Privacy Policy
This Privacy Policy (“Policy”) was updated on 6th July, 2025 (“Effective Date”).
Seraphic Lifestyle Private Limited (“Cravings” or “Company”) is committed to respecting the privacy and safeguarding the personal data of its customers, website visitors, vendors, employees, and all other stakeholders. As a responsible brand engaged in the sale of lifestyle products through its digital & other platforms; Cravings recognises the critical importance of transparency, consent, and data protection in building lasting trust.
Cravings is committed to ensuring that all personal data is collected, stored, used, and shared in a secure, lawful, and fair manner. We believe in empowering our users with meaningful choices, data rights, and access to redressal mechanisms to protect their privacy interests.
WHEREAS
A. Seraphic Lifestyle Private Limited (“Cravings” or “the Company” or “the Brand”) operates an online lifestyle platform and is committed to protecting the personal data and privacy rights of its users and stakeholders in accordance with the highest standards of transparency, accountability, and ethical data governance;
B. The Company acknowledges that personal data, including sensitive personal data such as payment information, must be processed lawfully, with consent or legitimate basis, and handled in a manner that prevents misuse, loss, or unauthorized access;
C. Cravings aims to foster user trust and legal compliance by establishing this comprehensive Privacy Policy, which ensures that all individuals interacting with the Brand—whether as buyers, browsers, service providers, or personnel—are informed of their rights, the Company’s obligations, and the mechanisms available for grievance redressal and data protection;
NOW THEREFORE, Seraphic Lifestyle Private Limited hereby adopts this Privacy Policy to provide a clear, lawful, and user-friendly framework for the collection, processing, storage, and protection of personal data, thereby reinforcing its commitment to privacy, compliance, and responsible data stewardship.
1. DEFINITIONS AND INTERPREATION
1.1. Definitions: In this Policy (including the recitals above hereto), except where the context otherwise requires, the following words and expressions shall bear the meaning assigned to them below:
a) “Data Principal” shall mean the individual to whom the personal data relates, and includes any user, customer, website visitor, or individual whose personal data is processed by the Company.
b) “Data Fiduciary” shall mean Seraphic Lifestyle Private Limited, which determines the purpose and means of processing personal data in its capacity as a data fiduciary under the Act.
c) “Personal Data” shall mean any data about an individual who is identifiable by or in relation to such data, whether directly or indirectly, through reference to identifiers such as name, contact details, location data, online identifiers, or any other characteristic or attribute of identity.
d) “Sensitive Personal Data” shall mean personal data that relates to passwords, financial information such as bank account or credit card details, biometric data, and any other category of data notified as sensitive under applicable law.
e) “Processing” shall mean any operation or set of operations performed on personal data, whether or not by automated means, including collection, recording, organisation, structuring, storage, adaptation, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.
f) “Consent” shall mean any freely given, specific, informed, and unambiguous indication of the Data Principal’s agreement to the processing of their personal data for the intended purpose, either through a clear affirmative action or through any other prescribed manner under applicable law.
g) “Grievance Officer” shall mean the designated individual appointed by the Company to address privacy-related grievances and ensure redressal in accordance with the timelines and procedures under the Act.
h) “Third Parties” shall mean any external persons or entities, including service providers, contractors, consultants, logistics partners, and technology vendors, with whom personal data may be shared for business purposes, subject to appropriate safeguards.
i) “Data Breach” shall mean any unauthorised or accidental disclosure, alteration, loss, access, or destruction of personal data that compromises its confidentiality, integrity, or availability.
j) “Website” shall mean the online platform of the Company, accessible at https://cravingslifestyle.com/, including all subdomains and mobile applications operated by or on behalf of the Company.
k) “User” shall mean any individual who accesses or uses the Company’s website, interacts with its services, purchases products, or otherwise provides personal data to the Company.
l) “Cravings Team” or “Personnel” shall mean all full-time, part-time, probationary, temporary, or contractual employees, interns, consultants, and authorised representatives of the Company.
1.2. Interpretation
a) In addition to the terms defined above, certain terms may be defined elsewhere in this Policy, and wherever such terms are used, they shall have the meaning assigned to them.
b) Section headings are for convenience only and shall not affect the construction or interpretation of any provision of this Policy.
c) References to sections or annexures are, unless the context otherwise requires, references to sections or annexures of this Policy.
d) Where a word or phrase is defined, other parts of speech and grammatical forms and the cognate variations of that word or phrase will have corresponding meanings
e) Words denoting singular shall include the plural and vice versa, and words denoting any gender shall include all genders unless the context otherwise requires.
f) The terms “hereof”, “herein”, “hereto” and derivative or similar words refer to this entire Policy or specified Sections of this Policy, as the case may be.
g) All references to this Policy shall include any amendments or updates to this Policy, as approved by the designated authority from time to time.
2. PURPOSE
a) This Privacy Policy (“Policy”) applies to all Personal Data collected, received, processed, stored, disclosed, transferred, or otherwise handled by Seraphic Lifestyle Private Limited (“Cravings” or “the Company” or “the Brand”) in the course of its operations through its website https://cravingslifestyle.com/, mobile applications, communication platforms, or other digital interfaces owned or operated by the Company (“the Platform”). This Policy governs the privacy practices adopted by the Company in relation to:
(i) Individuals who visit, access, or use the Platform, including those who browse the Platform, place an order, register an account, or engage in any communication or transaction with Cravings (“Users”);
(ii) All categories of Data Principals whose Personal Data is processed by the Company, including customers, prospective customers, business partners, vendors, employees, consultants, service providers, and visitors who voluntarily provide their data;
(iii) Personal Data collected through the Platform, including but not limited to customer interactions, surveys, feedback forms, product inquiries, email communications, social media interactions, and payment gateways;
(iv) Personal Data processed in India, as well as data collected from Users outside India but processed or stored in India.
b) This Policy shall apply regardless of the device, platform, or medium used to access the Company’s services, including desktops, mobile phones, tablets, smart devices, and other digital channels.
c) This Policy does not apply to:
(i) Aggregated or anonymised information that does not, directly or indirectly, identify an individual;
(ii) Offline data collection;
(iii) Third-party websites, platforms, or applications which may be linked from the Company’s Platform but are not owned or operated by the Company. Users are encouraged to review the privacy policies of such third-party services independently;
(iv) Data that is collected or processed for purely personal, household, or journalistic purposes by individuals and is exempted under the provisions of the Digital Personal Data Protection Act, 2023.
d) By accessing or using the Platform or otherwise providing Personal Data to the Company, the User expressly acknowledges and agrees to the terms of this Policy, and consents to the processing of their Personal Data in accordance with the terms stated herein.
e) In case of any conflict between this Policy and any contractual terms agreed between the Company and any Data Principal, the provisions of the contractual terms shall prevail, unless otherwise required by applicable law.
3. CATEGORIES OF PERSONAL DATA COLLECTED
a) In the course of providing its products, services, and operating its Platform, the Company may collect and process the following categories of Personal Data, either directly from the User or through third-party service providers acting on its behalf:
|
CATEGORY |
DESCRIPTION |
SOURCE |
|
Identity Data |
Full name, username, gender, date of birth, profile photo (if provided), user ID |
User (during account registration or at checkout) |
|
Contact Data |
Email address, mobile number, billing address, shipping address |
Checkout forms, account registration |
|
Payment and Financial Data |
Credit/debit card number, UPI ID, bank account details, billing/ transaction ID, payment timestamps |
Payment gateway, order processing |
|
Order and Transaction Data |
Purchase history, order ID, cart items, delivery tracking number, mode of payment |
Platform backend, logistics partners |
|
Device & Technical Data |
IP address, browser type, device type, operating system, screen resolution, time zone, device identifiers |
Automatically via website or app |
|
Usage Data |
Browsing behaviour, clickstream, pages visited, time spent, items added to cart or wishlist |
Analytics tools, cookies |
|
Marketing & Communication Data |
Newsletter opt-in, promotional preferences, communication logs, feedback or responses |
User entries, CRM tools |
|
Account Credentials |
Hashed passwords, OTP verification records, login timestamps |
Registration & login systems |
|
Social Media Data |
Public profile name, or linked account data when logged in via social platforms |
Facebook, Google, etc. login integrations |
|
Customer Support Data |
Chat transcripts, service tickets, complaint records, call recordings |
Helpdesk tools, email/chat support |
|
Location Data |
Approximate geolocation or delivery location via IP or GPS (when permitted by the user) |
Device/browser during use |
|
Referral or Affiliate Data |
Referral codes, influencer coupon usage, affiliate tracking URLs |
Marketing platforms |
|
User-Generated Content |
Product reviews, comments, feedback, testimonials, and uploaded media (images/videos) |
Platform, user interaction |
b) The above Personal Data may be collected at the time of account creation, while placing an order, subscribing to newsletters, interacting with the Platform or customer care, participating in surveys or contests, or otherwise voluntarily provided by the User.
c) In addition to the above, the Company may collect certain Non-Personal Data (data that does not identify an individual directly or indirectly), which may include aggregated statistics, anonymised usage metrics, and analytics data, solely for internal research, service improvement, or marketing performance purposes.
d) The Company does not intentionally collect or process biometric data, health data, or official government identifiers (such as Aadhaar or PAN), unless specifically required by law or consented to by the User for a legitimate purpose.
4. PURPOSE OF DATA COLLECTION & USE
a) The Company collects and processes Personal Data only for lawful, and legitimate purposes. Such processing is done either with the consent of the Data Principal or as reasonably necessary for the performance of a contract (e.g. execution of a sale transaction), compliance with legal obligations, or for purposes permissible under applicable law.
b) The following table outlines the specific purposes for which each category of Personal Data may be collected and used:
|
PURPOSE OF PROCESSING |
CATEGORY OF PERSONAL DATA INVOLVED |
LEGAL BASIS UNDER DPDPA |
|
To process, fulfil and deliver orders |
Identity Data, Contact Data, Payment Data, Transaction Data, Location Data |
Performance of a contract; Consent |
|
To provide account registration and login functionality |
Identity Data, Account Credentials, Contact Data |
Consent; Legitimate use |
|
To communicate order updates and service-related information |
Contact Data, Order Data, Transaction Data |
Legitimate use; Performance of contract |
|
To personalise user experience and recommend products |
Usage Data, Device Data, Purchase History, Wishlist |
Consent (including via cookies); Legitimate use |
|
To conduct marketing campaigns and send promotional content |
Contact Data, Marketing Preferences, Purchase History |
Consent |
|
To conduct customer satisfaction surveys, reviews, and feedback |
Contact Data, Usage Data, Review Content |
Consent |
|
To provide customer service and resolve complaints |
Contact Data, Order Data, Support Data |
Legitimate use; Performance of contract |
|
To detect and prevent fraud, abuse or policy violations |
Identity Data, Device Data, Transaction Data |
Legitimate use; Legal obligation |
|
To comply with applicable legal, regulatory and tax requirements |
Identity Data, Transaction Data, Payment Data |
Legal obligation |
|
To maintain records for audit, dispute resolution, and risk management |
Identity Data, Transaction Data, Payment Data, Contact Data |
Legal obligation; Legitimate use |
|
To improve website performance, analytics and internal reporting |
Usage Data, Device Data, Aggregated Non-Personal Data |
Consent (including via cookies); Legitimate use |
|
To process influencer codes and affiliate marketing programs |
Referral Data, Identity Data, Transaction Data |
Consent; Performance of a contract |
c) The Company does not use Personal Data for any purpose other than those stated above and, where applicable, obtaining specific and informed consent from the Data Principal.
d) Where consent is the legal basis for processing, the User may withdraw such consent at any time by contacting the Grievance Officer or using the mechanisms provided on the Platform. However, withdrawal of consent may affect the ability of the Brand to deliver certain products or services.
e) The Company ensures that all processing of Personal Data is proportionate, limited to the extent necessary for the stated purposes, and in accordance with the principles of fairness, transparency, and accountability under applicable law.
5. LEGAL BASIS FOR PROCESSING
a) The Company processes Personal Data only when there is a lawful basis for such processing. The legal bases may include one or more of the following:
(i) Consent of the Data Principal: Where the Company collects Personal Data directly from a User or Data Principal, it shall do so after obtaining the individual’s free, specific, informed, unconditional, and unambiguous consent.
Examples:
1. Subscribing to marketing emails or newsletters;
2. Providing optional demographic details or feedback;
3. Participating in surveys, contests, or promotional campaigns;
4. Creating an account on the Platform.
(ii) The User may withdraw consent at any time by contacting the Grievance Officer. Such withdrawal shall not affect any prior lawful processing.
(iii) Performance of a Contract: The Company may process Personal Data where such processing is necessary to fulfil its obligations under a contract (e.g. execution of a sale transaction) with the Data Principal or to take steps before entering into a contract.
Examples:
1. Processing an order placed by a User;
2. Arranging for delivery, payment, and returns;
3. Providing customer support regarding the order.
(iv) Compliance with Legal Obligations: The Company may process Personal Data where it is legally required to do so under applicable laws, court orders, or regulations, including requirements imposed by government or law enforcement agencies.
Examples:
1. Complying with taxation and invoicing regulations;
2. Retaining records for audits;
3. Assisting law enforcement agencies in investigations;
4. Compliance with obligations under the Information Technology Act or applicable consumer laws.
(v) Legitimate Use: The Company may process Personal Data without consent for certain “legitimate uses” as explicitly provided under the DPDPA, including but not limited to:
|
LEGITIMATE USE CATEGORY |
EXAMPLE |
|
Voluntary Data Provided by User |
User submits details for placing an order or contacting customer support |
|
Provision of Benefit or Service |
Delivering a purchased product or issuing an invoice |
|
Legal Proceedings or Dispute Resolution |
Litigating legal claims, enforcing contractual rights |
|
Public Interest or Public Order |
Co-operating with investigations, law enforcement or public safety officials |
(vi) Public Interest or Public Health (If Applicable): In exceptional circumstances such as pandemics or emergencies, the Company may process Personal Data in the interest of public interest or public health, subject to applicable statutory permissions or directions from government authorities.
(vii) A list of categories of third parties (including some of their names, where applicable) with whom Personal Data may be shared is set out below. These third parties are contractually obligated to maintain the confidentiality and security of the data and to process such data strictly in accordance with applicable law and instructions issued by the Company.
|
CATEGORY |
PURPOSE OF PROCESSING |
SOME THIRD PARTY NAME(S) |
TYPE OF DATA SHARED |
|
Payment Processors |
To facilitate secure payments |
Razorpay, Paytm, Cashfree, Stripe, PhonePe, etc. |
Name, contact, transaction ID, masked card/ bank info |
|
Shipping & Logistics Partners |
To deliver orders and provide tracking |
Bluedart, Ekart, Nimbuspost, Delhivery, Shiprocket, etc. |
Name, contact, address, order details |
|
Email & SMS Communication |
To send order updates, alerts, and promotional messages |
Gupshup, Twilio Mailchimp, Sendinblue, etc. |
Email, phone number, communication logs |
|
Web Hosting & Infrastructure |
Website operation, backups, and performance |
Hostinger, AWS, Cloudflare, DigitalOcean, etc. |
Device metadata, IP address, access logs |
|
Marketing and Retargeting Tools |
Online advertising, analytics, and promotional campaigns |
Meta (Facebook), Google Ads, Instagram, Hotjar, CleverTap, etc. |
IP address, browsing behavior, cookies |
|
Customer Support Tools |
Customer query management and ticketing |
Freshdesk, Zoho Desk, Intercom, etc. |
Name, contact, chat logs, order info |
|
Analytics & Tracking Providers |
Monitor website usage and improve services |
Google Analytics, Microsoft Clarity, Facebook Pixel, etc. |
IP, session data, page visits, clicks |
|
Affiliate/Influencer Platforms |
Track referral codes, commissions |
Refersion, custom influencer codes, Impact.com, etc. |
Referral ID, coupon usage, transaction data |
|
Internal Consultants & Auditors |
Legal, tax, or compliance purposes |
CA firms, Legal counsels, Compliance auditors, etc. |
Financial, order, and sometimes user data |
|
Government or Legal Authorities |
Legal compliance, law enforcement |
Income Tax Dept., Police, Consumer Forums, GST, etc. |
Any legally mandated personal data, upon request |
(viii) The Company may maintain detailed internal records applicable to each processing activity, and such records may be reviewed periodically.
(ix) In cases where the legal basis for processing changes (e.g., from contract to consent), the Company may notify the Data Principal and, where required, obtain fresh consent before proceeding.
6. CONSENT MANAGEMENT
a) Obtaining Consent: The Company shall obtain the consent of the Data Principal before collecting or processing any Personal Data, unless the processing is permitted under legitimate use or legal obligation in accordance with Section 5 of this Policy.
b) Consent may be obtained at the point of data collection, such as during:
(i) Account registration;
(ii) Checkout and payment stages;
(iii) Subscription to newsletters or marketing communications;
(iv) Participation in contests, surveys, or referral programs;
(v) Accepting cookies and similar tracking technologies on the website.
c) Refusal or Conditional Consent:
(i) Users have the right to refuse consent for optional features (such as marketing communications) without affecting their access to essential services (such as ordering products).
(ii) Any conditional consent that ties unrelated services or benefits to the provision of Personal Data is not enforced by the Company, unless reasonably necessary for the functioning of such services.
d) Withdrawal of Consent:
(i) The Data Principal may withdraw consent at any time by:
1. Using the unsubscribe or opt-out links in emails or messages;
2. Contacting the Grievance Officer directly at customer@giveintothecravings.com
e) Upon withdrawal of consent:
(i) The Company shall cease processing the concerned Personal Data within a reasonable time, unless required to retain it under law;
(ii) Certain services may become unavailable to the User where such services are dependent on the withdrawn data.
f) Consent for Minors:
(i) The Company does not knowingly collect Personal Data from individuals below the age of 18 years without verifiable parental or guardian consent.
(ii) If the Company becomes aware that Personal Data of a minor has been collected without lawful parental consent, such data shall be promptly deleted.
7 CHILDREN’S DATA
a) The Company is committed to protecting the privacy of children.
b) For the purposes of this Policy, a child is defined as an individual who has not completed the age of 18 years, unless a different age threshold is prescribed by applicable law.
c) The Company does not knowingly collect, process, or store Personal Data from children unless:
(i) It is necessary for delivering a service explicitly intended for child users; and
(ii) Verifiable parental or guardian consent has been obtained through acceptable means, such as a digitally signed declaration or validated OTP-based consent process.
d) If it comes to the Company’s attention that Personal Data of a child has been collected without lawful consent, the Company shall:
(i) Promptly delete such Personal Data from its systems; and
(ii) Notify the parent or guardian, if identifiable, of such deletion.
e) The Company does not engage in behavioural tracking, profiling, or targeted advertising towards children, directly or indirectly, in compliance with the prohibitions under Section 9 of the DPDPA.
7. COOKIE AND TRACKING TECHNOLOGIES
a) The Company uses cookies and similar tracking technologies (such as pixels, beacons, and local storage) on its Website and mobile applications to enhance user experience, deliver personalized content, enable core functionalities, analyze usage trends, and facilitate marketing campaigns.
b) Cookies help enhance user experience, secure accounts, and analyse traffic. You can manage your cookie preferences in your browser settings.
8. DATA SHARING AND THIRD-PARTY TRANSFERS
a) Internal Access and Sharing: Personal Data collected by the Company may be accessed by authorised internal teams, including (but not limited to) operations, customer support, marketing, logistics coordination, product development, finance, and compliance; on a need-to-know basis. All such access is governed by internal access controls, confidentiality obligations, and data minimisation principles.
b) Third-Party Disclosures: The Company may share Personal Data with trusted third-party service providers, vendors, and business partners (collectively, “Third Parties”) for the purpose of enabling the Company to provide its products and services efficiently. These Third Parties may process Personal Data on behalf of the Company and are bound to comply with applicable data protection laws, maintain data confidentiality, and use the data only for the specified purposes. A summary of categories of Third Parties with whom data may be shared, and the purpose of sharing, is set out in Section 5(a)(vii) above and Section 8(c) below.
c) Categories of Third Parties May Include:
(i) Payment gateways and processors – to facilitate secure payment transactions;
(ii) Shipping and logistics providers – to deliver products to customers;
(iii) Cloud hosting and IT infrastructure providers – to securely store and manage Platform data;
(iv) Marketing, analytics, and advertising agencies/tools – to run campaigns and personalise content;
(v) Customer support and CRM tools – to resolve service requests and complaints;
(vi) Auditors, legal counsels, tax advisors – for regulatory, dispute, or audit purposes;
(vii) Government authorities or law enforcement agencies – when required under applicable laws or court orders.
d) Cross-Border Transfers:
(i) As of the effective date of this Policy, the Company stores and processes all Personal Data on servers located within India. However, certain third-party tools and service providers may process data on infrastructure located outside India, subject to appropriate safeguards.
(ii) Any transfer of Personal Data outside India (if required in the future) shall be conducted in accordance with the applicable law, and any future rules or government-issued notifications relating to cross-border transfers of data.
(iii) The Company shall endeavor that any such data transfers are made:
1. To countries or territories recognised by the Indian Government as having adequate data protection standards; or
2. Pursuant to appropriate contractual arrangements (such as standard contractual clauses or data protection agreements) that ensure adequate data protection.
(iv) No Sale of Personal Data: The Company does not sell, rent, trade, or otherwise monetise Personal Data of its Users to any third party for direct commercial gain.
(v) Aggregated and Anonymised Data: The Company may share anonymised or aggregated data (which does not identify an individual directly or indirectly) with business partners, advertisers, and/or research agencies for the purpose of market analysis, trend detection, and/or improving its services. Such data is outside the scope of “Personal Data” as defined under applicable law.
(vi) Due Diligence and Oversight: The Company endeavours that all Third Parties who receive or process Personal Data, should ensure that:
1. Data is processed only for legitimate and stated purposes;
2. Adequate security measures are in place to prevent misuse or unauthorised access;
3. Processing should cease upon completion of the contractual purpose or termination of engagement.
9. DATA RETENTION & STORAGE
a) Retention Principle: The Company retains Personal Data only for as long as is reasonably necessary to:
(i) Fulfil the purpose for which it was collected;
(ii) Comply with legal or regulatory obligations;
(iii) Resolve disputes, enforce contracts, or defend legal claims;
(iv) Maintain records for auditing, taxation, or business continuity purposes.
b) The retention period is determined by the nature of the data, the purpose of processing, and any applicable legal and/or contractual requirements.
c) Data Retention Timelines:
|
CATEGORY OF DATA |
TYPICAL RETENTION PERIOD |
LEGAL/OPERATIONAL BASIS |
|
Identity and Contact Data |
Three years from last activity or transaction |
Statutory limitation period for claims, customer support |
|
Order and Transaction Data |
Eight years from date of transaction |
Income Tax Act, accounting and audit requirements |
|
Payment and Financial Data |
Retained as per Payment Aggregator & RBI Guidelines |
Regulatory requirements and fraud detection |
|
Customer Support and Complaint Logs |
Three years from last contact |
Dispute resolution and quality assurance |
|
Marketing Preferences and Opt-in Data |
Until withdrawal of consent or inactivity beyond two years |
Consent-based processing |
|
Analytics and Usage Data |
Twelve–Eighteen months from date of collection |
Internal performance and improvement analysis |
|
Account Credentials |
Until account is deleted or deactivated |
Contractual necessity for user authentication |
|
Unused or Dormant Account Data |
Two years of inactivity (with 30-day prior notice before deletion) |
Data minimisation and retention compliance |
|
Anonymised or Aggregated Data |
Retained indefinitely |
Outside scope of “Personal Data” under DPDPA |
Note: The above periods are subject to change in case of any legal proceedings, enforcement actions, or statutory hold directives.
d) Deletion and De-identification: Upon expiration of the applicable retention period, Personal Data is either:
(i) Permanently deleted from all systems; or
(ii) Anonymised or de-identified in a way that prevents re-identification of the Data Principal.
The Company endeavors that deletion is performed in a secure manner using industry-standard sanitisation or erasure methods.
e) Right to Request Deletion:
(i) A Data Principal may request deletion of his/her Personal Data where:
1. The data is no longer necessary for the purpose for which it was collected;
2. Consent has been withdrawn and there is no other legal basis for retention;
3. The data has been unlawfully processed.
(ii) Such requests will be honoured subject to legal and contractual retention obligations and shall be responded to within a reasonable period.
f) Policy Review and Updates: The Company periodically reviews its data retention schedules and storage practices to ensure compliance with evolving legal standards and operational needs. Any changes to retention durations will be done through an update to this Policy.
10. NOTIFICATION OF PERSONAL DATA BREACH
a) Cravings adopts a proactive approach for identifying, mitigating, and responding to any personal data breach. A personal data breach refers to any unauthorised or accidental disclosure, alteration, loss, destruction, or access to Personal Data that compromises its confidentiality, integrity, or availability—whether caused by technical failures, malicious attacks, human error, or organisational gaps.
a) Data Breach Response Procedure and Timelines: In the event of a suspected or confirmed data breach, the Company shall activate its internal Data Breach Response Procedure.
b) User Cooperation: Users who become aware of any potential compromise of their account, such as unauthorised login attempts, phishing emails, or suspicious transactions, must report the same immediately by emailing customer@giveintothecravings.com. The Company will investigate such reports on priority and take appropriate action.
11. GRIEVANCE REDRESSAL MECHANISM
a) Cravings is committed to addressing all privacy-related concerns, complaints, and requests in a transparent, secure, and time-bound manner. The Company has appointed a Grievance Officer to ensure proper handling of grievances related to Personal Data.
b) Lodging a Grievance: If you have any concerns or grievances regarding:
(i) Denial or delay in fulfilling your data rights;
(ii) Misuse, unauthorised access, or mishandling of your Personal Data;
(iii) Withdrawal of consent not being respected;
(iv) Violation of any terms of this Privacy Policy;
(v) Any breach of applicable data protection laws;
Users may raise complaints or concerns in writing to:
Email: customer@giveintothecravings.com
Address: Seraphic Lifestyle Private Limited, No. 118, Sector-74, block 2/R2, M3M cornerwalk, Gurugram, Haryana, 122004
Contact Number: +91 92115 71676
Grievances will be acknowledged within 48 hours and resolved within 15 working days.
c) Grievance Handling Procedure and Timelines:
|
STAGE |
ACTION |
TIMELINE |
|
Acknowledgement |
The Grievance Officer will acknowledge receipt of your complaint. |
Within 48 hours |
|
Initial Review |
Assess completeness and legitimacy of the grievance. |
Within 2 working days |
|
Investigation and Resolution |
Conduct internal inquiry, coordinate with relevant departments, resolve issue. |
Within 7 working days |
|
Notification of Outcome |
Communicate resolution decision or status update to the complainant. |
Within 10 working days total |
12. FORCE MAJEURE
The Company shall not be held liable for any failure or delay in performing its obligations under this Privacy Policy, including the processing of rights requests or breach notifications, due to circumstances beyond its reasonable control. Such events may include natural disasters, war, civil unrest, pandemic, governmental actions, electricity or internet outages, cyberattacks, or other force majeure events. During such periods, the Company will take reasonable steps to mitigate the impact and restore normal operations as soon as practicable.
13. GOVERNING LAW AND JURISDICTION
This Privacy Policy shall be governed by and construed in accordance with the laws of India. Any disputes arising out of or in connection with this Policy shall be subject to the exclusive jurisdiction of the competent courts located in [New Delhi], India, without regard to conflict of law principles.
14. CHANGE IN OWNERSHIP OR CONTROL
In the event of a merger, acquisition, reorganisation, or sale of all or a portion of the Company’s assets or business, Personal Data held by the Company may be transferred to the successor entity. Such transfer will continue to be governed by the terms of this Privacy Policy unless and until it is amended by the successor with due notice to Users.
15. POLICY UPDATES AND NOTIFICATION
The Company may update or modify this Privacy Policy from time to time to reflect changes in legal requirements, business practices, or technological advancements. Any material changes will be notified through:
(i) Prominent notices on the Platform; or
(ii) Email communication to registered Users (where applicable); or
(iii) Updates to the “Last Updated” date at the top of this Policy.
Users are encouraged to periodically review this Policy to stay informed of how their Personal Data is protected.
16. CONTACT US
If you have any questions, concerns, or require clarification regarding this Privacy Policy, the processing of your Personal Data, or your rights as a Data Principal, you may contact our designated
Grievance Officer by email at customer@giveintothecravings.com
By continuing to access or use the Platform, you acknowledge that you have read and understood this Privacy Policy and agree to its terms. Your continued use of the services constitutes your consent to the collection, processing, and disclosure of your Personal Data in accordance with this Policy.
This Privacy Policy shall remain in effect until it is updated, superseded, or revoked by the Company.