GDPR & Data Protection

GDPR & Data Protection

Home Service

GDPR & Data Protection

GDPR & Data Protection Policy

DR Johns Lab Pvt. Ltd. Last updated: May 2026

1. Who This Policy Is For

This page explains how DR Johns Lab Pvt. Ltd. collects, uses, stores, and protects personal data — and what rights you have over that data.

It applies to:

  • Visitors who browse drjohnslab.com
  • Businesses and individuals who submit manufacturing enquiries through our website, email, phone, or WhatsApp
  • Job applicants who submit their resume or contact us about a career opportunity
  • Existing clients and business contacts whose data we hold as part of a manufacturing relationship

We are a B2B pharmaceutical contract manufacturer. We do not sell products to individual consumers online. The personal data we hold is primarily business contact information — names, job titles, company names, business email addresses, and phone numbers — collected in the course of genuine commercial interactions.

2. Who We Are — The Data Controller

For the purposes of data protection law, the data controller is:

DR Johns Lab Pvt. Ltd. Head Office: 212, Choudhary Dilip Singh Bhawan, Shahpur Jat, New Delhi – 110049, India Manufacturing Unit: Plot No. 3, Sector 6A, IIE, SIDCUL, Haridwar, Uttarakhand – 249403, India Email: info@drjohnslab.com Phone: +91-11-41039388

We are an Indian company operating primarily under Indian data protection law — specifically the Digital Personal Data Protection Act, 2023 (DPDPA). For visitors and clients located in the European Union or United Kingdom, we also apply the principles of the EU General Data Protection Regulation (GDPR) and UK GDPR where those frameworks apply to our processing of your data.

3. What Personal Data We Collect

We keep this simple. We only collect data that has a clear, legitimate purpose.

Data you give us directly:

  • Your name and job title
  • Your company name and business address
  • Your business email address
  • Your phone number (office or mobile)
  • Your product or manufacturing enquiry details
  • Your resume and professional background, if you apply for a job

Data we collect automatically when you visit our website:

  • Your IP address
  • Browser type and version
  • Pages visited and time spent on each page
  • Referring URL (the page you came from before visiting ours)
  • Device type (desktop, mobile, tablet)

This automatically collected data is used only for website analytics — understanding how visitors use the site so we can improve it. We do not use it to identify individual visitors or build personal profiles.

Data we do not collect:

We do not collect sensitive personal data such as health information, financial account details, national identity numbers, or biometric data through this website. We do not knowingly collect data from individuals under the age of 18.

4. Why We Collect Your Data — Legal Basis for Processing

Under GDPR and DPDPA, we must have a lawful basis for processing your personal data. Here is what that basis is for each type of processing we carry out:

Processing Activity Lawful Basis
Responding to a manufacturing enquiry Legitimate interest / Pre-contractual necessity
Managing an ongoing client relationship Performance of a contract
Sending a follow-up after an enquiry Legitimate interest
Processing a job application Consent / Legitimate interest
Website analytics Legitimate interest
Legal and regulatory compliance Legal obligation

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects on you.

5. How We Use Your Data

Manufacturing enquiries: When you contact us about a manufacturing project, we use your contact details to respond to your enquiry, prepare a proposal, and follow up as part of the normal business development process. If we proceed to a manufacturing arrangement, your data becomes part of the client record for that relationship.

Website analytics: We use aggregated, anonymised data about website usage to understand which pages are most visited, how users navigate the site, and where we can improve the experience. This data does not identify you individually.

Job applications: If you submit your resume, we use the information you provide to evaluate your application and contact you about the role. We retain unsuccessful applications for up to six months in case a suitable opening arises, then delete them unless you ask us to keep your details on file.

Legal obligations: We may need to retain certain data to meet legal, regulatory, or tax obligations — for example, records of commercial transactions for GST compliance under Indian law.

We do not use your data for unsolicited marketing, cold email campaigns, or third-party advertising.

6. Who We Share Your Data With

We do not sell your personal data. We do not share it with third parties for their own marketing purposes.

We may share your data with:

Service providers: Third-party services that help us operate the website and manage business communications — such as web hosting providers, email services, and analytics platforms. These providers are contractually required to handle your data securely and only for the specific purpose we engage them for.

Professional advisors: Legal, financial, or regulatory advisors who need access to relevant data in the course of providing advice to us.

Government and regulatory authorities: If required to do so by Indian law, a court order, or a legitimate regulatory request from an authority such as CDSCO, MCA, or a law enforcement agency.

We require all third parties who receive personal data from us to maintain appropriate security standards and to use the data only for the specified purpose.

7. International Data Transfers

DR Johns Lab is based in India. If you are located in the European Union, United Kingdom, or another country with data transfer restrictions, please be aware that your personal data will be processed in India.

India is not currently designated as a country with an "adequacy decision" by the European Commission. However, we take the following steps to protect your data when it is transferred internationally:

  • We only share data with overseas service providers who have agreed to data processing terms consistent with GDPR principles
  • We limit the data transferred to what is strictly necessary for the relevant purpose
  • We do not transfer personal data to countries or entities that we have reason to believe cannot protect it adequately

If you would like more information about the specific safeguards we apply to international transfers of your data, please contact us at info@drjohnslab.com.

8. How Long We Keep Your Data

We do not keep personal data longer than we need it. Our general retention periods are:

Data Type Retention Period
Manufacturing enquiry (no contract) 2 years from last contact
Active client records Duration of relationship + 7 years
Closed client records 7 years from contract end (for tax and legal compliance)
Job applications (unsuccessful) 6 months from rejection, unless you ask us to retain
Website analytics data 26 months (standard analytics platform period)
Legal and regulatory records As required by applicable Indian law

After the relevant retention period, data is securely deleted or anonymised.

9. How We Protect Your Data

We apply reasonable technical and organisational measures to protect the personal data we hold:

  • Data is stored on secure servers with access controls
  • Email communications containing personal or commercial information are sent over encrypted connections where supported
  • Access to client records is limited to staff who need it for their specific job function
  • We review our data security practices periodically

No method of data transmission or storage is completely secure. While we take data security seriously, we cannot guarantee absolute security. If you believe your data has been compromised in connection with our systems, please contact us immediately at info@drjohnslab.com.

10. Your Rights Under GDPR (EU and UK Users)

If you are located in the European Union or United Kingdom, you have the following rights over your personal data under GDPR and UK GDPR:

Right of access: You can ask us what personal data we hold about you and receive a copy of it.

Right to rectification: If any data we hold about you is inaccurate or incomplete, you can ask us to correct it.

Right to erasure: You can ask us to delete your personal data in certain circumstances — for example, if we no longer need it for the purpose it was collected, or if you withdraw consent where consent is the basis for processing.

Right to restrict processing: You can ask us to limit how we use your data while a dispute or complaint is being resolved.

Right to data portability: Where processing is based on consent or contractual necessity, you can ask us to provide your data in a machine-readable format.

Right to object: You can object to processing based on legitimate interest. We will stop unless we have compelling grounds that override your interests.

Right to withdraw consent: Where we process your data based on consent, you can withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing that took place before you withdrew.

Right to complain: If you are unhappy with how we handle your data, you have the right to lodge a complaint with the relevant supervisory authority:

  • EU users: Your national data protection authority (e.g., CNIL for France, BfDI for Germany, DPC for Ireland)
  • UK users: The Information Commissioner's Office (ICO) — ico.org.uk

We would always prefer the opportunity to address your concern directly before you escalate to a supervisory authority. Please contact us first at info@drjohnslab.com.

11. Your Rights Under Indian Law (DPDPA 2023)

Under the Digital Personal Data Protection Act, 2023, data principals (individuals whose data is processed) in India have the following rights:

Right to information: You can ask us what personal data we process about you and for what purpose.

Right to correction and erasure: You can ask us to correct inaccurate data or erase data we no longer need.

Right to grievance redressal: You can raise a complaint directly with us. We are required to acknowledge and respond to data-related grievances within a reasonable timeframe.

Right to nominate: You may nominate another individual to exercise your rights on your behalf in the event of your incapacity or death.

To exercise any of these rights, contact us at info@drjohnslab.com with the subject line: "Data Rights Request — [Your Name]." We will respond within 30 days.

12. Your Rights Under California Law (CCPA — US Users)

If you are a California resident and provide personal information to us, you may have rights under the California Consumer Privacy Act (CCPA), including:

  • The right to know what personal information we collect, use, and disclose
  • The right to request deletion of your personal information
  • The right to opt out of the sale of your personal information (we do not sell personal information)
  • The right not to be discriminated against for exercising your CCPA rights

To submit a CCPA-related request, contact us at info@drjohnslab.com.

13. Cookies and Tracking Technologies

This website uses cookies. Cookies are small text files placed on your device by your browser when you visit a website. We use them for the following purposes:

Strictly necessary cookies: Required for basic website functionality. Cannot be disabled without breaking the site.

Analytics cookies: Help us understand how visitors use the site — which pages are popular, how long visitors stay, and where they come from. We use anonymised, aggregated data from these cookies. No individual visitor is identified.

Functional cookies: Remember preferences such as language or display settings.

We do not use advertising cookies, remarketing cookies, or any cookies that track your behaviour across other websites. 

For full details of the specific cookies we use, their purpose, and how to manage them, see our Cookie Policy.

14. Children's Data

This website is not directed at children. We do not knowingly collect personal data from anyone under the age of 18. If you believe a child has submitted personal data through this website, please contact us at info@drjohnslab.com and we will delete it promptly.

15. Changes to This Policy

We may update this policy when our data practices change, when new legal obligations apply, or when we make significant changes to the website.

When we update this page, we revise the "Last updated" date at the top. For significant changes, we will take reasonable steps to notify users — for example, by placing a notice on the website homepage.

We recommend reviewing this page periodically if data protection matters to your business relationship with us.

16. How to Contact Us About Data Protection

For any question, request, or concern about how we handle your personal data, contact:

DR Johns Lab Pvt. Ltd. — Data Enquiries Email: info@drjohnslab.com Subject line: Data Protection Enquiry Phone: +91-11-41039388 (Delhi) | +91-1334-310646 (Haridwar)

Head Office: 212, Choudhary Dilip Singh Bhawan, Shahpur Jat, New Delhi – 110049, India

We aim to respond to all data-related enquiries within 30 days.