Srishti Natural Herbal Beauty Parlour
1. Introduction and Acceptance of Terms. This Privacy Policy ("Policy") governs the manner in which Srishti Natural Herbal Beauty Parlour, operating as a sole proprietorship under the laws of India and situated at Delhi, India (hereinafter referred to as "we," "us," "our," "the Company," "the Service Provider," or "Srishti"), collects, uses, maintains, discloses, and protects information obtained from users (each, a "User," "you," "your," or "Customer") of the website accessible at the domain associated with our services (the "Site," "Platform," "Service," or "Digital Interface"). This Policy applies to the Site and all products, services, features, content, applications, and functionalities offered by Srishti Natural Herbal Beauty Parlour through the Site or otherwise. By accessing, browsing, or using the Site in any manner whatsoever, including but not limited to visiting, viewing, transmitting information to or from, or utilizing any services provided through the Site, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy in its entirety. If you do not agree with any provision contained herein, you must immediately cease using the Site and refrain from accessing any services offered therein. Your continued use of the Site following the posting of changes to this Policy will be deemed your acceptance of those changes, modifications, amendments, or revisions. We reserve the right, at our sole and absolute discretion, to update, change, modify, add, remove, or otherwise alter this Policy at any time without prior notice, and such changes shall become effective immediately upon posting to the Site unless otherwise specified.
2. Information Collection and Categories of Data Processed. We may collect, process, store, and utilize both personally identifiable information ("PII" or "Personal Data") and non-personally identifiable information ("Non-PII") from Users in a variety of ways, including but not limited to when Users visit our Site, register on the Site, place a booking or reservation, subscribe to newsletters, respond to surveys, fill out forms, engage with interactive features, or in connection with other activities, services, features, or resources we make available on our Site. Personal Data that we may collect includes, without limitation: (a) Identity Information: full legal name, date of birth, gender, photographs, and any other information you choose to provide; (b) Contact Information: email address, telephone number, mobile phone number, postal address, and other contact details; (c) Account Credentials: username, password (stored in encrypted format using industry-standard cryptographic hashing algorithms), security questions and answers; (d) Booking and Transaction Data: service preferences, appointment history, booking details including date and time of appointments, services selected, payment information (though we do not directly store complete credit card numbers or CVV codes), billing address, and transaction identifiers; (e) Technical Information: Internet Protocol (IP) address, browser type and version, operating system, device identifiers, cookie identifiers, geolocation data (if permissions are granted), access times, referring website addresses, and other diagnostic data; (f) Usage Data: pages viewed, time spent on pages, links clicked, search queries entered, and other actions taken on the Site; (g) Communication Data: records of correspondence, feedback, reviews, ratings, survey responses, customer service inquiries, and any other communications between you and us; (h) Marketing and Preferences Data: your preferences regarding marketing communications, service preferences, and opt-in/opt-out choices. Non-PII may include demographic information, aggregated data, statistical data, and any other information that does not directly identify you as an individual.
3. Methods and Technologies of Data Collection. Information may be collected through various means and technologies, including: (a) Direct Voluntary Provision: when you voluntarily provide information by filling out forms, creating an account, making a booking, contacting us, or otherwise submitting data through the Site; (b) Automated Collection Technologies: through the use of cookies, web beacons, pixels, local storage objects, log files, and similar tracking technologies that automatically collect information when you interact with the Site; (c) Third-Party Sources: from third-party service providers, analytics providers, advertising networks, social media platforms (if you choose to connect your social media accounts), payment processors, and other external sources that may provide us with additional information about you in accordance with their own privacy policies and applicable law; (d) Publicly Available Sources: from publicly accessible databases, government records, and other legitimate sources of publicly available information. Cookies are small data files placed on your device that enable certain features and functionality. We use both session cookies (which expire when you close your browser) and persistent cookies (which remain on your device for a set period or until manually deleted). You may configure your browser to refuse cookies or to alert you when cookies are being sent, however, please note that some portions of the Site may not function properly if cookies are disabled.
4. Purposes and Legal Basis for Processing Personal Data. The information we collect is processed for the following purposes and on the following legal grounds: (a) Contractual Necessity: to provide, operate, maintain, and deliver the services you have requested, including processing bookings, managing appointments, facilitating communications regarding your reservations, and fulfilling our contractual obligations to you; (b) Legitimate Interests: to improve and personalize your experience, conduct analytics and research, develop new services and features, understand usage patterns, troubleshoot technical issues, detect and prevent fraud and security threats, protect our legal rights and interests, and operate our business efficiently; (c) Legal Compliance: to comply with applicable laws, regulations, legal processes, governmental requests, court orders, tax requirements, recordkeeping obligations, and regulatory compliance mandates; (d) Consent: where we have obtained your explicit consent, such as for marketing communications, use of certain cookies and tracking technologies, or other processing activities that require consent under applicable law; (e) Vital Interests: to protect the vital interests of you or another person in emergency situations. We will only use your Personal Data for the purposes for which we collected it unless we reasonably consider that we need to use it for another reason that is compatible with the original purpose. If we need to use your Personal Data for an unrelated purpose, we will notify you and explain the legal basis which allows us to do so.
5. Data Sharing, Disclosure, and Third-Party Transfers. We do not sell, trade, rent, or otherwise transfer your Personal Data to third parties for their marketing purposes without your explicit consent. However, we may share, disclose, or transfer your information in the following circumstances: (a) Service Providers and Processors: with third-party vendors, consultants, contractors, service providers, and other parties who perform services on our behalf, such as hosting providers, database management services, payment processors, analytics providers, customer support platforms, email service providers, and marketing agencies, provided that such parties are contractually obligated to maintain the confidentiality and security of your information and are prohibited from using it for any purpose other than providing services to us; (b) Business Transfers: in connection with, or during negotiations of, any merger, sale of company assets, financing, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy, or other change of control or ownership, where your information may be transferred as a business asset; (c) Legal Requirements and Protection of Rights: when we believe in good faith that disclosure is necessary to comply with applicable law, regulation, legal process, or governmental request; to enforce our Terms of Service, this Privacy Policy, or other agreements; to protect and defend our rights, property, or safety or that of our users or the public; to detect, prevent, or otherwise address fraud, security, or technical issues; or to investigate potential violations of law or policy; (d) Affiliates and Related Entities: with our parent company, subsidiaries, affiliates, or related entities for purposes consistent with this Privacy Policy; (e) With Your Consent: with any other third parties when you have provided your explicit consent for such sharing. When we share information with third parties, we endeavor to ensure that such parties agree to protect your information in a manner consistent with this Privacy Policy and applicable data protection laws, though we cannot guarantee the privacy practices of third parties and are not responsible for their actions or omissions.
6. Data Retention, Storage, and Security Measures. We retain your Personal Data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The criteria used to determine our retention periods include: (a) the duration of your relationship with us and your use of the Site and services; (b) whether there is a legal obligation to which we are subject requiring retention (such as tax, accounting, or regulatory requirements); (c) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation, or regulatory investigations). When we no longer require your Personal Data for the purposes set out in this Policy and no legal requirement mandates its retention, we will either delete or anonymize it or, if this is not possible (for example, because your Personal Data has been stored in backup archives), then we will securely store your Personal Data and isolate it from further processing until deletion is possible. We implement and maintain reasonable administrative, technical, and physical security measures designed to protect your information from unauthorized access, disclosure, alteration, destruction, loss, or misuse. These measures include, but are not limited to: encryption of data in transit using SSL/TLS protocols; hashing of passwords using industry-standard cryptographic algorithms; regular security assessments and vulnerability testing; access controls and authentication mechanisms; employee training on data protection and security; monitoring and logging of system access; and incident response procedures. However, please be aware that no method of transmission over the Internet or method of electronic storage is completely secure, and we cannot guarantee absolute security of your information. Any transmission of Personal Data is at your own risk, and we are not responsible for circumvention of any privacy settings or security measures contained on the Site. In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and, where required by law, the appropriate supervisory authority without undue delay.
7. Your Rights and Choices Regarding Personal Data. Subject to applicable law, you may have certain rights regarding your Personal Data, including: (a) Right of Access: the right to request confirmation of whether we process your Personal Data and to obtain a copy of such data; (b) Right to Rectification: the right to request correction of inaccurate or incomplete Personal Data; (c) Right to Erasure: the right to request deletion of your Personal Data under certain circumstances, such as when it is no longer necessary for the purposes for which it was collected or when you withdraw consent; (d) Right to Restriction of Processing: the right to request that we restrict the processing of your Personal Data under certain circumstances; (e) Right to Data Portability: the right to receive your Personal Data in a structured, commonly used, and machine-readable format and to transmit such data to another controller; (f) Right to Object: the right to object to processing of your Personal Data based on legitimate interests or for direct marketing purposes; (g) Right to Withdraw Consent: where processing is based on consent, the right to withdraw such consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal; (h) Right to Lodge a Complaint: the right to lodge a complaint with a supervisory authority if you believe our processing of your Personal Data violates applicable law. To exercise any of these rights, please contact us using the contact information provided in Section 13 below. We may require verification of your identity before processing your request and reserve the right to charge a reasonable fee or refuse to comply with requests that are manifestly unfounded, excessive, or repetitive. We will respond to your request within the timeframe required by applicable law. Please note that certain rights may be limited or unavailable under specific circumstances, such as when processing is necessary for compliance with legal obligations or establishment, exercise, or defense of legal claims.
8. Children's Privacy and Age Restrictions. The Site and services are not intended for, nor directed to, children under the age of 18 years. We do not knowingly collect, solicit, or maintain Personal Data from anyone under the age of 18, nor do we knowingly allow such persons to register for or use our services. If you are under 18 years of age, you are not authorized to use the Site or provide any Personal Data to us. If we become aware that we have collected Personal Data from a child under age 18 without verification of parental consent, we will take steps to remove that information from our servers as quickly as reasonably possible. If you believe we might have any information from or about a child under 18, please contact us immediately using the contact information provided below.
9. International Data Transfers and Cross-Border Processing. Your information, including Personal Data, may be transferred to, processed, and maintained on computers, servers, and systems located outside of your state, province, country, or other governmental jurisdiction where data protection laws may differ from those of your jurisdiction. By using the Site and providing information to us, you consent to the transfer of your information to facilities and servers located outside your jurisdiction and to the processing of such information in accordance with this Privacy Policy. We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and applicable data protection laws. Where required by law, we will implement appropriate safeguards such as Standard Contractual Clauses, Binding Corporate Rules, or other legally recognized transfer mechanisms to protect your Personal Data.
10. Marketing Communications and Promotional Materials. From time to time, we may use your contact information to send you marketing communications, newsletters, promotional materials, special offers, service updates, and other information that may be of interest to you, provided that we have the legal basis to do so (such as your consent or legitimate interest, as applicable). You may opt out of receiving marketing communications from us at any time by: (a) following the unsubscribe instructions contained in the email communications we send; (b) adjusting your account settings and communication preferences; or (c) contacting us directly using the contact information provided below. Please note that even if you opt out of receiving marketing communications, we may still send you non-promotional transactional or administrative messages related to your account, bookings, or use of our services.
11. Third-Party Websites, Links, and Services. The Site may contain links to third-party websites, applications, services, or resources that are not owned, operated, or controlled by us. This Privacy Policy applies only to our Site and services and does not apply to any third-party websites or services. We are not responsible for the privacy practices, content, terms of use, or any other aspect of third-party websites or services. When you click on a link to a third-party website or service, you will be subject to that third party's privacy policy and terms of use, and we encourage you to carefully read the privacy policies of any third-party websites or services you visit. The inclusion of any link does not imply endorsement by us of the linked site or service, and we disclaim all liability for any damages, losses, or claims arising from your use of third-party websites or services.
12. Changes, Modifications, and Updates to Privacy Policy. We reserve the right to modify, amend, update, or replace this Privacy Policy at any time, at our sole discretion, and without prior notice to you. Any changes to this Policy will be effective immediately upon posting of the revised Policy on the Site, unless otherwise specified. The "Last Updated" date at the top of this Policy will be revised to reflect the date of the most recent changes. Your continued use of the Site following the posting of changes constitutes your acceptance of such changes. We encourage you to periodically review this Policy to stay informed about how we collect, use, and protect your information. If we make material changes to this Policy that significantly affect your rights or the way we process your Personal Data, we may notify you by email (if you have provided an email address) or through a prominent notice on the Site prior to the change becoming effective, as required by applicable law.
13. Contact Information, Questions, and Data Protection Officer. If you have any questions, concerns, comments, requests, or complaints regarding this Privacy Policy, our data practices, or the exercise of your rights, or if you wish to update, correct, or delete your Personal Data, please contact us at: Srishti Natural Herbal Beauty Parlour, Delhi, India. Email: [Insert Email Address]. Phone: [Insert Phone Number]. We are committed to resolving complaints about our collection or use of your Personal Data in accordance with this Privacy Policy and applicable data protection laws. If you are not satisfied with our response or believe we are processing your Personal Data not in accordance with applicable law, you have the right to lodge a complaint with the appropriate supervisory authority in your jurisdiction.
14. Governing Law and Jurisdiction. This Privacy Policy and any dispute or claim arising out of or in connection with it or its subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the laws of India, without regard to its conflict of law provisions. You agree to submit to the exclusive jurisdiction of the courts located in Delhi, India for the resolution of any disputes arising out of or relating to this Privacy Policy or your use of the Site.
15. Miscellaneous Provisions. If any provision of this Privacy Policy is found to be invalid, illegal, or unenforceable by a court of competent jurisdiction, such provision shall be modified to the minimum extent necessary to make it valid and enforceable, or if such modification is not possible, such provision shall be severed from this Policy, and the remaining provisions shall continue in full force and effect. Our failure to enforce any right or provision of this Privacy Policy shall not be deemed a waiver of such right or provision. This Privacy Policy, together with our Terms of Service and any other legal notices published by us on the Site, constitutes the entire agreement between you and us concerning your use of the Site and supersedes all prior or contemporaneous communications and proposals, whether electronic, oral, or written, between you and us with respect to the Site. Section headings in this Policy are for convenience only and shall not govern the meaning or interpretation of any provision of this Policy.