https://shivangiagandhi.com/ is a website owned, maintained, managed and operated by Ms. Shivangi A. Gandhi ("We", “Our”, or "Us"), a fashion label sole proprietary concern in India having its office at Hubtown Sunmist, Bldg A 1105, Andheri (East), Mumbai – 400 069, Maharashtra, India. We recognize / respect the importance of privacy of Our Customers and also of maintaining confidentiality of the information provided by Our Customers as a responsible data controller and data processer.
Personal data is defined as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’. Personal data is, in simpler terms, any information about You that enables You to be identified. Personal data covers obvious information such as your name and contact details, but it also covers less obvious information such as identification numbers, electronic location data and other online identifiers.
Personal Information of Customer shall include but not be limited to the information shared by the Customer and collected by Us for the following purposes:
Eligibility to transact with Us:
We do not knowingly collect personal information from anyone under the age of 18. If You are under 18 years of age, please do not fill out Our forms or send any personal information about Yourself to Us. If We learn that We have collected personal information from a child under the age 18 years, We will delete that information promptly and restrict the access and usage of Our Website, as the case may be. We shall also not process or proceed further with responding to any enquiries made by such a Customer and in the event any request, enquiry is processed by Us, We shall have a sole right to cancel the same.
Your Account and Registration Obligations:
We collect information from You to provide an efficient, meaningful and customized e-shopping experience for You. It makes it easier for You to use Our Website by not having to enter Your Personal Information every time You access Our Website. It helps Us to curate content that is more relevant to You - Our Customers / Users. In the course of Your use of Our Website, You agree to furnish Your correct details and information if requested by Us from time to time.
You agree that if You provide any information which is untrue, inaccurate, not current, or incomplete or we have reasonable grounds to suspect that such information is untrue, inaccurate, not current, incomplete, or not in accordance with the Terms and Conditions, We will have the right to bar you from accessing Our Website. Information which You provide for ordering / for purchase of products on Our Website as part of the application of being a Customer, will be your full name, date of birth, postal address (for product delivery purposes), phone number, e-mail address as well as any other information that We may request. In the event any corrections/alterations/modifications/changes occur in Your personal information (except some mandatory fields) provided above, then the same needs to be updated on Our Website - https://shivangiagandhi.com/ or informed to Us via email to make the necessary changes.
Apart from the above information, We may also collect other information relating to the following:
- Your name, email addresses and other security-related information used by You in relation to Our Website,
- Transactional history (other than banking details) about Your e-commerce activities and presence in the e-commerce market,
- Payment details,
- When You report a problem / an error with Our Website,
- When You contact Us.
Collection of Personal Information by Us:
When You use Our Website, We collect and store Your personal information which is provided by You to Us from time to time. Our primary goal in doing so is to provide You a safe, efficient, smooth and customized Customer experience. This allows Us to provide services and features that most likely meets Your needs and to customize Our Website to make your experience safer and easier.
- In general, if You are not Our Customer or a User of Our Website, You can browse/navigate through Our Website without telling us who You are or revealing any personal information about Yourself. Once You give us Your personal information, You are not anonymous to Us. While collecting Your Information, wherever possible, We indicate which fields are required (i.e. mandatory) and which fields are optional. You have the option to not provide information by choosing not to use a particular service or feature on the Website.
- If You send Us any correspondence, such as emails or letters, or if other users or any third party/ies send Us correspondence about Your activity/ies on Our Website, We may collect such information into a file specific to You.
- We collect personally identifiable information (email address, full name, mobile number, credit card / debit card / other payment instrument details, etc.) from You when You shop with us.
Use of Profile Data / Your Personal Information:
We use Your personal information to provide You Our Website as a Customer / User. We use Your personal information to resolve disputes including but not limited to customer complaints with respect to our product listings, troubleshoot problems, help promote a safe and reliable service to You, receive payment from You and remit to You any refund in form of a credit note (if any, at Our sole and absolute discretion) in case of complaints received with regards to the product(s) listed on Our Website, measure Customer interest in the products listed on Our Website, inform You about any of Our services or updates, customize Our Website experience or using Our Website to detect and protect Us against error, fraud and other criminal activity, enforce our Terms & Conditions and as otherwise informed to You at the time of collection of such information.
In Our efforts to continually improve Our Website service offerings, We collect and analyse demographic and profile data about Our Customers’ / Users' activity on Our Website.
We identify and use Your IP address to help diagnose problems with Our server, if any, and to administer Our Website. Your IP address is also used by Us to help identify You and to gather broad demographic information.
We may also use the personal information for reasons including but not limited to:
- To operate, maintain and improve Our Website.
- To provide You with information & services that You request from Us.
- To carry out Our obligations and enforce Our rights arising from any contracts entered into between You and Us, including without limitation, Our Terms and Conditions.
- To notify You about changes to Our Website and/or obtain any required consent in the event of such changes.
- To allow You to participate in interactive features of Our Website, as and when available and when You choose to do so.
- For industry analysis, marketing, and other business purposes.
- To track Your browsing behavior, such as the pages You visited over time, for analytics and advertising purposes.
- To communicate with You about the product listings with Your permission and/or where permitted by law, We may also use Your personal information for marketing purposes, which may include contacting You by email AND/OR telephone AND/OR text message AND/OR post with information, news, AND/OR You will not be sent any unlawful marketing emails. We will always work to fully protect Your rights and comply with Our obligations under the Information Technology Act, 2000 and You will always have the opportunity to opt-out. If You ask Us to contact You about services, We may use Your personal information or permit selected third parties to use Your personal information to contact You about such services. You can withdraw consent at a later time by clicking on the “unsubscribe” link located in the emails We send You.
During the course of Your use of Our Website, You may receive Confidential Information. You agree that for the term of the Your association with Us and for 3 (three) years after termination:
- all Confidential Information is and will remain the sole and exclusive property of https://shivangiagandhi.com/ save and except for Customer personal data owned by the respective Customer;
- You will use Confidential Information only as is reasonably necessary for Your participation as a Customer on Our Website and ensure that persons who have access to Confidential Information will be made aware of and will comply with the obligations in this provision; and
- You will not, and will cause your Affiliates not to, directly and/or indirectly (including through a third party) otherwise disclose Confidential Information to any individual, company, or other third party, including any Affiliates, except as required to comply with law;
- You will take all reasonable measures to protect the Confidential Information against any use or disclosure that is not expressly permitted as per User Terms of Service; and
- You will retain Confidential Information only for so long as its use is necessary for participation as a Customer on Our Website or to fulfil Your statutory obligations (e.g. taxation etc.) and in any event whatsoever will delete information so collected / retained by You upon termination of Your association with Us or as soon as the information so collected / retained by You is no longer required for the fulfilment of any statutory obligations.
The foregoing however, does not restrict Your right to share Confidential Information with a governmental entity that has jurisdiction over You, provided that You limit the disclosure to the minimum necessary extent and explicitly indicate the confidential nature of the shared information to the governmental entity.
You may not issue any press release or make any public statement related to Our Website; You shall also not use Our name, trademarks or logo in any way (including but not limited to any promotional material) without Our prior written permission in that regard. You shall also not misrepresent or embellish the relationship between You and Us in any way.
Generally, You shall not use such data in any way inconsistent with applicable law for the time being in force. You must keep all data confidential at all time (the 3 years’ term limit as mentioned hereinabove for data retention does not apply to customer personal data).
Retention of Personal Information:
Our data retention policies and procedures, which are designed to help ensure that We comply with Our legal obligations in relation to the retention and deletion of personal information. We retain all the Personal Information stored with Us until perpetuity.
At any time, You may object to the processing of Your Personal Information, on legitimate grounds, except if otherwise permitted by applicable law. You may withdraw Your consent to submit any or all Personal Information or decline to provide any permissions on Our Website as covered above at any time. In case, You choose to do so then Your access to the Website may be limited or We might not be able to provide the services to You. You may withdraw your consent by sending an email to email@example.com
Sharing of personal information:
We may share Your personal information received through Our Website with Our employees, group companies/entities - parent companies / holding companies, subsidiaries, representatives, consultants, vendors, stockists and affiliates. These entities and affiliates may share marketing information with You as a result of such sharing unless you explicitly opt-out.
Save and except as mentioned hereinabove, We do not sell Your personal information to third parties. This disclosure may be required for Us to provide You access to Our Website, to comply with Our legal obligations, to enforce Our Terms and Conditions, to facilitate Our marketing and advertising activities, for service recovery purposes, or to prevent, detect, mitigate, and investigate fraudulent or illegal activities related to Our Website, if any. We do not and will not disclose Your personal information to third parties for their marketing and advertising purposes without Your explicit consent.
We may disclose Your personal information if required to do so by law or if We may in good faith believe that such disclosure is reasonably necessary to respond to subpoenas, court orders, or other legal process. We may disclose Your personal information to law enforcement offices, any rights owned by third party/ies, or others in the good faith belief that such disclosure is reasonably necessary to:
- respond to claims that an advertisement, posting or other content violates the rights of a third party;
- or protect the rights, property or personal safety of our users or the general public.
However, it is also to be noted that section 69 of the Information Technology Act 2000, which is an exception to the general rule of maintenance of privacy and secrecy of the information, provides that where the Government is satisfied that it is necessary in the interest of:
- the sovereignty or integrity of India,
- defence of India,
- security of the State,
- friendly relations with foreign States; or
- public order; or
- for preventing incitement to the commission of any cognizable offence relating to above; or
- for investigation of any offence.
- It may by order, direct any agency of the appropriate Government to intercept, monitor or decrypt or cause to be intercepted or monitored or decrypted any information generated, transmitted, received or stored in any computer resource. This section empowers the Government to intercept, monitor or decrypt any information including information of personal naturein any computer resource.
- Where the information is such that it ought to be divulged in public interest, the Government may require disclosure of such information. Information relating to anti-national activities which are against national security, breaches of the law or statutory duty or fraud may come under this category.
Security and Protection of Information:
We employ stringent security measures in place to protect the loss, misuse, and alteration of the information under Our control. Whenever You change or access Your account information, We offer the use of a secure server which is based and operated in India. Once Your information is in our possession We adhere to strict security guidelines, protecting it against unauthorized access.
Information from third parties:
As mentioned earlier with respect to scope of this Policy, it does not apply to third party websites. Our Website may link to websites that are not owned and/or controlled by Us. As such, this Policy does not apply to information collected on any third‑party site or by any third‑party application that may link to or be accessible from Our Website. This Policy does not apply to information collected by Our business partners or by Us via an offline / online mode and other third parties or third‑party applications or services, even if this information is collected using Our Website.
We provide all Customers with the opportunity to opt-out of receiving non-essential (promotional, marketing-related) communications from Us on behalf of Our partners and from us in general, after browsing on Our Website and/or after transacting with Us.
If you have any questions or complaints regarding Our Website or any other aspect of Our Website please contact Our Grievance Officer:
In accordance with Information Technology Act 2000, the Consumer Protection Act, 2019 and rules made there under, the name and contact details of the Grievance Officer are provided below:
Name: Shivangi A Gandhi
Address: Hubtown Sunmist, Bldg A 1105, Andheri (East), Mumbai – 400 069, Maharashtra, India.
Effective Date: 15 July, 2021
GENERAL DATA PROTECTION REGULATION
15 July, 2021
General Data Protection Regulation (GDPR) came into effect 25th May 2018, creates consistent data protection rules across European Union. It applies to all companies that process personal data about/relating to individuals in the EU, regardless of where the company is geographically based. Processing refers to anything related to personal data of individuals in the EU, including but not limited to ‘how a company handles and manages data’, such as collecting, storing, using and deleting/destroying data.
Website / Us / We
means the General Data Protection Regulation.
Ms. Shivangi A Gandhi.
Register of Systems
means a register of all systems or contexts in which personal data is processed by the Company.
1. Data protection principles
We are committed to processing data in accordance with its responsibilities under the GDPR.
Pursuant to Article 5 of the GDPR with respect to the personal data that We collect, We:
- Process the personal data lawfully, fairly and in a transparent manner in relation to individuals - Users;
- The data is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- We further process the personal data so collected solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes that is not incompatible with the initial purposes;
- The data so collected by Us is adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed;
- The data collected (to the best of our knowledge and belief) is accurate and, where necessary, kept up-to date; every reasonable step is taken to ensure that personal data that is inaccurate, having regard to the purposes for which it is processed, is erased or rectified without any undue delay;
- The data collected is kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals - Users; and
- The data collected is processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”
2. General provisions
- This Policy applies to all personal data collected / processed by Us for Our Customers / Users in the EU region.
- The Responsible Person takes responsibility for the Website’s ongoing compliance with this Policy.
- This Policy shall be reviewed by Us at least once, annually or as per the changes in the applicable laws for the time being in force.
3. Lawful, fair and transparent processing
- To ensure its processing of data is lawful, fair and transparent, We maintain a register for the same.
- The register as mentioned herein shall be reviewed at least once, annually.
- Individuals (whose data is collected) shall have the right to access their personal data and any such requests made to Us via email at firstname.lastname@example.org shall be dealt with in a timely manner.
4. Lawful purposes
- All data processed by Us is done on either one of the following lawful bases: - consent, contract, legal obligation, vital interests, public task or legitimate interests.
- We shall note the appropriate lawful basis in the register as mentioned herein.
- Where consent is relied upon as a lawful basis for processing data, evidence of opt-in consent shall be kept with the personal data.
- Where communications are sent to individuals based on their consent, the option for the individual to revoke their consent shall be clearly available and systems shall be in place to ensure such revocation is reflected accurately in the Website’s systems.
5. Data minimisation
- We shall ensure that personal data are adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed.
- We take reasonable steps to ensure personal data is accurate.
- Where necessary for the lawful basis on which data is processed, steps are put in place to ensure that personal data is kept up to date.
7. Archiving / removal
- To ensure that personal data is kept for no longer than necessary, We have put in place an archiving policy for each area in which personal data is processed and We review this process annually.
- The archiving policy considers what data should/must be retained, for how long, and why.
- We ensure that personal data is stored securely using modern software that is kept-up-to-date.
- All Our servers where the personal data is stored in India and we do not indulge in cross-border transfer of personal data collected by us.
- Access to personal data shall be limited to personnel who shall “need” access to the same and appropriate security measures are in place to avoid unauthorised sharing of information.
- When personal data is deleted, this is done safely in such a manner that the data so deleted is irrecoverable.
- Appropriate back-up and disaster recovery solutions are in place.
In the event of a breach of security leading to the accidental or unlawful destruction, loss, alteration, un-authorised disclosure of, or access to, personal data, We shall promptly assess the risk.