Prasad Meditech is committed to ensuring the privacy and security of personal data in full compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679. This GDPR Data Compliance Policy outlines our approach to data protection, the rights of data subjects, and our compliance with GDPR principles.
At Prasad Meditech, we recognize the importance of protecting the personal data of our customers, suppliers, employees, and website visitors. This policy explains how we collect, process, store, and protect personal data in compliance with GDPR requirements.
This policy applies to:
All personal data processed by Prasad Meditech, whether collected online or offline.
Data subjects in the European Economic Area (EEA) and any other regions where GDPR applies.
Our employees, contractors, and third-party vendors who process personal data on our behalf.
Prasad Meditech processes personal data only when there is a legal basis to do so, including:
Consent: When individuals provide explicit consent for data collection.
Contractual Necessity: When processing is required to fulfill contractual obligations.
Legal Obligation: When compliance with laws and regulations is necessary.
Legitimate Interests: When processing is necessary for legitimate business interests, provided it does not override data subject rights.
We may collect the following categories of personal data:
Identity Data: Name, job title, company name.
Contact Data: Email address, phone number, mailing address.
Technical Data: IP address, browser type, operating system, and cookies (see our Cookie Policy).
Transaction Data: Payment details and order history (if applicable).
Communication Data: Correspondence via email, contact forms, or support interactions.
We do not collect sensitive personal data such as race, ethnicity, political opinions, religious beliefs, or health information unless required for a specific legal or contractual purpose.
We retain personal data only for as long as necessary to fulfill the purpose for which it was collected, in compliance with GDPR regulations. The retention periods are as follows:
Customer data: Retained for up to 7 years after the last interaction.
Supplier and vendor data: Retained for as long as required by contract and legal obligations.
Marketing data: Retained until the user withdraws consent.
After the retention period, all data is securely deleted or anonymized.
Under GDPR, individuals have the following rights regarding their personal data:
Right to Access: Request a copy of the personal data we hold.
Right to Rectification: Correct inaccurate or incomplete personal data.
Right to Erasure (Right to be Forgotten): Request deletion of personal data when it is no longer necessary.
Right to Restriction of Processing: Limit how personal data is used.
Right to Data Portability: Obtain a copy of data in a structured format for transfer.
Right to Object: Object to data processing for direct marketing or other legitimate reasons.
Right to Withdraw Consent: Withdraw previously given consent at any time.
To exercise these rights, contact us at [Insert Email]. We will respond to all requests within 30 days in accordance with GDPR requirements.
Prasad Meditech implements strict security measures to protect personal data from unauthorized access, alteration, disclosure, or destruction. These include:
Encryption: Secure storage of sensitive data using encryption technologies.
Access Controls: Restricted access to personal data based on job roles.
Regular Audits: Ongoing compliance checks to ensure GDPR adherence.
Incident Response Plan: Immediate action in case of a data breach.
If a data breach occurs, affected individuals will be notified in accordance with GDPR timelines.
If personal data is transferred outside the EEA, we ensure adequate protection by:
Using Standard Contractual Clauses (SCCs) approved by the European Commission.
Transferring data to countries with adequate data protection laws.
Implementing Binding Corporate Rules (BCRs) where applicable.
We may share personal data with third-party service providers (such as cloud hosting, payment processors, or analytics tools) who process data on our behalf. These vendors comply with GDPR regulations and have signed Data Processing Agreements (DPAs) with us.
We do not sell, rent, or trade personal data with third parties for commercial purposes.
Our website uses cookies to enhance user experience and collect analytics data. Users can manage their cookie preferences through our Cookie Policy and browser settings.
For more details, refer to our [Cookie Policy].
If you have any questions regarding this GDPR Compliance Policy or wish to exercise your data rights, please contact:
Data Protection Officer (DPO):
[Full Name]
Prasad Meditech
[Company Address]
Email: [Insert Email]
Phone: [Insert Phone Number]
For GDPR-related complaints, you also have the right to lodge a complaint with your local Data Protection Authority (DPA).
We may update this GDPR Compliance Policy from time to time to reflect legal changes or operational improvements. The latest version will always be available on our website.
Last updated on: [Insert Date]
