Privacy Policy

This Privacy Policy (“Privacy Policy”) describes what information Medless.com (“Company”), as the operator of the Platform and owner of the Platform, may collect from a user (“You”“Your” or “User”), on or through the website (www.medless.com and subdomain https://speciality.medless.com) (the “Website”), directly (the owner and the operator of the Platform are referred collectively as “We”“Us””Our”) or in relation to services otherwise rendered by Us (“Platform”), including our facilitation through the Platform, of purchase of pharmaceutical drugs from our Partners, and the facilitation of services by third parties which may include delivery of pharmaceutical, over the counter products and such other products as ordered by You through the Website, and how We use, process, disclose and try to protect such information.

You agree and understand that the Company is responsible for operation and maintenance of the Platform and all information collected and processed on the Platform is collected and processed by Us strictly in relation to Our business.

By clicking on ‘Continue’ during the sign-up process, by using Our Platform, or by using the Services, You confirm that You have read, understood, and agree with the privacy practices described in this Privacy Policy, and the Terms and Conditions (the “Terms”) and the collection, storage and processing of Your information in accordance with them.

This Privacy Policy is incorporated by reference into the Terms & Conditions. Any capitalized terms used but not defined in this Privacy Policy have the meaning given to them in the Terms.

This Privacy Policy is published in compliance with, inter alia:

  1. Regulation (EU) 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (“GDPR”) and other applicable local legal acts of the Company’s partners.

General Terms:

  1. We reserve the right to change, modify, add or delete portions of the terms of this Privacy Policy, at Our sole discretion, at any time, and any continued use of the Services or the Platform, following any such amendments to the Privacy Policy, will be deemed as an implicit acceptance of the Privacy Policy in its amended form. You are requested to review the Privacy Policy from time to time to keep yourself updated with any changes; modifications made to the terms hereof.
  2. If You are accessing or using Services on the Website from an overseas location, You do so at Your own risk, and shall be solely liable for compliance with any applicable local laws.
  3. If You do not agree with any of the terms and conditions of this Privacy Policy, please do not proceed further to use this Website or any Services. This Privacy Policy is subject to change at any time without notice. To make sure You are aware of any changes, please review this policy on this Website periodically.

Our Company takes the privacy of your information seriously. This Privacy Policy describes the types of personal information we collect from you through our website (including sub-domains and microsites). It also describes the purposes for which we collect that personal information, the other parties with whom we may share it and the measures we take to protect the security of your data. It also tells you about your rights and choices with respect to your personal information, and how you can contact us about our privacy practices.

You are advised to carefully read this Privacy Policy before using or availing any of our products and/or services.

  1. DEFINITIONS

In this Privacy Policy, the following definitions are used:

Cookies

a small file placed on your device by our website when you either visit or use certain features of our website. A cookie generally allows a website to remember your actions or preference for a certain period of time.

Data

personal information and sensitive personal information about you, which either directly or indirectly in combination with other information, could allow you to be identified when you visit our stores or website

Data Protection Laws

any applicable law for the time being in force relating to the processing of Data.

Partners

select third parties (including Speciality Medicines Pvt. Ltd., a legal entity registered in India under the Companies Act, 2013, having its Corporate office at Unit 27, Ground Floor, Andheri Sainath Premises Co Soc, 20 Mahakali Caves Road, Andheri (East) Mumbai – 400 093, Maharashtra, India) with whom we have contracts for the businesses described in this Privacy policy.

Service Providers

includes entities to whom we or our partners will disclose your Data to process information for a specific purpose pursuant to written contract.

Medless

Medless, UAB, company code: 306171363, registered office address: V. Nagevičiaus g. 3, LT-08237 Vilnius, Republic of Lithuania, email: info@medless.com

User or you

the natural person who accesses our stores, website.

2. WHAT PRINCIPLES DO WE FOLLOW WHEN PROCESSING YOUR DATA?

  • We process your personal data only to the extent necessary to achieve the relevant clearly defined and legitimate purposes, taking into account the protection of your privacy;
  • We ensure that the data is processed accurately, fairly and lawfully and is processed only for purposes that meet the purposes specified before the collection of personal data;
  • We process all data in strict accordance with the clear and transparent requirements for the processing of personal data established by legal acts;
  • We store the data in a form that allows you to be identified for no longer than is necessary for the purposes for which the personal data are processed;

When processing your data, we apply appropriate technical and organizational measures to ensure the security of personal data, including protection against unlawful processing of data and against accidental loss, destruction, damage.

3. WHAT DATA DO WE COLLECT ABOUT YOU

Company collects Data for various purposes set out in this Privacy Policy.

This Data includes, without limitation, the following categories:

  1. Contact information: first and last name, email address, postal address, country, phone number and other similar contact data.
  2. Financial information: date and time of order submission payment amount and status : payment instrument information, transactions, transaction history, preferences, method, mode and manner of payment, spending pattern or trends, and other similar data.
  3. Technical information: website usage, Internet Protocol (IP) address and similar information collected via automated means, such as cookies, pixels and similar technologies.
  4. Transaction information: the date of the transaction, total amount, transaction history and preferences and related details.
  5. Health related information, such as information or records relating to Your medical/ health history, health status, details of treatment plans and medication prescribed by a Medical Practitioner, dosage details such as frequency of dosage, alternative medication, medicines ordered by You through the Platform and any other information inferred there from; contents of the prescription, name of the medicinal product, health care institution, name and surname of the doctor who issued the prescription, name and surname of the patient, phone number, address, date of ordering and/or dispensing of the medicine and other data specified in the prescriptions.
  6. Product and service information: Your account membership number, registration and payment information, and program-specific information, when you request products and/or services directly from us, or participate in marketing programs, order ID; ordered goods, quantity, price, date and time of order submission.
  7. Personal information:  details of government identification documents provided (copy of ID card or passport).
  8. Your questions and opinions about our services.

4. HOW WE COLLECT DATA

We collect Data in the following ways:

  1. Information You Give Us: We receive and store any information you enter on our website. Please see the section titled “Data Shared by You” for more information.
  2. Automatic Information We Collect: We use “cookies”, pixels and similar technologies to receive and store certain types of information whenever you interact with us. Please see the section below, titled “Data that is Collected Automatically” for more information.
  3. Information Previously Provided to Company: Where you have shared any information previously with Medless platform, such information will be shared with us by Medless platform.

You can make choices about our collection and use of your Data. For example, you may want to access, edit or remove your Data on our website.

5. DATA SHARED BY YOU

Company may collect your Data in several ways from your use of our website. For instance:

  1. when you register with us to receive our services;
  2. when you conduct a transaction with us or attempt a transaction on our website ;
  3. when you complete surveys conducted by or for us if applicable;
  4. from the information gathered by your visit to our website.

6. DATA THAT IS COLLECTED AUTOMATICALLY

  1. We automatically collect some information when you visit our website. This information helps us to make improvements to our content and navigation. The information collected automatically includes your IP address.
  2. Our web servers or affiliates who provide analytics and performance enhancement services collect IP addresses, operating system details, browsing details, device details and language settings. This information is aggregated to measure the number of visits, average time spent on the site, pages viewed and similar information. Company uses this information to measure the site usage, improve content and to ensure safety and security, as well as enhance performance of our website.
  3. We may collect your Data automatically via Cookies, pixels and similar technologies in line with settings on your browser. For more information about Cookies, please see the section below, titled “Cookies”.

7. OUR USE OF DATA

Any or all the above Data may be required by us from time to time to provide information relating to Company and to work on the experience when using our website. Specifically, Data may be used by us for the following reasons and legal bases:

Processing is necessary for the performance of a contract (Art. 6(1)(b) of the GDPR) or (as may be applicable) processing is necessary for reasons of substantial public interest (Art. 9(2)(g) of the GDPR):

  1. carry out our obligations arising from any contract entered into between you and us;
  2. provide products and/or services and communicate with you about products and/or services offered by us;

Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party (Art. 6(1)(f) of the GDPR) or (as may be applicable) the data subject has given consent (Art. 6(1)(a) of the GDPR):

  1. enable Company and Partners to offer their products and/or services and communicate with you about such products and/or services;
  2. processing, disclosing, transmitting, and/or sharing the data/information with other third parties which have business or contractual dealings with us;
  3. provide you with offers (including for financial products and/or services), personalized services and recommendations and improve your experience on our website;
  4. operate, evaluate and improve our business, website application;
  5. generate aggregated data to prepare insights to enable us to understand customer behaviour, patterns and trends with a view to learning more about your preferences or other characteristics;
  6. communicate with you (including to respond to your requests, questions, feedback, claims or disputes) and to customize and improve our services;
  7. enforce the terms of use of our website;
  8. protect against and prevent fraud, illegal activity, harm, financial loss and other legal or information security risks; and
  9. serve other purposes for which we provide specific notice at the time of collection, and as otherwise authorized or required by applicable law.

We treat these inferences as personal information (or sensitive personal information, as the case may be), where required under applicable law. Some of the above grounds for processing will overlap and there may be several grounds which justify our use of your personal information.

Where required under applicable law, we will only use your personal information (including sensitive personal information) with your consent; as necessary to provide you with products and/or services; to comply with a legal obligation; or when there is a legitimate interest that necessitates the use.

8. MINORS

Our website does not offer products or services for use by minors. If you are under 18, you may use our website only with the involvement of a parent or guardian.

9. SHARING OF DATA

We may share your Data with/ for:

  1. Partners:  We may make available to you services, products, or applications provided by Partners for use on or through our website. If you choose to use such service, customer information related to those transactions may be shared with such Partner.
    Such Partners will be required to respect the security of your Data and to treat it in accordance with this privacy policy and applicable law.
  2. Service Providers: We may share your Data with Service Providers. Examples include storing and analyzing Data, protecting and securing our systems, providing search results and links, providing customer service, international parcel delivery (for example, DHL), processing your information for profiling, user analysis, payment processing.
  3. Information from Other Sources: We may obtain information from other sources. An example of this is when you authorize a third-party website, to interact directly with our website to provide or receive Data about you. In that case, we might receive such Data used by that third-party website to identify your account with that website.
    These Service Providers will be required to only process Data in accordance with express instructions and as necessary to perform services for purposes set forth in this Privacy Policy. The Service Providers will also be required to safeguard the security and confidentiality of the Data they process by implementing appropriate technical and organizational security measures and confidentiality obligations binding employees accessing Data.
  4. Protecting Company: We may release Data when we believe release is appropriate to comply with applicable law or legal process, enforce or apply the Terms of Use of our website and other agreements, protect Company against harm or financial loss, when we believe disclosure is necessary to protect individuals’ vital interests, or in connection with an investigation of suspected or actual fraudulent or illegal activity. This may include exchanging information with other companies and organizations for fraud protection, risk management and dispute resolution. This does not include selling or otherwise disclosing personal information of users for commercial purposes in violation of this Privacy Policy.
  1. Third Parties: We may also share your Data with other third parties where:
    • You request or authorize us to do so;
    • We need to comply with applicable law or respond to valid legal process; or
    • We need to operate and maintain the security of our website, including to prevent or stop an attack on our computer systems or networks.

We require these third parties by contract to only process sensitive personal data in accordance with our instructions and as necessary to perform services on our behalf or in compliance with applicable law. We also require them to safeguard the security and confidentiality of the sensitive personal data they process on our behalf by implementing appropriate confidentiality, technical and organizational security measures.

The use of your Data will be governed by their privacy statements when you provide Data on their websites.

10. KEEPING DATA SECURE

We will use technical and organisational measures to safeguard your Data and we store your Data on secure servers. Technical and organisational measures include measures to deal with any suspected data breach. If you suspect any misuse or loss or unauthorised access to your Data, please let us know immediately by contacting us by e-mail at our email address provided at Clause 16 below.

11. RETENTION OF DATA

Company retains Data for as long as necessary for the use of our products and/or services or to provide access to and use of our website, or for other essential purposes such as complying with our legal obligations, resolving disputes, enforcing our agreements and as long as processing and retaining your Data is necessary and is permitted by applicable law. Because these needs can vary for different data types and purposes, actual retention periods can vary significantly.

The general term for data storage is 10 years from the date of order fulfillment (or submitting data to the Company, if you have not completed the order).

Retention period of health data and ID/passport copies – 10 days after order fulfillment.

Retention period of communication data is 3 years from the date of submission of the request.

Retention period of cookies is indicated in a Cookies policy.

Even if we delete your Data, including on account of exercise of your right under Clause 12 below, it may persist on backup or archival media for audit, legal, tax or regulatory purposes.

12. YOUR RIGHTS AND CHOICES

When we process Data about you, we do so with your consent and/or as necessary to operate our business, meet our contractual and legal obligations, protect the security of our systems and our customers, or fulfil other legitimate interests of Company as described in this Privacy Policy.
You have the following rights in relation to your sensitive personal information and you can exercise it by submitting a request as described in the “How to Contact Us” section below.

You have the right to:

  • know (be informed) about the processing of your personal data;
  • get acquainted with the processed personal data of yourself, to receive information, from what sources and what personal data have been collected, for what purpose they are processed, to which data recipients they are provided or provided, and to receive copies thereof;
  • request the rectification of your personal data processed if the data is inaccurate and (or) incomplete;
  • request the erasure of your personal data or the restriction of the processing of your personal data if excessive, inaccurate personal data are processed and (or) when you withdraw your consent, and (or) there are other sufficient grounds for this;
  • withdraw consent;
  • receive personal data provided by you, related to you, in a structured, commonly used, machine-readable format and (or) to transfer those data to another data controller, and (or) to request that we do so when technically possible.

It is important that the Data we hold about you is accurate and current. Please keep us informed if your personal information changes during the period for which we hold it.

13. PROCESSING YOUR DATA

We take steps to ensure that the Data we collect under this Privacy Policy is processed according to the provisions of this Privacy Policy and the requirements of applicable law.

To ensure that your Data receives an adequate level of protection, we have put in place appropriate written contracts with Company, Partners and Service Providers that we share your Data with. This ensures your Data is treated by such parties in a way that is consistent with applicable law.

14. SEVERABILITY

If any court or competent authority finds that any provision of this Privacy Policy (or part of any provision) is invalid, illegal or unenforceable, that provision or part-provision will, to the extent required, be deemed to be deleted, and the validity and enforceability of the other provisions of this Privacy Policy will not be affected.

15. CHANGES TO THIS PRIVACY POLICY

Our business changes constantly and our Privacy Policy may also change . We may e-mail periodic reminders of our notices and conditions, unless you have instructed us not to, but you should check our website frequently to see recent changes. The updated version will be effective as soon as it is accessible. Any changes will be immediately posted on our website and you are deemed to have accepted the terms of the updated Privacy Policy on your first use of our website  or first purchase of the products and/or services following the alterations. We encourage you to review this Privacy Policy frequently to be informed of how we are protecting your information.

16. HOW TO CONTACT US

To request to access, review, update, or withdraw your consent for your personal information or to otherwise reach us, please submit a request by e-mailing us at info@medless.com. You may contact us for information on Service Providers and Partners with whom we may share your Data in compliance with this Privacy Policy and applicable law. We will respond to your request within 30 days.

Last updated: July 5, 2023