PRIVACY POLICY

1. DEFINITION AND SCOPE
 
1.1 Personal Information (PI): Information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person.

1.2 Sensitive Personal Data or Information (SPDI): Means certain types of PI specified under the SPDI Rules, which are mandatorily protected, including:

• Passwords.

• Financial information (Bank account, credit card, debit card, or other payment instrument details).

• Physical, physiological, and mental health condition (not typically collected by us, but covered for legal robustness).

• Medical records and history (not typically collected by us, but covered for legal robustness).

• Biometric information (not typically collected by us).

 
2. INFORMATION WE COLLECT

​

We only collect information that is necessary for a lawful purpose connected with our business functions, such as fulfilling product orders and enhancing your experience. The information we collect falls into three categories:
 

A. Personal Information (PI): This includes data that can identify you directly or indirectly. We collect your Name, Email Address, Phone Number, Shipping Address, Billing Address, and records of your Purchase History and product preferences. This information is primarily collected when you register an account, subscribe to our newsletter, or place an order.
 

B. Sensitive Personal Data or Information (SPDI): This includes data requiring a higher level of protection under the SPDI Rules. When you make a purchase, we collect your Financial Information (Credit/Debit Card details, UPI IDs, or other payment instrument details). Crucially, this financial SPDI is processed entirely by PCI DSS compliant third-party payment gateways and is NOT stored on our servers.
 

C. Technical and Usage Data: We automatically collect data about your device and browsing activity, such as your IP address, browser type, operating system, pages viewed, and time spent on the Website. This data helps us ensure website security, prevent fraud, and optimize the site for a better shopping experience.

 3. CONSENT AND OPT-OUT MECHANISM
 
3.1 Explicit Consent for SPDI: We only collect your SPDI when you actively provide it during checkout. By proceeding with a purchase, you provide your explicit, informed consent for the collection and processing of your SPDI necessary to complete the transaction.

3.2 Option to Withhold or Withdraw Consent (MANDATORY):

• You have the option not to provide the personal data or SPDI sought to be collected.

• You have the right to withdraw your consent given earlier for the collection and processing of any PI or SPDI.

• To withdraw consent, you must send a request in writing to the Grievance Officer (details below).

• Consequence of Withdrawal: If you withdraw consent, we may no longer be able to provide you with access to our services, including processing pending orders or managing your account.

 
4. USE AND DISCLOSURE OF INFORMATION (PURPOSE LIMITATION)
 
4.1 Internal Use: We process your information strictly for the purposes for which it was collected, including:

• Fulfilling your e-commerce purchase orders and delivering our mass premium products.

• Improving the Website and customizing your experience.

• Communicating with you about new Aromatherapy products, offers, and promotions (only with explicit consent).

• Conducting internal quality assessment and security checks.
   

4.2 Disclosure to Third Parties (Prior Permission Required):

• We DO NOT sell or rent your Personal Information or SPDI to third parties for their independent marketing purposes.

• Disclosure of SPDI to any third party requires your prior permission, except in the following necessary circumstances:

  • Service Providers: Sharing with trusted partners (e.g., shipping carriers for delivery, payment gateways for secure processing, cloud hosting providers for storage).

  • Legal Compliance (MANDATORY): Sharing with Government agencies mandated by law (e.g., Police, Courts, Tax Authorities) for the purpose of identity verification, prevention of cyber incidents, or investigation. Such requests are always made in writing.

 
5. DATA SECURITY AND RETENTION
 
5.1 Security Practices (MANDATORY): We implement "Reasonable Security Practices and Procedures" as mandated by the SPDI Rules, which include administrative, technical, and physical safeguards appropriate to the nature of the data being protected. We use SSL encryption for data transmission and ensure that payment processing is handled by compliant third-party processors.

5.2 Data Retention: We retain your PI/SPDI only for as long as necessary to fulfill the purpose for which it was collected, or as required by law (e.g., tax records). Once the purpose is served, or consent is withdrawn, we will cease to retain the data and take steps to delete or anonymize it.
 
6. GRIEVANCE REDRESSAL (MANDATORY)
 
In case of any discrepancies or grievances regarding the processing of your Personal Information or SPDI, you may contact our designated Grievance Officer whose details are published below.

Grievance Officer: Ketaki Bapat
Email : contact.florianaturals@gmail.com
Contact Number: 9767217909
Address: 533, Dhamangaon, Saphale West, Palghar, Maharashtra

The Grievance Officer is obligated to redress your grievances expeditiously and within one (1) month from the date of receipt of the grievance.
 
7. CHANGES TO THIS PRIVACY POLICY
 
We reserve the right to update this Policy periodically to reflect changes in our data practices or legal requirements. We will notify you of any material changes by posting the new Policy on this page and updating the "Effective Date" at the top of the document. Your continued use of the Website after any change constitutes your acceptance of the revised Policy.