Privacy Policy
Effective Date: December 9, 2025
Last Updated: December 9, 2025
1. Introduction
This Privacy Policy describes how MARCHE HEALTHCARE PRIVATE LIMITED ("Company," "we," "our," "us") collects, uses, shares, protects, or otherwise processes your personal data through our application Arokiyam (hereinafter referred to as the "Platform").
This Policy is drafted in compliance with the Digital Personal Data Protection Act, 2023 and the Digital Personal Data Protection Rules, 2025.
By visiting this Platform, providing your information, or availing of any product/service, you expressly agree to be bound by this Privacy Policy and the Terms of Use. If you do not agree, please do not use or access our Platform.
2. Personal Data We Collect and Processing Purposes (Notice)
In accordance with Rule 3 of the DPDP Rules, 2025, we provide the following itemized description of the personal data we collect and the specific purpose for its processing:
| Personal Data Collected | Specific Purpose of Processing |
|---|---|
| Identity Data: Name, Date of Birth, Gender. | To verify identity, ensure eligibility (age verification), and create your User Account. |
| Contact Data: Mobile Number, Email Address, Address. | To communicate regarding appointments, send OTPs for login, and facilitate doctor-patient communication. |
| Health Data: Symptoms, appointment history, doctor preferences. | To facilitate appointment booking, managing tokens, and providing visit history to your chosen doctors. |
| Financial Data: UPI ID, Transaction Logs (Note: We do not store raw Card/PIN data). | To process payments for platform fees or paid consultations and handle refunds. |
| Technical Data: Device ID, IP Address, Log files. | To ensure security, prevent fraud, and comply with the Rule 6 requirement to maintain access logs. |
3. Children and Persons with Disabilities
Strict Compliance with Rules 10 & 11:
- Minors (Under 18): We do not knowingly process personal data of children without Verifiable Parental Consent. If you are a parent/guardian enabling a child to use Arokiyam, you must complete the age verification process using government-approved methods (e.g., Digital Locker, Token Mapping) as mandated by Rule 10.
- Persons with Disabilities: If a user has a lawful guardian due to disability, we require Verifiable Consent from the guardian as per Rule 11.
4. Sharing and Disclosure
We may share your personal data with:
- Doctors/Healthcare Providers: Only the data necessary for your appointment and treatment (Name, Age, Symptoms).
- Service Providers: Payment gateways (PhonePe, Razorpay, etc.), SMS providers, and cloud hosting partners.
- Legal Obligations: We may disclose data to law enforcement agencies, government bodies, or courts if required by law (e.g., under Section 7(b) of the Act).
5. Data Retention and Erasure
In accordance with Rule 8:
- General Retention: We retain personal data only as long as necessary to fulfill the purposes outlined above.
- Mandatory Log Retention: Per Rule 8(3), we retain transaction and processing logs for a minimum of one (1) year to prevent fraud and ensure security.
- Erasure: You may request the erasure of your data. However, if you do not approach us or use the Platform for a specified period (e.g., 3 years), and retention is not required by law, we will erase your personal data.
- Notification: We will notify you 48 hours before the scheduled permanent erasure of your data due to inactivity.
6. Security and Data Breach
We implement reasonable security safeguards as per Rule 6 (encryption, access controls).
Breach Notification (Rule 7): In the unlikely event of a personal data breach, we will intimate you without delay regarding:
- The nature and extent of the breach.
- The consequences likely to arise for you.
- Measures we are taking to mitigate the risk.
7. Your Rights
Under the DPDP Act, 2023 and Rule 14, you have the following rights:
- Right to Access: Request a summary of your personal data and processing activities.
- Right to Correction/Erasure: Update inaccurate data or request deletion (subject to legal retention laws).
- Right to Grievance Redressal: Register a complaint with us regarding our data practices.
- Right to Nominate: You may nominate an individual to exercise your rights in the event of your death or incapacity.
8. Consent Withdrawal
You may withdraw your consent at any time with the same ease with which you gave it. You can do this via the "Settings" in the App or by emailing us. Upon withdrawal, we will cease processing your data unless required by law, but this may result in the inability to use the Platform.
9. Grievance Redressal Mechanism
If you have any complaints or wish to exercise your rights, please contact our Data Protection/Grievance Officer. We are committed to resolving grievances within a reasonable period, not exceeding 90 days (Rule 14(3)).
Email: support@arokiyam.in
Address: 129, KALAIVANAR NAGAR, VILLUPURAM PONDY-THINDIVANAM ROAD, KFC OPPOSITE, Pondicherry, India
If you are not satisfied with our response, you have the right to file a complaint with the Data Protection Board of India.