Medical Equipment
Hospital Furniture
Medical Disposables
Rehabilitation
Diagnostic & Labware
Eyes & ENT
Critical Care Equipment
Aesthetic & Dermatology Equipment
Gastroenterology
OT Equipment
Privacy Policy
PRIVACY POLICY
HOSPKART HEALTHIQUE PRIVATE LIMITED
Effective Date: 01 January, 2026
1. INTRODUCTION AND SCOPE
Hospkart Healthique Private Limited (hereinafter referred to as "HOSPkart", "Company", "We", "Us", or "Our"), a company incorporated under the Companies Act, 2013, having its registered office at 7-A-18 Mahaveer Nagar III, Kota South, Mahaveer Nagar, Kota, Rajasthan - 324005, India, operates the website hospkart.in (the "Platform"). This Privacy Policy ("Policy") describes how We collect, use, store, process, disclose, and protect the personal data of individuals who access or use Our Platform.
This Policy is published and shall be construed in accordance with the provisions of the Digital Personal Data Protection Act, 2023 (DPDPA), the Digital Personal Data Protection Rules, 2025 (DPDP Rules), the Information Technology Act, 2000 (IT Act), the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules), the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and any other applicable laws, rules, and regulations relating to the processing of personal data in India, as amended from time to time.
Role of HOSPkart: For the purposes of this Policy and the DPDPA, HOSPkart acts as a "Data Fiduciary" as it determines the purpose and means of processing digital personal data collected through the Platform.
By accessing or using the Platform, You acknowledge that You have read, understood, and agree to be bound by this Privacy Policy. If You do not agree with any part of this Policy, please do not access or use the Platform.
2. DEFINITIONS
Unless otherwise defined herein, capitalised terms shall have the meaning ascribed to them under the DPDPA and DPDP Rules, 2025. For clarity:
"Data Fiduciary" means any person who alone or in conjunction with other persons determines the purpose and means of processing of personal data. For the purposes of this Policy, HOSPkart is the Data Fiduciary.
"Data Principal" means the individual to whom the personal data relates. For the purposes of this Policy, "You" or "User" refers to the Data Principal.
"Data Processor" means any person who processes personal data on behalf of a Data Fiduciary.
"Personal Data" means any data about an individual who is identifiable by or in relation to such data.
"Processing" in relation to personal data, means a wholly or partly automated operation or set of operations performed on digital personal data, including collection, recording, organisation, storage, adaptation, retrieval, use, sharing, disclosure, erasure, or destruction.
"Consent" means free, specific, informed, unconditional, and unambiguous indication of the Data Principal's wishes by a clear affirmative action, signifying agreement to the processing of their personal data for specified purposes.
3. ABOUT THE PLATFORM AND USERS
3.1 Nature of Platform
HOSPkart is a Business-to-Business (B2B) digital marketplace that connects medical equipment and surgical instrument manufacturers/vendors with healthcare institutions such as hospitals, clinics, and diagnostic centres. The Platform uses AI-driven matchmaking technology to facilitate efficient procurement of medical supplies, particularly for Tier 2 and Tier 3 city healthcare providers in India.
3.2 Categories of Users
This Privacy Policy applies to the following categories of Data Principals who use Our Platform:
- a) Vendors/Manufacturers: Medical equipment manufacturers, distributors, and suppliers who list their products on the Platform, including their authorised representatives, employees, and contact persons.
- b) Buyers/Hospitals: Healthcare institutions including hospitals, clinics, nursing homes, diagnostic centres, pharmacies and their authorised procurement personnel, administrators, and contact persons.
- c) Website Visitors: Individuals who browse the Platform without creating an account.
Note: This Platform is designed for B2B transactions and is not intended for use by individual consumers or patients. We do not collect any patient health records or medical information.
4. PERSONAL DATA WE COLLECT
We collect and process personal data that is necessary for the provision of Our services and the functioning of the Platform. The types of personal data collected vary based on Your relationship with Us and Your use of the Platform.
4.1 Information Provided by Vendors/Manufacturers
| Category | Data Elements |
|---|---|
| Business Information | Company name, registered address, GST registration number, PAN, business type, years in operation and other applicable documents. |
| Contact Person Details | Name, designation, email address, mobile number, direct contact details of authorised representatives |
| KYC Documents | GST certificate, PAN card, Certificate of Incorporation, MSME/Udyam registration, Drug License (if applicable) and other applicable documents. |
| Quality & Compliance Certificates | ISO certifications, CE marking, BIS certifications, CDSCO registrations, manufacturing quality certificates and other applicable documents. |
| Product Information | Product catalogues, specifications, pricing, images, inventory details and other applicable documents. |
4.2 Information Provided by Buyers/Hospitals
| Category | Data Elements |
|---|---|
| Institution Information | Hospital/clinic name, type, registration number, GST number, registered, delivery addresses etc. |
| Contact Person Details | Name, designation, department, email address, mobile number of procurement officers, authorised personnel etc. |
| Billing Information | Billing address, GST details for invoicing purposes, etc. |
| Order Information | Purchase history, order preferences, delivery requirements, etc. |
4.3 Automatically Collected Information
When You access or use the Platform, We automatically collect certain technical information:
- Device information (device type, operating system, browser type and version)
- Log data (IP address, access times, pages viewed, time spent on pages, clickstream data)
- Location data (approximate geographic location based on IP address)
- Referral source (how You arrived at Our Platform)
- Usage patterns (features used, search queries, interactions with the Platform)
4.4 Information from Third Parties
We may receive personal data from third-party sources including:
- Payment processors (transaction confirmation and payment status information)
- Business verification services used for vendor and institutional verification
We do not currently use third-party analytics providers. If such services are implemented in the future, this Privacy Policy shall be updated accordingly.
5. PURPOSE OF PROCESSING PERSONAL DATA
We process Your personal data only for specified, explicit, and legitimate purposes. The purposes for which We collect and process personal data include:
5.1 Platform Operations and Service Delivery
- To create, maintain, and manage Your account on the Platform
- To verify Your identity and eligibility to use the Platform
- To facilitate the listing of products by vendors and discovery by buyers
- To enable communication between vendors and buyers
- To process and facilitate orders and transactions
- To provide customer support and respond to queries
5.2 Verification and Compliance
- To conduct Know Your Customer (KYC) verification of vendors and buyers
- To verify business credentials, licenses, and certifications
- To ensure compliance with applicable laws and regulations
- To prevent fraud, misuse, and unauthorised access to the Platform
5.3 Payment Processing
- To facilitate payment processing through Our payment gateway partner (CCAvenue)
- To generate invoices and maintain transaction records
- To handle refunds and payment disputes
5.4 Communication and Marketing
- To send transactional communications (order confirmations, delivery updates, account notifications)
- To send promotional communications about Our services (with Your consent)
- To notify You of changes to Our terms, policies, or services
5.5 Analytics and Platform Improvement
- To analyse usage patterns and improve Platform functionality and performance
- To monitor system stability and security
- To develop and enhance features based on internal usage observations
5.6 Legal and Regulatory
- To comply with legal obligations and regulatory requirements
- To respond to lawful requests from government authorities and courts
- To establish, exercise, or defend legal claims
- To protect the rights, property, and safety of HOSPkart, Our users, and others
Important: We shall not process Your personal data for any purpose other than those stated in this Privacy Policy without obtaining Your prior consent, except where permitted or required by applicable law.
6. LEGAL BASIS FOR PROCESSING
Under the DPDPA, We process personal data based on the following lawful grounds:
6.1 Consent
We process certain personal data based on Your explicit consent, which You provide when registering on the Platform or through specific consent mechanisms. Consent under the DPDPA must be free, specific, informed, unconditional, and unambiguous, given through a clear affirmative action.
6.2 Legitimate Uses
We may process personal data without explicit consent where permitted as 'legitimate uses' under Section 7 of the DPDPA, including:
- Where You have voluntarily provided personal data and have not indicated that You do not consent to its processing
- For performance of any function under any law
- For compliance with any judgment or order of a court or tribunal
- For responding to a medical emergency
- For purposes related to employment
6.3 Contractual Necessity
Processing necessary for the performance of a contract to which You are a party, or to take steps at Your request prior to entering into a contract.
7. CONSENT MECHANISM
7.1 Obtaining Consent
Before processing Your personal data based on consent, We shall provide You with a clear notice containing:
- An itemised description of the personal data being collected
- The specified purpose(s) for which the data will be processed
- The manner in which You can exercise Your rights under the DPDPA
- The manner in which You can make a complaint to the Data Protection Board of India
Your consent shall be obtained through a clear affirmative action, such as clicking an "I Agree" button, checking a consent checkbox, or similar mechanism that demonstrates Your agreement to this Privacy Policy and the processing of Your personal data.
7.2 Withdrawal of Consent
You have the right to withdraw Your consent at any time. The withdrawal of consent shall be as easy as giving consent. You may withdraw consent by:
- Accessing Your account settings and modifying consent preferences
- Contacting Our Grievance Officer at the details provided below
- Sending an email to info@hospkart.com with a request to withdraw consent
Please note that withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal. Additionally, withdrawal of consent may affect Your ability to use certain features of the Platform.
7.3 Right to Not Provide Personal Data
You have the option to not provide personal data. However, please note that certain personal data is necessary for the provision of Our services, and failure to provide such data may result in Our inability to provide You access to certain features of the Platform.
8. DATA SHARING AND DISCLOSURE
We do not sell, rent, or trade Your personal data. We may share Your personal data with third parties only in the following circumstances:
8.1 Service Providers
We engage trusted third-party service providers to assist in operating Our Platform and providing services. These include:
| Service Provider Type | Purpose | Data Shared |
|---|---|---|
| Payment Gateway (CCAvenue) | Payment processing | Transaction details (no card/bank details stored by Us) |
| Cloud Infrastructure (AWS) | Data hosting and storage | All Platform data |
| Email Service Provider (Mailgun) | Delivery of transactional communications | Email addresses, communication content |
| Logistics Partners | Order delivery coordination | Delivery addresses, contact details |
All service providers are contractually bound to maintain confidentiality and implement reasonable security safeguards. They are prohibited from using Your personal data for any purpose other than providing services to Us.
8.2 Business Partners
In the context of Platform operations, We may share limited information between vendors and buyers to facilitate transactions (e.g., sharing vendor contact details with buyers for order-related queries).
8.3 Legal and Regulatory Disclosure
We may disclose Your personal data without Your consent if required or permitted by law, including:
- In response to a lawful request by public authorities, including to meet national security or law enforcement requirements
- To comply with any order or direction issued by a court, tribunal, or regulatory authority
- To enforce Our Terms of Service or other agreements
- To protect the rights, property, or safety of HOSPkart, Our users, or others
- In connection with prevention, detection, investigation, and prosecution of offences
8.4 Corporate Transactions
In the event of a merger, acquisition, reorganisation, sale of assets, or bankruptcy, Your personal data may be transferred as part of the transaction. We will notify You of any such change and the choices You may have regarding Your personal data.
9. COOKIES AND TRACKING TECHNOLOGIES
9.1 What Are Cookies
Cookies are small text files placed on Your device when You visit Our Platform. They help Us recognise Your device and remember certain information about Your visit.
9.2 Types of Cookies We Use
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential/Strictly Necessary | Required for core Platform functionality, security, form submission, and protection against misuse | Session / Persistent |
| Functional | Used only if and when user preference features are enabled (such as language or display settings) | Session / Persistent (if enabled) |
We only use necessary cookies required for platform functionality, authentication, and security. We do not use analytics or advertising cookies at this time.
9.3 Managing Cookies
You can control and manage cookies through Your browser settings. Most browsers allow You to refuse or delete cookies. Please note that disabling certain cookies may affect the functionality of the Platform.
9.4 Third-Party Tracking
Our Platform may contain links to third-party websites, plugins, and applications. These third parties may use their own cookies and tracking technologies. We are not responsible for the privacy practices of these third parties, and We encourage You to review their privacy policies.
10. DATA RETENTION
10.1 Retention Period
We retain Your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable laws. Our general retention periods are:
| Data Category | Retention Period |
|---|---|
| Account Information | Duration of account + 1 year after account closure/inactivity |
| Transaction Records | Minimum 8 years (as per statutory requirements under Companies Act, GST, Income Tax) |
| KYC Documents | KYC documents shall be retained for the duration required under applicable laws and for a minimum period of one (1) year following account closure or cessation of business relationship, unless longer retention is required by law. |
| Communication Records | 1 year from date of communication |
| Log Data / Technical Data | Minimum 1 year (as per DPDP Rules, 2025) |
| Consent Records | 7 years (as per DPDP Rules, 2025) |
10.2 Erasure of Data
Upon expiry of the retention period, or upon Your valid request for erasure (subject to legal retention requirements), We shall erase Your personal data or render it anonymous such that it can no longer identify You.
10.3 Retention for Legal Purposes
Notwithstanding the above, We may retain personal data for longer periods where required for compliance with legal obligations, resolution of disputes, enforcement of agreements, or as otherwise permitted by applicable law.
11. DATA SECURITY SAFEGUARDS
We implement appropriate technical and organisational measures to protect Your personal data against unauthorised or unlawful processing, accidental loss, destruction, or damage. Our security measures include:
11.1 Technical Safeguards
- Encryption of data in transit using TLS/SSL protocols
- Encryption of sensitive data at rest
- Secure authentication mechanisms
- Firewalls and intrusion detection/prevention systems
- Regular security assessments and vulnerability testing
- Access controls and role-based permissions
11.2 Organisational Safeguards
- Data protection policies and procedures
- Employee training on data protection and security
- Confidentiality agreements with employees and contractors
- Due diligence and contractual protections with service providers
- Incident response procedures
11.3 Limitations
While We strive to protect Your personal data, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee absolute security of Your data. You are responsible for maintaining the confidentiality of Your account credentials and for any activity under Your account.
12. CROSS-BORDER DATA TRANSFERS
12.1 Data Storage Location
Your personal data may be stored and processed on servers located in India and in other countries where Our service providers operate (including servers of Amazon Web Services). Currently, primary cloud infrastructure is hosted on servers located in the United States (AWS – US East, N. Virginia)
12.2 Transfer Safeguards
Where We transfer personal data outside India, We ensure that such transfers are conducted in compliance with the DPDPA and any conditions prescribed by the Central Government. As of the date of this Policy, the Central Government has not restricted transfer of personal data to specific countries. We ensure that:
- Transfers are made only to countries or entities that provide adequate protection for personal data
- Appropriate contractual safeguards are in place with overseas recipients
- We comply with any restrictions or conditions notified by the Central Government under Section 16 of the DPDPA
12.3 Restricted Transfers
We shall not transfer personal data to any country notified by the Central Government under Section 16(1) of the DPDPA as a restricted territory.
13. YOUR RIGHTS AS A DATA PRINCIPAL
Under the DPDPA, You have the following rights with respect to Your personal data:
13.1 Right to Access Information
You have the right to obtain from Us:
- A summary of personal data being processed and the processing activities undertaken
- The identities of all Data Fiduciaries and Data Processors with whom Your personal data has been shared, along with a description of the data shared
- Any other information related to Your personal data as prescribed under the DPDP Rules
13.2 Right to Correction and Erasure
You have the right to:
- Request correction of inaccurate or misleading personal data
- Request completion of incomplete personal data
- Request updating of personal data
- Request erasure of personal data that is no longer necessary for the purpose for which it was collected
13.3 Right of Grievance Redressal
You have the right to have readily available means of registering a grievance with Us. We shall respond to grievances within 30 days of receipt. If You are not satisfied with Our response, You may file a complaint with the Data Protection Board of India.
13.4 Right to Nominate
You have the right to nominate any individual who shall, in the event of Your death or incapacity, exercise Your rights under the DPDPA.
13.5 How to Exercise Your Rights
To exercise any of these rights, please contact Our Grievance Officer at the details provided in Section 16. We may request verification of Your identity before processing Your request. We shall respond to Your request within the timeframes prescribed under applicable law.
14. DUTIES OF DATA PRINCIPALS
Under Section 15 of the DPDPA, You have certain duties as a Data Principal:
- You shall not register a false or frivolous grievance or complaint with Us or the Data Protection Board
- You shall not furnish any false particulars, suppress any material information, or impersonate another person in specified cases
- You shall comply with all applicable laws while exercising rights under the DPDPA
Breach of these duties may result in penalties under the DPDPA, which may extend up to Rs. 10,000.
15. CHILDREN'S DATA
Our Platform is a B2B marketplace designed for use by businesses and professionals. The Platform is not intended for use by children under the age of 18 years.
We do not knowingly collect personal data from children. If We become aware that We have inadvertently collected personal data from a child without verifiable parental consent, We will take steps to delete such data promptly.
If You are a parent or guardian and believe that Your child has provided personal data to Us, please contact Us at the details provided below, and We will take appropriate action. Any account found to be operated by a minor may be suspended or terminated.
16. GRIEVANCE OFFICER
In accordance with the Information Technology Act, 2000, the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the DPDPA, We have appointed a Grievance Officer to address Your concerns regarding data processing. The details of the Grievance Officer are as follows:
| Name | Customer Support – HOSPkart |
| Designation | Grievance Officer |
| priyabijoriya@hospkart.com | |
| Phone | 9216015268 |
| Address | 7-A-18 Mahaveer Nagar III, Kota South, Mahaveer Nagar, Kota, Rajasthan - 324005 |
The Grievance Officer shall acknowledge receipt of any complaint within 48 hours and shall resolve such complaint within 30 days of receipt.
If You are not satisfied with Our response to Your grievance, You may escalate the matter to the Data Protection Board of India established under the DPDPA.
17. THIRD-PARTY WEBSITES AND SERVICES
Our Platform may contain links to third-party websites, plugins, applications, or services that are not owned or controlled by HOSPkart. This Privacy Policy does not apply to such third-party services.
We are not responsible for the privacy practices or content of third-party websites or services. We encourage You to read the privacy policies of any third-party service before providing any personal data or using such services.
18. CHANGES TO THIS PRIVACY POLICY
We may update this Privacy Policy from time to time to reflect changes in Our practices, technologies, legal requirements, or other factors. We will notify You of any material changes by posting the updated Policy on Our Platform with a new "Last Updated" date.
For significant changes, We may also provide additional notice through email or a prominent notice on the Platform. We encourage You to review this Policy periodically.
Your continued use of the Platform after any changes to this Privacy Policy constitutes Your acceptance of the updated Policy. If You do not agree with any changes, please discontinue use of the Platform.
19. GOVERNING LAW AND JURISDICTION
This Privacy Policy shall be governed by and construed in accordance with the laws of India. Any disputes arising out of or in connection with this Policy shall be subject to the exclusive jurisdiction of the courts in Kota, Rajasthan, India.
20. CONTACT US
If You have any questions, concerns, or requests regarding this Privacy Policy or Our data practices, please contact Us at:
Hospkart Healthique Private Limited
Registered Office: 7-A-18 Mahaveer Nagar III, Kota South, Mahaveer Nagar, Kota, Rajasthan - 324005, India
Email: info@hospkart.com
Website: www.hospkart.com
Registered Office: 7-A-18 Mahaveer Nagar III, Kota South, Mahaveer Nagar, Kota, Rajasthan - 324005, India
Email: info@hospkart.com
Website: www.hospkart.com
CONSENT ACKNOWLEDGMENT
By clicking "I Agree", submitting any form on the Platform or by checking the consent checkbox, You expressly consent to the collection, use, storage, and processing of Your personal data in accordance with this Privacy Policy. You acknowledge that You have read, understood, and agree to be bound by this Policy.
[ ] I Agree to the Privacy Policy
---
This Privacy Policy was last updated on 23/02/2026.
This Privacy Policy was last updated on 23/02/2026.