Privacy Policy

Effective Date: [22nd February 2026]
Last Updated: [22nd February 2026]

Introduction

Welcome to Market Revolution, a market research firm specializing in the medical and healthcare sector. We are based in India and operate the website mrpvtltd.com (the “Website”). This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you interact with our Website, particularly when you provide information to engage our market research services.

This Privacy Policy is designed to comply with applicable data protection laws, including:

  • The Digital Personal Data Protection Act, 2023 ("DPDPA") and the Digital Personal Data Protection Rules, 2025 (“DPDP Rules”) in India.
  • The General Data Protection Regulation (EU) 2016/679 (“GDPR”) for users in the European Union (EU) or European Economic Area (EEA), where we offer services to individuals in those regions.

By using our Website and providing your personal data, you acknowledge that you have read, understood, and agree to this Privacy Policy. If you do not agree, please do not use our Website or provide any personal data.

If you are a resident of the EU/EEA, we process your personal data in accordance with GDPR principles, and this Privacy Policy serves as our notice under Article 13/14 of the GDPR. For Indian residents, this serves as the notice required under Section 5 of the DPDPA and Rule 3 of the DPDP Rules.

We act as a Data Fiduciary (under DPDPA) or Controller (under GDPR) for the personal data we collect.

Personal Data We Collect

We collect the following personal data from users who wish to engage us for market research services through the Website:

  • First Name
  • Last Name
  • Work Email
  • Designation
  • Phone Number
  • Description of Research Required (which may include details about your professional needs or project specifics)

This data is collected directly from you when you submit it via forms on our Website (e.g., contact or inquiry forms).

We may also automatically collect non-personal data or anonymized information, such as IP address, browser type, device information, and Website usage data through cookies or similar technologies. For details on cookies, see Section 10 below.

How We Collect Your Personal Data

  • Directly from you: When you voluntarily provide it through Website forms to request services.
  • Automatically: Via cookies, analytics tools (e.g., Google Analytics), or server logs.
  • From third parties: We may receive data from third-party sources, such as partners or public databases.

We do not collect personal data from children under 18 (as defined under DPDPA), and our services are intended for professional users only.

Purposes and Legal Basis for Processing Your Personal Data

We process your personal data for the following specified purposes (as required under DPDPA Section 4 and GDPR Article 5):

  • To respond to your inquiries, provide market research services, and communicate with you about your requested research (e.g., via email or phone).
  • To manage and improve our website and services.
  • To comply with legal obligations, such as record-keeping or responding to regulatory requests.
  • For marketing purposes, such as sending newsletters (subject to your explicit opt-in consent).

Legal Basis:

  • Under DPDPA (for Indian users): We process your data based on your consent (Section 6), which you provide when submitting the form. Consent is verifiable and can be withdrawn easily (see Section 8). For certain legitimate uses (Section 7), such as providing the requested service, we may rely on necessity without separate consent.
  • Under GDPR (for EU/EEA users): We process your data based on your consent (Article 6(1)(a)), which is freely given, specific, informed, and unambiguous. Alternatively, processing may be necessary for the performance of a contract (Article 6(1)(b)) if you engage our services, or for our legitimate interests (Article 6(1)(f)), such as improving services, balanced against your rights.

We do not process data for automated decision-making or profiling that produces legal effects.

If the purpose changes, we will provide a new notice and seek fresh consent where required.

Sharing and Disclosure of Your Personal Data

We may share your personal data with:

  • Service Providers/Data Processors: Third-party vendors who assist us, such as IT hosting providers, email services, or analytics tools (Hostinger). These are bound by contracts ensuring compliance with DPDPA (Section 8) and GDPR (Article 28).
  • Affiliates or Partners: NA.
  • Legal Requirements: To comply with laws, court orders, or government requests (e.g., under DPDPA Section 12 or GDPR Article 6(1)(c)).

We do not sell your personal data. For international transfers (e.g., to servers outside India or EU), see Section 7.

Storage and Security of Your Personal Data

Your personal data is stored on secure servers in India (Hostinger).

We implement appropriate technical and organizational measures to protect your data, including encryption, access controls, and regular security audits (as required under DPDPA Section 8(4) and GDPR Article 32). These include firewalls and SSL encryption.

In case of a personal data breach, we will notify you and the relevant authorities (Data Protection Board under DPDPA Section 8(6) or supervisory authority under GDPR Article 33/34) as required.

International Data Transfers

As an India-based company, your data is primarily processed in India. If we transfer data outside India (e.g., to EU or other countries), we ensure compliance:

  • Under DPDPA: Transfers are allowed if the recipient country provides adequate protection or with safeguards (Section 16, and DPDP Rules 20-22).
  • Under GDPR: For transfers outside EU/EEA, we use Standard Contractual Clauses, adequacy decisions, or other mechanisms (Article 44-50).

Data Retention

We retain your personal data only as long as necessary for the purposes outlined (e.g., to provide services) or as required by law. Typically, this is 5 years after service completion.

After this, data is securely deleted or anonymized (DPDPA Section 8(7), GDPR Article 5(1)(e)).

Your Rights

You have the following rights regarding your personal data:

  • Access: Request a copy of your data (DPDPA Section 11, GDPR Article 15).
  • Correction/Updation: Rectify inaccurate data (DPDPA Section 12, GDPR Article 16).
  • Erasure (Right to be Forgotten): Delete data in certain cases (DPDPA Section 12, GDPR Article 17).
  • Withdrawal of Consent: Withdraw consent at any time, without affecting prior processing (DPDPA Section 6(5), GDPR Article 7(3)).
  • Nomination: Nominate someone to exercise rights on your behalf in case of death or incapacity (DPDPA Section 14).
  • Objection/Portability (GDPR-specific): Object to processing or request data portability (Articles 21, 20).
  • Grievance: Contact our Data Protection Officer (see Section 12) or lodge a complaint with the Data Protection Board (India) or your local supervisory authority (EU).

To exercise rights, contact us at info@mrpvtltd.com. We respond within 15 (Fifteen) days to 30 (Thirty) days. For verifiable consent under DPDP Rules 10-11, we maintain records of your consent.

Children’s Data

We do not knowingly collect data from children under 18. If we become aware of such data, we will delete it immediately (DPDPA Section 9, GDPR Article 8).

Contact Us

For questions, complaints, or to exercise rights, contact our Data Protection Officer:

  • Name: Market Revolution
  • Email: info@mrpvtltd.com
  • Address: A424 Panama Park, Lohegaon, Pune 411047, Maharashtra, India
  • Phone: +91 6394-130348

For EU users, our EU representative (if appointed under GDPR Article 27): Queries can be sent to the contact details provided above.

Changes to This Privacy Policy

We may update this Policy periodically. Changes will be posted on the Website with the updated date. Continued use constitutes acceptance. For material changes, we may notify you via email.

Governing Law

This Policy is governed by Indian law, subject to applicable international requirements.