Privacy Policy

2. Information We Collect

2.1 Personal Information

We collect personal information that you voluntarily provide to us when you:

• Register an account on our Website
• Place an order for our products
• Subscribe to our newsletter or marketing communications
• Contact our customer service
• Participate in surveys or promotions
• Leave reviews or comments

Personal information may include:

• Full name
• Email address
• Phone number (mobile and/or landline)
• Shipping and billing address
• Date of birth (if provided voluntarily)
• Gender (if provided voluntarily)

Note: We only collect date of birth and gender if you voluntarily provide this information. These fields are not mandatory for placing orders.

2.2 Payment Information

When you make a purchase, we collect:

• Payment method details (credit card, debit card, UPI, net banking, etc.)
• Billing address
• Transaction details

Important: We do not store your complete credit/debit card details or CVV numbers. Payment processing is handled by our secure payment gateway partners who are PCI-DSS compliant. Card information is tokenized and stored securely by our payment partners in accordance with RBI guidelines.

2.3 Order Information

We collect information related to your purchases:

• Products ordered
• Order history
• Shipping preferences
• Returns and exchanges
• Customer service interactions related to orders

2.4 Technical and Usage Information

We automatically collect certain information when you visit our Website:

• IP address
• Browser type and version
• Operating system
• Device information (mobile device ID, model, manufacturer)
• Pages visited and time spent on pages
• Clickstream data
• Referring website addresses
• Search terms used to find our Website
• Date and time stamps

Purpose: This information helps us understand how visitors use our Website, improve user experience, and detect security issues.

2.5 Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to collect information. For details, see Section 9 (Cookies and Tracking Technologies).

2.6 Location Information

We may collect general location information (city, state) based on your IP address to:

• Provide location-specific content
• Determine shipping options and delivery estimates
• Prevent fraud and verify transactions
• Comply with tax regulations

Note: We do not collect precise GPS location data without your explicit consent.

2.7 Communication Information

When you contact us, we collect:

• Contents of your messages
• Email correspondence
• Customer service interactions
• Feedback and reviews
• Chat transcripts (if using live chat)

2.8 Social Media Information

If you interact with us on social media or use social media login features on our Website, we may collect:

• Your social media profile information (as permitted by the platform and your privacy settings)
• Content you share or post about our products
• Information about your social media connections (only if you explicitly grant permission)

Note: We only access information that you have made public or explicitly granted us permission to access through the social media platform.

2.9 Information from Third Parties

We may receive information about you from:

• Payment processors (transaction status, fraud detection information)
• Shipping and logistics partners (delivery status, tracking information)
• Marketing and advertising partners (campaign performance data)
• Social media platforms (if you interact with our ads or pages)
• Analytics providers (website usage statistics)

Limitation: We only receive information that is necessary for providing our services and is shared in accordance with applicable data protection laws.

3. How We Use Your Information

3.1 To Fulfill Orders

• Process and deliver your orders
• Send order confirmations and shipping updates
• Handle returns and exchanges
• Provide customer support
• Process refunds

3.2 Account Management

• Create and maintain your account
• Authenticate your identity
• Manage your preferences
• Maintain your order history
• Provide personalized experience

3.3 Communication

• Respond to your inquiries and requests
• Send transactional emails (order status, password resets, etc.)
• Provide customer service
• Send important notices about our services
• Notify you of changes to our policies or services

3.4 Marketing and Promotions

Only with your explicit consent, we may:

• Send promotional emails and newsletters
• Inform you about new products and offers
• Send personalized recommendations based on your purchase history
• Notify you about sales and special events
• Share information about products you may be interested in

You can opt out of marketing communications at any time without affecting your ability to use our services or make purchases.

3.5 Website Improvement

• Analyze usage patterns and trends
• Improve Website functionality and user experience
• Develop new features and services
• Conduct research and analytics
• Test new features and layouts
• Optimize website performance

3.6 Security and Fraud Prevention

• Detect and prevent fraud, unauthorized access, and illegal activities
• Protect against security threats
• Verify identity for high-value transactions
• Ensure Website security and integrity
• Investigate suspicious activities
• Comply with anti-money laundering regulations

3.7 Legal Compliance

• Comply with legal obligations under Indian laws
• Enforce our Terms and Conditions
• Respond to legal requests and court orders
• Protect our rights, property, and safety
• Resolve disputes
• Maintain records as required by law (tax, accounting, etc.)

3.8 Business Operations

• Process payments and maintain financial records
• Conduct internal audits and quality assurance
• Maintain business records for statutory compliance
• Facilitate business transfers or sales (with notification to you)
• Manage vendor relationships
• Generate business analytics and reports

4. Legal Basis for Processing

We process your personal information based on the following legal grounds:

• Contractual necessity: To fulfill our contract with you (processing orders, providing services, customer support)
• Consent: When you provide explicit consent (marketing communications, optional data fields, cookies)
• Legitimate interests: To operate our business, improve services, prevent fraud, ensure security
• Legal obligations: To comply with Indian laws, regulations, court orders, and tax requirements

5. Information Sharing and Disclosure

5.1 Third-Party Service Providers

We share information with trusted service providers who assist us in:

• Payment processing (payment gateway providers - PCI-DSS compliant)
• Shipping and delivery (courier partners, logistics companies)
• Website hosting and maintenance
• Email and SMS service providers (DLT-registered)
• Marketing and advertising platforms
• Analytics and data analysis
• Customer service and support systems
• Cloud storage providers

Important: These service providers are contractually obligated to:

• Protect your information using appropriate security measures
• Use it only for specified purposes
• Not disclose it to unauthorized parties
• Comply with applicable data protection laws
• Delete or return data when services end

5.2 Business Partners

We may share information with:

• Marketing partners (only with your explicit consent)
• Analytics providers (anonymized/aggregated data)
• Advertising networks (only with your consent for targeted advertising)

You can opt out of data sharing for marketing and advertising purposes through your account settings or by contacting us.

5.3 Legal Requirements

We may disclose your information if required by:

• Law, regulation, or legal process
• Court orders or government requests
• Enforcement of our Terms and Conditions
• Protection of our rights, property, or safety
• Protection of others' rights, safety, or property
• Prevention or investigation of fraud or illegal activities
• National security or law enforcement requirements

We will only disclose the minimum information necessary to comply with legal requirements.

5.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred to the acquiring entity. We will:

• Notify you via email and website notice at least 30 days before transfer
• Ensure the acquiring entity agrees to protect your data
• Provide you an opportunity to delete your account before transfer
• Ensure compliance with data protection laws

5.5 With Your Consent

We may share information with third parties when you give us explicit, informed consent to do so. You can withdraw this consent at any time.

5.6 Aggregate and Anonymized Information

We may share anonymized, aggregated information that cannot identify you personally for:

• Market research
• Business analytics
• Industry reports
• Academic research
• Public statistics

This anonymized data cannot be used to identify you and is not considered personal information.

6. Information Security

6.1 Security Measures

We implement appropriate technical and organizational security measures to protect your information:

• Encryption: SSL/TLS encryption for data in transit
• Secure payment processing: PCI-DSS compliant payment gateways
• Access controls: Role-based access, authentication, and authorization
• Security audits: Regular security assessments and penetration testing
• Employee training: Data protection and security awareness training
• Secure storage: Encrypted databases and secure cloud storage
• Network security: Firewalls, intrusion detection systems
• Incident response: Procedures for detecting and responding to breaches

6.2 Payment Security

• We use secure, RBI-authorized payment gateways
• We do not store complete card details on our servers
• All payment transactions are encrypted using industry standards
• We comply with PCI-DSS requirements
• Payment data is tokenized for additional security

6.3 Security Limitations

While we implement robust security measures, please understand:

• No method of transmission over the internet is 100% secure
• No electronic storage system is completely secure
• We cannot guarantee absolute security against all threats
• Unauthorized access or security breaches may still occur despite our best efforts

We commit to: Promptly notifying affected users in case of any data breach that may compromise their personal information, as required by law.

6.4 Your Responsibility

You are responsible for:

• Maintaining the confidentiality of your account credentials
• Using strong, unique passwords
• Not sharing your password with others
• Notifying us immediately of any suspected security breaches or unauthorized access
• Logging out of your account when using shared or public devices
• Keeping your contact information updated

7. Data Retention

7.1 Retention Period

We retain your personal information for as long as:

• Your account is active or as needed to provide services
• Required for legal, tax, or accounting purposes (typically 7 years for financial records)
• Necessary to resolve disputes or enforce agreements
• Required by applicable laws or regulations

7.2 Specific Retention Periods

• Order information: 7 years (for tax and accounting compliance)
• Customer service records: 3 years
• Marketing communications data: Until you opt out or 2 years of inactivity
• Website analytics data: 26 months (Google Analytics default)
• Inactive accounts: 3 years, then notified before deletion

7.3 Deletion and Anonymization

When information is no longer needed, we will:

• Delete it securely using industry-standard methods
• Anonymize it for analytical purposes (removing all identifiers)
• Archive it securely if required by law

7.4 Account Deletion

If you request account deletion:

• We will delete your personal information within 30 days
• We will retain information required by law (e.g., transaction records for tax compliance)
• We will anonymize data used for analytics
• We will notify you once deletion is complete

Exception: We may retain information if required for pending legal proceedings, fraud investigation, or statutory compliance.

8. Your Rights and Choices

8.1 Access and Correction

You have the right to:

• Access your personal information that we hold
• Request a copy of your data in a portable format
• Correct inaccurate or incomplete information
• Update your account details at any time
• Know what personal information we have collected

How to exercise: Log into your account or contact us at care@bellyandbaby.com

8.2 Deletion (Right to be Forgotten)

You may request deletion of your personal information, subject to:

• Legal retention requirements (tax, accounting, regulatory)
• Pending transactions or unresolved disputes
• Ongoing investigations (fraud, legal matters)
• Contractual obligations

We will process deletion requests within 30 days and notify you of the outcome.

8.3 Marketing Opt-Out

You can opt out of marketing communications by:

• Clicking the "unsubscribe" link in emails
• Adjusting your account preferences
• Contacting us directly at care@bellyandbaby.com
• Replying STOP to SMS messages
• Contacting us to opt out of WhatsApp communications

Note: You will still receive transactional communications related to your orders (order confirmations, shipping updates, etc.) as these are necessary for service delivery.

8.4 Cookie Management

You can control cookies through:

• Your browser settings (block all cookies, delete existing cookies)
• Our cookie preference center (if available on website)
• Opting out of specific cookie categories

See Section 9 for detailed cookie management instructions.

8.5 Do Not Track

Some browsers have "Do Not Track" (DNT) features. Currently, we do not respond to DNT signals as there is no universal standard for interpreting and implementing DNT requests. We will update this policy if industry standards are established.

8.6 Objection to Processing

You have the right to object to processing of your personal data in certain circumstances:

• Processing based on legitimate interests (you can ask us to stop)
• Direct marketing (you can always opt out)
• Automated decision-making or profiling

8.7 Data Portability

You have the right to receive your personal data in a structured, commonly used, and machine-readable format where technically feasible.

8.8 Exercising Your Rights

To exercise any of your rights:

• Contact us using the information in Section 15
• Provide sufficient information to verify your identity
• Specify which right(s) you wish to exercise
• We will respond within 30 days of receiving your verified request
• We will not charge a fee unless the request is manifestly unfounded or excessive

9. Cookies and Tracking Technologies

9.1 What Are Cookies

Cookies are small text files stored on your device that help us provide and improve our services. They cannot harm your device and do not contain personal information unless you provide it.

9.2 Types of Cookies We Use

Essential Cookies (Cannot be disabled):

• Required for Website functionality
• Enable shopping cart and checkout
• Maintain security and fraud prevention
• Remember your login status
• Enable core e-commerce features

Performance Cookies (Can be disabled):

• Analyze how visitors use our Website
• Help us improve performance
• Track page views, errors, and loading times
• Measure effectiveness of features

Functional Cookies (Can be disabled):

• Remember your choices (language, region, currency)
• Personalize your experience
• Provide enhanced features
• Store your preferences

Advertising Cookies (Can be disabled):

• Deliver relevant advertisements
• Track ad performance and ROI
• Limit ad frequency
• Enable retargeting campaigns

We will ask for your consent before placing non-essential cookies on your device.

9.3 Third-Party Cookies

We use third-party cookies from:

• Google Analytics: Website analytics and user behavior tracking
• Facebook Pixel: Ad targeting and conversion tracking
• Advertising networks: For displaying relevant ads
• Social media platforms: Social sharing and login features

Note: These third parties have their own privacy policies. We do not control their cookies.

9.4 Managing Cookies

You can control cookies by:

• Browser settings: Most browsers allow you to block or delete cookies
• Our cookie preference center: Available on our website (if implemented)
• Opt-out links: Provided by third-party cookie providers

Instructions by browser:

• Chrome: Settings > Privacy and Security > Cookies
• Firefox: Options > Privacy & Security > Cookies
• Safari: Preferences > Privacy > Cookies
• Edge: Settings > Privacy > Cookies

Warning: Disabling essential cookies may affect Website functionality and prevent you from using certain features like shopping cart and checkout.

9.5 Other Tracking Technologies

We may use:

• Web beacons (pixel tags): In emails and on the Website to track opens and clicks
• Log files: For technical information and troubleshooting
• Local storage: For enhanced functionality and offline features
• Session storage: For temporary data during your browsing session

10. Third-Party Links

Our Website may contain links to third-party websites, including:

• Social media platforms
• Payment gateways
• Shipping tracking sites
• Partner websites
• External resources

We are not responsible for:

• Privacy practices of third-party sites
• Content on external websites
• Your interactions with third parties
• Data collection by third-party sites

Recommendation: Please review the privacy policies of any third-party sites you visit before providing personal information.

11. Children's Privacy

11.1 Age Restriction

Our Website is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18.

11.2 Parental Notice

If a parent or guardian becomes aware that their child has provided personal information without consent, please contact us immediately at care@bellyandbaby.com.

11.3 Deletion of Children's Data

If we become aware that we have collected personal information from a child under 18 without parental consent, we will:

• Delete it promptly (within 24 hours of discovery)
• Not use the information for any purpose
• Not disclose it to third parties

Note: While our products are for babies and mothers, purchases must be made by adults (18+).

12. International Data Transfers

12.1 Data Storage

Your information is primarily stored on servers located in India. We use reputable cloud service providers who maintain data centers in India.

12.2 International Transfers

If we transfer data outside India (e.g., for cloud services, analytics), we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs): Approved by EU or Indian authorities
• Adequacy decisions: Transfers to countries deemed adequate by Indian government
• Your explicit consent: For transfers where required
• Contractual protections: With service providers ensuring data security

12.3 Cross-Border Transfer Safeguards

When data is transferred internationally, we ensure:

• The receiving country has adequate data protection laws, OR
• Appropriate contractual safeguards are in place
• Data is encrypted during transfer
• Recipients are bound by data protection obligations

13. SMS and WhatsApp Communications

13.1 SMS Communications

With your explicit consent, we may send:

• Order confirmations
• Shipping updates
• Delivery notifications
• OTPs for authentication
• Account security alerts
• Promotional messages (separate opt-in required)

Compliance: We comply with:

• DLT (Distributed Ledger Technology) registration requirements
• TRAI regulations on commercial communications
• TCCCPR (Telecom Commercial Communications Customer Preference Regulations)

Note: We will only send promotional SMS if you have explicitly opted in and have not registered your number on the National Do Not Call Registry for commercial communications.

13.2 WhatsApp Communications

If you choose to interact with us via WhatsApp Business:

• Your phone number and messages will be processed
• We use WhatsApp Business API
• Communications are subject to WhatsApp's privacy policy and Terms of Service
• We may use chatbots for automated responses
• Your data is shared with Meta (WhatsApp's parent company)

Your choice: Interacting with us on WhatsApp is entirely optional. You can choose email or phone support instead.

13.3 Opting Out

You can opt out of SMS/WhatsApp communications by:

• Replying STOP to any promotional SMS
• Updating your account preferences
• Requesting removal from WhatsApp communications

Important: You cannot opt out of transactional SMS (order confirmations, OTPs) as they are necessary for service delivery.

14. Changes to Privacy Policy

14.1 Updates

We may update this Privacy Policy periodically to reflect:

• Changes in our data collection or processing practices
• New legal requirements or regulations
• Improvements in technology or security
• Feedback from users
• New features or services

14.2 Notification of Material Changes

We will notify you of material changes by:

• Posting the updated policy on our Website with updated "Last Updated" date
• Sending an email notification to your registered email (for significant changes)
• Displaying a prominent notice on our Website for 30 days
• Requesting renewed consent where required by law

Material changes include: Changes to types of data collected, how data is used, who we share with, or changes to your rights.

14.3 Acceptance of Changes

• For minor changes: Your continued use of our Website after changes constitutes acceptance.
• For material changes: We will seek your explicit consent where required by law before applying changes to data collected before the update.

14.4 Review Date

Please check the "Last Updated" date at the top of this policy. We recommend reviewing this policy periodically to stay informed about our data practices.

14.5 Version History

Previous versions of this policy are available upon request for your reference.

15. Contact Information

15.1 Privacy Questions

For questions about this Privacy Policy or our privacy practices, contact us at:

16. Complaints and Grievances

16.1 Grievance Officer

In accordance with the Information Technology Act, 2000 and rules made thereunder, we have appointed a Grievance Officer:

16.2 Complaint Process

If you have a complaint regarding our handling of your personal information:

• Submit your complaint in writing via email or post
• Include detailed information about your concern
• Provide supporting documents if applicable

We will acknowledge receipt within 48 hours and respond with a resolution within 30 days.

16.3 Escalation

If you are not satisfied with our resolution:

• You may approach the appropriate Data Protection Authority
• You may file a complaint with the Ministry of Electronics and Information Technology (MeitY)
• You have the right to seek legal remedies

17. Compliance with Indian Laws

This Privacy Policy complies with:

• Information Technology Act, 2000
• Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
• Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021
• Consumer Protection Act, 2019
• Consumer Protection (E-Commerce) Rules, 2020
• Telecom Commercial Communications Customer Preference Regulations (TCCCPR), 2018
• Payment and Settlement Systems Act, 2007 (for payment data)
• Reserve Bank of India (RBI) guidelines on data storage and security
• Other applicable Indian laws and regulations

18. Sensitive Personal Data or Information (SPDI)

Under Indian law, certain categories of information are classified as "Sensitive Personal Data or Information" including:

• Passwords
• Financial information (bank account, credit card details)
• Physical, physiological and mental health condition
• Sexual orientation
• Medical records and history
• Biometric information

Our practices for SPDI:

• We collect SPDI only when necessary and with your consent
• We implement heightened security measures for SPDI
• We do not share SPDI except as disclosed in this policy and with your consent
• We allow you to review and correct SPDI

19. Automated Decision-Making and Profiling

19.1 Use of Automated Processing

We may use automated processing for:

• Fraud detection and prevention
• Personalized product recommendations
• Dynamic pricing (where applicable)
• Risk assessment for high-value transactions

19.2 Your Rights

You have the right to:

• Know when automated decisions are being made
• Object to automated decision-making
• Request human review of automated decisions
• Receive an explanation of the logic involved

We do not make decisions that significantly affect you based solely on automated processing without human oversight.

20. Your Consent

20.1 Consent for Data Collection

By using our Website, you consent to:

• Collection and use of your information as described in this policy
• Processing of your personal data for the purposes stated
• Transfer of information to service providers (as described)
• Use of cookies and tracking technologies (subject to your cookie preferences)

20.2 Voluntary Consent

Your consent is:

• Voluntary: You choose to use our Website and provide information
• Informed: This policy explains what we collect and why
• Specific: You can consent to different processing activities separately
• Revocable: You can withdraw consent at any time

20.3 Withdrawing Consent

You can withdraw consent at any time by:

• Contacting us at care@bellyandbaby.com
• Adjusting your account settings
• Following opt-out procedures

Effect of withdrawal: We will stop processing your data for that purpose, but this will not affect the lawfulness of processing before withdrawal. In some cases, withdrawal may prevent us from providing services to you.

20.4 Consent for Children's Data

If you are a parent/guardian providing information about your child (for product purchases), you consent to:

• Collection of information about your child (name, age if provided)
• Use of this information to fulfill orders
• Processing of this information as described in this policy

21. Data Security Breach Notification

21.1 Breach Response

In the event of a data security breach that may compromise your personal information, we will:

• Investigate the breach immediately
• Take steps to mitigate harm
• Notify affected users within 72 hours of discovering the breach
• Report to relevant authorities as required by law
• Provide information on steps being taken to address the breach

21.2 What We Will Tell You

Our notification will include:

• Nature of the breach
• Categories of data affected
• Approximate number of users affected
• Likely consequences
• Measures taken to address the breach
• Steps you can take to protect yourself
• Contact information for questions