1. COMMITMENT TO PRIVACY
Aostaf Industries Limited (hereinafter referred to “we”, “us” and “Aostaf”), are bound by the
data privacy principles, contained in the Information Technology Act, 2000 read with
Information Technology (Reasonable Security Practices and Procedures and Sensitive
Personal Data or Information) Rules 2011. We are also bound by various other legislations
some of which are the Constitution of India, Indian Penal Code 1860, Contract Act 1872
which outlines the right of privacy of every individual and the consequences of its breach
(India Privacy Laws). The object of the India Privacy Laws is to protect the confidentiality of
“sensitive personal data or information” and the privacy of individuals by regulating the way
in which such sensitive personal information is managed.
Broadly, “personal information” means information or an opinion about an identified
individual or from which an individual can be reasonably identified. ‘’Sensitive Personal
Information means such personal information which consists of information relating to:
(1) Password; (2) Financial information such as bank accounts; (3) Physical, physiological
and mental health condition; (4) Sexual orientation; (5) Medical records and history; (6)
Biometric information; (7) Any detail relating to the above provided to any body corporate
for providing service or received by the body corporate for processing, stored or processed
under lawful contractor otherwise.
Sensitive Personal Information does not include any information, which is freely available or
accessible in the public domain or furnished under the Right to Information Act, 2005 or any
other law for the time being in force.
Sensitive Personal Information includes “health information”, which refers to information
regarding an individual’s physical or mental health or a health service provided to an
individual. We refer to such personal information and health information in this Policy
collectively as “Sensitive Personal Information”.
Aostaf Group is committed to protecting the Sensitive Personal Information it collects and
regularly monitors its systems and procedures to ensure compliance with the India Privacy
Principles and this Policy. This Policy has been framed to ensure that reasonable security
practices have been put in place to protect Sensitive Personal Information from unauthorized
access, damage, use, modification, disclosure or impairment. This Policy outlines the way in
which Aostaf deals with the Sensitive Personal Information it collects and uses in India.
Aostaf complies with all applicable data privacy laws in India.
Aostaf collects Personal Information that is reasonably necessary for or directly related to our
functions and activities as a provider of medicare products with your valid consent. In some
cases, we are required to collect Sensitive Personal Information in order to comply with our
obligations such as responding to safety concerns about our products.
Aostaf may collect Personal Information or Sensitive Personal Information about you through
our interactions with you. Where Aostaf collects Sensitive Personal Information from or
about you, we will inform you about the purpose and use of the collected information, the
intended recipients of such information and if it is collected or transferred by/ to third parties
the name and address of such third party collecting and retaining the information.
The Personal Information we collect may include:
▪ Your name
▪ Your address
▪ Your date of birth
▪ Your email address
▪ Your phone number
Personal Information and/ or Sensitive Personal Information may be collected by Aostaf in
the course of:
▪ If you are a patient or healthcare professional, providing technical assistance about our
products or services;
▪ Responding to product complaints; and
▪ Participation in Aostaf
sponsored programs, including educational programs and research grants
Aostaf will prior to collection of your Sensitive Personal Information provide you an option
to not provide the information sought to be collected. You will also have an option to
withdraw your consent (in writing), which you may have earlier granted to Aostaf.
3. USE AND DISCLOSURE
Aostaf will collect and use your Personal Information, with your consent, for the purpose for
which it is collected:
▪ In the course of the sale, distribution or provision of medicare products that we are
▪ In the course of supporting healthcare professional in ongoing care, if you are a
▪ Compliance with regulatory requirements, such as maintaining a record of product
queries, complaints, adverse events and recalls relating to our products.
4. TRANSFER OF DATA TO THIRD PARTIES
Aostaf will not sell or publish your Sensitive Personal Information to any third party for any
purpose. In the event, Sensitive Personal Information is transferred to third parties in
connection with our business operations or if it is necessary for the purpose of performance
of a lawful contract, such transfer will only happen if you have consented to the transfer and
only when such third parties have ensured that reasonable security procedures are in place for
protection of such Sensitive Personal Information.
All such third parties are required by Aostaf to process the Sensitive Personal Information
disclosed to them only for the purposes expressly authorized by Aostaf and are required by
Aostaf to meet our standards of data protection and comply with the safeguards under India
5. DATA SECURITY
Aostaf has put in place reasonable security procedures and safeguards to protect Sensitive
Personal Information we hold from misuse, loss, unauthorized access, modification or
disclosure. Aostaf holds the Personal and Sensitive Personal Information you provide to us in
an electronic form on computer servers, which are password protected for limited access and
are located in controlled facilities. However, Aostaf may also hold Personal and Sensitive
Information in physical form, such as in paper hard copies. While Aostaf cannot guarantee
against any loss, misuse or alteration to data, we take reasonable steps to prevent such
Access to the Personal and Sensitive Information is restricted to those employees who need to
use the data, who have been trained to handle such data properly and observe strict standards
Aostaf destroys or permanently de-identifies Personal and Sensitive Information that we no
longer need, where permitted.
6. ACCESS, CORRECTION, AND COMPLAINTS
You have the right, in most cases, to access your Personal and Sensitive Personal Information
at any time. Aostaf takes reasonable steps to ensure that any information we hold about you is
up-to-date, accurate and complete. If you wish to access or correct Personal Information we
hold, or you have any questions about this Policy, please contact Aostaf’s Management at
email@example.com, setting out a full description of the request.
If you have a complaint about how we have handled your personal information or consider
that we may have breached our obligations under the APPs, please write to our management
We will respond to your complain within a reasonable period, usually within 3 to 4 working
7. RETENTION OF YOUR PERSONAL AND SENSITIVE PERSONAL INFORMATION
Aostaf will retain your Personal Information and Sensitive Personal Information no longer
than it is required for the purposes for which the information may lawfully be used or is
otherwise required under any law in force. In many cases Personal Information and Sensitive
Personal Information must be kept for considerable periods of time in order to make it
available as and when questions or disputes arise. Retention periods will be determined for
each information that is collected, bearing in mind the requirements applicable to the
situation and the need to destroy outdated, unused information at the earliest reasonable
Aostaf will continue to treat your Personal Information and Sensitive Personal Information in
Sensitive Personal Information from time to time. Such changes will be consistent with the