IMPORTANT LEGAL NOTICE (READ FIRST): This Privacy Policy is a template prepared for surgestore.in based on the original policy you provided. It is not legal advice, and it does not and cannot provide absolute immunity from liability in any jurisdiction. While this policy contains robust protective clauses commonly used to reduce legal exposure, surgestore.in should obtain review and country-specific revisions from qualified legal counsel before publishing or relying on it. 

Privacy Policy

1. Introduction

Welcome to surgestore.in (the “Site”, “we”, “us”, or “our”). We respect your privacy and are committed to protecting the personal data you provide to us. This Privacy Policy explains what personal data we collect, how we use and share it, the choices you have, and the measures we take to protect it.

By using the Site or services provided through the Site you agree to the collection and use of your information as described in this Privacy Policy and our Terms of Use. If you do not agree, please do not use our Site.

2. Scope and Applicability

This Privacy Policy applies to personal information collected through www.surgestore.in and its subdomains, as well as to our parent, affiliates, subsidiaries, and joint ventures, unless otherwise noted. It applies to all users worldwide. Where local law requires additional notices or rights, we will comply as described in the relevant section below.

3. Categories of Information We Collect

We collect information you provide directly and information collected automatically:

1. Information you provide

• Identity: name, date of birth (where provided), company name, job title.
• Contact: billing & shipping address, email, telephone number.
• Account: username, password, profile preferences.
• Payment & Financial: payment card details, bank account or UPI details, billing history (payment data is processed by our payment processors—see below).
• Transaction Data: order history, returns, warranty claims.
• Communications: customer support messages, feedback, product reviews, forum posts, messages you send through the Site.
• KYC / Regulatory: if applicable, identity documents or other information required to comply with laws (e.g., for regulated products).

1. Information collected automatically

• Technical and usage data: IP address, device identifiers, browser type and version, operating system, pages visited, referring/exit pages, date/time stamps, search queries, cookie identifiers, clickstream data, performance and error data.
• Location data: approximate geolocation inferred from IP (only where permitted).

1. Sensitive data

We do not intentionally collect special category personal data (e.g., race, religion, health data) except where you expressly provide it or where it is necessary for a regulated healthcare product or service and you have provided consent. If you provide sensitive data, you confirm you have the right to do so and consent to our processing.

4. How We Use Personal Information (Purposes & Legal Bases)

We use your information to:

• Provide, operate, and maintain our Site and services (order fulfillment, account management, payment processing).
• Process payments and refunds (via third-party payment processors).
• Communicate with you about orders, support requests, account notices, security alerts.
• Send promotional messages and marketing communications where permitted and as allowed by your preferences and applicable law.
• Personalize content and recommendations.
• Improve and develop our services, analytics, and product offerings.
• Detect, prevent, and respond to fraud, abuse, security incidents, and illegal activities.
• Comply with legal obligations, regulatory requirements, and enforce our Terms of Use.
• For any other purposes to which you consent.

Where required by law (e.g., EU GDPR), our legal bases for processing personal data include performance of a contract, compliance with a legal obligation, legitimate interests (provided our interests do not override your rights), and consent where required.

5. Cookies, Tracking Technologies & Advertising

We use cookies and similar technologies (pixels, local storage, web beacons) for:

• Essential Site functionality (session cookies).
• Analytics (to understand use and improve the Site).
• Functionality and preferences (language, saved settings).
• Marketing and advertising (retargeting, ad measurement).

You can control cookies through your browser settings and opt-out of certain analytics/advertising cookies as described in our Cookie Policy. Disabling cookies may limit Site functionality.

6. Disclosure and Sharing of Personal Information

We may share personal information with:

• Service Providers (processors): logistics and delivery partners, payment processors, hosting providers, analytics providers, marketing vendors, customer support platforms, legal and accounting advisors. These parties process data on our behalf under confidentiality obligations.
• Affiliates, subsidiaries and business partners: as necessary to provide services.
• Third parties you authorize or with whom you interact via the Site: e.g., sellers or manufacturers when you purchase third-party products.
• Legal and regulatory authorities: where required by law, court order, or to protect rights, safety, or property. We may disclose information in response to lawful requests or to prevent harm.
• Business transactions: in connection with a merger, acquisition, financing, reorganization, sale of assets, or bankruptcy — personal data may be transferred to the acquiring entity under equivalent privacy protections.

We require service providers to maintain confidentiality and implement appropriate security measures. We are not responsible for third-party privacy practices beyond these contractual protections.

7. International Transfers

We may transfer, store or process personal data in countries other than your country of residence (including India, U.S., EU member states, and others). Where required by law, we will protect international transfers using appropriate safeguards (standard contractual clauses or other lawful transfer mechanisms). By using the Site, you consent to cross-border transfers of your information.

8. Data Security

We implement reasonable technical and organizational measures to protect personal data against unauthorized or unlawful processing and against accidental loss, destruction or damage. Measures include access controls, encryption in transit (TLS/SSL), network monitoring, and vendor security assessments.

Important: No security system is impenetrable. We cannot, and do not, warrant that information on the Site will be 100% secure. In the event of a security incident, we will respond in accordance with applicable law and, where required, notify affected individuals and regulators.

9. Data Retention

We retain personal data for as long as necessary to fulfil the purposes described in this Policy, to comply with legal obligations, resolve disputes, and enforce agreements. Retention periods vary by data type and purpose. When personal data is no longer required, we delete or anonymize it in accordance with internal retention policies and applicable law.

10. Your Privacy Rights (Global Overview)

Depending on your country of residence and local law, you may have rights, including the right to:

• Access and receive a copy of personal data held about you.
• Request correction or rectification of inaccurate data.
• Request deletion or restriction of processing.
• Object to certain processing activities (including marketing).
• Request data portability where applicable.
• Withdraw consent where processing is based on consent.

To exercise rights, contact us at the address below. We will verify your identity and respond per applicable law. We may decline requests that are unfounded, excessive, or that conflict with legal obligations; we will explain reasons where required.

EU/EEA residents: you may lodge a complaint with your local data protection authority.

California residents: you may have additional rights under the California Consumer Privacy Act (CCPA)/CPRA. See our CCPA Addendum (if applicable) for details and opt-out mechanisms.

11. Children’s Privacy

Our Site is not directed to children under 18. We do not knowingly collect personal data from minors. If we learn that a child under 18 has provided us with personal data, we will delete that information as required by law. If you believe a child under 18 has provided us information, contact us immediately.

12. Communications and Marketing

By creating an account or placing an order, you consent to receive service-related and promotional communications from us and our service providers, subject to applicable law. You may opt-out of marketing communications at any time via the unsubscribe link in emails or by updating your account preferences. Opting out of marketing does not affect transactional messages.

13. Third-Party Links and Websites

Our Site may contain links to third-party websites or services. This Policy does not cover third-party websites. We are not responsible for third-party privacy practices. Review their privacy policies before providing personal information.

14. Vendor Management & Confidentiality

We require vendors and service providers to enter into written agreements requiring them to:

• Use personal data only for specified purposes.
• Implement appropriate security measures.
• Maintain confidentiality.
• Assist us with data subject rights and breach response.

We regularly evaluate vendor security and compliance to the extent reasonably practicable.

15. Data Protection Officer / Contact

If you have questions or wish to exercise any privacy rights, contact:

Email: info@surgestore.in
Mail: Data Protection Officer, surgestore.in, [Company Address — insert full registered address]
Phone: [insert contact number]

Include sufficient details to help us locate your data and verify identity. We aim to respond promptly in accordance with applicable law.

16. Changes to This Policy

We may modify this Privacy Policy at any time. We will post the revised policy with an updated “Last updated” date. Continued use of the Site after changes constitutes acceptance of the updated Policy. Where required by law, we will seek consent for material changes.

17. Limitation of Liability and Disclaimer (Important)

To the fullest extent permitted by applicable law:

• No Guarantee: We make no warranties, representations, or guarantees (express or implied) that our privacy or security measures will prevent unauthorized access, disclosure, loss, destruction, or alteration of your personal information.
• Limitation of Liability: Surgestore.in, its officers, directors, employees, agents, affiliates, service providers, and licensors shall not be liable for any indirect, incidental, special, consequential, exemplary, or punitive damages, loss of profits, loss of data, business interruption, or any other damages arising out of or related to this Privacy Policy or the collection, access, or use of your personal data, even if advised of the possibility of such damages.
• Cap on Liability: Where liability cannot be excluded by law, our aggregate liability arising from or relating to this Privacy Policy shall be limited to the amount you paid to surgestore.in for services in the 12 months preceding the claim (or INR 10,000 if you paid nothing), or other amount required by applicable law.
• No Absolute Immunity: This section is intended to limit our exposure to the maximum extent permitted by law; it cannot and does not promise absolute immunity against legal claims in all jurisdictions. Some jurisdictions do not allow limitation or exclusion of liability for certain damages, so these limitations may not apply to you.
• Indemnification: You agree to indemnify and hold harmless surgestore.in and its affiliates against claims arising from your breach of this policy, misuse of the Site, or violation of applicable laws. We will provide notice and an opportunity to participate in your defense where required by law and contract.

LEGAL ADVICE DISCLAIMER: The above limitation language is intended to reduce exposure, but it does not eliminate risk and should be reviewed by legal counsel familiar with the laws of each jurisdiction where you operate.

18. Governing Law; Dispute Resolution

This Policy and any disputes relating to privacy shall be governed by the laws specified in our Terms of Use. Where permitted, surgestore.in’s preference is for the following dispute resolution framework (adapt as legally appropriate for your organization):

• Governing law: [Insert preferred jurisdiction, e.g., the laws of the Republic of India].
• Exclusive venue: Courts located in [insert city/state] shall have exclusive jurisdiction to resolve disputes (unless local law requires otherwise).
• Alternative dispute resolution: Where available/appropriate, disputes will be resolved by arbitration under the rules selected by surgestore.in, and the arbitration award will be final and binding.

Note: Choice of law or forum clauses are subject to applicable consumer protection and privacy laws and may not be enforceable in all jurisdictions.

19. Additional Notices & Country-Specific Addenda

We will comply with country-specific legal requirements and provide supplemental notices as required by law, including:

• EU/EEA & UK: GDPR compliance information, data controller details, legal bases for processing, rights to lodge complaints with supervisory authorities.
• California: CCPA/CPRA notice, categories of personal information collected/sold/shared, and opt-out links (if applicable).
• India: Compliance with the Information Technology Act, 2000 (and relevant rules) and any local guidance on data protection.
• Any other jurisdiction: Where you operate or target users, we will implement required disclosures and customer rights as necessary.

20. Audit, Compliance & Recordkeeping

We maintain internal policies, data inventories, and recordkeeping to document processing activities. We may conduct periodic data protection impact assessments and audits, and maintain records necessary to demonstrate compliance with applicable laws.

21. Miscellaneous

• Severability: If any part of this Privacy Policy is found invalid or unenforceable, the remainder will continue in full force.
• No Waiver: Failure to enforce a provision is not a waiver of rights.
• Third-Party Beneficiaries: This Policy does not create enforceable rights for third parties except as explicitly stated.

22. Acknowledgment and Acceptance

By using the Site or providing personal information you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, transfer, and processing of your personal information as described herein.