1. Introduction

ColMed Innovations Pvt. Ltd. ("ColMed Innovations", "we", "our", or "us"), a wholly owned subsidiary of Collateral Medical Pvt. Ltd., owns and operates colmed.in and its associated digital platforms. We are registered and headquartered at 201, Bldg 2, Mittal Industrial Estate, Andheri (E), Mumbai – 400059, India.

This Privacy Policy explains how we collect, use, store, share, and protect information when you interact with our websites, digital health services, AI-powered tools, and any other platforms we operate (collectively, "our Services").

ColMed Innovations operates within the quality and security framework of its parent company, Collateral Medical Pvt. Ltd., which is ISO 27001 certified for Information Security Management. We comply with India's Digital Personal Data Protection Act, 2023 (DPDPA) and, where applicable, the General Data Protection Regulation (GDPR).

2. Who This Policy Applies To

• Patients and end-users purchasing or using ColMed products or services
• Healthcare professionals and clinicians interacting with our platforms
• Distributors, resellers, and institutional partners
• Visitors to our website(s) and online retail listings
• Users of any AI-assisted tools, digital health services, or technology platforms offered by ColMed

3. What Information We Collect

3.1 Information You Provide Directly

• Name, contact details (email, phone, address)
• Professional credentials (for healthcare professionals)
• Order and transaction details
• Enquiry and support communications
• Feedback, survey responses, or research participation data

3.2 Information Collected Automatically

• Device and browser information (type, OS, settings)
• IP address and approximate location
• Pages visited, time spent, clickstream data
• Cookies and similar tracking technologies (see Section 8)

3.3 Information from Third Parties

• Purchase and fulfilment data from our authorised online retail partners
• Data from authorised distribution and reseller partners

3.4 Health-Related and Sensitive Information

Where our Services involve health monitoring, diagnostics, or AI-assisted clinical tools, we may collect health-related data such as test results, device readings, or symptom information. This data is treated with the highest level of care and processed only with your explicit consent or as required by applicable law.

4. How We Use Your Information

5. AI-Powered Services & Digital Health Tools

• Data used to train or improve AI models is anonymised or de-identified unless you have explicitly consented otherwise
• AI-generated outputs are intended to support, not replace, clinical judgement
• You have the right to request human review of any AI-assisted decision that affects you
• We maintain transparency about when AI is being used in any service interaction

6. Sharing Your Information

We do not sell your personal data. We may share your information only in the following circumstances:

• Authorised service providers — logistics, payment processors, cloud hosting, CRM platforms — each bound by data processing agreements
• E-commerce platform partners — our authorised online retail partners, solely for order fulfilment
• Healthcare institutions or clinicians — only with your explicit consent, in the context of a care service
• Regulatory authorities — CDSCO, MoHFW, or other bodies, where required by law
• Legal and compliance — to protect rights, prevent fraud, or respond to lawful requests

7. Data Retention

We retain your personal data only for as long as necessary for the purposes described in this Policy, or as required by applicable law — including CDSCO medical device vigilance requirements and financial record-keeping obligations. When no longer required, data is securely deleted or irreversibly anonymized.

8. Cookies & Tracking Technologies

• Our website uses cookies to improve your experience. Types used:

  • Essential cookies — required for core functionality; cannot be disabled
  • Analytics cookies — help us understand usage on an anonymised basis
  • Marketing cookies — used only with your explicit prior consent

You may opt out of non-essential cookies at any time without affecting access to core Services.

9. Your Rights

• Right to access — request a copy of the data we hold about you
• Right to correction — request correction of inaccurate data
• Right to erasure — request deletion, subject to legal retention obligations
• Right to restrict processing — ask us to limit how we use your data
• Right to data portability — receive your data in a machine-readable format
• Right to withdraw consent — at any time, where processing is consent-based
• Right to grievance redressal — under DPDPA, you may raise a complaint with our Data Protection Officer or the Data Protection Board of India

Contact us at: privacy@colmed.in — we respond within 30 days.

10. Data Security

ColMed operates within an ISO 27001 certified Information Security Management System. Our measures include:

• Encryption in transit (TLS 1.2+) and at rest
• Role-based access controls and least-privilege policies
• Regular security audits and vulnerability assessments
• Staff training on data protection and information security
• Documented incident response and breach notification procedures

11. Payment Security

• 🔒 We never store your credit card, debit card, UPI, or digital wallet credentials. All payments are processed through RBI-compliant, PCI-DSS certified third-party payment gateways. Payment data is encrypted end-to-end and never passes through our servers.

12. Cross-Border Data Transfers

Where data is transferred outside India, we ensure appropriate safeguards are in place including standard contractual clauses or equivalent protections, in accordance with the DPDPA and, where applicable, the GDPR.

13. Children's Privacy

Our Services are not directed at children under 18. We do not knowingly collect personal data from minors without verifiable parental consent. Contact privacy@colmed.in if you believe we have inadvertently collected a child's data.

14. Changes to This Policy

We may update this Policy periodically. Material changes will be notified via our website or email. Continued use of our Services after an update constitutes acceptance of the revised Policy.

15. Contact Us