BAZAMA | Beautiful jewellery for Everyday Elegance

PRIVACY POLICY OF BAZAMA PRIVATE LIMITED

Effective Date: 22/05/2025

Last Updated: 22/05/2025

This Privacy Policy is published in accordance with the Information Technology Act, 2000 and the rules made thereunder, including but not limited to the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. This Privacy Policy also aligns with the General Data Protection Regulation (GDPR) for users accessing from the European Union.

Bazama Private Limited ("Bazama", "we", "us", or "our") operates an online marketplace available at www.bazama.s1.ritzyware.net ("Website" or "Platform"), which enables artisans and sellers ("Sellers") to list handcrafted jewellery and similar products for sale to customers ("Buyers"). This policy governs how Bazama collects, uses, discloses, and protects personal data of all users (collectively "Users").

1. DEFINITIONS

- "Personal Information" means any information relating to an identified or identifiable natural person, as defined under Section 2(i) of the IT Act and Rule 2(1)(i) of the 2011 Rules.

- "Sensitive Personal Data or Information" ("SPDI") includes passwords, financial information, biometric data, etc., as defined in Rule 3 of the 2011 Rules.

- "Data Subject" refers to any individual whose personal data is collected.

2. TYPES OF INFORMATION COLLECTED

A. From Buyers:

- Full name, phone number, email address

- Shipping and billing address

- Payment information (processed via secure third-party gateways)

- Order and transaction history

B. From Sellers:

- Legal business name, PAN, Aadhaar, GSTIN, address

- Bank account details for payouts

- KYC documentation

- Product listing data (including images, descriptions, prices)

C. From All Users:

- IP address, device and browser info

- Cookies, geolocation, browsing behavior

- Communications and feedback

3. LEGAL BASES FOR DATA COLLECTION

We collect and process personal data under the following legal bases:

- User consent (explicit or implied and stored at the point of signup and transactions)

- Performance of a contract (order fulfillment, seller registration)

- Legal obligation (compliance with tax, consumer, and e-commerce laws)

- Legitimate interests (fraud prevention, service enhancement)

4. PURPOSE OF DATA COLLECTION

- Enable account registration and profile management

- Facilitate listing, buying, and delivery of products

- Perform seller KYC and due diligence

- Process payments and issue refunds

- Send transactional and promotional communication

- Monitor fraudulent or suspicious activity

- Comply with statutory and regulatory requirements

5. DISCLOSURE OF PERSONAL INFORMATION

A. Internal Access:

Access to personal data is restricted to authorized personnel under confidentiality obligations.

B. External Disclosure:

We may share data with:

- Government agencies and law enforcement (as required by law)

- Third-party service providers (logistics, payments, hosting, analytics, marketing)

- Legal and audit consultants

All third parties are bound by Data Processing Agreements (DPAs) or similar legal contracts.

6. DATA SECURITY PRACTICES

As per Rule 8 of the 2011 Rules, we implement:

- ISO -compliant security policies

- SSL encryption for data transmission

- Firewalls and intrusion detection systems

- Access control and two-factor authentication

- Secure storage and disposal of data

- Internal breach monitoring protocols and breach notification procedures (72-hour window for critical breach alerts)

7. COOKIES AND ONLINE TRACKING

Cookies, pixels, and web beacons are used for:

- Session management

- Analytics and usage trends

- Advertisement personalization

Users can modify browser settings to disable cookies.

8. RIGHTS OF USERS

Under Indian and GDPR frameworks, users have the right to:

- Access, correct, or delete personal data

- Withdraw consent

- Object to processing

- Request data portability

- File a complaint with the Data Protection Authority (in case of EU users)

To exercise these rights, email: support@bazama.s1.ritzyware.net

9. DATA RETENTION POLICY

- Personal data is retained for a period mandated by law (generally 5–7 years for financial records)

- Browsing/session data is retained for up to 2 years or until consent is withdrawn

- Data retention logs are maintained securely and periodically reviewed

10. CROSS-BORDER DATA TRANSFER

User data may be stored on secure third-party cloud services outside India. By using our platform, you consent to such data transfers, which are safeguarded by appropriate data protection agreements.

11. PLATFORM LIABILITY & SELLER CONDUCT

Bazama acts as an intermediary under Section 79 of the IT Act. While we provide platform access, Sellers are solely responsible for:

- Ensuring product authenticity and legal compliance

- Avoiding IP infringement and misrepresentation

- Honoring delivery timelines

Bazama is not liable for third-party content. However, we reserve the right to remove infringing or fraudulent listings and suspend seller accounts.

12. CHILDREN’S PRIVACY

We do not knowingly collect data from users under 18. If found, such accounts will be terminated.

13. CHANGES TO THIS POLICY

We may update this policy from time to time. Any significant changes will be notified via email or on the Platform. Continued use constitutes acceptance.

14. GRIEVANCE OFFICER

As per Rule 3(11) of the Intermediary Guidelines Rules, the appointed Grievance Officer is:

Name: Laxman Rao

Email: support@bazama.s1.ritzyware.net

Phone: +91-99897 45826

15. GOVERNING LAW AND JURISDICTION

This Privacy Policy shall be governed by Indian law. All disputes shall be subject to the jurisdiction of the courts located in Telangana, India.

16. CONTACT INFORMATION

Bazama Private Limited

Email: support@bazama.s1.ritzyware.net

Website: www.bazama.s1.ritzyware.net