Privacy Policy

PREAMBLE

Jynex Ventures Private Limited, a company duly incorporated and registered under the Companies Act, 2013, bearing Corporate Identification Number U46301KA2025PTC204002, and having its principal registered office at #28/1, 1st Floor, 1st Cross, 15th Main Road, E Block, Sahakarnagar Post, Bangalore 560092, Karnataka, India (hereinafter referred to as the “Company” “we” “us” “our” or “Jynex“), is engaged in the business of providing digital commerce and supply chain management solutions through its proprietary platforms, namely Quiksy (B2B platform) and Quikart (B2C platform) (collectively hereinafter referred to as the “Platform” or “Services“).

The Company, in its capacity as a Data Fiduciary as defined under the Digital Personal Data Protection Act, 2023, does hereby establish and publish this comprehensive Privacy Policy (hereinafter referred to as the “Policy“) which shall govern and regulate the collection, acquisition, use, storage, processing, disclosure, transfer, and protection of personal data of all individuals (hereinafter referred to as “Data Principal” “you” “your” “User” or “individual“) who access, browse, register, or utilize the Platform and avail of the Services offered thereon.

The Company is committed to maintaining the highest standards of data protection, privacy, and confidentiality in accordance with the mandates of the Digital Personal Data Protection Act, 2023 (“DPDP Act“), the Information Technology Act, 2000, and all other applicable laws, rules, regulations, and notifications issued by the competent authorities of the Government of India;

NOW, THEREFORE, in consideration of the mutual covenants and agreements hereinafter contained and in further consideration of your access to and use of the Platform and Services, the Company and all Users hereby enter into this legally binding electronic record of Privacy Policy, which shall constitute a valid and enforceable contract between the Company and the User in accordance with the Indian Contract Act, 1872, the Information Technology Act, 2000, and all other applicable laws governing electronic transactions in India.

1 DEFINITIONS, INTERPRETATIONS, AND LEGAL TERMINOLOGY

1.1 For the purposes of this Privacy Policy, and unless the context otherwise mandates a different interpretation, the following terms and expressions shall bear the meanings respectively ascribed to them:

  • Personal Data” shall mean any information relating to an identified or identifiable natural person who can be directly or indirectly identified in relation to such information, as comprehensively defined and specified under Section 2(k) of the Digital Personal Data Protection Act, 2023, and shall include all data categories enumerated in Schedule 1 hereto.
  • Processing” shall mean any automated or non-automated operation or set of operations performed upon personal data, including but not limited to the collection, acquisition, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by means of transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction thereof.
  • Data Fiduciary” shall mean the Company, constituting the legal entity which, either alone or jointly with others, determines the purpose and means of processing of personal data, as defined under Section 2(c) of the DPDP Act, 2023.
  • Data Principal” shall mean any individual to whom personal data relates or whose personal data is being acquired, stored, processed, transferred, or utilised by the Company in any manner whatsoever.
  • Sensitive Personal Data” shall mean personal data relating to passwords, financial information, banking details, biometric data, genetic data, health information, caste, religion, or such other categories as may be notified by the Government of India under the DPDP Act, 2023.
  • Processing” shall bear the meaning ascribed to it under Section 2(m) of the DPDP Act, 2023.
  • Lawful Purpose” shall mean any purpose consistent with, authorised by, and in compliance with applicable laws and regulations of the Republic of India, including but not limited to the DPDP Act, 2023, Information Technology Act, 2000, Goods and Services Tax Law, and all other relevant statutes.
  • Verifiable Consent” shall mean consent that is freely given, specific, informed, unconditional, and unambiguous in nature, provided by the Data Principal for processing of personal data, and demonstrated through a clear affirmative action on the part of the Data Principal.
  • Data Processor” shall mean any natural or legal entity, including third-party service providers, vendors, contractors, and agents, which processes personal data on behalf of the Company as per the terms of contractual agreements or as mandated by applicable law.
  • Processing” shall mean any operation performed on personal data, whether automated or not, as comprehensively defined under Section 2(m) of the DPDP Act, 2023.
  • Legitimate Use” shall mean the processing of personal data without the prior consent of the Data Principal in circumstances authorised under Section 7 of the DPDP Act, 2023, including voluntary disclosure, statutory obligations, employment relationships, medical emergencies, and platform functioning.
  • Personal Data Breach” or “Data Breach” shall mean any unauthorised or unlawful processing, accidental or intentional destruction, loss, alteration, unauthorised disclosure, or access to personal data transmitted, stored, or otherwise processed by the Company.
  • Platform” shall mean the digital commerce platforms operated by the Company, namely Quiksy (B2B platform) and Quikart (B2C platform), including all associated websites, mobile applications, application programming interfaces (APIs), and service offerings.
  • Services” shall mean all products, services, solutions, and functionalities offered by the Company through the Platform, including but not limited to account creation, order processing, payment facilitation, delivery coordination, customer support, and analytics.

2 PERSONAL DATA COLLECTED BY THE COMPANY

2.1 The Company collects, acquires, and processes various categories of personal data from individuals accessing or utilising the Platform across both B2B (Quiksy) and B2C (Quikart) operating segments. Such collection is undertaken strictly in accordance with applicable law and only for the specified lawful purposes enumerated herein. The Company adheres to the principle of data minimisation and collects only such personal data as is necessary and relevant for the specified purposes.

2.2 The Company may collect the following categories of personal identification information for the purposes of account creation, identity verification, and user authentication:

  • Full legal name or legal designation;
  • Valid electronic mail address;
  • Telephone number, including mobile and/or fixed line contact numbers;
  • Residential address, business address, and correspondence address;
  • Age, date of birth, and gender;
  • Photograph, signature, and profile information;
  • Government-issued identification proofs, including but not limited to Aadhaar card, Permanent Account Number (PAN), Driving License, Passport, Voter ID card, or equivalent identity documentation;
  • Proof of residence and address verification documents;
  • Emergency contact information and alternate contact numbers.

2.3 For B2B users, retailers, wholesalers, and business entities utilising the Quiksy platform, the Company may collect the following categories of business-related and regulatory compliance information:

  • Goods and Services Tax Identification Number (GSTIN) and GST registration certificate;
  • Permanent Account Number (PAN) of business entity and authorised signatory;
  • Trade License details, license number, and validity period;
  • Business registration documents and certificates issued by competent authorities;
  • Nature of business, industry classification, and product/service category classification;
  • Business premises address, operational location, and multiple branch addresses;
  • Business contact details, business email address, and authorised representative information;
  • Udyam Registration details, formerly known as Micro, Small and Medium Enterprises (MSME) registration;
  • Food Safety and Standards Authority of India (FSSAI) license details for food and beverage businesses;
  • Shop and Establishment Act registration details and certificates;
  • Factory license, industrial permit, industrial license, and other regulatory authorisations as applicable;
  • Details of authorised signatories, proprietors, partners, directors, and key management personnel;
  • Banking information and business banking details for settlement purposes.

2.4 The Company may collect the following comprehensive billing and transactional information to facilitate service delivery, maintain accurate records, and ensure compliance with statutory obligations:

  • Order details, order number, order date, and order history; Invoice and billing records, bill number, and bill date; Purchase amounts, billing amounts, and transaction value; Payment reference details and unique transaction identifiers; Payment method information, payment mode, and payment gateway details (excluding sensitive payment instrument details as per RBI guidelines); Refund and cancellation transaction records; Delivery and shipment tracking information; Returned or exchanged product details and return reasons; Credit note and debit note information; Billing APK Data: Comprehensive information generated, submitted, or processed through the Company’s proprietary billing application and point-of-sale system, including: Shop profile information and shop registration details; Product catalog selections, product addition, and product modification; Customer billing information and invoice data; Payment mode data, payment frequency, and credit transaction details; Inventory updates, stock adjustments, and stock movement records; Sales settlements and collection statements; Low-stock notifications and inventory alerts; End-of-day sales summaries and transaction reconciliation data; Historical billing and transaction logs; Demand analysis data and sales performance metrics.
  • Delivery address (which may differ from registered residential or business address); Geolocation data and GPS coordinates (collected only upon explicit user enablement and consent); Location-based information and position coordinates; Delivery slot preferences, delivery time preferences, and special delivery instructions; Pickup location information and collection point details;  Delivery status information and real-time tracking updates; Recipient information and delivery contact details; Delivery feedback and delivery experience ratings.
  • Internet Protocol (IP) address and Internet Service Provider (ISP) information; Device identifiers, including International Mobile Equipment Identity (IMEI), Unique Device Identifier (UDID), or equivalent unique device identifiers; Device type, device model, manufacturer, and device specifications; Operating system information, version, and updates; Browser type, version, settings, and capabilities; Mobile network information and carrier details; Application logs, session data, and session identifiers; Hardware specifications, processor information, and device capabilities; Clickstream data, navigation patterns, and user flow information; Error logs, diagnostic information, and performance metrics; Cookies and similar tracking technologies (further detailed in Section 9); User agent information and device fingerprinting data; Connection speed and bandwidth information.
  • Chat and message communications with customer support personnel; Call recordings (only upon explicit consent where applicable and permitted by law); Electronic mail communications and email correspondence; Support ticket details, ticket number, and support request history; Feedback submissions, complaints, and grievance details; Survey responses, feedback data, and user satisfaction ratings; Social media interactions, mentions, and communications; User-generated content, product reviews, and testimonials; Comments, suggestions, and feature requests; Customer service interaction records and communication logs.
  • Search queries and browsing activity on the Platform; Product views, product preferences, and product comparison data; Wishlist items, saved items, and bookmarked content; Page visit duration, session duration, and time-on-site metrics; Navigation patterns, page transition sequences, and user journey data; Feature usage analytics, interaction metrics, and engagement data; Performance data related to Platform utilisation and feature adoption; User behaviour patterns for analytical and statistical purposes; Demand patterns, market trend data, and purchasing behaviour analysis; Aggregated and anonymised data for analytics and research purposes; Personalization preferences and user preference settings; Click-through rates, conversion rates, and interaction rates.
  • Data obtained from social media platforms (where account connection has been explicitly authorised by the user); Public business registries and government databases (for verification and compliance purposes); Payment gateway data processed by authorised third-party payment partners; Credit and financial history information (where required for KYC verification or credit assessment); Verification data from authorised public databases, government agencies, and third-party verifiers; Information provided by delivery and logistics partners regarding delivery status and logistics; Data from business partners and integrations as consented by the user.

3 PURPOSES AND LAWFUL BASES FOR PROCESSING

3.1 The Company may process personal data for the following primary and essential purposes, which are necessary for the delivery of Services and operation of the Platform:

  • The Company may process personal data for the purpose of facilitating user registration, account creation, profile establishment, and account management. This includes account creation and user profile setup on the Platform; identity verification and Know Your Customer (KYC) verification in accordance with applicable regulatory requirements; business registration and business credential verification; age verification and determination of user eligibility; verification of identity and business credentials through government databases, Aadhaar verification, PAN verification, and other authorised public databases as required under applicable law; multi-factor authentication and security verification; user authentication and login credential management.
  • The Company may process personal data for the purposes of facilitating, processing, and managing customer orders and transactions. This includes: processing customer orders and purchase requests; order confirmation and status updates; facilitating payment processing and settlement through authorised payment partners; invoice and receipt generation; processing refunds, returns, exchanges, and cancellations; dispute resolution and transaction reconciliation; order tracking and customer notification regarding order status; management of customer accounts and transaction history.
  • The Company may process personal data for the purposes of coordinating delivery services and ensuring timely and accurate product delivery. This includes: coordination with third-party logistics service providers; generation of delivery addresses and delivery tracking information; communication of delivery schedules, delivery updates, and delivery notifications; management of delivery exceptions, delivery delays, and contingency situations; facilitation of pickup services and drop-off services; delivery confirmation and delivery feedback collection; returns and reverse logistics management.
  • The Company may process personal data for the purposes of providing customer support, addressing customer concerns, and ensuring service quality. This includes: responding to customer inquiries, questions, and support requests; resolving customer complaints, grievances, and disputes; providing technical support and troubleshooting assistance; following up on orders, service delivery, and customer satisfaction; maintenance of support ticket history and customer interaction records; feedback collection and customer satisfaction surveys.

3.2 The Company may process personal data for the purposes of complying with applicable laws, regulations, and statutory obligations. This includes: goods and Services Tax (GST) filing, reporting, and compliance; invoicing requirements under applicable tax laws and regulations; accounting record maintenance, financial record-keeping, and audit trails; corporate governance, statutory compliance, and regulatory filings; reporting to government agencies and competent authorities as mandated by applicable law; Anti-money laundering (AML) compliance and Know Your Customer (KYC) regulatory requirements; record maintenance and documentation in compliance with the Information Technology Act, 2000; compliance with the Digital Personal Data Protection Act, 2023, and applicable data protection regulations; compliance with the Aadhaar Act, 2016 (where applicable); compliance with the Bharatiya Nyaya Sanhita, 2023, and other criminal statutes; regulatory inspections and audits by competent authorities.

3.3 The Company may process personal data for the purposes of improving the Platform, optimising service delivery, and generating business insights. This includes: Platform performance analysis, optimisation, and enhancement; technical error detection, identification, and resolution; User interface (UI) and user experience (UX) improvement; testing of new features, functionalities, and services; analytics and market insight generation; demand pattern analysis and demand forecasting; market trend identification and consumer preference analysis; product popularity assessment and performance evaluation; inventory optimisation and supply chain improvements; Service efficiency improvements and operational optimisation; User behaviour analysis for personalisation and recommendation systems; performance metrics analysis and key performance indicator (KPI) tracking.

3.4 The Company may process personal data for the purposes of maintaining security, preventing fraud, and managing risks. This includes: detection and prevention of fraudulent transactions and fraudulent activities; risk assessment and credit risk evaluation; security monitoring and threat detection; investigation of suspicious activities and unauthorised access attempts; dispute resolution and chargeback management; data security implementation and security measure monitoring; data breach detection, investigation, and incident response; account security and password protection management; prevention of abuse and misuse of the Platform; maintenance of audit trails and transaction logging for security purposes.

3.5 The Company, in its capacity as an e-commerce aggregator, may process personal data for the purposes of managing marketplace operations. This includes management of product listings and catalogue information; facilitation of transactions between suppliers/retailers and consumers; Product discovery and price comparison functionality; fairness and transparency in marketplace operations; supplier and consumer relationship management; rating, review, and feedback management; dispute resolution between suppliers and consumers.

4 LAWFUL BASIS AND LEGAL GROUNDS FOR PROCESSING

4.1 The Company shall, as a general principle, obtain verifiable consent from Data Principals before processing personal data for any purpose. Such consent shall be freely given, specific, informed, unconditional, unambiguous, and shall be revocable at any time.

4.2 Notwithstanding the requirement for consent, the Company may process personal data without obtaining prior consent in the following circumstances, as expressly authorised under Section 7 of the DPDP Act, 2023:

  • Where the Data Principal has voluntarily provided personal data to the Company and there exists no objective to such use of the data for a specified purpose.
  • Where processing is required to comply with applicable laws, court orders, regulatory directives, and government mandates from competent authorities.
  • Where processing is necessary for the maintenance and performance of employment relationships and as authorised under applicable employment laws.
  • Where processing is necessary to protect the health, safety, or life of the Data Principal or any other person in a situation of emergency.
  • Where processing is necessary for the functioning of the Platform, delivery of Services, fraud prevention, security, and account protection.
  • Where processing is undertaken by government agencies or their authorised representatives for the provision of subsidies, benefits, services, permits, licenses, or certificates.

4.3 In all such circumstances, the Company shall, to the extent feasible, provide notice to the Data Principal regarding such processing.

5 NOTICE AND CONSENT ACQUISITION MECHANISM

5.1 Before seeking consent for processing of personal data, the Company shall provide Data Principals with a comprehensive notice (hereinafter referred to as “Privacy Notice“) containing the following mandatory information:

  • Identity, name, and contact details of the Company as the Data Fiduciary;
  • Specific categories of personal data to be collected;
  • Purpose(s) of processing expressed in clear, plain language;
  • Categories of recipients or entities with whom personal data may be shared;
  • Duration for which personal data will be retained (or criteria for determining retention period);
  • Rights available to the Data Principal under the DPDP Act, 2023;
  • Method for exercising Data Principal rights;
  • Right to withdraw consent and the process for withdrawal;
  • Information regarding grievance redressal mechanism;
  • Contact details of the Data Protection Officer and Grievance Officer;
  • Consequences of providing or refusing to provide personal data;
  • Automated decision-making and profiling information (if applicable);
  • Cross-border transfer information (if applicable).

5.2 Data Principals shall have the right to withdraw consent at any time without providing reasons or justification:

  • Withdrawal shall be as easy and convenient as providing consent;
  • The mechanism for withdrawal shall be prominently displayed and easily accessible;
  • Withdrawal shall be effective without undue delay;
  • Upon withdrawal, the Company shall cease processing personal data within a reasonable timeframe;
  • Withdrawal shall not affect the lawfulness of processing undertaken prior to withdrawal;
  • Withdrawal may restrict or limit access to Services and functionalities that require the specific personal data;
  • The Company shall confirm withdrawal and provide information regarding consequences of withdrawal.

5.3 The Data Principal may withdraw consent by sending an email to customercare@jynexventures.com.

6 DATA SHARING, DISCLOSURE, AND TRANSFER

6.1 Personal data may be disclosed to the following categories of recipients for legitimate purposes and subject to the conditions enumerated herein:

  • The Company engages various third-party service providers to facilitate the provision of Services. Personal data may be disclosed to authorised payment and settlement partners (for payment processing and reconciliation); delivery and logistics service providers (for order delivery and tracking); cloud storage and infrastructure providers (for data hosting and backup); analytics and data processing vendors (for analytics and business intelligence); customer support and communication service providers (for customer support); verification and Know Your Customer (KYC) service providers (for identity verification); web hosting, content delivery, and technology service providers (for Platform operation); marketing and advertising service providers (for targeted advertising and campaigns); insurance and risk management providers (for risk assessment and insurance); fraud detection and prevention service providers (for fraud prevention).
  • Personal data may be disclosed to government agencies and regulatory authorities as mandated by applicable law government agencies and ministries; tax authorities and revenue departments; law enforcement agencies and investigative authorities; judicial and quasi-judicial bodies; statutory authorities and regulatory bodies; competent authorities issuing court orders or regulatory directives.
  • Personal data may be disclosed to business partners and professional advisors in the course of business authorised resellers, distributors, and partners; business partners, affiliates, and associate entities (on a need-to-know basis); service providers for fraud detection and prevention; insurance and risk management providers; legal counsel, advocates, and attorneys; auditors and statutory auditors; compliance consultants and advisors; financial advisors and investment advisors.
  • In the event of merger, acquisition, sale of assets, bankruptcy, or change of control: potential acquirers and buyer organisations; financial advisors and investment bankers; legal advisors to potential acquirers; personal data may be transferred to the acquiring entity subject to confidentiality obligations.

6.2 The Company explicitly commits to the following restrictions on data sharing and prohibits the following practices:

  • Sell, rent, lease, trade, or commercially exploit personal data for monetary consideration;
  • Share personal data with unauthorised third parties or entities not specified herein;
  • Disclose sensitive personal data without explicit consent from the Data Principal;
  • Use personal data for purposes other than those disclosed to and authorised by the Data Principal;
  • Share data with third-party entities that do not maintain appropriate security safeguards and data protection standards;
  • Transfer personal data to jurisdictions or entities that do not provide adequate data protection;
  • Retain personal data longer than necessary for the specified purposes;
  • Combine personal data from multiple Data Principals for purposes other than those expressly authorised.

6.3 Before disclosing personal data to any third-party recipient, the Company shall ensure:

  • third-party recipients are bound by legally enforceable written contracts;
  • third-party recipients shall process personal data only for the specified purposes and as per the instructions of the Company;
  • third-party recipients shall implement appropriate technical and organisational security measures equivalent to those maintained by the Company;
  • third-party recipients shall not use personal data for their own purposes without obtaining separate consent;
  • third-party recipients shall not share personal data with other entities without the Company’s authorisation;
  • transfer of personal data is necessary and proportionate to the purpose;
  • third-party recipients comply with applicable data protection laws;
  • the Company retains responsibility and liability for third-party processing of personal data;

7 DATA SECURITY, PROTECTION, AND SAFEGUARDS

7.1 The Company implemented comprehensive technical security measures to protect personal data against unauthorised access, disclosure, alteration, and destruction:

  • Implementation of industry-standard encryption protocols for all data transmission over networks; Encryption of personal data at rest using Advanced Encryption Standard; Secure key management and encryption key storage; Regular audit of encryption protocols and security certificates.
  • Implementation of role-based access control (RBAC) and principle of least privilege; Restriction of data access to authorised personnel on a need-to-know basis; Strong authentication mechanisms including complex passwords, multi-factor authentication (MFA), and biometric authentication; Regular review and revocation of access rights; Maintenance of access logs and audit trails.
  • Automated and regular backup of personal data; Secure storage of backup copies; Regular testing of backup and disaster recovery procedures; Off-site backup storage for business continuity; Redundant storage systems for data availability.

7.2 The Company acknowledges and strictly complies with all guidelines and regulations issued by the Reserve Bank of India (RBI) regarding the handling of payment information:

  • The Company does not store, retain, or maintain payment card details, credit card information, debit card information, or card verification values (CVV).
  • The Company does not store, retain, or maintain Unified Payments Interface (UPI) details, PIN codes, or other UPI-related sensitive information.
  • The Company does not store, retain, or maintain net banking credentials, internet banking login information, or online banking details.
  • All payment processing is conducted exclusively by authorised, PCI-DSS (Payment Card Industry Data Security Standard) compliant third-party payment partners.
  • The Company stores only transaction reference numbers and transaction identifiers necessary for order management, reconciliation, and accounting purposes. Such reference numbers and identifiers are not correlated with payment instruments and are maintained separately.

7.3 In the event of a data breach, unauthorised access, or personal data compromise, the Company shall undertake the following actions: (i) Immediate detection and containment of the breach to prevent further unauthorised access; (ii) Activation of incident response procedures; (iii) Preservation of evidence and maintenance of breach logs; (iv) Internal notification to senior management and data protection personnel; (v) Engagement of cybersecurity experts if necessary; (vi) Notification of affected Data Principals without undue delay and within the timeframe prescribed by applicable law; (vii) Implementation of corrective and preventive measures; and (viii) Regular review of breach records and trends.

7.4 While the Company implements comprehensive security measures, the Company acknowledges that no security system is absolutely impenetrable. The Company:

  • Implements security measures in accordance with industry standards and best practices;
  • Undertakes reasonable efforts to protect personal data from unauthorised access;
  • Shall not be liable for data breaches or unauthorised access caused by:
  • Factors beyond the Company’s reasonable control;
  • Acts or omissions of third-party service providers despite appropriate contractual safeguards;
  • Cyber attacks, hacking attempts, or other malicious activities;
  • User negligence or failure to maintain password confidentiality;
  • Force majeure events or natural disasters; and
  • shall be liable only for breaches caused by the Company’s negligence, willful default, or breach of applicable law.

8 DATA RETENTION, STORAGE, AND DELETION

8.1 Personal data shall be retained only as long as necessary for the purpose for which it was collected and in compliance with applicable legal obligations. The Company adheres to the following data retention principles:

  • Personal data necessary for providing Platform Services and maintaining user accounts shall be retained as long as the user maintains an active account on the Platform.
  • Personal data required to be retained under applicable laws and regulations shall be retained for the minimum period specified under such laws:
  • Corporate records and documents shall be retained as specified under the Companies Act, 2013;
  • Banking and payment records shall be retained as per RBI guidelines and prudential norms;
  • Personal data required for legitimate business purposes such as fraud prevention, security maintenance, dispute resolution, and legal defence shall be retained for a reasonable period necessary to achieve such purposes.

8.2 When personal data is no longer required for any specified purpose and retention is not required by law, the Company shall securely delete and destroy such data:

  • Rendering personal data unrecoverable through cryptographic deletion and key destruction;
  • Implementation of certified secure deletion protocols that prevent data recovery;
  • Physical destruction and shredding of storage media containing personal data;
  • Utilisation of certified data destruction services and obtaining destruction certificates;

8.3 Data Principals may request deletion of their personal data by submitting a formal request to the Company:

  • Submission of written deletion request to customercare@jynexventures.com;
  • Company shall acknowledge receipt of deletion request within five (5) working days;
  • Company shall complete deletion within a reasonable timeframe, not exceeding thirty (30) days from the date of request.

9 COOKIES, TRACKING TECHNOLOGIES, AND USER CHOICE

9.1 The Company utilises cookies and similar tracking technologies to enhance user experience, improve Platform functionality, and gather analytics information:

  • Enhancing user experience and Platform functionality;
  • Remembering user preferences, login information, and authentication tokens;
  • Analysing website traffic, user behaviour, and usage patterns;
  • Customisation of content and personalised recommendations;
  • Enhancement of security and fraud detection;
  • Tracking advertising effectiveness and campaign performance;
  • Enabling third-party integrations and social media features;
  • Compliance with regulatory and legal requirements.

9.2 Users have the right to control and manage cookies used by the Company:

  • Users may configure browser settings to accept, reject, or selectively block cookies;
  • Users may clear cookies stored on their device at any time;
  • Users may set their browser to notify them before accepting cookies;
  • Browser-level controls apply to all cookies from all websites.

10 DATA SUBJECT RIGHTS UNDER THE DPDP ACT, 2023

10.1 The Digital Personal Data Protection Act, 2023, confers upon Data Principals the following rights regarding their personal data. The Company shall facilitate and enable Data Principals to exercise these rights without undue delay:

  • Data Principals have the right to obtain access to their personal data held by the Company and to understand how such data is being processed:(i)Obtain confirmation regarding whether personal data relating to the Data Principal is being processed;(ii)Access all personal data held by the Company in relation to the Data Principal;(iii)Receive a copy of personal data in a structured, commonly used, and machine-readable format; (iv) Obtain information regarding the purpose of processing, categories of recipients, and retention period; (v) Understand how personal data is being utilised and any decisions based on automated processing.

10.2 Data Principals have the right to request correction, rectification, and updating of personal data that is inaccurate, misleading, or incomplete: (i) Correction of factual errors and inaccuracies in personal data; (ii)  Updating of outdated or stale personal data; (iii) Completion of incomplete or partial personal data; (iv) Addition of missing information to existing data; (v) Automatic correction by the Company where the Company determines that personal data is inaccurate and such data is being used to make a decision affecting the Data Principal.

10.3 Data Principals have the right to request deletion or erasure of personal data held by the Company, subject to certain conditions: (i) The purpose for which personal data was collected is no longer being served; (ii) Consent has been withdrawn by the Data Principal and no other lawful basis for processing exists; (iii) Personal data was collected unlawfully or through non-compliance with applicable law; (iv) Retention of personal data is not mandated by applicable law or regulation; (v) Processing of personal data violates the Data Principal’s rights.

  • Circumstances Where Erasure May Be Restricted:
    • Personal data is required for compliance with applicable law, statute, or regulatory requirement;
    • Personal data relates to ongoing or active legal proceedings or litigation;
    • Personal data is related to unresolved transactions, services, or contractual obligations;
    • Personal data is required for fraud prevention, security, account protection, or abuse prevention;
    • Personal data is required for archival, research, or statistical purposes;
    • The Company requires data to defend its legal interests.
  • Procedure for Exercise:
    • Submit a written erasure request to customercare@jynexventures.com;
    • Specify the personal data sought to be deleted;
    • The Company shall respond within thirty (30) days indicating whether erasure can be granted;
    • If erasure is granted, the Company shall securely delete data within a reasonable timeframe;
    • If erasure is restricted, the Company shall explain the reasons and applicable law;
    • The Company shall inform the Data Principal of the completion of erasure.

11 GRIEVANCE REDRESSAL, DISPUTE RESOLUTION, AND ESCALATION

11.1 In accordance with the Information Technology Act, 2000, and the Digital Personal Data Protection Act, 2023, the Company has designated a Grievance Officer to address data protection and privacy-related complaints:

DesignationDetails
Grievance OfficerAnkit Kumar Gupta
Email Addressgrievance@jynexventures.com
Postal AddressGround floor, 001, SRIYA RESIDENCY, Sahakar Nagar Road, Varadaraju Layout, Bengaluru, Bengaluru Urban, Karnataka, 560092
Telephone Number9035016114

11.2 The Grievance Officer shall be responsible for:

  • Receiving and processing complaints and grievances;
  • Conducting preliminary investigations;
  • Coordinating with relevant departments;
  • Providing substantive responses to complainants;
  • Maintaining confidentiality of complainants;
  • Escalating complex matters to senior management;
  • Maintaining records of all complaints and resolutions

12 SPECIAL PROTECTIONS FOR CHILDREN AND MINORS

12.1 The Platform is not intended for use by persons under 18 years of age. We do not knowingly collect personal data from children under 18 without verifiable parental consent. If processing is necessary, we will: (a) Obtain verifiable consent from the parent/guardian (b) Not undertake any tracking, beha0076ioral monitoring, or targeted advertising (c) Implement age-appropriate safeguard

13 POLICY AMENDMENTS, UPDATES, AND MODIFICATIONS

13.1 The Company reserves the right to amend, modify, update, or supplement this Privacy Policy at any time as necessitated by:

  • Changes in applicable laws, regulations, or regulatory directives;
  • Changes in the Company’s data processing practices, business operations, or service offerings;
  • Implementation of new technologies or data protection measures;
  • Feedback from Data Principals and regulatory authorities;
  • Court orders or decisions;
  • Changes in contractual relationships with third-party service providers;
  • Other business or compliance reasons.

13.2 The Company shall notify Data Principals of amendments to this Privacy Policy through the following mechanisms:

  1. Updated version of the Privacy Policy shall be prominently displayed on the Platform; and
  2. An updated version date shall be clearly indicated;

13.3 Your continued use of the Platform and Services after amendments are published shall constitute your acceptance and agreement to the revised Privacy Policy:

14 COMPLIANCE WITH APPLICABLE LAWS AND REGULATIONS

14.1 This Privacy Policy is formulated, maintained, and operated in strict compliance with all applicable laws, regulations, rules, guidelines, and notifications issued by the competent authorities of India, including but not limited to Digital Personal Data Protection Act, 2023, Information Technology Act, 2000, Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and all other applicable Central and State laws, rules, and regulations** governing commerce, consumer protection, labour, taxation, and data protection.

15 GOVERNING LAW AND JURISDICTION

15.1 This Privacy Policy shall be governed by and construed exclusively in accordance with the laws of the Republic of India, without regard to conflict of law principles or conflict of laws doctrines, foreign laws or the laws of other jurisdictions, choice of law rules; principles of statutory construction of other jurisdictions.

15.2 All rights, obligations, and remedies shall be determined and enforced under Indian law.

15.3 All disputes, claims, and legal proceedings arising from or relating to this Privacy Policy shall be subject to the exclusive jurisdiction of courts located in Bangalore, Karnataka, India. The parties irrevocably submit to the jurisdiction of the courts in Bangalore. No court in any other jurisdiction shall have jurisdiction to hear any dispute. All disputes shall be governed by the procedural law of India.

16 ACKNOWLEDGMENT, ACCEPTANCE, AND BINDING AGREEMENT

16.1 By accessing, browsing, registering on, or utilising the Platform and Services, or by providing personal data to the Company in any manner, you hereby:

  • Acknowledge that you have carefully read and fully understood this Privacy Policy in its entirety;
  • Acknowledge that you have had the opportunity to seek legal counsel and to clarify any provisions with the Company;
  • Confirm that you have the legal authority and capacity to provide personal data on behalf of yourself or the organisation you represent;
  • Consent to the collection, processing, and use of your personal data as described in this Privacy Policy;
  • Agree to comply fully with all provisions of this Privacy Policy;
  • Accept the terms and conditions contained in this Privacy Policy;
  • Understand and acknowledge your rights and obligations under the DPDP Act, 2023, and all other applicable laws;
  • Accept the binding and legally enforceable nature of this Privacy Policy as an electronic record and contract.

16.2 This Privacy Policy constitutes a valid and legally binding electronic contract formed between the Company and the User in accordance with The Indian Contract Act, 1872; The Information Technology Act, 2000; The Digital Personal Data Protection Act, 2023; and all other applicable laws governing electronic transactions and contracts in India.

This Privacy Policy shall have the same legal effect and enforceability as a document executed in physical form with handwritten signatures.