1. Who We Are
Orca Labs Pvt Ltd (“Orca Labs,” “we,” “us,” or “our”) is a leading pharmaceutical manufacturer headquartered in Visakhapatnam, India, with offices in Gurgaon (Corporate Office) and Hyderabad (Administrative Office). We engineer clinically trusted generic medicines and formulations, delivering DCGI-approved, WHO-GMP certified solutions across India and expanding into global markets, with initial focus on African regions and future growth into other international territories. Our website (https://orcalabs.in/) supports business communication, product display, marketing, and trade inquiries.Contact:
- Email: regulatory@orcalabs.in
- Registered Office: 9-7-40/7/2, Laxmi Nagar, Sivajipalem, L B Colony, Visakhapatnam, Andhra Pradesh, India, +91 9348292555
- Administrative Office: No. 5A, Sri Teja Residency, Kavuri Hills, Jubilee Hills, Hyderabad, India, +91 9346092555
2. Data We Collect
2.1 Personal Data You Provide
- Contact Forms: Name, email, company name (if applicable), and message content. Health-related queries are treated as sensitive personal data under GDPR, DPDPA, IT Rules, HIPAA, and applicable international laws (e.g., NDPR, POPIA, LGPD), requiring explicit consent.
- Newsletter Subscriptions: Email address for updates on products, formulations, and global market opportunities, with opt-in consent.
- Trade Inquiries: Business contact details (e.g., company name, address) for regulatory or supply engagements worldwide, with consent.
- Comments: Data from comment forms, IP address, and browser user agent string for spam detection.
2.2 Automatically Collected Data
- Usage Data: Anonymized data on pages visited, duration, clicks, and referral sources (via Google Analytics).
- Device Data: IP address, browser type, operating system, and device identifiers.
- Cookies and Tracking: Detailed in Section 6.
2.3 No Third-Party Data
- We do not collect personal data from third parties.
3. How We Use Your Data
- Respond to Inquiries: Address contact form submissions, trade requests, and health-related queries, complying with GDPR, DPDPA, IT Rules, HIPAA, and international regulations.
- Marketing: Send newsletters or updates for global markets with explicit consent.
- Website Optimization: Improve functionality, performance, and content relevance using anonymized data.
- Security: Monitor activity, prevent fraud, and ensure compliance with cybersecurity standards.
- Trade Facilitation: Process export inquiries per applicable trade laws.
- Legal Compliance: Meet obligations under GDPR, DPDPA, IT Rules, CCPA, HIPAA, and global data protection laws.
4. Legal Basis for Processing
- Consent: For marketing, non-essential cookies, health-related data, and trade inquiries (explicit under GDPR, DPDPA, IT Rules, HIPAA, NDPR, POPIA, LGPD).
- Legitimate Interests: For website security, optimization, and performance tracking, if rights are not overridden (per GDPR Article 6(1)(f)).
- Legal Obligation: Compliance with Indian (DPDPA, IT Rules), EU (GDPR), U.S. (HIPAA, CCPA), and global (e.g., NDPR, POPIA, LGPD) laws.
- Contractual Necessity: For trade or B2B engagements.
5. Data Sharing
We do not sell, rent, or share personal data with third parties for advertising or profiling. Data may be shared with:
- Service Providers: Hosting and analytics (e.g., Google Analytics) platforms, with no personalized data shared, compliant with GDPR and global laws.
- Authorities: Disclosed to government or regulatory bodies (e.g., DCGI, SAHPRA, Kenya PPB) if required by law, with notification where permitted (GDPR Article 14).
6. Cookies and Tracking Technologies
6.1 What Are Cookies?
Cookies are small text files stored on your browser or device when visiting our site. They enable functionality, remember preferences, and support analytics or marketing, aligning with GDPR, DPDPA, and global data laws.6.2 Types of Cookies Used on OrcaLabs.in
a) Essential Cookies (Strictly Necessary)
- Purpose: Enable core website operations (e.g., session management, security, consent tracking).
- Examples: PHPSESSID (session ID), security cookies, consent management cookies.
- Consent: Not required; essential for site access (GDPR Article 5(3) exemption).
b) Non-Essential Cookies
- i) Analytics Cookies
- Purpose: Collect anonymized data on traffic, behavior, and engagement (e.g., Google Analytics) to optimize marketing for global markets.
- Consent: Requires explicit opt-in (GDPR Article 7, DPDPA).
- ii) Marketing Cookies
- Purpose: Tailor content, measure outreach, and personalize visits for global audiences.
- Consent: Requires explicit opt-in (GDPR Article 7, NDPR).
c) Table 1: Essential Cookies
| Type | Purpose | Data Collected | Storage Duration | Consent Required? |
| Session Management | Maintain session continuity, language settings, and logged-in state | Session ID, user preferences | Until browser closes | No |
| Security & Integrity | Protect against CSRF/XSS attacks, authenticate requests | Tokens, auth headers, login state | Session or 1 year max | No |
| Consent Preferences | Store user cookie consent choices and categories | Consent status, preference flags, timestamps | 6 to 12 months | No |
| Load Balancing | Distribute website traffic across servers to ensure speed and reliability | Server routing info, load balancer IDs | Session only | No |
| Infrastructure Support | Support caching, firewall actions, uptime monitoring | IP address (anonymized), server logs | Server-side only | No |
d) Table 2: Optional (Non-Essential) Cookies
| Category | Purpose | Data Collected | Storage Duration | Consent Required? |
| Analytics (1st-Party) | Monitor page views, bounce rates, and session performance | Pseudonymous user ID, navigation paths, time on site | 1 day to 2 years | Yes (Explicit) |
| Analytics (3rd-Party) | Understand traffic sources and user segments via platforms like Google Analytics | IP address, referral source, browser type | 1 day to 2 years | Yes (Explicit) |
| Marketing & Retargeting | Deliver personalized ads and build remarketing lists for global markets | Browsing history, viewed products, CRM-linked identifiers | 1 month to 13 months | Yes (Explicit) |
| Social Media Sharing | Allow users to share content or view posts from Facebook, LinkedIn, etc. | IP address, user agent, engagement tracking | Varies by platform | Yes (on interaction) |
| Embedded Multimedia | Enable video playback or embedded maps (e.g., YouTube, Vimeo, Google Maps) | Player settings, viewing behavior, localization data | Session to 2 years | Yes (Explicit) |
6.3 Managing Your Cookie Preferences
- Options: Accept all, reject non-essential, or customize via the cookie banner on first visit or “Cookie Settings” in the footer (GDPR-compliant).
- Opt-Out: Install the Google Analytics Opt-out Add-on or email regulatory@orcalabs.in.
- Withdrawal: Adjust settings anytime via the banner or contact us (GDPR Article 7(3)).
6.4 Embedded Content and Third-Party Cookies
Our website includes embedded content for marketing and trade purposes globally. These third-party services may collect data, use cookies, or track interactions if you engage with them, subject to their policies. No personal data is shared unless you consent:- Facebook: Displays our timeline or posts. See Facebook Privacy Policy.
- Instagram: Showcases visual content. See Instagram Privacy Policy.
- WhatsApp: Offers communication links for trade inquiries. See WhatsApp Privacy Policy.
- YouTube: Features product or brand videos. See YouTube Privacy Policy.
- LinkedIn: Shares professional updates. See LinkedIn Privacy Policy.
- Twitter: Posts brand updates. See Twitter Privacy Policy.
7. Data Retention
- Contact Form Data: Until inquiry resolution, unless required by law (e.g., trade documentation).
- Newsletter Data: Until unsubscription.
- Comments: Until removal request, unless legally required.
- Trade Inquiries: Per applicable trade law retention.
- Usage Data: Anonymized, retained indefinitely.
8. Data Security
- Measures: SSL encryption, access controls, secure infrastructure per IT Rules, HIPAA, GDPR, and global standards.
- Breach Response: Notify affected users and authorities within 72 hours (GDPR Article 33, DPDPA, NDPR).
9. Your Privacy Rights
You may exercise rights under applicable laws:
- Access, Rectification, Deletion, Restriction, Portability, Objection, Consent Withdrawal (GDPR Articles 15-22, DPDPA, NDPR, POPIA, LGPD).
- Grievance Redressal: Lodge complaints with DPDPA authorities, EU Data Protection Authorities, or global equivalents (e.g., NDPR NITDA, POPIA Regulator).
How to Exercise: Email regulatory@orcalabs.in. Response within 30 days (72 hours for DPDPA/NDPR grievances), with identity verification.
10. International Data Transfers
Data may be processed outside India (e.g., for global markets) using Standard Contractual Clauses or adequacy decisions under GDPR, DPDPA, NDPR, POPIA, LGPD, and other applicable laws.
11. Third-Party Links
Links to social media or trade portals (e.g., LinkedIn, WhatsApp) are not our responsibility. Review their policies.
12. Children’s Privacy
Not intended for under-16s. Contact us to delete any such data.
13. Changes to this Policy
Updates posted on our website with 30-day advance notice (email if applicable), per DPDPA and GDPR Article 13.
14. Global Legal Compliance
This policy complies with:
- India: DPDPA, IT Rules.
- EU: GDPR (prepared for future compliance).
- USA: HIPAA (health inquiries), CCPA (where applicable).
- Nigeria: Nigeria Data Protection Regulation (NDPR).
- Kenya: Data Protection Act, 2019.
- South Africa: POPIA.
- Brazil: LGPD.
- UAE: Decree-Law No. 45/2021.
- Other global laws as applicable.
15. Consent and Your Choices
- Control: Accept, reject, or customize cookies; opt-in/out of newsletters; withdraw consent (GDPR Article 7(3)).
- Access Without Consent: Use core site features (e.g., product info) without non-essential cookies.
- Exercise Rights: Email regulatory@orcalabs.in.
16. Contact Us
- Email: regulatory@orcalabs.in
- Address: Orca Labs Pvt Ltd, Visakhapatnam, India