Privacy Policy

1. INTRODUCTION AND SCOPE

This Privacy Policy (the “Policy”) serves as a formal notice under the Digital Personal Data Protection Act, 2023 (the “DPDP Act”), the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, as well as any other applicable law in force in India from time to time.

This Policy describes how VELZEEN, a sole proprietorship firm having its registered office in Ludhiana, Punjab (hereinafter referred to as the “Data Fiduciary”, “we”, “us”, or “our”), collects, uses, processes, stores, shares, protects, and deletes personal data of its users (hereinafter referred to as “Data Principals”, “you”, or “your”).

By accessing our Platform, including www.velzeen.com, creating an account, placing an order, using our services, contacting us, or otherwise providing personal data to us, you acknowledge that you have read, understood, and agree to the practices described in this Policy. Where required by applicable law, we obtain consent separately and specifically for non-essential processing activities, including marketing communications and other optional services.

This Policy is intended to be clear, prominent, and accessible and should be read together with our Terms and Conditions, Shipping Policy, Return and Replacement Policy, and other policies displayed on the Platform.

2. PERSONAL DATA WE COLLECT

We collect only such personal data as is necessary for the performance of our contract with you, the operation of the Platform, fulfillment of your orders, customer support, legal compliance, and other lawful purposes disclosed in this Policy.

2.1 Identity and Contact Data

We may collect your name, delivery address, billing address, email address, mobile number, and such other contact details as may be required for account creation, order processing, communication, delivery, refunds, or grievance redressal.

2.2 Account and Authentication Data

If you create an account with us, we may collect your username, encrypted password, account preferences, and sign-in information. Where you use Google OAuth or any similar third-party authentication method, we may also receive limited profile information as described in Section 11 of this Policy.

2.3 Financial and Transactional Data

We do not store your complete credit card or debit card number, CVV, UPI PIN, net banking password, or other direct payment credentials. Payment transactions are processed through PCI-DSS compliant payment service providers or payment aggregators. We may retain the transaction ID, payment status, payment reference, refund status, and such other information as is reasonably necessary for reconciliation, customer support, legal compliance, and dispute resolution.

2.4 Technical and Device Data

When you access our Platform, we may automatically collect technical information such as your Internet Protocol address, browser type, device details, operating system, session information, approximate location derived from your device or network, and other similar technical identifiers. Such data may be collected through cookies and similar tracking technologies as described in Section 2.6.

2.5 Profile and Preference Data

We may collect your purchase history, size preferences, product preferences, wishlist activity, communication preferences, and other profile-related information that you voluntarily provide or that is generated through your use of the Platform.

2.6 Cookies and Tracking Technologies

Our Platform uses cookies, pixels, SDKs, session storage, web beacons, and similar technologies to operate the Platform, maintain user sessions, remember preferences, improve performance, analyze usage, and enhance user experience.

Cookies and similar technologies may be used to:

• - maintain account sessions and authentication;
  - remember your preferences and settings;
  - measure traffic and usage patterns;
  - improve security and detect fraudulent or abusive activity;
  - facilitate performance analytics; and
  - support marketing and communication functions where permitted by law.

You may manage or disable cookies through your browser settings or other device controls. However, disabling certain cookies may affect the proper functioning of the Platform.

2.7 User-Generated Content

We may collect and process content that you voluntarily submit on the Platform.

2.7.1 Product Reviews, Ratings, and Public Feedback

When you submit product reviews, star ratings, written comments, or product feedback through the Platform, such content may be collected, stored, moderated, and displayed on product pages or other sections of the Platform. Such reviews, ratings, or feedback may be visible to other users and may be used to inform purchasing decisions, improve products, monitor quality, and maintain the integrity of user feedback.

Feedback and reviews that you submit may be publicly displayed on product pages and may also be used in promotional materials, subject to our internal moderation policies and applicable law.

2.7.2 Customer Support, Return, and Replacement Submissions

When you contact us for customer support, complaints, return requests, replacement requests, refund requests, or order-related assistance, you may voluntarily provide comments, explanations, photographs, videos, invoices, packaging images, or other supporting information.

Such content is not intended for public display and is used strictly for support, investigation, quality control, fraud prevention, dispute resolution, and operational purposes.

2.8 Communication Data

We may collect records of communications between you and us, including communications sent by email, SMS, WhatsApp, telephone, in-app message, website forms, or other channels.

We may contact you via WhatsApp, SMS, email, telephone, or other communication channels using the contact information you provide to us during account registration, order placement, support requests, or other interactions with the Platform. Such communications may be transactional, operational, service-related, or support-related in nature.

3. PURPOSE OF DATA PROCESSING

We process your personal data for the following specified lawful purposes.

3.1 Order Fulfilment and Service Delivery

We process your personal data to accept orders, confirm purchases, process payments, arrange delivery, provide invoices, manage returns and replacements, issue refunds, and otherwise perform our contractual obligations to you.

3.2 Communication and Customer Support

We process your personal data to send order confirmations, shipping updates, delivery notifications, refund updates, invoices, return approvals, support responses, account-related notices, grievance responses, and other transactional or operational communications.

We may use email, SMS, WhatsApp, telephone, or other reasonable communication methods for these purposes.

3.3 Legal and Regulatory Compliance

We process your personal data to comply with applicable statutory, regulatory, tax, accounting, consumer protection, anti-fraud, and cybersecurity obligations, including those arising under the GST laws, Income Tax laws, the DPDP Act, and other applicable Indian laws.

3.4 Customer Support and Grievance Management

We process your personal data to resolve complaints, manage grievances, respond to legal notices, investigate quality concerns, process store wallet credits where applicable, and maintain records relating to support interactions.

3.5 Marketing and Promotional Communications

We may process your personal data to send promotional offers, newsletters, product updates, and marketing communications only where you have provided consent or where such communication is otherwise permitted by applicable law. You may withdraw such consent at any time.

3.6 Platform Improvement and Analytics

We process personal data to improve the Platform, understand user behaviour, analyze traffic, detect errors, maintain security, improve product listings, and enhance the user experience.

3.7 Fraud Prevention and Security

We process personal data to detect, prevent, investigate, and address fraudulent, abusive, unlawful, or suspicious activity, including suspicious orders, chargeback disputes, account abuse, and misuse of return or refund facilities.

3.8 Reviews, Ratings, and Product Transparency

We process user-generated reviews, ratings, and feedback to display product transparency, assist other customers, maintain platform trust, and improve product quality and service standards.

4. LEGAL BASIS AND LAWFUL USES

We process your personal data on the basis of one or more of the following:

• - your consent, where applicable;
  - performance of a contract or steps taken at your request before entering into a contract;
  - compliance with legal obligations;
  - specified lawful purposes permitted under the DPDP Act and other applicable laws; and
  - legitimate operational, security, fraud prevention, and service-related requirements to the extent permitted by law.

Where consent is the basis of processing, such consent shall be free, specific, informed, unconditional, unambiguous, and given through clear affirmative action, and may be withdrawn in accordance with applicable law.

5. DATA SHARING AND DISCLOSURE

We do not sell your personal data.

We may share your personal data on a need-to-know basis with trusted service providers, processors, and partners strictly for operational purposes, including:

• - logistics and delivery partners;
  - payment gateways and payment processors;
  - cloud hosting, storage, and infrastructure providers;
  - communication service providers;
  - customer service platforms;
  - analytics and performance measurement providers;
  - fraud prevention and security vendors; and
  - legal, tax, accounting, audit, or compliance advisors, where required.

We may disclose personal data to judicial, statutory, regulatory, investigative, or governmental authorities when required by law, court order, or lawful request, or where such disclosure is necessary to protect our rights, prevent fraud, or address unlawful activity.

User-generated reviews, ratings, and product feedback may be publicly displayed on the Platform and may, where appropriate, be used in promotional materials. Customer support submissions, return photographs, and replacement videos are not intended for public display and shall be used only for internal operational purposes.

6. DATA RETENTION POLICY

We retain personal data only for so long as is necessary to fulfil the purposes set out in this Policy, unless a longer retention period is required or permitted by law.

6.1 Transactional and Accounting Records

In compliance with applicable tax, accounting, and regulatory requirements, we retain invoice records, transaction records, refund records, shipping records, and other order-related records for a minimum period of 8 (eight) years from the end of the relevant financial year, or for such longer period as may be required by applicable law.

6.2 Account and Profile Data

We retain account data for as long as your account remains active or as long as required for the purposes for which the data was collected, including support, security, dispute resolution, and legal compliance.

6.3 Marketing Data

Personal data used for marketing communications is retained until you withdraw your consent, unsubscribe, or delete your account, subject to any legal retention requirements.

6.4 Wallet and Refund Records

Records relating to store wallet credits, including refund credits and related ledger entries, are retained for as long as your account remains active or for such period as is necessary to maintain accurate refund history, account reconciliation, and legal compliance.

6.5 Deleted or Inactive Accounts

When you request deletion of your account or when your account becomes inactive, we will erase or anonymize personal data that is no longer required, subject to retention required by law, fraud prevention, account reconciliation, support records, tax records, and dispute resolution needs.

7. YOUR RIGHTS

Subject to applicable law, you have the following rights in relation to your personal data.

7.1 Right to Access

You may request a summary of the personal data we hold about you and may access your account information through the Platform where such functionality is made available.

7.2 Right to Correction

You may request correction or updating of inaccurate, incomplete, or outdated personal data.

7.3 Right to Erasure

You may request deletion of your personal data. We will erase personal data that is no longer required for the specified purpose, subject to retention obligations required by law. Marketing data will be deleted upon withdrawal of consent or unsubscribe, while transactional and accounting records shall continue to be retained for the statutory period stated in this Policy.

7.4 Right to Withdraw Consent

Where processing is based on your consent, you may withdraw such consent at any time, with the ease of withdrawal being comparable to the ease with which consent was given. Withdrawal of consent shall not affect the lawfulness of processing carried out before such withdrawal.

7.5 Right to Grievance Redressal

You may raise a grievance concerning our processing of your personal data, our response to your requests, or any act or omission relating to this Policy.

7.6 Right to Delete Account and Data

Where the Platform provides account deletion functionality, you may delete your account through the Platform. You may also request deletion by contacting us using the details set out in Section 9.

8. DATA SECURITY

We implement reasonable security practices and procedures, including technical, operational, administrative, and physical safeguards, to protect personal data from unauthorized access, disclosure, alteration, loss, misuse, or destruction.

Such safeguards may include, without limitation:

• - encryption of data in transit;
  - access controls and role-based permissions;
  - secure server infrastructure;
  - regular monitoring and vulnerability management;
  - authentication controls;
  - logging and auditing practices; and
  - employee access restrictions and confidentiality obligations.

While we take reasonable steps to secure your data, no method of transmission over the Internet or electronic storage is completely secure, and we cannot guarantee absolute security.

9. GRIEVANCE REDRESSAL

If you have any concerns regarding the processing of your personal data or wish to exercise your rights, you may contact our designated Grievance Officer as follows:

Name: Mr. Raghav Gupta
Designation: Grievance Officer
Address: B-6-966/50 X, Gaushala Road, Street Number 10, Harbanspura, Ludhiana, Punjab - 141008
Phone: +91-79733-25297
Email: [email protected]

We will acknowledge your complaint within 24 hours and endeavour to resolve it within 30 days, subject to the nature and complexity of the complaint and any legal or operational constraints.

10. VELZEEN WALLET

The Velzeen Wallet is used to provide store credit or refund value for eligible transactions on the Platform. It is intended to operate as a closed system prepaid payment instrument / store-credit mechanism usable only for purchases from Velzeen and not for cash withdrawal, redemption into cash, or payment to third parties, subject to the terms disclosed on the Platform and applicable law.

Where the Velzeen Wallet is used, we retain wallet records for account reconciliation, customer support, fraud prevention, and compliance purposes. Wallet balances and credits may be subject to additional terms disclosed at the time of issuance.

11. GOOGLE USER DATA AND OAuth AUTHENTICATION

Our Platform utilizes Google OAuth authentication, including through third-party authentication frameworks such as NextAuth, to permit users to register and sign in using their Google accounts.

In compliance with the Google API Services User Data Policy and related Google OAuth requirements, we disclose the following regarding our handling of Google user data.

11.1 Data Accessed

When you choose to authenticate using Google, our application accesses only the basic profile information made available through the approved non-sensitive scopes required for sign-in, including your primary Google email address, your name, and your profile picture, where provided by Google.

We do not request access to sensitive or restricted Google user data, including Gmail contents, Google Drive files, Google Contacts, Google Calendar data, or any other Google user data that is not necessary for authentication and account creation.

11.2 Data Usage

We use Google user data strictly for the following purposes:

• - creating and authenticating your Velzeen account;
  - verifying your identity and enabling secure login;
  - pre-filling your profile name, email address, and avatar on the Platform;
  - sending transactional communications related to your account, orders, and services; and
  - maintaining account continuity and support records.

We do not use Google user data for targeted advertising, behavioural profiling, or any purpose unrelated to the operation of the Platform. We do not use Google user data to train artificial intelligence or machine learning models.

11.3 Data Sharing

We do not sell, rent, or trade Google user data to any third party, including advertising networks, data brokers, or marketing platforms.

Google user data may be shared only with service providers and processors strictly necessary to operate the Platform, including secure hosting providers, authentication infrastructure, and support systems, and only for the purposes disclosed in this Policy. Such providers are required to maintain appropriate confidentiality and security safeguards.

11.4 Data Storage and Protection

Google user data is stored securely in our systems or with approved service providers using appropriate administrative, technical, and physical safeguards. These safeguards include encrypted transmission in transit, secure access control, and restricted internal access.

We do not receive or store your Google password, as authentication is handled directly by Google’s OAuth infrastructure and related secure systems.

11.5 Data Retention and Deletion

Google user data is retained only for as long as necessary to operate your account and provide the services requested by you, or for such longer period as may be required by applicable law.

If your account is deleted or becomes inactive, Google user data that is no longer required shall be erased or anonymized, except where retention is required for tax, accounting, fraud prevention, dispute resolution, or other legal purposes.

11.6 Revocation of Access and Deletion Requests

You may revoke Velzeen’s access to your Google account at any time through your Google Account permissions settings.

You may also request deletion of your account or Google-related profile data by:

• - using the account deletion function on the Platform, where available;
  - contacting us at [email protected]; or
  - contacting the Grievance Officer at [email protected].

Upon receipt of a valid deletion request, we shall delete or anonymize the relevant data within a reasonable period, subject to retention required by law.

12. COMMUNICATION THROUGH WHATSAPP AND OTHER CHANNELS

We may communicate with you through WhatsApp, SMS, email, telephone, or other communication channels for transactional, service-related, support-related, operational, and legal notice purposes.

Where you provide your phone number to us, you consent to receive such communications on that number, subject to your right to withdraw consent for non-essential communications, where applicable.

13. WEBSITE AND PUBLIC ACCESSIBILITY OF PRIVACY INFORMATION

Our homepage and other applicable pages provide easy access to this Policy and related legal policies so that users may review our practices before using the Platform.

14. CHILDREN’S PRIVACY

Our Platform is intended for individuals aged 18 years or older.

We do not knowingly solicit or collect personal data from children, meaning individuals under the age of 18.

If you are under 18, you may use our Platform only with the involvement and verifiable consent of a parent or legal guardian where such consent is required by applicable law.

If we discover that we have inadvertently collected personal data from a child without verifiable parental consent, we will delete such information promptly, subject to legal retention requirements.

15. CROSS-BORDER PROCESSING

Your personal data is primarily stored and processed in India. However, certain data may be processed or stored by secure service providers or infrastructure providers located outside India, where necessary for the operation of the Platform.

Where such transfer occurs, we take reasonable steps to ensure that appropriate contractual, technical, and organizational safeguards are in place consistent with applicable law.

16. CHANGES TO THIS POLICY

We may update this Policy from time to time to reflect changes in our practices, technology, legal requirements, Google OAuth requirements, payment practices, or other operational considerations.

The “Last Updated” date at the top of this page indicates when the latest version came into effect. We encourage you to review this Policy periodically.

Your continued use of the Platform after any update constitutes your acknowledgment of the revised Policy, to the extent permitted by law.

17. CONTACT INFORMATION

For any questions, concerns, complaints, or requests relating to this Policy or our data practices, please contact us at:

Customer Support Email: [email protected]
Customer Support Phone: +91-8699349184
Data Protection Email: [email protected]
Grievance Officer Email: [email protected]
Grievance Officer Phone: +91-79733-25297

18. CONSENT

By using our Platform, creating an account, placing an order, or otherwise providing personal data to us, you consent to the collection, use, processing, storage, and disclosure of your personal data as described in this Policy, to the extent such consent is required by applicable law.

You may withdraw consent for non-essential processing at any time, subject to the consequences and limitations set out in this Policy and applicable law.

Acknowledgement

By clicking “I Accept”, creating an account, logging in, placing an order, or using our Platform, you acknowledge that you have read, understood, and agreed to this Privacy Policy.

Governing Law

This Privacy Policy is governed by the laws of India. Any dispute arising out of or in connection with this Policy shall be subject to the exclusive jurisdiction of the competent courts at Ludhiana, Punjab, subject to any mandatory statutory forum or remedy available under applicable law.