ASK-AYURVEDA.COM GDPR COMPLIANCE POLICY

Effective Date: 25th November, 2024

This GDPR Compliance Policy ("Policy") explains how Ask-Ayurveda.com ("Platform"), operated by SWISS AYURVEDA PRIVATE LIMITED ("Company"), registered in India under CIN U86901MP2024PTC073695, with its registered office at H. No. 186, Bhel, Bhopal, Huzur, Madhya Pradesh, India, 462022, ensures compliance with the General Data Protection Regulation (GDPR) (EU) 2016/679 for users based in the European Union (EU).

By using this Platform, you agree to the terms outlined in this Policy. If you do not agree, please discontinue use immediately.

1. DATA CONTROLLER AND DATA PROTECTION OFFICER (DPO)

• The Company acts as the Data Controller for personal data collected on the Platform.
• A Data Protection Officer (DPO) has been appointed to oversee GDPR compliance.
• EU Users can contact the DPO at info@ask-ayurveda.com for any GDPR-related inquiries.

2. LAWFUL BASIS FOR DATA PROCESSING

The Company processes personal data based on the following lawful grounds under GDPR:

• User Consent – When Users provide explicit consent for data processing.
• Contractual Necessity – When processing is necessary for providing services.
• Legal Obligations – To comply with applicable legal requirements.
• Legitimate Interests – For fraud prevention, security, and service improvements.

3. PERSONAL DATA WE COLLECT

We collect and process the following types of data from EU Users:

• Identity Data – Name, email address, phone number.
• Medical Data – Health-related information voluntarily shared with Practitioners.
• Financial Data – Payment details processed via third-party providers.
• Technical Data – IP address, device type, cookies, and analytics data.

4. USER RIGHTS UNDER GDPR

EU Users have the following rights under GDPR:

• Right to Access – Request copies of personal data stored by the Company.
• Right to Rectification – Request corrections to inaccurate or incomplete data.
• **Right to Erasure (‘Right to be Forgotten’) ** – Request deletion of personal data.
• Right to Restrict Processing – Request limitations on how data is processed.
• Right to Data Portability – Request transfer of data to another service provider.
• Right to Object – Object to certain types of data processing.
• Right to Withdraw Consent – Withdraw consent at any time without affecting prior lawful processing.

Users can exercise their rights by contacting info@ask-ayurveda.com.

5. DATA RETENTION POLICY

• Personal data is retained only as long as necessary to provide the services and comply with legal obligations.
• Data is deleted or anonymized once it is no longer required.
• Users can request the deletion of their data in accordance with their GDPR rights.

6. DATA SECURITY MEASURES

The Company implements industry-standard security measures to protect user data, including:

• Encryption
• Access controls
• Monitoring systems

These measures are in place to prevent data breaches and unauthorized access.

In the event of a data breach, affected users will be notified as required by GDPR.

7. DATA TRANSFERS OUTSIDE THE EU

• The Company stores and processes data outside the EU, primarily in India.
• All data transfers are conducted in compliance with GDPR adequacy standards.
• The Company uses Standard Contractual Clauses (SCCs) to ensure the legality of international data transfers.

8. USE OF THIRD-PARTY SERVICES

• Third-party services, including payment processors, analytics providers, and cloud storage services, may process personal data.
• These third-party providers are required to comply with GDPR in their operations.
• Users are encouraged to review the privacy policies of third-party services.

9. COMPLAINTS AND DISPUTE RESOLUTION

• EU Users have the right to file complaints regarding GDPR compliance with the Data Protection Authority (DPA) in their country.
• The Company will cooperate fully with regulatory authorities in the enforcement of GDPR.

10. CHANGES TO THIS POLICY

• The Company reserves the right to modify this Policy at any time.
• Continued use of the Platform after modifications constitutes acceptance of the updated terms.
• The date of the most recent modification will be indicated at the top of this Policy.

11. GOVERNING LAW

This Policy is governed by GDPR and relevant EU laws. Any disputes shall be resolved under applicable EU data protection laws.

For GDPR-related inquiries, please contact info@ask-ayurveda.com.