Privacy Policy

Privacy Policy

Effective Date: April 10, 2025 Last Updated: April 10, 2025

  1. INTRODUCTION AND SCOPE

1.1. This Privacy Policy describes how Aeliya Technologies Private Limited (hereinafter referred to as the “Company”, “We”, “Us”, “Our”), owner and operator of the Gajab.com website ([www.gajab.com]) and associated mobile applications (collectively, the “Platform”), collects, uses, stores, processes, shares, and protects the personal data provided by individuals (“User”, “You”, “Your”) when You access or use the Platform and the services offered thereon (“Services”).

1.2. We are committed to protecting Your privacy and ensuring compliance with applicable data protection laws in India, including the Digital Personal Data Protection (DPDP) Act, 2023 and its associated rules.

1.3. This Privacy Policy applies to all Users of the Platform, as defined in Our Terms of Use ([Link to Terms of Use]). This Privacy Policy should be read in conjunction with the Terms of Use, as it forms an integral part of the agreements governing Your use of the Platform (“Agreements”).

1.4. By accessing or using the Platform, You signify Your understanding of the terms of this Privacy Policy. Consent for the collection and processing of Your personal data for specific purposes will be obtained as required by the DPDP Act, 2023.

  1. INFORMATION WE COLLECT

We collect various types of personal data from You, which may include, but are not limited to, the following categories:

2.1. Identity Data: Such as Your full name, username or similar identifier, date of birth, and gender. 2.2. Contact Data: Such as Your email address, mobile phone number, delivery address, and billing address. 2.3. Financial Data: Such as details related to payment methods processed via secure third-party payment gateways (We do not store full card numbers), transaction identifiers, and bank account details (for Seller payouts). 2.4. Transaction Data: Such as details about products You purchase or sell through the Platform, order history, pricing details, shipping information, returns, refunds, and information related to disputes. 2.5. Technical Data: Such as Your Internet Protocol (IP) address, login data (related to Platform access, not passwords as OTP is used), browser type and version, time zone setting and location (approximate location from IP or specific location if permission granted), device information (type, operating system, identifiers), and information collected through cookies and similar technologies (refer to our Cookie Policy). 2.6. Profile Data: Such as Your username, account preferences, purchase/selling history, feedback provided, survey responses, wish lists, and communications with Us (e.g., customer support interactions). 2.7. Usage Data: Such as information about how You use the Platform and Services, pages viewed, time spent, features used, and navigation paths. 2.8. User Content: Information You provide when You create listings (descriptions, images, prices), post reviews or ratings, send messages to other Users, or otherwise generate content on the Platform. Please be aware this content may contain personal data. 2.9. KYC Data (Primarily for Sellers): Information required for identity verification and compliance purposes, especially during Seller onboarding, as mandated by law or Our policies. This may include Permanent Account Number (PAN), Goods and Services Tax Identification Number (GSTIN), Aadhar details (only where legally permissible and necessary, handled securely), bank account verification documents, and business registration details or address proof.

  1. HOW WE COLLECT YOUR INFORMATION

We use different methods to collect data from and about You, including:

3.1. Direct Interactions: You provide us data when You: * Create or update Your Account profile. * List products for sale or make a purchase. * Fill in forms on the Platform. * Communicate with Us (e.g., customer support, feedback). * Respond to surveys or participate in promotions. * Provide KYC documents during verification processes. * Communicate with other Users through the Platform. 3.2. Automated Technologies or Interactions: As You interact with our Platform, We automatically collect Technical Data and Usage Data about Your equipment, Browse actions, and patterns. We collect this personal data by using cookies, server logs, web beacons, and other similar technologies. Please see our Cookie Policy ([Link to Cookie Policy]) for further details. 3.3. Third Parties: We may receive personal data about You from various third parties, such as: * Third-party payment gateways providing transaction confirmation details. * Logistics and delivery partners providing shipping status updates. * Other Users providing information in the context of a transaction, communication, or dispute. * Identity verification and KYC service providers (for Sellers). * Analytics providers (e.g., Google Analytics). * Advertising networks or partners (where applicable and consented to). * Publicly available sources (where permissible).  

  1. HOW WE USE YOUR INFORMATION (PURPOSES OF PROCESSING)

We process Your personal data only for specified, explicit, and lawful purposes, based on Your consent obtained prior to processing (where required) or for legitimate uses permitted under the DPDP Act, 2023. These purposes include:

4.1. To Provide and Manage Services: * To register You as a User and manage Your Account. * To enable You to use the Platform features, including listing, Browse, buying, and selling. * To facilitate communication between Users. 4.2. To Process Transactions: * To process orders placed by Buyers. * To facilitate payments through third-party gateways. * To process and manage payouts to Sellers. * To manage returns, refunds, and disputes. 4.3. To Manage Our Relationship with You: * To send You necessary service-related communications (e.g., order updates, account notifications, security alerts). * To notify You about changes to our Terms, Policies, or Services. * To provide customer support and respond to Your requests or inquiries. 4.4. To Ensure Security and Compliance: * To verify Your identity (including Seller KYC). * To protect the security and integrity of the Platform, prevent fraud, and detect violations of our Terms and policies. * To comply with our legal and regulatory obligations under applicable Indian laws (including tax laws like GST/TCS, payment regulations, intermediary obligations under the IT Act, and law enforcement requests). 4.5. To Improve and Personalize Services: * To perform data analysis to understand usage patterns, diagnose technical issues, and improve the Platform, Services, and user experience (using aggregated or anonymized data where feasible). * To personalize Your experience on the Platform, such as showing relevant content or recommendations (certain personalization may require specific consent). 4.6. For Marketing (With Consent): * To send You marketing and promotional communications about Gajab.com’s products, services, or offers, only if You have given Your explicit consent to receive such communications. You will have the option to opt-out at any time. 4.7. For Specific Consented Purposes: * To process Your data for any other specific purpose for which We obtain Your explicit consent before or at the time of collection.

  1. DATA SHARING AND DISCLOSURE

We do not disclose Your personal data to third parties except in the circumstances described below, based on a legitimate purpose and appropriate legal basis (including Your consent where required):

5.1. Other Users: We share necessary information between Buyers and Sellers to enable transactions (e.g., Seller’s name/business name, Buyer’s name and shipping address after purchase confirmation, contact information where needed for delivery coordination or dispute resolution). 5.2. Service Providers & Partners: We share data with trusted third-party vendors, consultants, and partners who perform services on Our behalf, such as payment processing, logistics/delivery, cloud hosting, IT support, customer service platforms, data analytics, marketing/communication delivery (for consented messages), and identity/KYC verification. These service providers are contractually obligated to use the data only for the specific purposes for which We provide it to them and to implement appropriate security measures. 5.3. Legal and Regulatory Authorities: We may disclose Your personal data if required to do so by law, regulation, court order, subpoena, or other legal process, or in response to a valid request from government authorities, law enforcement agencies, or regulatory bodies (e.g., for tax compliance, fraud prevention, investigation). We may also disclose data to protect the rights, property, or safety of the Company, our Users, or the public, as permitted or required by law. 5.4. Business Transfers: In the event of a merger, acquisition, financing, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, Your personal data may be shared or transferred as part of that transaction, subject to confidentiality obligations and ensuring the receiving entity upholds similar privacy standards. 5.5. Affiliated Companies: We may share personal data within Our corporate group (parent company, subsidiaries, joint ventures – if applicable) for internal administrative, operational, or service delivery purposes, consistent with this Privacy Policy. 5.6. With Your Consent: We may share Your personal data with other third parties for purposes not listed above only when We have obtained Your explicit consent to do so.  

  1. DATA STORAGE AND RETENTION

6.1. Your personal data collected by Gajab.com will be stored and processed primarily on secure servers located within the Republic of India. 6.2. We will retain Your personal data only for as long as it is necessary to fulfill the specific purposes for which it was collected, as outlined in Section 4 (“How We Use Your Information”), including for satisfying any legal, regulatory, tax, accounting, reporting requirements, or for the establishment, exercise, or defense of legal claims. 6.3. The criteria used to determine retention periods include the nature and sensitivity of the personal data, the purposes for which We process it, applicable legal or regulatory retention requirements (e.g., data related to transactions for tax purposes), and the potential risk of harm from unauthorized use or disclosure. 6.4. Upon expiry of the necessary retention period, We will securely delete or anonymize Your personal data in accordance with applicable laws and Our internal policies, so that it can no longer be associated with You.

  1. DATA SECURITY

7.1. We implement reasonable security practices and procedures designed to protect Your personal data from unauthorized access, disclosure, use, alteration, loss, or destruction. These measures include appropriate technical, administrative, and physical safeguards, considering the nature and sensitivity of the personal data involved. 7.2. Examples of security measures may include encryption (such as SSL/TLS for data in transit), access controls, secure server infrastructure, regular security assessments, internal data handling protocols, and employee awareness training. We use payment gateways that are PCI DSS compliant for handling sensitive financial information. 7.3. However, please be aware that no method of transmission over the Internet or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your personal data, We cannot guarantee its absolute security. You are also responsible for maintaining the security of Your account credentials (OTP access methods).  

  1. YOUR RIGHTS AND CHOICES (UNDER DPDP ACT, 2023)

As a User (‘Data Principal’ under the DPDP Act), You have certain rights regarding Your personal data processed by Us. Subject to applicable law and verification of Your identity, these rights include:

8.1. Right to Access Information: You have the right to obtain from Us a summary of the personal data being processed, the processing activities undertaken with respect to Your personal data, and the identities of data processors or controllers with whom Your data has been shared (where applicable). 8.2. Right to Correction and Erasure: You have the right to request the correction of inaccurate or incomplete personal data, the completion of incomplete personal data, the updating of personal data, and the erasure of personal data that is no longer necessary for the purpose for which it was processed (unless retention is required for compliance with applicable law). 8.3. Right to Withdraw Consent: Where We rely on Your consent to process Your personal data, You have the right to withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing based on consent before its withdrawal. Upon withdrawal, We will cease processing Your data for the purpose(s) You previously consented to, unless We have another legitimate basis for doing so in law. Withdrawal may result in Your inability to access certain Services or features. 8.4. Right to Grievance Redressal: You have the right to register grievances regarding any potential violation of Your rights under the DPDP Act or this Privacy Policy with Our designated Grievance Officer (details in Clause 11). 8.5. Right to Nominate: You have the right to nominate another individual who, in the event of Your death or incapacity, can exercise Your rights under the DPDP Act on Your behalf.  

8.6. Exercising Your Rights: (a) You can exercise Your rights by submitting a verifiable request through the following designated channels: * By contacting the Grievance Officer via email at ravipatel@gajab.com. * [Optional: Add if available – Through the data management tools provided within Your Account settings on the Platform.] (b) We may need to request specific information from You to help Us verify Your identity and ensure Your right to access Your personal data or exercise any of Your other rights. This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. (c) We will respond to all verifiable requests within the timelines prescribed by applicable law. (d) Please note that Your rights (such as erasure) are not absolute and may be subject to limitations based on applicable law, such as overriding legal or regulatory obligations requiring Us to retain certain data.  

8.7. User Duties: As per the DPDP Act, 2023, You also have certain duties, including the duty not to impersonate another person while providing personal data, not to suppress any material information while providing personal data for documentation, not to furnish any false or frivolous grievance or complaint, and to furnish only verifiably authentic information when exercising rights like correction or erasure.

  1. COOKIES AND TRACKING TECHNOLOGIES

9.1. We use cookies and similar tracking technologies (like web beacons, pixels, scripts) to operate and improve the Platform, enhance Your user experience, analyze usage, and for other purposes. 9.2. For detailed information about the types of cookies We use, why We use them, and how You can manage Your cookie preferences, please refer to our separate Cookie Policy ([Link to Cookie Policy]).  

  1. INTERNATIONAL DATA TRANSFER

10.1. Your personal data collected by Us may be transferred to, stored at, or processed in locations outside of the Republic of India, for example, where Our affiliates, service providers (such as cloud hosting providers or analytics partners), or other third parties described in Section 5 are located or operate servers. 10.2. When We transfer Your personal data outside India, We will ensure that such transfers are conducted in compliance with the requirements of the Digital Personal Data Protection (DPDP) Act, 2023, and applicable rules. This includes ensuring the transfer is to a country providing an adequate level of data protection as recognized under Indian law, or implementing appropriate safeguards (such as standard contractual clauses approved by relevant authorities), or obtaining Your explicit consent for the transfer where required by law. We will take reasonable steps to ensure Your personal data receives an adequate level of protection in the destination jurisdiction.

  1. CHILDREN’S PRIVACY

11.1. The Platform and Services are intended for users who are 18 years of age or older, as stated in our Terms of Use. We do not knowingly collect personal data from individuals under the age of 18 (“Children”) without verifiable parental consent or unless they are using the Platform under the direct supervision and Account of a parent or legal guardian who has consented to these terms on their behalf (as outlined in the Terms of Use). 11.2. If We become aware that We have inadvertently collected personal data from a Child in violation of this policy, We will take reasonable steps to delete such information from Our records promptly. 11.3. If You are a parent or guardian and believe that Your child under 18 has provided Us with personal data without Your required consent or supervision according to our Terms, please contact our Grievance Officer immediately using the details provided below.

  1. GRIEVANCE OFFICER

12.1. In accordance with the Information Technology Act, 2000 and the rules made thereunder, and the Consumer Protection (E-commerce) Rules, 2020, the name and contact details of the Grievance Officer are provided below for registering grievances: * Name: Ravi Patel * Email: ravipatel@gajab.com * Contact: +91 84879 77366 12.2. Please refer to Clause 9.3 of our Terms of Use for the Grievance Redressal Mechanism.  

  1. CHANGES TO THIS PRIVACY POLICY

13.1. We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, service offerings, legal requirements, or technology. 13.2. We will notify You of any material changes by posting a prominent notice on the Platform or by sending an email notification to Your registered email address, providing reasonable advance notice where practicable. We will indicate at the top of the Policy when it was last updated. 13.3. For changes that require Your consent under the DPDP Act, 2023 (e.g., processing data for a new purpose not previously consented to), We will obtain Your explicit consent before the changes apply to Your data. For other non-material changes, Your continued use of the Platform or Services after the effective date of the revised Privacy Policy may constitute Your acceptance of the changes, where permitted by law. 13.4. We encourage You to review this Privacy Policy periodically to stay informed about how We are protecting Your information. If You do not agree with the changes, You must stop using the Platform and Services.  

  1. CONTACT US

If You have any questions, concerns, or grievances regarding this Privacy Policy or Our data protection practices, please contact our Grievance Officer using the details provided in Clause 12.

Scroll to Top
Chat on WhatsApp