Privacy Policy
Welcome to NATUF.
We understand the importance of your privacy and are committed to protecting the personal data you entrust to us. This Privacy Policy explains how we collect, use, disclose, secure, and retain your personal data when you use our website, mobile apps, and our related services ("Services").
This policy applies to:
- Users of our website who browse and interact with its content.
- Users of our mobile apps who download and utilize their functionalities.
- Individuals who engage with us through our various services, including those who contact us or provide their information for specific purposes.
By using our Services, you agree to the terms of this Privacy Policy. If you have any questions or concerns about our data practices, please feel free to contact us using the information provided in the "Contact Us" section.
Key Points:
- We only collect personal data that is necessary for specific and legitimate purposes.
- We will always be transparent about how we use your data and obtain your consent where required.
- We implement robust security measures to protect your personal data from unauthorized access, disclosure, alteration, or destruction.
- You have the right to access, rectify, erase, and restrict the processing of your personal data, as provided by the Indian Digital Personal Data Protection Act (DPDP Act), 2023.
- Personal Data We Collect:
In accordance with the Indian Digital Personal Data Protection Act (DPDP Act), 2023, we collect the following categories of personal data:
1.1. Contact Information:
- Name
- Email address
- Phone number
- Physical address (including shipping and billing addresses)
1.2. Account Information:
- Username
- Password (hashed and salted for security)
- Account preferences (e.g., language settings)
- Security questions and answers (used for account verification)
1.3. Transaction Information:
- Purchase history (including product details, order date, and order number)
- Billing details (including name, address, and payment method)
- Payment information (processed securely through a PCI-compliant payment gateway; we do not store your full credit card details)
1.4. Usage Data:
- IP address (used for geolocation and website analytics)
- Operating system and browser type
- Browsing activity on our website (including pages viewed, search queries, and clickstream data)
- Device information (type of device, unique device identifier)
1.5. Feedback and Survey Data:
When you submit feedback or participate in surveys, we may collect information such as your thoughts, opinions, and answers to questions.
1.6. Social Media Data:
If you connect to our services through social media platforms, we may collect limited information from your social media profile, such as your name, profile picture, and friend list (depending on your privacy settings on the platform).
1.7. Sensitive Personal Data (if applicable):
We only collect sensitive personal data (as defined by the DPDP Act) with your explicit consent and for specific, limited purposes.
- Use of Personal Data:
We use your personal data for the following purposes, always in accordance with the DPDP Act, 2023:
2.1. To fulfil your requests and provide our services:
- Process your orders and deliver your purchases.
- Provide customer support and respond to your inquiries.
- Manage your account and profile settings.
- Personalize your experience on our website and mobile app (e.g., recommend products based on your browsing history).
2.2. To process your transactions and manage your account:
- Verify your identity and prevent fraudulent activity.
- Issue refunds and manage returns.
- Send you transactional emails related to your orders, such as order confirmations and shipping notifications.
2.3. To send you marketing communications (only with your consent):
- We will only send you marketing communications (e.g., email newsletters, promotional offers) if you have explicitly opted in to receive them. You can always unsubscribe from these communications at any time by following the unsubscribe instructions included in the communication or by contacting our Privacy Compliance Officer.
2.4. To improve our website and services:
- Analyze website usage data to understand user behavior and preferences.
- Identify and address technical issues to improve website performance.
- Develop new features and functionalities based on user feedback.
2.5. To comply with legal and regulatory obligations:
We may use your personal data to comply with applicable laws and regulations, such as tax laws, record-keeping requirements, or court orders.
- Disclosure of Personal Data in Accordance with DPDP Act, 2023:
We will only disclose your personal data in the following circumstances, strictly adhering to the provisions of the DPDP Act, 2023:
3.1. With your consent: We will disclose your personal data to third parties only with your explicit and informed consent. This may occur when you use a third-party service integrated with our platform or when you choose to share your information with a third party through our website.
3.2. To service providers: We may share your personal data with third-party service providers who help us operate our website and services. These service providers are contractually obligated to:
- Only use your personal data for the specific purposes we have authorized.
- Implement appropriate security measures to protect your personal data.
- Comply with all applicable data privacy laws and regulations, including the DPDP Act.
We will conduct due diligence to ensure that our service providers have appropriate data security practices in place before sharing your personal data with them.
3.3. Legal obligations: We may disclose your personal data if we are required to do so by law or in the good faith belief that such action is necessary to:
- Comply with a legal obligation or court order.
- Protect the rights or safety of ourselves, our users, or the public.
- Prevent or investigate possible wrongdoing, such as fraud or cybercrime.
3.4. Business transfers: If we undergo a business transaction, such as a merger, acquisition, or asset sale, your personal data may be transferred to the new owner or operator. We will provide you with prior notice and an opportunity to object to such transfer before it occurs.
Transparency and User Control:
We are committed to being transparent about how we disclose your personal data. We will make available the following information:
- The categories of personal data we disclose.
- The categories of third parties to whom we disclose personal data.
- The purposes for which we disclose personal data.
You have the right to request information about the disclosure of your personal data.
- Your Rights Under the DPDP Act:
The Indian Digital Personal Data Protection Act (DPDP Act), 2023, grants you several important rights regarding your personal data. These rights include:
4.1. Right to Access:
You have the right to request access to your personal data that we hold, including the categories of information we collect, the purposes for processing, and with whom we may share it.
We will provide you with a copy of your personal data in a commonly used and machine-readable format within a reasonable time frame after verifying your identity.
4.2. Right to Rectification:
You have the right to request correction of any inaccuracies in the personal data we hold about you.
You can submit a request to update your information to keep it accurate and complete.
4.3. Right to Erasure (Right to Be Forgotten):
Under certain circumstances, you have the right to request the deletion of your personal data. This includes cases where:
- The personal data is no longer necessary for the purpose for which it was collected.
- You withdraw your consent to the processing of your personal data (where consent was the basis for processing).
- Your personal data has been unlawfully processed.
4.4. Right to Restriction of Processing:
You have the right to request that we restrict the processing of your personal data if:
- You believe that your personal data is inaccurate.
- The processing is unlawful, but you do not want the data to be erased.
- We no longer need the data for processing, but you need it for a legal claim.
- You have objected to the processing of your data and are awaiting verification of our legitimate grounds for continued processing.
4.5. Right to Object to Processing:
- You have the right to object to the processing of your personal data in certain circumstances, including where the processing is based on legitimate interests or for direct marketing purposes.
- We will consider your objection and cease processing unless we have compelling legitimate grounds that override your interests or rights.
4.6. Right to Data Portability:
You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit it to another data controller or have it transmitted directly, where technically feasible.
4.7. How to Exercise Your Rights:
To exercise any of these rights, you can contact our Privacy Compliance Officer at +91 6366 794 402.
We will respond to your requests within a reasonable timeframe, as defined by the DPDP Act and its regulations.
We may require you to verify your identity before processing certain requests.
- Disclosure of Your Personal Data in Accordance with the DPDP Act, 2023:
We understand the importance of safeguarding your personal data and will only disclose it in specific circumstances, adhering to the provisions of the Indian Digital Personal Data Protection Act (DPDP Act), 2023. Here's an outline of these situations:
5.1. With Your Explicit Consent:
We will only disclose your personal data to third parties with your explicit and informed consent. This might occur when:
- You use a third-party service integrated with our platform.
- You choose to share your information with a third party through our website.
We will always clearly explain the purpose of the disclosure and obtain your specific consent before proceeding.
5.2. To Authorized Service Providers:
We may share your personal data with third-party service providers who assist us in operating our website and services. These providers are bound by strict contractual obligations, including:
- Only using your personal data for the specific purposes we authorize.
- Implementing appropriate security measures to protect your data.
- Complying with all applicable data privacy laws and regulations, including the DPDP Act.
We rigorously assess our service providers' data security practices before entrusting them with your personal data.
5.3. Legal Obligations and Public Interest:
We may disclose your personal data if required by law or in the good faith belief that such action is necessary to:
- Comply with a legal obligation or court order.
- Protect the rights or safety of ourselves, our users, or the public.
- Prevent or investigate possible wrongdoing, such as fraud or cybercrime.
5.4. Business Transfers:
In the event of a business transaction, such as a merger, acquisition, or asset sale, your personal data may be transferred to the new owner or operator. We will provide you with prior notice and an opportunity to object to such transfer before it occurs.
5.5. De-identified Data:
We may share de-identified data (data that cannot be reasonably linked back to an individual) with third parties for research or analytical purposes. This allows us to gain valuable insights while protecting your privacy.
Transparency and User Control:
We are committed to being transparent about disclosures of your personal data. We will make available the following information:
- The categories of personal data we disclose.
- The categories of third parties we disclose personal data to.
- The purposes for which we disclose personal data.
You have the right to request information about the disclosure of your personal data. You can exercise this right by contacting our Privacy Compliance Officer at +91 6366 794 402.
- Security of Your Personal Data:
Protecting the security and confidentiality of your personal data is a top priority for us. We implement robust security measures to prevent unauthorized access, disclosure, alteration, or destruction of your personal data, in accordance with the DPDP Act, 2023. Here's an overview of our security practices:
6.1. Administrative Safeguards:
- We maintain comprehensive security policies and procedures that govern data access, storage, and handling.
- We conduct regular employee training to ensure they understand and adhere to our privacy and security policies.
- We restrict access to personal data to authorized personnel who have a legitimate business need to access it.
6.2. Technical Safeguards:
We utilize industry-standard security technologies, including:
- Encryption: We encrypt your personal data in transit and at rest using strong encryption algorithms.
- Firewalls and intrusion detection systems: We employ firewalls and intrusion detection systems to monitor network activity for suspicious behavior.
- Regular security assessments: We conduct regular security assessments to identify and address potential vulnerabilities in our systems.
6.3. Data Retention and Disposal:
- We retain your personal data only for as long as necessary to fulfil the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.
- We implement secure disposal practices when your personal data is no longer required, ensuring its complete and irreversible deletion.
6.4. Limitations and Disclaimers:
- While we strive to implement robust security measures, no website or internet transmission is completely secure.
- We cannot guarantee absolute security of your personal data, and any transmission of data is at your own risk.
- By using our website and services, you acknowledge and accept these limitations.
6.5. Incident Response:
- In the event of a data security incident, such as a data breach or unauthorized access, we will take necessary steps to remediate the issue, investigate the incident, and notify affected individuals and relevant authorities as required by law.
- We are committed to continuously improving our security practices to protect your personal data. This includes staying informed of the latest data security threats and implementing appropriate safeguards to mitigate those risks.
- Cookies and Other Tracking Technologies:
To improve your experience on our website and personalize your visits, we use cookies and other tracking technologies. These technologies allow us to store and access information on your device, such as:
- Cookies: Small text files sent to your browser and stored on your device when you visit our website. They can be used to remember your preferences, keep you logged in, and understand how you interact with our website.
- Web beacons (pixels): Transparent images embedded in web pages or emails that track activity, such as page views or email opens.
- Local Storage: Data stored locally on your device, such as your browser's cache, allowing websites to store information for later use.
7.1. Types of Cookies We Use:
We use the following types of cookies on our website:
- Essential Cookies: These cookies are strictly necessary for the website to function properly and cannot be disabled. They enable essential features such as user login, account management, and shopping cart functionality.
- Performance Cookies: These cookies collect information about how you use our website, such as the pages you visit and the links you click. We use this information to analyze website traffic and improve performance.
- Functionality Cookies: These cookies allow the website to remember your preferences, such as your language preference or location. This allows us to personalize your experience.
- Targeting or Advertising Cookies: These cookies track your browsing activity across different websites and build a profile of your interests, which may be used to deliver personalized advertising to you on and off our website.
7.2. Third-Party Cookies:
We may also allow certain third-party service providers to set cookies on our website. These third parties have their own privacy policies, which you should review to understand their practices regarding cookies and other tracking technologies.
7.3. Your Options:
You have several options for managing cookie usage on our website:
- Browser Controls: Most web browsers allow you to control cookies through their settings. You can choose to block all cookies, delete existing cookies, or be notified before a cookie is set.
- Opting Out of Interest-Based Advertising: You can opt out of interest-based advertising by visiting the following websites: Network Advertising Initiative (NAI), Digital Advertising Alliance (DAA).
Please note that blocking or disabling cookies may affect your experience on our website and limit your ability to use certain features.
7.4. Commitment to Transparency:
We are committed to being transparent about our use of cookies and other tracking technologies. We periodically update this clause to reflect practice changes.
This expanded clause provides a more comprehensive overview of the various tracking technologies used and offers users more information about their choices regarding data collection and privacy.
- Changes to this Privacy Policy:
We reserve the right to update this Privacy Policy at any time and for any reason to reflect changes in our data practices, applicable laws, or the features of our website and services. We will take the following steps to inform you of any changes:
- Posting an updated version of the Privacy Policy on our website: The revised Privacy Policy will be effective immediately upon being posted. We encourage you to periodically review this Privacy Policy for the latest information on our data practices.
- Providing notice of material changes: In case of significant changes that materially affect your privacy rights, we may also choose to directly notify you through email or by posting a prominent notice on our website.
- Your continued use of our website and services following the posting of any changes to this Privacy Policy constitutes your acceptance of the revised policy.
Additionally, consider including the following information in this clause:
Date of the last revision: This helps users understand the last time the policy was updated.
Process for obtaining previous versions: If users request it, you can offer a way for them to access previous versions of the policy.
Your commitment to honoring previously expressed choices: If a user has previously opted out of certain data sharing practices, clarify that their preferences will be respected even with policy updates, unless otherwise required by law.
- Payment Processing and Security:
- Razorpay: We partner with Razorpay for secure payment processing. They do not store your full credit card details on their servers.
- Data Encryption: Payment card data is encrypted during processing using the Payment Card Industry Data Security Standard (PCI-DSS), a robust security standard for safeguarding financial information.
- Your purchase transaction data is only retained for the time necessary to complete the transaction and is subsequently deleted.
- Understanding Razorpay's Security: Razorpay strictly adheres to PCI-DSS standards set by the PCI Security Standards Council, ensuring the secure handling of your credit card information.
- We encourage you to review Razorpay's Terms and Conditions for more details: [Insert Razorpay Terms and Conditions Link].
- We carefully select third-party service providers who assist us in operating our business and enhancing your experience. These providers generally only collect, use, and disclose your information to the minimal extent necessary to fulfil the services they provide to us.
- Some third-party service providers, such as payment gateways, have their own privacy policies. These policies outline how they handle your data used for transactions.
- We recommend reviewing their privacy policies to gain a comprehensive understanding of their practices concerning your information: Razorpay's Terms and Conditions: [Insert Razorpay Terms and Conditions Link]
- Data Location and Legal Jurisdictions: Be aware that some providers may be located in, or have facilities in, different jurisdictions than you or us.
- If you choose to proceed with a transaction involving a third-party service provider, your information may be subject to the laws of the jurisdiction(s) where that provider operates.
- Leaving Our Website and Third-Party Links: Clicking on links on our website may direct you to third-party websites or applications.
- This Privacy Policy and our Terms of Service no longer apply once you leave our website or are redirected to a third-party platform. We encourage you to review the privacy statements of any third-party websites you visit.
By incorporating these sections, you provide transparency regarding payment processing, data security, and involvement of third-party services. Additionally, you inform users about potential data transfer associated with using third-party services and guide them to access relevant information.
- Children's Privacy:
Protecting the privacy of children is particularly important. Our website and services are not directed at children under the age of 13 as defined by the DPDP Act. We do not knowingly collect personal data from children under this age.
If you are a parent or guardian and you believe your child has provided us with personal data, please contact us at +91 6366 794 402. We will take steps to delete that information from our records.
Here are some additional measures we take to protect the privacy of children:
- We do not allow children to create accounts or engage in activities that require the submission of personal data.
- We do not collect more personal data from children than is necessary to provide the services requested.
- We do not share children's personal data with third parties without parental consent, except as permitted by law.
It is important to note that parents and guardians are ultimately responsible for supervising their children's online activities. We encourage parents and guardians to:
- Talk to their children about online safety and privacy.
- Use parental controls to limit their children's access to certain websites and content.
- Be aware of the websites and services their children are using.
Contact Us:
If you have any questions about this Policy or your privacy rights, please contact our Privacy Compliance Officer at +91 6366 794 402.