Privacy Policy

Data Privacy Policy

Last Updated: April 24, 2025

1. Introduction

Welcome to Hub of Wellness (“Platform”, “we”, “us”, “our”). We are committed to protecting the privacy and security of your personal data. This Privacy Policy explains how we collect, use, process, and safeguard your information when you visit our website, use our services to connect with wellness practitioners (“Practitioners”), purchase products, or otherwise interact with us.

This policy is designed to comply with applicable Indian laws, including the Digital Personal Data Protection Act, 2023 (DPDPA). By using our Platform, you acknowledge that you have read and understood this Privacy Policy.

2. Definitions

  • Personal Data: Any data about an individual who is identifiable by or in relation to such data.
  • Data Principal: The individual to whom the personal data relates (i.e., “you” – our clients, practitioners, website visitors).
  • Data Fiduciary: The entity that determines the purpose and means of processing personal data (i.e., Hub of Wellness).
  • Data Processor: Any entity that processes personal data on behalf of the Data Fiduciary.
  • Processing: Includes activities like collection, storage, use, sharing, disclosure, alteration, or erasure of personal data.
  • Consent: Any freely given, specific, informed, and unambiguous indication of the Data Principal’s wishes by which they, through a clear affirmative action, signify agreement to the processing of their personal data for a specified purpose.

3. Information We Collect

We collect personal data necessary to provide our services and operate our Platform. The types of data we may collect include:

  • Client Information:
    • Name, email address, phone number, address.
    • Registration details, including health history and consent for treatment (collected with explicit consent).
    • Booking and payment information.
    • Communication records (e.g., support queries, feedback).
  • Practitioner Information:
    • Name, email address, phone number, business address.
    • Valid certifications, licenses, or credentials for verification.
    • Service descriptions and product listings.
    • Booking availability and payment details.
    • Communication records.
  • General User Information:
    • Technical data like IP address, browser type, device information, operating system.
    • Usage data like pages visited, time spent on site, interaction patterns (collected via cookies and similar technologies – see Section 12).

4. How We Use Your Information

We process your Personal Data for the following purposes, based on lawful grounds:

  • Providing Services: To register users, facilitate bookings between Clients and Practitioners, process payments, and manage user accounts. (Based on Consent and Legitimate Uses – performance of contract)
  • Verification: To verify Practitioner credentials and qualifications. (Based on Legitimate Uses – ensuring platform integrity)
  • Communication: To send booking confirmations, reminders, platform updates, respond to inquiries, and provide customer support. (Based on Consent and Legitimate Uses)
  • Platform Improvement: To analyze usage patterns, troubleshoot issues, enhance user experience, and develop new features. (Based on Legitimate Uses)
  • Marketing: To send promotional materials or newsletters about our services or products, only with your explicit consent. You can opt-out at any time. (Based on Consent)
  • Compliance & Safety: To comply with legal obligations, enforce our Terms and Conditions, protect against fraud or security threats, and respond to medical emergencies (as permitted under DPDPA). (Based on Legitimate Uses – legal compliance, safety)
  • Product Sales: To facilitate the listing, sale, and purchase of wellness products on the Platform. (Based on Consent and Legitimate Uses – performance of contract)

5. Legal Basis for Processing (Grounds under DPDPA)

  • Your Consent: For specific activities like processing health data, sending marketing communications, or using non-essential cookies. Consent must be free, specific, informed, unconditional, and unambiguous, indicated by a clear affirmative action. You have the right to withdraw consent at any time.
  • Legitimate Uses:
    • When you voluntarily provide data for a specified purpose (e.g., booking a session).
    • For fulfilling legal obligations or court orders.
    • For responding to medical emergencies or threats to public health/order.
    • For purposes related to employment (if applicable).
    • To ensure compliance with our terms or protect against loss/liability.

6. Data Sharing and Disclosure

We do not sell your Personal Data. We may share your data with:

  • Practitioners/Clients: Necessary contact and booking information is shared between Clients and Practitioners to facilitate scheduled sessions. Health details are shared only with the specific Practitioner you book with, based on your explicit consent. Practitioner profiles are visible to Clients.
  • Payment Processors: To securely process payments for bookings and product purchases.
  • Third-Party Service Providers: We may use vendors (Data Processors) for hosting, analytics, communication tools, etc. We ensure these providers adhere to data protection standards comparable to ours.
  • Legal Authorities: If required by law, regulation, legal process, or governmental request.
  • Business Transfers: In case of a merger, acquisition, or asset sale, data may be transferred as part of the transaction, subject to maintaining privacy commitments.

7. Data Security

We implement significant technical and organizational measures to protect your Personal Data against unauthorized access, alteration, disclosure, or destruction. These include:

  • Encryption of sensitive data (where feasible).
  • Secure servers and access controls.
  • Internal policies and staff training on data protection.
  • Regular security reviews.

However, no system is completely secure, and we cannot guarantee absolute security.

8. Data Retention

We retain Personal Data only for as long as necessary to fulfill the purposes outlined in this policy, unless a longer retention period is required or permitted by law (e.g., for regulatory compliance, dispute resolution). Once data is no longer needed, it will be securely deleted or anonymized.

9. Your Rights as a Data Principal

Under the DPDPA, you have the following rights:

  • Right to Access
  • Right to Correction
  • Right to Erasure
  • Right to Grievance Redressal
  • Right to Nominate
  • Right to Withdraw Consent

You also have duties, such as not providing false information and complying with laws when exercising your rights. To exercise these rights, please contact our Data Protection Officer (see Section 15).

10. Data Breach Notification

In the event of a Personal Data breach that is likely to cause harm, we will notify the Data Protection Board of India and affected individuals as required by law.

11. Processing of Children’s Data

Our Platform requires users to be at least 18 years old. Services for minors require verifiable parental or guardian consent. We do not knowingly collect Personal Data from children under 18 without such consent.

12. Cookies and Tracking Technologies

We use cookies and similar technologies. For details, please refer to our Cookie Policy.

13. Third-Party Links

Our Platform may contain links to external websites not operated by us. We encourage you to review their privacy policies.

14. Changes to This Privacy Policy

We may update this Privacy Policy periodically. Continued use of the Platform after changes signifies acceptance.

15. Grievance Redressal and Contact Information

For concerns or requests regarding this Privacy Policy, contact our designated officer:

  • Name: [Insert Name/Title of Data Protection Officer]
  • Email: [Insert Email Address]
  • Postal Address: [Insert Postal Address, if applicable]

16. Governing Law

This Privacy Policy is governed by the laws of India, including the DPDPA. Exclusive jurisdiction resides with the courts in New Delhi, India.