Privacy Policy

Your Privacy & Data Protection Rights

At Aarav Clothing and Business Solutions, we are committed to protecting your privacy and ensuring the security of your personal information in compliance with applicable Indian data protection laws, including the Information Technology Act, 2000, Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023.

1. Information We Collect

Personal Information:

• Identity Data: Full name, date of birth, gender
• Contact Data: Email address, phone number, postal address
• Account Data: Username, password, profile preferences
• Financial Data: Payment card details, billing address, transaction history
• Delivery Data: Shipping addresses, delivery preferences, special instructions
• Communication Data: Customer service interactions, feedback, reviews, survey responses

Technical Information:

• Device Data: IP address, browser type and version, device type, operating system
• Usage Data: Pages visited, time spent, click patterns, search queries
• Location Data: Approximate location based on IP address
• Cookies & Tracking: Session cookies, preference cookies, analytics cookies
• Performance Data: Website performance metrics, error logs

Sensitive Personal Data:

• Payment Information: Credit/debit card details (processed through PCI-DSS compliant gateways)
• Biometric Data: None collected
• Health Data: None collected unless voluntarily provided for size recommendations

2. How We Use Your Information

Primary Business Purposes:

• Order Fulfillment: Processing orders, payments, shipping, and delivery coordination
• Customer Service: Responding to inquiries, handling returns/exchanges, resolving complaints
• Account Management: Creating and maintaining user accounts, order history, preferences
• Product Recommendations: Suggesting products based on purchase history and preferences
• Inventory Management: Stock planning, demand forecasting, supply chain optimization

Legal & Security Purposes:

• Legal Compliance: GST/tax obligations, regulatory reporting, audit requirements
• Fraud Prevention: Detecting and preventing fraudulent transactions and activities
• Security: Protecting our systems, preventing unauthorized access, maintaining data integrity
• Dispute Resolution: Handling legal disputes, claims, and regulatory investigations

Marketing & Analytics (With Consent):

• Email Marketing: Promotional offers, new product announcements, seasonal sales
• SMS Marketing: Order updates, delivery notifications, promotional messages
• Website Analytics: Understanding user behavior, improving website performance
• Personalization: Customizing website content and product recommendations

3. Information Sharing & Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

Service Providers & Partners:

• Payment Processors: Razorpay, PayU, other certified payment gateways
• Shipping Partners: India Post, Blue Dart, Delhivery, local courier services
• Technology Providers: Cloud hosting, email services, analytics platforms
• Customer Support: Third-party customer service platforms
• Marketing Services: Email marketing platforms, SMS gateways (with consent)

Legal & Regulatory Requirements:

• Government Authorities: When required by law, court orders, or regulatory investigations
• Tax Authorities: GST compliance, income tax requirements
• Law Enforcement: Criminal investigations, fraud prevention, national security
• Consumer Protection: Consumer court proceedings, regulatory complaints

4. Data Security Measures

We implement comprehensive security measures to protect your personal information:

Technical Safeguards:

• Encryption: SSL/TLS encryption for all data transmission
• Secure Storage: Encrypted databases with access controls
• Payment Security: PCI-DSS compliant payment processing
• Regular Updates: Security patches and system updates
• Monitoring: 24/7 security monitoring and threat detection
• Backup & Recovery: Regular data backups and disaster recovery procedures

Administrative Safeguards:

• Access Controls: Role-based access with minimum necessary permissions
• Employee Training: Regular privacy and security training for staff
• Background Checks: Verification of employees handling personal data
• Confidentiality Agreements: Legal obligations for all staff and contractors
• Incident Response: Procedures for handling security breaches

5. Your Privacy Rights

Under Indian data protection laws, you have the following rights:

Access & Information Rights:

• Right to Access: Request a copy of personal data we hold about you
• Right to Information: Understand how your data is being processed
• Data Portability: Receive your data in a structured, machine-readable format

Control & Correction Rights:

• Right to Correction: Update or correct inaccurate personal information
• Right to Deletion: Request deletion of your personal data (subject to legal requirements)
• Right to Restrict Processing: Limit how we use your personal data
• Right to Object: Object to processing based on legitimate interests

Communication Rights:

• Marketing Opt-out: Unsubscribe from promotional communications
• Cookie Control: Manage cookie preferences through browser settings
• Communication Preferences: Choose how and when we contact you

6. Data Retention Policy

We retain your personal information only as long as necessary for the purposes outlined in this policy:

• Account Data: Until account deletion or 3 years of inactivity
• Order Data: 7 years for tax and legal compliance
• Payment Data: As required by payment card industry standards
• Marketing Data: Until you opt-out or 2 years of inactivity
• Technical Data: 2 years for analytics and security purposes
• Legal Data: As required by applicable laws and regulations

7. Cookies & Tracking Technologies

We use cookies and similar technologies to enhance your browsing experience:

Types of Cookies:

• Essential Cookies: Required for website functionality (login, cart, security)
• Performance Cookies: Analytics and website performance monitoring
• Functional Cookies: Remember your preferences and settings
• Marketing Cookies: Personalized advertising and content (with consent)

Cookie Management:

• You can control cookies through your browser settings
• Disabling essential cookies may affect website functionality
• We respect "Do Not Track" browser settings where technically feasible
• Cookie consent can be withdrawn at any time through browser settings

8. International Data Transfers

Your personal information is primarily processed and stored within India. In limited circumstances, we may transfer data internationally:

• Cloud Services: Some data may be stored on international cloud platforms with adequate security measures
• Payment Processing: International payment gateways may process transaction data
• Customer Support: Third-party support platforms may have international data centers
• Safeguards: All international transfers include appropriate safeguards and contractual protections

9. Children's Privacy

Our services are not intended for children under 18 years of age:

• We do not knowingly collect personal information from children under 18
• If we become aware of such collection, we will delete the information immediately
• Parents/guardians can contact us to request deletion of their child's information
• Account creation requires confirmation of being 18 years or older

10. Data Breach Notification

In the unlikely event of a data breach affecting your personal information:

• Immediate Response: We will take immediate steps to contain and assess the breach
• Authority Notification: Relevant authorities will be notified within 72 hours as required by law
• User Notification: Affected users will be notified without undue delay
• Remedial Actions: We will provide information on steps taken and recommendations for users
• Investigation: Full investigation will be conducted to prevent future incidents

11. Third-Party Links & Services

Our website may contain links to third-party websites and services:

• External Links: We are not responsible for privacy practices of external websites
• Social Media: Social media plugins may collect information according to their own policies
• Payment Gateways: Payment processors have their own privacy policies
• Recommendation: Please review privacy policies of any third-party services you use

12. Legal Basis & Compliance

Our data processing activities are based on the following legal grounds:

Indian Law Compliance:

• Information Technology Act, 2000: Data protection and cybersecurity compliance
• IT Rules, 2011: Sensitive personal data protection requirements
• Digital Personal Data Protection Act, 2023: Enhanced privacy rights and obligations
• Consumer Protection Act, 2019: Consumer rights and data protection
• Companies Act, 2013: Corporate data handling obligations

Industry Standards:

• PCI-DSS: Payment card industry data security standards
• ISO 27001: Information security management best practices
• GDPR Principles: Where applicable for international users

13. Grievance Redressal

We have established a grievance redressal mechanism for privacy-related concerns:

14. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements:

• Notification: Material changes will be notified via email and website notice
• Effective Date: Changes become effective 30 days after notification
• Continued Use: Continued use of our services constitutes acceptance of updated policy
• Version Control: Previous versions are archived and available upon request

15. Contact Information

For any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: