Privacy Policy for Website or Mobile Application - Form Pro · IN-law

PRIVACY POLICY

Effective Date: ________

Last Updated: ________

§ 1. GENERAL

1.1. This website with the URL ________ ("Website" / "Site") is operated by ________, a company incorporated under the Companies Act, 2013, having its registered office at ________ and bearing Corporate Identification Number (CIN) ________ ("We" / "Our" / "Us"). For the purposes of this Privacy Policy, We act as the "Data Fiduciary" within the meaning of the Digital Personal Data Protection Act, 2023 ("DPDP Act"), and you, the user, are the "Data Principal". We are committed to protecting and respecting your privacy. We collect your personal information and process your personal data in accordance with the DPDP Act, the Information Technology Act, 2000 (and the rules framed thereunder, including the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, to the extent applicable), and other national and state laws that relate to the processing of personal data. Please read the following carefully to understand our views and practices regarding your personal data.

1.2. We collect your personal information in order to provide and continually improve our products and services.

1.3. This Privacy Policy may be amended or updated from time to time to reflect changes in our practices or applicable law. To make sure you are aware of any changes, please review this policy periodically. We will indicate the date of the most recent revision against the "Last Updated" field above.

1.4. All partner firms and any third party (Data Processor) working with or for Us, and who have access to personal information, are required to read and comply with this policy. No third party may access or process personal data held by Us without having first entered into a valid written agreement incorporating obligations consistent with the DPDP Act.

§ 2. HOW WE COLLECT THE INFORMATION

2.1. From you directly and through this Site: We may collect information through the Website when you visit. The data we collect depends on the context of your interactions with our Website.

2.2. Through business interaction: We may collect information through business interaction with you or your employees.

2.3. From other sources: We may receive information from other sources, such as publicly available databases, joint marketing partners, social media platforms, or other third parties such as:

2.3.1. Updated delivery and address information from our carriers or other third parties, which we use to correct our records and deliver your next purchase or communication more easily.

2.3.2. Information about your interactions with the products and services offered by our subsidiaries.

§ 3. INFORMATION WE COLLECT

3.1. We collect information primarily to provide better services to all of our customers, and only for lawful purposes connected with our functions and activities for which you have given consent or for which processing is otherwise permitted under the DPDP Act.

3.2. When you visit our Site, some information is automatically collected. This may include information such as the Operating System (OS) running on your device, Internet Protocol (IP) address, access times, browser type and language, and the website you visited before our Site. We also collect information about how you use Our products or services.

3.3. We automatically collect purchase or content use history, which we sometimes aggregate with similar information from other customers to create features such as Best Seller, Top Rated, and similar listings.

3.4. We may collect the full Uniform Resource Locators (URL) clickstream to, through and from our Website (including date and time); cookie number; products and/or content you viewed or searched for; page response times; download errors; length of visits to certain pages; and page interaction information (such as scrolling, clicks, and mouse-overs).

3.5. We automatically collect information using "Cookies". Cookies are small data files stored on your device. Among other things, cookies help us improve our Site, our marketing activities, and your experience. We use cookies to see which areas and features are popular and to count visits to our Site.

3.6. Most web browsers are set to accept cookies by default. If you prefer, you can choose to set your browser to remove or reject cookies. If you set your browser to reject cookies, some features may be unavailable. For more information on how to reject cookies, please see your browser's instructions on changing your cookie settings.

3.7. By using this Website, and subject to your separate consent where required, you agree that We may display your feedback on the Website and in marketing materials.

3.8. We will retain your information only for as long as required to provide you with the goods and services and for such period as mandated by applicable law, after which it shall be erased in accordance with § 7.8 and the DPDP Act.

3.9. If you opt to receive marketing correspondence from us, subscribe to our mailing list or newsletters, enter into any of our competitions, or provide us with your details at networking events, we may use your personal data, on the basis of your consent, to provide you with details about our goods, services, business updates and events.

§ 4. NOTICE AND CONSENT

4.1. In accordance with Section 5 of the DPDP Act, where We seek your consent to process your personal data, We will, on or before such request, provide you with a notice setting out the personal data to be processed and the purpose of such processing, the manner in which you may exercise your rights under § 12, and the manner in which you may make a complaint to the Data Protection Board of India.

4.2. Your consent shall be free, specific, informed, unconditional and unambiguous, signified by a clear affirmative action, and limited to the personal data necessary for the specified purpose.

4.3. You may withdraw your consent at any time with effect for the future, with the ease comparable to that with which consent was given, by contacting us using the details set out below. The consequence of such withdrawal shall be borne by you, and the lawfulness of processing carried out prior to withdrawal shall not be affected.

4.4. We may process your personal data without consent only for such legitimate uses as are expressly permitted under Section 7 of the DPDP Act.

§ 5. HOW WE USE INFORMATION

5.1. We use the information we collect primarily to provide, maintain, protect and improve our current products and services.

5.2. We use the information collected through this Website as described in this policy, and we may use your information to:

5.2.1. Improve our services, Site and the manner in which we operate our businesses;

5.2.2. Understand and enhance your experience using our Site, products and services;

5.2.3. Personalise our products or services and make recommendations;

5.2.4. Provide and deliver the products and services you request;

5.2.5. Process, manage, complete and account for transactions;

5.2.6. Provide customer support and respond to your requests, comments and inquiries;

5.2.7. Create and manage the online accounts you maintain on our Website;

5.2.8. Send you related information, including confirmations, invoices, technical notices, updates, security alerts and support and administrative messages;

5.2.9. Communicate with you about promotions, upcoming events and news about products and services, subject to your consent where required;

5.2.10. Process your personal data without your consent where permitted under Section 7 of the DPDP Act, including for compliance with any law or judgment, or for prevention, detection, investigation or prosecution of any offence or contravention of any law;

5.2.11. Protect against, investigate and deter fraudulent, unauthorised or illegal activity.

§ 6. DATA TRANSFER AND SHARING

6.1. Information about our users is an important part of our business and we take due care to protect the same.

6.2. We share your data, with your consent, to complete any transaction or provide any product or service you have requested or authorised. We also share data with our affiliates and subsidiaries, and with vendors and Data Processors engaged on our behalf.

6.3. We may engage other companies and individuals to perform functions on our behalf. Such functions include fulfilling orders for products or services, delivering packages, sending postal mail and e-mail, removing repetitive information from customer lists, providing marketing assistance, providing search results and links, processing payments, transmitting content, scoring credit risk, and providing customer service.

6.4. These third-party service providers have access only to the personal information needed to perform their functions and may not use it for any other purpose. They are required to process the personal information in accordance with this Privacy Policy, the binding contractual obligations imposed by Us, and as permitted by applicable data protection laws.

6.5. We may disclose accounts and other personal information where We believe in good faith that such disclosure is necessary to comply with the law, to enforce or apply our terms of use and other agreements, or to protect the rights, property or safety of Us, our users or others. This includes exchanging information with other companies and organisations for fraud protection and credit risk reduction.

6.6. Any transfer of personal data outside India will be carried out only to such countries or territories as are not restricted by the Central Government under the DPDP Act, and subject to the conditions notified thereunder.

§ 7. COOKIES

7.1. To optimise our web presence, we use cookies. These are small text files stored in your device's memory. Session cookies are deleted after you close the browser. Other cookies remain on your device (long-term cookies) and permit recognition on your next visit. This allows us to improve your access to our Site, learn more about your interests, and provide you with essential features and services, including:

7.1.1. Keeping track of items stored in your shopping basket;

7.1.2. Conducting research and diagnostics to improve the content, products and services;

7.1.3. Preventing fraudulent activity;

7.1.4. Improving security.

7.2. Our cookies allow you to take advantage of some of our essential features. For instance, if you block or otherwise reject our cookies, you may not be able to add items to your shopping basket, proceed to checkout, or use any products or services that require you to sign in.

7.3. Approved third parties may also set cookies when you interact with Our services.

7.4. Such third parties include search engines, providers of measurement and analytics services, social media networks and advertising companies.

7.5. Third parties use cookies in the process of delivering content, including advertisements relevant to your interests, to measure the effectiveness of their advertisements, and to perform services on behalf of Us.

7.6. You can prevent the storage of cookies by choosing a "disable cookies" option in your browser settings; however, this may limit the functionality of our services.

§ 8. DATA SECURITY

8.1. We take reasonable security safeguards to protect customer data, in accordance with Section 8(5) of the DPDP Act. Technical and organisational measures are in place to prevent unauthorised or unlawful access to data and to guard against accidental loss, destruction of, or damage to data. Employees dealing with the data have been trained to protect the data from any illegal or unauthorised usage.

8.2. We work to protect the security of your information during transmission by using Secure Sockets Layer (SSL) technology, which encrypts the information you input. SSL allows sensitive information such as payment card numbers, identity numbers and login credentials to be transmitted securely.

8.3. We follow the Payment Card Industry Data Security Standard (PCI DSS) when handling branded credit and debit cards from the major card schemes.

8.4. We maintain physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of personal customer information.

8.5. We take reasonable steps to help protect your personal information against loss, misuse, unauthorised access, disclosure, alteration and destruction. It is your responsibility to protect your usernames and passwords to help prevent anyone from accessing or abusing your accounts and services. You should not reuse the same passwords that you use with other accounts as your password for our services.

8.6. It is important for you to protect against unauthorised access to your password and your computers, devices and applications. Be sure to sign off when you finish using a shared computer.

8.7. The information you provide to us is held on our secure servers. We have implemented appropriate physical, technical and organisational measures designed to secure your information against accidental loss and unauthorised access, use, alteration or disclosure. In addition, we limit access to personal data to those employees, agents, contractors and other third parties that have a legitimate business need for such access.

8.8. In the event of a personal data breach, We shall give intimation of such breach to the Data Protection Board of India and to each affected Data Principal in the manner and within the time prescribed under the DPDP Act and the rules framed thereunder.

8.9. Information collected from you will be stored only for such period as required to complete the transaction entered into with you, or for such period as mandated under applicable law, following which it shall be erased.

§ 9. LINKS TO THIRD-PARTY SITES/APPS

Our Site may, from time to time, contain links to and from other websites of third parties. Please note that if you follow a link to any such website, that website will apply different terms to the collection and privacy of your personal data, and we do not accept any responsibility or liability for those policies. When you leave our Site, we encourage you to read the privacy policy of every website you visit.

§ 10. SOCIAL NETWORK PLUGINS

Lorem ipsum dolor sit amet consectetur adipiscing elit sed do eiusmod tempor incididunt ut labore et dolore magna aliqua ut enim ad minim veniam quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat duis aute irure dolor in reprehenderit voluptate velit esse cillum dolore eu fugiat nulla pariatur lorem ipsum dolor sit amet consectetur adipiscing elit sed do eiusmod tempor incididunt ut labore et dolore magna aliqua ut enim ad minim veniam quis nostrud exercitation ullamco laboris.

§ 11. SHARING OF PERSONAL INFORMATION

11.1. We do not share your personal data with third parties without your prior consent, other than:

11.1.1. With third parties (Data Processors) who work on our behalf, provided such third parties adhere to the data protection principles set out in the DPDP Act and other applicable legislation, or enter into a written agreement with Us requiring that the third party provide at least the same level of privacy protection as is required by such principles;

11.1.2. To comply with laws or to respond to lawful requests and legal process;

11.1.3. To protect the rights and property of Us, our agents, customers and others, including to enforce our agreements, policies and terms of use;

11.1.4. In an emergency, including to protect the personal safety of any person; and

11.1.5. For the purpose of a business transaction (or negotiation thereof) involving the sale or transfer of all or a part of our business or assets (which may include any merger, financing, acquisition, divestiture, or insolvency/bankruptcy transaction or proceeding).

§ 12. CHILDREN

12.1. For the purposes of the DPDP Act, a "child" means an individual who has not completed eighteen (18) years of age. Where We process the personal data of a child, We shall, before such processing, obtain verifiable consent of the parent or lawful guardian of that child in the manner prescribed under the DPDP Act.

12.2. We shall not undertake any processing of personal data that is likely to cause any detrimental effect on the well-being of a child, nor shall We undertake tracking or behavioural monitoring of children or targeted advertising directed at children.

12.3. If you are below the age of majority in the jurisdiction in which you reside, you may use Our Website only with the consent of your parent or lawful guardian.

§ 13. YOUR RIGHTS AS A DATA PRINCIPAL

13.1. Right to access: You have the right to obtain confirmation as to whether or not personal data concerning you is being processed by Us, together with a summary of such personal data, the processing activities undertaken, and the identities of all other Data Fiduciaries and Data Processors with whom such personal data has been shared, in accordance with Section 11 of the DPDP Act.

13.2. Right to correction and erasure: You have the right to request the correction, completion, updating or erasure of your personal data that is inaccurate, incomplete or no longer necessary for the purpose for which it was processed, in accordance with Section 12 of the DPDP Act.

13.3. Right of grievance redressal: You have the right to a readily available means of grievance redressal in respect of any act or omission by Us regarding the performance of our obligations. You may submit your grievance to the Grievance Officer named in § 16, and We shall respond within the period prescribed under the DPDP Act.

13.4. Right to nominate: You have the right to nominate another individual to exercise your rights under the DPDP Act in the event of your death or incapacity.

13.5. Right to withdraw consent: You may withdraw your consent at any time as set out in § 4.3.

13.6. If your grievance is not satisfactorily resolved, you may make a complaint to the Data Protection Board of India established under the DPDP Act.

13.7. In exercising your rights, you shall comply with the duties of a Data Principal under Section 15 of the DPDP Act, including the duty not to furnish false particulars or impersonate another person, and not to register a false or frivolous grievance or complaint.

§ 14. CHANGES TO THIS POLICY

We may amend this policy from time to time. If we make any changes, we will update the "Last Updated" date above. Your continued use of our services after such changes have been published will constitute your acknowledgement of such revised policy, save that any fresh processing requiring consent under the DPDP Act shall be undertaken only after obtaining your consent.

§ 15. NEWSLETTER

Lorem ipsum dolor sit amet consectetur adipiscing elit sed do eiusmod tempor incididunt ut labore et dolore magna aliqua ut enim ad minim veniam quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat duis aute irure dolor in reprehenderit voluptate velit esse cillum dolore eu fugiat nulla pariatur lorem ipsum dolor sit amet consectetur adipiscing elit sed do eiusmod tempor incididunt ut labore et dolore magna aliqua ut enim ad minim veniam quis.

15.2. If you have any concerns about privacy or grievances with Us, please contact the Grievance Officer with a thorough description and we will endeavour to resolve the issue for you.

§ 16. GRIEVANCE OFFICER AND CONTACT DETAILS

16.1. In compliance with the DPDP Act and the Information Technology Act, 2000, the contact details of our Grievance Officer / Data Protection Officer, who shall be the point of contact for the Data Principal to exercise the rights set out in § 13, are as follows:

Name of Grievance Officer: ________

Designation: ________

E-mail: ________

Telephone: ________

Address for correspondence: ________

General Contact Details:

________

§ 17. GOVERNING LAW AND JURISDICTION

This Privacy Policy shall be governed by and construed in accordance with the laws of India. Subject to the provisions of the DPDP Act regarding adjudication by the Data Protection Board of India, the courts at ________ shall have exclusive jurisdiction over any dispute arising out of or in connection with this Privacy Policy.