Information Security

Data Protection Policy

Effective: Sept 2025 NariHaat Retails Pvt. Ltd.

At NariHaat.com, we value your privacy and are committed to protecting all personal, financial, and business data shared with us. This policy explains how we collect, use, store, and safeguard your information in strict compliance with Indian IT laws and international security standards.

1 Scope of Policy

This policy applies to all entities interacting with our platform, including:

  • Customers browsing or purchasing on NariHaat.com
  • Vendors and sellers registered on the platform
  • Employees, service providers, and third-party logistics partners
2 Data We Collect

2.1 Customer Data

  • Name, contact number, email ID, and delivery address.
  • Payment details (Processed securely via PCI-DSS gateways; NariHaat never stores full card data).
  • Order and browsing history.

2.2 Vendor Data

  • Business details (GST, PAN, Aadhaar, operational licenses).
  • Bank account details for processing automated payouts.
  • Retail product listings and historical transaction data.

2.3 Technical Data

  • IP address, browser type, and device information.
  • Cookies for website performance, cart functionality, and personalization.
3 How We Use Your Data
  • To accurately process and fulfill physical retail orders.
  • To verify vendor and customer identities for platform safety.
  • To provide automated, secure payouts to our vendors.
  • To send updates, promotions, and festival offers (only with user consent).
  • To detect and prevent fraud, mediate disputes, and enforce policy violations.
  • To improve platform performance and overall customer experience.
4 Data Storage & Security

Enterprise-Grade Protection

  • All data is stored on secure, encrypted cloud servers.
  • SSL (Secure Socket Layer) encryption protects your data during every network transfer.
  • Two-Factor Authentication (2FA) is enabled for vendor dashboards and admin access.
  • Regular security audits and penetration testing are conducted to ensure integrity.
  • Access to sensitive data is strictly restricted to authorized personnel only.
5 Data Sharing

We do not sell or rent user data to any third parties. Data is only shared securely with:

  • Payment Gateways: For processing secure financial transactions.
  • Logistics Partners: For ensuring the accurate delivery of your physical orders.
  • Legal Authorities: If officially required by law or court order.
6 User Rights

In compliance with global and Indian IT laws, users have the right to:

  • Request access to their personal data stored with NariHaat.
  • Update or correct inaccurate information in their account.
  • Request deletion of their data (subject to legal and financial record-keeping laws).
  • Withdraw marketing and newsletter consent at any time.
7 Retention & Breach Policies
  • Data Retention: Customer and vendor data will be retained only as long as necessary for legal, tax, and business fulfillment purposes. Afterward, it is securely deleted or fully anonymized.
  • Breach Notification: In the highly unlikely event of a data breach, NariHaat will inform affected users within 72 hours, take immediate steps to secure systems, and cooperate with authorities under the Indian IT Act.
8 Legal Compliance

This policy is designed to comply with the strictest regulatory frameworks:

Information Technology Act, 2000 (India)
Consumer Protection (E-commerce) Rules, 2020
GDPR (General Data Protection Regulation)
Google Data Privacy Requirements

Data Protection Officer (DPO)

For any data-related concerns, GDPR deletion requests, or privacy questions, please contact us.

713/22, Jhang Colony, Mansarover Colony, Rohtak (124001)

connect@narihaat.com