Privacy policy

STAINLESS BAZAAR INDIA LIMITED

B2B Stainless Steel Marketplace

Effective Date: January 1, 2025
Last Updated: January 1, 2025

1. INTRODUCTION

Welcome to Stainless Bazaar India Limited ("Company," "we," "us," "our"). We operate a B2B stainless steel marketplace through our website www.stainlessbazaar.com and mobile applications available on Google Play Store and other platforms (collectively, the "Platform").

This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you use our Platform, in compliance with:

· Digital Personal Data Protection Act, 2023 (DPDP Act)

· Information Technology Act, 2000

· Google Play Store Data Safety Requirements

· Other applicable Indian laws

By using our Platform, you acknowledge that you have read, understood, and agreed to this Privacy Policy.

2. DEFINITIONS

Data Principal: Individual whose personal data is being processed (includes business representatives, employees, users)

Data Fiduciary: Entity that determines the purpose and means of processing personal data (Stainless Bazaar India Limited)

Personal Data: Any data relating to an identifiable individual, including name, contact details, device information, and commercial data

Processing: Collection, storage, use, disclosure, or any operation performed on personal data

Consent: Free, specific, informed, and unambiguous agreement to process personal data

Platform: Our website, mobile applications, and associated services

3. INFORMATION WE COLLECT

3.1 Information You Provide Directly

· Account Information: Name, email, phone number, business details, GST number

· Profile Data: Company information, business address, designation, preferences

· Transaction Information: Purchase orders, invoices, payment details, shipping addresses

· Communication Data: Messages, support requests, feedback, survey responses

· Verification Data: KYC documents, business licenses, identity proofs

3.2 Information Collected Automatically

· Device Information: Device type, operating system, device ID, IP address

· Usage Data: Pages visited, features used, time spent, search queries

· Technical Data: Browser type, app version, network information, crash logs

· Location Data: Approximate location (with your permission)

· Cookies and Tracking: Session data, preferences, authentication tokens

3.3 Information from Third Parties

· Business Directories: Publicly available company information

· Payment Processors: Transaction status, payment verification

· Government Databases: GST verification, business registration details

· Social Media: Profile information when you connect social accounts

· Marketing Partners: Lead generation, business intelligence

3.4 Google Play Store Data Collection

As required by Google Play Store policies, we collect and handle:

· App Usage Analytics: Feature usage, performance metrics, crash reports

· Device Identifiers: For app functionality and security

· User Preferences: Settings, language preferences, notification choices

4. HOW WE USE YOUR INFORMATION

4.1 Primary Business Purposes (Contract Performance)

· Account Management: Creating and maintaining your business account

· Transaction Processing: Facilitating buy/sell transactions, order management

· Payment Processing: Billing, invoicing, payment settlement

· Service Delivery: Product matching, logistics coordination, customer support

· Platform Functionality: Search results, recommendations, user experience

4.2 Legitimate Business Interests

· Business Intelligence: Market analysis, demand forecasting, pricing insights

· Security & Fraud Prevention: Account security, transaction monitoring, risk assessment

· Platform Improvement: Feature development, performance optimization, bug fixes

· Relationship Management: Supplier-buyer connections, partnership development

· Compliance & Legal: Regulatory requirements, audit purposes, dispute resolution

4.3 Marketing & Communications (With Your Consent)

· Product Updates: New features, service announcements, platform news

· Business Opportunities: Relevant deals, supplier matches, market insights

· Promotional Content: Special offers, industry reports, event invitations

· Personalized Recommendations: Targeted product suggestions, customized content

4.4 Legal & Regulatory Compliance

· KYC/AML: Identity verification, anti-money laundering checks

· Tax Obligations: GST compliance, TDS processing, regulatory reporting

· Government Requests: Law enforcement cooperation, court orders

· Audit Requirements: Financial audits, compliance verification

5. GOOGLE PLAY STORE DATA SAFETY COMPLIANCE

5.1 Data Safety Declaration

Our mobile app's data collection practices, as declared in Google Play Store:

Data Types Collected:

· Personal information (name, email, phone)

· Financial information (payment details, transaction history)

· Device information (device ID, logs, performance data)

· App activity (in-app actions, app interactions)

· Location information (approximate location, with permission)

Data Usage Purposes:

· App functionality and features

· Analytics and performance monitoring

· Developer communications

· Personalization and recommendations

· Fraud prevention and security

· Account management

Data Sharing:

· Service providers (payment processors, logistics partners)

· Business partners (verified suppliers and buyers)

· Analytics providers (for app performance)

· Legal authorities (when required by law)

5.2 Security Practices

· Data encrypted in transit using TLS/SSL

· Data encrypted at rest using AES-256

· Regular security assessments and penetration testing

· Access controls and authentication mechanisms

· Secure data handling procedures

6. DATA SHARING AND DISCLOSURE

6.1 Business Partners & Service Providers

We share data with:

· Payment Processors: Razorpay, PayU, other licensed payment gateways

· Logistics Partners: Verified shipping and delivery companies

· Technology Providers: Cloud hosting (AWS, Google Cloud), analytics services

· Communication Services: Email providers, SMS gateways, notification systems

· Professional Services: Legal advisors, auditors, compliance consultants

6.2 Business Network

· Verified Suppliers: To facilitate business connections and transactions

· Qualified Buyers: For order processing and relationship building

· Industry Partners: For market insights and business development

· Financial Institutions: For credit checks and payment processing

6.3 Legal Requirements

We may disclose information when:

· Required by Indian law or government authorities

· Court orders, legal processes, or regulatory investigations

· Protecting our rights, property, or safety

· Preventing fraud, security threats, or illegal activities

· Business transfers, mergers, or acquisitions (with appropriate safeguards)

6.4 Data Processing Safeguards

All third-party data sharing includes:

· Contractual Protections: Data processing agreements with privacy clauses

· Purpose Limitations: Data used only for specified business purposes

· Security Requirements: Minimum security standards for data handling

· Access Controls: Limited access on need-to-know basis

· Regular Audits: Compliance monitoring and assessment

7. YOUR RIGHTS UNDER DPDP ACT

7.1 Right to Information

You can request:

· Confirmation of personal data processing

· Categories of personal data being processed

· Purposes of processing and retention periods

· Details of data sharing and recipients

7.2 Right to Correction and Erasure

You can:

· Correct inaccurate or incomplete personal data

· Update outdated business information

· Request deletion when data is no longer necessary

· Withdraw consent for marketing communications

Limitations on Erasure:
We may retain data when required for:

· Legal compliance and regulatory obligations

· Ongoing business transactions and contracts

· Fraud prevention and security purposes

· Dispute resolution and legal proceedings

7.3 Right to Grievance Redressal

· Response Time: We respond to requests within 7 business days

· Processing Time: Requests processed within 30 days (extendable to 90 days for complex cases)

· Escalation: Unresolved grievances may be escalated to Data Protection Board of India

7.4 Right to Nominate

You may nominate another person to exercise your rights in case of death or incapacity.

8. DATA RETENTION

8.1 Retention Periods

· Active Account Data: Duration of business relationship plus 3 years

· Transaction Records: 7 years (regulatory requirement)

· Communication Records: 3 years from last interaction

· Technical Logs: 1 year (security and compliance)

· Marketing Data: Until consent withdrawal

· Legal Documents: As required by applicable laws

8.2 Data Erasure Process

· Automated Deletion: System-automated erasure after retention periods

· Notification: 48-hour advance notice before data erasure (where applicable)

· Verification: Secure deletion with audit trails

· Exceptions: Data retained for legal, regulatory, or legitimate business purposes

9. DATA SECURITY MEASURES

9.1 Technical Safeguards

· Encryption: AES-256 for data at rest, TLS 1.3 for data in transit

· Access Controls: Multi-factor authentication, role-based permissions

· Network Security: Firewalls, intrusion detection systems, DDoS protection

· Monitoring: Real-time security monitoring, automated threat detection

· Backup & Recovery: Secure backup systems with disaster recovery procedures

9.2 Organizational Measures

· Employee Training: Regular privacy and security awareness programs

· Access Management: Need-to-know basis, regular access reviews

· Vendor Management: Data processing agreements with security requirements

· Incident Response: 24/7 security incident response team

· Regular Audits: Annual security assessments and compliance reviews

9.3 Physical Security

· Data Centers: Tier-3 certified facilities with restricted access

· Office Security: Biometric access controls, surveillance systems

· Device Security: Encrypted devices, secure disposal procedures

· Document Security: Secure storage and destruction of physical documents

10. CROSS-BORDER DATA TRANSFERS

10.1 Transfer Safeguards

When we transfer data outside India, we ensure:

· Adequate Protection: Countries with adequate data protection standards

· Contractual Safeguards: Standard contractual clauses with international partners

· Security Measures: End-to-end encryption and secure transmission protocols

· Compliance Monitoring: Regular assessment of international data protection standards

10.2 Transfer Purposes

International transfers may occur for:

· Cloud hosting and data storage services

· Payment processing and financial services

· Technology support and maintenance

· Business analytics and intelligence

Note: We do not transfer personal data to countries restricted by the Indian government.

11. COOKIES AND TRACKING TECHNOLOGIES

11.1 Types of Cookies We Use

· Essential Cookies: Required for platform functionality and security

· Performance Cookies: Analytics and performance monitoring

· Functional Cookies: User preferences and settings

· Marketing Cookies: Personalized content and advertisements (with consent)

11.2 Third-Party Cookies

We may use third-party services that set cookies:

· Google Analytics (website and app analytics)

· Facebook Pixel (marketing analytics)

· Payment gateway cookies (transaction processing)

· Customer support tools (chat and help desk)

11.3 Cookie Management

You can control cookies through:

· Browser Settings: Block or delete cookies in your browser

· App Preferences: Manage tracking preferences in mobile app settings

· Opt-Out Tools: Use third-party opt-out mechanisms

· Contact Us: Request to opt-out of non-essential cookies

12. CHILDREN'S PRIVACY

Our Platform is designed for business users (18+ years). We do not knowingly:

· Collect personal data from children under 18

· Market our services to minors

· Allow account creation by underage users

· Process children's data without verifiable parental consent

If we discover we have collected a child's personal data, we will delete it immediately and notify relevant authorities if required.

13. BUSINESS-FRIENDLY PROVISIONS

13.1 Service Continuity

Business Operations: We prioritize service continuity and may continue data processing for:

· Completing ongoing transactions

· Fulfilling contractual obligations

· Meeting regulatory requirements

· Maintaining business relationships

Service Modifications: We reserve the right to:

· Update platform features with reasonable notice

· Modify services for business improvements

· Suspend accounts for policy violations

· Terminate relationships for legitimate business reasons

13.3 Dispute Resolution

Preferred Resolution: We encourage amicable resolution through:

· Direct communication with our support team

· Mediation through industry associations

· Alternative dispute resolution mechanisms

Legal Proceedings: If legal action becomes necessary:

· Governing Law: Indian law shall apply

· Jurisdiction: Courts in [City], India

· Language: Proceedings in English

· Costs: Reasonable legal costs may be recoverable

14. STARTUP AND MSME EXEMPTIONS

14.1 DPDP Act Exemptions

As eligible under the DPDP Act, certain startups and MSMEs may be exempt from:

· Prior notice requirements before consent collection

· Automatic data erasure obligations

· Certain significant data fiduciary obligations

· Enhanced compliance reporting requirements

14.2 Graduated Compliance

Our compliance approach considers:

· Business Size: Proportionate obligations based on company size

· Data Volume: Scaled requirements based on data processing volumes

· Risk Assessment: Tailored measures based on data sensitivity

· Growth Stages: Flexible compliance as business evolves

15. UPDATES TO THIS POLICY

15.1 Policy Changes

We may update this Privacy Policy to reflect:

· Changes in applicable laws and regulations

· New features and services

· Enhanced security measures

· Business practice modifications

· User feedback and requirements

15.2 Notification Process

Material Changes:

· Email notification to registered users

· Prominent notice on Platform homepage

· In-app notifications for mobile users

· 30-day advance notice for significant changes

Minor Updates:

· Updated version posted on Platform

· "Last Updated" date modification

· No separate notification required

Continued Use: Using our Platform after policy updates constitutes acceptance of changes.

17. REGULATORY COMPLIANCE

17.1 Applicable Laws

This Privacy Policy complies with:

· Digital Personal Data Protection Act, 2023

· Information Technology Act, 2000

· IT (Reasonable Security Practices) Rules, 2011

· Google Play Store Policies

· Reserve Bank of India Guidelines

· Goods and Services Tax Laws

· Foreign Exchange Management Act (FEMA)

17.2 Industry Standards

We follow recognized standards:

· ISO 27001: Information Security Management

· SOC 2: Security, Availability, and Confidentiality

· PCI DSS: Payment Card Industry Data Security

· OWASP: Secure Application Development

17.3 Regular Assessments

· Annual privacy impact assessments

· Quarterly security audits

· Regular compliance reviews

· Continuous monitoring and improvement

18. INTERNATIONAL USERS

18.1 Geographic Scope

While our primary focus is the Indian market, we may serve international users:

· Data Processing: Governed by Indian law

· Cross-border Transfers: With adequate safeguards

· Local Compliance: Additional obligations may apply in your jurisdiction

· User Rights: Minimum rights as per DPDP Act

18.2 Additional Protections

For users in other jurisdictions, we provide:

· Enhanced Consent: Where required by local law

· Additional Rights: Beyond DPDP Act requirements

· Local Representatives: Where legally required

· Data Localization: When mandated by local regulations

19. EMERGENCY SITUATIONS

19.1 Data Breach Response

In case of a personal data breach:

· Immediate Action: Containment and assessment within 24 hours

· Authority Notification: Data Protection Board within 72 hours

· User Notification: Affected users notified without undue delay

· Remedial Measures: Free credit monitoring or protective services

· Investigation: Root cause analysis and prevention measures

19.2 Business Continuity

During emergencies (natural disasters, pandemics, etc.):

· Service Continuity: Maintain essential platform functions

· Data Protection: Enhanced security during remote operations

· Communication: Regular updates to users and stakeholders

· Flexibility: Temporary adjustments to support business needs

20. ACKNOWLEDGMENT AND CONSENT

By using our Platform, you acknowledge that you have:

✅ Read and Understood: This Privacy Policy in its entirety
✅ Agreed to Processing: Your personal data as described herein
✅ Provided Valid Consent: Free, specific, informed, and unambiguous
✅ Authority to Consent: For your organization (if applicable)
✅ Understood Your Rights: Under the DPDP Act and applicable laws

For Business Users: If you are representing an organization, you confirm that you have the authority to provide consent on behalf of your organization and its authorized personnel.

Withdrawal of Consent: You can withdraw your consent at any time by contacting our Data Protection Officer. Please note that withdrawal may affect service availability and functionality.

IMPORTANT LEGAL DISCLAIMERS

1. Compliance Status: This policy is designed to comply with DPDP Act 2023 and Google Play Store requirements

2. Business Protection: Includes liability limitations and business continuity provisions within legal boundaries

3. Regular Updates: Policy updated to reflect legal and business changes

4. Professional Advice: Consult legal counsel for specific compliance questions

5. Dispute Resolution: Governed by Indian law with jurisdiction in Indian courts

CIN: U52190MH2020PLC347725
Registered Office: Unit 701, Ackruti Trade Centre, Kondivita, MIDC- Andheri (East), Mumbai 400069. Maharashtra
Email: support@stainlessbazaar.com

This Privacy Policy is effective from January 1, 2025, and supersedes all previous versions. For the latest version, please visit our website or mobile application.