Home Data Protection Statement

Data Protection Statement

Our commitment to protecting your personal data and ensuring compliance with global privacy regulations.

Last Updated: April 14, 2026

1. Our Commitment to Data Protection

OYMOM Health Private Limited ("OYMOM Global™", "we", "our", "us") is committed to protecting the privacy and security of your personal data. This Data Protection Statement explains how we collect, process, store, and protect your information in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR), India's Information Technology Act, 2000, and other relevant regulations.

2. Data Protection Principles

We adhere to the following data protection principles:

  • Lawfulness, Fairness, and Transparency: We process personal data lawfully, fairly, and transparently.
  • Purpose Limitation: We collect data for specified, explicit, and legitimate purposes.
  • Data Minimization: We collect only data that is necessary for the intended purpose.
  • Accuracy: We keep personal data accurate and up to date.
  • Storage Limitation: We retain data only as long as necessary.
  • Integrity and Confidentiality: We protect data using appropriate security measures.
  • Accountability: We are responsible for and can demonstrate compliance with these principles.

3. Types of Data We Process

We process the following categories of personal data:

  • Identity Data: Name, date of birth, gender, government ID numbers
  • Contact Data: Address, email, phone number
  • Farm/Livestock Data: Herd size, animal health records, location data
  • Financial Data: Payment information, insurance details, transaction history
  • Technical Data: IP address, device information, browser type
  • Usage Data: How you use our platforms and services
  • Location Data: GPS coordinates for service delivery
  • Sensitive Data: Health information (processed with explicit consent)

4. Legal Bases for Processing

We process personal data under the following legal bases:

  • Consent: You have given clear consent for specific processing activities.
  • Contract: Processing is necessary for a contract with you (e.g., providing veterinary services).
  • Legal Obligation: Processing is required to comply with laws (e.g., disease reporting).
  • Legitimate Interests: Processing is necessary for our legitimate business interests (e.g., fraud prevention).
  • Public Interest: Processing is necessary for tasks carried out in the public interest (e.g., disease surveillance).

5. Data Security Measures

We implement comprehensive security measures to protect your data:

  • Encryption: End-to-end encryption for data in transit (TLS 1.3) and at rest (AES-256)
  • Access Controls: Role-based access control (RBAC) and multi-factor authentication
  • Network Security: Firewalls, intrusion detection systems, and DDoS protection
  • Regular Audits: Quarterly security assessments and penetration testing
  • Backup and Recovery: Automated backups with off-site storage
  • Incident Response: Documented breach response procedures
  • Employee Training: Regular data protection and security awareness training

6. Data Retention

We retain personal data only as long as necessary for the purposes for which it was collected:

  • Account Data: Retained until account is deleted, plus 30 days for recovery
  • Transaction Data: Retained for 7 years for legal and audit purposes
  • Health Records: Retained for 10 years from last interaction
  • Insurance Data: Retained for 7 years after policy expiration
  • Usage Data: Retained for 24 months for analytics

7. International Data Transfers

We may transfer personal data to countries outside your country of residence. When we do so, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Binding Corporate Rules (BCRs) for intra-group transfers
  • Transfer impact assessments
  • Data processing agreements with all third-party processors

8. Data Subject Rights

Depending on your location, you have the following rights regarding your personal data:

  • Right to Access: Obtain confirmation of whether we process your data and access that data.
  • Right to Rectification: Correct inaccurate or incomplete data.
  • Right to Erasure: Request deletion of your data ("right to be forgotten").
  • Right to Restrict Processing: Limit how we use your data.
  • Right to Data Portability: Receive your data in a structured, machine-readable format.
  • Right to Object: Object to processing based on legitimate interests or direct marketing.
  • Rights Related to Automated Decision-Making: Not be subject to decisions based solely on automated processing.

To exercise these rights, contact our Data Protection Officer at dpo@oymom.com.

9. Data Protection Impact Assessments

We conduct Data Protection Impact Assessments (DPIAs) for high-risk processing activities, including:

  • Large-scale processing of sensitive data (health records)
  • Systematic monitoring of individuals (location tracking)
  • Use of new technologies (AI, IoT devices)
  • Processing that involves automated decision-making

10. Breach Notification

In the event of a personal data breach, we will:

  • Notify affected individuals within 72 hours if the breach poses a risk to their rights
  • Notify relevant supervisory authorities within 72 hours (where required)
  • Document all breaches and remedial actions taken
  • Review and improve security measures following any breach

11. Third-Party Processors

We use third-party processors who meet our data protection standards. All processors are bound by data processing agreements that include:

  • Limitations on data use to specified purposes
  • Security obligations consistent with our standards
  • Requirements for sub-processor approvals
  • Audit rights and breach notification obligations

12. Children's Data

Our services are not directed to individuals under 18. We do not knowingly collect personal data from minors. If we become aware of such data, we will delete it promptly.

13. Changes to This Statement

We may update this Data Protection Statement periodically. Material changes will be notified through our website or direct communication. The "Last Updated" date indicates when changes were made.

14. Contact Information

  • Data Protection Officer (DPO): dpo@oymom.com
  • Privacy Team: privacy@oymom.com
  • Legal & Compliance: legal@oymom.com
  • Phone: +91 9525292403
  • Postal Address: Data Protection Officer, OYMOM Health Private Limited, [Your Registered Address], Patna, Bihar, India

🔒 Our Security Certifications

  • ISO 27001 (Information Security Management) - In Progress
  • GDPR Compliant Data Processing Framework
  • Regular Third-Party Security Audits
  • Data Protection by Design and Default

© 2026 OYMOM Global™ — All Rights Reserved.