GDPR Policy
Last updated: June 2026
This GDPR Policy supplements our Privacy Policy and explains in detail how Anant Pharmaceuticals Pvt. Ltd. ("Anant Labs") complies with the EU General Data Protection Regulation (GDPR) (Regulation 2016/679) in respect of personal data belonging to individuals in the European Economic Area (EEA).
1. Our Role Under GDPR
Anant Labs acts as the data controller for personal data collected via the Site. Where we engage third-party processors (Resend, Cloudflare), they act as data processors under written data processing agreements.
2. Legal Bases for Processing
We process personal data only where a valid legal basis exists:
| Processing activity | Legal basis (GDPR Article 6) |
|---|---|
| Account registration and management | Art. 6(1)(b) — necessary for the performance of a contract |
| Responding to product enquiries | Art. 6(1)(b) — necessary for the performance of a contract |
| Email verification and password-reset | Art. 6(1)(b) — necessary for the performance of a contract |
| Fraud and spam prevention | Art. 6(1)(f) — legitimate interests |
| Site security and analytics | Art. 6(1)(f) — legitimate interests |
| Cookie preferences (non-essential) | Art. 6(1)(a) — consent |
Where we rely on legitimate interests, we have assessed that our interests are not overridden by your fundamental rights and freedoms.
3. Your Rights Under GDPR
If you are located in the EEA, you have the following rights:
Right of Access (Art. 15)
You may request a copy of all personal data we hold about you.
Right to Rectification (Art. 16)
You may ask us to correct inaccurate or incomplete data.
Right to Erasure (Art. 17)
You may request deletion of your personal data where:
- The data is no longer necessary for the purpose it was collected
- You withdraw consent (where consent was the basis)
- You object to processing and there are no overriding legitimate grounds
- The data has been unlawfully processed
Right to Restriction of Processing (Art. 18)
You may ask us to pause processing of your data in certain circumstances (e.g. while we verify its accuracy).
Right to Data Portability (Art. 20)
Where processing is based on contract or consent and carried out by automated means, you may request your data in a structured, commonly used, machine-readable format (JSON or CSV).
Right to Object (Art. 21)
You may object at any time to processing based on legitimate interests. We will stop unless we can demonstrate compelling legitimate grounds.
Right to Withdraw Consent (Art. 7(3))
Where we rely on consent (e.g. non-essential cookies), you may withdraw it at any time via the Cookie Settings link in the footer. Withdrawal does not affect lawfulness of prior processing.
Right to Lodge a Complaint (Art. 77)
If you believe we have not handled your data lawfully, you have the right to lodge a complaint with the supervisory authority in your EU member state. A list of national authorities is available at edpb.europa.eu.
4. How to Exercise Your Rights
Email us at info@anantlabs.com with the subject line "GDPR Data Request". Please include:
- Your full name and email address used to register
- The specific right you wish to exercise
- Any relevant details
We will verify your identity and respond within 30 days. Complex requests may take up to 3 months — we will notify you within 30 days if an extension is needed.
There is no charge for exercising your rights, unless requests are manifestly unfounded or repetitive.
5. International Data Transfers
Anant Labs is based in India, which is not currently subject to an EU adequacy decision. Transfers of personal data to India and to our US-based processors (Resend, Cloudflare) are protected by:
- Standard Contractual Clauses (SCCs) adopted by the European Commission, and/or
- Binding Corporate Rules or equivalent transfer mechanisms
6. Data Retention
We retain personal data only as long as necessary for the purposes stated in our Privacy Policy. See the retention table in our Privacy Policy for specific periods.
7. Security Measures
We apply appropriate technical and organisational measures as required by GDPR Art. 32, including encrypted storage and transmission, access controls, and regular security reviews.
8. Data Breach Notification
In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours where feasible, and affected individuals without undue delay, in accordance with GDPR Art. 33–34.
9. Contact
For all GDPR-related matters: Email: info@anantlabs.com Post: Anant Pharmaceuticals Pvt. Ltd., W57/A, Near Police Station, Anand Nagar, Ambernath, Maharashtra 421506, India