logo
Help / SupportLogin

Privacy-Policy

Effective Date: April 10, 2025 Last Updated: April 10, 2025

 

Part I

1. Data We Collect: Identity, Contact, Financial, Transaction, Technical, Profile, Usage, and KYC Data (for Sellers). (See Section 2 for itemized list).

2. Purpose of Use; To provide Marketplace Services, process transactions/payouts, verify identity (KYC), fraud prevention, and legal compliance. (See Section 4 for details).

3. Withdrawal of Consent: You may withdraw consent at any time by using the "Settings" in your Account or contacting us at [ravipatel@gajab.com]. Withdrawal shall not affect processing based on consent before withdrawal nor processing required for legal compliance.

4. Grievance Redressal

Contact: Ravi Patel, Grievance Officer

Email:ravipatel@gajab.com

Response Time: Within 90 days.

5. Right to Complain:If your grievance is not resolved, you have the right to make a complaint to the Data Protection Board of India.

 

Part II

1. INTRODUCTION AND SCOPE

1.1. This Privacy Policy describes how Aeliya Technologies Private Limited (hereinafter referred to as the "Company", "We", "Us", "Our"), owner and operator of the Gajab.com website ([www.gajab.com]) and associated mobile applications (collectively, the "Platform"), collects, uses, stores, processes, shares, and protects the Personal data provided by individuals ("User", "You", "Your") when You access or use the Platform and the services offered thereon ("Services").

1.2. We are committed to protecting Your privacy and ensuring compliance with applicable data protection laws in India, including the Digital Personal Data Protection (DPDP) Act, 2023 and its associated rules.

1.3. This Privacy Policy applies to all Users of the Platform, as defined in Our Terms of Use ([_____Link to Terms of Use]). This Privacy Policy should be read in conjunction with the Terms of Use, as it forms an integral part of the agreements governing Your use of the Platform ("Agreements").

1.4. This Privacy Policy, specifically the 'Part I: Privacy Notice' above, constitutes the Notice required under Section 5 of the DPDP Act, 2023. By clicking 'I Agree' or accessing the Platform, You provide Your verifiable consent to the processing of Your personal data as described herein.

 

2. INFORMATION WE COLLECT

We collect various types of Personal data from You, which may include, but are not limited to, the following categories:

2.1. Identity Data: Such as Your full name, username or similar identifier, date of birth, and gender. 

2.2. Contact Data: Such as Your email address, mobile phone number, delivery address, and billing address. 

2.3. Financial Data: Such as details related to payment methods processed via secure third-party payment gateways (We do not store full card numbers), transaction identifiers, and bank account details (for Seller payouts). 

2.4. Transaction Data: Such as details about products You purchase or sell through the Platform, order history, pricing details, shipping information, returns, refunds, and information related to disputes. 

2.5. Technical Data: Such as Your Internet Protocol (IP) address, login data (related to Platform access, not passwords as OTP is used), browser type and version, time zone setting and location (approximate location from IP or specific location if permission granted), device information (type, operating system, identifiers), and information collected through cookies and similar technologies (refer to our Cookie Policy). 

2.6. Profile Data: Such as Your username, account preferences, purchase/selling history, feedback provided, survey responses, wish lists, and communications with Us (e.g., customer support interactions). 

2.7. Usage Data: Such as information about how You use the Platform and Services, pages viewed, time spent, features used, and navigation paths. 

2.8. User Content: Information You provide when You create listings (descriptions, images, prices), post reviews or ratings, send messages to other Users, or otherwise generate content on the Platform. Please be aware this content may contain Personal data. 

2.9. KYC Data (Primarily for Sellers): Information required for identity verification and compliance purposes, especially during Seller onboarding, as mandated by law or Our policies. This may include Permanent Account Number (PAN), Goods and Services Tax Identification Number (GSTIN), Aadhar details (only where legally permissible and necessary, handled securely), bank account verification documents, and business registration details or address proof. Gajab.com shall ensure that Aadhar data is redacted or masked as per UIDAI guidelines before storage.

 

3. HOW WE COLLECT YOUR INFORMATION

We use different methods to collect data from and about You, including:

3.1. Direct Interactions: You provide us data when You: 

(i) Create or update Your Account profile. 

(ii) List products for sale or make a purchase. 

(iii) Fill in forms on the Platform. 

(iv) Communicate with Us (e.g., customer support, feedback). 

(v) Respond to surveys or participate in promotions. 

(vi) Provide KYC documents during verification processes. 

(vii) Communicate with other Users through the Platform. 

3.2. Automated Technologies or Interactions: As You interact with our Platform, We automatically collect Technical Data and Usage Data about Your equipment, Browse actions, and patterns. We collect this Personal data by using cookies, server logs, web beacons, and other similar technologies. Please see our Cookie Policy ([Link to Cookie Policy]) for further details. 

3.3. Third Parties: We may receive Personal data about You from various third parties, such as: (i) Third-party payment gateways providing transaction confirmation details. 

(ii) Logistics and delivery partners providing shipping status updates. 

(iii) Other Users providing information in the context of a transaction, communication, or dispute. 

(iv) Identity verification and KYC service providers (for Sellers). 

(v) Analytics providers (e.g., Google Analytics). 

(vi) Advertising networks or partners (where applicable and consented to). 

(vii) Publicly available sources (where permissible).  

 

4. HOW WE USE YOUR INFORMATION (PURPOSES OF PROCESSING)

We process Your Personal data only for specified, explicit, and lawful purposes, based on Your consent obtained prior to processing (where required) or for legitimate uses permitted under the DPDP Act, 2023. These purposes include:

4.1. To Provide and Manage Services: 

(a)To register You as a User and manage Your Account. 

(b)To enable You to use the Platform features, including listing, Browse, buying, and selling. 

(c)To facilitate communication between Users. 

4.2. To Process Transactions: 

(a)To process orders placed by Buyers. 

(b)To facilitate payments through third-party gateways.

(c)To process and manage payouts to Sellers. 

(d)To manage returns, refunds, and disputes.

 4.3. To Manage Our Relationship with You: 

(a)To send You necessary service-related communications including but not limited to  order updates, account notifications, security alerts.

(b)To notify You about changes to our Terms, Policies, or Services. 

(c)To provide customer support and respond to Your requests or inquiries. 

4.4. To Ensure Security and Compliance: 

(a) To verify Your identity (including Seller KYC). 

(b)To protect the security and integrity of the Platform, prevent fraud, and detect violations of our Terms and policies.

(c)To comply with our legal and regulatory obligations under applicable Indian laws (including tax laws like GST/TCS, payment regulations, intermediary obligations under the IT Act, and law enforcement requests). 

4.5. To Improve and Personalize Services: 

(a)To perform data analysis to understand usage patterns, diagnose technical issues, and improve the Platform, Services, and user experience (using aggregated or anonymized data where feasible). 

(b)To Personalize Your experience on the Platform, such as showing relevant content or recommendations (certain Personalization may require specific consent). 

4.6. For Marketing (With Consent): To send You marketing and promotional communications about Gajab.com's products, services, or offers, only if You have given Your explicit consent to receive such communications. You will have the option to opt-out at any time by sending us an e-mail or clicking on the ‘unsubscribe’ option.

 4.7. For Specific Consented Purposes: To process Your data for any other specific purpose for which We obtain Your explicit consent before or at the time of collection.

4.8 Under Section 7 of DPDP Act, 2023: In addition to processing based on Your consent (obtained via notice as described in Clause 1.4), We may process Your Personal data without Your specific consent where permitted under Section 7 of the DPDP Act, 2023 ('Legitimate Uses'). This includes, but is not limited to: (a) Processing Personal data You have voluntarily provided to Us for a ‘specific purpose’ where You have voluntarily provided data, including without limitation providing delivery details, submitting KYC documents for verification and posting a review where You have not indicated to Us that You do not consent to the use of Your Personal data for that purpose. (b) Processing necessary for ensuring the security of our network and information systems, preventing fraud, and ensuring safety. (c) Processing necessary for enforcing Our legal rights or claims, or defending against legal claims.

4.9 Use of Non-Personal Data: We may collect, use, process, create, and share data that has been aggregated or anonymized such that it does not constitute Personal Data under the DPDP Act, 2023 ('Non-Personal Data'). This Non-Personal Data may be used for any purpose, including analytics, research, reporting, service improvement, and commercial purposes, without restriction under this Privacy Policy.

5. DATA SHARING AND DISCLOSURE

We do not disclose Your Personal data to third parties except in the circumstances described below, based on a legitimate purpose and appropriate legal basis (including Your consent where required):

5.1. Other Users: We share necessary information between Buyers and Sellers to enable transactions that includes without limitation Seller's name/business name, Buyer's name and shipping address after purchase confirmation, contact information where needed for delivery coordination and dispute resolution. 

5.2. Service Providers & Partners: We share data with trusted third-party vendors, consultants, and partners who perform services on Our behalf, such as payment processing, logistics/delivery, cloud hosting, IT support, customer service platforms, data analytics, marketing/communication delivery (for consented messages), and identity/KYC verification. These service providers are contractually obligated to use the data only for the specific purposes for which We provide it to them and to implement appropriate security measures. 

5.3. Legal and Regulatory Authorities: We may disclose Your Personal data if required to do so by law, regulation, court order, subpoena, or other legal process, or in response to a valid request from government authorities, law enforcement agencies, or regulatory bodies (e.g., for tax compliance, fraud prevention, investigation). We may also disclose data to protect the rights, property, or safety of the Company, our Users, or the public, as permitted or required by law. 

5.4. Business Transfers: In the event of a merger, acquisition, financing, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, Your Personal data may be shared or transferred as part of that transaction, subject to confidentiality obligations and ensuring the receiving entity upholds similar privacy standards. 

.5. Affiliated Companies: We may share Personal data within Our corporate group (parent company, subsidiaries, joint ventures – if applicable) for internal administrative, operational, or service delivery purposes, consistent with this Privacy Policy.

 5.6. With Your Consent: We may share Your Personal data with other third parties for purposes not listed above only when We have obtained Your explicit consent to do so.  

5.7 Disclaimer Regarding Other Users: While We facilitate the sharing of necessary information between Users (as described in Clause 5.1), this Privacy Policy applies only to Our processing of Your Personal data. Buyers and Sellers acknowledge that upon a successful transaction, they act as independent 'Data Fiduciaries' for the limited purpose of fulfillment. Gajab.com is not liable for any secondary breach or misuse of data by a Seller once it has been shared for legitimate shipping purposes.

 

6. DATA STORAGE AND RETENTION

6.1. Your Personal data collected by Gajab.com will be stored and processed primarily on secure servers located within the Republic of India

6.2. We will retain Your Personal data only for as long as it is necessary to fulfill the specific purposes for which it was collected, as outlined in Section 4 ("How We Use Your Information"), including for satisfying any legal, regulatory, tax, accounting, reporting requirements, or for the establishment, exercise, or defense of legal claims, fraud prevention and abuse detection. 

6.3. The criteria used to determine retention periods include the nature and sensitivity of the Personal data, the purposes for which We process it, applicable legal or regulatory retention requirements (e.g., data related to transactions for tax purposes), and the potential risk of harm from unauthorized use or disclosure. 

6.4. Upon expiry of the necessary retention period, We will securely delete or anonymize Your Personal data in accordance with applicable laws and Our internal policies, so that it can no longer be associated with You.

6.5 In strict compliance with Rule 8(3) of the DPDP Rules, 2025, We will retain personal data, associated traffic data, and other processing logs for a minimum period of one year from the date of processing. This is mandatory for enabling the detection and investigation of potential security incidents.

6.6. Where We are required to erase Your personal data because the specified purpose is no longer being served (as per Rule 8(1)), We will provide You with notice at least forty-eight (48) hours prior to such erasure. This gives You the opportunity to retain Your account if desired.

6.7. If Gajab.com qualifies as a Data Fiduciary under the Third Schedule of the DPDP Rules (i.e. exceeding 2 crore registered users), We will retain Your personal data (excluding account access credentials) for a maximum of three years from the date of Your last interaction with Us, unless a longer retention is required by applicable laws.

 

7. DATA SECURITY

7.1. We implement reasonable security practices and procedures designed to protect Your Personal data from unauthorized access, disclosure, use, alteration, loss, or destruction. These measures include appropriate technical, administrative, and physical safeguards, considering the nature and sensitivity of the Personal data involved. 

7.2. Examples of security measures may include encryption (such as SSL/TLS for data in transit), access controls, secure server infrastructure, regular security assessments, internal data handling protocols, and employee awareness training. We use payment gateways that are PCI DSS compliant for handling sensitive financial information. 

7.3. However, please be aware that no method of transmission over the Internet or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal data, We cannot guarantee its absolute security. You are also responsible for maintaining the security of Your account credentials (OTP access methods).  

8. YOUR RIGHTS AND CHOICES (UNDER DPDP ACT, 2023)

As a User ('Data Principal' under the DPDP Act), You have certain rights regarding Your Personal data processed by Us. Subject to applicable law and verification of Your identity, these rights include:

8.1. Right to Access Information: You have the right to obtain from Us a summary of the Personal data being processed, the processing activities undertaken with respect to Your Personal data, and the identities of Data Fiduciaries and Data Processors with whom Your Personal data has been shared (where applicable). 

8.2. Right to Correction and Erasure: You have the right to request the correction of inaccurate or incomplete Personal data, the completion of incomplete Personal data, the updating of Personal data, and the erasure of Personal data that is no longer necessary for the purpose for which it was processed (unless retention is required for compliance with applicable law). 

8.3. Right to Withdraw Consent: Where We rely on Your consent to process Your Personal data, You have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing based on consent before its withdrawal. Upon withdrawal, We will cease processing Your data for the purpose(s) You previously consented to, unless We have another legitimate basis for doing so in law. Withdrawal may result in Your inability to access certain Services or features. 

8.4. Right to Grievance Redressal: You have the right to register grievances regarding any potential violation of Your rights under the DPDP Act or this Privacy Policy with Our designated Grievance Officer (details in Clause 11). 

8.5. Right to Nominate: You have the right to nominate another individual who, in the event of Your death or incapacity, can exercise Your rights under the DPDP Act on Your behalf.  

8.6. Exercising Your Rights: (a) You can exercise Your rights by submitting a verifiable request through the following designated channels:  By contacting the Grievance Officer via email at ravipatel@gajab.com.  (b) We may need to request specific information from You to help Us verify Your identity and ensure Your right to access Your Personal data or exercise any of Your other rights. This is a security measure to ensure that Personal data is not disclosed to any person who has no right to receive it. (c) We will respond to all verifiable requests within the timelines prescribed by applicable law. (d) Please note that Your rights (such as erasure) are not absolute and may be subject to limitations based on applicable law, such as overriding legal or regulatory obligations requiring Us to retain certain data.  

8.7. User Duties: As per the DPDP Act, 2023, You also have certain duties, including the duty not to impersonate another person while providing Personal data, not to suppress any material information while providing Personal data for documentation, not to furnish any false or frivolous grievance or complaint, and to furnish only verifiably authentic information when exercising rights like correction or erasure.

9. COOKIES AND TRACKING TECHNOLOGIES

9.1. We use cookies and similar tracking technologies (like web beacons, pixels, scripts) to operate and improve the Platform, enhance Your user experience, analyze usage, and for other purposes. 

9.2. For detailed information about the types of cookies We use, why We use them, and how You can manage Your cookie preferences, please refer to our separate Cookie Policy ([Link to Cookie Policy]).  

10. INTERNATIONAL DATA TRANSFER

10.1. Your Personal data collected by Us may be transferred to, stored at, or processed in locations outside of the Republic of India, for example, where Our affiliates, service providers (such as cloud hosting providers or analytics partners), or other third parties described in Section 5 are located or operate servers. 

10.2. When We transfer Your Personal data outside India, We will ensure that such transfers are conducted in compliance with the requirements of the Digital Personal Data Protection (DPDP) Act, 2023, and applicable rules. This includes ensuring the transfer is to a country providing an adequate level of data protection as recognized under Indian law, or implementing appropriate safeguards (such as standard contractual clauses approved by relevant authorities), or obtaining Your explicit consent for the transfer where required by law. We will take reasonable steps to ensure Your Personal data receives an adequate level of protection in the destination jurisdiction.

11. CHILDREN'S PRIVACY

11.1. The Platform and Services are intended for users who are 18 years of age or older, as stated in our Terms of Use. In compliance with Section 9(3) of the DPDP Act, We do not undertake any tracking or behavioral monitoring of children, nor do We engage in targeted advertising directed at children. We do not knowingly collect Personal data from individuals under the age of 18 ("Children") without verifiable  consent of their parent or guardian or unless they are using the Platform under the direct supervision and Account of a parent or legal guardian who has consented to these terms on their behalf (as outlined in the Terms of Use). 

11.2. If We become aware that We have inadvertently collected Personal data from a Child in violation of this policy, We will take reasonable steps to delete such information from Our records promptly. 

11.3. If You are a parent or guardian and believe that Your child under 18 has provided Us with Personal data without Your required consent or supervision according to our Terms, please contact our Grievance Officer immediately using the details provided below.

12. GRIEVANCE OFFICER

12.1. In accordance with the Information Technology Act, 2000 and the rules made thereunder, and the Consumer Protection (E-commerce) Rules, 2020, the name and contact details of the Grievance Officer are provided below for registering grievances:  

Name: Ravi Patel  

Email: ravipatel@gajab.com  

Contact: +91 84879 77366 

12.2. We will acknowledge your grievance and resolve it within a reasonable period, which shall not exceed ninety (90) days from the date of receipt, as mandated by Rule 14(3) of the DPDP Rules.  However, Gajab.com commits to a primary resolution attempt within 30 days to maintain market-leading trust standards.

13. CHANGES TO THIS PRIVACY POLICY

13.1. We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, service offerings, legal requirements, or technology. 

13.2. We will notify You of any material changes by posting a prominent notice on the Platform or by sending an email notification to Your registered email address, providing reasonable advance notice where practicable. We will indicate at the top of the Policy when it was last updated. 

13.3. For changes that require Your consent under the DPDP Act, 2023 (e.g., processing data for a new purpose not previously consented to), We will obtain Your explicit consent before the changes apply to Your data. For other non-material changes, Your continued use of the Platform or Services after the effective date of the revised Privacy Policy may constitute Your acceptance of the changes, where permitted by law. 

13.4. We encourage You to review this Privacy Policy periodically to stay informed about how We are protecting Your information. If You do not agree with the changes, You must stop using the Platform and Services.  

14. CONTACT US

If You have any questions, concerns, or grievances regarding this Privacy Policy or Our data protection practices, please contact our Grievance Officer using the details provided in Clause 12.