Privacy Policy
Effective Date: December 9, 2025
Last Updated: April 17, 2026
1. Introduction
This Privacy Policy describes how MARCHE HEALTHCARE PRIVATE LIMITED ("Company," "we," "our," "us") collects, uses, shares, protects, or otherwise processes your personal data through our application Arokiyam (hereinafter referred to as the "Platform").
This Policy is drafted in compliance with the Digital Personal Data Protection Act, 2023 and the Digital Personal Data Protection Rules, 2025.
By visiting this Platform, providing your information, or availing of any product/service, you expressly agree to be bound by this Privacy Policy and the Terms of Use. If you do not agree, please do not use or access our Platform.
2. Personal Data We Collect and Processing Purposes (Notice)
In accordance with Rule 3 of the DPDP Rules, 2025, we provide the following itemized description of the personal data we collect and the specific purpose for its processing:
| Personal Data Collected | Specific Purpose of Processing |
|---|---|
| Identity Data: Name, Date of Birth, Gender. | To verify identity, ensure eligibility (age verification), and create your User Account. |
| Contact Data: Mobile Number, Email Address, Address. | To communicate regarding appointments, send OTPs for login, and facilitate doctor-patient communication. |
| Health Data: Symptoms, appointment history, doctor preferences. | To facilitate appointment booking, managing tokens, and providing visit history to your chosen doctors. |
| Financial Data: UPI ID, Transaction Logs (Note: We do not store raw Card/PIN data). | To process payments for platform fees or paid consultations and handle refunds. |
| Technical Data: Device ID, IP Address, Log files. | To ensure security, prevent fraud, and comply with the Rule 6 requirement to maintain access logs. |
| Video & Audio Data: Live video/audio streams during consultations, optional recordings (if enabled), and chat messages during consultations. | To facilitate real-time doctor-patient consultation, maintain consultation records (if recording is enabled with consent), and improve service quality and dispute resolution. |
3. Children and Persons with Disabilities
Strict Compliance with Rules 10 & 11:
- Minors (Under 18): We do not knowingly process personal data of children without Verifiable Parental Consent. If you are a parent/guardian enabling a child to use Arokiyam, you must complete the age verification process using government-approved methods (e.g., Digital Locker, Token Mapping) as mandated by Rule 10.
- Persons with Disabilities: If a user has a lawful guardian due to disability, we require Verifiable Consent from the guardian as per Rule 11.
4. Sharing and Disclosure
We may share your personal data with:
- Doctors/Healthcare Providers: Only the data necessary for your appointment and treatment (Name, Age, Symptoms).
- Service Providers: Payment gateways (PhonePe, Razorpay, etc.), SMS providers, and cloud hosting partners.
- Video Infrastructure Providers: Secure third-party service providers that enable real-time video consultations.
- Legal Obligations: We may disclose data to law enforcement agencies, government bodies, or courts if required by law (e.g., under Section 7(b) of the Act).
5. Video Consultations & Telemedicine Data
We may offer video consultation services between patients and healthcare providers through the Platform.
- Live Communication: Video and audio interactions are transmitted securely and are not stored by default.
- Recording (if applicable): Consultations will only be recorded if explicitly enabled and with your prior consent. You will be clearly notified before any recording begins.
- Sensitive Personal Data: Video consultations may involve disclosure of health-related information, which is classified as sensitive personal data under applicable laws.
- Storage & Retention: Any recordings (if enabled) will be stored securely and retained only for the period necessary for medical, legal, or dispute resolution purposes.
- Third-Party Providers: We may use secure third-party video infrastructure providers. Such providers process data only under our instructions and in compliance with DPDP Act obligations.
- User Responsibility: You are responsible for ensuring that you conduct consultations in a private and secure environment.
6. Data Retention and Erasure
In accordance with Rule 8:
- General Retention: We retain personal data only as long as necessary to fulfill the purposes outlined above.
- Mandatory Log Retention: Per Rule 8(3), we retain transaction and processing logs for a minimum of one (1) year to prevent fraud and ensure security.
- Erasure: You may request the erasure of your data. However, if you do not approach us or use the Platform for a specified period (e.g., 3 years), and retention is not required by law, we will erase your personal data.
- Notification: We will notify you 48 hours before the scheduled permanent erasure of your data due to inactivity.
7. Security and Data Breach
We implement reasonable security safeguards as per Rule 6 (encryption, access controls).
Breach Notification (Rule 7): In the unlikely event of a personal data breach, we will intimate you without delay regarding:
- The nature and extent of the breach.
- The consequences likely to arise for you.
- Measures we are taking to mitigate the risk.
8. Your Rights
Under the DPDP Act, 2023 and Rule 14, you have the following rights:
- Right to Access: Request a summary of your personal data and processing activities.
- Right to Correction/Erasure: Update inaccurate data or request deletion (subject to legal retention laws).
- Right to Grievance Redressal: Register a complaint with us regarding our data practices.
- Right to Nominate: You may nominate an individual to exercise your rights in the event of your death or incapacity.
9. Consent Withdrawal
You may withdraw your consent at any time with the same ease with which you gave it. You can do this via the "Settings" in the App or by emailing us. Upon withdrawal, we will cease processing your data unless required by law, but this may result in the inability to use the Platform.
10. Grievance Redressal Mechanism
If you have any complaints or wish to exercise your rights, please contact our Data Protection/Grievance Officer. We are committed to resolving grievances within a reasonable period, not exceeding 90 days (Rule 14(3)).
Email: support@arokiyam.in
Address: 129, KALAIVANAR NAGAR, VILLUPURAM PONDY-THINDIVANAM ROAD, KFC OPPOSITE, Pondicherry, India
If you are not satisfied with our response, you have the right to file a complaint with the Data Protection Board of India.