1. Scope

This policy applies to all:

• • Customers using NariHaat.com
• • Vendors registered on the platform
• • Employees, service providers, and third-party partners handling data

2. Data We Collect

2.1 Customer Data

• • Name, contact number, email ID, delivery address
• • Payment details (processed securely via gateway; NariHaat does not store card data)
• • Order and browsing history

2.2 Vendor Data

• • Business details (GST, PAN, Aadhaar, licenses)
• • Bank details for payouts
• • Product/service listings and transaction history

2.3 Technical Data

• • IP address, browser type, device information
• • Cookies for website performance and personalization

3. How We Use Data

• • To process and deliver orders or services
• • To verify vendor and customer identities
• • To provide payouts to vendors securely
• • To send updates, promotions, and festival offers (only with consent)
• • To detect fraud, disputes, and policy violations
• • To improve platform performance and customer experience

4. Data Storage & Security

• • All data is stored on secure, encrypted servers.
• • SSL (Secure Socket Layer) encryption protects data during transfer.
• • Two-Factor Authentication (2FA) is enabled for vendor dashboards and admin logins.
• • Regular security audits and penetration testing are conducted.
• • Access to sensitive data is restricted to authorized personnel only.

5. Data Sharing

• • We do not sell or rent user data to third parties.
• • Data may be shared only with:
  • → Payment gateways (for transactions)
  • → Logistics/shipping partners (for deliveries)
  • → Legal authorities (if required by law)
• • All third parties must comply with NariHaat’s data security standards.

6. User Rights

In compliance with GDPR and Indian IT laws, users have the right to:

• • Access their personal data stored with us
• • Update or correct their information
• • Request deletion of their data (subject to legal & financial record-keeping requirements)
• • Withdraw marketing consent anytime

Requests can be made via connect@narihaat.com.

7. Data Retention

• • Customer and vendor data will be retained only as long as necessary for legal, tax, and business purposes.
• • After retention periods, data will be securely deleted or anonymized.

8. Breach Notification

• • In case of a data breach, NariHaat will:
  • → Inform affected users within 72 hours.
  • → Take immediate steps to secure systems.
  • → Cooperate with authorities under Indian IT Act & GDPR guidelines.

9. Compliance

This policy complies with:

• • Information Technology Act, 2000 (India)
• • Consumer Protection (E-commerce) Rules, 2020
• • GDPR (General Data Protection Regulation – EU)
• • Google’s data protection and privacy requirements

10. Contact Us

For any data-related concerns or GDPR requests: