Privacy Policy

This Privacy Policy describes how Grockz (a brand operated by Gappu) (“we”, “our”, “us”) collects, uses, processes, stores, and protects personal data of users who access or interact with our website https://grockz.com/ and related services.

This Policy is drafted in accordance with the Digital Personal Data Protection Act, 2023 (India), the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Consumer Protection (E-Commerce) Rules, 2020.

We are the Data Fiduciary – meaning we determine the purpose and means of processing your personal data.

1. DEFINITIONS

  • Personal Data: Any data about an individual who is identifiable by or in relation to such data.
  • Processing: Includes collection, storage, use, sharing, disclosure, or erasure of personal data.
  • Data Principal: The individual to whom the personal data relates.
  • Data Fiduciary: Grockz / Gappu, determining the purpose and means of processing personal data.
  • Consent Manager: A registered intermediary through whom a Data Protection may manage consent (as may be notified under DPDPA 2023).

2. PERSONAL DATA WE COLLECT

We may collect the following categories of personal data:

a. Information You Provide

  • Name
  • Email address
  • Phone number
  • Billing and shipping address (including PIN code, state)
  • Order and transaction details
  • Size and fit preferences (if saved by you)
  • Payment status (transaction reference only, we do not store full payment card details)
  • Communications sent to us via email, chat, or contact forms

b. Automatically Collected Data

  • IP address and approximate geographic location
  • Device type, operating system and browser type
  • Pages visited, time spent, and clickstream data
  • Referral URLs (how you arrived at our website)
  • Cookies and similar tracking technologies

c. Data from Third Parties

·         Payment gateways may share transaction status and masked payment details with us.

·         Logistics partners may share delivery confirmation and return data.

·         If you log in via a social media account (if enabled), we may receive basic profile data from that platform subject to their privacy settings.

3. PURPOSE OF PROCESSING

We process personal data for the following purposes:

  • Processing and fulfilling your orders (including shipping, delivery, and returns)
  • Sending order confirmations, shipping updates, and delivery notifications
  • Issuing GST-compliant tax invoices
  • Responding to customer support queries and grievances
  • Maintaining records as required under tax and commercial laws
  • Sending marketing communications (promotional emails, SMS, WhatsApp) — only with your consent
  • Improving website performance, personalising user experience, and analysing shopping behaviour
  • Detecting and preventing fraud, unauthorised access, and abuse
  • Complying with legal obligations and responding to government/regulatory requests

4. CONSENT

By using our website or providing your personal data, you consent to its processing for the purposes stated in this Policy.

Withdrawal of Consent

You may withdraw your consent at any time by:

Upon withdrawal, we will cease processing your personal data unless required for legal or legitimate business purposes. Withdrawal will not affect the lawfulness of processing carried out prior to withdrawal.

5. SHARING OF PERSONAL DATA

We do not sell personal data. We may share personal data with the following categories of third parties:

  • Payment processors (for secure payment transactions)
  • Logistics and shipping partners (for order delivery)
  • Technology and hosting providers (website infrastructure)
  • Analytics providers (to understand usage and improve services)
  • Marketing and communication tools (only where consent is provided)
  • Legal and regulatory authorities, where required by law

All such entities are required to process data only for specified purposes and in compliance with applicable laws.

6. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar technologies to:

  • Enable core website functionality
  • Analyse website traffic and usage
  • Improve user experience

You may control or disable cookies through your browser settings. Disabling cookies may affect certain functionalities of the website.

7. DATA RETENTION

We retain personal data only for as long as necessary to:

  • Fulfil the purposes outlined in this Policy
  • Comply with legal, tax, or regulatory obligations
  • Resolve disputes and enforce agreements

8. DATA SECURITY

We implement the following safeguards to protect your personal data:

·         Secure Sockets Layer (SSL/TLS) encryption for data transmitted to and from our website;

·         Access controls restricting personal data access to authorised personnel only;

·         PCI-DSS compliant payment processing (no full card details stored by us);

·         Regular security assessments of our platform and vendors.

In the event of a data breach, we will take appropriate steps, including notifying affected users and relevant authorities, as required under applicable law.

9. YOUR RIGHTS (UNDER INDIAN LAW)

As a Data Principal, you have the right to:

  • Request access to your personal data
  • Request correction or updating of inaccurate data
  • Request erasure of personal data
  • Withdraw consent at any time
  • Seek grievance redressal
  • Nominate another person to exercise your rights in case of incapacity or death

To exercise these rights, contact: grockzwear@gmail.com

10. CHILDREN’S PRIVACY

Our Services are intended for individuals aged 18 years and above. We do not knowingly collect personal data from individuals under 18 without verifiable parental or guardian consent, in accordance with the DPDPA 2023.

If we identify that personal data of a child has been collected without appropriate consent, we will delete it promptly. If you are a parent/guardian and believe your child has provided personal data to us, please contact us immediately.

11. INTERNATIONAL DATA TRANSFERS

If personal data is transferred outside India, such transfers will be conducted in accordance with applicable laws and only to jurisdictions permitted under Indian regulations.

12. BUSINESS TRANSFERS

In the event of a merger, acquisition, restructuring, or sale of assets, personal data may be transferred to the relevant entity, subject to applicable data protection obligations. Such transfer will be subject to confidentiality obligations and applicable data protection laws, and you will be notified of any material change in data handling.

13. Links to Third-Party Websites

Our website may contain links to third-party websites (e.g., social media platforms, payment portals). This Privacy Policy does not apply to those external sites. We encourage you to review the privacy policies of any third-party websites you visit.

14. GRIEVANCE OFFICER

In accordance with applicable law, the Grievance Officer details are as follows:

Name: Mousumi Panja
Email: Grockzwear@gmail.com

We will acknowledge and address grievances within a reasonable timeframe as prescribed under applicable law.

15. POLICY UPDATES

We may update this Privacy Policy from time to time. Updates will be posted on this page with a revised “Last Updated” date. For material changes affecting your rights, we will notify you via email or a prominent notice on our website. Continued use of our services constitutes acceptance of the updated Policy.

16. CONTACT US

For any questions, concerns, or requests related to this Privacy Policy, please contact:

Email: grockzwear@gmail.com

Phone: 1800 833 8433 (Toll-Free, Mon-Fri, 10 AM – 6 PM IST)

Website: Grockz.com