Privacy Policy
Last Updated: [Insert Date]
This Privacy Policy (“Policy”) explains how [company name] (“we”, “our”, or “[brand name]”) collects, processes, stores, protects, and shares information when you access or use our website [domain name] (“Services”). This Policy is drafted to meet Indian legal requirements including the Digital Personal Data Protection Act, 2023 and the Digital Personal Data Protection Rules, 2025, and applicable international standards.
Scope & Applicability
This Privacy Policy applies to:
- Indian business customers and international customers;
- Visitors to our website, B2B ecommerce portal, and digital services;
- Authorized representatives of business customers.
Information We Collect
We collect multiple types of information including:
- Business identifiers: Company name, GSTIN, tax IDs, addresses.
- Contact details: Emails, phone numbers of authorized reps.
- Account & transaction data: Orders, invoices, delivery details, payment references.
- Technical data: IP address, device, browser, cookies & analytics.
Note: We do not store full payment card details; payments are processed via compliant third-party gateways.
Legal Basis for Processing
Under the Digital Personal Data Protection framework, we process personal data based on:
- Contract performance and order fulfillment;
- Legal & regulatory compliance including GST and DPDP Rules;
- Consent where required;
- Legitimate business interests with safeguards.
Use of Data
We use collected data to:
- Onboard and manage customer accounts;
- Process orders, billing, and deliveries;
- Manage customer support and communications;
- Ensure compliance with legal, tax, and regulatory obligations;
- Improve website and services;
- Detect and prevent fraud or misuse.
Consent & DPDP Rights
Under the Digital Personal Data Protection Act and Rules, data principals (individuals whose personal data we process) have specific rights. We ensure:
- Clear notice and purpose: We provide transparent information about what personal data is collected and why.
- Informed consent: Consent is obtained where required, and mechanisms are provided to withdraw consent.
- Access & correction: Individuals may request access to their data or correction of inaccuracies.
- Erasure: Individuals may request deletion of personal data where permitted by law and operational needs.
- Nomination: Individuals can nominate another person to exercise these rights on their behalf.
We respond to such requests within timelines prescribed under the DPDP Rules. :contentReference[oaicite:1]{index=1}
Security Measures
We implement reasonable security safeguards including:
- Encryption at rest and in transit;
- Access controls and authentication;
- Monitoring, logging, and periodic audits;
- Vendor security assessments.
Breach Reporting & Accountability
In the event of a personal data breach:
- We will promptly notify affected individuals in plain language;
- We will report breaches to the relevant authority as required under DPDP Rules;
- We maintain records of breaches and mitigation steps as part of compliance. :contentReference[oaicite:2]{index=2}
Cross-Border Data Transfers
Some data may be transferred outside of India for operational purposes. We ensure appropriate safeguards in accordance with applicable law and government conditions. :contentReference[oaicite:3]{index=3}
Data Retention
We retain personal data only as long as necessary to fulfil purposes, comply with legal obligations, and support dispute resolution. As required under DPDP Rules, logs and processing records may be maintained for defined periods. :contentReference[oaicite:4]{index=4}
Contact Us
If you have questions, requests, or concerns regarding this Privacy Policy or your data rights, please contact:
Email: privacy@[domain name]
Address: [Registered Office Address]