Privacy Policy
Last updated: 1 July 2025
Turash Herbaceuticals (“Turash,” “we,” “us,” or “our”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard the information you provide when you visit turashherbaceuticals.com (the “Site”), purchase our Ayurvedic products, or otherwise interact with us—online or offline.
1. Scope & Legal Basis
-
Applicable Indian laws (including the Digital Personal Data Protection Act, 2023) and, where relevant, the EU GDPR govern our processing of your data. indiankanoon.org
-
Because we sell traditional medicines, we also follow Ministry of Ayush advertising guidelines and the Drugs & Magic Remedies (Objectionable Advertisements) Act, 1954. news18.com
2. What We Collect
| Category | Examples | Purpose |
|---|---|---|
| Identity & Contact Data | Name, postal address, telephone, email, KYC documents (where required) | Account creation, order fulfilment, customer support |
| Health‑Related Data | Information you voluntarily share about allergies, existing conditions or prescriptions | Customising product recommendations; ensuring product suitability |
| Transaction Data | Order history, payment IDs (masked), shipping details | Order processing, invoicing, returns |
| Technical & Usage Data | IP address, browser type, device identifiers, pages visited, cookies | Site security, analytics, marketing |
| Marketing Preferences | SMS/WhatsApp/email opt‑ins, survey responses | Sending offers, newsletters, surveys |
3. How We Use Your Data
-
Contractual necessity – to register you, process payments, dispatch orders, and handle returns.
-
Consent – to send newsletters, wellness tips, or personalised offers. You may withdraw consent at any time.
-
Legitimate interest – to secure our Site, prevent fraud, and improve products and services.
-
Legal obligation – to comply with tax, accounting, consumer‑protection, and Ayush advertising rules.
4. Cookies & Similar Technologies
We use first‑party cookies (session & preference) and third‑party analytics cookies (e.g., Google Analytics). You can disable non‑essential cookies in the banner or browser settings. Blocking cookies may affect Site functionality.
5. Sharing & Disclosure
| Recipient | Reason |
|---|---|
| Payment gateways | Secure transaction processing |
| Logistics partners | Delivering your order & tracking |
| Authorised healthcare professionals | If you request practitioner advice |
| Service providers (IT hosting, email, SMS) | Site operation & marketing |
| Regulators / law enforcement | When required by law or to defend legal claims |
We never share or sell your personal data to third parties for their own marketing.
6. International Transfers
If data is moved outside India/EU, we rely on (i) adequacy decisions, (ii) standard contractual clauses, or (iii) other lawful safeguards to ensure similar protection.
7. Data Retention
We keep personal data only as long as necessary:
-
Orders & invoices: 8 years (legal accounting requirement).
-
Marketing data: until you unsubscribe or for 3 years of inactivity.
-
Health‑related records: 2 years after your last purchase, unless longer retention is mandated or consent is withdrawn.
8. Your Rights
Depending on your jurisdiction, you can:
-
Access the personal data we hold about you.
-
Correct inaccurate or incomplete data.
-
Delete (erase) data when it is no longer needed.
-
Withdraw consent at any time.
-
Data portability (receive a copy in machine‑readable form).
-
Object / restrict certain processing (e.g., direct marketing).
Submit requests via Info@turashherbocueticals.com or call +91 80 4762 4434. We respond within 30 days unless an extension is legally permitted.
9. Children’s Privacy
Our products and Site are intended for adults (18+). We do not knowingly collect data from children. Parents/guardians who believe a child has provided data may contact us for prompt deletion.
10. Data Security
We maintain administrative, technical, and physical safeguards:
-
AES‑256 encryption for data at rest; TLS 1.3 for data in transit
-
Role‑based access controls & two‑factor authentication
-
Regular vulnerability scans & backups
-
Incident‑response plan that includes notifying affected users and regulators of any personal‑data breach within statutory timelines
11. Marketing Communications
-
Email/SMS/WhatsApp: Sent only with opt‑in consent. Opt‑out links are included in every message.
-
Remarketing ads: We may show you ads on social media based on Site visits; you can disable personalised ads in each platform’s settings.
12. Links to Third‑Party Sites
Our Site may contain links to external websites. We are not responsible for their privacy practices. We encourage you to read their privacy policies.
13. Updates to This Policy
We may update this policy to reflect legal, technical, or business changes. Material changes will be posted on this page and, where appropriate, notified by email/SMS. Continued use of the Site after changes implies acceptance.