Privacy Policy – Kashfresh.com

1. INTRODUCTION AND PURPOSE

This Privacy Policy (“Policy”) explains how Kashfresh.com collects, uses, stores, processes, discloses, transfers, and protects personal data and other information when Users access or use the Platform.

The Platform is owned, operated, and managed by Badana Communications and Business Pvt. Ltd., a company incorporated under the Companies Act, 2013, Government of India, bearing CIN: U47999JK2020PTC011443, headquartered in Jammu & Kashmir, India (“Kashfresh”, “we”, “us”, “our”).

This Policy applies to:

  • Website users
  • Mobile application users
  • Buyers and customers
  • Vendors and service providers
  • API consumers and integrated partners
  • Visitors, prospects, and communications recipients

This Policy must be read together with the Terms & Conditions, Vendor Agreements, Service Terms, and other platform policies.

2. LEGAL BASIS AND APPLICABILITY

This Privacy Policy is designed to comply with, where applicable:

  • Information Technology Act, 2000 and associated rules (India)
  • Digital Personal Data Protection Act, 2023 (India)
  • General Data Protection Regulation (EU – GDPR)
  • UK General Data Protection Regulation (UK GDPR)
  • California Consumer Privacy Act (CCPA) and CPRA
  • Personal Information Protection and Electronic Documents Act (PIPEDA – Canada)
  • Other applicable regional data-protection regulations

Applicability of specific rights and obligations depends on the User’s location, citizenship, and nature of interaction with the Platform.

3. DEFINITIONS

For the purposes of this Policy:

  • “Personal Data” means any information relating to an identified or identifiable natural person.
  • “Sensitive Personal Data” includes financial data, identification documents, authentication credentials, and any data classified as sensitive under applicable law.
  • “Processing” means collection, recording, storage, use, disclosure, transfer, or deletion of data.
  • “Controller” means the entity determining purposes and means of processing.
  • “Processor” means an entity processing data on behalf of a Controller.
  • “Third Party” means any entity other than Kashfresh and the User.

4. ROLE OF KASHFRESH UNDER DATA PROTECTION LAW

Depending on the context, Kashfresh may act as:

  • Data Controller (for platform accounts, Kashfresh-provided products and services)
  • Data Processor (for certain vendor or API-driven services)
  • Joint Controller (where legally applicable)

Third-party Vendors and Service Providers may independently act as Controllers for data they collect and process.

Kashfresh does not control third-party privacy practices once data is lawfully shared for transaction fulfillment.

5. CATEGORIES OF DATA COLLECTED

Kashfresh may collect and process the following categories of data:

5.1 Identity and Contact Data

  • Name
  • Email address
  • Phone number
  • Billing and shipping address
  • Government-issued identification (where legally required)

5.2 Account and Authentication Data

  • Username
  • Encrypted passwords
  • Login timestamps
  • Security logs

5.3 Transaction and Financial Metadata

  • Order details
  • Payment transaction references
  • Invoices and tax information
  • Refund and chargeback records

(Kashfresh does not store full card or banking credentials.)

6. DATA RELATED TO PRODUCTS, DIGITAL PRODUCTS, AND SERVICES

Depending on the transaction type, Kashfresh may process:

  • Product purchase history
  • Digital product access logs
  • Subscription status
  • API usage metrics
  • Service requests and execution records

Such data is necessary for contractual performance and compliance.

7. DATA COLLECTED FROM VENDORS AND SERVICE PROVIDERS

For Vendors and Service Providers, Kashfresh may collect:

  • Business registration details
  • Compliance certificates
  • Tax identification numbers
  • Bank account details for settlements
  • Performance and dispute records

This data is processed strictly for marketplace governance and legal compliance.

8. AUTOMATICALLY COLLECTED DATA

When Users interact with the Platform, certain data is collected automatically, including:

  • IP address
  • Device identifiers
  • Browser type and version
  • Operating system
  • Access timestamps
  • Usage patterns and logs

This data is used for security, analytics, and fraud prevention.

9. COOKIES AND SIMILAR TECHNOLOGIES (OVERVIEW)

Kashfresh uses cookies and similar technologies to:

  • Enable core platform functionality
  • Maintain session continuity
  • Enhance security
  • Analyze performance

Detailed cookie practices are governed by a separate Cookie Policy.

10. LAWFUL BASIS FOR PROCESSING

Kashfresh processes data on one or more of the following lawful bases:

  • Contractual necessity
  • Legal obligation
  • Legitimate interests
  • Consent, where required

Refusal to provide mandatory data may limit access to certain features.

11. PURPOSES OF DATA PROCESSING

Kashfresh collects and processes Personal Data strictly for lawful, defined, and legitimate purposes. These purposes vary depending on the User’s role (Buyer, Vendor, Service Provider, API consumer, or Visitor) and the nature of the interaction with the Platform.

Data is never processed for incompatible or undisclosed purposes without appropriate legal basis or notice.

11.1 Platform Access and Account Management

Personal Data is processed to:

  • Create and manage user accounts
  • Authenticate users and prevent unauthorized access
  • Maintain account security and integrity
  • Enable user profile customization
  • Communicate essential account-related information

Without such processing, core Platform functionality cannot be provided.

11.2 Order Processing and Transaction Fulfilment

For physical products, digital products, and services, data is processed to:

  • Accept and process orders
  • Facilitate payments and settlements
  • Coordinate logistics and delivery
  • Enable access to digital products
  • Execute services, including API-based services
  • Handle cancellations, refunds, and disputes

This processing is contractually necessary.

11.3 Digital Products and Subscription Management

For digital products and subscription-based offerings, Kashfresh processes data to:

  • Grant, manage, and revoke access
  • Track usage and access logs
  • Enforce license terms
  • Manage renewals, upgrades, and cancellations
  • Prevent misuse, piracy, or unauthorized sharing

Such data is essential to protect intellectual property and contractual rights.

11.4 Services and API-Based Processing

For services—especially automated or API-driven services—data is processed to:

  • Execute service logic and workflows
  • Transmit data to third-party service providers or APIs
  • Monitor usage, performance, and errors
  • Generate outputs, reports, or responses
  • Enforce rate limits, quotas, and security rules

Users acknowledge that API services may involve machine-driven processing and third-party infrastructure.

12. DATA PROCESSING FOR THIRD-PARTY PRODUCTS AND SERVICES

When Users engage with third-party Vendors or Service Providers through Kashfresh:

  • Kashfresh processes data to facilitate the transaction
  • Necessary data is shared with the relevant third party for fulfilment
  • Third parties may act as independent Data Controllers

Kashfresh does not control how third parties process data beyond contractual and legal obligations.

Users are encouraged to review third-party privacy policies before engaging.

13. COMMUNICATIONS AND CUSTOMER SUPPORT

Kashfresh processes data to:

  • Respond to inquiries and support requests
  • Resolve complaints and disputes
  • Provide transaction updates and service notifications
  • Communicate policy or legal updates

Support interactions may be recorded or logged for quality, compliance, and training purposes.

14. MARKETING, PROMOTIONS, AND COMMUNICATIONS

14.1 Marketing Communications

Subject to applicable law and user preferences, Kashfresh may process data to:

  • Send promotional emails or messages
  • Notify users of offers, updates, or new features
  • Conduct surveys and feedback collection

Users may opt out of non-essential marketing communications at any time.

14.2 Legitimate Interest and Consent

Marketing communications are sent based on:

  • User consent, where required
  • Legitimate business interests, where legally permitted

Kashfresh does not sell Personal Data for marketing purposes.

15. FRAUD PREVENTION, SECURITY, AND RISK MANAGEMENT

Personal Data is processed to:

  • Detect and prevent fraud or abuse
  • Monitor suspicious activity
  • Enforce Platform policies
  • Protect Users, Vendors, and the Platform

Automated systems may be used for fraud detection, subject to human oversight.

16. LEGAL AND REGULATORY COMPLIANCE

Kashfresh processes and retains data to:

  • Comply with legal obligations
  • Respond to lawful requests from authorities
  • Enforce contractual rights
  • Meet accounting, tax, and audit requirements

Disclosure may occur where required by law.

17. AGGREGATED AND ANONYMIZED DATA

Kashfresh may generate aggregated or anonymized data for:

  • Analytics and performance measurement
  • Business intelligence
  • Platform optimization

Such data does not identify individuals and is not treated as Personal Data.

18. AUTOMATED DECISION-MAKING AND PROFILING

Certain Platform functions may involve automated processing, including:

  • Fraud detection
  • Risk scoring
  • Recommendation systems
  • Usage analytics

Kashfresh does not engage in automated decision-making that produces legal or similarly significant effects without appropriate safeguards.

19. DATA MINIMIZATION AND PURPOSE LIMITATION

Kashfresh adheres to data minimization principles by:

  • Collecting only necessary data
  • Limiting access to authorized personnel
  • Processing data only for disclosed purposes

Data is not retained longer than necessary.

20. INTERNAL ACCESS CONTROLS

Access to Personal Data is restricted to:

  • Authorized employees
  • Contractors bound by confidentiality
  • Service providers under contractual obligations

Role-based access controls are implemented.

21. DATA SHARING AND DISCLOSURE PRINCIPLES

Kashfresh does not sell Personal Data. Data is shared only where necessary, lawful, proportionate, and aligned with the purposes disclosed in this Policy.

Data sharing is governed by the following principles:

  • Purpose limitation – data shared only for defined purposes
  • Data minimization – only necessary data is shared
  • Security safeguards – contractual and technical protections apply
  • Legal compliance – disclosures comply with applicable laws

22. DISCLOSURE TO VENDORS AND SERVICE PROVIDERS

22.1 Transaction Fulfilment

To fulfil orders and services, Kashfresh may share relevant data with:

  • Third-party Vendors (for product fulfilment)
  • Third-party Service Providers (for service execution)

Shared data may include:

  • Buyer name and contact details
  • Delivery address
  • Order details
  • Service requirements

Vendors and Service Providers act as independent Data Controllers for such data unless otherwise agreed.

22.2 Vendor and Service Provider Obligations

All Vendors and Service Providers are contractually required to:

  • Use data only for transaction fulfilment
  • Implement reasonable security safeguards
  • Comply with applicable data-protection laws

Kashfresh does not control third-party processing once data is lawfully shared.

23. PAYMENT PROCESSORS AND FINANCIAL INSTITUTIONS

Payments on Kashfresh are processed through PCI-DSS compliant third-party payment gateways.

Kashfresh may share limited transaction data with:

  • Banks and payment processors
  • Card networks
  • Fraud prevention services

Kashfresh does not store full card numbers, CVVs, or banking credentials.

24. LOGISTICS AND SHIPPING PARTNERS

For physical product delivery, Kashfresh may share data with logistics partners, including:

  • Name and contact details
  • Delivery address
  • Order identifiers

Logistics partners act as independent Data Controllers and are subject to their own privacy policies.

25. API PARTNERS, SUBPROCESSORS, AND AUTOMATION PROVIDERS

25.1 API-Based Services

Certain services on Kashfresh rely on APIs, automation tools, or third-party platforms.

Data shared with API partners may include:

  • Input data required for service execution
  • Metadata related to usage and performance
  • Output data generated by services

Users acknowledge that API partners may process data under their own privacy frameworks.

25.2 Subprocessors

Kashfresh may engage subprocessors for:

  • Cloud hosting and storage
  • Analytics and monitoring
  • Security and fraud detection
  • Customer support systems

Subprocessors are contractually bound to data-protection obligations.

26. CROSS-BORDER DATA TRANSFERS

Kashfresh operates globally, and Personal Data may be transferred to and processed in countries outside the User’s jurisdiction.

Such transfers occur for purposes including:

  • Payment processing
  • Logistics coordination
  • Cloud hosting
  • Customer support
  • Compliance verification

26.1 Safeguards for International Transfers

Where required by law, Kashfresh implements safeguards such as:

  • Standard Contractual Clauses (SCCs)
  • Data transfer agreements
  • Adequacy mechanisms
  • Contractual confidentiality obligations

Users acknowledge that data-protection standards vary by jurisdiction.

27. DISCLOSURE FOR LEGAL AND REGULATORY PURPOSES

Kashfresh may disclose Personal Data where required to:

  • Comply with legal obligations
  • Respond to court orders or lawful requests
  • Enforce Platform policies
  • Protect rights, safety, or property

Such disclosures are made strictly in accordance with applicable law.

28. BUSINESS TRANSFERS AND CORPORATE EVENTS

In the event of:

  • Merger
  • Acquisition
  • Restructuring
  • Sale of assets

Personal Data may be transferred as part of the transaction, subject to confidentiality and data-protection obligations.

29. NO UNAUTHORIZED DISCLOSURE

Kashfresh does not:

  • Sell Personal Data
  • Share data for third-party advertising without consent
  • Disclose data for purposes unrelated to Platform operations

30. TRANSPARENCY AND ACCOUNTABILITY

Kashfresh maintains records of data-sharing activities and periodically reviews its data-processing relationships to ensure ongoing compliance.

31. DATA RETENTION AND STORAGE LIMITATION

Kashfresh retains Personal Data only for as long as necessary to fulfill the purposes for which it was collected, including contractual performance, legal compliance, dispute resolution, and enforcement of rights.

Retention periods vary depending on:

  • Type of data
  • Purpose of processing
  • Legal or regulatory requirements
  • Nature of the user relationship

Data is not retained indefinitely unless required by law.

32. RETENTION PERIODS BY DATA CATEGORY

Without limitation, Kashfresh generally applies the following retention principles:

32.1 Account and Profile Data

Retained for the duration of the user account and a reasonable period thereafter to:

  • Comply with legal obligations
  • Resolve disputes
  • Prevent fraud or misuse

Accounts inactive for extended periods may be anonymized or deleted subject to legal requirements.

32.2 Transaction and Financial Records

Retained in accordance with:

  • Tax laws
  • Accounting regulations
  • Audit requirements

Such records may be retained for statutory periods even after account termination.

32.3 Digital Product and Service Logs

Access logs, usage records, and service execution data may be retained to:

  • Enforce license terms
  • Investigate misuse or abuse
  • Support customer service and compliance

Retention is limited to what is necessary for these purposes.

32.4 Vendor and Service Provider Compliance Data

Compliance documentation may be retained for:

  • Regulatory verification
  • Platform governance
  • Legal defense

Retention may continue after vendor offboarding where required by law.

32.5 Communications and Support Records

Support tickets, emails, and chat records may be retained for:

  • Quality assurance
  • Training
  • Dispute resolution
  • Legal compliance

33. DATA ARCHIVING AND BACKUPS

Kashfresh maintains secure backups and archives to:

  • Ensure business continuity
  • Restore systems after failures
  • Meet disaster recovery requirements

Archived data is subject to restricted access and enhanced security controls.

Backup data may be retained for longer periods but is not actively processed unless required for restoration or legal purposes.

34. DATA DELETION AND ANONYMIZATION

When data is no longer required:

  • It may be securely deleted, or
  • Anonymized so it can no longer identify individuals

Deletion and anonymization processes are designed to be irreversible where feasible.

Certain data may be retained in anonymized form for analytics and reporting.

35. USER REQUESTS FOR DELETION

Where permitted by applicable law, Users may request deletion of Personal Data.

Such requests are subject to:

  • Verification of identity
  • Legal retention obligations
  • Legitimate business needs

Certain data cannot be deleted immediately where retention is legally required.

36. STORAGE LOCATIONS AND SECURITY CONTROLS

Personal Data may be stored on:

  • Secure cloud infrastructure
  • Encrypted databases
  • Third-party systems under contractual safeguards

Data storage locations may be within or outside the User’s country, subject to cross-border transfer safeguards.

37. RECORD-KEEPING AND ACCOUNTABILITY

Kashfresh maintains records of:

  • Data processing activities
  • Data-sharing relationships
  • Retention decisions

These records support regulatory compliance and internal governance.

38. REGULATORY AUDITS AND INSPECTIONS

Kashfresh may be required to provide data or documentation during regulatory audits or investigations.

Such disclosures are limited to what is legally required and conducted with appropriate safeguards.

39. LIMITATIONS ON DATA ERASURE

Certain Personal Data may be exempt from deletion requests where retention is necessary to:

  • Comply with legal obligations
  • Establish, exercise, or defend legal claims
  • Prevent fraud or abuse

Users will be informed where deletion cannot be completed in full.

40. CONTINUOUS REVIEW OF RETENTION PRACTICES

Kashfresh periodically reviews retention schedules to ensure:

  • Alignment with current laws
  • Operational necessity
  • Risk minimization

Retention practices are updated as regulations and business needs evolve.

41. USER RIGHTS UNDER DATA PROTECTION LAWS

Kashfresh recognizes and respects the rights granted to individuals under applicable data protection laws. The availability and scope of these rights may vary depending on the User’s jurisdiction, legal status, and the nature of data processing.

Where applicable, Users may exercise the rights described below, subject to legal limitations and verification requirements.

42. RIGHT OF ACCESS

Users have the right to request confirmation as to whether Kashfresh processes their Personal Data and, where applicable, to obtain:

  • A copy of the Personal Data processed
  • Information about processing purposes
  • Categories of data involved
  • Recipients or categories of recipients
  • Retention periods or criteria used to determine them

Access requests may be subject to reasonable verification and response timelines as permitted by law.

43. RIGHT TO RECTIFICATION

Users may request correction of inaccurate, incomplete, or outdated Personal Data.

Kashfresh will take reasonable steps to update data upon verification. Certain data may require documentary proof for correction (e.g., legal or billing records).

44. RIGHT TO ERASURE (“RIGHT TO BE FORGOTTEN”)

Where permitted by law, Users may request deletion of Personal Data when:

  • Data is no longer necessary for the purposes collected
  • Consent has been withdrawn and no other legal basis applies
  • Data has been unlawfully processed

This right is subject to statutory retention obligations, contractual requirements, and legitimate interests such as fraud prevention or legal defense.

45. RIGHT TO RESTRICTION OF PROCESSING

Users may request restriction of processing where:

  • Accuracy of data is contested
  • Processing is unlawful but deletion is opposed
  • Data is required for legal claims

During restriction, data may be stored but not actively processed.

46. RIGHT TO DATA PORTABILITY

Where applicable, Users may request a copy of certain Personal Data in a structured, commonly used, and machine-readable format, and may request transfer to another service provider where technically feasible.

This right applies only to data processed by automated means based on consent or contractual necessity.

47. RIGHT TO OBJECT

Users may object to processing based on:

  • Legitimate interests
  • Direct marketing purposes

Upon objection to marketing, Kashfresh will cease such communications without undue delay.

48. RIGHTS RELATED TO AUTOMATED DECISION-MAKING

Kashfresh does not engage in automated decision-making that produces legal or similarly significant effects without appropriate safeguards.

Where automated processing is used (e.g., fraud detection), Users may request:

  • Information about the logic involved
  • Human review, where applicable

49. CONSENT MANAGEMENT

Where processing is based on consent:

  • Consent is obtained explicitly and transparently
  • Users may withdraw consent at any time
  • Withdrawal does not affect prior lawful processing

Consent withdrawal may limit access to certain services or features.

50. MARKETING PREFERENCES AND OPT-OUT

Users may opt out of:

  • Promotional emails
  • SMS or messaging notifications
  • Non-essential communications

Transactional or legally required communications may still be sent.

51. JURISDICTION-SPECIFIC RIGHTS

51.1 European Union and United Kingdom (GDPR / UK GDPR)

Users may exercise rights under Articles 15–22 of GDPR, including the right to lodge a complaint with a supervisory authority.

51.2 India (DPDP Act and IT Rules)

Indian Users may exercise rights relating to access, correction, grievance redressal, and consent withdrawal through designated mechanisms.

51.3 United States (CCPA / CPRA – California)

California residents may have rights including:

  • Right to know
  • Right to delete
  • Right to opt out of sale or sharing (where applicable)
  • Right to non-discrimination

Kashfresh does not sell Personal Data.

51.4 Canada (PIPEDA)

Canadian Users may request access, correction, and information about data-handling practices.

52. EXERCISING YOUR RIGHTS

Requests may be submitted via:

  • Designated privacy contact email
  • Account dashboard (where available)
  • Written communication to Kashfresh’s registered address

Requests are processed within legally mandated timelines.

53. VERIFICATION AND LIMITATIONS

To protect privacy and security, Kashfresh may:

  • Verify identity before fulfilling requests
  • Deny requests that are excessive, unfounded, or abusive
  • Limit requests where legally permitted

Users will be informed of reasons for denial where applicable.

54. NON-DISCRIMINATION

Kashfresh does not discriminate against Users for exercising their privacy rights, except where differences in service are required by law or technically necessary.

55. GRIEVANCE REDRESSAL AND COMPLAINTS

Users who believe their data rights have been violated may contact Kashfresh’s grievance or privacy officer.

Users may also lodge complaints with relevant data protection authorities where permitted by law.

56. INFORMATION SECURITY FRAMEWORK

Kashfresh implements a comprehensive information security program designed to protect Personal Data against unauthorized access, alteration, disclosure, or destruction. Our security framework aligns with internationally recognized principles of confidentiality, integrity, and availability.

Security controls are continuously reviewed and updated in response to evolving threats, technological changes, and regulatory requirements.

57. TECHNICAL SECURITY MEASURES

Kashfresh employs appropriate technical safeguards, which may include:

  • Encrypted data transmission (HTTPS / TLS)
  • Encryption of sensitive data at rest where appropriate
  • Secure authentication mechanisms
  • Multi-factor authentication for privileged access
  • Firewalls, intrusion detection, and monitoring systems
  • Segmentation of systems and databases
  • Secure API authentication and access tokens

These measures are designed to minimize risk but do not guarantee absolute security.

58. ORGANIZATIONAL AND ADMINISTRATIVE SAFEGUARDS

In addition to technical controls, Kashfresh implements organizational measures such as:

  • Role-based access controls
  • Confidentiality obligations for employees and contractors
  • Background checks where legally permissible
  • Privacy and security training programs
  • Internal policies governing data handling

Access to Personal Data is limited strictly to personnel who require it for legitimate business purposes.

59. SECURITY OF PAYMENT INFORMATION

Kashfresh does not store full payment card details. All payment transactions are processed through PCI-DSS–compliant third-party payment gateways.

Payment processors are responsible for safeguarding payment credentials under their own security frameworks.

Kashfresh disclaims liability for breaches occurring within third-party payment systems, except as required by law.

60. API SECURITY AND AUTOMATION CONTROLS

For API-based services and integrations, Kashfresh implements additional safeguards, including:

  • API keys and token-based authentication
  • Rate limiting and throttling
  • Usage monitoring and anomaly detection
  • Access revocation for misuse or breach

Users integrating APIs are responsible for securing their own systems and credentials.

61. THIRD-PARTY SECURITY ASSESSMENTS

Kashfresh evaluates third-party service providers and subprocessors based on:

  • Security practices
  • Compliance certifications
  • Contractual data protection obligations

However, Kashfresh does not control third-party systems and cannot guarantee their security posture.

62. DATA BREACH RESPONSE AND INCIDENT MANAGEMENT

Kashfresh maintains an incident response plan designed to:

  • Identify and contain security incidents
  • Assess scope and impact
  • Mitigate risks to affected individuals
  • Restore systems and operations

Incidents are documented and reviewed to prevent recurrence.

63. BREACH NOTIFICATION

Where required by applicable law, Kashfresh will notify:

  • Affected Users
  • Regulatory authorities

Notifications will be made within legally mandated timelines and include information required by law.

Notification obligations may not apply where the breach is unlikely to result in risk to individuals.

64. USER RESPONSIBILITIES FOR SECURITY

Users are responsible for:

  • Maintaining confidentiality of login credentials
  • Using secure devices and networks
  • Promptly reporting suspected unauthorized access

Kashfresh is not responsible for breaches caused by User negligence.

65. LIMITATION OF SECURITY LIABILITY

Despite reasonable safeguards, no system is completely secure. To the maximum extent permitted by law:

  • Kashfresh disclaims liability for cyber incidents beyond its reasonable control
  • Users acknowledge inherent risks of online platforms

Liability, if any, is subject to limitations set forth in the Terms & Conditions.

66. CONTINUOUS SECURITY IMPROVEMENT

Kashfresh continuously monitors and improves its security posture through:

  • Risk assessments
  • Policy updates
  • Technology upgrades
  • Incident reviews

Security practices evolve alongside regulatory and threat landscapes.

67. SECURITY GOVERNANCE AND OVERSIGHT

Security and privacy oversight is maintained through designated internal roles and governance structures to ensure accountability and compliance.

68. CHILDREN’S DATA AND AGE RESTRICTIONS

Kashfresh.com is not intended for use by children except where expressly permitted by applicable law and with valid parental or guardian consent.

68.1 Minimum Age Requirement

  • Users must be at least 18 years of age (or the age of majority in their jurisdiction) to create an account, transact, or access services independently.
  • Where local law permits minors to access online services, such access must be supervised and consented to by a parent or legal guardian.

68.2 No Knowing Collection of Children’s Data

Kashfresh does not knowingly collect Personal Data from children without appropriate consent mechanisms. If we become aware that a child’s data has been collected without lawful consent, we will take reasonable steps to delete or anonymize such data promptly.

68.3 Parental Rights

Parents or legal guardians may request:

  • Access to their child’s Personal Data
  • Correction or deletion of such data
  • Withdrawal of consent

Requests will be verified prior to action.

69. SENSITIVE PERSONAL DATA AND SPECIAL CATEGORIES

69.1 Definition

“Sensitive Personal Data” or “Special Category Data” includes, where applicable:

  • Financial information
  • Government-issued identifiers
  • Biometric identifiers
  • Health-related information (if any)
  • Any data classified as sensitive under applicable law

69.2 Limited Collection and Enhanced Safeguards

Kashfresh collects Sensitive Personal Data only when strictly necessary and implements enhanced safeguards, which may include:

  • Additional access restrictions
  • Stronger encryption
  • Reduced retention periods
  • Strict purpose limitation

Sensitive data is never processed for marketing purposes.

69.3 Health and Food-Related Disclosures

While Kashfresh may facilitate the sale of food, herbal, or wellness-related products, the Platform does not collect health data for diagnosis or treatment. Any health-related information voluntarily shared by Users is processed only to the extent necessary for service support and compliance.

70. BIOMETRIC AND IDENTITY VERIFICATION DATA (IF APPLICABLE)

In limited circumstances (e.g., fraud prevention, regulatory compliance), Kashfresh may process identity verification data.

Such processing:

  • Is lawful and proportionate
  • Occurs only where legally required or permitted
  • Is subject to strict access and retention controls

71. JURISDICTION-SPECIFIC PROTECTIONS

71.1 European Union and United Kingdom

Special category data under GDPR is processed only where:

  • Explicit consent is obtained, or
  • Processing is required by law, or
  • Another lawful exception applies

71.2 India

Processing of Sensitive Personal Data follows:

  • IT Act, 2000 and rules
  • Digital Personal Data Protection Act, 2023

Grievance redressal mechanisms are available to Indian users.

71.3 United States

For jurisdictions with enhanced protections (e.g., children’s privacy laws), Kashfresh aligns with applicable requirements such as COPPA where relevant.

71.4 Canada

Sensitive information is processed in accordance with PIPEDA’s principles of consent, limiting use, and safeguarding.

72. RESTRICTIONS ON PROFILING AND TARGETING

Kashfresh does not engage in:

  • Behavioral profiling of children
  • Targeted advertising based on sensitive data
  • Automated decisions producing legal effects without safeguards

Recommendation systems, where used, rely on non-sensitive behavioral signals.

73. USER RESPONSIBILITIES REGARDING DATA SUBMISSION

Users agree not to:

  • Submit Personal Data of others without authorization
  • Upload sensitive data unless explicitly required
  • Misrepresent age or identity

Kashfresh reserves the right to restrict or terminate accounts violating these obligations.

74. DATA ACCURACY AND SELF-DECLARATION

Users are responsible for ensuring that:

  • Data provided is accurate and current
  • Any age or eligibility declarations are truthful

Inaccurate declarations may result in service suspension.

75. HANDLING OF INCIDENTS INVOLVING MINORS OR SENSITIVE DATA

If Kashfresh identifies a potential incident involving children’s data or sensitive data:

  • Immediate containment actions are taken
  • Impact is assessed
  • Notifications are issued where legally required
  • Corrective measures are implemented

76. COOKIES AND TRACKING TECHNOLOGIES

Kashfresh uses cookies and similar technologies (collectively, “Cookies”) to enable core platform functionality, enhance security, analyze performance, and improve user experience.

Cookies may be placed by Kashfresh (“first-party cookies”) or by authorized third parties (“third-party cookies”) acting on Kashfresh’s behalf.

76.1 Types of Cookies Used

Kashfresh may use the following categories:

a) Strictly Necessary Cookies
Required for basic operation of the Platform, including:

  • Account login and authentication
  • Session management
  • Security and fraud prevention

These cookies cannot be disabled without affecting functionality.

b) Performance and Analytics Cookies
Used to:

  • Measure traffic and usage patterns
  • Understand feature performance
  • Improve platform stability and design

Data collected is aggregated or pseudonymized where possible.

c) Functional Cookies
Enable enhanced features such as:

  • Language preferences
  • Region selection
  • Saved settings

d) Advertising and Promotion Cookies (Where Applicable)
Used only where legally permitted to:

  • Measure effectiveness of campaigns
  • Display relevant platform promotions

Kashfresh does not permit third-party behavioral advertising that profiles Users across unrelated platforms without lawful basis.

77. SIMILAR TRACKING TECHNOLOGIES

In addition to cookies, Kashfresh may use:

  • Web beacons or pixels
  • Log files
  • Local storage technologies
  • SDKs (for mobile applications)

These technologies support analytics, security, and service delivery.

78. COOKIE CONSENT AND PREFERENCES

78.1 Consent Management

Where required by law, Kashfresh obtains user consent before placing non-essential cookies.

Consent may be managed through:

  • Cookie banners or preference centers
  • Browser settings
  • Platform account controls (where available)

Users may withdraw consent at any time.

78.2 Impact of Disabling Cookies

Disabling certain cookies may:

  • Affect login functionality
  • Limit personalization
  • Reduce platform performance

Essential cookies remain active regardless of preferences.

79. ANALYTICS AND MEASUREMENT SERVICES

Kashfresh may use analytics tools to understand how the Platform is used.

Analytics data may include:

  • Page interactions
  • Feature usage
  • Session duration
  • Error logs

Analytics providers process data under contractual safeguards and do not receive full identifying information unless required for service delivery.

80. ADVERTISING AND PROMOTIONAL PRACTICES

80.1 Platform Communications

Kashfresh may promote:

  • Platform features
  • Kashfresh-provided products or services
  • Vendor offerings available on the Platform

Promotions are delivered via:

  • Email
  • Platform notifications
  • Website banners

80.2 No Sale of Personal Data

Kashfresh does not sell Personal Data and does not permit third parties to purchase User data for advertising.

80.3 Third-Party Advertising Networks

If third-party advertising services are used:

  • Data sharing is limited
  • Consent is obtained where required
  • Users may opt out through provided mechanisms

81. DO-NOT-TRACK (DNT) AND GLOBAL PRIVACY SIGNALS

Some browsers transmit “Do-Not-Track” or Global Privacy Control (GPC) signals.

Where required by applicable law:

  • Kashfresh honors recognized signals
  • Certain tracking may be limited or disabled

Technical limitations may affect signal recognition.

82. MOBILE APPLICATION TRACKING

For mobile apps, Kashfresh may collect:

  • App usage metrics
  • Crash reports
  • Device identifiers (where permitted)

Mobile tracking preferences may be controlled through device settings.

83. THIRD-PARTY TRACKING DISCLAIMER

Third-party services accessible through the Platform may deploy their own cookies or tracking technologies.

Kashfresh does not control such technologies and disclaims responsibility for third-party tracking practices. Users should review third-party privacy policies.

84. DATA COLLECTED THROUGH TRACKING

Data collected through cookies and tracking may include:

  • IP address
  • Device type
  • Browser information
  • Interaction data

Such data is used for security, analytics, and optimization purposes only.

85. COOKIE POLICY REFERENCE

Detailed information regarding cookie usage, categories, and controls is available in Kashfresh’s standalone Cookie Policy, which forms part of this Privacy framework.

86. CHANGES TO TRACKING PRACTICES

Kashfresh may update cookie and tracking practices to reflect:

  • Legal changes
  • Technological developments
  • Platform improvements

Users will be notified where required by law.

87. POLICY UPDATES AND MODIFICATIONS

Kashfresh reserves the right to update, modify, or revise this Privacy Policy at any time to reflect:

  • Changes in applicable laws or regulations
  • Updates to Platform features or services
  • Introduction of new products, digital products, services, or APIs
  • Changes in data-processing practices

Revised versions will be published on the Platform with an updated “Last Updated” date. Where legally required, Users will be notified through appropriate channels.

Continued use of the Platform after changes take effect constitutes acceptance of the revised Policy, subject to applicable law.

88. VERSION CONTROL AND HISTORICAL RECORDS

Kashfresh maintains internal records of prior versions of this Privacy Policy for governance, audit, and regulatory purposes.

Users may request access to prior versions where required by law.

89. RELATIONSHIP WITH OTHER KASHFRESH POLICIES

This Privacy Policy must be read in conjunction with:

  • Terms & Conditions
  • Vendor Agreement / Seller Terms
  • API Services Policy
  • Refund & Return Policy
  • Cookie Policy
  • Any service-specific privacy notices

In case of conflict, the policy most protective of Personal Data shall prevail unless otherwise required by law.

90. THIRD-PARTY POLICIES AND DISCLAIMERS

Third-party vendors, service providers, logistics partners, payment processors, and API providers operate under their own privacy policies.

Kashfresh:

  • Does not control third-party privacy practices
  • Is not responsible for third-party data handling beyond contractual and legal obligations
  • Strongly encourages Users to review third-party privacy policies before engaging

91. DATA PROTECTION OFFICER / GRIEVANCE OFFICER

Where required by law, Kashfresh has designated appropriate personnel to oversee data-protection compliance and grievance handling.

Contact Details

Data Protection & Privacy Contact:
📧 privacy@kashfresh.com (or via support channels if not publicly listed)

Grievance / Complaints Email:
📧 complaints@kashfresh.com

All privacy-related complaints are acknowledged and addressed within legally mandated timelines.

92. CROSS-BORDER USER ACKNOWLEDGMENT

Users accessing Kashfresh from outside India acknowledge that:

  • Their data may be processed in India or other jurisdictions
  • Data-protection standards may differ from those in their home country
  • Kashfresh applies reasonable safeguards for international transfers

By using the Platform, Users consent to such cross-border processing subject to applicable law.

93. LIMITATION OF PRIVACY LIABILITY

To the maximum extent permitted by law:

  • Kashfresh’s liability relating to data protection is limited as described in the Terms & Conditions
  • Kashfresh is not liable for breaches caused by third-party systems, force majeure events, or User negligence

Nothing in this Policy excludes liability that cannot be excluded by law.

94. NO WAIVER OF STATUTORY RIGHTS

Nothing in this Privacy Policy limits or waives statutory rights granted to Users under applicable data-protection laws.

Where conflicts arise, mandatory legal provisions shall prevail.

95. LANGUAGE AND INTERPRETATION

This Privacy Policy is drafted in English.

In the event of translation, the English version shall prevail unless otherwise required by law.

Headings are for convenience only and do not affect interpretation.

96. ELECTRONIC CONSENT AND BINDING EFFECT

This Privacy Policy constitutes a legally binding electronic document.

By accessing, registering, or using Kashfresh.com, Users:

  • Acknowledge having read and understood this Privacy Policy
  • Consent to the collection and processing of data as described
  • Agree to be bound by its terms

If Users do not agree, they must discontinue use of the Platform.

97. OFFICIAL ENTITY DETAILS

Platform Owner & Operator:
Badana Communications and Business Pvt. Ltd.
CIN: U47999JK2020PTC011443

PR / Correspondence Address:
1st Floor, Bhat Complex, Near Astan, Airport Road,
Humhama, Srinagar, Jammu & Kashmir, India – 190021

Official Emails:
📩 info@kashfresh.com
📩 help@kashfresh.com
📩 complaints@kashfresh.com

Authorized Contact Officer:
Akhtar Badana

Kashfresh.com is built on the principles of:

  • Transparency
  • Lawful processing
  • Data minimization
  • Security by design
  • User trust

We are committed to protecting Personal Data across all products, digital products, services, third-party integrations, and API-based operations while enabling lawful global commerce.