PRIVACY POLICY
5.1 Overview
FragTrends ("Company," "We," "Us," or "Our") is committed to protecting your privacy and ensuring transparent data handling practices. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our Shopify store and purchase fragrance products.
Effective Date: March 24, 2026
Last Updated: March 24, 2026
Governing Law: Information Technology Act, 2000 (India)
Please read this Privacy Policy carefully. If you do not agree with our policies and practices, please do not use our services.
5.2 Information We Collect
A. Information You Provide Directly:
Account and Order Information:
· Full name, email address, phone number
· Residential/delivery address
· Billing address
· Order history and purchase preferences
· Payment information (card number, UPI ID, bank account details)
· Fragrance preferences and product reviews
Communication Information:
· Messages sent via email, WhatsApp, or contact form
· Customer support queries and responses
· Feedback, complaints, or testimonials
· Survey responses and preferences
Identification Information:
· Government-issued ID (if required for verification)
· GST/business identification (B2B customers)
· Age verification information
B. Information Collected Automatically:
Technical Data:
· IP address and device identifier
· Browser type, operating system, device model
· Pages visited, time spent on site, clicks, scroll depth
· Referring website or search query
· Cookies, pixels, and tracking identifiers
· Location data (approximate based on IP address)
Shopping Behavior:
· Products viewed, added to cart, purchased
· Search history within our store
· Wishlist or saved items
· Return and exchange requests
· Payment method preferences
C. Third-Party Information:
· Payment processor data (Razorpay, PayPal, etc.)
· Courier partner tracking information
· Social media profile data (if you link accounts)
· Analytics providers (Google Analytics, Shopify Analytics)
5.3 Legal Basis for Data Collection
We collect your personal data based on:
1. Consent - You explicitly agree to data collection (opt-in)
2. Contract Performance - Data necessary to fulfill orders and deliver services
3. Legal Obligation - Compliance with GST Act, Income Tax Act, Consumer Protection Act 2019
4. Legitimate Interest - Business operations, fraud prevention, customer service improvement
5. Public Interest - Cooperating with law enforcement or regulatory authorities
5.4 How We Use Your Information
A. Essential Business Purposes:
· ✓ Process and fulfill orders
· ✓ Send order confirmations, shipping updates, delivery notifications
· ✓ Process refunds and returns
· ✓ Respond to customer inquiries and provide support
· ✓ Verify customer identity and prevent fraud
· ✓ Generate invoices and maintain financial records
· ✓ Comply with tax regulations (GST, Income Tax filing)
B. Marketing and Communication:
· ✓ Send promotional emails about new products, sales, or special offers (only if opted-in)
· ✓ Create personalized recommendations based on purchase history
· ✓ Conduct market research and customer satisfaction surveys
· ✓ Notify about policy changes or important updates
· ✓ Share customer testimonials on website/social media (with permission)
C. Service Improvement:
· ✓ Analyze user behavior to improve website and shopping experience
· ✓ Develop new features, products, or services
· ✓ Debug technical issues and optimize performance
· ✓ Understand customer preferences and trends
· ✓ Conduct A/B testing and analytics
D. Security and Legal Compliance:
· ✓ Detect and prevent fraud, abuse, and unauthorized access
· ✓ Protect against malware, hacking, and cyber attacks
· ✓ Comply with legal, regulatory, and court orders
· ✓ Enforce our Terms & Conditions and other agreements
· ✓ Protect FragTrends' legal interests
E. What We DON'T Do:
· ❌ We do NOT sell personal data to third parties for profit
· ❌ We do NOT share data with marketers or advertisers without consent
· ❌ We do NOT use data for discriminatory purposes
· ❌ We do NOT combine data with other databases without disclosure
· ❌ We do NOT retain data longer than necessary
5.5 Data Sharing and Disclosure
A. Internal Sharing:
· FragTrends employees (order processing, customer service, management)
· Data processing on "need-to-know" basis
· All employees bound by confidentiality agreements
B. Third-Party Service Providers:
We share personal data ONLY with:
|
Service Provider
|
Purpose
|
Data Shared
|
|
Shopify Inc.
|
E-commerce platform
|
Name, email, order history, IP address
|
|
Payment Processors (Razorpay, PayU, etc.)
|
Process payments
|
Card details (PCI-DSS encrypted), name, amount
|
|
Courier Partners (Indigo, DTDC, Delhivery)
|
Shipping and tracking
|
Name, address, phone, order number
|
|
Email Service Provider (Mailchimp, SendGrid)
|
Send transactional emails
|
Email address, name, order info
|
|
Analytics Providers (Google Analytics)
|
Website performance
|
IP address, device info, behavior data
|
|
Cloud Storage Providers (AWS, Google Cloud)
|
Data backup and security
|
Encrypted backup of order database
|
All third-party providers are contractually obligated to protect data and comply with Indian law.
C. Legal Requirements:
We may disclose personal data if required by:
· Indian government agencies (police, tax authorities, courts)
· Legal proceedings, subpoena, or court orders
· Regulatory bodies (consumer commission, SEBI, RBI)
· Protecting public safety or preventing illegal activity
D. Data We DO NOT Share:
· ❌ Payment card details (encrypted and retained by payment processors only)
· ❌ Fragrance formulation or proprietary recipes
· ❌ Internal business communications
· ❌ Health/medical information (unless medically relevant)
5.6 Data Security and Protection
A. Security Measures:
· ✓ Encryption: All data transmitted via SSL/TLS (HTTPS protocol)
· ✓ Payment Security: PCI-DSS Level 1 compliance for card data
· ✓ Access Control: Password-protected accounts, role-based access restrictions
· ✓ Firewalls and Intrusion Detection: 24/7 monitoring for unauthorized access
· ✓ Regular Audits: Annual security assessments and penetration testing
· ✓ Employee Training: Confidentiality agreements, data handling protocols
· ✓ Data Backup: Regular encrypted backups in secure locations
· ✓ Incident Response: Documented procedures for data breach notification
B. Your Account Security:
You are responsible for:
· Creating strong, unique passwords
· Not sharing account credentials
· Logging out after use (especially on shared devices)
· Reporting suspicious activity immediately
C. Limitations:
No method of transmission over internet is 100% secure. While we use industry-standard encryption, FragTrends cannot guarantee absolute security. Use our services at your own risk.
5.7 Data Retention
We retain personal data only as long as necessary:
|
Data Type
|
Retention Period
|
Reason
|
|
Order and purchase information
|
6 years
|
Tax compliance (Income Tax Act)
|
|
Account details
|
Until account deletion
|
Service delivery
|
|
Payment information
|
2 years
|
Fraud prevention, chargeback disputes
|
|
Email communications
|
3 years
|
Customer service history
|
|
Website analytics
|
24 months
|
Website optimization
|
|
Marketing opt-ins
|
Until withdrawal
|
Customer consent management
|
|
Support tickets/complaints
|
3 years
|
Legal disputes, consumer grievances
|
After retention period:
· Data is permanently deleted or anonymized
· Backups containing data securely destroyed
· Exception: If legal proceedings are pending, data retained until resolution
5.8 Your Data Rights
Under Indian IT Act 2000 and Consumer Protection Act 2019, you have the right to:
A. Right to Access:
· Request a copy of all personal data we hold about you
· Submit request via email: [Your Email]
· Response provided within 15 days
· Format: PDF or digital copy
B. Right to Correction:
· Correct inaccurate or incomplete personal data
· Update via account settings or support request
· Changes applied within 5 business days
C. Right to Deletion:
· Request deletion of personal data ("Right to be Forgotten")
· Exceptions: Legal/tax obligations, active disputes, fraud investigation
· Deletion completed within 30 days of request
· Request format: Written email with subject "Data Deletion Request"
D. Right to Data Portability:
· Request data in machine-readable format (CSV, JSON)
· Transfer to another service provider
· Provided within 15 days
E. Right to Withdraw Consent:
· Unsubscribe from marketing emails (link in every email)
· Opt-out of cookies/tracking (browser settings)
· Opt-out of SMS communications (reply STOP)
· Opt-out effective immediately
F. Right to Object:
· Object to automated decision-making or profiling
· Request human review of automated decisions
· File complaint with authority if rights violated
How to Exercise Your Rights:
· Email: [Your Business Email]
· WhatsApp: [Your Business WhatsApp Number]
· Address: FragTrends, Lucknow, Uttar Pradesh, India
· Subject Line: "Data Rights Request - [Specify: Access/Correction/Deletion/Portability]"
· Verification: We will verify your identity before processing requests
5.9 Cookies and Tracking Technologies
A. What Are Cookies?
Cookies are small text files stored on your device that remember your preferences and activity.
B. Types of Cookies We Use:
|
Cookie Type
|
Purpose
|
Retention
|
|
Session Cookies
|
Keep you logged in during shopping
|
Session only
|
|
Preference Cookies
|
Remember language, currency, settings
|
1 year
|
|
Analytics Cookies
|
Track website performance (Google Analytics)
|
2 years
|
|
Marketing Cookies
|
Track ad effectiveness, retargeting
|
1 year
|
|
Functional Cookies
|
Enable essential site features
|
Ongoing
|
C. Cookie Management:
· ✓ Most browsers allow you to disable cookies
· ✓ Instructions available at: www.allaboutcookies.org
· ✓ Disabling cookies may affect website functionality
· ✓ No targeted ads without your consent
D. Third-Party Cookies:
· Google Analytics (website analytics)
· Facebook Pixel (ad tracking - if applicable)
· Shopify Analytics (e-commerce metrics)
· You can opt-out via browser settings or respective provider websites
5.10 International Data Transfers
Applicable Only If Your Order Involves:
· Cloud data storage outside India
· Cross-border payment processing
· Multi-national courier services
Data Transfer Protection:
· ✓ Data transferred only to countries with adequate data protection laws
· ✓ Standard Contractual Clauses (SCCs) in place with third parties
· ✓ Your rights protected regardless of location
· ✓ Compliance with IT Act Section 43A (data protection standards)
Countries Where Data May Be Stored:
· India (primary servers)
· United States (AWS, Google Cloud - encrypted backup)
· Courier partner countries (temporary, for tracking purposes only)
5.11 Children's Privacy
We do NOT knowingly collect data from children under 18 years old.
· FragTrends products are for adults (18+ years)
· Parents/guardians are responsible for monitoring children's internet use
· If we become aware of data collection from minors, we will delete it immediately
· Report suspected child data collection to: [Your Email]
5.12 California Consumer Privacy Act (CCPA) and Similar Laws
Note: FragTrends is an India-based company. CCPA and similar regional laws do not directly apply. However, we respect data privacy principles globally:
· If you are a California resident, you have CCPA rights
· If you are an EU resident, GDPR principles guide our practices
· Submit requests via email with location and identification
5.13 Do Not Track (DNT) Signals
Most browsers include a "Do Not Track" (DNT) option.
· FragTrends respects DNT signals
· Analytics and behavioral tracking are minimized for DNT users
· Cookies may still be necessary for order processing and security
· Enable DNT in browser settings to opt-out of tracking
5.14 Changes to Privacy Policy
FragTrends may update this Privacy Policy periodically.
· Changes posted on this page with updated date
· Significant changes communicated via email
· Continued use of FragTrends indicates acceptance of updated policy
· Previous versions available upon request (archive maintained)
You will be notified at least 15 days in advance of material changes.
5.15 Data Protection Officer Contact
For privacy concerns, contact:
· Email: [Your Business Email]
· WhatsApp: [Your Business WhatsApp Number]
· Response Time: Within 48 hours
· Escalation: Complaints may be filed with:
o District Consumer Commission, Lucknow
o Grievance Redressal Authority (e-commerce portal)
o Police Cyber Crime Cell (for data breaches)
5.16 Data Breach Notification
In case of unauthorized data access:
· ✓ You will be notified within 72 hours
· ✓ Email notification with details of breach
· ✓ Steps taken to secure your data
· ✓ Recommended actions (password change, fraud monitoring, etc.)
· ✓ FragTrends will cooperate with law enforcement
· ✓ No liability for third-party hacker actions (with reasonable security in place)
5.17 Grievance Redressal
If you believe your privacy rights are violated:
Step 1: Contact FragTrends
· Submit complaint via email with detailed explanation
· Response within 5 business days
Step 2: Escalation
· If unresolved, escalate to management
· Review completed within 10 days
Step 3: Legal Recourse
· File complaint with District Consumer Commission
· File complaint with police cyber crime cell
· Pursue civil action under IT Act 2000
