Evolveforher

Privacy Policy

for Omni Life  Leisure Hospitality Private Limited – Women’s Wellness Services
Effective Date: [DD Month YYYY]
Last Updated: [DD Month YYYY]
Contact: Omni Life  Leisure Hospitality Private Limited, [ DhanmillAddress], Email: [email id], 

1. Introduction and Applicability

Omni Life  Leisure Hospitality Private Limited (“we”, “us”, or “our”) respects your privacy and is committed to protecting your personal data.

We operate wellness programs, therapy sessions, counselling, fitness and health services, workshops, retreats, and related offerings exclusively for women.

This Privacy Policy explains how we collect, use, process, store, disclose, and protect your personal data in compliance with:

  • The Digital Personal Data Protection Act, 2023 (“DPDP Act”)
  • The Information Technology Act, 2000 (“IT Act”)
  • Sensitive Personal Data Rules, 2011(till formally repealed or replaced)
  • Any other applicable rules, notifications, or sectoral guidelines in India.

This Policy applies to:

  • All clients, users, participants, visitors, or website/app users (“you”, “your”) of our wellness business; and
  • All personal data collected through online and offline means (website, mobile app, forms, calls, messages, or in-person sessions).

2. Legal Basis of Processing

Under Indian law, personal data can be processed only:

  • With your free, informed, specific, unconditional, and unambiguous consent; or
  • For other lawful purposes as permitted by the DPDP Act.

Where we process sensitive personal data (health, wellness, medical history, sexual or reproductive health), explicit written consent is always obtained.

3. Categories of Data Collected

We may collect the following categories of data, depending on your engagement with us:

A. Personal Information

  • Full name, date of birth, contact details (address, phone, email)
  • Government ID (only if required for verification — e.g., Aadhaar last 4 digits, PAN, or ID proof for KYC or security)

B. Sensitive Personal Data (SPDI)

As per Rule(s) of the SPDI Rules, we may collect:

  • Health and medical information (medical history, fitness details, allergies, medications, mental health, menstrual, reproductive, or pregnancy-related information, as voluntarily shared)
  • Sexual orientation or wellness data shared voluntarily in counselling or therapy
  • Physical and mental fitness details for tailoring programs
  • Any information you provide during therapy, consultation, or health assessments

C. Transaction & Service Data

  • Appointment details, bookings, session logs, payment history, feedback
  • Subscription and membership data

D. Device, Technical & Online Identifiers

  • IP address, browser type, device ID, operating system, and cookies/analytics data

E. Audio/Visual Data

  • Photos, videos, or testimonials (only with explicit consent)
  • CCTV footage at physical centres (for security)

4. Purpose of Processing

We collect and process your personal data strictly for legitimate and lawful purposes, including:

  • To provide, schedule, and manage wellness, therapy, and fitness services
  • To customize programs based on health data
  • To ensure your safety during sessions (medical/emergency information)
  • To process payments and maintain accounting records
  • To communicate with you (reminders, updates, cancellations, feedback)
  • To send newsletters, updates, or offers only with your consent
  • To comply with legal or regulatory obligations
  • To maintain internal records, analytics, and business improvement
  • To protect against fraud, abuse, or misuse of services

We do not sell, rent, or trade your personal data.

5. Consent and Withdrawal

  • We obtain explicit, affirmative consent (digital signature, tick box, or written consent) before collecting or processing any personal or health data.
  • You may withdraw your consent at any time by emailing [email], after which we will cease further processing.
  • Withdrawal does not affect prior lawful processing.

6. Data Storage, Retention, and Deletion

  • Data is stored securely on servers located within India or in jurisdictions with equivalent data protection (if transferred abroad, adequate safeguards are ensured.
  • Retention periods:
    • Health & wellness records: up to 7 years after last interaction (for continuity and legal purposes).
    • Transaction & accounting records: 8 years (per Income Tax & Companies Act).
    • CCTV: 30–90 days unless incidentally required.
    • Marketing consents: until withdrawn.
  • Once retention period expires, data is securely deleted or anonymized in accordance with Rules.

7. Data Sharing and Disclosure

We may share data only on a need-to-know basis with:

  • Authorized Staff & Practitioners: Trainers, counsellors, or therapists bound by confidentiality.
  • Service Providers: Payment gateways (Razorpay, Stripe, etc.), IT/cloud hosting, CRM/email providers, scheduling tools.
    • All such processors operate under written contracts (Data Processing Agreements) ensuring compliance with the IT and DPDP Act.
  • Legal & Regulatory Authorities: If required under applicable law, court order, or government directive.
  • Emergency Services: Limited data for your safety during emergencies.

We never share health/sensitive data for marketing or profiling without your consent.

8. Cross-Border Data Transfer

Where we use third-party service providers outside India (e.g., hosting or CRM), we ensure compliance with the DPDP Act, i.e., only to countries notified by the Central Government as permitted jurisdictions and with adequate safeguards.

9. Data Security Measures

We adopt reasonable security practices SPDI Rules and IS/ISO/IEC 27001 standards, including:

  • Encryption (in transit & at rest)
  • Password protection, access control, and MFA for internal systems
  • Role-based access (only authorized female staff for sensitive data)
  • Regular audits, vulnerability tests, and backups
  • Firewalls, anti-malware, and endpoint security
  • Confidentiality undertakings and NDAs with all employees and vendors
  • Physical security and restricted access to sensitive files

Any suspected data breach triggers an immediate incident response and notification process.

10. Data Principal Rights (Your Rights)

Under the DPDP Act, you have the following rights:

  • Right to Access – know what personal data we hold and how it’s processed.
  • Right to Correction & Erasure – request correction or deletion of inaccurate/outdated data.
  • Right to Grievance Redressal – file a complaint if your data is misused or not handled properly.
  • Right to Nominate – appoint another individual to exercise your rights in case of death/incapacity.
  • Right to Withdraw Consent – at any time.

All requests can be made via email to abc@[abcdomain].com. We respond within 30 days as per DPDP standards.

11. Grievance Redressal Mechanism

In compliance with SPDI Rules and DPDP Act, you may contact:

Grievance Officer:
Name: [Full Name]
Email: grievance@[yourdomain].com
Phone: [+91-XXXXXXXXXX]
Address: [Full Address]
Response Time: Within 30 days of complaint receipt.

If unresolved, you may escalate the matter to the Data Protection Board of India once constituted under the DPDP Act.

12. Data Breach and Notification

In the event of any personal data breach (unauthorized access, disclosure, or loss), we will:

  • Immediately contain and assess the incident;
  • Notify affected individuals and relevant authorities where required;
  • Provide details of nature, scope, likely impact, and remedial measures; and
  • Maintain internal breach records as per DPDP Act.

13. Marketing, Photos, and Testimonials

  • Marketing communications are sent only after consent (opt-in). You may unsubscribe anytime.
  • Any photos, videos, or testimonials used for social media or promotions are taken only with written consent.
  • Withdrawal of such consent applies prospectively (already published materials may remain in archives).

14. Cookies and Website Data

Our website may use cookies and analytics tools to improve user experience.


You may control cookies through browser settings.
We never use cookies to collect sensitive or personally identifiable data without consent.

15. Children’s Privacy

Our services are intended only for women aged 18 and above.
We do not knowingly collect personal data from minors. If we become aware of any such collection, data is deleted immediately.

16. Third-Party Links

Our website or app may contain links to third-party sites (e.g., payment portals or social media).
We are not responsible for the privacy practices or content of those sites. Please review their privacy policies separately.

17. Updates to This Policy

We may update this Privacy Policy to reflect legal, operational, or service changes.
All updates will be published with a revised “Last Updated” date, and material changes will be communicated by email or public notice.

18. Contact for Privacy Queries

For any privacy-related questions, requests, or grievances:
📧 email@[emaildomain].com
📞 +91-XXXXXXXXXX
📍 The Dhanmill Address

19. Legal Disclaimer

This Privacy Policy is governed by the laws of India.


Any dispute arising shall be subject to the exclusive jurisdiction of the courts of  Delhi.
By engaging with our services, you consent to the processing of your personal data in accordance with this Policy.