1. Introduction

This Privacy Policy describes how Medsby Healthcare & Engineering Solutions, We collects, uses, stores, and protects personal data when you visit https://medsby.in/ or engage with any of our products and services.

Medsby is a technology manufacturing and consultancy company based in Coimbatore, Tamil Nadu, India. We specialise in 3D printing, 3D bioprinting, biomechanical devices, robotic systems, biomedical products, product development, prototyping, and educational training programs.

We are committed to safeguarding your privacy in full compliance with applicable Indian laws, including the Information Technology Act, 2000 (IT Act) and the Digital Personal Data Protection Act, 2023 (DPDP Act).

2. Scope of This Policy

This Policy applies to:

• All visitors to https://medsby.in/
• Customers purchasing products through our online store
• Clients engaging us for 3D printing, prototyping, or engineering consultancy services
• Students, educators, and institutions enrolling in our EduTech and training programs
• Job applicants submitting information via our Careers page
• Individuals contacting us for support, inquiries, or events

3. Information We Collect

3.1 Personal Information

We collect the following personal information when you interact with our website or services:

• Full name
• Email address
• Phone number
• Company or institution name
• Billing and shipping address
• Payment details (processed securely through third-party payment gateways; we do not store card data)
• Career and educational background (for job applicants)

3.2 Technical & Usage Data

When you visit our website, we automatically collect certain technical information:

• IP address and approximate geographic location
• Browser type and version
• Device type and operating system
• Pages visited, time spent, and navigation patterns
• Referral source (how you found our website)
• Cookie identifiers and session data

3.3 Engineering & Project Data

When you engage us for technical services, you may share:

• CAD files and 3D models
• Engineering specifications and design briefs
• Research data and prototype requirements
• Technical drawings and intellectual property documents

4. How We Use Your Information

We use collected information for the following purposes:

• Order fulfilment: To process, confirm, and deliver product orders placed on our store.
• Service delivery: To provide 3D printing, prototyping, biomechanical, and engineering consultancy services.
• Customer support: To respond to inquiries, complaints, and support requests via phone, email, or contact forms.
• EduTech programs: To manage academic lab establishments, industrial training enrollments, and internship applications.
• Communication: To send service updates, order confirmations, shipping notifications, and newsletters (with your consent).
• Website improvement: To analyse usage patterns and improve website functionality and user experience.
• Legal compliance: To comply with applicable laws, regulations, and government requests.
• Fraud prevention: To detect, investigate, and prevent fraudulent transactions or unauthorised access.
• Recruitment: To evaluate job applications and communicate with candidates.

5. Legal Basis for Processing

We process your personal data on the following legal grounds under the DPDP Act 2023 and IT Act 2000:

• Consent: Where you have explicitly agreed to the processing of your data (e.g., newsletter subscription, cookie acceptance).
• Contractual necessity: Where processing is required to fulfil an order, provide a service, or execute a project agreement.
• Legal obligation: Where we are required to process data to comply with applicable laws or government authorities.
• Legitimate interests: For purposes such as fraud prevention, website analytics, and business communication, provided these do not override your rights.

6. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to enhance your experience. Cookies are small text files stored on your device. We use the following types:

• Essential cookies: Required for core website functions such as your shopping cart, wishlist, session management, and user login. These cannot be disabled without affecting website functionality.
• Functional cookies: Remember your preferences such as language settings and newsletter opt-in choices.
• Analytics cookies: Help us understand how visitors interact with our website (pages visited, time on site). Data is anonymised and aggregated.

You may control or disable cookies through your browser settings at any time. Disabling essential cookies may affect certain website features. A cookie consent banner on our website allows you to manage your preferences.

7. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data to third parties. We may share your information in the following limited circumstances:

• Service providers: With trusted third-party vendors who assist in website hosting, payment processing, logistics and shipping, and email communication. These parties are contractually bound to maintain confidentiality.
• Payment gateways: Order and payment details are securely handled by certified third-party payment processors. We do not store financial credentials on our servers.
• Logistics partners: Shipping address and contact details may be shared with courier and delivery partners to fulfil orders.
• Legal authorities: We may disclose personal data to government or regulatory bodies when required by law, court order, or to protect our legal rights.
• Business transfers: In the event of a merger, acquisition, or sale of business assets, personal data may be transferred to the successor entity, subject to continued compliance with this Policy.

8. Confidentiality of Engineering Data

All client-provided technical materials — including CAD files, 3D models, biomedical designs, engineering specifications, research prototypes, and intellectual property documents — are treated with strict confidentiality. We commit to the following:

• Technical data is used solely for the purpose of the agreed project or service.
• Engineering files will not be shared with, sold to, or disclosed to any third party without the client's prior written consent, except where required by law.
• Client files are stored securely and deleted or returned upon project completion, unless otherwise agreed.
• Staff and contractors with access to client data are bound by confidentiality obligations.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or disclosure. These include:

• Secure HTTPS encryption for all data transmitted via our website
• Access controls limiting data access to authorised personnel only
• Regular security reviews of our systems and processes
• Secure storage of engineering files with restricted access

While we take every reasonable precaution, no method of transmission over the internet is entirely secure. In the event of a data breach that affects your rights, we will notify you as required by applicable law.

10. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected:

• Order and transaction records: Retained for a minimum of 7 years for accounting, tax, and legal compliance purposes.
• Customer account data: Retained while your account remains active or as needed to provide services.
• Engineering project data: Retained for the duration of the project and a reasonable period thereafter (typically 1–3 years), unless a different retention period is agreed in writing.
• Marketing and communication data: Retained until you withdraw consent or unsubscribe.
• Job applicant data: Retained for 6–12 months after the application process concludes.

After the applicable retention period, data is securely deleted or anonymised.

11. Your Rights

Under the Digital Personal Data Protection Act, 2023 and other applicable laws, you have the following rights:

• Right to access: You may request a copy of the personal data we hold about you.
• Right to correction: You may request that inaccurate or incomplete personal data be corrected.
• Right to erasure: You may request deletion of your personal data, subject to legal and contractual obligations.
• Right to withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting the legality of prior processing.
• Right to data portability: You may request your data in a structured, commonly used format.
• Right to grievance redressal: You may raise a complaint with us or with the Data Protection Board of India regarding our data practices.

To exercise any of these rights, please contact us using the details in Section 15. We will respond within a reasonable timeframe as required by law.

12. Third-Party Links

Our website may contain links to external websites, social media platforms (Facebook, Instagram, LinkedIn, YouTube, Twitter/X), and partner sites. Medsby is not responsible for the privacy practices or content of such third-party sites. We encourage you to review the privacy policies of any external sites you visit.

13. Children's Privacy

Our products, services, and website are not directed toward individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that personal data has been inadvertently collected from a person under 18, we will take prompt steps to delete it. If you believe a minor has submitted information to us, please contact us immediately.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable laws. When changes are made:

• The updated Policy will be published on this page with a revised effective date.
• For significant changes, we may notify you via email or a prominent notice on our website.

We encourage you to review this Policy periodically. Continued use of our website or services after changes are posted constitutes your acceptance of the updated Policy.

15. Contact Us

For any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact us:

16. Consent Acknowledgement

By accessing or using the Medsby website and services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with any part of this Policy, please discontinue use of our website and services and contact us to discuss your concerns.