Effective Date: 4th June 2026

Last Updated: 4th June 2026

1.Introduction

MatraMeds Pharmaceuticals Pvt Ltd ("MatraMeds", "we", "us", "our") respects your privacy and is committed to processing personal data responsibly.

This Privacy Notice explains how we collect, use, store, disclose, protect, and otherwise process personal data through the MatraMeds website at https://matrameds.com (the "Website").

1.1. Scope

This Privacy Notice applies to personal data processed through the Website only. It does not cover any companion application, patient support programme, or operational HCP portal, because none of these is currently live. Separate, service-specific privacy notices will be issued when such services are launched.

This Notice is calibrated to MatraMeds' pre-commercial stage. The volume and sensitivity of data we process at this stage are limited. When MatraMeds launches its generic pharmaceutical portfolio (manufactured by Contract Development and Manufacturing Organisations under MatraMeds' brand), this Notice will be revised to reflect the safety-monitoring, product quality complaint handling, and marketing-related data processing that will then apply.

2.Applicability

This Privacy Notice applies to personal data we process in connection with:

• General enquiries submitted through the Contact email route;
• Self-declared HCP access to gated sections, where applicable;
• Medical-information requests submitted through the the medical-information email route;
• Safety-related submissions sent through the safety-reporting email route;
• Career enquiries submitted by email;
• Cookies and similar technologies, as described in the Cookie Notice;
• Technical and usage data generated by your interaction with the Website.

3.Personal Data We May Collect: Itemised Inventory

The following table itemises the personal data we may process at this stage, with the specific purpose of each item. In accordance with Rule 3 of the Digital Personal Data Protection Rules 2025, each data item is paired with its specific purpose.

Data item	Specific purpose	When collected
Full name	Identification and addressing communications	Website email routes and related correspondence
Email address	Communications, response delivery	Website email routes and related correspondence
Phone number	Optional contact, OTP-style verification where applicable	Contact email route (optional), HCP-gated access workflow where applicable
Self-declared profession (e.g., doctor, pharmacist)	HCP self-declaration	HCP-gated access workflow and Medical Information email route
Registration number (where supplied)	HCP self-declaration record	HCP-gated access workflow (optional)
Enquiry topic	Routing your enquiry	Contact email route, Medical Information email route
Free-text message or question	Responding to your enquiry	Contact email route, Medical Information email route
Report type, product / programme name, free-text details	Compliance triage of safety intake	Safety-reporting email route
Career enquiry content (CV, qualifications where supplied)	Recruitment assessment	Career enquiries
IP address, session timestamp, browser type	Security, fraud prevention, technical analytics	All Website use
Cookie identifiers	As described in the Cookie Notice	All Website use

Where MatraMeds intends to introduce processing of any additional data item not listed above, this Notice will be updated.

4.How We Collect Personal Data

We may collect personal data:

• Directly from you, where you send us an email or otherwise contact us through the Website’s published contact routes;
• Through cookies and similar technologies, as described in the Cookie Notice;
• From authorised service providers acting on our behalf (for example, our IT, hosting, and email-delivery providers).

We do not currently collect personal data from healthcare professionals, care teams, or any third party other than as described above.

5.Purposes of Processing

We may process personal data only for the specific purposes set out in Section 3 and, where necessary, for the following supporting purposes:

• Operating and securing the Website;
• Responding to enquiries and requests;
• Routing safety-related intake submissions to our compliance function for review;
• Managing recruitment processes;
• Complying with legal, regulatory, audit, or record-keeping obligations;
• Maintaining logs, preventing misuse, and protecting rights and security;
• Improving content, Website performance, and user experience.

We do not currently:

• Operate algorithmic profiling of any user;
• Make automated decisions producing legal or similarly significant effects;
• Engage in any marketing, advertising, or retargeting activity using personal data;
• Actively seek or routinely process health-related information, except to the limited extent that a user may voluntarily submit such information through a free-text field or safety-related intake route.

6.Basis of Processing

We process personal data for the specific purposes for which it is collected and for related lawful purposes consistent with your interaction with the Website, in accordance with applicable law and this Notice.

6.1. Notice and Consent Standards

Where consent is the basis for processing, MatraMeds seeks to ensure that consent is:

• Free, specific, informed, unconditional, and unambiguous;
• Given by a clear affirmative action;
• Accompanied by a notice in clear and plain language describing the personal data requested and the purpose;
• Easily withdrawable through the routes described in Section 11.

7.HCP Access and Professional Information

Where you access a gated section of the Website by self-declaring HCP status, MatraMeds may process the limited information you supply (such as name, email, profession, and registration number where given) to:

• Record your self-declaration;
• Provide access to the gated section;
• Maintain a basic log for misuse prevention.

At this stage, MatraMeds does not perform formal HCP verification. Self-declaration is an honesty-based control and is not a substitute for registration verification. Formal verification will be introduced before any product-specific professional materials are published in the gated sections.

8.Safety Reporting

If you send safety-related information through the Safety Reporting email route or other published safety contact route, MatraMeds will

• Log the submission;
• Route it to our compliance function for review;
• Conduct follow-up where needed;
• Retain it in accordance with Section 10.

Because MatraMeds has not yet launched any generic pharmaceutical product under its brand, no product-specific pharmacovigilance casework is currently in operation. Where a submission relates to a non-MatraMeds product or to a general safety concern, MatraMeds will endeavour to route it appropriately but does not undertake the duties of a marketing authorisation holder for any third-party product.

When MatraMeds' first generic product is launched, MatraMeds will implement appropriate safety-monitoring, medical-information, product-quality complaint handling, and escalation processes in accordance with applicable law, guidance, and internal quality systems. The Contract Development and Manufacturing Organisation contracted for physical manufacture will support MatraMeds' quality complaint and batch-traceability investigations through a written Quality Agreement, but with roles and responsibilities documented between the relevant parties. This Notice will be updated when these arrangements become operational.

9.Cookies and Similar Technologies

We use cookies and similar technologies as described in our Cookie Notice.

10.Retention Period

We retain personal data only for as long as necessary for the relevant purpose, unless longer retention is required or permitted by law, regulation, or internal compliance obligations.

The following retention periods apply at this pre-launch stage:

Category of data	Retention period	Basis
General enquiries (Contact email route)	24 months from last interaction	Operational necessity
HCP self-declaration records and access logs	5 years from last access	Audit and misuse-prevention
Medical Information enquiry records	up to 10 years from response, or such shorter or longer period as may be required by law, regulation, or internal compliance needs	Future regulatory and medico-legal expectation
Safety Reporting submissions	up to 10 years from receipt, or such shorter or longer period as may be required by law, regulation, or internal compliance needs	Compliance and future pharmacovigilance alignment
Career enquiry records	12 months from application, unless candidate consents to extended retention	Recruitment practice
Cookies — strictly necessary	Session only	Functional
Cookies — functional and analytics	Maximum 12 months	Configured at consent
Security and access logs	Minimum 1 year, or such other period as may be required by applicable law, security practice, or internal incident-response requirements	Breach detection and incident response

When MatraMeds' generic products are launched, additional categories of personal data, including pharmacovigilance case records, product quality complaint records, and HCP engagement records, will be processed and retained in accordance with Schedule Y, the Drugs and Cosmetics Rules 1945, and CDSCO guidelines. The relevant retention periods (typically product lifetime + 10 years for safety records) will be specified in the revised Privacy Notice issued at that time.

10.1. Notice Before Erasure on Retention Expiry

Where MatraMeds proposes to erase personal data on expiry of the retention periods above, we will, where required by applicable law and where reasonably practicable, notify the affected individual at their last known contact details.

11.Your Rights and How to Exercise Them

Subject to applicable law, you have rights to:

• Access information about the personal data we hold about you;
• Request correction, completion, or updating of inaccurate or incomplete data;
• Request erasure of your personal data, where legally applicable;
• Withdraw consent at any time, where consent is the basis of processing;
• Make a grievance or complaint about how your data is handled;
• Nominate another individual to exercise these rights in the event of your death or incapacity, in accordance with Section 14 of the DPDP Act 2023.

11.1. How to Make a Request

Please contact our Grievance Officer using the details in Section 17 of this Notice. You may also submit access, correction, erasure, and consent-withdrawal requests, and lodge grievances, by emailing grievance@matrameds.com or using the contact details provided in Section 17.

11.2. Response Timelines

• Acknowledgment of receipt: within 7 working days;
• Access, correction, and update requests: within 30 days;
• Erasure requests: within 90 days, subject to legal retention obligations;
• Consent withdrawal: processing ceases within 30 days, save where law requires longer retention;
• Grievances: substantive response within 30 days, in accordance with the DPDP Act 2023.

12.Disclosure of Personal Data

We may disclose personal data only on a need-to-know and lawful basis to:

• Authorised MatraMeds personnel;
• Post-launch, our contracted CDMO partners, regulatory consultants, pharmacovigilance service providers, and Pharmacovigilance Programme of India authorities, in respect of safety and quality data, subject to written contractual safeguards and applicable legal obligations;
• Our IT, hosting, email-delivery, and security service providers under written contractual safeguards;
• Our professional advisors (legal, audit, compliance) where necessary;
• Regulators, authorities, courts, or law-enforcement agencies, where required by law;
• A successor entity in connection with reorganisation, sale, merger, or restructuring, subject to lawful safeguards.

We do not sell personal data. We do not share personal data with marketing platforms, advertising networks, or data brokers.

13.Cross-Border Processing

Where personal data is processed using systems, vendors, or service providers located outside India, MatraMeds will do so subject to:

• Applicable Indian law, including the DPDP Act 2023 and DPDP Rules 2025;
• Contractual safeguards with the processor or vendor;
• Internal controls to ensure that all obligations of this Notice continue to apply to the data throughout its lifecycle abroad.

The DPDP Rules 2025 adopt a "negative list" approach: personal data may be transferred outside India unless the Central Government specifically restricts a country or territory.

14.Data Security

We take reasonable technical, organisational, and contractual measures to protect personal data against unauthorised access, misuse, alteration, disclosure, loss, or destruction. These measures include:

• Access controls;
• Authentication controls;
• Encryption, or masking where appropriate;
• logs, monitoring, review, and incident response processes;
• backup and continuity controls;
• contractual controls with processors and vendors.

These measures are designed in accordance with Rule 6 of the DPDP Rules 2025.

15.Personal Data Breach

Where a personal data breach occurs, MatraMeds will take steps consistent with applicable law, including containment, investigation, and mitigation, and notifications where required.

Where notification is required by applicable law, MatraMeds will provide such notifications to affected individuals and competent authorities in the manner and timelines then applicable.

16.Children

16.1. Definition

For the purposes of this Notice, a "child" means an individual under the age of 18 years, in accordance with Section 2(f) of the DPDP Act 2023.

16.2. Position at Pre-launch Stage

The Website is intended for adult users. MatraMeds does not knowingly collect personal data from a child through the Website. If we become aware that we have inadvertently collected such data, we will delete it without delay.

The Website and public content are not directed to children for independent use. Where any service involves a minor or authorised caregiver, additional controls, consents, or role-based access may apply in accordance with applicable law and internal procedures.

17.How to Contact Us: Grievance Officer

For any privacy-related question, rights request, or grievance, please contact:

Grievance Officer
Postal address: MatraMeds Pharmaceuticals Pvt Ltd, H. No-27-14-78, Venkateshwara Colony, Hasanparthy, Warangal, Pin Code: 506371, Telangana, India
Email: grievance@matrameds.com

18.Changes to this Privacy Notice

MatraMeds may update this Privacy Notice from time to time. The current version will be posted on the Website with the revised effective date.

18.1. Re-Issue at Launch

When MatraMeds launches its first generic pharmaceutical product under its brand, the companion application, or the HCP portal, this Notice will be re-issued together with any service-specific privacy notices. The revised Notice will reflect the safety-monitoring, medical-information, product-quality, retention, and data-sharing arrangements applicable to the launched products and services with the data principal rights conferred by the Digital Personal Data Protection Act 2023, and will describe the contractual data-flow arrangements between MatraMeds and its Contract Development and Manufacturing Organisation partners.