CLOUDMART

PRIVACY POLICY

Effective Date: 04-10-2025

Platform: www.cloudmartindia.com | Contact: info@cloudmartindia.com

Cloud Mart [Partnership Firm], Gauribidanur, Chickaballapur, Karnataka, India

1. Overview

Cloud Mart ("we," "our," or "us") is committed to protecting the privacy and personal data of all individuals who access or use our e-commerce platform at www.cloudmartindia.com ("Platform"). This Privacy Policy ("Policy") explains in clear and transparent terms how we collect, use, store, share, protect, and delete your personal data.

This Policy applies to all persons accessing the Platform, including Buyers, Sellers, registered users, and visitors. By accessing or using our Platform, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy.

If you do not agree with any part of this Policy, please discontinue use of our Platform immediately. You may also contact our Data Protection Officer (DPO) to exercise your rights as described in Section 5.

 

2. Legal Framework and Scope

This Policy is prepared in compliance with the following applicable laws and regulations in India:

•         The Information Technology Act, 2000 (IT Act)

•         The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules)

•         The Digital Personal Data Protection Act, 2023 (DPDP Act) and rules framed thereunder

•         The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021

•         The Consumer Protection Act, 2019 and Consumer Protection (E-Commerce) Rules, 2020

 

This Policy applies to all personal data collected through the Platform, including data provided by Buyers, Sellers, business partners, and general visitors. It covers data collected via the website, mobile application, email, telephone, and any other channel through which you interact with Cloud Mart.

 

3. Information We Collect

3A. Personal Information (Provided by You)

Information that can identify you directly or indirectly, which you provide when registering, purchasing, or communicating with us:

•         Full name and date of birth

•         Email address and mobile phone number

•         Billing address and shipping / delivery address

•         Payment details — processed exclusively via secure, PCI-DSS compliant third-party payment gateways; Cloud Mart does not store full card numbers

•         GSTIN, PAN, and business registration details (for Sellers)

•         Identity documents submitted for KYC verification (where required)

•         Communications, reviews, feedback, and support messages you send us

 

3B. Non-Personal / Technical Information (Collected Automatically)

Data automatically collected when you interact with our Platform, used to improve functionality and security:

•         Device information (browser type, operating system, device model, screen resolution)

•         IP address and approximate geographic location (country/city level)

•         Usage data: pages visited, time spent, clicks, search queries, and navigation paths

•         Cookies, web beacons, pixel tags, and local storage data (see Section 9)

•         Crash reports and performance analytics

 

3C. Sensitive Personal Data (SPDI) — as per IT Rules, 2011

•         Financial information: bank account details, UPI IDs, payment card details (via secure gateway only)

•         Passwords and authentication credentials (stored in hashed/encrypted form — never in plain text)

•         Biometric data (only if used for future authentication features — with explicit prior consent)

•         Any other information categorised as 'sensitive' under the SPDI Rules or DPDP Act, 2023

 

3D. Seller-Specific Data

For registered Sellers, we additionally collect:

•         Business name, type, and registration certificates

•         GSTIN and GST filing details

•         Bank account information for payout processing

•         Product listing data, pricing, and inventory information

•         Order fulfillment records and logistics data

 

4. Purpose of Data Collection and Processing

Cloud Mart processes your personal data only for lawful, specific, and clearly defined purposes. We will not process your personal data for any purpose inconsistent with those stated below without obtaining your explicit consent:

1.       Order Processing and Fulfillment: To receive, process, dispatch, and deliver orders placed on the Platform.

2.       Account Management: To create and manage your user or Seller account, verify identity, and provide access to Platform features.

3.       Customer and Seller Support: To respond to queries, complaints, returns, and disputes.

4.       Fraud Prevention and Security: To detect, investigate, and prevent fraudulent transactions, identity theft, and security breaches.

5.       Legal and Regulatory Compliance: To comply with applicable laws, court orders, tax obligations, and regulatory requirements.

6.       Communications: To send transactional communications (order confirmations, shipping updates, invoices). Marketing communications are sent only where you have given explicit consent and you may opt out at any time.

7.       Platform Improvement and Personalisation: To analyse usage patterns and improve the Platform's features, performance, and user experience.

8.       Seller Payouts and Tax: To process Seller payments, deduct applicable TDS, and issue tax-related documents.

9.       Analytics and Research: To conduct internal research and analytics to improve our services, always using aggregated and anonymised data where possible.

 

 

5. Consent and Your Rights Under the DPDP Act, 2023

By using our Platform, you provide your consent to the collection and processing of your personal data as described in this Policy. Consent for sensitive personal data and marketing communications is obtained separately and explicitly.

Under the Digital Personal Data Protection Act, 2023, you have the following rights with respect to your personal data:

 

Your Right	What It Means	How to Exercise
Right to Access	Request a copy of the personal data we hold about you.	Email DPO with subject: 'Data Access Request'
Right to Correction	Request correction of inaccurate or incomplete personal data.	Email DPO or update via your account settings.
Right to Erasure	Request deletion of your personal data, subject to legal retention requirements.	Email DPO with subject: 'Erasure Request'. We will comply within 30 days.
Right to Withdraw Consent	Withdraw consent for marketing communications or optional data processing at any time.	Use the unsubscribe link in emails or email the DPO.
Right to Grievance Redressal	File a complaint about how your data is handled. You may also escalate to the Data Protection Board of India.	Contact the Grievance Officer / DPO (see Section 13).
Right to Data Portability	Request your data in a structured, machine-readable format where technically feasible.	Email DPO with subject: 'Portability Request'.
Right to Nominate	Nominate another individual to exercise your rights on your behalf in the event of death or incapacity (DPDP Act, 2023).	Submit a written nomination to the DPO.

 

To exercise any of the above rights, please contact our Data Protection Officer (DPO) at rakesh@cloudmartindia.com with a clear description of your request. We will respond within 30 days and may require identity verification before processing your request.

 

6. Sharing and Disclosure of Personal Data

Cloud Mart does not sell, rent, or trade your personal data to third parties for their own marketing or commercial purposes. Your personal data may be shared only under the following lawful and necessary circumstances:

10.   Sellers and Marketplace Partners: Your name, delivery address, and contact details are shared with the relevant Seller or logistics partner solely for the purpose of processing and delivering your order.

11.   Payment Gateway Providers: Payment information is transmitted to PCI-DSS compliant third-party payment processors (e.g., Razorpay, PayU, CCAvenue) under strict security standards. Cloud Mart does not store full payment card numbers.

12.   Logistics and Courier Partners: Shipping information is shared with authorised logistics providers for delivery and tracking.

13.   IT Service Providers and Cloud Infrastructure: Data may be stored or processed by contracted technology vendors under strict confidentiality and data processing agreements.

14.   Legal Authorities: We may disclose personal data to government bodies, law enforcement agencies, or courts when required by law, court order, or regulatory investigation.

15.   Business Transfers: In the event of a merger, acquisition, restructuring, or sale of assets, your personal data may be transferred to the successor entity. You will be notified of any such transfer via email or a prominent notice on the Platform with at least 15 days' advance notice.

 

 

7. Data Storage and Security

Cloud Mart implements reasonable and appropriate technical, administrative, and organisational security measures to protect your personal data from unauthorised access, disclosure, alteration, loss, or destruction, as required under the SPDI Rules, 2011 and DPDP Act, 2023:

•         SSL/TLS encryption for all data transmitted over the internet

•         AES-256 encryption for sensitive data stored at rest

•         Passwords stored exclusively in hashed form using industry-standard algorithms (e.g., bcrypt)

•         Role-based access controls limiting employee access to personal data on a need-to-know basis

•         Regular security audits, penetration testing, and vulnerability assessments

•         Data minimisation: only necessary data is collected and retained

•         Incident response plan with defined data breach notification procedures

 

In the event of a personal data breach that is likely to result in risk to your rights or freedoms, Cloud Mart will notify the Data Protection Board of India and the affected individuals as required under the DPDP Act, 2023, within the prescribed timeline.

 

8. Data Retention

We retain your personal data only for as long as is necessary to fulfill the purposes for which it was collected, or as required by applicable law:

•         Order and transaction data: 7 years (as required under GST, Income Tax, and accounting laws)

•         Account data: For the duration of your active account, plus 2 years after account closure

•         Return and dispute records: 3 years from the date of resolution

•         Marketing consent records: Until consent is withdrawn, plus 1 year thereafter

•         Security and fraud prevention logs: Up to 3 years

•         KYC and identity documents (Sellers): 5 years from account closure or last transaction

 

Upon expiry of the applicable retention period, or upon a valid erasure request (where no legal retention obligation overrides), your personal data will be securely deleted or irreversibly anonymised.

 

9. Use of Cookies and Tracking Technologies

Our Platform uses cookies, web beacons, pixel tags, and similar tracking technologies to enhance your browsing experience and improve our services. The types of cookies we use are:

•         Strictly Necessary Cookies: Essential for the Platform to function correctly (e.g., login sessions, shopping cart). These cannot be disabled.

•         Performance and Analytics Cookies: Help us understand how users interact with the Platform (e.g., Google Analytics). Used in anonymised/aggregated form.

•         Functionality Cookies: Remember your preferences (e.g., language, region) to personalise your experience.

•         Targeting/Advertising Cookies: Used to deliver relevant advertisements. Applied only with your explicit consent.

 

You can manage your cookie preferences through your browser settings or our Cookie Consent Manager (accessible on the Platform). Please note that disabling certain cookies may affect the functionality of some Platform features.

 

10. Cross-Border Data Transfers

Cloud Mart primarily stores and processes personal data within India. However, where data is transferred to countries outside India (for example, to cloud infrastructure providers or analytics tools), we ensure such transfers comply with applicable legal requirements under the DPDP Act, 2023, including:

•         Transfer only to countries or entities approved or notified by the Central Government of India

•         Binding contractual data transfer agreements requiring the recipient to maintain equivalent data protection standards

•         Transfer limited strictly to what is necessary for the stated purpose

 

11. Children's Privacy

Our Platform is not directed to, and is not intended for use by, individuals under the age of 18 years. We do not knowingly collect, process, or store personal data from minors.

If you are a parent or guardian and believe that your child has provided personal data to Cloud Mart without your consent, please contact our DPO immediately at rakesh@cloudmartindia.com. We will promptly investigate and delete such data upon verification.

Under the DPDP Act, 2023, processing of personal data of children requires verifiable parental consent and additional safeguards. Cloud Mart does not conduct behavioural tracking or targeted advertising directed at children.

 

12. Third-Party Links and Services

The Platform may contain links to third-party websites, payment portals, social media platforms, or embedded content. Cloud Mart is not responsible for the privacy practices, data collection, or content of such third-party sites. We recommend reviewing the privacy policies of any third-party service you access through our Platform.

 

13. Grievance Officer / Data Protection Officer (DPO)

In compliance with the IT (Intermediary Guidelines) Rules, 2021 and the DPDP Act, 2023, Cloud Mart has appointed the following officer to handle privacy-related grievances, data rights requests, and data protection matters:

 

Name: Rakesh KM

Designation: Grievance Officer / Data Protection Officer (DPO)

Email: rakesh@cloudmartindia.com

Address: Assessment No. 1190/1124/A, 2nd Floor, Bank Colony, VV Puram, Gauribidanur, Chickaballapur, Karnataka — 561208

Response Time: Acknowledgement within 24 hours; Resolution within 15 working days from receipt of complaint

 

 

14. Policy Updates and Revisions

Cloud Mart may revise this Privacy Policy periodically to reflect changes in applicable law, technology, business practices, or our data processing activities. When we make material changes, we will:

•         Post the updated Policy on this page with a revised Effective Date

•         Send a notification to your registered email address (for material changes affecting your rights)

•         Display a prominent notice on the Platform at least 7 days prior to the changes taking effect

 

Your continued use of the Platform after the revised Policy takes effect constitutes your acceptance of the updated terms. We encourage you to review this Policy regularly.

 

15. Governing Law and Jurisdiction

This Privacy Policy shall be governed by and construed in accordance with the laws of the Republic of India, including the IT Act, 2000, the SPDI Rules, 2011, and the DPDP Act, 2023. Any disputes arising from or relating to this Policy shall be subject to the exclusive jurisdiction of the competent courts located in Bengaluru, Karnataka, India.

 

16. Contact Us

For any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact us:

 

General Inquiries: info@cloudmartindia.com

Privacy / DPO Contact: rakesh@cloudmartindia.com

Website: www.cloudmartindia.com/privacy-policy

Address: Cloud Mart, Gauribidanur, Chickaballapur, Karnataka, India — 561208