Privacy Policy

1. Introduction

MandiDeals ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

Data Controller: MandiDeals is the data controller responsible for your personal information.

2. Information We Collect

2.1 Personal Information

We collect information that you provide directly to us, including:

• Name and contact information (email, phone number)
• Business details (company name, GST number, address)
• Account credentials (username, password)
• Profile information and preferences
• Payment and transaction information
• Government-issued identification (for verification purposes)
• Communication records (support tickets, messages)

2.2 Automatically Collected Information

• Device information (IP address, browser type, operating system)
• Usage data (pages visited, time spent, features used)
• Location data (with your permission)
• Cookies and similar tracking technologies
• Log files (timestamps, referring URLs, error logs)

3. Legal Basis for Processing (GDPR)

We process your personal data based on the following legal grounds:

• Contract Performance: To provide our services and fulfill our contractual obligations
• Consent: Where you have given explicit consent for specific processing activities
• Legitimate Interests: To improve our services, prevent fraud, and ensure platform security
• Legal Obligations: To comply with applicable laws and regulations
• Vital Interests: To protect your safety or that of others

4. How We Use Your Information

We use collected information for the following purposes:

• Provide, maintain, and improve our services
• Process transactions and send related notifications
• Respond to your comments, questions, and customer service requests
• Send you technical notices, updates, and security alerts
• Monitor and analyze trends, usage, and activities
• Detect, prevent, and address technical issues and fraudulent activities
• Personalize your experience and deliver relevant content
• Comply with legal obligations and enforce our terms
• Conduct research and analytics to improve our platform
• Send marketing communications (with your consent)

5. Information Sharing and Disclosure

We may share your information in the following circumstances:

5.1 With Other Users

Profile information and transaction details may be visible to other users as necessary to facilitate trades and transactions on the platform.

5.2 With Service Providers

We may share information with third-party vendors who perform services on our behalf, such as payment processing, data analysis, email delivery, and hosting services. These providers are contractually bound to protect your data and use it only for specified purposes.

5.3 For Legal Reasons

We may disclose information if required by law or in response to valid requests by public authorities, or to protect our rights, privacy, safety, or property.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal information may be transferred to the acquiring entity. We will notify you of any such change.

6. Data Security

We implement appropriate technical and organizational measures to protect your personal information, including:

• Encryption of data in transit (TLS/SSL) and at rest (AES-256)
• Regular security assessments and vulnerability testing
• Multi-factor authentication and access controls
• Employee training on data protection and security practices
• Incident response and breach notification procedures
• Regular backups and disaster recovery plans

However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

Retention Periods:

• Account Information: Retained while your account is active and for 3 years after account closure
• Transaction Records: Retained for 7 years for tax and accounting purposes
• Communication Records: Retained for 2 years after last interaction
• Marketing Data: Retained until consent is withdrawn or for 2 years of inactivity
• Log Files: Retained for 90 days unless required for security investigations
• Cookie Data: Retained as specified in our Cookie Policy

When we no longer need your information, we will securely delete or anonymize it in accordance with our data retention and disposal procedures.

8. Your Rights and Choices

Under GDPR and DPDPA, you have comprehensive rights regarding your personal information:

8.1 Right to Access

You have the right to request a copy of all personal data we hold about you. We will provide this information in a structured, commonly used, and machine-readable format within 30 days of your request.

8.2 Right to Rectification

You can update or correct inaccurate or incomplete personal information at any time through your account settings or by contacting us.

8.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal information. We will comply unless we have a legal obligation or legitimate reason to retain certain data (e.g., transaction records for tax purposes).

8.4 Right to Data Portability

You can request your data in a portable format (JSON, CSV) to transfer to another service provider.

8.5 Right to Object

You can object to processing of your personal data for direct marketing purposes or where we rely on legitimate interests as the legal basis for processing.

8.6 Right to Restrict Processing

You can request that we temporarily restrict processing of your personal data in certain circumstances.

8.7 Right to Withdraw Consent

Where we process data based on your consent, you can withdraw consent at any time without affecting the lawfulness of processing based on consent before withdrawal.

8.8 How to Exercise Your Rights

To exercise any of these rights, please contact us at:

• Email: privacy@mandideals.com
• Subject Line: "Data Subject Rights Request"
• Include: Your name, email, and specific request

We will respond to your request within 30 days. If we need additional time, we will notify you and explain the reason for the delay.

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and store information. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, some features of our service may not function properly without cookies.

For detailed information about the cookies we use, please see our Cookie Policy.

10. Automated Decision Making and Profiling

We may use automated decision-making technologies, including profiling, to:

• Personalize content and product recommendations
• Detect and prevent fraud
• Improve user experience and platform functionality

You have the right to object to automated decision-making that produces legal effects or similarly significantly affects you. Contact us at privacy@mandideals.com to exercise this right.

11. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you become aware that a child has provided us with personal information, please contact us immediately at privacy@mandideals.com, and we will take steps to delete such information.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy and applicable data protection laws.

Transfer Safeguards:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions for transfers to countries with adequate data protection
• Binding Corporate Rules for intra-group transfers
• Encryption and pseudonymization of data during transfer

13. Data Breach Notification

In the event of a data breach that may pose a risk to your rights and freedoms, we will:

• Notify affected users within 72 hours of becoming aware of the breach
• Report the breach to the relevant Data Protection Authority
• Provide information about the nature of the breach and steps being taken
• Offer guidance on measures you can take to protect yourself

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by:

• Posting the new Privacy Policy on this page with an updated "Last Updated" date
• Sending an email notification to registered users for significant changes
• Displaying a prominent notice on our platform

We encourage you to review this Privacy Policy periodically. Your continued use of the platform after changes become effective constitutes acceptance of the updated policy.

15. Data Protection Officer

We have appointed a Data Protection Officer (DPO) to oversee our data protection practices and ensure compliance with GDPR and DPDPA.

Contact our DPO:
Email: dpo@mandideals.com
Subject Line: "Data Protection Inquiry"

16. Complaints and Supervisory Authority

If you believe we have not handled your personal data in accordance with this Privacy Policy or applicable data protection laws, you have the right to lodge a complaint with:

For India (DPDPA):

Data Protection Board of India
Website: https://www.meity.gov.in

For EU (GDPR):

Contact your local Data Protection Authority. Find your authority at EDPB Members

We encourage you to contact us first at privacy@mandideals.com so we can address your concerns directly.

17. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data protection practices, please contact us: