Privacy Policy

Last Updated: August 7, 2025

At MedicalDevice, we are committed to protecting the privacy and security of our users, clients, and partners. As a medical device registration and consulting service provider in India, we adhere to the highest standards of data protection, including compliance with the Digital Personal Data Protection Act (DPDP), 2023, and other applicable Indian laws. This Privacy Policy outlines how we collect, use, store, and protect your personal information when you interact with our services, including our website, consulting services, and communications related to medical device registration with the Central Drugs Standard Control Organization (CDSCO).

For expert assistance with medical device registration or related queries, contact Satish Mehra, our regulatory consultant in Delhi, at +91-8920964801 (WhatsApp or call).

1. Information We Collect

We collect information to provide efficient and compliant medical device registration and consulting services. The types of information we collect include:

1.1 Personal Information

• Contact Details: Name, email address, phone number, and mailing address provided when you contact us, submit inquiries, or engage our services.
• Business Information: Company name, address, and details related to medical device registration (e.g., Authorized Indian Agent details, manufacturer information).
• Professional Details: Job title, role, and other professional information relevant to CDSCO applications or consulting services.
• Identification Details: Government-issued IDs or licenses (e.g., wholesale license Form 20B/21B for importers) required for regulatory compliance.

1.2 Non-Personal Information

• Website Usage Data: IP address, browser type, device information, pages visited, and time spent on our website, collected via cookies or analytics tools.
• Technical Data: Information related to medical devices, such as technical dossiers, Quality Management System (QMS) documentation, or clinical evaluation data, submitted for CDSCO registration.

1.3 Information from Third Parties

• Information provided by regulatory bodies (e.g., CDSCO, State Licensing Authorities) or testing laboratories during the registration process.
• Data from partners or Authorized Indian Agents representing foreign manufacturers.

2. How We Collect Information

We collect information through:

• Direct Interactions: When you contact us via phone (+91-8920964801), WhatsApp, email, or our website contact forms.
• SUGAM Portal: Information submitted during registration or application processes on the CDSCO’s SUGAM portal (www.cdscoonline.gov.in).
• Consulting Services: Documents and details provided during medical device registration, such as ISO 13485 certifications, Free Sale Certificates, or BIS compliance reports.
• Website Analytics: Automated tools like Google Analytics or cookies that collect non-personal data to improve user experience.

3. How We Use Your Information

We use your information to provide high-quality consulting services and ensure compliance with Medical Devices Rules (MDR), 2017. Specific purposes include:

• Regulatory Compliance: Processing applications for manufacturing licenses (Form MD-5, MD-9) or import licenses (Form MD-15) with CDSCO.
• Consulting Services: Preparing technical dossiers, coordinating with testing labs, and liaising with CDSCO or State Licensing Authorities.
• Communication: Responding to inquiries, providing updates on registration status, and addressing CDSCO queries.
• Website Improvement: Analyzing usage data to enhance our website’s functionality and user experience.
• Legal Obligations: Complying with Indian laws, including the DPDP Act, 2023, and CDSCO regulations.
• Post-Market Surveillance: Supporting clients in reporting adverse events or maintaining compliance with CDSCO requirements.

4. Legal Basis for Processing

We process your personal information based on:

• Contractual Necessity: To fulfill our consulting services agreement, such as preparing CDSCO applications or coordinating BIS certifications.
• Legal Obligations: To comply with MDR 2017, DPDP Act, 2023, and other regulatory requirements.
• Legitimate Interests: To improve our services, enhance website functionality, and communicate effectively with clients.
• Consent: For specific activities, such as marketing communications, where you have provided explicit consent.

5. How We Share Your Information

We do not sell or rent your personal information. We may share your information with:

• Regulatory Authorities: CDSCO, State Licensing Authorities, or BIS for processing registration applications or compliance verification.
• Notified Bodies: For ISO 13485 audits or clinical evaluations.
• Testing Laboratories: CDSCO-approved or BIS-accredited labs for device testing.
• Authorized Indian Agents: For foreign manufacturers, as required under MDR 2017.
• Service Providers: Third-party providers (e.g., website hosting, analytics tools) bound by strict confidentiality agreements.
• Legal Authorities: If required by law, court order, or to protect our rights and safety.

All third parties are required to comply with data protection laws and maintain confidentiality.

6. Data Security

We implement robust security measures to protect your information, including:

• Encryption: Secure transmission of data via SSL/TLS on our website and SUGAM portal.
• Access Controls: Restricting access to personal information to authorized personnel only.
• Secure Storage: Storing data on secure servers with regular backups and firewalls.
• Regular Audits: Conducting periodic security assessments to identify and address vulnerabilities.

Despite our efforts, no system is completely secure. In case of a data breach, we will notify affected individuals and authorities as required under the DPDP Act, 2023.

7. Data Retention

We retain your information only as long as necessary for:

• Regulatory Purposes: Until CDSCO licenses (valid for 5 years) are issued or renewed, or as required by MDR 2017.
• Consulting Services: For the duration of our engagement and a reasonable period thereafter (e.g., 7 years for record-keeping).
• Legal Compliance: As mandated by Indian laws or to resolve disputes.

After this period, we securely delete or anonymize your data, unless otherwise required by law.

8. Your Rights Under the DPDP Act, 2023

As a data principal under the Digital Personal Data Protection Act, 2023, you have the following rights:

• Right to Access: Request details of the personal information we hold about you.
• Right to Correction: Request correction of inaccurate or incomplete data.
• Right to Erasure: Request deletion of your data, subject to legal and regulatory obligations.
• Right to Restrict Processing: Limit how we use your data in certain circumstances.
• Right to Data Portability: Request a copy of your data in a structured, machine-readable format.
• Right to Withdraw Consent: Withdraw consent for processing where applicable (e.g., marketing).

To exercise these rights, contact Satish Mehra at +91-8920964801 or via email (provided upon engagement). We will respond within the timelines prescribed by the DPDP Act, typically 30 days.

9. Cookies and Website Tracking

Our website uses cookies to enhance user experience and collect non-personal data. Types of cookies include:

• Essential Cookies: Necessary for website functionality (e.g., navigation, form submissions).
• Analytics Cookies: Track website usage (e.g., Google Analytics) to improve performance.
• Preference Cookies: Store user preferences (e.g., language settings).

You can manage cookie preferences through your browser settings. Disabling cookies may limit website functionality.

10. International Data Transfers

For imported medical devices, we may share data with foreign manufacturers or regulatory bodies in reference countries (e.g., USA, EU, Japan) as part of CDSCO applications. All transfers comply with the DPDP Act, 2023, and include safeguards like contractual agreements to ensure data protection.

11. Third-Party Links

Our website may contain links to external sites (e.g., CDSCO, SUGAM portal). We are not responsible for the privacy practices of these sites. Please review their privacy policies before sharing information.

12. Children’s Privacy

Our services are not intended for individuals under 18. We do not knowingly collect personal information from minors. If you believe we have collected such data, contact us immediately for deletion.

13. Updates to This Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. The updated policy will be posted on our website with the “Last Updated” date. For significant changes, we will notify you via email or website announcements.

14. Contact Us

For questions, concerns, or to exercise your data protection rights, contact our regulatory consultant and data protection representative:

Satish Mehra
Phone/WhatsApp: +91-8920964801
Address: Delhi, India (specific address provided upon engagement)
Website: https://medicaldeviceregistration.in/

For medical device registration queries or CDSCO compliance, Satish Mehra offers expert consulting to ensure seamless navigation of the MDR 2017 requirements. Call or message today to safeguard your data and achieve regulatory success.

15. Grievance Redressal

If you have a complaint about our data handling practices, contact Satish Mehra at +91-8920964801. We will investigate and respond promptly. You may also escalate concerns to the Data Protection Board of India under the DPDP Act, 2023.

---

MedicalDevice is committed to protecting your privacy while delivering top-tier regulatory consulting services. Trust us to handle your data with care and ensure compliance with India’s medical device regulations. Contact Satish Mehra at +91-8920964801 for personalized support.