TGL Silver Privacy Policy | Data Protection

Crafting a Privacy Policy for TGL Silver (selling silver jewellery) on your website requires careful attention to India's data privacy laws, particularly the Digital Personal Data Protection Act, 2023 (DPDP Act), which is a key framework to consider. While the DPDP Act is in the process of full implementation, it's wise to align your practices with its principles now.

Here's a comprehensive Privacy Policy template for TGL Silver, tailored for an Indian e-commerce website. Remember to replace the bracketed information [ ] with your specific details.

Privacy Policy for TGL Silver

Effective Date: [June 1, 2023]

At TGL Silver, we are committed to protecting your privacy and personal data. This Privacy Policy explains how TGL Silver ("we," "us," or "our") collects, uses, discloses, and protects your personal information when you visit and make purchases from our website, [https://tglsilver.com/] (the "Website"). We operate in compliance with applicable Indian laws, including the Information Technology Act, 2000, and the Digital Personal Data Protection Act, 2023 (DPDP Act).

1. What Personal Data We Collect

We collect various types of personal data from you to provide our services and enhance your shopping experience. This may include:

    Identity and Contact Data: Name, email address, billing address, shipping address, phone number, and date of birth (if required for age verification for certain products).
    Account Data: Username, password (encrypted), purchase history, wish list, and saved items.
    Transaction Data: Details about payments to and from you, and other details of products you have purchased from us. We do not store your full credit card details on our servers; these are securely processed by our third-party payment gateway providers.
    Technical Data: Internet Protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this Website.
    Usage Data: Information about how you use our Website, products, and services, including Browse patterns, pages viewed, and search queries.
    Marketing and Communications Data: Your preferences in receiving marketing from us and our third parties and your communication preferences.
    Correspondence Data: Records of your communications with us, such as customer support inquiries, emails, and chat logs.

2. How We Collect Your Personal Data

We use different methods to collect data from and about you, including:

    Direct Interactions: You may give us your Identity, Contact, and Financial Data by filling in forms or by corresponding with us by post, phone, email, chat, or otherwise. This includes personal data you provide when you:
        Create an account on our Website.
        Place an order for our products.
        Subscribe to our newsletter or marketing communications.
        Participate in a survey, contest, or promotion.
        Contact customer service.
    Automated Technologies or Interactions: As you interact with our Website, we may automatically collect Technical Data and Usage Data about your equipment, Browse actions, and patterns. We collect this personal data by using cookies, server logs, and other similar technologies.
    Third Parties or Publicly Available Sources: We may receive personal data about you from various third parties, such as:
        Technical Data from analytics providers like Google Analytics.
        Identity and Contact Data from social media platforms if you interact with us through them.
        Transaction Data from payment and delivery service providers.

3. How We Use Your Personal Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

    To process and fulfil your orders, including managing payments, delivering your purchased jewellery, and providing you with order updates.
    To manage your account and provide you with customer support.
    To communicate with you regarding your orders, inquiries, and to send you marketing communications (if you have opted-in).
    To improve our Website, products, and services, based on your usage patterns and feedback.
    To personalize your experience on our Website, such as showing you relevant product recommendations.
    To ensure the security of our Website and prevent fraudulent transactions.
    To comply with legal obligations and regulatory requirements.

4. Disclosure of Your Personal Data

We may share your personal data with the following categories of recipients:

    Service Providers: We engage third-party service providers who perform functions on our behalf, such as:
        Payment Gateway Providers: To process your payments securely (e.g., Razorpay, PayU).
        Shipping and Logistics Partners: To deliver your orders (e.g., India Post, Blue Dart, Delhivery).
        Website Hosting and Maintenance Providers: To ensure our Website is operational and secure.
        Marketing and Analytics Providers: To help us understand Website usage and conduct marketing campaigns (e.g., Google Analytics, Facebook Ads).
        Customer Support Software Providers: To manage customer inquiries.
    Legal and Regulatory Authorities: We may disclose your personal data if required to do so by law or in response to valid requests by public authorities (e.g., a court order or government agency).
    Business Transfers: In the event of a merger, acquisition, or sale of all or a portion of our assets, your personal data may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Website of any such change in ownership or control of your personal data.
    With Your Consent: We may share your personal data with third parties when we have your explicit consent to do so.

5. International Transfers

While TGL Silver is based in India, some of our third-party service providers may be located outside of India. When we transfer your personal data outside of India, we ensure a similar degree of protection is afforded to it by ensuring at least one of the following safeguards is implemented:

    We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the Indian government.
    Where we use certain service providers, we may use specific contracts approved by the Indian government which give personal data the same protection it has in India.

6. Data Security

We have implemented appropriate technical and organizational security measures to protect your personal data from accidental loss, unauthorized access, use, alteration, or disclosure. These measures include:

    Encryption: Use of SSL/TLS encryption for data transmission on our Website.
    Access Control: Restricting access to personal data to only those employees, agents, contractors, and other third parties who have a legitimate business need to know.
    Regular Security Audits: We regularly review our security practices to ensure they are up-to-date and effective.
    Secure Payment Processing: All payment transactions are handled by reputable, PCI DSS compliant payment gateways.

Despite these measures, please be aware that no method of transmission over the Internet or electronic storage is 100% secure.

7. Data Retention

We will retain your personal data only for as long as necessary to fulfil the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.

To determine the appropriate retention period for personal data, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal requirements.

For example, we retain your transaction data for [10 years] as required by Indian tax laws.

8. Your Rights

Under the DPDP Act and other applicable laws, you have certain rights regarding your personal data. These rights may include:

    Right to Access: You have the right to request a copy of the personal data we hold about you.
    Right to Correction: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you.
    Right to Erasure (Right to be Forgotten): You have the right to request the deletion of your personal data under certain circumstances (e.g., when the data is no longer necessary for the purpose for which it was collected).
    Right to Grievance Redressal: You have the right to lodge a complaint with our Grievance Officer regarding the processing of your personal data.
    Right to Nominate: You have the right to nominate another person to exercise your rights in the event of your death or incapacity.
    Right to Withdraw Consent: Where we rely on your consent to process your personal data, you have the right to withdraw that consent at any time. This will not affect the lawfulness of any processing carried out before you withdraw your consent.

To exercise any of these rights, please contact our Grievance Officer using the details provided below. We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights).

9. Children's Privacy

Our Website is not intended for children under the age of 18. We do not knowingly collect personal data from children under 18. If we become aware that we have collected personal data from a child under 18 without parental consent, we will take steps to remove that information from our servers. If you believe we might have any information from or about a child under 18, please contact us at [Your Customer Support Email Address].

10. Third-Party Links

Our Website may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our Website, we encourage you to read the privacy policy of every website you visit.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any significant changes by posting the new Privacy Policy on this page and updating the "Effective Date" at the top of this policy. We encourage you to review this Privacy Policy periodically for any changes.

12. Grievance Officer

In accordance with the Information Technology Act, 2000, and rules made thereunder, and the Digital Personal Data Protection Act, 2023, the name and contact details of the Grievance Officer are provided below:

Name: [Keyush Kirtikumar Jain]
Email: [titlisilver@gmail.com]
Phone: [9833226420]
Address: [TGL Silver's 7,1st floor,plot no 223,Moti dharam kata bldg.,entry from back side staircase,opp. Mumbadevi temple,Mumbai-02]
Timeframe for response: The Grievance Officer will acknowledge your complaint within 24 hours and resolve it within 30 days from the date of receipt.

13. Contact Us

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

Email: [titlisilver@gmail.com]
Phone: [9833226420]
Address: [TGL Silver's 7,1st floor,plot no 223,Moti dharam kata bldg.,entry from back side staircase,opp. Mumbadevi temple,Mumbai-02]