Privacy Policy

Last Updated: November 10, 2025

1. Introduction

RaktaBandhu ("we," "us," "our," or "Platform") is committed to protecting the privacy and security of your personal data. This Privacy Policy is prepared in compliance with the Digital Personal Data Protection Act, 2023 ("DPDP Act"), the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you use our blood donor-recipient connection platform.

2. Data Fiduciary Details

Name: RaktaBandhu

Email: [email protected]

3. Definitions

Data Principal: You, the individual to whom the personal data relates
Data Fiduciary: RaktaBandhu, who determines the purpose and means of processing personal data
Personal Data: Any data about an individual who is identifiable by or in relation to such data
Sensitive Personal Data: Health information, blood group, medical conditions, location data
Processing: Collection, storage, use, disclosure, deletion, or any other operation performed on personal data

4. Personal Data We Collect

4.1 Registration Information

Full name
Date of birth
Gender
Email address
Mobile number
State and city of residence
Blood group
Profile photograph (optional)

4.2 Health Information

Blood group type (A+, A-, B+, B-, AB+, AB-, O+, O-)
Last donation date
Medical eligibility status (self-declared)
Health screening responses
Donation history

4.3 Location Data

Current location (when seeking or offering blood donation)
City/state for donor-recipient matching
Geolocation data (with explicit consent)

4.4 Communication Data

Notification preferences

4.5 Technical Data

IP address
Device information (device type, operating system)
Browser type and version
Login timestamps
App usage analytics
Cookies and similar technologies

4.6 Voluntary Information

Emergency contact details
Availability for donation

5. Purpose and Lawful Basis for Processing

5.1 Primary Purposes (with your consent)

Donor-Recipient Matching: To connect blood donors with recipients based on blood group compatibility and geographic proximity
Account Management: To create, maintain, and manage your user account
Communication: To send notifications about blood requests, donation opportunities, and platform updates
Emergency Alerts: To notify registered donors during critical blood shortage situations
Service Improvement: To analyze usage patterns and improve platform functionality

5.2 Legitimate Purposes (without consent as per DPDP Act Section 7)

Compliance with Law: To comply with legal obligations, court orders, or government directives
Medical Emergency: To facilitate blood availability during life-threatening emergencies
Prevention of Fraud: To detect and prevent fraudulent activities on the platform
Legal Proceedings: For the establishment, exercise, or defense of legal claims

6. How We Collect Your Data

Directly from You: During registration, profile updates, and donation requests
Automatically: Through cookies, analytics tools, and app usage tracking

7. Data Sharing and Disclosure

7.1 Sharing with Other Users

Your name, blood group, city, and contact information are shared with recipients when you respond to a blood request. Recipients' requirements are shared with matching donors in the vicinity. All sharing is done only with your explicit consent.

7.2 Sharing with Third Parties

We may share your personal data with:

Licensed Blood Banks: For verification and donation coordination (with consent)
Healthcare Facilities: To facilitate the donation process (with consent)
Service Providers: Cloud hosting, SMS/email services, analytics (under strict data processing agreements)
Government Authorities: When legally mandated or for public health emergencies
Legal Authorities: In response to court orders, legal processes, or statutory requirements

7.3 No Sale of Personal Data

We DO NOT sell, rent, or commercially exploit your personal data to any third party for marketing purposes.

8. International Data Transfers

Your personal data is processed and stored within India. We do not transfer personal data outside India except:

With your explicit consent
For technical support from cloud service providers (with adequate safeguards)
When legally required

All international transfers comply with DPDP Act requirements and appropriate security measures.

9. Data Retention

Active Users: Personal data is retained as long as your account remains active
Inactive Accounts: If inactive for 3 years, account data will be anonymized or deleted after notification
Donation History: Retained for 5 years for medical and legal compliance
Legal Requirements: Data retained longer if required by law or pending legal proceedings
Deletion Requests: Upon request, personal data deleted within 30 days, except where retention is legally mandated

10. Your Rights as Data Principal

Under the DPDP Act, 2023, you have the following rights:

10.1 Right to Access

Request a copy of your personal data we hold
Obtain information about how your data is being processed

10.2 Right to Correction

Request correction of inaccurate or incomplete personal data
Update your profile information at any time

10.3 Right to Erasure

Request deletion of your personal data (Right to be Forgotten)
Account deletion available through settings or by contacting us

10.4 Right to Data Portability

Request your data in a commonly used, machine-readable format
Transfer your data to another platform (where technically feasible)

10.5 Right to Nominate

Nominate another individual to exercise your rights in case of death or incapacity

10.6 Right to Withdraw Consent

Withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal
Opt-out of non-essential communications

10.7 Right to Grievance Redressal

File complaints with our Grievance Officer
Escalate to the Data Protection Board of India

11. Security Measures

11.1 Technical Safeguards

Encryption: Data encrypted in transit (SSL/TLS) and at rest (AES-256)
Access Controls: Role-based access with multi-factor authentication
Firewalls: Network security and intrusion detection systems
Secure Servers: Data stored on servers with ISO 27001 certification
Regular Audits: Periodic security assessments and vulnerability testing

11.2 Organizational Safeguards

Data Minimization: Collect only necessary data
Need-to-Know Basis: Employee access restricted to job requirements
Confidentiality Agreements: All staff and contractors bound by confidentiality
Training: Regular data protection and security awareness training
Incident Response Plan: Documented procedures for data breach management

11.3 Data Breach Notification

In the event of a personal data breach:

We will notify the Data Protection Board of India without undue delay
Affected Data Principals will be informed within 72 hours
Notification will include nature of breach, likely consequences, and remedial measures

12. Cookies and Tracking Technologies

We use cookies and similar technologies:

Essential Cookies: Required for platform functionality (login, security)
Performance Cookies: Analytics to understand user behavior (Google Analytics)
Functional Cookies: Remember preferences and settings
Advertising Cookies: NOT USED – we do not engage in targeted advertising

You can control cookies through browser settings. Disabling essential cookies may affect platform functionality.

13. Children's Privacy

RaktaBandhu is not intended for individuals below 18 years of age. We do not knowingly collect personal data from children. Blood donation in India is legally permitted only for individuals aged 18 and above (as per NBTC guidelines).

If we discover that we have inadvertently collected data from a minor, we will delete it immediately.

14. Third-Party Links

Our Platform may contain links to third-party websites, blood banks, or healthcare facilities. We are not responsible for the privacy practices of these external sites. Please review their privacy policies before sharing any information.

15. Changes to Privacy Policy

We may update this Privacy Policy periodically to reflect:

Changes in legal or regulatory requirements
New features or services
Feedback from Data Principals or regulatory authorities

Material changes will be notified via:

Email notification to registered users
Prominent notice on the Platform
Pop-up notification on app/website

Your continued use after changes constitutes acceptance. You may withdraw consent and delete your account if you disagree.

16. Consent Mechanism

By registering on RaktaBandhu, you provide:

Free Consent: Given voluntarily without coercion
Specific Consent: For defined purposes stated in this policy
Informed Consent: After clear disclosure of data processing practices
Unambiguous Consent: Through affirmative action (clicking "I Agree")
Revocable Consent: Can be withdrawn at any time

17. Grievance Redressal

For privacy-related concerns, data access requests, or complaints:

Email: [email protected]

Response Timeline:

Acknowledgment within 72 hours
Resolution within 30 days
Escalation to Data Protection Board of India if unresolved

18. Jurisdiction

This Privacy Policy is governed by the laws of India. Any disputes shall be subject to the exclusive jurisdiction of courts in Bangalore, Karnataka, India.

19. Contact Us

For questions about this Privacy Policy:

Email: [email protected]

Privacy Policy

Last Updated: November 10, 2025

1. Introduction

This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you use our blood donor-recipient connection platform.

2. Data Fiduciary Details

Name: RaktaBandhu

Email: [email protected]

3. Definitions

Data Principal: You, the individual to whom the personal data relates
Data Fiduciary: RaktaBandhu, who determines the purpose and means of processing personal data
Personal Data: Any data about an individual who is identifiable by or in relation to such data
Sensitive Personal Data: Health information, blood group, medical conditions, location data
Processing: Collection, storage, use, disclosure, deletion, or any other operation performed on personal data

4. Personal Data We Collect

4.1 Registration Information

Full name
Date of birth
Gender
Email address
Mobile number
State and city of residence
Blood group
Profile photograph (optional)

4.2 Health Information

Blood group type (A+, A-, B+, B-, AB+, AB-, O+, O-)
Last donation date
Medical eligibility status (self-declared)
Health screening responses
Donation history

4.3 Location Data

Current location (when seeking or offering blood donation)
City/state for donor-recipient matching
Geolocation data (with explicit consent)

4.4 Communication Data

Notification preferences

4.5 Technical Data

IP address
Device information (device type, operating system)
Browser type and version
Login timestamps
App usage analytics
Cookies and similar technologies

4.6 Voluntary Information

Emergency contact details
Availability for donation

5. Purpose and Lawful Basis for Processing

5.1 Primary Purposes (with your consent)

Donor-Recipient Matching: To connect blood donors with recipients based on blood group compatibility and geographic proximity
Account Management: To create, maintain, and manage your user account
Communication: To send notifications about blood requests, donation opportunities, and platform updates
Emergency Alerts: To notify registered donors during critical blood shortage situations
Service Improvement: To analyze usage patterns and improve platform functionality

5.2 Legitimate Purposes (without consent as per DPDP Act Section 7)

Compliance with Law: To comply with legal obligations, court orders, or government directives
Medical Emergency: To facilitate blood availability during life-threatening emergencies
Prevention of Fraud: To detect and prevent fraudulent activities on the platform
Legal Proceedings: For the establishment, exercise, or defense of legal claims

6. How We Collect Your Data

Directly from You: During registration, profile updates, and donation requests
Automatically: Through cookies, analytics tools, and app usage tracking

7. Data Sharing and Disclosure

7.1 Sharing with Other Users

7.2 Sharing with Third Parties

We may share your personal data with:

Licensed Blood Banks: For verification and donation coordination (with consent)
Healthcare Facilities: To facilitate the donation process (with consent)
Service Providers: Cloud hosting, SMS/email services, analytics (under strict data processing agreements)
Government Authorities: When legally mandated or for public health emergencies
Legal Authorities: In response to court orders, legal processes, or statutory requirements

7.3 No Sale of Personal Data

We DO NOT sell, rent, or commercially exploit your personal data to any third party for marketing purposes.

8. International Data Transfers

Your personal data is processed and stored within India. We do not transfer personal data outside India except:

With your explicit consent
For technical support from cloud service providers (with adequate safeguards)
When legally required

All international transfers comply with DPDP Act requirements and appropriate security measures.

9. Data Retention

Active Users: Personal data is retained as long as your account remains active
Inactive Accounts: If inactive for 3 years, account data will be anonymized or deleted after notification
Donation History: Retained for 5 years for medical and legal compliance
Legal Requirements: Data retained longer if required by law or pending legal proceedings
Deletion Requests: Upon request, personal data deleted within 30 days, except where retention is legally mandated

10. Your Rights as Data Principal

Under the DPDP Act, 2023, you have the following rights:

10.1 Right to Access

Request a copy of your personal data we hold
Obtain information about how your data is being processed

10.2 Right to Correction

Request correction of inaccurate or incomplete personal data
Update your profile information at any time

10.3 Right to Erasure

Request deletion of your personal data (Right to be Forgotten)
Account deletion available through settings or by contacting us

10.4 Right to Data Portability

Request your data in a commonly used, machine-readable format
Transfer your data to another platform (where technically feasible)

10.5 Right to Nominate

Nominate another individual to exercise your rights in case of death or incapacity

10.6 Right to Withdraw Consent

Withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal
Opt-out of non-essential communications

10.7 Right to Grievance Redressal

File complaints with our Grievance Officer
Escalate to the Data Protection Board of India

11. Security Measures

11.1 Technical Safeguards

Encryption: Data encrypted in transit (SSL/TLS) and at rest (AES-256)
Access Controls: Role-based access with multi-factor authentication
Firewalls: Network security and intrusion detection systems
Secure Servers: Data stored on servers with ISO 27001 certification
Regular Audits: Periodic security assessments and vulnerability testing

11.2 Organizational Safeguards

Data Minimization: Collect only necessary data
Need-to-Know Basis: Employee access restricted to job requirements
Confidentiality Agreements: All staff and contractors bound by confidentiality
Training: Regular data protection and security awareness training
Incident Response Plan: Documented procedures for data breach management

11.3 Data Breach Notification

In the event of a personal data breach:

We will notify the Data Protection Board of India without undue delay
Affected Data Principals will be informed within 72 hours
Notification will include nature of breach, likely consequences, and remedial measures

12. Cookies and Tracking Technologies

We use cookies and similar technologies:

Essential Cookies: Required for platform functionality (login, security)
Performance Cookies: Analytics to understand user behavior (Google Analytics)
Functional Cookies: Remember preferences and settings
Advertising Cookies: NOT USED – we do not engage in targeted advertising

You can control cookies through browser settings. Disabling essential cookies may affect platform functionality.

13. Children's Privacy

If we discover that we have inadvertently collected data from a minor, we will delete it immediately.

14. Third-Party Links

15. Changes to Privacy Policy

We may update this Privacy Policy periodically to reflect:

Changes in legal or regulatory requirements
New features or services
Feedback from Data Principals or regulatory authorities

Material changes will be notified via:

Email notification to registered users
Prominent notice on the Platform
Pop-up notification on app/website

Your continued use after changes constitutes acceptance. You may withdraw consent and delete your account if you disagree.

16. Consent Mechanism

By registering on RaktaBandhu, you provide:

Free Consent: Given voluntarily without coercion
Specific Consent: For defined purposes stated in this policy
Informed Consent: After clear disclosure of data processing practices
Unambiguous Consent: Through affirmative action (clicking "I Agree")
Revocable Consent: Can be withdrawn at any time

17. Grievance Redressal

For privacy-related concerns, data access requests, or complaints:

Email: [email protected]

Response Timeline:

Acknowledgment within 72 hours
Resolution within 30 days
Escalation to Data Protection Board of India if unresolved

18. Jurisdiction

This Privacy Policy is governed by the laws of India. Any disputes shall be subject to the exclusive jurisdiction of courts in Bangalore, Karnataka, India.

19. Contact Us

For questions about this Privacy Policy:

Email: [email protected]