1.1 This Privacy Policy ("Policy") is issued by EM Agri Goat Farm (hereinafter referred to as the "Company", "we", "us", or "our").

1.2 We are engaged in the business of sale, distribution, export and supply of groceries, grains, food products and allied items within India and internationally.

1.3 We respect your privacy and are committed to protecting the personal information you share with us.

1.4 This Privacy Policy outlines how we collect, use, disclose, and protect your information when you visit our website emagrigoat.com or use our services.

1.5 We collect various types of information while you visit and interact with our website such as name, email address, phone number, shipping and billing address, payment details (credit/debit card, UPI, etc.) and account information (username, password).

1.6 This Policy governs the collection, processing, storage, usage, disclosure, transfer and protection of personal data of individuals who access, browse, register on, or transact through our website emagrigoat.com, mobile application (if any), or related services (collectively, the "Platform").

1.7 This Policy is framed in compliance with:

(a) The Digital Personal Data Protection Act, 2023 ("DPDP Act");

(b) The Information Technology Act, 2000 and rules framed thereunder;

(c) Applicable food safety, taxation and export regulations; and

(d) Other applicable domestic and international data protection laws, where relevant.

1.8 By accessing or using the Platform, you acknowledge that you have read, understood and consent to the practices described herein.

(A) "Personal Data" shall have the meaning assigned under the DPDP Act, and includes any data about an individual who is identifiable by or in relation to such data.

(B) "Data Principal" means the individual to whom the Personal Data relates.

(C) "Data Fiduciary" refers to the Company.

(D) "Processing" includes collection, recording, storage, organisation, adaptation, retrieval, use, disclosure, sharing, transfer, restriction, erasure or destruction of Personal Data.

(E) "Consent" means free, specific, informed, unconditional and unambiguous indication of agreement through clear affirmative action.

3.1 This Policy applies to customers purchasing products from our Website, vendors, suppliers and distributors, website visitors, business partners and representatives and individuals contacting customer support.

3.2 This Policy applies to Personal Data processed in digital form or digitised form.

4.1 We collect only such Personal Data as is necessary, proportionate and lawful for the purposes specified herein, including but not limited to:

(a) Customer Information such as name, email address, mobile number, shipping and billing address, postal code and country, order history, account login credentials, and customer preferences.

(b) Payment and Transaction Data such as payment method details (processed via secure third-party payment gateways), limited card metadata (where necessary), bank account details for refunds, GSTIN or tax identification details (for business customers). We do not store complete debit/credit card information.

(c) Technical Data such as IP address, device information, browser type, access logs, cookies and analytics data.

(d) Vendor/Supplier Data such as business registration details, tax registration numbers, bank account information, authorized representative contact details.

5.1 We use your personal information to provide our services to you, which includes offering products for sale, processing payments, shipping and fulfilment of your order, keeping you up to date on new products, services, and offers, customer relationship management, compliance with food safety, taxation and export regulations, fraud prevention and cybersecurity, marketing communications (subject to consent), internal analytics and business improvement, legal compliance and dispute resolution. Personal Data shall not be processed for purposes incompatible with those stated herein.

5.2 Processing of Personal Data is undertaken pursuant to consent of the Data Principal, performance of contractual obligations, compliance with legal obligations, and legitimate uses as recognized under the Digital Personal Data Protection Act, 2023. Where processing is based on consent, such consent may be withdrawn at any time by contacting the Grievance Officer.

5.3 Consent is always obtained through affirmative action such as account registration, checkout confirmation, or acceptance of cookie banners.

5.4 We shall retain Personal Data only for as long as necessary for fulfilment of contractual obligations, compliance with statutory retention requirements, resolution of disputes, audit and accounting purposes. Upon completion of purpose, Personal Data shall be erased or anonymized, unless retention is mandated by law.

6.1 In general, the third-party providers that we use will only collect, use and disclose your information to the extent necessary for them to render the services they provide to us.

6.2 However, in certain cases, third-party service providers such as payment gateways, have their own privacy policies pertaining to the information that we are required to provide to them for your purchase-related transactions. For these providers, we recommend that you read their privacy policies so that you can understand how your personal information will be handled by these providers.

6.3 Once you leave our website or are redirected to a third-party website or application, you are no longer governed by this Privacy Policy or our website's Terms of Service.

7.1 Payments take place via online UPI or Net banking or credit card or debit card payments via third party service providers, or via Cash on Delivery via logistics company or by a means communicated to you prior to purchase.

7.2 Payments via payment gateways are encrypted through the Payment Card Industry Data Security Standard (PCI-DSS). Your purchase transaction data is stored only as long as is necessary to complete your purchase transaction. After that is complete, your purchase transaction information is deleted.

7.3 All direct payment gateways adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, and others.

7.4 To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.

To protect your personal information, we take reasonable precautions and follow industry best practices to make sure it is not inappropriately lost, misused, accessed, disclosed, altered or destroyed.

9.1 We reserve the right to modify this privacy policy at any time, so please review it frequently. Changes and clarifications will take effect immediately upon their posting on the website. If we make material changes to this policy, we will notify you here that it has been updated, so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we use and/or disclose it.

10.1 The Platform is not intended for individuals under 18 years of age.

10.2 The Company does not knowingly collect Personal Data from children. Where such processing becomes necessary, verifiable parental consent shall be obtained in accordance with the Digital Personal Data Protection Act, 2023.

(a) Service Providers such as payment gateway providers, logistics and courier partners, cloud hosting providers, IT support and analytics providers and such other entities that are bound by contractual confidentiality and data protection obligations.

(b) Regulatory and Government Authorities, where required under law.

(c) If we are acquired or merged with another company, your information may be transferred to the new owners so that we may continue to sell products to you. We do not sell Personal Data.

(d) Cross-border data transfer: Where Personal Data is transferred outside India, transfers shall be made only to jurisdictions permitted under applicable notifications of the Government of India, adequate safeguards and contractual protections shall be implemented, and compliance with applicable foreign data protection laws shall be ensured where required.

We implement reasonable technical and organisational measures, including SSL encryption, secure socket layer (HTTPS), access control mechanisms, role-based data access, regular vulnerability assessments, and secure cloud storage infrastructure. In the event of a personal data breach, we shall notify affected Data Principals and the Data Protection Board of India as required under the DPDP Act.

13.1 If you believe that your privacy has been breached, please contact our Grievance Officer using the contact information below and provide details of the incident in writing so that we can investigate it.

13.2 All grievances shall be acknowledged promptly and resolved within thirty (30) days from receipt.

13.3 If unsatisfied, Data Principals may approach the Data Protection Board of India.

While reasonable safeguards are implemented, no system is completely secure. We shall not be liable for unauthorized access arising from circumstances beyond reasonable control, subject to applicable law.

We reserve the right to amend this Policy from time to time. Updated versions shall be posted on the Platform with revised effective dates. Continued use of the Platform constitutes acceptance of the updated Policy.