Privacy Notice

This Privacy Notice is published in accordance with the provisions of the Digital Personal Data Protection (DPDP) Act, 2023, and the DPDP Rules, 2025. This document explains how Brandmagicz Agency ("Brandmagicz," "We," "Us," or "Our") acts as a Data Fiduciary to collect, use, process, store, and protect your digital personal data. We are committed to processing your data in a manner that is lawful, fair, transparent, and respectful of your privacy rights.

1. The Information We Collect

We practice strict data minimization. We only collect the personal data that is absolutely necessary for providing our products and services to you. The categories of digital personal data we collect include:

• •Identity Data: First name, last name, date of birth (for age verification).
• •Contact Data: Billing address, delivery address, email address, and mobile number.
• •Financial Data: Payment processing details (processed securely via our third-party payment gateways; we do not store full credit card numbers on our servers).
• •Technical and Usage Data: IP address, browser type, device identifiers, platform interaction metrics, and purchase history.

2. The Purpose and Legal Basis for Processing

We process your personal data based on your explicit, affirmative consent or under the legitimate uses prescribed by the DPDP Act. We utilize your data for the following specific purposes:

• •Order Fulfillment: To process transactions, manage logistics, and deliver the Ayurvedic and personal care products you have purchased.
• •Customer Support: To provide post-purchase assistance, handle returns, and resolve grievances.
• •Platform Optimization: To analyze user behavior to improve website functionality and product offerings.
• •Regulatory Compliance: To comply with tax laws (e.g., GST reporting) and consumer protection mandates.

3. Consent, Withdrawal, and Minor's Data

4. Data Sharing and Third-Party Processors

We do not sell your personal data to data brokers. However, to fulfill our services, we share necessary data with trusted third-party Data Processors. We maintain strict Data Processing Agreements (DPAs) with these entities to ensure they uphold DPDP Act standards. We share data with:

• •Logistics and Fulfillment Partners: (e.g., courier services and quick-commerce platforms) for delivery execution.
• •Payment Gateways: For secure transaction processing.
• •Cloud Infrastructure Providers: For secure data hosting and server management.
• •Statutory Authorities: When required to comply with law enforcement requests, tax audits, or legal mandates.

5. Data Retention and Security Safeguards

6. Your Rights as a Data Principal

Under the DPDP Act, 2023, you possess the following actionable rights regarding your personal data:

• •Right to Access: The right to obtain a summary of your personal data being processed and the identities of third-party processors it has been shared with.
• •Right to Correction and Erasure: The right to request the correction of inaccurate data, the updating of obsolete data, or the complete erasure of your personal data when it is no longer necessary for processing.
• •Right of Grievance Redressal: The right to have your privacy-related complaints addressed rapidly by our internal mechanisms.
• •Right to Nominate: The right to nominate an individual to exercise these rights on your behalf in the event of your death or incapacity.

To exercise any of these rights, please submit a request via the "Data Principal Rights Form" in your account dashboard or email our Data Protection Officer.