Privacy Policy

1. Introduction

RaktaBandhu ("we," "us," "our," or "Platform") is committed to protecting the privacy and security of your personal data. This Privacy Policy is prepared in compliance with the Digital Personal Data Protection Act, 2023 ("DPDP Act"), the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you use our blood donor-recipient connection platform.

2. Data Fiduciary Details

Name: RaktaBandhu

Email: contact@raktabandhu.com

3. Definitions

• Data Principal: You, the individual to whom the personal data relates
• Data Fiduciary: RaktaBandhu, who determines the purpose and means of processing personal data
• Personal Data: Any data about an individual who is identifiable by or in relation to such data
• Sensitive Personal Data: Health information, blood group, medical conditions, location data
• Processing: Collection, storage, use, disclosure, deletion, or any other operation performed on personal data

4. Personal Data We Collect

4.1 Registration Information

• Full name
• Date of birth
• Gender
• Email address
• Mobile number
• State and city of residence
• Blood group
• Profile photograph (optional)

4.2 Health Information

• Blood group type (A+, A-, B+, B-, AB+, AB-, O+, O-)
• Last donation date
• Medical eligibility status (self-declared)
• Health screening responses
• Donation history

4.3 Location Data

• Current location (when seeking or offering blood donation)
• City/state for donor-recipient matching
• Geolocation data (with explicit consent)

4.4 Communication Data

• Messages between donors and recipients (encrypted)
• Notification preferences
• Communication history

4.5 Technical Data

• IP address
• Device information (device type, operating system)
• Browser type and version
• Login timestamps
• App usage analytics
• Cookies and similar technologies

4.6 Voluntary Information

• Emergency contact details
• Preferred donation centers
• Availability for donation
• Social media handles (optional)

5. Purpose and Lawful Basis for Processing

5.1 Primary Purposes (with your consent)

• Donor-Recipient Matching: To connect blood donors with recipients based on blood group compatibility and geographic proximity
• Account Management: To create, maintain, and manage your user account
• Communication: To send notifications about blood requests, donation opportunities, and platform updates
• Emergency Alerts: To notify registered donors during critical blood shortage situations
• Service Improvement: To analyze usage patterns and improve platform functionality

5.2 Legitimate Purposes (without consent as per DPDP Act Section 7)

• Compliance with Law: To comply with legal obligations, court orders, or government directives
• Medical Emergency: To facilitate blood availability during life-threatening emergencies
• Prevention of Fraud: To detect and prevent fraudulent activities on the platform
• Legal Proceedings: For the establishment, exercise, or defense of legal claims

6. How We Collect Your Data

• Directly from You: During registration, profile updates, and donation requests
• Automatically: Through cookies, analytics tools, and app usage tracking
• From Third Parties: With your permission, from healthcare facilities or blood banks you authorize

7. Data Sharing and Disclosure

7.1 Sharing with Other Users

Your name, blood group, city, and contact information are shared with recipients when you respond to a blood request. Recipients' requirements are shared with matching donors in the vicinity. All sharing is done only with your explicit consent.

7.2 Sharing with Third Parties

We may share your personal data with:

• Licensed Blood Banks: For verification and donation coordination (with consent)
• Healthcare Facilities: To facilitate the donation process (with consent)
• Service Providers: Cloud hosting, SMS/email services, analytics (under strict data processing agreements)
• Government Authorities: When legally mandated or for public health emergencies
• Legal Authorities: In response to court orders, legal processes, or statutory requirements

7.3 No Sale of Personal Data

We DO NOT sell, rent, or commercially exploit your personal data to any third party for marketing purposes.

8. International Data Transfers

Your personal data is processed and stored within India. We do not transfer personal data outside India except:

• With your explicit consent
• For technical support from cloud service providers (with adequate safeguards)
• When legally required

All international transfers comply with DPDP Act requirements and appropriate security measures.

9. Data Retention

• Active Users: Personal data is retained as long as your account remains active
• Inactive Accounts: If inactive for 3 years, account data will be anonymized or deleted after notification
• Donation History: Retained for 5 years for medical and legal compliance
• Legal Requirements: Data retained longer if required by law or pending legal proceedings
• Deletion Requests: Upon request, personal data deleted within 30 days, except where retention is legally mandated

10. Your Rights as Data Principal

Under the DPDP Act, 2023, you have the following rights:

10.1 Right to Access

• Request a copy of your personal data we hold
• Obtain information about how your data is being processed

10.2 Right to Correction

• Request correction of inaccurate or incomplete personal data
• Update your profile information at any time

10.3 Right to Erasure

• Request deletion of your personal data (Right to be Forgotten)
• Account deletion available through settings or by contacting us

10.4 Right to Data Portability

• Request your data in a commonly used, machine-readable format
• Transfer your data to another platform (where technically feasible)

10.5 Right to Nominate

Nominate another individual to exercise your rights in case of death or incapacity

10.6 Right to Withdraw Consent

• Withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal
• Opt-out of non-essential communications

10.7 Right to Grievance Redressal

• File complaints with our Grievance Officer
• Escalate to the Data Protection Board of India

11. Security Measures

11.1 Technical Safeguards

• Encryption: Data encrypted in transit (SSL/TLS) and at rest (AES-256)
• Access Controls: Role-based access with multi-factor authentication
• Firewalls: Network security and intrusion detection systems
• Secure Servers: Data stored on servers with ISO 27001 certification
• Regular Audits: Periodic security assessments and vulnerability testing

11.2 Organizational Safeguards

• Data Minimization: Collect only necessary data
• Need-to-Know Basis: Employee access restricted to job requirements
• Confidentiality Agreements: All staff and contractors bound by confidentiality
• Training: Regular data protection and security awareness training
• Incident Response Plan: Documented procedures for data breach management

11.3 Data Breach Notification

In the event of a personal data breach:

• We will notify the Data Protection Board of India without undue delay
• Affected Data Principals will be informed within 72 hours
• Notification will include nature of breach, likely consequences, and remedial measures

12. Cookies and Tracking Technologies

We use cookies and similar technologies:

• Essential Cookies: Required for platform functionality (login, security)
• Performance Cookies: Analytics to understand user behavior (Google Analytics)
• Functional Cookies: Remember preferences and settings
• Advertising Cookies: NOT USED – we do not engage in targeted advertising

You can control cookies through browser settings. Disabling essential cookies may affect platform functionality.

13. Children's Privacy

RaktaBandhu is not intended for individuals below 18 years of age. We do not knowingly collect personal data from children. Blood donation in India is legally permitted only for individuals aged 18 and above (as per NBTC guidelines).

If we discover that we have inadvertently collected data from a minor, we will delete it immediately.

14. Third-Party Links

Our Platform may contain links to third-party websites, blood banks, or healthcare facilities. We are not responsible for the privacy practices of these external sites. Please review their privacy policies before sharing any information.

15. Changes to Privacy Policy

We may update this Privacy Policy periodically to reflect:

• Changes in legal or regulatory requirements
• New features or services
• Feedback from Data Principals or regulatory authorities

Material changes will be notified via:

• Email notification to registered users
• Prominent notice on the Platform
• Pop-up notification on app/website

Your continued use after changes constitutes acceptance. You may withdraw consent and delete your account if you disagree.

16. Consent Mechanism

By registering on RaktaBandhu, you provide:

• Free Consent: Given voluntarily without coercion
• Specific Consent: For defined purposes stated in this policy
• Informed Consent: After clear disclosure of data processing practices
• Unambiguous Consent: Through affirmative action (clicking "I Agree")
• Revocable Consent: Can be withdrawn at any time

17. Grievance Redressal

For privacy-related concerns, data access requests, or complaints:

Email: contact@raktabandhu.com

Response Timeline:

• Acknowledgment within 72 hours
• Resolution within 30 days
• Escalation to Data Protection Board of India if unresolved

18. Jurisdiction

This Privacy Policy is governed by the laws of India. Any disputes shall be subject to the exclusive jurisdiction of courts in Bangalore, Karnataka, India.

19. Contact Us

For questions about this Privacy Policy:

Email: contact@raktabandhu.com