Maanvira Botanics (“we”, “us”) is committed to protecting your personal information. We collect data such as name, contact and payment details to process orders and provide services, and use cookies and analytics to improve your experience. We only gather what is necessary, use it for stated purposes, and keep it secure. We will never sell your personal data. This policy explains what data we collect, why, who we share it with, and your rights (under India’s new Digital Personal Data Protection Act and, if you are an EU resident, the GDPR). You can contact us at [insert contact email] with any questions or to exercise your rights.

Definitions

  • Personal Data: Any information relating to an identified or identifiable individual (for example name, email address, phone number, delivery address, payment details). Sensitive personal data (e.g. financial information like bank or card details, health data, biometric data, etc.) is handled with extra care.
  • Data Controller/Data Fiduciary: The organisation (Maanvira Botanics) that decides how and why your data is processed.
  • Data Processor: A service provider (like a payment gateway or courier) that processes data on our behalf under contract.
  • Data Subject/Data Principal: You, the individual whose personal data is collected.
  • Cookies: Small text files placed on your device to collect standard Internet log information and visitor behavior (e.g. preferences, login status, analytics).

Data We Collect

We collect only the personal data needed for clear business purposes. Typical data we collect includes:

  • Identity & Contact: Name, email address, postal address, phone number (for order processing and delivery).
  • Account and Login: Usernames, passwords (securely hashed), and profile details if you create an account with us.
  • Payment Information: Payment card or bank details as required for transactions (handled through secure third-party payment processors). We do not store complete payment card details ourselves, only confirmations or tokens needed to fulfil your order.
  • Order History: Records of products ordered, purchase amounts, invoices or receipts (for order fulfilment, returns or accounting).
  • Communications: Any messages you send us (e.g. customer service inquiries) and our responses (to manage support requests and improve service).
  • Marketing & Preferences: If you subscribe to newsletters or marketing, we collect your email address and consent preferences. You can opt out anytime.
  • Cookies & Usage Data: We collect data on your device and browsing (e.g. IP address, browser type, pages visited) via cookies and similar technologies to help run our site and improve it. We distinguish between essential cookies (e.g. to keep your shopping cart) and non-essential (analytics, marketing).

We limit collection to what’s necessary for each purpose. This matches India’s IT rules requiring disclosure of the types of data collected and their use.

How We Use Your Data

We use your personal data for the following purposes (as disclosed at collection):

  • Order Fulfilment: To process and deliver your orders, send order updates, confirmations and invoices.
  • Account Management: To operate your user account, authenticate logins, and allow you to track orders.
  • Payments: To bill you and to prevent fraud (processing through secure payment gateways).
  • Communications: To respond to your enquiries, comments or complaints, and to send you service-related notices.
  • Marketing: To send you our newsletter and promotional offers only if you have opted in. You can unsubscribe or opt out at any time. We may also show you personalised ads on other websites, based on your browsing of our site (where permitted by law).
  • Analytics & Improvement: To monitor and analyse the performance of our website (for example via Google Analytics) and to improve our products, content and user experience.
  • Legal Compliance: To comply with legal obligations (e.g. tax and accounting rules, dispute resolution).
  • Security: To protect against fraud and abuse.

Each purpose corresponds to one or more legal bases: for example, processing your order is necessary to perform our contract with you, and sending marketing with your consent. We use your data only in accordance with these purposes.

Legal Basis for Processing

Under India’s Digital Personal Data Protection Act (DPDP Act), we primarily rely on your consent or on contractual necessity. For instance, we need certain data to deliver your order (performance of contract) and to send you order confirmations. We rely on consent to send marketing or cookies. Under the GDPR (for EU residents), the lawful bases include:

  • Consent: Where you have agreed (e.g. to newsletters or non-essential cookies).
  • Performance of a Contract: Your data is needed to fulfil your order and provide services.
  • Legitimate Interests: Our interest in running our business (e.g. improving our site, securing our site, or preventing fraud) provided it does not override your privacy rights.
  • Legal Obligations: Compliance with laws (for example, keeping certain records for tax law).

We never use data beyond the scope disclosed to you.

Sharing with Third Parties

We do not sell your personal data. We may share your data with trusted third parties only as needed to carry out our services:

  • Payment Processors: (e.g. Stripe, Razorpay, PayU) to handle payments. These processors only use data to confirm payment. They are bound by contract and law to protect data.
  • Shipping/Couriers: (e.g. DHL, FedEx, local couriers) to deliver your orders. We provide only the details needed for delivery.
  • IT and Hosting Providers: (e.g. AWS, Google, website host) that host or operate our website and data.
  • Email/Marketing Services: (e.g. Mailchimp) that send newsletters and collect analytics.
  • Analytics and Advertising: We use services like Google Analytics and (if applicable) ad networks (Facebook, Google Ads) to track site usage. These providers may place their own cookies; please see our Cookie section below for details.
  • Legal and Safety: If required by law, regulation or court order, or to protect rights or safety, we may share data with legal authorities or other parties.

All third-party providers who process data on our behalf (data processors) are contractually required to safeguard your information and use it only as we instruct. We require that they meet data protection standards.

Cookies and Tracking Technologies

Our website uses cookies and similar tracking tools:

  • Necessary Cookies: Always active. These help with basic functions (e.g. keeping your cart, processing logins, remembering language preferences).
  • Analytics Cookies: To count visits, understand user behavior, and improve our site (e.g. Google Analytics). These collect only aggregate, anonymous data about pages visited and time spent.
  • Marketing Cookies: To personalise and measure ads (for example retargeting ads on other sites).

Under the DPDP Act (and similarly under EU law), we obtain your explicit consent before placing non-essential cookies. You will see a cookie consent banner; if you decline, those cookies will not be set. You can also manage or delete cookies via your browser settings (see below).

For more about cookies, see our Cookie Preference Centre on the site. In general, you may disable cookies in your browser (though this may affect site functionality). To learn more about cookies, you may visit a site like www.allaboutcookies.org or consult your browser’s help pages.

Your Rights

You have rights over your personal data. These include (where applicable):

  • Right to Access: You can request a copy of the personal data we hold about you.
  • Right to Rectification: You can ask us to correct any inaccurate or incomplete data (for example, change your address).
  • Right to Erasure: You can request deletion of your data when it’s no longer needed for the purposes described, or if you withdraw consent (subject to legal exceptions).
  • Right to Restrict Processing: You can ask us to limit processing (for example, while a complaint is resolved).
  • Right to Data Portability: You can request a transfer of your data to another organisation, if feasible.
  • Right to Object: You can object to processing based on our legitimate interests (for example, direct marketing or profiling).
  • Right to Withdraw Consent: You may withdraw consent for any processing where we rely solely on consent (e.g. marketing, cookies) at any time.
  • Right to Lodge a Complaint: If unsatisfied, EU residents can complain to their data protection authority. In India, you may direct concerns to the Data Protection Board once it is operational.

To exercise any right, please contact us at [insert contact email/DPO]. We will respond within one month (as required by law) at no cost to you. We will verify your identity before acting on requests.

Data Retention

We retain personal data only for as long as necessary for the purposes outlined above. Once the data is no longer needed (or if you withdraw consent, when applicable), we securely delete or anonymise it. For example: order and payment records may be kept for at least seven years to comply with tax and financial regulations, after which they will be deleted. We review our data regularly and remove any outdated or unnecessary information.

Security Measures

We implement appropriate technical and organisational security measures to protect your data from unauthorised access, alteration or loss. These include encryption (HTTPS/SSL), firewalls, access controls and secure data centers. Only authorised employees or contractors (bound by confidentiality) can access personal data for lawful purposes. However, no system is 100% secure; if a data breach occurs, we will follow legal requirements (including notifying the Data Protection Board of India and affected individuals).

International Transfers

Your data may be processed and stored outside India (for example, by our cloud or email providers). The DPDP Act allows such transfers unless specifically restricted by government notification. Where we transfer data outside the EU/EEA (for EU users), we will use approved mechanisms: for instance, by relying on countries the EU has deemed adequate, or by using Standard Contractual Clauses (or other safeguards as required by GDPR). We ensure any international transfers comply with applicable data protection laws and maintain your data security.

Children’s Privacy

Our products and services are not directed at children under 18. We do not knowingly collect personal data from minors. If you are a child (under 18) or the parent/guardian of a child who has provided us data without consent, please contact us. We will delete any such data unless we have verifiable parental consent. In line with Indian law, parental consent is required before processing a child’s data; in any event, we will not use a child’s data for profiling, marketing or any processing that could harm them.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time (for example, if laws change or our services evolve). When we do, we will revise the Effective Date below and post the updated policy on this page. We recommend you review this policy periodically. For significant changes, we may notify you by email or a notice on our website. Your continued use of the Site after such changes will constitute acceptance of the new policy.

Effective Date: 2 April 2026
Contact: If you have any questions about this policy or our privacy practices, please contact: [insert contact email/DPO].

Close

Your Shopping cart

No products in the cart.