Privacy Policy

1.1 Information You Provide Directly

• Identity Data: Full name, username or similar identifier.
• Contact Data: Email address, mobile phone number, billing address, delivery address, pin code.
• Account Data: Username, password (stored in encrypted form), purchase history, saved addresses.
• Order Data: Products ordered, quantities, order value, delivery instructions.
• Communication Data: Messages, inquiries, feedback, and complaints submitted through contact forms, email, or WhatsApp.
• Wholesale Data: Business name, GST number, contact person details (for wholesale/distributor accounts).

1.2 Information Collected Automatically

• Technical Data: IP address, browser type and version, device type, operating system, time zone setting, browser plug-in types.
• Usage Data: Pages visited, time spent, links clicked, referring URL, and browsing patterns on our Website.
• Location Data: Approximate geographic location based on IP address (not precise GPS location).
• Cookie Data: Session cookies, preference cookies, and analytics cookies. See Section 6 for details.

1.3 Information from Third Parties

• Payment Processors: Transaction confirmation, payment status, and partial payment card/UPI information from our payment gateway partners (PhonePe, Razorpay, or similar).
• Analytics Providers: Aggregated, anonymised data from Google Analytics.
• Social Media: If you interact with our social media pages, we may receive limited profile information as permitted by those platforms.

We will only use your personal data for the purposes for which we collected it. If we need to use it for another incompatible purpose, we will notify you and, where required, seek your consent.

We take the security of your payment information extremely seriously.

• We do NOT store full payment card numbers, CVV codes, or net banking credentials on our servers. All payment transactions are processed securely through our PCI-DSS compliant payment gateway partner(s) including PhonePe Business.
• Payment data is transmitted using 256-bit SSL/TLS encryption. The padlock icon in your browser confirms this encrypted connection.
• We store only transaction reference numbers, payment status (success/failure/pending), and transaction amount for order reconciliation and customer support.
• UPI IDs, if provided by you, are used solely to process the transaction and are not stored post-payment completion.
• Our payment gateway partners may retain payment-related data as per their own privacy policies and applicable RBI regulations.
• In the event of a refund, we process the refund to the original payment method used. Processing time is 5–7 business days depending on your bank or payment provider.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We share your data only in the following limited circumstances:

• Service Providers: Trusted third-party vendors who assist us in operating our Website and business — including payment gateways (PhonePe, Razorpay), logistics/courier partners, SMS/email service providers, cloud hosting (e.g., Vercel, AWS), and analytics tools (Google Analytics). These providers process data only as necessary to provide their services and are bound by confidentiality obligations.
• Delivery Partners: Your name, delivery address, and contact number are shared with our logistics partners (courier/shipping companies) solely for the purpose of delivering your order.
• Legal Compliance: We may disclose your information to law enforcement authorities, government bodies, or courts if required by law, court order, or to protect our legal rights and the safety of our users.
• Business Transfer: In the event of a merger, acquisition, restructuring, or sale of G M Nutri Foods, your personal data may be transferred to the acquiring entity, subject to the same privacy protections.
• With Your Consent: We will share your data with other third parties only with your explicit prior consent.

We implement industry-standard technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction:

• SSL/TLS Encryption: All data transmitted between your browser and our Website is encrypted using 256-bit SSL/TLS.
• Password Security: Account passwords are stored using strong one-way hashing (bcrypt). We never store passwords in plain text.
• Access Control: Access to personal data within our organisation is restricted to authorised personnel on a need-to-know basis.
• Secure Infrastructure: Our Website is hosted on secure, reputable cloud infrastructure with firewalls, intrusion detection, and regular security audits.
• Payment Security: Payment processing is handled entirely by PCI-DSS compliant payment gateways. We do not process or store raw card data.
• Incident Response: In the unlikely event of a data breach affecting your personal information, we will notify you and the appropriate regulatory authorities as required by law within the stipulated timeframe.

Note: While we take every reasonable precaution, no internet transmission is 100% secure. You are responsible for keeping your account credentials confidential.

We use cookies and similar technologies to enhance your experience on our Website. A cookie is a small text file stored in your browser.

You can control or disable cookies through your browser settings. Disabling strictly necessary cookies may affect core Website functionality such as adding items to your cart.

Under the Digital Personal Data Protection Act, 2023 (DPDP Act) and applicable Indian law, you have the following rights regarding your personal data:

• Right to Access: Request a copy of the personal data we hold about you.
• Right to Correction: Request correction of inaccurate or incomplete personal data.
• Right to Erasure: Request deletion of your personal data, subject to legal retention obligations.
• Right to Withdraw Consent: Withdraw consent for marketing communications at any time by clicking "Unsubscribe" in our emails or contacting us.
• Right to Grievance Redressal: Lodge a grievance with our Grievance Officer (see Section 11) regarding handling of your personal data.
• Right to Nominate: Nominate another individual to exercise your data rights in the event of your death or incapacity (as per DPDP Act, 2023).

To exercise any of these rights, email us at bangiwaratul@gmail.com with the subject line "Data Privacy Request". We will respond within 30 days.

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for satisfying any legal, accounting, or reporting requirements:

• Account & Order Data: Retained for 7 years from your last order or account activity (as required under the Companies Act and GST regulations).
• Transaction Records: Retained for 7 years for statutory/tax compliance.
• Marketing Preferences: Until you withdraw consent or request deletion.
• Communications/Complaints: Retained for 3 years for legal dispute resolution purposes.
• Analytics Data: Anonymised and aggregated data may be retained indefinitely; identifiable data is deleted after 26 months.

When your data is no longer required, we securely delete or anonymise it.

Our Website and services are not directed to children under the age of 18 years. We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected personal data from a child under 18 without verifiable parental consent, we will take prompt steps to delete such data. If you believe we have collected data from a minor, please contact us immediately at bangiwaratul@gmail.com.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting the updated policy on this page with a new "Last Updated" date.
• Sending an email notification to registered users for significant changes.
• Displaying a prominent notice on our Website homepage.

Your continued use of the Website after changes are posted constitutes your acceptance of the updated policy. We encourage you to review this page periodically.

If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, or wish to exercise your data rights, please contact our designated Grievance Officer: