Privacy Policy

Last Updated: November 18, 2025

At Ragavi, we value your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you visit our website www.ragavi.in or make a purchase from us.

This policy is designed in accordance with the Digital Personal Data Protection Act, 2023 (DPDPA), and other applicable Indian laws including the Information Technology Act, 2000.

By using our website or services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy.

Table of Contents

  1. Information We Collect
  2. How We Collect Your Information
  3. How We Use Your Information
  4. Legal Basis for Processing
  5. Sharing Your Information
  6. Data Security Measures
  7. Data Retention
  8. Your Rights as a Data Principal
  9. Cookies and Tracking Technologies
  10. Third-Party Services
  11. Children's Privacy
  12. International Data Transfers
  13. Data Breach Notification
  14. Updates to This Policy
  15. Grievance Officer & Contact Information

Information We Collect

Personal Information You Provide

When you create an account, place an order, or contact us, we may collect the following personal data:

Mandatory Information:

  • Full name
  • Email address
  • Mobile phone number
  • Shipping address
  • Billing address

Optional Information:

  • Date of birth (for special offers)
  • Gender (for personalized recommendations)
  • Alternate phone number

Payment Information

We do not store your complete credit/debit card details, CVV, or banking passwords on our servers. Payment processing is handled by our secure third-party payment gateways (Razorpay, PayU, or similar PCI-DSS compliant processors). We may retain:

  • Last 4 digits of your card for reference
  • Transaction ID and order confirmation details
  • Payment method used (card/UPI/wallet/COD)

Automatically Collected Information

When you visit our website, we automatically collect:

  • IP address
  • Browser type and version
  • Device type (mobile, desktop, tablet)
  • Operating system
  • Pages visited and time spent on each page
  • Referring website/source
  • Geographic location (city, state, country)
  • Date and time of visit

Information from Third Parties

We may receive information about you from:

  • Social media platforms (if you choose to sign in via Facebook, Google, etc.)
  • Delivery partners (shipment tracking and delivery confirmation)
  • Payment gateways (transaction status and fraud prevention)

How We Collect Your Information

We collect your personal data through:

  1. Direct Interactions: When you register, place an order, subscribe to newsletters, contact customer service, or fill out forms on our website
  2. Automated Technologies: Through cookies, web beacons, and analytics tools when you browse our website
  3. Third-Party Sources: From social login integrations, delivery partners, and payment processors

How We Use Your Information

We process your personal data for the following purposes:

Order Fulfillment (Contractual Necessity)

  • Processing and delivering your orders
  • Sending order confirmations and shipping updates
  • Managing returns, exchanges, and refunds
  • Handling payment processing

Customer Service (Contractual & Legitimate Interest)

  • Responding to your inquiries and support requests
  • Resolving disputes and complaints
  • Providing product information and assistance

Marketing & Communication (Consent-Based)

  • Sending promotional emails, SMS, and WhatsApp messages about new collections, sales, and offers
  • Personalized product recommendations based on browsing and purchase history
  • Sending surveys and feedback requests

You can opt out of marketing communications at any time by clicking the "Unsubscribe" link in emails, replying STOP to SMS, or contacting us at rajethnicjpr@gmail.com.

Website Improvement (Legitimate Interest)

  • Analyzing website traffic and user behavior
  • Improving website functionality and user experience
  • Troubleshooting technical issues
  • Conducting A/B testing for website optimization

Legal & Compliance (Legal Obligation)

  • Complying with tax, accounting, and regulatory requirements
  • Preventing fraud, unauthorized transactions, and security threats
  • Responding to legal requests from law enforcement or government authorities
  • Enforcing our Terms of Service and other policies

Legal Basis for Processing

Under the DPDPA, we process your personal data based on:

  1. Your Consent: For marketing communications, optional data collection, and cookie usage
  2. Contractual Necessity: To fulfill your orders and provide services you've requested
  3. Legal Obligation: To comply with tax laws, consumer protection regulations, and court orders
  4. Legitimate Interest: For website improvement, fraud prevention, and business analytics (balanced against your privacy rights)

Sharing Your Information

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. However, we may share your data with:

Service Providers & Business Partners

  • E-commerce Platform: Shopify (our website hosting and e-commerce platform provider, based in Canada) - for website functionality, order processing, and data storage
  • Payment Gateways: Razorpay, PayU, Paytm, PhonePe, or other payment processors - for secure payment processing
  • Logistics Partners: Delhivery, Blue Dart, India Post, or other courier services - for order shipment and delivery
  • Customer Communication: Gupshup, Interakt, or similar platforms - for sending order updates via SMS/WhatsApp (with your consent)
  • Email Service: Mailchimp, SendGrid, or similar - for sending order confirmations and marketing emails
  • Analytics Tools: Google Analytics, Facebook Pixel - for website traffic analysis and advertising

All third-party service providers are contractually obligated to protect your data and use it only for the specific purposes we authorize.

Legal Requirements

We may disclose your information when required by law or to:

  • Comply with legal processes, court orders, or government requests
  • Enforce our Terms of Service or other policies
  • Protect our rights, property, or safety, or that of our customers or the public
  • Prevent fraud, security breaches, or illegal activities

Business Transfers

In the event of a merger, acquisition, sale of assets, or bankruptcy, your personal data may be transferred to the successor entity. We will notify you via email and/or prominent notice on our website before your data is transferred.

Data Security Measures

We implement industry-standard security measures to protect your personal data:

Technical Safeguards

  • SSL/TLS Encryption: All data transmitted between your browser and our website is encrypted using 256-bit SSL certificates
  • Secure Servers: Data is stored on secure servers with firewall protection
  • PCI-DSS Compliance: Our payment gateways are PCI-DSS Level 1 certified
  • Regular Security Audits: We conduct periodic vulnerability assessments and penetration testing

Organizational Safeguards

  • Access Controls: Only authorized personnel have access to personal data on a need-to-know basis
  • Employee Training: Staff members are trained on data protection and confidentiality
  • Confidentiality Agreements: All employees and contractors sign non-disclosure agreements
  • Incident Response Plan: We have procedures in place to respond to data breaches

Account Security

  • Password Protection: Your account is protected by a password that only you know
  • Two-Factor Authentication: Available as an optional security feature (recommended)
  • Account Activity Monitoring: We monitor for suspicious login attempts

Important: While we strive to protect your data, no method of transmission over the internet or electronic storage is 100% secure. Please use a strong, unique password and do not share your account credentials with anyone.

Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law.

Retention Periods

  • Account Information: Retained as long as your account is active. After account deletion, retained for 90 days for recovery purposes, then permanently deleted
  • Order & Transaction Data: Retained for 7 years to comply with tax and accounting regulations
  • Marketing Preferences: Retained until you unsubscribe or delete your account
  • Website Analytics Data: Aggregated and anonymized data retained for 26 months
  • Support Communications: Retained for 3 years for quality assurance and dispute resolution
  • Legal Documents: Retained as required by applicable laws (typically 7-10 years)

Data Deletion

You can request deletion of your personal data at any time by contacting our Grievance Officer (see contact details below). We will delete your data within 48 hours of receiving your request, except where:

  • We are legally required to retain it (e.g., tax records)
  • It is necessary to complete a pending transaction or resolve a dispute
  • It is stored in backup systems (which are purged periodically)

Your Rights as a Data Principal

Under the Digital Personal Data Protection Act, 2023, you have the following rights:

1. Right to Access

You can request a copy of the personal data we hold about you. We will provide this information within 7 working days of your request.

2. Right to Correction

You can request correction of inaccurate or incomplete personal data. You can also update most information directly through your account settings.

3. Right to Erasure (Right to be Forgotten)

You can request deletion of your personal data, subject to legal retention requirements. We will provide 48 hours' notice before erasing any data.

4. Right to Withdraw Consent

You can withdraw your consent for marketing communications or optional data processing at any time without affecting the lawfulness of processing based on consent before withdrawal.

5. Right to Data Portability

You can request your personal data in a structured, commonly used, and machine-readable format (CSV or JSON).

6. Right to Nominate

You can nominate another person to exercise your rights in case of death or incapacity.

7. Right to Grievance Redressal

You can file a complaint with our Grievance Officer or escalate to the Data Protection Board of India if you believe your rights have been violated.

How to Exercise Your Rights

To exercise any of these rights, please:

  • Email us at: rajethnicjpr@gmail.com
  • Subject line: "Data Privacy Request - [Your Request Type]"
  • Include: Your full name, registered email/phone number, and specific request

We will respond to all requests within 7 working days and verify your identity before processing the request.

Cookies and Tracking Technologies

What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us provide a better user experience and analyze website performance.

Types of Cookies We Use

Essential Cookies (Required)

These cookies are necessary for the website to function and cannot be disabled:

  • Session cookies (expire when you close your browser)
  • Shopping cart cookies
  • Authentication cookies (to keep you logged in)

Analytics Cookies (Optional)

These cookies help us understand how visitors use our website:

  • Google Analytics (anonymized IP tracking)
  • Website performance metrics
  • Page view tracking and bounce rates

Marketing Cookies (Optional - Requires Consent)

These cookies are used for advertising and retargeting:

  • Facebook Pixel
  • Google Ads conversion tracking
  • Remarketing cookies

Managing Cookie Preferences

When you first visit our website, you will see a cookie consent banner. You can:

  • Accept all cookies
  • Reject optional cookies (only essential cookies will be used)
  • Customize your preferences

You can also manage cookies through your browser settings. However, disabling essential cookies may affect website functionality.

Note: Rejecting analytics and marketing cookies will not affect your ability to shop on our website.

Third-Party Services

Our website integrates with third-party services that may collect information about you:

Shopify

Our website is hosted on Shopify (based in Canada). Shopify provides the e-commerce platform and may access your data for hosting, security, and technical support. Shopify's privacy policy: https://www.shopify.com/legal/privacy

Payment Gateways

  • Razorpay (India): Processes payments and may store tokenized card information
  • PayU (India): Alternative payment processing
  • Privacy is governed by their respective privacy policies

Delivery Partners

  • DTDC, Xpressbees, ShreeMaruti, Delhivery, Blue Dart, India Post: Receive your name, phone number, and shipping address for delivery purposes

Google Services

  • Google Analytics: Tracks website traffic and user behavior (anonymized)
  • Google Ads: Enables remarketing campaigns
  • Privacy policy: https://policies.google.com/privacy

Facebook/Meta

  • Facebook Pixel: Tracks conversions and enables retargeting ads
  • Privacy policy: https://www.facebook.com/privacy/explanation

Communication Platforms

  • Gupshup/Interakt: Sends order updates via WhatsApp and SMS (with your consent)

We ensure all third-party services comply with data protection standards and have appropriate safeguards in place.

Children's Privacy

Our website and services are not intended for individuals under the age of 18 years. We do not knowingly collect personal data from minors.

Parental Consent Requirement

If you are under 18 years old:

  • You must obtain verifiable consent from your parent or legal guardian before using our services
  • We may request proof of parental consent through DigiLocker or other government-authorized methods
  • Your parent/guardian can exercise data rights on your behalf

If we discover that we have inadvertently collected personal data from a minor without proper parental consent, we will delete it immediately.

Parents/Guardians: If you believe your child has provided personal data to us without your consent, please contact us immediately at rajethnicjpr@gmail.com.

International Data Transfers

Shopify Data Storage

Your personal data may be stored on servers located outside India, as our e-commerce platform Shopify is based in Canada. Shopify complies with international data protection standards and has adequate safeguards in place.

Cross-Border Restrictions

We do not transfer your personal data to countries or entities that are restricted by the Government of India. If we need to transfer data internationally for any reason, we will:

  • Ensure the receiving country/entity has adequate data protection laws
  • Obtain your explicit consent before transfer
  • Use standard contractual clauses or other legal safeguards

Your Rights Regarding International Transfers

You have the right to:

  • Know which countries your data may be transferred to
  • Object to international data transfers (this may affect our ability to provide services)
  • Request that your data be stored only in India (subject to technical feasibility)

Data Breach Notification

In the unlikely event of a personal data breach that may result in a risk to your rights and freedoms, we will:

  1. Notify You: Within 72 hours of becoming aware of the breach via email, SMS, or prominent website notice
  2. Inform Authorities: Report the breach to the Data Protection Board of India as required by law
  3. Provide Details: Describe the nature of the breach, categories of data affected, and potential consequences
  4. Remedial Actions: Explain the measures we are taking to address the breach and prevent future incidents
  5. Guidance: Provide recommendations on steps you can take to protect yourself (e.g., changing passwords)

What You Should Do

If we notify you of a breach:

  • Change your password immediately
  • Monitor your accounts for suspicious activity
  • Be cautious of phishing emails claiming to be from Ragavi
  • Contact us if you notice any unauthorized use of your information

Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or business operations.

How We Notify You

  • Email Notification: For significant changes, we will send an email to your registered email address
  • Website Banner: A prominent notice will be displayed on our website
  • Updated Date: The "Last Updated" date at the top of this policy will be revised

Your Responsibility

By continuing to use our website or services after the updated policy becomes effective, you acknowledge and accept the changes. We encourage you to review this policy periodically.

If you do not agree with any changes, please discontinue using our services and contact us to delete your account.

Grievance Officer & Contact Information

For any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact our designated Data Protection Officer / Grievance Officer:

Name: Ragavi Data Protection Officer
Email: rajethnicjpr@gmail.com
Phone: +91 72720 54054
Address:
Ragavi
H-135, Behind Royal Enfield Showroom
RIICO Industrial Area, Mansarovar, Jaipur, Rajasthan - 302018
India

Response Time: We aim to respond to all privacy-related inquiries within 7 working days.

Escalation to Data Protection Board

If you are not satisfied with our response or believe your rights under the DPDPA have been violated, you may file a complaint with:

Data Protection Board of India
Website: [To be announced by Government of India]
Email: [To be announced by Government of India]

Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of India. Any disputes arising from this policy or our data practices shall be subject to the exclusive jurisdiction of the courts in Jaipur, Rajasthan.

Your Consent

By using our website or services, you consent to the collection, use, and processing of your personal data as described in this Privacy Policy.

You have the right to withdraw your consent at any time by contacting us at rajethnicjpr@gmail.com.

Important Legal Disclaimers

  • No Liability for Third-Party Websites: Our website may contain links to third-party websites. We are not responsible for the privacy practices of these external sites.
  • Force Majeure: We shall not be held liable for any failure to protect your data due to circumstances beyond our reasonable control (e.g., natural disasters, cyber attacks, government actions).
  • Accuracy of Information: While we strive to keep your personal data accurate and up to date, you are responsible for ensuring the information you provide is correct.

Additional Information for Specific User Categories

Vendors & Suppliers

If you are a vendor or supplier, we may collect your business contact information, GST details, and banking information for commercial purposes. This data is retained for 7 years as per accounting regulations.

Job Applicants

If you apply for a job with Ragavi, we collect your resume, contact information, and employment history. This data is retained for 12 months unless you are hired, in which case it becomes part of your employee record.

Business Customers (Wholesale/Bulk Orders)

For business or corporate customers, we may collect company name, GST number, and authorized representative details. Standard data retention periods apply.

Thank you for trusting Ragavi with your personal information. We are committed to protecting your privacy and ensuring transparency in how we handle your data.

For further assistance or queries, please don't hesitate to contact us at:
rajethnicjpr@gmail.com
+91 72720 54054
www.ragavi.in

This Privacy Policy was last updated on November 18, 2025.