0
Threaded Root
0

Privacy Policy



This Privacy Policy (“Policy”) sets forth the principles and practices adopted by Threaded Root (“we”, “us”, “our”) for the collection, use, disclosure, and protection of personal data of users (“you”, “your”, “user”, “customer”) who access or transact on our e-commerce website, which is hosted on Zoho Commerce. 


The Policy applies to all users who visit, browse, register, or make purchases on our website, as well as to any personal data processed in connection with our products, services, marketing, analytics, and customer support. It also governs data processed through integrations with third-party service providers, including payment gateways, logistics partners, and analytics tools.


By accessing or using our website, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy. If you do not agree with the practices described herein, please do not use our website or services.


1. Information Collection


1.1 Personal Data Types Collected


We collect and process various categories of personal data, which includes any data about an individual who is identifiable by or in relation to such data. The types of personal data we may collect include:

  • Identity Data: Full name, gender, date of birth, and age.
  • Contact Data: Email address, mobile number, billing and shipping addresses.
  • Account Data: Username, password, account preferences, and profile photo (if provided).
  • Transaction Data: Order details, payment method, transaction history, and order fulfillment records.
  • Payment Data: Partial payment card details (e.g., last four digits, expiry date), UPI ID, and other payment instrument information. We do not store full credit/debit card numbers; these are processed securely by our payment gateway partners.
  • Communication Data: Records of your communications with our customer support, feedback, survey responses, and participation in promotions or contests.
  • Marketing Preferences: Your choices regarding receiving marketing communications, newsletters, and promotional offers.


We may also collect data required for compliance with legal obligations, such as Know Your Customer (KYC) information, if mandated by law or regulatory authorities.


Sensitive Personal Data


We do not intentionally collect sensitive personal data such as health information, biometric data, or financial account passwords. If such data is inadvertently collected, it will be handled with heightened security and in accordance with applicable law.


1.2 Non-Personal and Technical Data Collected


In addition to personal data, we collect non-personal and technical data that does not directly identify you but may be linked to your device or usage patterns. This includes:

  • Device and Browser Data: IP address, device type, operating system, browser type and version, language preferences, and time zone.
  • Usage Data: Website navigation paths, pages viewed, time spent on pages, clicks, scrolls, referring URLs, and session duration.
  • Log Data: Server logs, error reports, and diagnostic information.
  • Aggregated Data: Statistical or demographic data derived from personal data but anonymized so that it cannot identify any individual.


Such data is used for analytics, website optimization, fraud prevention, and improving user experience. Where non-personal data is combined with personal data, it will be treated as personal data for the purposes of this Policy.


2. Use of Information


2.1 Order Fulfillment and Customer Service


We use your personal data to process and fulfill your orders, including:

  • Verifying your identity and account details.
  • Processing payments through secure payment gateways.
  • Arranging for the shipment and delivery of products via logistics partners.
  • Communicating order confirmations, shipping updates, and delivery notifications.
  • Handling returns, exchanges, refunds, and customer support requests.
  • Maintaining records of transactions for accounting, audit, and legal compliance.


Order fulfillment processes may be partially automated using Robotic Process Automation (RPA) and integrated order management systems to ensure accuracy and efficiency.


2.2 Marketing and Communications


With your explicit consent, we may use your contact information to:

  • Send you marketing communications, newsletters, promotional offers, and updates about new products or services.
  • Invite you to participate in surveys, contests, or feedback initiatives.
  • Personalize marketing content based on your preferences and purchase history.

You have the right to opt out of marketing communications at any time by using the unsubscribe link in our emails or by updating your preferences in your account settings.


2.3 Analytics and Personalization


We use personal and non-personal data for analytics and personalization purposes, including:

  • Analyzing website usage patterns to improve site performance and user experience.
  • Personalizing product recommendations, search results, and promotional content.
  • Monitoring and improving the effectiveness of marketing campaigns.
  • Conducting market research and trend analysis.


All analytics activities are conducted in compliance with data minimization and purpose limitation principles, and wherever possible, data is anonymized or aggregated.


2.4 Legal and Regulatory Compliance


We process your data to comply with applicable laws, regulations, and legal obligations, including:

  • Responding to lawful requests from government authorities, regulators, or courts.
  • Preventing, detecting, and investigating fraud, unauthorized transactions, or other prohibited activities.
  • Enforcing our Terms of Service and other contractual obligations.
  • Maintaining records for tax, accounting, and statutory compliance.


3. Sharing of Information


3.1 Third Parties and Data Processors


We may share your personal data with third parties in the following circumstances:

  • Logistics Partners: To facilitate the shipment and delivery of your orders, we share necessary information (such as your name, address, and contact number) with our logistics and courier partners.
  • Payment Gateways: Payment information is processed by secure, PCI DSS-compliant payment gateway providers. We do not store your full payment card details on our servers.
  • Technology and Service Providers: We engage third-party vendors for website hosting (Zoho Commerce), analytics, marketing automation, customer support, and IT infrastructure. These service providers process data only as instructed by us and are contractually bound to maintain confidentiality and security.
  • Consent Managers: Where applicable, we may use registered Consent Managers to facilitate the management, review, and withdrawal of your consents.


All third-party processors are required to implement reasonable security safeguards and comply with the data protection rules. We conduct due diligence with our vendors to ensure compliance.


3.2 Legal and Regulatory Disclosures


We may disclose your personal data to government authorities, regulators, law enforcement agencies, or courts if required by law or in response to valid legal process. Such disclosures may occur for reasons including:

  • Compliance with legal obligations or regulatory requirements.
  • Protection of the rights, property, or safety of our users, employees, or the public.
  • Prevention or investigation of fraud, security incidents, or other unlawful activities.

    We will notify you of such disclosures where required by law and where it is feasible to do so.


3.2 Business Transfers


In the event of a merger, acquisition, restructuring, or sale of our business or assets, your personal data may be transferred to the acquiring entity, subject to the same privacy commitments as set out in this Policy.


4. Data Security


4.1 Security Measures and Practices


We are committed to protecting your personal data against unauthorized access, use, alteration, disclosure, or destruction. To this end, we & Zoho, implement a comprehensive set of administrative, technical, and organizational safeguards, including:

  • Encryption: Personal data is encrypted both in transit (using TLS 1.3 or higher) and at rest (using AES-256 or equivalent algorithms).
  • Access Controls: Role-based access controls (RBAC), multi-factor authentication (MFA), and strict authorization protocols limit data access to authorized personnel only.
  • Monitoring and Logging: Continuous monitoring, logging, and review of access to personal data to detect and respond to unauthorized activities.
  • Data Masking and Tokenization: Sensitive data is masked or tokenized where feasible, especially in analytics and support environments.
  • Backup and Disaster Recovery: Regular encrypted backups, geo-redundant storage, and tested disaster recovery plans ensure data availability and resilience.
  • Vendor Security: All third-party processors are contractually required to implement equivalent security measures and notify us of any breaches or incidents.


We periodically review and update our security policies and conduct vulnerability assessments to identify and mitigate risks.


4.2 Breach Response and Notification


In the event of a personal data breach, we will:

  • Contain and assess the breach promptly.
  • Provide details of the breach, likely consequences, mitigation measures, and steps users can take to protect themselves.
  • Cooperate with regulatory authorities and implement remedial actions to prevent recurrence.


We maintain detailed incident logs and breach registers as required by law.


5. Cookies and Tracking Technologies


5.1 Use of Cookies and Similar Tools


Our website uses cookies and similar tracking technologies to enhance your browsing experience, provide essential site functionality, and support analytics and 

marketing activities. Cookies are small text files stored on your device when you visit our site.


Types of Cookies Used

  • Essential Cookies: Required for core website functionality, such as maintaining your shopping cart and enabling secure login.
  • Analytics Cookies: Help us understand website usage patterns, measure performance, and improve user experience.
  • Marketing Cookies: Used to deliver personalized advertisements and promotional content, subject to your consent.
  • Preference Cookies: Remember your language, region, and other preferences.


5.2 Consent and Control


We obtain your explicit consent before placing non-essential cookies on your device. Our cookie banner provides clear options to accept or reject non-essential cookies, and you may manage your cookie preferences at any time via the “Manage Cookies” link on our website. Cookies are not set until you provide affirmative consent. You may withdraw your consent or change your preferences at any time, and such withdrawal will be honored promptly.


5.3 Third-Party Cookies


We do not use third-party cookies for non-essential or intrusive tracking without your explicit consent. Where third-party cookies are used (e.g., for analytics or advertising), they are subject to the same consent and privacy standards.


5.4 Cookie Duration and Retention


Cookies are retained only for as long as necessary for their intended purpose. You may delete cookies from your browser at any time.


6. User Rights


6.1 Rights of Users under Indian Law


As a user of our website, you are entitled to the following rights:


1. Right to Access


You have the right to request and obtain a summary of the personal data we hold about you, including the categories of data, processing purposes, and the identities of third parties with whom your data has been shared.


2. Right to Correction and Updating


You may request correction, completion, or updating of any inaccurate or incomplete personal data held by us.


3. Right to Erasure


You have the right to request the deletion of your personal data when:

  • The specified purpose for which it was collected is no longer being served.
  • You withdraw your consent, and there is no other legal basis for retention.


We may retain data where required by law or for legitimate business purposes.


4. Right to Restriction of Processing


You may request restriction of processing of your data in certain circumstances, such as when contesting the accuracy of the data or objecting to processing for direct marketing.


5. Right to Withdraw Consent


You may withdraw your consent to data processing at any time, and such withdrawal will not affect the lawfulness of processing carried out prior to withdrawal. Withdrawal of consent is as easy as granting it, and can be managed via your account settings or by contacting us.


6. Right to Data Portability


Where applicable, you may request a copy of your personal data in a structured, commonly used, and machine-readable format.


7. Right to Nominate


You may nominate another individual to exercise your rights in the event of your death or incapacity.


8. Right to Object


You may object to the processing of your personal data for certain purposes, such as direct marketing.


10. Right to Be Informed


You have the right to be informed about the collection, use, sharing, and retention of your personal data in clear and plain language.


11. Exercising Your Rights


To exercise any of the above rights, please contact us using the details provided in the “Help & Support” section or submit a request through our "Drop Us a Line" form. We will respond to your request within the statutory period (typically within 2 - 4 business days).


7. Data Retention


7.1 Retention Policies and Timeframes


We retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required by law, regulation, or contractual obligation. Our data retention practices are guided by the following principles:

  • Purpose Limitation: Data is retained only as long as it is needed for the specified purpose (e.g., order fulfillment, customer support, legal compliance).
  • User Inactivity: Personal data is erased three years after the last user interaction, unless retention is required by law or when the purpose is no longer served or upon withdrawal of consent.
  • Processing Logs: Logs and records of data processing activities are retained for at least one year from the date of processing, as required for security, audit, and regulatory purposes.
  • Legal and Regulatory Retention: Certain data may be retained for longer periods to comply with tax, accounting, anti-fraud, or other legal obligations.
  • Notification Prior to Erasure: Where required, we will notify you at least 48 hours before erasing your data due to inactivity, giving you the opportunity to prevent deletion by logging in or exercising your rights.


Upon expiry of the retention period, data is securely deleted or anonymized, and backup copies are purged in accordance with our data destruction protocols.


8. Children’s Privacy


8.1 Policy Regarding Users Under the Age of 18


Our website and services are not intended for use by individuals under the age of 18 (“children”). We do not knowingly collect, process, or store personal data of children without verifiable parental or guardian consent, as required by the DPDP Act and Rules.


Age Verification and Parental Consent

  • If we become aware that a user is under 18, we will require verifiable parental or guardian consent before processing any personal data.
  • Parental consent is obtained through reliable methods, such as verification of identity and age via government-issued documents or other authorized means.
  • If a parent or guardian is already a registered user, we may verify their status using existing records. Otherwise, verification is conducted using authorized identity sources.
  • Processing of children’s data is strictly limited to what is necessary for the specified purpose, and prohibited activities such as behavioral tracking, profiling, or targeted advertising directed at children are not permitted.


8.2 Exemptions


Certain processing activities (e.g., provision of healthcare, education, or safety services) may be exempt from parental consent requirements.


8.3 Data Deletion


If we discover that we have collected personal data from a child without appropriate consent, we will promptly delete such data and take steps to prevent recurrence.


8.4 Contact for Children’s Privacy


If you believe that we may have collected personal data from a child without proper consent, please contact us using the details provided in the “Help & Support” section or submit a request through our "Drop Us a Line" form.


9. Changes to the Policy


9.1 Notification of Updates


We may update this Privacy Policy from time to time to reflect changes in legal requirements, business practices, or technology. When we make material changes that affect your rights or the way we process your data, we will:

  • Notify you through a prominent announcement on our website or via email to your registered address, at least 30 days before the changes take effect, where feasible.
  • Provide a summary of the key changes and their implications.
  • Allow you to review and accept the updated Policy before continuing to use our services.

Your continued use of our website after the effective date of the updated Policy constitutes your acceptance of the changes. We encourage you to review this Policy periodically for the latest information on our privacy practices.


10. Contact Information


10.1 Grievance Redressal and Data Protection Queries


If you have any questions, concerns, or requests regarding this Privacy Policy, your personal data, or your rights, you may contact us at:


      rootthreaded@gmail.com


     +91 9147758366


If you are not satisfied with our response, you may escalate your complaint to the Data Protection Board of India via their official portal.


11. Consent Management and Withdrawal


11.1 Consent Framework


We obtain your free, specific, informed, and unambiguous consent before collecting or processing your personal data for purposes that require consent. Consent is sought through clear, standalone notices that specify:

  • The categories of personal data to be collected.
  • The specific purposes for which data will be processed.
  • The means to withdraw consent or lodge complaints.

    Consent is not bundled with other terms and is not a precondition for accessing essential services, except where necessary for service delivery.


11.2 Consent Withdrawal


You may withdraw your consent at any time, using the same means by which consent was given (e.g., account settings, consent manager, or by contacting us). Withdrawal of consent is as easy as granting it and will be honored promptly. Upon withdrawal, we will cease processing your data for the specified purpose, unless retention is required by law or for legitimate business purposes.


11.3 Consent Manager Integration


Where available, we support the use of registered Consent Managers to facilitate the management, review, and withdrawal of your consents across multiple platforms. Consent Managers operate as independent, regulated intermediaries and maintain auditable records of your consents for at least seven years.


12. Breach Response and Notification Procedures


12.1 Data Breach Reporting


In the event of a personal data breach, we will:

  • Notify the affected users without undue delay, and in any case within 72 hours of becoming aware of the breach.
  • Provide details of the breach, likely consequences, mitigation measures, and steps users can take to protect themselves.
  • Cooperate with regulatory authorities and implement remedial actions to prevent recurrence.

We maintain detailed incident logs and breach registers as required by law.


13. Cross-Border Data Transfers and Hosting Considerations


13.1 Data Transfers Outside India


We may transfer your personal data outside India only to countries or territories not restricted by the Government of India. Such transfers are subject to:

  • Compliance with the DPDP Act, DPDP Rules, and any sectoral regulations.
  • Implementation of appropriate contractual, technical, and organizational safeguards to ensure the protection of your data.
  • Ensuring that third-party processors and service providers outside India are contractually bound to maintain equivalent data protection standards.

13.2 Zoho Commerce Hosting Context


Our website is hosted on Zoho Commerce, which provides secure, cloud-based infrastructure and adheres to industry-standard security and privacy practices. Zoho Commerce may process certain technical and operational data as a service provider, subject to their own privacy policy and contractual obligations with us.


14. Role of Zoho Commerce as Service Provider


Zoho Commerce acts as a data processor on our behalf, providing website hosting, e-commerce platform services, and integrations with other Zoho and third-party applications. Zoho Commerce is contractually required to:

  • Process personal data only as instructed by us and for the purposes specified in this Policy.
  • Implement reasonable security safeguards, including encryption, access controls, and incident response protocols.
  • Notify us of any data breaches or security incidents affecting your data.
  • Comply with the DPDP Act, DPDP Rules, and applicable sectoral regulations.

For more information on Zoho Commerce’s privacy practices, please refer to their Privacy Policy.


15. Legal Disclaimers and Governing Law


15.1 Legal Disclaimers


  • This Privacy Policy does not create any contractual or legal rights in favor of any user or third party, except as expressly provided by applicable law.
  • We are not responsible for the privacy practices of third-party websites, applications, or services linked from our website. Users are encouraged to review the privacy policies of such third parties before providing any personal data.
  • In the event of any conflict between this Policy and applicable law, the provisions of the law shall prevail.


15.2 Governing Law and Jurisdiction


This Privacy Policy, and any disputes arising from or relating to it, shall be governed by and construed in accordance with the laws of India. Any disputes shall be subject to the exclusive jurisdiction of the courts located in Kolkata, West Bengal, India.

 

Items have been added to cart.
One or more items could not be added to cart due to certain restrictions.
Shopping Bag
View Cart
Quantity updated
- An error occurred. Please try again later.
Deleted from cart
- An error occurred. Please try again later.