Privacy policy

Last updated: [Insert Date, e.g., June 23, 2026]

mayra gold (operating through [Insert Registered Partnership/LLP/Company Name, e.g., Mayra Gold Private Limited], registered office at 88/89, Yogeshwar Society, Shyamdham mandir, Sarthana Jakat Naka - Kamrej Rd, Surat, Gujarat 395013, website: [Insert Website URL], hereinafter referred to as "we", "us", or "our") acts as the Data Fiduciary under the Digital Personal Data Protection (DPDP) Act, 2023. Our e-commerce store is hosted on Shopify, which acts as our Data Processor.

Please read this Privacy Policy carefully to understand how we collect, process, store, and protect your digital personal data. By accessing our website, creating an account, or purchasing jewelry from us, you acknowledge that you have read and understood this policy.

1. Itemized Personal Data We Collect & Specific Purpose of Processing

Under Section 5 of the DPDP Act and Rule 3 of the DPDP Rules 2025, we process only the personal data that is necessary for the specified purposes related to your jewelry purchases:

Category of Personal Data Specific Purpose of Processing
Identity Data
(Full Name, Date of Birth/Age)		 To create and manage your customer account, verify that you are above 18 years of age, and personalize your experience.
Contact Data
(Email Address, Phone/Mobile Number)		 To send order confirmations, tracking updates, delivery status, respond to customer service inquiries, and send marketing communications (subject to your explicit consent).
Delivery & Billing Data
(Shipping Address, Billing Address)		 To deliver high-value jewelry products to your destination and generate tax-compliant invoices.
Financial & Transaction Data
(Payment history, order history, bank/card details)		 To process payments securely through our integrated payment gateways, manage returns, exchanges, refunds, and maintain transaction records required by Indian financial regulations. Note: We do not store raw credit/debit card numbers on our servers.
KYC / Identity Verification Data
(Aadhaar/PAN card details, if requested)		 In compliance with Indian Prevention of Money Laundering Act (PMLA) and RBI regulations, to verify identity for high-value jewelry purchases exceeding statutory thresholds (e.g., transactions above ₹2 Lakhs).
Technical & Usage Data
(IP address, device type, browser settings, cookies)		 To prevent fraudulent transactions, secure our checkout process, and analyze website performance.

2. Legal Grounds for Processing

We process your personal data under the following legal bases:

  1. Consent: When you explicitly opt-in to create an account, subscribe to newsletters, or accept cookies.
  2. Contractual Necessity: To execute the sale, processing, packaging, shipping, and delivery of jewelry purchased by you.
  3. Legal Obligation: To comply with statutory tax laws (GST), financial reporting guidelines, or prevention of money laundering regulations.

3. Data Sharing with Processors (Third Parties)

To process and deliver your orders, we share your data with trusted service providers who act as our Data Processors. In accordance with Rule 6, we ensure that these partners maintain equivalent security safeguards:

  • E-Commerce Platform: Shopify, which hosts our store, handles checkout, and manages database operations.
  • Payment Gateways: Secure payment processors such as [Insert Gateways, e.g., Razorpay / PayU / Cashfree] to process transactions.
  • Logistics & Delivery Partners: Insured shipping and courier services such as [Insert Logistics Partners, e.g., Shiprocket / Blue Dart / Delhivery] to safely deliver your jewelry.
  • Marketing & Communications: Platforms such as [Insert Marketing Apps, e.g., Klaviyo / Mailchimp] to send transactional emails, SMS alerts, and newsletter updates (based on your consent).

4. Data Security and Safekeeping of High-Value Goods & Breach Notification

We take the security of your personal data and purchases seriously:

  • We use industry-standard Secure Sockets Layer (SSL) encryption for all transactions.
  • Access to customer databases is restricted to authorized personnel under strict access control protocols (Rule 6).
  • Breach Notification: In the highly unlikely event of a personal data breach affecting your information, we will notify you and the Data Protection Board of India (DPBI) as soon as reasonably practicable, in accordance with Section 8(6) of the DPDP Act and Rule 7 of the DPDP Rules 2025.
  • Please protect your account credentials. We will never ask for your password via email, phone, or message.

5. Data Retention and Erasure

Under Section 8(7) of the DPDP Act, we do not store your data longer than necessary:

  • Customer Account Data: Retained until you request the closure and deletion of your account.
  • Transaction and GST Records: Retained for [Insert number of years, e.g., 8 years] in accordance with statutory tax and accounting retention requirements under Indian law.
  • Marketing Information: Erased immediately if you unsubscribe or withdraw your consent.

6. Children’s Personal Data (Under 18 Years)

The purchase of jewelry and access to our services is limited to individuals who are 18 years of age or older (Section 2(f)). We do not knowingly collect or process data from minors. If you are under 18, you must have your parent or legal guardian perform transactions on your behalf.

7. Your Rights as a Data Principal

Under the DPDP Act 2023, you hold the following rights:

  1. Right to Information: Confirm if we are processing your personal data, get a summary of the data, and obtain details of third parties with whom it was shared.
  2. Right to Correction & Completion: Request correction of inaccurate, incomplete, or outdated personal data.
  3. Right to Erasure: Request deletion of your personal data, subject to legal and regulatory retention requirements.
  4. Right to Withdraw Consent: Withdraw your consent for processing at any time. Withdrawal is as easy as giving consent and will be processed immediately.
  5. Right to Nominate: Nominate another individual to exercise your rights on your behalf in the event of death or incapacity (Section 14).

To exercise any of these rights, please contact our Grievance Officer using the details below.

8. Grievance Redressal Mechanism & Board Complaints

If you have any questions, feedback, or complaints regarding how your personal data is handled, please contact our designated Grievance Officer:

  • Name of Grievance Officer: [Insert Name, e.g., Sarthak Patel]
  • Designation: Grievance Officer (Data Protection)
  • Email Address: mayragold8282@gmail.com
  • Physical Address: 88/89, Yogeshwar Society, Shyamdham mandir, Sarthana Jakat Naka - Kamrej Rd, Surat, Gujarat 395013
  • Contact Number: 8282829438

We will acknowledge your request within 3 business days and resolve your grievance within 30 days.

If you are not satisfied with our resolution, you have the right to escalate your complaint to the Data Protection Board of India (DPBI) through their official digital portal.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our operational practices or regulatory requirements. Any updates will be published on this page with an updated "Last updated" date.