Privacy Policy

Vasana Retail Private Limited, a private limited company incorporated under the Companies Act, 2013, having its registered office at 54/55, Surya Apartment, Fraser Road, Maurya Lok Complex, Jamal Road, Patna-800001, hereinafter referred to as “Company”, “We”, “Us”, “Our” and terms of similar meaning) is committed to protecting Your privacy. This Privacy Policy shall apply to the Visitors/ (as defined in the Terms of Use). For the purposes of this Privacy Policy, the Visitors, (as defined in the Terms of Use) shall hereinafter be referred to as “You”, “Your” or “Yourself”.

This Privacy Policy shall be read in conjunction and together with the Terms of Use and forms an integral part of the agreement between You and the COMPANY (“Terms of Use”). In the event of any conflict between the Terms of Use and this Privacy Policy the provisions of the Terms of Use shall supersede the Privacy Policy. While any conflict dealing with the data on the Platform, the provisions of this Privacy Policy shall supersede the Terms of Use. All capitalized terms not defined under this Privacy Policy shall have the meaning ascribed to it under the applicable Terms of Use.

This Privacy Policy shall apply to the Visitors and shall hereinafter be referred to as “You”, “Your” or “Yourself” and the corresponding mobile application (collectively, “Platforms”), are managed and operated by the Company. Any natural or legal person who accesses and/or uses the Platforms in any manner.

1. Introduction, Scope, and Legal Compliance

We are deeply committed to protecting your privacy, which is a cornerstone of our operations. This policy defines its applicability to all visitors and users, encompassing all platforms and services managed by us.

This Privacy Policy is an integral component of our overall Terms of Use agreement. In instances of conflict, this Privacy Policy takes precedence specifically for matters concerning data handling on the platform, ensuring user data protection is prioritized. Our data handling practices strictly adhere to Indian laws, particularly the Information Technology Act, 2000, and the Digital Personal Data Protection Act, 2023. This compliance also ensures alignment with major mandates of international data protection standards.

User acceptance of this policy is obtained through explicit actions, such as clicking an “I accept” button on the landing page, and continued use of the platform signifies consent to data processing. To enhance user trust and ensure full compliance, we will implement a consent management platform (CMP) or a similar system, allowing users to customize their data processing preferences and providing clear opt-in and opt-out options.

2. Definitions of Key Data Terms

To ensure clarity and avoid ambiguity, this policy provides precise definitions for all key terms related to data handling. These include:

  • Personal Data: Any information that relates to a living individual who can be identified from that information. This includes, but is not limited to, name, address, email address, phone number, date of birth, and any other information that can directly or indirectly identify you.
  • Sensitive Personal Data: A subset of Personal Data that requires heightened protection due to its sensitive nature. This includes, but is not limited to, financial information (e.g., bank account details, credit card numbers), biometric data, health data, sexual orientation, caste, religious or political beliefs.
  • Non-Personal Data: Data that cannot be used to identify a specific individual. This includes aggregated data, anonymized data, and statistical data.
  • Consent: Any freely given, specific, informed, and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
  • Cookies: Small files placed on your computer, mobile device, or any other device by a website, containing the details of your browsing history on that website among its many uses.
  • Device: Any device that can access the Service such as a computer, a cellphone or a digital tablet.
  • User: Any natural or legal person who accesses and/or uses the Platform in any manner.
  • Platform: Refers to our website and corresponding mobile application.
  • Service: Refers to the curated retail platform for lifestyle products, functioning and operation, supplier and vendor, development of brand strategies and related services, that shall be provided to Users for accessing and watching Content, including all features and functionalities, the application, and user interfaces and software and websites/web pages associated with the Service, whether accessed via computer, mobile.

3. Types of Personal Data Collected and Collection Methods

We collect various categories of personal data to provide and improve our services. This includes:

  • User Profile Data: Such as username, email address, password, profile photo, bio, and location.
  • Personally Identifiable Information (PII): Including full name, address, date of birth, and contact information.
  • Usage Data: Automatically collected information like IP address, browser type and version, pages visited, time spent on pages, and unique device identifiers.
  • Correspondence: Any communication between the user and the brand.
  • Preferences & Installed Apps Data: User settings like time zone and language, and information about installed applications.
  • Search and Browsing Information: Search terms, selected results, duration of platform use, and features utilized.
  • Calendar Data: For integrating features like event reminders and notifications.
  • Location Data: Precise GPS location from mobile devices (with permission) and approximate location derived from IP addresses.
  • Device Information: Unique identifier numbers, device models, operating systems, and mobile network information.
  • Invite Data: Contact information provided for inviting friends or colleagues.
  • Admin Data: Actions taken by moderators and administrators for content management and community guidelines enforcement.
  • Data from Third-Party Sources: Including social media profile information, marketing leads, and search results from public databases and joint marketing partners.
  • Body and Lifestyle Data: Data regarding your body size, skin type, hair type, and body type. This data is collected through various methods, including user-submitted forms, interactive quizzes, virtual try-on features, and analysis of your product preferences and purchase history, to understand you better and provide a more personalized product and shopping experience.

Data is collected through various methods:

  • Directly from Users: When voluntarily provided via platform forms, interactive quizzes, virtual try-on features, or dial boxes.
  • Automatically through Navigation: Information gathered as users navigate the platform, including usage details, IP addresses, and data collected through cookies, web beacons, and other tracking technologies.
  • From Third Parties: From public databases or marketing partners.

We will conduct a thorough data audit to ensure every piece of collected data aligns with a specific business purpose and a legal basis (consent or legitimate use under the DPDP Act). If data is collected for optional features, consent mechanisms will be granular.

4. Purposes of Data Processing and Usage

We utilize personal data for a variety of specific and legitimate purposes:

  • Contractual Fulfillment: To enter into and fulfill contractual obligations with users.
  • Account Management: To facilitate account creation, login processes, and manage user accessibility.
  • Marketing and Promotions: To send marketing, advertising, and promotional communications, strictly with explicit opt-in consent.
  • Testimonials and Content: To post user testimonials and content data, with prior explicit consent.
  • Content Monetization: To leverage user-generated content for contextual advertising.
  • Platform Protection: To safeguard the platform from fraud, monitor security, and prevent criminal activity.
  • Policy Enforcement: To enforce the Terms of Use and other brand policies.
  • Platform Maintenance and Improvement: To provide and maintain the platform, monitor its usage, and conduct data analysis to identify usage trends and improve services.
  • Customer Support: To provide comprehensive customer support and respond to user inquiries.
  • Communication: To contact users via email, telephone, SMS, or other electronic means to provide necessary product details, news, special offers, and general information about goods and services.
  • Targeted Advertising: To utilize device advertiser IDs and IP addresses for targeted advertising through Demand Side Platforms (DSPs) and Campaign Managers.
  • Legal Compliance: To comply with applicable laws, court orders, and requests from government and law enforcement agencies.
  • Research and Feedback: To manage and collate user feedback, conduct surveys, and perform internal research on demographics and interests.
  • Personalized Experience: To understand user preferences, including body size, skin, hair, and body type, to provide tailored product recommendations and a better shopping experience.

Data is collected only for specified, explicit, and legitimate purposes and will not be used for incompatible purposes without further consent. We will clearly articulate the legal basis for each data processing activity.

5. Data Sharing and Disclosure Practices

We may share personal data in specific situations, always adhering to data protection principles:

  • With Service Providers: Personal data may be shared with third-party service providers who assist in monitoring and analyzing platform use, sending communications, providing voice recognition services, hosting databases, and conducting surveys.
  • Internal Sharing: Information may be shared with other corporate entities, affiliates, and group companies to provide access to their services and products.
  • With User Consent: Personal data may be disclosed for any other purpose with the user’s explicit consent.
  • Aggregated and Anonymized Data: Aggregated and anonymized personal data, which cannot identify individuals, may be shared with third parties for statistical purposes, data analytics, product development, and platform improvement.
  • Business Transactions: In the event of a merger, acquisition, re-organization, amalgamation, or restructuring of the business, personal data may be shared with the acquiring business entity.
  • Law Enforcement and Legal Obligations: We may be required to disclose personal data if mandated by law or in response to valid requests from public authorities (e.g., courts, government agencies). This may also occur to comply with legal obligations, protect the brand’s rights, prevent wrongdoing, ensure public safety, or defend against legal liability.

We will implement robust vendor management for all third parties handling personal data, including conducting due diligence, ensuring Data Processing Agreements (DPAs) are in place, and periodically auditing third-party vendors for compliance.

6. Use of Cookies and Tracking Technologies

We utilize cookies and similar technologies, such as pixel tags, web beacons, and Software Development Kits (SDKs), to enhance the user experience, analyze website flow, measure promotional effectiveness, and deliver targeted information.

Various types of cookies are employed:

  • First-party Cookies: Cookies that belong to the brand and are placed directly on the user’s device.
  • Third-party Cookies: Cookies placed by other parties through the brand’s site or platform, often for purposes like measuring email communication effectiveness.
  • Persistent Cookies: Remain on the user’s device to improve their experience across sessions, such as remembering cookie policy acceptance.
  • Session Cookies: Temporary cookies deleted when the web browser closes, used for tracking internet usage during a single session.
  • Analytical Customization Cookies, Tracking Scripts, and/or Pixels (“Tools”): Collect information on how visitors access and navigate the platform to improve functionality or personalize interests, such as Google Analytics cookies and Facebook pixels.
  • Advertising/Target Cookies: Prevent ads from reappearing and ensure proper ad display, with some third-party cookies tracking users across different platforms to provide relevant advertisements.

Users can manage or refuse browser cookies by activating appropriate settings in their browser, though this may limit access to certain parts of the site. We will implement a cookie consent banner or pop-up that allows users to accept or decline different categories of cookies before they are placed.

7. Data Retention and Cross-Border Transfers

Personal information is retained only for as long as necessary for the purposes outlined in this privacy policy, or as required or permitted by law, such as for tax, accounting, or other legal requirements. When there is no ongoing legitimate business need to process personal information, it will either be deleted or anonymized. If deletion is not possible (e.g., due to storage in backup archives), the information will be securely stored and isolated from any further processing until deletion is feasible.

User information, including personal data, may be processed at our operating offices and in other locations where the parties involved in processing are situated. This means that information may be transferred to and maintained on computers located outside the user’s state, province, country, or other governmental jurisdiction, where data protection laws may differ. Your consent to this Privacy Policy and submission of such information represents agreement to that transfer. We commit to taking all reasonably necessary steps to ensure that user data is treated securely and in accordance with this Privacy Policy. No transfer of personal data will occur to an organization or a country unless adequate controls are in place, including the security of the data.

Our data retention policy will be meticulously crafted to balance legal obligations with user rights. For cross-border transfers, we will ensure that recipient countries or entities have data protection laws and practices not less onerous than our data protection liability, or implement robust contractual safeguards.

8. User Rights Regarding Personal Data

Users possess specific rights concerning the personal data collected about them:

  • Right to Access: Users have the right to know what information we hold about them.
  • Right to Rectification and Correction: Users can request the correction of any incomplete or inaccurate information.
  • Right to Erasure: Users can request the deletion of their information, and we will make reasonable efforts to comply unless legally required to retain it.
  • Right to Restrict Processing: Users can request limitations on how their data is processed.
  • Right to Object to Processing: Users can object to certain types of data processing.
  • Right to Data Portability: Users have the right to receive their personal data in a structured, commonly used, and machine-readable format.
  • Right to Withdraw Consent: Users can withdraw their consent for data processing at any time, with prospective effect.
  • Right to Nominate a Representative: Users can nominate another person to exercise these rights in the event of their death or incapacity.

Users can exercise these rights by emailing us or visiting a specified page on the platform. Any action taken retrospectively will not be affected by the withdrawal of consent, and data will be removed with prospective effect. Withdrawal of consent may, however, hamper access to the platform or restrict certain services for which the information is deemed necessary. We will develop an internal process and potentially a “privacy dashboard” or self-service portal to facilitate Data Subject Access Requests (DSARs).

9. Data Security Measures and Breach Notification

We are deeply committed to protecting user privacy and have implemented necessary steps to comply with all applicable laws, including the Information Technology Act, 2000, and the Digital Personal Data Protection Act, 2023. This naturally aligns us with major mandates of international laws and standards.

We employ robust physical, technical, and managerial safeguards to protect personal data from unauthorized access or disclosure, loss, or misuse. This includes offering the use of a secure server when users access their account information. We adopt industry-standard security measures and regularly update our systems to protect against hacking or virus dissemination.

While we strive to offer security that meets industry standards, we acknowledge that no system can guarantee total security for information transmitted over the internet. Users should access services within a secure environment and are responsible for ensuring the protection of their login and password records. In the unfortunate event of a data breach, we will promptly notify affected users and relevant authorities, as mandated by the DPDP Act. We will explicitly list or refer to the types of security measures employed and maintain a defined data breach response strategy.

10. Children’s Privacy Considerations

Our platform is designed for and directed towards use by individuals who have reached the Age of Majority. We do not knowingly solicit or collect personal data from children under the age of 18 years.

If a user is under the Age of Majority and accesses or utilizes the service, we assume that such access is being done only with the involvement and express consent of their parent or legal guardian. It is presumed that the parent or legal guardian has reviewed this Privacy Policy and the Terms of Use and understands and agrees to them on the minor’s behalf. Parents and/or legal guardians are advised to comply with applicable laws and exercise discretion before allowing their children to access content on the service. We will review our platform design and content to ensure it is genuinely not appealing or accessible to minors, or implement robust parental consent processes where applicable.

11. Policy Amendments and Consent Mechanisms

We reserve the right to amend or modify this Privacy Policy. If any alterations are made, the updated policy will be posted on the platform to reflect the changes, ensuring users are always informed of what information is collected, how it is used, and under what circumstances it may be released. Information will always be used in line with the Privacy Policy that was in effect when it was obtained. Users are urged to examine the policy regularly for the most up-to-date information.

Users have the right to withdraw their consent for data processing. Clear instructions are provided on how to do so, typically via email or by visiting a specific page on the platform. We clarify that such withdrawal will have prospective effect, meaning it applies from the date of withdrawal onwards, and any actions taken retrospectively will not be affected. Withdrawal of consent may, however, hamper access to the platform or restrict certain services for which the information is deemed necessary. For any complaints or concerns regarding the use, processing, or disclosure of information, or a breach of these terms, users can contact the designated grievance redressal officer. We provide clear contact details for privacy-related queries, including the Data Protection Officer’s name, address, email, and telephone number.

HOW YOU CAN CONTACT US

If You have any comments or questions about the collection, use or disclosure of Your Personal Data or this Privacy Policy, please contact Us via email referencing ‘Privacy Policy’:

Email: info@vasanaindia.com

Telephone no: +91-8800986890

Click submit to unlock our offers!