwithstanding a deletion request, where such retention is necessary:

• To comply with legal or regulatory obligations;
• To establish, exercise, or defend legal claims;
• To prevent fraud, abuse, or security threats;
• For legitimate business purposes permitted under Applicable Laws.

16.7 Anonymization and Aggregation

The Company may anonymize or aggregate personal data in such a manner that it no longer identifies an individual User. Such anonymized data may be retained and used for analytics, research, and improvement of services without restriction.

16.8 Secure Deletion

The Company shall implement reasonable technical and organizational measures to ensure secure deletion or destruction of personal data when it is no longer required, so as to prevent unauthorized access or recovery.

17. Security

We treat data as an asset that must be protected against loss and unauthorized access. We employ many different security techniques to protect such data from unauthorized access by members inside and outside the Firm. We follow generally accepted industry standards to protect the Personal Information submitted to us and information that we have accessed.

However, as effective as encryption technology is, no security system is impenetrable. Our Firm cannot guarantee the security of our database, nor can we guarantee that information you provide won't be intercepted while being transmitted to the Firm over the Internet.

18. Severability

Each paragraph of this Privacy Policy shall be and remain separate from and independent of and severable from all and any other paragraphs herein except where otherwise expressly indicated or indicated by the context of the agreement. The decision or declaration that one or more of the paragraphs are null and void shall not affect the remaining paragraphs of this privacy policy.

19. Amendment

Our Privacy Policy may change from time to time. The most current version of the policy will govern our use of your information and will always be on the Platform. Any amendments to this Policy shall be deemed as accepted by the User on their continued use of the Platform.

20. Consent Withdrawal, Data Download & Data Removal Requests

To withdraw your consent, or to request the download or delete your data with us for any or all our services at any time, please email to grievanceofficer@medli.in

21. Disclaimer

We do not store any account related information or any credit / debit card details. We shall not be liable for any loss or damage sustained by Users as a result of any disclosure (inadvertent or otherwise) of any information concerning the User's account, credit cards or debit cards in the course of any online transactions or payments made for any products and/or services offered through the Platform.

In case any Personal Information is shared by you with us, which is not requested by us during registration, (whether mandatorily or optionally), we will not be liable for any information security breach or disclosure in relation to such information.

22. Data Protection Officer / Grievance Officer

In accordance with applicable laws, including the Digital Personal Data Protection Act, 2023 and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, the Company has designated a Grievance Officer to address any complaints, concerns, or queries relating to the processing of personal data and use of the Platform.

Users may contact the Grievance Officer for matters including, but not limited to:

• Issues relating to collection, use, or disclosure of personal data;
• Requests for access, correction, or deletion of personal data;
• Withdrawal of consent;
• Concerns regarding unauthorized access or data breaches;
• Any other grievance arising out of the use of the Platform.

Contact Details

Users may submit their grievances or requests to the Grievance Officer using the following details:

Grievance Redressal Process

• The Company shall acknowledge receipt of the grievance within twenty-four (24) hours of receipt;
• The Company shall endeavour to resolve the grievance within fifteen (15) days from the date of receipt, or within such reasonable time as may be required depending on the nature of the grievance;
• Users may be required to provide additional information or documentation for effective resolution.

Escalation

If the User is not satisfied with the resolution provided, the User may escalate the matter in accordance with Applicable Laws.

Nothing contained herein shall limit the User's right to seek remedies before appropriate legal or regulatory authorities.