MEDIKAVACH is an Indian medical apparel brand manufacturing which is lab tested, antimicrobial, blood resistant, and 2-way stretch scrubs for healthcare professionals. We serve hospitals, clinics, and institutions (B2B) as well as individual doctors and nurses (B2C) across India.

As the entity that determines how and why your personal data is processed, MEDIKAVACH is the Data Fiduciary under the Digital Personal Data Protection Act, 2023 (DPDP Act).

What Information We Collect

We collect only what is necessary to process your order, communicate with you, and improve our service.

Identity and Contact Information

We collect your full name, mobile number, email address, and delivery or billing address. For B2B institutional orders, we also collect the hospital or clinic name, department, and the name and designation of the procurement contact.

Order and Transaction Information

We collect details of products ordered — type, size, colour, and quantity — along with order value, payment method used, order status, customisation requirements such as logo embroidery, and details of any returns or exchanges. We do not store card numbers, UPI
credentials, or net banking details.

Technical and Device Information

When you visit our website, we automatically collect your IP address, browser type, device type, and general navigation patterns such as pages visited and time spent. This data is collected in anonymized or aggregated form wherever possible.

Communication Data

We store messages sent to us via WhatsApp, email, or website contact forms, customer service conversations, and any feedback, reviews, or testimonials you voluntarily provide.

What We Do Not Collect

We do not collect sensitive personal data such as health records, biometric information, financial account credentials, or government-issued identification such as Aadhaar or PAN numbers. We do not knowingly collect data from anyone under 18 years of age.

How We Collect Your Information

We collect your information
through the following channels:

 —  Our website, when you browse, register, or place an order at www.medikavach.com

—  WhatsApp Business, when you message us, send order details, or share your delivery address

—  Direct communication via phone calls, emails, or at medical events or conferences

—  B2B order forms, quotation requests, or customisation inquiry forms

—  Instagram and other social media platforms when you DM us or engage with our content

—  Referrals, when an existing customer shares your contact with us

—  Hospital or clinic procurement teams, when staff details are provided for bulk orders

Why We Use Your Information

We process your personal data strictly for the following purposes. We do not use your data for any undisclosed purpose.

Order Fulfilment and Customer Service

To process and confirm your order, send dispatch and delivery updates, coordinate production and logistics, manage returns and exchanges, and respond to queries and complaints.

Business Operations

For GST-compliant billing and invoicing, production planning, inventory management, managing B2B supply contracts, and confirming payment transactions.

Marketing and Communication

With your explicit consent, we send product updates, new launches, and promotional offers via WhatsApp broadcast. A transactional order does not automatically grant consent for promotional messaging — we obtain separate consent for marketing communications. You may opt out at any time by replying STOP or emailing unsubscribe@medikavach.com, and withdrawal will be processed without delay.

Legal and Regulatory Compliance

To maintain records as required under the GST Act, Companies Act, and other applicable Indian laws, and to respond to lawful government orders or legal processes.

Website and Service Improvement

To analyse website traffic and user behaviour in anonymised form, and to collect feedback to improve our products and overall customer experience.

 How We Share Your Information

We do not sell, rent, or trade your personal data. We share it only in the following limited and necessary circumstances. All third parties are contractually required to protect your data.

Delivery and Logistics Partners

Courier services such as Delhivery, Shiprocket, or DTDC receive your name, address, and phone number solely to fulfil your shipment. They are not permitted to use this data for any other purpose.

Payment Processors

Payment gateways such as Razorpay or PayU process your transactions securely. We do not store card numbers, UPI IDs, or banking credentials. All payment data storage complies with the RBI's Payment Data Localisation Policy.

Website and Technology Platform

Our e-commerce platform stores your order and account data as necessary to operate our online store.

Manufacturing Partners

Our production partners receive order specifications — product type, size, colour, and quantity. Your personal contact details are never shared with manufacturing units.

Accounting and Compliance Tools

Software used for GST invoicing and financial record-keeping may process your billing details for compliance purposes.

Analytics Services

We use anonymised, aggregated website traffic data through tools such as Google Analytics. No personally identifiable information is shared with analytics providers.

Legal Disclosures

We may disclose your data when required by a court order, statutory authority, or government directive, or to prevent and investigate fraud or security breaches. We will notify you where legally permitted to do so.

Cookies and Tracking Technologies

Our website uses cookies to improve functionality and understand how it is used.

Essential cookies are required for the website to operate — including your shopping cart, login session, and security features. These cannot be disabled.

Analytics cookies collect anonymised data such as page views, traffic sources, and user journeys to help us improve the website experience.

Preference cookies remember your display settings and preferences across visits.

Marketing cookies may be used for relevant advertising only with your explicit, separately obtained consent.

You can manage or disable non-essential cookies through your browser settings at any time. Doing so will not affect your ability to browse or place orders on our website.

Data Security

Our security measures include SSL/TLS encryption for all data transmitted through our website, strict access controls so that only authorised personnel can access customer data, regular access reviews and logs, secure payment processing through compliant gateways, contractual data protection obligations with all third-party service providers, and staff training on data privacy handling procedures.

In the event of a personal data breach, we are required to report all breaches — regardless of their severity — to the Data Protection Board of India within 72 hours, as mandated under DPDP Rules 2025. We will also notify affected individuals without undue delay where there is a meaningful risk to their rights or interests.

Your Rights as a Data Principal

The DPDP Act, 2023 provides you with the following rights. You may exercise any of these at no cost to you.

Right to Access — Request a summary of the personal data we hold about you and information about how and why it is being processed.

Right to Correction and Erasure — Request correction of inaccurate or incomplete data, or deletion of your data where it is no longer necessary. Deletion will be carried out promptly, subject to legal retention obligations.

Right to Withdraw Consent — Withdraw your consent for any specific use of your data at any time. Withdrawal will be processed without delay and will not affect any processing that has already taken place.

Right to Grievance Redressal — File a complaint with our Grievance Officer. If unresolved within 30 days, you may escalate it to the Data Protection Board of India at https://dpboard.gov.in.

Right to Nomination — Nominate another individual to exercise your data rights on your behalf in the event of your death or incapacity, as provided under the DPDP Act.

Right to Know — Request information about the categories of data processors and third parties with whom your data has been shared.

Children's Privacy

MEDIKAVACH's products and services are intended exclusively for adult healthcare professionals and institutional buyers. Our website and services are not directed at anyone under 18 years of age.

Processing personal data of a child requires verifiable consent from a parent or lawful guardian, obtained through appropriate technical and organisational means. This situation does not apply to our services, which are designed for and marketed to adults only.

We do not knowingly collect personal data from minors. If you become aware that a minor has provided us
with personal data without verifiable parental consent, please contact us immediately at info@medikavach.com. We will delete such data promptly upon verification.

WhatsApp and Social Media Data

WhatsApp Business

A significant portion of MEDIKAVACH's customer communication takes place through WhatsApp Business. Transactional messages — such as order confirmations, dispatch updates, and delivery notifications — can be sent, since you have voluntarily provided your number for the purpose of placing an order.

However, promotional messages — such as new product launches, discounts, and offers — require separate, explicit consent. We do not add customers to marketing broadcasts based solely on transactional history. We will always seek your clear consent before sending promotional communications.

You may opt out of all WhatsApp communications at any time by replying STOP. We will process your opt-out without delay.

Instagram and Other Social Media

If you tag MEDIKAVACH, send us a direct message, or engage publicly with our content on Instagram or any other platform, that interaction is visible on the respective platform. We may reshare your posts or testimonials as marketing content, but only with your
explicit consent. We do not build personal profiles from social media data without a lawful basis. Each platform's own privacy policy governs its data practices independently of ours.

B2B Hospital and Institutional Clients

For hospitals, clinics, nursing colleges, and other institutions placing bulk orders, the following provisions apply in addition to the rest of this policy.

Contact details of procurement officers, administrators, and HODs are used solely for order communication and fulfilment. Staff information provided for bulk orders — such as department-wise headcount or size preferences — is used only for production planning and is not shared beyond what is strictly necessary to fulfil the specific order.

As an institutional client, you are responsible for obtaining appropriate consent from your staff members before sharing any personal data — including names, designations, or sizes — with MEDIKAVACH. By sharing such data, you confirm that you have the necessary
authorisation or consent to do so.

We process institutional staff data, where data is provided voluntarily and directly in connection with a specific transaction. We will not use this data for any marketing or analytical purpose.