Privacy policy

PRIVACY POLICY

Effective Date: 1 May 2026 · BIONEST Healthcare (Pvt.) Ltd. 


1. Who We Are

BIONEST Healthcare (Pvt.) Ltd. is the data controller for personal data collected through bionesthealth.com. This policy is written in compliance with the Personal Data Protection Act, 2023 (PDPA) of Pakistan.


2. What We Collect

Data you provide:

  • Order data: name, delivery address, phone number, email, order details
  • Account data: name, email, encrypted password, saved addresses (if you create an account)
  • Communication data: messages you send us via email or social media
  • Marketing data: email address, opt-in preferences (if you subscribe)
  • Review data: name, photo (if submitted), review text

Data collected automatically:

  • Device and browser data: IP address, browser type, device type (for security and fraud prevention)
  • Usage data: pages visited, clicks, referral source (for improving the site)
  • Cookie data (see Section 6)

We do not store card numbers, CVV, or bank account details. Third-party payment partners handle all payment processing.

3. Why We Collect It

  • Contract performance: To process your order, arrange delivery, and handle returns
  • Consent: To send marketing emails, only if you opt in. Withdraw anytime.
  • Legitimate interest: Fraud prevention, site security, customer support
  • Legal obligation: Transaction records for tax and regulatory compliance


4. How We Use Your Data

  • To process and fulfil your order
  • To send order confirmations and shipping updates
  • To handle returns, refunds, and support queries
  • To send marketing emails if you have opted in
  • To improve the website
  • To detect and prevent fraud
  • To comply with DRAP product safety obligations where a defect or adverse reaction is reported

We do not use your data for automated decision-making or profiling.


5. Who We Share It With

We do not sell your data. We share it only with:

  • Courier partners — name, address, phone, order reference (for delivery)
  • Payment processors (JazzCash, Easypaisa, card gateway) name, order amount, transaction reference
  • Shopify — order and account data to operate the website
  • Email/marketing platform — email address and name (for transactional and marketing emails)
  • Analytics tools — anonymised usage data
  • Regulatory authorities (DRAP, FBR, law enforcement) as required by law

All third parties are prohibited from using your data for their own commercial purposes.

6. Cookies

We use:

  • Strictly necessary cookies — for cart, checkout, and login. Cannot be disabled.
  • Functional cookies — for preferences. Can be disabled via browser settings.
  • Analytics cookies — anonymised site usage data. Can be disabled.
  • Marketing/retargeting cookies — for showing BIONEST ads on Meta and Google. Opt out via Meta Ad Preferences, Google Ad Settings, or your browser settings.


7. Data Retention

  • Order and transaction records: 6 years (required by Pakistani tax law)
  • Customer account data: duration of account + 2 years after last activity
  • Marketing/email list: until you unsubscribe or request deletion
  • Support communications: 3 years from last contact


8. Security

We use SSL/TLS encryption and access controls limiting who can view your data. No internet transmission is 100% secure, but we take every reasonable precaution.


11. Changes

We may update this policy at any time. Changes will be published here with a revised effective date.


12. Complaints

Email hello@bionesthealth.com. If you are unsatisfied with our response.