PRIVACY POLICY

ENTITY RESPONSIBLE: M/s Madhyavarti The Broker
REGISTERED ADDRESS: ALTF ORCHID BUSINESS PARK, 1st FLOOR, Narsinghpur, Gurgaon- 122004, Haryana
GST NO.: 06AATCM1126D1ZO
CONTACT EMAIL: madhyavarti08@gmail.com

DEFINITIONS

For the purposes of this Privacy Policy:

“Account”

means a unique account created for You to access our Platform or parts of our services.

“Application”

refers to the mobile application Madhyavarti The Broker, developed and operated by M/s Madhyavarti Technologies Private Limited.

“Cookies and Similar Technologies”

include small text files, SDKs, device identifiers, local storage, and tracking technologies placed on Your device to collect information about browsing, preferences, and interactions with the Platform.

“Device Identifiers”

include unique numbers such as IMEI, MAC address, IP address, or other identifiers associated with Your device, used for login, fraud prevention, and security.

“Personal Data”

means any information relating to an identified or identifiable natural person, including but not limited to name, email address, phone number, delivery address, payment details, and location data.

“Sensitive Personal Data or Information (SPDI)”

shall have the meaning assigned under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and may includes financial details, passwords, IMEI numbers, and other authentication details.

“Service”

refers to the grocery ordering, payment, and delivery services provided through the Madhyavarti The Broker App and Website.

“Service Providers”

means third-party companies or individuals engaged by Us to support operations, including inventory management, delivery, payment processing, analytics, and marketing.

“Usage Data”

refers to data collected automatically, either through the Platform or its infrastructure, such as device details, IP address, browsing actions, crash reports, and usage patterns.

“User” or “You”

means any individual or entity who accesses, registers, or uses the Platform.

SCOPE & APPLICABILITY

• This Privacy Policy applies to all users of the Madhyavarti The Broker mobile application, website, and any related services operated by M/s Madhyavarti Technologies Private Limited within India.
• It governs the collection, use, storage, disclosure, and protection of personal data (including Sensitive Personal Data or Information – SPDI) provided by You when:
  • Registering an Account or logging in using mobile OTP and/or device identifiers such as IMEI.
  • Browsing, placing orders, or making payments on our Platform.
  • Using features such as order tracking, personalized recommendations, and customer support.
  • Interacting with communications, surveys, or promotional campaigns initiated by Us.
• This Policy is formulated in compliance with applicable Indian laws, including but not limited to:
  • The **Digital Personal Data Protection Act, 2023 (DPDPA)**
  • The Information Technology Act, 2000
  • The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
• By accessing or using the Platform, you signify that You have read, understood, and agreed to this Privacy Policy. If You do not agree with the terms herein, You should discontinue use of the Platform immediately.

INFORMATION WE COLLECT

We collect the following categories of personal data to provide and improve our services:

INFORMATION YOU PROVIDE DIRECTLY

• **Account & Profile Data:** Name, mobile number (for OTP login), email address, and profile preferences.
• **Delivery & Contact Data:** Delivery address, billing address, alternate contact numbers.
• **Payment Data:** Mode of payment, transaction references, billing information. (Note: We do not store complete card/bank details; payments are processed through secure third-party gateways.)
• **Feedback & Communication Data:** Information shared when You contact support, provide reviews, or respond to surveys.

INFORMATION COLLECTED AUTOMATICALLY

• **Device Identifiers:** IMEI number, IP address, device type, operating system, and browser details.
• **Usage Data:** Interactions with the App/Website, browsing patterns, pages visited, time spent, crash logs, and app performance data.
• **Location Data:** GPS and network-based location (if You enable location services) to facilitate deliveries.
• **Cookies & Tracking Technologies:** As explained in our Cookie Policy, we use cookies, SDKs, and cache storage to enhance functionality, remember preferences, and monitor performance.

INFORMATION FROM THIRD PARTIES

• **Inventory & Order Management:** Data received from **Vineretail.com** to fulfill Your orders.
• **Delivery Management:** Data received from **Fleetx.io** for delivery tracking and coordination.
• **Logistics Partners:** Information shared with **Parcelit Supply Chain Solutions Pvt Ltd** and **Tashwi Logistics Pvt Ltd** to deliver Your orders.
• **Payment Gateways:** Transaction confirmations and references for successful payment processing.
• **Analytics & Marketing Providers:** Aggregated or anonymized insights from providers like Google Analytics and Firebase to improve services and personalize recommendations.

HOW WE USE INFORMATION

We use the personal data collected from You for the following purposes:

• **Account Creation & Authentication:** To create and manage Your account on the Platform. To verify login credentials through OTP and device identifiers such as IMEI.
• **Order Management & Fulfilment:** To process, confirm, and deliver Your orders. To share relevant details with our inventory, delivery, and logistics partners.
• **Payments & Transactions:** To securely process payments through authorized payment gateways.

DATA SHARING WITH THIRD PARTIES

We respect Your privacy and only share personal data in the manner described below, strictly for legitimate business purposes:

Inventory & Order Management Partners

We share order and product details with **Vineretail.com** to manage inventory and ensure product availability.

Delivery & Logistics Partners

We share Your name, contact number, delivery address, and order details with:

• **Fleetx.io** (delivery management platform)
• **Parcelit Supply Chain Solutions Pvt Ltd**
• **Tashwi Logistics Pvt Ltd**

Payment Service Providers

Transaction-related data is shared with authorized payment gateways to facilitate secure processing of payments.

Analytics & Marketing Partners

We may share limited usage data (aggregated or anonymized) with analytics providers like **Google Analytics** and **Firebase** to improve app performance and provide personalized offers.

Affiliates & Service Providers

We may share data with our affiliates, IT support providers, customer service vendors, or cloud storage providers to operate and maintain the Platform.

Legal & Regulatory Authorities

We may disclose personal data if required to comply with applicable laws, enforce our terms, protect our rights, or respond to lawful requests from public authorities.

Safeguards:

All third parties are contractually obligated to use data only for authorized purposes, maintain confidentiality and adopt reasonable security practices, and comply with applicable data protection laws in India.

DATA RETENTION

We retain Your personal data only for as long as necessary to fulfill the purposes described in this Privacy Policy or as required by applicable laws. Retention periods vary depending on the nature of the data:

• **Account Information:** Retained while Your account remains active. Upon closure, limited data may be retained for up to 90 days for dispute resolution and record-keeping.
• **Order & Transaction Data:** Retained for a minimum of 7 years to comply with GST, tax, and accounting obligations.
• **Payment Information:** We do not store complete card or banking details. Transaction references may be retained for reconciliation, fraud prevention, and regulatory compliance.
• **Location Data:** Retained only for the duration necessary to complete the delivery or provide the requested service.
• **Cookies & Tracking Data:** Session cookies expire once you close the App/Website. Persistent cookies and device identifiers may remain on Your device for up to 12 months, unless You clear them earlier.
• **Legal or Regulatory Requirements:** Certain data may be retained for longer periods where required by law, regulatory authorities, or for legitimate business purposes such as fraud prevention or dispute resolution.

YOUR RIGHTS

As a user of our Platform, you have the following rights in relation to your personal data, subject to applicable laws:

• **Right to Access:** You may request confirmation on whether we hold your personal data and obtain a copy of such data.
• **Right to Correction:** You may request correction or updating of any inaccurate, incomplete, or outdated personal data we maintain about you.
• **Right to Erasure:** You may request deletion of your personal data where it is no longer necessary for the purpose for which it was collected, or where you withdraw consent, subject to legal and regulatory requirements.
• **Right to Withdraw Consent:** Where processing is based on consent (e.g., for marketing or analytics), You may withdraw Your consent at any time without affecting the lawfulness of prior processing.
• **Right to Restrict Processing:** You may request restriction of processing in certain circumstances, such as when the accuracy of data is contested or processing is unlawful.
• **Right to Data Portability:** You may request that certain personal data be provided to you in a structured, machine-readable format or transferred to another service provider, where technically feasible.
• **Right to Lodge Complaints:** You have the right to raise complaints with our Grievance Officer or, if necessary, with the relevant authority under the Digital Personal Data Protection Act, 2023.

DATA SECURITY

We are committed to safeguarding Your personal data and implement appropriate technical, organizational, and contractual measures to protect it against unauthorized access, alteration, disclosure, or destruction.

TECHNICAL SAFEGUARDS

• Encryption of sensitive information during transmission.
• Use of secure servers, firewalls, and access control mechanisms.
• Continuous monitoring and regular security audits to detect vulnerabilities.

ORGANIZATIONAL SAFEGUARDS

• Personal data is accessible only to authorized personnel on a need-to-know basis.
• Employees, contractors, and service providers are bound by confidentiality obligations and data protection requirements.

VENDOR & PARTNER SECURITY

Third-party service providers, including logistics, payment, and analytics partners, are required under contract to adopt industry-standard security measures and comply with applicable data protection laws.

DATA BREACH RESPONSE

In case of a suspected or actual personal data breach, we will promptly investigate, mitigate risks, and notify relevant authorities within the legally mandated timelines. Where required, affected users will also be informed without undue delay.

Continuous Improvement

Our security practices are periodically reviewed and updated in line with industry standards, technological advancements, and regulatory changes.

CHILDREN’S PRIVACY

• Our platform and services are intended for use by individuals who are **18 years of age or older**.
• We do not knowingly collect personal data from children under the age of 18. If we become aware that we have inadvertently collected personal information from a minor, we will take immediate steps to delete such data from our records.
• Parents or legal guardians who believe that their child has provided personal data to us may contact our Grievance Officer to request deletion of such information.

CROSS-BORDER DATA TRANSFERS

• Your personal data is **primarily stored and processed within India**.
• However, some of our service providers and technology partners (such as Google Analytics, Firebase, or cloud hosting providers) may process personal data in jurisdictions outside India.
• Whenever such transfers occur, we ensure that:
  • Appropriate contractual safeguards (such as Standard Contractual Clauses (SCCs) or equivalent mechanisms) are implemented.
  • The receiving jurisdiction is assessed for adequate data protection standards in line with Indian law.
  • Where legally required, your explicit consent is obtained before transferring personal data outside India.
• By using our Platform, you acknowledge and agree that your personal data may be transferred, stored, and processed outside India in accordance with this Privacy Policy.

CHANGES TO THIS PRIVACY POLICY

• We may update this Privacy Policy from time to time to reflect changes in our business practices, legal or regulatory requirements, or technological developments.
• Any updates will be published on our App and Website, with the revised “Effective Date” displayed at the top of this Policy.
• Where changes are material in nature, we will notify you through prominent means such as in-app notifications, email, or SMS before such changes take effect.
• Your continued use of the Platform after the effective date of such changes shall constitute your acceptance of the revised Privacy Policy.

Contact & Grievance Officer

If you have any questions, concerns, or complaints regarding this Privacy Policy or the handling of Your personal data, you may contact us at:

Grievance Officer Details

In compliance with the Digital Personal Data Protection Act, 2023 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, we have appointed a Grievance Officer:

The Grievance Officer shall acknowledge complaints within 24 hours of receipt, and endeavour to resolve them within 30 days, in accordance with applicable legal requirements.