This page summarises how MetaboliQ Technologies Pvt. Ltd. (“MetaboliQ”) approaches alignment with India’s Digital Personal Data Protection Act, 2023 (DPDP Act) and rules issued thereunder, as they apply to our Services. It is a high-level overview, not a legal opinion or exhaustive compliance statement. Official guidance from the Data Protection Board of India and other regulators may evolve.
We design our Services to support lawful processing of digital personal data in India, including in health-related contexts where consent, notice, and purpose limitation are critical. Specific implementations may vary by product module, deployment (e.g. pilot vs production), and contractual role (data fiduciary vs processor, where applicable).
We work to provide clear notice about what personal data is processed, for what purposes, and with whom it may be shared. Where the DPDP Act requires consent, we aim to obtain it in a granular, informed manner, including for health-related processing where appropriate.
We support processes to address requests to access, correct, erase (where applicable), and grievances, in line with the DPDP Act and our Privacy Policy. Response timelines and exceptions follow applicable law.
We implement reasonable security safeguards appropriate to the nature of the data and risk, including for health and clinical information. This includes technical measures (e.g. encryption in transit where used, access controls) and organisational measures (e.g. training, vendor review).
We retain personal data only as long as necessary for stated purposes or as required by law (including clinical and audit retention). We maintain procedures to detect, respond to, and notify concerning personal data breaches as required by the DPDP Act and rules.
Where personal data is transferred outside India, we follow mechanisms permitted under the DPDP Act and applicable notifications (e.g. trusted geographies or contractual safeguards as prescribed).
We take into account restrictions on processing children’s data under the DPDP Act, including verification and parental consent requirements where applicable.
We document processing activities, conduct risk assessments where appropriate, and engage with partners and customers to clarify roles and responsibilities for shared processing scenarios.
For DPDP-related questions or grievances, contact: tushar.langer@metaboliq.in. You may also have the right to approach the Data Protection Board of India as provided by law.