PRIVACY POLICY

 

The website www.arata.in (“Website”) is operated by Slick Organics Private Limited, a company incorporated under the laws of India (hereinafter referred to as “Arata”, “our”, “us” or “we” which shall include a reference to our affiliates, associates, sister concerns, etc.).

We are committed to protecting and respecting your privacy. Any information or data collected and processed on the Website is done in accordance with the provisions of the applicable national laws relating to the collection and processing of personal data. Please read the following carefully to understand our practices regarding the collection and processing of your information and data.

This Privacy Policy (“Policy”) is required to be read in conjunction with the Terms of Use. This Policy explains how we collect, use, transfer and process your Personal Information (as defined below) through the Website of the individuals who browse or access the Website or provide information on or through the Website, or whose information Arata otherwise collects, receives or processes in connection with the offer and sale of its products, including through third-party platforms. By accessing and/or using the Website and providing the information as requested and detailed in this Policy, you represent that you have read, understood and are bound by the Terms of Use and this Privacy Policy, and that you consent to your information and data being collected, stored and used in the manner laid out in this Policy.

The entity responsible for protecting your data collected from your use of the Website and complying with the applicable national laws is SLICK ORGANICS PRIVATE LIMITED, having its offices at D-1, (Basement, First Floor ,Second Floor) Local Shopping Centre, Soami Nagar, Malviya Nagar (South Delhi), New Delhi -110017.

For the purpose of this Policy, “Personal Data” or “Personal Information” means any information which can be used, directly or indirectly, including in combination with other information available or likely to be available with us, a specific individual.

What personal data is being collected?

Where appropriate, we will ask for your consent to process the Personal Data. Where you have given consent for processing activities, you have the right to withdraw your consent at any time by writing to us at [email protected].

It is not mandatory for you to provide all the information or data requested by Arata on the Website. Please note that if you choose not to provide the necessary information, we may not be able to provide you with the entire suite of our products or services, or with a high quality of service or respond to any queries you may have.

These are the categories of Personal Data we collect directly or indirectly from you:

  1. Identity information which includes your name, date of birth, e-mail address, password, social media identifiers and information shared with us by third-party platforms.
  2. Contact information which includes your mobile phone number, shipping and billing addresses, e-mail address or any other communication channel you have used to contact us for more information.
  3. Purchase information which includes your payment information and related financial information, bank account details, shopping cart (your ordered items), delivery details, shipping and billing address, customer order number, purchase history, transaction ID, and any other information related to your purchase through the Website.
  4. Behavioral and profile information which includes your shopping history, items that you have added to your wishlist or cart, preferred language, log-in location, your browsing behaviour, your browsing preferences, your shopping preferences, product reviews, social media interactions with us, and any other information we have about you, including information available with third-parties, to help us learn you as a consumer better. We also receive and store certain data such as IP address, device ID, location data, computer and connection information such as browser type and version, time zone setting, browser plug-in types and versions, operating system, and purchase history whenever you interact with us online, including through third-parties.

To optimize our web presence, we use cookies. This allows us to improve your access to the Website and also helps us to learn more about your interests and provide you with essential features and services including: (a) conducting research and diagnostics to improve the content, products and services; (b) preventing fraudulent activity and (c) improving security. Approved third parties may also set cookies when you interact with the Website. These third parties include search engines, providers of analytical services, social media networks and advertising companies. You can prevent the storage of cookies by choosing a “disable cookies” option in your browser settings.

The Website may include and link to features and services (such as social applications like Facebook, Twitter, LinkedIn) that are provided by a third party. If you use these features and services, please understand that the third parties that operate them may collect information from you which will be used in accordance with their own privacy policy and terms of use, which may differ from ours. We do not accept any responsibility or liability for these third-party policies or for any personal data that may be collected by or through these websites or services. You should always read the privacy policy of any feature or service you access carefully in order to understand the specific privacy and information usage practices.

What purpose do we use your data for?

We collect, process and disclose your Personal Data only for specific and limited purposes which is necessary to ensure accurate and quality services are provided to you and which is required to process your order of any product on the Website or provide a refund and other related functions, including to continually improve products and services offered by Arata.

We collect, process and disclose your personal data for the following purposes:

  1. To verify your identity;
  2. To fulfil product purchases through the Website and process your payments and to provide you with your order status;
  3. To process and answer your inquiries or to contact you to answer your questions and/or requests;
  4. To develop and improve our products, services, communication methods and the functionality of our websites;
  5. To communicate with you about your account and activities on the Website;
  6. To communicate information to you and to manage your registration and/or subscription to our newsletter or other communications;
  7. To send communication related to order updates and offers through e-mail, SMS and social media channels;
  8. To manage our everyday business needs regarding your participation in promotional activities;
  9. To authenticate the identity of individuals contacting us by telephone, electronic means or otherwise;
  10. For internal research on customer demographics, interests and behaviour;
  11. For internal training and quality assurance purposes;
  12. To respond to reviews, comments or other feedback provided to us;
  13. To provide personalised product recommendations;
  14. To comply with any applicable law, legal obligation, court order, regulation, legal process or enforceable government request.

When we collect and use your personal data for purposes mentioned above and for other purposes, we will inform you before or at the time of collection.

We may also collect and/or generate anonymized and aggregated information from your use of the Website. The anonymized or aggregated information is not Personal Information since we are not able to re-identify you using any means available to us from that anonymized or aggregated information. The anonymized and aggregated information is used for a variety of functions, including to help us identify and remediate any bugs, and to improve the performance of our Website. We may use such information in a number of ways, including analytics and research. We may share this information with third parties for our or their purposes in an anonymized or aggregated form that is designed to prevent anyone from identifying you.

Disclosure, transfer and sharing of information

Depending on the purpose of processing Personal Data, your Personal Data might be shared with third-party entities. We may share your data with:

  1. Our affiliates and third-party service providers. Service providers who perform services on our behalf based on our instructions such as companies that host or operate the Website, process payments, analyse data, provide customer service, postal or delivery services, and sponsors or other third-parties that participate in or administer our promotions. They have access to personal data needed to perform their functions but may not use it for other purposes. Further, they must process this personal data in accordance with this Policy and as permitted by applicable data protection laws and regulations.
  2. Other third-parties. We may use your personal data or share it with partners like sponsors, advertisers, advertising networks and servers, and social media networks for marketing, promotions, and product updates. If these partners use your data for their own purposes, they must obtain your consent or have a legitimate reasontodoso.
  3. Business transfers. We will primarily use your personal data for business and operational purposes. As Arata grows, it may buy or sell assets, subsidiaries, or business units. In such cases your Personal Data will typically be transferred as a business asset. The data will still be protected by existing privacy policies, unless you provide your consent to the contrary. Additionally, if another entity acquires us , our businesses or substantially all or part of our assets, or assets related to Arata’s websites, your Personal Data may be shared during the acquisition as part of the due diligence process and transferred to the new entity. Also, if any bankruptcy or reorganization proceeding is brought by or against us, all such personal data will be considered an asset of ours and as such it is possible they will be sold or transferred to third-parties.
  4. Legal disclosure. We may transfer and disclose your personal data to third-parties to comply with any legal obligation, court order, subpoena, at the request of governmental authorities conducting an investigation;

International data transfers

Arata may share personal data or processed data across international borders for purposes described in this Policy but will make sure that the personal data is protected in a similar manner. However, your data will only be transferred if permitted and in accordance with applicable local and international regulations.

How do we protect your personal data?

Arata prioritizes the security of your personal data. To safeguard it, we implement robust access controls, leverage cutting-edge information security capabilities to protect our IT environments and encrypt, pseudonymise, and anonymise personal data wherever possible. We've also established processes to enhance protection of personal data, privacy, and lawful processing and implemented safeguards to ensure confidentiality and security. Access to your personal data is only permitted among our employees and agents on a need-to-know basis and subject to strict contractual confidentiality obligations when processed by third-parties for the purposes stated in this Policy.

How long do we keep your personal data for?

We will keep your personal data for as long as it is reasonably required for the purpose it is being processed for or otherwise permitted or required by applicable laws and regulations.

What are your rights?

Where we process your Personal Data, you have several rights over how the data is processed and can exercise these rights at any point. You can exercise your rights by contacting us as provided below. We have provided an overview of some of these rights below together with what this entails for you:

  1. Right to correction and erasure of personal data: You have the right to make sure we are using the accurate details about you and you may request to review and correct any inaccurate Personal Data we have of you.
  2. When we use your Personal Data based on your consent, you have the right to withdraw your consent at any time by writing to us. In the event that you withdraw consent given earlier we have no obligation to provide goods or services for which the said information was sought.
  3. You have the right to raise any discrepancies or grievances with respect to processing of information by contacting our Grievance Officer.
  4. You have the right to nominate any other individual who shall exercise your rights with respect to your personal data in the event of your death or incapacity.

How Do You Contact Arata?

We are committed to protecting your personal information collected and processed by us and look forward to your continued support for the same. If you have any query, grievance with respect to the processing of information by us, you can reach out to our Grievance Officer:

Puneet Kolthe
Privacy Grievance Officer,
Slick Organics Private Limited,
Arata, D1, Block D, Soami Nagar South,
Soami Nagar, New Delhi, Delhi 110017
E-mail: [email protected]
Toll Free No. 1800-103-5572

How do we keep this Policy up to date?

We will update this Privacy Policy when necessary to reflect customer feedback, our practices, scope of processing, and changes in our products and services. When we post changes to this statement, we will revise the “last updated” date at the bottom of this Policy. You are encouraged to periodically visit this page to review the Privacy Policy and any changes to it. Your continued use or access after any modification(s) to this Privacy Policy, will be deemed as your acceptance to such modification(s). If the changes are significant or sensitive, we will provide more prominent notice (including, for certain services, email notification of Privacy Policy changes).

Additional Privacy Terms or Policies

In addition to this Privacy Policy, there may be specific campaigns or promotions which will be governed by additional privacy terms or notices. We encourage you to read these additional terms or notices before participating in any such campaigns or promotions as you will be required to comply with them if you participate. Any additional privacy terms or notices will be made prominently available to you.

Effective Date: 30 November 2024

Last Updated: 30 November 2024

 

Privacy Key Terms

 

Below is a list of recurring terms in Arata’s privacy notices and procedures.

Glossary

Key Term

Definition

Anonymisation

The process of permanently removing any personal identifiers from personal data, so that the individuals whom the data describe remain anonymous. This is done for the purpose of protecting individuals’ private activities while maintaining the integrity of the data gathered and shared.

Behavioural Advertising

The act of tracking users’ online activities and then delivering ads or recommendations based upon the tracked activities.

Binding Corporate Rules (BCRs)

Personal data protection policies which are adhered to by a controller or processor for transfers or a set of transfers of personal data to a controller or processor in one or more third countries within a group of undertakings, or group of enterprises engaged in a joint economic activity.

Biometric Data

Personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, including facial images or dactyloscopy data or iris related data.

Data Privacy Officer

The individual appointed by Slick Organics Pvt Ltd to carry out certain responsibilities and functions in respect of privacy and data protection

Consent

Any freely given, specific, informed and unambiguous indication by way of a written declaration or an affirmative action signifying a data subject’s agreement to the processing of personal data relating to him.

Cookies

A small text file stored on a user machine that may later be retrieved by a web server from the machine. Cookies allow web servers to keep track of the end user’s browser activities, and connect individual web requests into a session.

Data Fiduciary /Data Controller

Any natural or legal person, public authority, non-governmental organization, agency or any other body or entity which alone or jointly with others determines the purposes and means of the processing of personal data.

Data Processing

Any operation performed on personal data, including but not limited to collection, storage, preservation, alteration, retrieval, disclosure, transmission, making available, erasure, destruction of, consultation, alignment, combination, or the carrying out of logical or arithmetical operations on personal data.

Data Protection Authority

The designated regulatory body established under the Digital Personal Data Protection Act, 2023 (DPDPA)

Data Retention

The policies and processes used within Arata for determining the time period for archiving and storing of personal data.

Data Principal/Data Subject

An identified or identifiable natural person, alive or deceased, to whom the personal data relates.

Direct Marketing

A form of advertising in which companies provide physical marketing materials to consumers to communicate information about a product or service.

Encryption The method by which plain text or any other type of data is converted from a readable form to an encoded version that can only be decoded by another entity if they have access to a decryption key

Financial data

Any alpha-numeric identifier or other personal data which can identify an account opened by a data subject, or card or payment instrument issued by a financial institution to a data subject or any personal data regarding the relationship between a financial institution and a data subject, financial status and credit history relating to such data subjects, including data relating to remuneration.

Genetic Data

Personal data relating to the genetic characteristics of a natural person which gives unique information about the physiology or the health of that natural person and which results from an analysis of a biological sample or bodily fluid of that natural person.

Health Data

Personal data related to the physical or psychological health of a natural person, which includes any information that indicates his health situation or status.

Identifiable natural person

A natural person who can be identified, directly or indirectly, by reference to any personal data

International Organisation

An organisation and its subordinate bodies governed by public international law, or any other body which is set up by, or on the basis of, an agreement between two or more countries.

IP Address

A unique address that identifies a device on the Internet or a local network and which allows a system to be recognized by other systems connected via the Internet protocol.

Online Behavioural Advertising

Websites or online advertising services that engage in the tracking or analysis of, e.g., search terms, browser or user profiles, preferences, demographics, online activity, offline activity, location data, and offer advertising based on that tracking.

Personal Data

Any information that can identify a data subject directly or indirectly by reference to an identifier such as a name, an identification number, location data or an online identifier, or one or more factors specific to the physical, physiological, genetic, psychological , economic, cultural or social identity of that individual or natural person.

Personal Data Breach

Any act or omission that results in accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed.

Privacy and Data Protection

The collection of laws and regulation that applies to the collection, usage, storage, protection and other processing of personal data. This includes data protection, privacy, banking secrecy, electronic communications and confidentiality laws and regulations, and any other applicable laws or regulations to the extent they relate to privacy of personal data.

Personal Data Protection Act

The Digital Personal Data Protection Act, 2023 of India.

Processor

A natural or legal person, public authority, agency or other entity established by or under written law which processes personal data on behalf of the controller.

Profiling

processing of personal data to evaluate, analyse or predict aspects concerning that data subject’s performance at work, economic situation, health, personal preferences, interests, credibility, behaviour, habits, location or movements.

Pseudonymization

The processing of personal data in such a manner that the personal data cannot be used to identify a data subject without the use of additional information, and such additional information is kept separately and is subject to technical and organizational measures to ensure that the personal data is not attributed to a data subject.

Recipient

A natural or legal person, to whom the personal data is disclosed, or a public authority or any incorporated or unincorporated body to which the personal data is disclosed.

Restriction of Processing

The marking of stored personal data with the aim of limiting their processing in the future.

Special Categories of Personal Data

personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, financial data the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person data concerning health, or data concerning a natural person's sex life or sexual orientation personal data relating to offences, criminal proceedings and convictions, or personal data relating to a child.

Supervisory Authority

Independent Authority or division associated with an Authority in India, whose primary purpose and function is to regulate matters related to personal data.

Third-Party

A natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who are under the direct authority of the controller or processor, are authorized to process personal data.