Privacy Policy

This privacy policy has been compiled to better serve those who are concerned with how their 'Personally identifiable information' (PII) is being used online. PII, as used in information security, is information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context. Please read our privacy policy carefully to get a clear understanding of how we collect, use, protect or otherwise handle your Personally Identifiable Information in accordance with our website.

What personal information do we collect from the people that visit our blog, website or app?

When ordering or registering on our site, as appropriate, you may be asked to enter your name, email address, mailing address, phone number or other details to help you with your experience.

When do we collect information?

We collect information from you when you:

  • Register on our site
  • Place an order
  • Subscribe to a newsletter
  • Fill out a form or enter information on our site

 

How do we use your information?

We may use the information we collect from you when you register, make a purchase, sign up for our newsletter, respond to a survey or marketing communication, surf the website, or use certain other site features in the following ways:

  • To personalize user's experience and to allow us to deliver the type of content and product offerings in which you are most interested.
  • To improve our website in order to better serve you.
  • To allow us to better service you in responding to your customer service requests.
  • To administer a contest, promotion, survey or other site feature.
  • To quickly process your transactions.
  • To send periodic emails regarding your order or other products and services.

 

How do we protect visitor information?

  • We do not use vulnerability scanning and/or scanning to PCI standards.
  • We do not use Malware Scanning. 

Cache Management

We store the user's information locally in the browser when he/she uses the website for purchasing our products. With the use of HTML 5 we store the information in the browser's cache while he is browsing our website. This information is stored till he/she closes the Browser window or the tab in which the website is opened. As soon as the browser is closed, the information is lost and we don't store any information in cookies.

Third-party disclosure

We do not sell, trade, or otherwise transfer to outside parties your personally identifiable information unless we provide users with advance notice. This does not include website hosting partners and other parties who assist us in operating our website, conducting our business, or serving our users, so long as those parties agree to keep this information confidential. We may also release information when it's release is appropriate to comply with the law, enforce our site policies, or protect ours or others' rights, property, or safety.

However, non-personally identifiable visitor information may be provided to other parties for marketing, advertising, or other uses.

Third-party links

We do not include or offer third-party products or services on our website.

Indian Information Technology Act 2008

The Information Technology Act Section 43A states that if a "body corporate" is possessing, dealing, or handling any "sensitive personal data or information" in a computer resource which it owns, controls, or operates, and is negligent in implementing and maintaining "reasonable security practices and procedures" and thereby causes wrongful loss or wrongful gain to any person, this body corporate will become liable to pay damages as compensation to the affected person.

The Section further stipulates that the Central Government would come up with the reasonable security practices and procedures and would also define what constituted 'personal sensitive information'.

Likewise, the newly introduced Section 72A declares that if "any person including an intermediary" secures access to any personal information about another person while providing services under the terms of lawful contract, and if he, with the intent to cause or knowing that he is likely to cause wrongful loss or wrongful gain, discloses such information without the consent of the person concerned, or in breach of a lawful contract, he is liable to be punished with imprisonment for a term which may extend to three years, or with a fine which may extend to five lakh rupees, or with both.

Definition of personal data

The Privacy Rules define the term 'personal information' as any information that relates to a natural person, which either directly or indirectly, in combination with other information that is available or likely to be available to a corporate entity, is capable of identifying such person.

Definition of sensitive personal data

The Privacy Rules define 'sensitive personal data or information' to include the following information relating to: password financial information eg. bank account/credit or debit card or other payment instrument details physical, physiological and mental health condition sexual orientation medical records and history biometric informationany detail relating to the above clauses as provided to a corporate entity for providing services, and any of the information received under the above clauses for storing or processing under lawful contract or otherwise. Biometrics means the technologies that measure and analyse human body characteristics, such as 'fingerprints', 'eyeretinas and irises', 'voice patterns', 'facial patterns', 'hand measurements' and 'DNA' for authentication purposes.

However, any information that is freely available in the public domain is exempt from the above definition.

We agree to the following:

Users can visit our site anonymously.

Once this privacy policy is created, we will add a link to it on our home page or as a minimum on the first significant page after entering our website.

Our Privacy Policy link includes the word 'Privacy' and can be easily be found on the page specified above.

 

Users will be notified of any privacy policy changes:

  • On our Privacy Policy Page

 

Users are able to change their personal information:

  • By logging in to their account

 

How does our site handle do not track signals?

We honour do not track signals and do not track, plant cookies, or use advertising when a Do Not Track (DNT) browser mechanism is in place.

Does our site allow third-party behavioural tracking?

It's also important to note that we do not allow third-party behavioural tracking.

Fair Information Practices

Though not a law, the OECD Guidelines drafted in 1980 provide a useful set of 'fair information practices' within which privacy of consumers may be evaluated. Briefly, the eight principles declared were:

  1. Collection limitation principle (there should be limits to the collection of data)
  2. Data quality principle (data should be accurate and relevant to the purpose collected)
  3. purpose specification principle
  4. use limitation principle
  5. security safeguards principle
  6. openness principle (there should be openness about data policies and changes thereof)
  7. individual participation principle (enabling the individual to find out if data is being held about him and to obtain a copy of the data and make corrections) and
  8. accountability principle

In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:

We will notify the users via in-site notification

  • Within 7 business days

 

We also agree to the Individual Redress Principle, which requires that individuals have a right to pursue legally enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individual have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.

If at any time you would like to unsubscribe from receiving future emails, you can email us at corporate@gratiabathandbody.com and we will promptly remove you from ALL correspondence.

Contacting Us

If there are any questions regarding this privacy policy you may contact us using the information below.