Privacy policy

Privacy Policy – SAJBITAN

Last Updated: 27 December, 2025

SAJBITAN (“we”, “us”, “our”) operates www.sajbitan.com (the “Website”) and the online store. We are a garment boutique based in India and are fully subject to Indian laws, especially the Digital Personal Data Protection Act, 2023 (DPDP Act) and Reserve Bank of India (RBI) guidelines.

This Privacy Policy explains how we collect, use, disclose, and protect your personal data when you visit our Website, create an account, place an order, or communicate with us.

By using our Website or services, you give your free, informed, specific, and unambiguous consent to the collection and processing of your personal data as described below (as required under Section 6 of the DPDP Act).

1. Personal Data We Collect
We may collect the following categories of personal data:
- Name, phone number, email address, shipping & billing address
- Payment information (UPI ID, card details, bank account details – only through RBI-authorised Indian payment gateways)
- Account details (username, password in encrypted form)
- Order & transaction history
- Device information, IP address, browser type, and cookies
- Any information you voluntarily provide (e.g., customer support messages)

2. How We Use Your Personal Data
We use your data only for the following specified purposes:
- To process and fulfil your orders (including shipping & returns)
- To process payments and prevent fraud
- To create and manage your account
- To communicate with you (order updates, customer support)
- To send promotional emails/SMS only if you separately opt-in (you can withdraw consent anytime)
- To create tailored advertising audiences through Google Ads Customer Match, only if you have opted in
- To track advertising performance and enable retargeting using the Meta Pixel on platforms like Facebook and Instagram
- To collect contact information (such as email addresses or phone numbers) you provide through lead generation forms in our advertisements on third-party platforms, including Meta (Facebook, Instagram) and Google Ads, in order to send you marketing communications, discounts, and offers.
- To improve our Website and services
- To comply with legal obligations (taxation, RBI reporting, law enforcement requests)

3. Legal Bases (as required under DPDP Act)
- Performance of contract (order fulfilment & payment)
- Your explicit consent (for marketing & cookies)
- Legitimate uses (fraud prevention, security, legal compliance)

4. Sharing of Your Personal Data
We share your data only with:
- Shopify Inc. (our platform provider) – under a DPDP-compliant Data Processing Agreement
- RBI-authorised payment gateways & banks in India (e.g., PhonePe, Razorpay, PayU, banks for UPI)
- Shipping & logistics partners in India
- Government or law enforcement authorities when required by Indian law
- Our affiliates or in case of merger/acquisition (with prior notice)
- Google Ads (Customer Match) – If you have opted in to receive promotional messages, we may securely share hashed identifiers (such as your email or phone number) with Google Ads. This allows us to show you relevant offers across Google platforms (Search, YouTube, Gmail). Google processes this data only for ad personalization and does not sell or misuse it. You may withdraw consent anytime.

5. International Data Transfers
Non-payment customer data is processed by Shopify Inc. and its authorized service providers in accordance with applicable Indian laws and Shopify’s Data Processing Addendum.

Payment & UPI data: All payment and transaction data is stored exclusively in India as mandated by RBI guidelines. Even if temporary processing happens abroad, the full data is mirrored and retained only in India within 24 hours, and deleted from foreign systems. No payment data is stored outside India.

6. Data Security & Retention
We implement reasonable technical and organisational security measures. Payment data is encrypted and handled only by RBI-licensed entities.

We retain your personal data only as long as necessary:
- Order & payment data: Up to 10 years (for tax & RBI compliance)
- Account data: Until you request deletion or account is inactive for 3 years
- Marketing preferences: Until you withdraw consent

7. Your Rights under DPDP Act
You have the right to:
- Access your personal data
- Correct inaccurate data
- Erase your data (subject to legal retention requirements)
- Withdraw consent (for marketing, cookies, etc.)
- Nominate someone in case of death
- File a complaint with the Data Protection Board of India

To exercise any right, contact us at: saswati@sajbitan.com or 8250693678. We will verify your identity and respond within the time limits prescribed by law (e.g., 72 hours for most requests under DPDP Rules).

8. Cookies & Tracking
We use cookies for site functionality, analytics, and (with separate consent) for advertising. You can manage cookie preferences through the cookie banner. In addition to cookies, we may use Customer Match audiences on Google Ads. This involves securely sharing hashed customer data with Google to deliver personalized ads. You can opt out at any time.

9. Children’s Data
We do not knowingly collect data from children under 18 years without verifiable parental consent (as required under DPDP act).

10. Shopify’s Role
Our store is hosted on Shopify. Shopify processes your data only on our instructions and under a contract that meets DPDP Act requirements. To understand Shopify’s own practices, visit: https://www.shopify.com/legal/privacy/customers

11. Changes to This Policy
We may update this policy. Material changes will be notified on the Website and (where required) by email. Continued use after changes means you accept the updated policy.

12. Contact
Email: saswati@sajbitan.com  
Phone: 8250693678  
Address: Saratpally Road, Burdwan, Purba Bardhaman, WB. 713104

If you are not satisfied with our response, you may approach the Data Protection Board of India.

Thank you for trusting SAJBITAN!