1. Information We Collect
We collect the following categories of personal information:
1. 1. Contact details (name, email address, phone number, address, etc.)
2. 2. Demographic data (age, gender, location, language preferences, etc.)
3. 3. Financial information (card details, billing address, etc.)
4. 4. Purchase history and activity data
5. 5. Content provided through surveys/forms/feedback
6. 6. Social media account details and activity information (if you interact with or connect to our platforms via social media)
7. 7. Site activity information through tracking technologies like cookies, web beacons, etc.
8. 8. Device details like IP address, browser type, operating system, device identifiers, etc.
9. 9. Geolocation data
10. 10. Any other information you choose to directly provide to us in connection with an account sign-up or usage/purchase on our platforms
11. 11. We may also derive/create aggregated, de-identified data using analytics to improve our services.
2. Use of Personal Information
In addition to the cited uses in the notice, we may use your personal information for:
1. 1. Personalization of recommendations, content, and experiences
2. 2. Providing customized loyalty programs and promotions
3. 3. Allowing social sharing functionalities
4. 4. Performing data analytics to improve products/services
5. 5. Protecting against security threats, fraud, or illegal activity
6. 6. Complying with industry standards and our legal obligations
7. 7. Other purposes with appropriate consent
3. Data Sharing
We only share your personal data with third parties to complete transactions or provide services you have requested. All third parties are contractually obligated to comply with our standards on data privacy protection including relevant technical, organizational and legal requirements. We do not sell your personal data to any third parties or brokers.
4. Data Security and Retention
In addition to the protections outlined in the notice, we also undertake the following security measures:
1. 1. Encryption of data in transit and at rest
2. 2. Restricting access through need-to-know and least-privilege principles
3. 3. Periodic security audits and vulnerability testing
4. 4. Security training and awareness programs for all personnel
5. 5. Backup systems to enable disaster recovery
We retain your personal information in an identifiable format for as long as required to meet legal reporting requirements or fulfil the purposes outlined in this policy unless otherwise requested by you. The retention schedules are built to adhere to limitation periods prescribed under applicable laws. We destroy your personal data thereafter by ensuring permanent irreversible de-identification or deletion without possibility of re-construction.
5. Third-Party Links
Please note our platforms may contain links to third-party sites not governed by this privacy policy. We recommend you review the privacy statements of those sites as we are not responsible for their privacy practices.
6. Privacy Rights and Choices
You have the following rights and choices with respect to your personal data as may be applicable under local laws:
1. 1. Right to access your personal information
2. 2. Right to rectification of inaccurate or incomplete personal information
3. 3. Right to erasure/deletion of your personal information
4. 4. Right to restrict processing of your personal information
5. 5. Right to data portability to obtain and reuse your information
6. 6. Right to object to processing of your personal information
7. 7. Rights related to automated decision making and profiling
8. 8. You can update or correct your information by contacting us
9. 9. You can opt-out of receiving marketing communications
10. 10. You can disable cookies in your browser settings
To exercise these rights or choices, you can contact our Data Protection Officer (DPO) through the contact details provided. We shall respond within 30 days of receiving the request as per regulatory guidelines.
7. International Data Transfers
We store and process data both locally and offshore across platforms hosted on cloud infrastructure or third-party systems. For any transfer of personal information across borders, we implement adequate safeguards including standard contractual clauses approved by data protection authorities to maintain security and confidentiality.
8. Sensitive Information
We do not intentionally or proactively seek to collect or process any sensitive personal data like health records, racial/ethnic data, political or religious beliefs, genetic/biometric data etc. without your explicit consent and as per applicable laws. Such information if identified shall be promptly deleted from our systems.
9. Policy Updates
We reserve the right to amend this privacy policy at any time. The revised version shall be updated on our website and other relevant public communication channels. Any changes impacting your rights shall also be provided directly to registered users through suitable notification mechanisms.
10. Cookies and Tracking Technologies
We utilize cookies, web beacons, pixels, tags and similar technologies to collect and store information about site visits, browsing behavior, clicked links and other activity. This allows us to customize the site experience, provide relevant advertisements and content, monitor effectiveness and compile aggregated analytics. Users have control over the use of cookies directly through their browser settings and on a granular level through opt-out mechanisms where applicable.
11. Direct Marketing and Communications
We provide options to subscribe to marketing and promotional updates through email, text messages etc. All such communications are based on the consent provided by you. You have the right to withdraw consent at any time by contacting us or through self-serve preferences management.
12. Data Accuracy
We take reasonable steps to ensure the accuracy and completeness of personal information we process. However, we to a large extent rely on you to update us when there are changes required in your personal information. Please feel free to contact us to update/correct your information if it becomes outdated or inaccurate.
13. Accountability
We have appointed a Data Protection Officer and have implemented adequate governance frameworks to monitor compliance with this privacy policy and applicable laws. In case of any complaints, queries or concern related to our privacy practices, please contact our DPO to get it addressed and resolved.
14. California Resident Rights
If you are a resident of California, you have rights under the California Consumer Privacy Act (CCPA) in relation to your personal information we have collected or processed. This includes the right to know the categories and specific pieces of personal information collected, deletion rights etc. Please write to us through the contact details to exercise your rights.
15. Data Protection Authority
We cooperate and maintain regular contact with the relevant data protection authorities to stay updated on latest regulations, recommendations, auditing requirements etc. related to personal data use, privacy and security. This includes authorities both in the countries where we operate as well as internationally.
16. Third Party Software
We utilize certain third party tools, apps and plugins to enable and improve our services which may involve access to personal data. These include payment gateways, chat support software, analytics providers etc. Access by such third party providers is strictly on a need-to-know basis and governed through data processor agreements which bind them to security and confidentiality obligations as per standards and law.
17. Data Minimization
We request only those personal details which are strictly necessary to deliver the intended functionality, service or product. The data points being collected are strictly limited to only those deemed essential and lawful to minimize intrusion into user privacy.
18. Data Anonymization
Where possible without affecting intended purpose, we undertake steps to anonymize and de-identify personal information through controls like data masking to prune back exposure to privacy risks. This enables deriving insights without processing actual user data.
19. Information Security Breaches
In case of any confirmed security breach leading to compromise of personal data, we shall promptly notify the relevant supervisory authorities first, followed by communication to impacted data subjects describing the nature of breach and advising immediate suitable precautions and remedial measures.
20. Consent Management
We obtain consent for collecting and processing personal information either explicitly through opt-in mechanisms or implicitly as included within terms of service/use depending on legal bases as well as consent requirements under applicable laws. All consent flows are contextual, prominent, concise, clearly worded, granular per purpose and easy to withdraw using self-service preferences.
21. Data Subject Requests
In addition to privacy rights outlined before, you can submit various requests related to your personal data processed by us. This includes requests for records of processing activities, data portability files, revoking consent etc. We provide user-friendly workflows to submit these requests which undergo appropriate validation and verification procedures before fulfillment.
22. Right to Non-Discrimination
We commitment not to discriminate against you for exercising any of your privacy rights outlined in the privacy policy. Exercising user choice cannot detriment our provisioning of agreed products or services as per contractual obligations to the maximum extent possible. Disincentivizing users from exercising legal data privacy rights violates our policy principles.
23. Age Limit for Providing Consent
We consider the intellectual and decision-making maturity of individuals before seeking consent or permitting access/usage/enrollment. The age limit for providing independent and lawful consent is calculated based on local legal age prescriptions generally ranging from 13-16 years. Parental consent is necessitated otherwise.
24. Data Protection Impact Assessments
Regular data protection impact assessments enable us to identify and minimize privacy risks associated with processing of personal information. We undertake systematized impact evaluations for high-risk data processing activities concerning large scale monitoring or profiling.
25. Privacy by Design
We incorporate privacy-by-design principles in our engineering, product and process development lifecycles. Technical and organizational measures to integrate data protection into processing activities are identified at conception stage itself rather than as an afterthought.
26. Data Processing Records
We document details of data processing activities in our custody in accordance with legal requirements. This includes categories of data subjects, types of personal data collected, purposes of processing, retention schedules, functional logs, risk analysis, access controls and other standards followed.
27. End-user License Agreement
Usage of our products, services and platforms is also governed by the End-user License Agreement (EULA) or Terms of Service (ToS). Those documents highlight permissions, restrictions and covenants entered into between us and end-users or customers. In case of any conflict, the provisions of this Privacy Policy will supersede the EULA or ToS.
28. Data Transfers under Cross-border Requests
There shall be no transfers of personal information to governments, authorities or public institutions of another country without undergoing applicable legal procedures. Only requests validated under MLATs, treaties and subpoenas or those necessary for criminal complaints follow prescribed processes for resolution.
29. Reference to Other Corporate Policies
In conjunction with this policy, we have implemented other relevant data governance policies covering data classification, retention, technical controls etc. which derive applicable rules from organizational policy frameworks. Anyone processing personal data on our behalf is required to comply with those corporate policies mandating privacy and security.
