Privacy Notice

1. Policy Statement

This Privacy Notice is intended to describe the practices of OmniActive Health Technologies Limited (hereinafter referred to as OmniActive) follows in relation to our website https://lutemax.com with respect to the privacy of all individuals whose personal data is collected, processed and stored. This Privacy Notice should be read together with the data privacy policy, and in case of any conflict with the policy, the terms of this Privacy Notice will prevail.  Please read this Privacy Notice carefully.

2. Who manages the website?

“OmniActive” is a separate legal entity and can determine the purposes and means for data processing (i.e., act as a data controller/data fiduciary or in a similar capacity). The entity that is acting as data controller/ data fiduciary (or similar capacity) by providing this website on which your personal data will be processed and stored is:

For the personal data of OmniActive personnel: The data fiduciary is OmniActive Health Technologies Private Limited, the entity which employs you.

• For the personal data of third-party personnel (including OmniActive clients): The data controller is the OmniActive Health Technologies Private Limited local member firm with which the third party has a relationship.

The personal data collected by the website may be shared by the above data controller/data fiduciary with one or more member firms.

Our Commitment –

• Your information will not be shared, rented, or sold to any third-party service provider/s.
• We use state-of-the-art data security measures to protect your information from unauthorized users.

3. How does the website process personal data?

Processing of your personal data is necessary for the purposes of the legitimate business purposes/ interests pursued by the OmniActive or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data.

You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data.

Acceptance of our Terms and Conditions and this Privacy Policy will be deemed as the end user/customer’s consent to the processing of data of the end-user/employee on behalf of the customer/organization for all purposes detailed in this document.

4. What type of personal data is processed on the website?

The website processes these personal data categories:

• Name of the individual;
• Company Email (SPOC only);
• Phone number;
• Any detail relating to the above personal information categories as provided to OmniActive for providing service; and
• Any of the information received under above personal information categories by OmniActive for processing, stored or processed under lawful contract or otherwise.
• In addition, when a user initiates a request on the website, they could potentially include personal data in the free text fields.

5. Who can access your personal data?

Your personal data may be processed by OmniActive and its affiliates for the purposes outlined in this Privacy Notice. Additionally, selected third-party service providers acting on our behalf may process your personal data to fulfil the specified purposes, under strict confidentiality and in compliance with General Data Protection Regulation 2018 and Digital Personal Data Protection Act 2023 as amended from time to time. These third parties may include, but are not limited to, cloud service providers, payment processors, and analytics services. We ensure that all third-party processors adhere to appropriate data protection standards and implement adequate security measures to safeguard your personal data.

To the extent that personal data has been rendered anonymous in such a way that you or your device are no longer reasonably identifiable, such information will be treated as non-personal data and the terms of this Privacy Notice will not apply.

• The Data Principal has given consent for one or more specific purposes – Where a distinguishable, affirmative, unambiguous, and free consent is obtained from the data principal in order to process his/ her personal data for processing operations/ activities.
• Processing is necessary for the performance of a contract – All situations wherein personal data is necessary for entering into a contract with the individual/ third party.
• Processing is necessary for compliance with a legal obligation – Whenever processing of an activity is mandated by Government. For example, an employer needs to process personal data to comply with its legal obligation to disclose employee salary details to Revenue and customs agency/ department.
• Processing is necessary in order to protect the vital interests of the Data Principal or another natural person – In scenarios, wherein processing is necessary to protect Data Principal or someone’s life.
• Processing is necessary for the performance of a task carried out in the public interest – In scenarios, wherein collection and processing of personal data is carried out in public interest authorized by relevant government authorities. The processing task or scenario needs to have a clear basis in law. For example, information provided to government agencies to carry out an investigation against a Data Principal, protecting against serious cross-border threats to health emergency or crisis situations.
• Processing is necessary when national security is involved – In scenarios, wherein collection and processing of personal data is carried out by the national security of the country. For example- information provided to physical and security vigilance team at the airport involving national security to carry out the investigation against a Data Principal, protecting against any threats.
• Processing is necessary for the purposes of the legitimate interests pursued by the fiduciary or by a third party. – The processing is not required by law but is of a justified and clear benefit to the Data Principal. It can be used when other means of processing cannot be applied. For e.g., fraud prevention, direct marketing, intra group administrative transfers.

6. Data Retention

Our policy is to retain personal data only for as long as it is needed for the purposes described in the clause 3 “How does the website process personal data” Retention periods vary in different jurisdictions and are set in accordance with local regulatory and professional retention requirements.In order to meet our professional and legal requirements, to establish, exercise or defend our legal rights and for archiving and historical purposes, we need to retain information for significant periods of time. The policies and/or procedures for the retention of personal data in the website are:

The total retention period is defined and will be implemented in accordance with the OmniActive data retention policy and applicable data protection laws. Log Data will be retained in accordance with the CERT-IN guidelines. After the end of the data retention period, your personal data will be deleted.

We shall, unless retention is necessary for compliance with any law for the time being in force, erase personal data if you withdraw consent as soon as it is reasonable to assume that the specified purpose of such data is no longer necessary. However, if necessary, as per policy we may retain your information for our compliance with a legal, accounting, taxation or any other applicable reporting obligation or for archiving purposes as per the requirement of any applicable law in force and/or the Act.

7. Security

OmniActive protects the confidentiality and security of information it obtains during its course of business. Access to such information is limited, and policies and procedures are in place that are designed to safeguard the information from loss, misuse, and improper disclosure. We are committed to implementing industry standard security measures to safeguard your personal information and continuously enhance our security practices to mitigate potential risks.

8. Cookies &Tracking Technologies

We use cookies and similar tracking technologies to track the activity on our Service and we hold certain information.

Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

9. Controlling your personal data

OmniActive will not transfer your personal data to third parties (other than any external parties (referred to in clause 5 above) unless we have your consent or are required by law to do so.Compliance Monitoring

10. Your rights in relation to your personal data

Depending on the applicable jurisdiction, you shall have certain rights in relation to your personal data, including:

• To request how your personal data is collected, processed, stored and shared including the purpose of processing (“right to informed”);
• To request details of the personal data OmniActive processes about you and to access the personal data that OmniActive processes about you (“right to access”);
• To have your personal data corrected, for example, if it is incomplete or incorrect (“right to correction/rectification”);
• To restrict or object to the processing of personal data or request the erasure of your personal data (“right to object/restrict processing of data”);
• To receive a copy of the personal data in a structured commonly used and machine-readable format which you can re-use for your own purposes (“right to data portability”);
• To request not be subject to a decision based solely on automated processing or profiling (“right not be subject based solely on automated processing/profiling”);
• Where you have provided consent to the processing of your personal data, the right to withdraw your consent. (“right to opt-out”);
• Where you can nominate an individual to exercise the above-mentioned data subject rights in case of death or incapacity (“right to nominate”);
• The right to complain to a Supervisory authority (“right to grievance redressal”).

11. Complaints

If you are concerned about an alleged breach of privacy law or any other regulation, contact at privacy@omniactives.com

If you are not satisfied with how OmniActive resolved your complaint, you may have the right to complain to the supervisory authority. You may also have the right to refer the matter to a court of competent jurisdiction.

12. Policy Review

We may update and amend this privacy notice and the terms and conditions from time to time by posting an amended version on our website. The amended version will be effective as of the date it is published. When we make material changes to this privacy notice, we will provide users with notice as appropriate under the circumstances, e.g., by displaying a prominent notice on the website or by sending an email.

13. Contact us

If you have additional questions or concerns, contact our OmniActive representative at privacy@omniactives.com