We take your privacy seriously. This policy explains exactly what data we collect, why we collect it, how we protect it, and your rights over it.
Who we are: Meduvita is an independent UCAT and medical school application preparation service operated from India. We are the data controller for personal data collected through this website and our educational services. Our contact for all data-related queries is meduvita17@gmail.com.
When you contact us, book a consultation, or enrol in a course, we collect:
| Data Type | Examples | When Collected |
|---|---|---|
| Identity data | First name, last name | Contact form, enrolment |
| Contact data | Email address | Contact form, enrolment |
| Academic data | Year of study, course interest, current stage | Contact form, enrolment |
| Payment data | Transaction confirmation (we do not store card details) | At point of payment |
| Communications | Messages you send us, optional notes in contact form | Contact form, email |
Once you are enrolled, we also collect:
| Data Type | Examples | Purpose |
|---|---|---|
| Performance data | AI Q-Bank scores, practice test results, progress metrics | Personalising your learning |
| Participation data | Session attendance, questions asked, engagement | Delivering the service |
| Feedback data | Personal statement drafts submitted for review | Providing feedback |
When you visit this website, we may automatically collect basic technical data including your IP address, browser type, device type, and pages visited. This is used solely for website security and to understand how visitors use the site. We do not build personal profiles from this data.
We do not collect sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, health data, biometric data, or financial account details beyond payment transaction confirmation. We do not store credit or debit card numbers.
Under the Digital Personal Data Protection Act, 2023 (DPDP Act) and the IT (Reasonable Security Practices) Rules 2011, we must have a lawful basis for processing your personal data. We rely on the following:
| Purpose | Legal Basis |
|---|---|
| Delivering the educational service you enrolled for | Performance of contract |
| Responding to enquiries via the contact form | Legitimate interest / pre-contractual steps |
| Sending you booking confirmations and service updates | Performance of contract |
| Marketing communications, testimonials, or promotional use | Explicit consent only — you must opt in |
| Preventing fraud and ensuring platform security | Legitimate interest |
| Complying with legal obligations | Legal obligation |
We will never use your data for marketing without first obtaining your separate, explicit, written consent. You can withdraw consent at any time — see Section 7.
We use your personal data only for the following purposes:
What we will never do: We will never use your data to make automated decisions that significantly affect you, build profiles for sale to third parties, contact you with unsolicited marketing without your prior consent, or share your identifiable data with any third party for their own marketing purposes.
Your personal data is never sold, rented, or traded to any third party. Full stop.
We may share the minimum necessary data with trusted service providers who help us operate our services. These providers are contractually bound to process your data only on our instructions and not for their own purposes:
| Category | Purpose | Data Shared |
|---|---|---|
| Payment processor | Processing course fees securely | Name, email, transaction amount |
| Video conferencing platform | Hosting live sessions | Name, email (for session access) |
| Email service provider | Sending booking confirmations and updates | Name, email |
| Cloud storage provider | Storing course materials and recordings securely | Anonymised or encrypted content only |
We may disclose your data if required to do so by law, court order, or government authority. We will notify you of any such request wherever legally permitted to do so.
We do not keep your data for longer than necessary. Our retention periods are:
| Data Type | Retention Period | Reason |
|---|---|---|
| Enquiry and contact form data (non-enrolled) | 12 months | To follow up and handle queries |
| Enrolment and course data | 3 years after course end | Contract records, dispute resolution |
| Payment transaction records | 7 years | Legal and tax obligations under Indian law |
| AI Q-Bank performance data | Duration of enrolment + 12 months | Service delivery and improvement |
| Marketing consent records | Until consent is withdrawn + 12 months | Demonstrating lawful basis |
| Website technical data (logs) | 90 days | Security monitoring |
After the applicable retention period, personal data is securely deleted or permanently anonymised. You may request earlier deletion at any time — see Section 7.
We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, accidental loss, destruction, or disclosure, in line with the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. These measures include:
Data breach notification: In the event of a personal data breach that is likely to result in harm to you, we will notify affected individuals and the relevant authority as required under the DPDP Act 2023, without undue delay.
Under India's Digital Personal Data Protection Act, 2023 and applicable data protection law, you have the following rights over your personal data. To exercise any of these rights, email us at meduvita17@gmail.com with the subject line "Data Rights Request". We will respond within 30 days.
We will respond to all rights requests within 30 days. If a request is complex or we receive multiple requests, we may extend this to 60 days and will inform you. We will not charge a fee for reasonable requests.
Cookies are small text files placed on your device by a website. They help websites function properly and provide information about how the site is used.
| Cookie Type | Purpose | Can You Opt Out? |
|---|---|---|
| Essential cookies | Required for the website to function (e.g. session state, form security) | No — required for basic function |
| Analytics cookies | Understanding how visitors use the site (aggregated, anonymous data only) | Yes — contact us to opt out |
| Marketing cookies | We currently do not use marketing or retargeting cookies | N/A |
This website embeds fonts from Google Fonts. When your browser loads this page, a request is made to Google's servers. Google may log your IP address in accordance with their own privacy policy. We do not control this processing. We use Google Fonts solely to render the page correctly and receive no data from Google about individual visitors.
You can control and delete cookies through your browser settings. Disabling essential cookies may affect the functionality of this website. For further information on managing cookies visit allaboutcookies.org.
Our services are primarily intended for individuals aged 18 and over. Where a student under 18 enrols with the consent of a parent or legal guardian, the parent or guardian accepts full responsibility for the student's compliance with our Terms, and for the accuracy of any data provided on the student's behalf.
We do not knowingly collect personal data from children under 13 without verifiable parental consent. If you believe we have inadvertently collected data from a child under 13 without appropriate consent, please contact us immediately at meduvita17@gmail.com and we will delete it promptly.
Under the DPDP Act 2023 (India), children are defined as individuals under 18. Where we are aware we are processing data of an individual under 18, we require verifiable parental consent and will not process their data for any purpose beyond direct service delivery.
Meduvita operates from India. However, some of the third-party service providers we use (such as video conferencing or cloud storage platforms) may process your data on servers located outside India, including in the European Economic Area or the United States.
Where your data is transferred outside India, we take reasonable steps to ensure it receives a comparable level of protection, including by only using service providers that are bound by appropriate contractual data protection obligations.
By using our services, you acknowledge that your data may be transferred to and processed in countries outside India. We will always act in accordance with applicable Indian data protection law when making such transfers.
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. When we make material changes, we will:
We encourage you to review this page periodically. Your continued use of our services after the effective date of any update constitutes your acceptance of the revised policy.
For any questions about this Privacy Policy, to exercise your data rights, to withdraw consent, or to make a complaint about how we have handled your personal data, please contact us using the details below. We aim to respond to all queries within 5 working days and all formal rights requests within 30 days.
We take every privacy query seriously. Reach out via email and include "Privacy" or "Data Rights" in your subject line so we can route your request correctly.