At surgiXpert, a leading medical equipment manufacturer in India, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, purchase our medical equipment, engage with our customer service, or use our maintenance and support services (collectively, the “Services”).

This Privacy Policy is in accordance with the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”) of India.

Please read this Privacy Policy carefully. By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

1. Information We Collect
We collect the following categories of information:

1.1 Sensitive Personal Data or Information (SPDI)

As defined under Indian law, this includes:
– Passwords
– Financial information such as bank account details, credit/debit card details, or other payment instrument details
– Any information related to medical devices purchased that may reveal physical or physiological health conditions
– Any detail relating to the above when provided for purchasing or servicing medical equipment

1.2 Personal Information
– Contact Information: Name, email address, phone number, and mailing address
– Professional Information: For healthcare institutions and professionals, credentials, specialties, hospital affiliations, and licensing information
– Business Information: Organization name, department, job title, procurement authority
– Account Information: Username and account preferences
– Purchase History: Medical equipment purchased, warranty information, service records
– Device Information: IP address, browser type, operating system, device identifiers, and mobile network information

1.3 Usage Data
– Interaction Data: Pages visited, features used, time spent on the Services, product views, downloads of technical documentation
– Location Data: General location information derived from IP address

1.4 Cookies and Similar Technologies
– We use cookies, web beacons, and similar technologies to enhance your experience, gather usage information, and enable certain functionality
– You can control cookies through your browser settings, but disabling cookies may limit your use of certain features

2. How We Collect Information
We collect information through:

2.1 Direct Interactions
– When you create an account, complete forms, or communicate with us
– When you purchase medical equipment, register products, or request services
– When you contact our sales or support teams
– When you participate in surveys, webinars, or events

2.2 Automated Technologies
– When you navigate through and interact with our website
– Through cookies, server logs, and other tracking technologies

2.3 Third Parties
– From distributors, resellers, and business partners
– From publicly available sources like hospital directories or professional registries

2.4 Connected Medical Devices
– Some of our medical equipment may transmit technical data, usage statistics, and diagnostic information
– This information is used solely for equipment maintenance, improvement, and support purposes

3. Consent

3.1 Express Consent
– By using our Services and providing your SPDI, you expressly consent to the collection, use, and disclosure of your information as described in this Privacy Policy
– You acknowledge that your SPDI is being collected for lawful purposes connected with our function as a medical equipment manufacturer

3.2 Withdrawal of Consent
– You have the right to withdraw your consent at any time by contacting us
– However, withdrawal of consent may result in our inability to provide you with certain Services, product support, or warranty services

4. How We Use Your Information
We use the information we collect for the following purposes:

4.1 Products and Services
– To process and fulfill your orders for medical equipment
– To provide technical support, maintenance, and warranty services
– To register your products and validate warranty claims
– To process returns, exchanges, and repairs

4.2 User Experience and Communication
– To provide you with information about our medical equipment, including updates, recalls, and safety notices
– To notify you about changes to our equipment specifications or regulatory compliance
– To communicate with you about products you’ve purchased or services you’ve used
– To respond to your inquiries and provide customer service

4.3 Regulatory Compliance
– To comply with medical device regulations and reporting requirements
– To manage product recalls or corrective actions if required
– To maintain records as required by regulatory authorities

4.4 Business Operations
– To improve our medical equipment and services
– To analyze usage patterns and trends to develop new medical devices
– For other business purposes, such as data analysis, audits, and quality assurance

5. Medical Device Information

5.1 Equipment Data
– Data transmitted from connected medical devices is used solely for supporting the safe and effective use of the equipment
– This data is processed in compliance with medical device regulations applicable in India

5.2 Use and Disclosure of Device Information
– We only use and disclose medical device information as permitted by applicable Indian laws and regulations
– We may share anonymized and aggregated device data for research and development purposes
5.3 Device Tracking
– As a medical equipment manufacturer, we may maintain device tracking for regulatory compliance and safety purposes
– This tracking is conducted in accordance with the Medical Devices Rules, 2017 and other applicable regulations

6. Information Sharing and Disclosure
We may share your information with:

6.1 Service Providers
– Authorized service technicians and repair centers
– Third-party vendors who perform services on our behalf, such as payment processing, shipping, data analysis, email delivery, hosting, and customer service
– All service providers are bound by contract to maintain the confidentiality of your information

6.2 Business Partners
– Authorized distributors and resellers of our medical equipment
– Partners with whom we jointly develop or market medical equipment
6.3 Legal Requirements

– When required by law, such as to comply with regulatory requirements, court orders, legal processes, or government requests
– When we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of patients or others
6.4 Business Transfers

– If we are involved in a merger, acquisition, or sale of all or a portion of our assets, your information may be transferred as part of that transaction
– We will notify you via email and/or a prominent notice on our website of any change in ownership or uses of your SPDI

7. Data Security
We implement appropriate technical and organizational measures to protect your information:

7.1 Security Practices
– We maintain reasonable security practices and procedures as prescribed under the SPDI Rules
– We have implemented IS/ISO/IEC 27001 standards for information security management
– We conduct regular security assessments and audits of our systems and processes

7.2 Data Breach Notification
– In the event of a data breach involving your information, we will notify you and relevant authorities as required by applicable law

7.3 Retention
– We retain your information for as long as necessary to fulfill the purposes outlined in this Privacy Policy
– For medical equipment purchases, we maintain records as required by medical device regulations and tax laws
– SPDI is not retained for longer than is required for the purposes for which it may be lawfully used

8. Your Rights
Under Indian law, you have the following rights regarding your SPDI:

8.1 Right to Access
– You have the right to request confirmation of whether we process your SPDI
– You have the right to access your SPDI in our possession

8.2 Right to Correction
– You have the right to correct any inaccurate or deficient SPDI

8.3 Right to Withdraw Consent
– You have the right to withdraw consent previously given for the collection, use, or disclosure of your SPDI

8.4 How to Exercise Your Rights
– To exercise your rights, please contact us using the information provided in the “Contact Us” section
– We will respond to your request within 30 days

9. Business Customer Data
If you are a healthcare institution or professional purchasing our medical equipment:

9.1 Business Contact Information
– We collect business contact information for account management, order processing, and regulatory compliance
– This information may be retained for the duration of our business relationship and as required by applicable laws

9.2 Equipment User Information
– When you provide information about the users of our medical equipment, you represent that you have appropriate authority to share this information
– You are responsible for informing these individuals about our Privacy Policy

10. Data Transfer

10.1 International Transfers
– If we transfer your SPDI to any other body corporate or a person in India, or located in any other country, we will ensure that they maintain the same level of data protection that is adhered to by us
– We will ensure that the receiving entity provides the same level of protection as is required under the SPDI Rules

10.2 Transfer Safeguards
– We will transfer SPDI to entities in other countries only if such transfer is necessary for the performance of a lawful contract between us and you or where you have consented to the transfer

11. Grievance Officer
In accordance with the Information Technology Act, 2000 and rules made thereunder, the contact details of the Grievance Officer are provided below:

Name: Satyendra Singh
Designation: Grievance Officer, surgiXpert
Email: grievance@surgixpert.com
The Grievance Officer shall redress the grievances of users expeditiously but within one
month from the date of receipt of the grievance.

12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. The updated version will be indicated by an updated “Last Updated” date. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information.
We will seek your consent for any material changes to this Privacy Policy if it involves the use of your SPDI for a new purpose not previously identified.

13. Contact Us
If you have questions or concerns about this Privacy Policy or our privacy practices, please contact us at:
– Email: info@surgixpert.com

14. Dispute Resolution
Any disputes arising from or relating to this Privacy Policy will be resolved in accordance with the dispute resolution provisions in our Terms and Conditions and applicable Indian laws.

By using the surgiXpert Services, you acknowledge that you have read, understood, and
agree to this Privacy Policy.