Privacy Policy

Last Updated: [November 14, 2024]

This Privacy Policy describes how Twish (the "Site" or "we") collects, uses, and discloses your Personal Data when you visit, make a purchase from, or otherwise interact with the Site.

1. Data Fiduciary & Applicability

  • Data Fiduciary (The Entity Responsible): Twish (or your full legal business name and address in India).
  • Applicability: This policy applies to the processing of digital personal data within India and any data processing outside of India relating to the offering of goods or services to individuals in India, in accordance with the Digital Personal Data Protection Act, 2023.

2. Personal Data We Collect (and Why)

We collect personal data to fulfill orders, process payments, and provide customer support (our "specified purpose"). We will only collect data that is necessary for these lawful purposes.

Category of Data Specific Data Points Collected Purpose of Processing (Why We Need It)
Contact & Order Data Name, billing address, shipping address, email address, phone number. To process and fulfill your order, send order and shipping updates, and communicate about your purchase.
Payment Data Credit/Debit card details (last four digits, expiration), other payment instrument details. To process payments. Note: Full payment details are processed securely by our third-party payment gateway (e.g., Razorpay, PayPal, or Shopify Payments) and are not stored by Twish.
Usage & Technical Data IP address, browser type, device type, operating system, pages viewed, time spent on site, referring website. To improve website performance, for fraud prevention, to analyze and understand customer behavior, and for targeted advertising.
Marketing Data Email address, purchase history, products viewed. To send you promotional emails and special offers (with your explicit consent).

 

3. How We Collect Your Data (Consent & Notice)

We collect Personal Data in the following ways:

  1. Directly from You: When you register an account, place an order, sign up for our newsletter, or contact customer support.
  2. Automatically: Through cookies, log files, web beacons, and other tracking technologies when you browse the Site.
  3. From Third Parties: From partners like Shopify (our e-commerce platform), payment processors, or social media platforms, only to the extent necessary to fulfil our services.

Consent Requirement (As per DPDP Act): By using our Site and providing your personal data, you provide free, specific, informed, unconditional, and unambiguous consent for us to process your data for the specified purposes outlined in this policy. You have the right to withdraw this consent at any time (see Section 6).

4. Sharing Your Personal Data

We share your Personal Data with third parties only to the extent necessary to deliver our services, and under contractual obligations to ensure they protect your data.

  • Service Providers: We share necessary data with third parties to perform services on our behalf, such as:
    • Shopify: Our e-commerce platform, which processes your order and browsing data.
    • Payment Processors: Banks and payment gateways (e.g., PayU, Stripe) to securely process financial transactions.
    • Logistics Partners: Courier companies (e.g., Delhivery, Blue Dart) for order delivery.
    • Marketing Tools: Email service providers (e.g., Mailch) for sending marketing communications (only with your consent).
  • Legal & Compliance: We may disclose your data if required by Indian law, in response to a court order, or to protect our rights or the rights of others.

5. Security and Data Retention

  • Security Measures (Reasonable Security Practices): We implement reasonable physical, technical, and administrative security measures (including encryption and secure storage) to protect your Personal Data from unauthorized access, disclosure, alteration, or destruction.
  • Data Retention (Storage Limitation): We retain your Personal Data only for as long as necessary to fulfill the purpose for which it was collected (e.g., to process orders, manage warranties, and maintain your account) or as required by law (e.g., tax and accounting records). Once the purpose is no longer served, we will securely erase or anonymize the data.

6. Your Rights as a Data Principal (Data Choices)

Under the DPDP Act, you have enhanced control over your data. You have the right to:

  1. Right to Information: Request information about the processing of your data, including the categories of data collected and the purposes of processing.
  2. Right to Access: Request access to a summary of your personal data being processed.
  3. Right to Correction & Completion: Request the correction, completion, or updation of inaccurate or incomplete personal data.
  4. Right to Erasure (Withdrawal of Consent): Withdraw your consent to the processing of your Personal Data and request its erasure, unless retention is necessary for a legal obligation.
  5. Right to Grievance Redressal: Lodge a complaint with our Grievance Officer and, if unresolved, with the Data Protection Board of India.

How to Exercise Your Rights: Please send an email with the subject line "DPDP Request" to our Grievance Officer (contact details below). We will respond to your request within a reasonable and legally specified timeframe.

7. Grievance Redressal Contact

For all questions, concerns, or to exercise your rights under this policy, please contact our designated Grievance Officer:

  • Grievance Officer Name: Padma Sharma
  • Email: care@twish.me
  • Address: B607, 51 Uttarahalli Main Road, Bangalore 560061
  • Phone: +91 9980908679