1. Introduction

Alvita Pharma Private Limited ("Alvita Pharma," "we," "us," or "our") is a pharmaceutical merchant exporter headquartered in Mumbai, India. We are engaged in the sourcing, registration, branding, and export of generic pharmaceutical products to more than 30 countries across Africa, South East Asia, Latin America, C.I.S., and other international markets.

This Privacy Policy describes how we collect, use, disclose, retain, and protect personal data obtained through our website (www.alvitapharma.co.in), business enquiries, trade communications, and any other interactions with us. It applies to business partners, healthcare professionals, distributors, suppliers, website visitors, employees, contractors, and any other individuals whose personal data we process.

By using our website or submitting your personal data to us, you acknowledge that you have read and understood this Privacy Policy.

2. Information We Collect

2.1 Business and Professional Information

• Full name, job title, and company name

• Business address, email address, and telephone numbers

• Professional licences, regulatory credentials, or distributor authorisations

• Country of operation and import/export licence details

2.2 Enquiry and Communications Data

• Product enquiries submitted via our website contact form or email

• Correspondence by email, telephone, WhatsApp, or other channels

• Meeting notes, proposals, and negotiation records

• Feedback, survey responses, and market research participation

2.3 Transactional and Financial Information

• Purchase orders, invoices, and payment records

• Bank account and payment details for settlements

• Export documentation including shipping instructions, Letters of Credit, and customs declarations

• Tax identification numbers and compliance documentation

2.4 Website and Technical Data

• IP address, browser type, operating system, and device identifiers

• Pages visited, time on site, clickstream data, and referring URLs

• Cookies and similar tracking technologies (see Section 10)

• 
  

3. How We Use Your Information

3.1 Business Operations and Export Services

• Processing product enquiries, preparing quotations, and managing customer relationships

• Executing export orders, coordinating logistics, and managing customs documentation

• Handling product registrations and dossier submissions in destination markets on behalf of clients

• Managing payments, invoicing, and financial reconciliation

3.2 Regulatory and Legal Compliance

• Complying with the Foreign Trade (Development and Regulation) Act, 1992, and DGFT regulations

• Meeting obligations under the Drugs and Cosmetics Act, 1940, and CDSCO guidelines

• Fulfilling export compliance requirements including sanctions screening and anti-bribery obligations

• Responding to inquiries from regulatory bodies in India and destination countries

• Maintaining records required by law and supporting audit and inspection activities

3.3 Marketing and Business Development

• Sending product updates, market intelligence, and promotional communications where we have consent or a legitimate interest

• Inviting partners to trade events, exhibitions, and product launches

• You may opt out of marketing communications at any time (see Section 9)

3.4 Website and Platform Improvement

• Analysing website usage to improve content, navigation, and user experience

• Monitoring website security and preventing fraud or misuse

• 
  

4. Legal Bases for Processing

Where applicable data protection legislation requires a lawful basis, we rely on one or more of the following:

• Contractual necessity — to perform a contract with you or your organisation, or to take pre-contractual steps at your request

• Legal obligation — to comply with applicable Indian and international laws and regulations

• Legitimate interests — to conduct our business as a pharmaceutical merchant exporter, provided our interests do not override your fundamental rights and freedoms

• Consent — where you have freely provided it, particularly for marketing communications; you may withdraw consent at any time

• Vital interests — in emergencies affecting personal safety

5. Disclosure of Personal Information

We do not sell your personal data. We may share it with:

5.1 Group Entities

Subsidiaries and affiliates of Alvita Pharma for purposes consistent with this Policy.

5.2 Manufacturing and Supply Chain Partners

Contract manufacturers, packaging partners, and quality assurance laboratories involved in fulfilling your order. These parties receive only the data necessary to deliver the contracted service and are bound by confidentiality obligations.

5.3 Logistics and Freight Service Providers

Freight forwarders, customs agents, clearing houses, and courier services who require personal and company data to process export shipments and customs documentation.

5.4 Regulatory Authorities

Government bodies in India (including CDSCO, DGFT, and Customs) and in destination countries, where disclosure is required by law, regulation, or court order.

5.5 Professional Advisers

Legal counsel, accountants, auditors, and insurance providers acting in an advisory capacity, bound by professional confidentiality.

5.6 IT and Platform Service Providers

Cloud hosting, CRM, email, and analytics providers who process data on our behalf under data processing agreements requiring appropriate technical and organisational safeguards.

5.7 Business Transactions

In connection with a merger, acquisition, or restructuring of our business, subject to the successor entity honouring this Privacy Policy.

6. International Data Transfers

As a pharmaceutical merchant exporter operating across more than 30 countries, personal data relating to business contacts, distributors, and regulatory correspondents may be transferred to and processed in countries outside India. These may include countries in Africa, South East Asia, Latin America, C.I.S., and Eastern Europe.

Where we transfer personal data internationally, we ensure that appropriate safeguards are in place, such as contractual protections, compliance with the Digital Personal Data Protection Act, 2023, and adherence to the data protection requirements of applicable destination countries. For more information, please contact us at the details in Section 12.

7. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected and to comply with our legal and regulatory obligations:

• Export and trade records — minimum 5 years (DGFT regulations)

• Financial and accounting records — minimum 8 years (Companies Act, 2013)

• Regulatory and product registration records — as required by the relevant country's pharmaceutical authority

• Website enquiry and marketing data — maximum 3 years from last contact, unless deleted sooner on request

When data is no longer required, it is securely deleted or anonymised in accordance with our records management procedures.

8. Data Security

We implement appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, loss, or destruction:

• Encryption of data in transit (TLS) and at rest for sensitive records

• Access controls restricting data to authorised personnel on a need-to-know basis

• Secure email and document sharing practices for trade and regulatory correspondence

• Regular review of IT security practices and employee awareness training

• Incident response procedures to detect, contain, and notify in the event of a data breach

In the event of a data breach that poses a significant risk to your rights, we will notify you and applicable authorities as required by law.

9. Your Privacy Rights

Subject to applicable law, you may have the following rights in relation to your personal data:

• Right to access — request confirmation of whether we hold your data and obtain a copy

• Right to rectification — request correction of inaccurate or incomplete information

• Right to erasure — request deletion where there is no compelling reason for continued processing

• Right to restriction — ask us to limit processing in certain circumstances

• Right to object — object to processing based on legitimate interests, including for direct marketing

• Right to data portability — receive your data in a structured, machine-readable format

• Right to withdraw consent — at any time where processing is based on consent

• Right to lodge a complaint — with the relevant data protection authority in your jurisdiction

To exercise any of these rights, please contact our Privacy Officer (see Section 12). We will respond within 30 days.

10. Cookies and Tracking Technologies

Our website uses cookies and similar technologies:

• Strictly necessary cookies — essential for website functionality

• Analytics cookies — to understand how visitors use the site and improve content

• Preference cookies — to remember settings and improve your experience

You can manage cookies through your browser settings. Disabling certain cookies may affect website functionality.

11. Children's Privacy

Our website and services are directed exclusively at business-to-business users and are not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently done so, please contact us and we will delete such information promptly.

12Contact Us

For any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact our Privacy Officer:

Privacy Officer — Alvita Pharma Private Limited

📍302, AHCL, Opp Shimpoli Telephone Exchange, Link Road, Borivali West, Mumbai – 400 092, Maharashtra, India
✉️ harsh@alvitapharma.co.in
📞 +91-8169613247
🌐 www.alvitapharma.co.in

We aim to acknowledge all privacy enquiries within 5 business days and to resolve them within 30 days. If you remain unsatisfied, you may escalate your complaint to the relevant supervisory authority.

13. Changes to This Policy
    
    

We may update this Privacy Policy from time to time to reflect changes in our operations, legal requirements, or best practices. Any updates will be posted on our website with a revised "Last Updated" date. Where changes are material, we will provide prominent notice. We encourage you to review this Policy periodically.

14. Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of India, including the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 (to the extent in force). Any disputes shall be subject to the exclusive jurisdiction of the competent courts in Mumbai, Maharashtra, India.