1. Introduction
This Privacy Policy explains how Aumak Foods, proprietorship, registered at Mumbai, Maharashtra, collects, uses, stores, shares, and protects the personal information of its customers and business partners.
This Policy applies to three groups of people:
- Individuals who purchase jaggery directly from us online through our website, WhatsApp Business, Instagram/Facebook page, or any online marketplace listing.
- Individuals who purchase from our retail counter or warehouse outlet, if applicable
- Retail shop owners and their staff who purchase jaggery from us wholesale for resale in their stores across Mumbai and surrounding areas
2. Information We Collect
2.1 Online Purchases
- Full name
- Phone number and email address
- Delivery address
- Order details items, quantity, order value, order history
- Payment information we do NOT store full card/UPI details; these are processed by our payment gateway. We retain only: transaction ID, amount, and payment status
- Communication history WhatsApp chats, emails, call notes related to your order
- Device and browser data IP address, approximate location, browser type — if you use our website or app (see Section 6 on Cookies)
2.2 Walk-in / Retail Counter Purchases
- Name and phone number collected only if you want a printed bill, wish to be added to repeat-customer offers, or request home delivery
- Purchase details for billing and GST record-keeping
- CCTV footage where cameras are installed on our premises, for security. Retained for [30 / 60 / 90] days, then automatically deleted
| 📌 Note: We do not require ID proof or personal data for simple cash or UPI walk-in purchases unless you request a delivery or credit arrangement. |
2.3 Retail Shop / Wholesale Partners
- Shop or business name and registered address
- Owner or contact person’s name, phone number, and email address
- GSTIN (GST Registration Number)
- FSSAI licence number, if applicable to your shop
- Bank account details for refunds, credit notes, or recurring payment arrangements
- Order quantities, pricing terms, credit period, and order history
- Delivery address(es) if different from billing address
- Signed delivery acknowledgements and proof-of-delivery records
2.4 Information We Do Not Collect
We do not knowingly collect sensitive personal data such as health records, religious beliefs, or biometric data. Our products are not directed at individuals below 18 years of age.
3. How We Collect Your Information
- Directly from you order forms, WhatsApp messages, phone calls, in-person conversations at our counter or warehouse, or through your retail shop’s onboarding / KYC paperwork
- Automatically through our website or app, if you browse or place an order online
- From payment gateways and logistics partners confirming transaction status and delivery completion
- From publicly available business directories if used to identify and onboard new retail shop partners. Limited to business contact details only, not personal data
4. How We Use Your Information
| Purpose of Use | Applies To |
| Processing and fulfilling your order | All customers |
| Generating GST-compliant invoices | All customers |
| Coordinating delivery to your location | Online buyers, retail partners |
| Managing credit terms and wholesale orders | Retail partners |
| Sending order confirmations and delivery updates | Online buyers, retail partners |
| Responding to queries, complaints or refund requests | All customers |
| Sharing offers and new stock updates (with consent only) | Online buyers, retail partners |
| Tax and legal compliance record-keeping | All customers |
| Store security via CCTV | Walk-in customers only |
We do not use your data for purposes beyond what is listed above without informing you and seeking fresh consent where required.
5. Legal Basis for Processing
Under the Digital Personal Data Protection Act, 2023 (DPDP Act), we process personal data based on:
- Your consent for marketing communications, optional loyalty programmes, and online order processing
- You may withdraw consent at any time for purposes that rely on it, without affecting orders already placed
- Legitimate use for fulfilling a contract you have voluntarily entered (placing an order) and for routine business activities like invoicing and delivery that you would reasonably expect
- Legal obligation for GST records, tax filings, and other statutory requirements under Indian law
6. Cookies and Online Tracking
(Applicable only if you operate a website or mobile app. Remove this section if you are purely WhatsApp / phone-order based.)
If you visit our website, we may use cookies or similar technologies to:
- Keep your cart or order details active during a browsing session
- Understand which products and pages customers visit most
- Remember your delivery address for repeat orders
You can disable cookies through your browser settings. This may affect certain features such as saved carts or auto-filled addresses.
7. Sharing of Information with Third Parties
We share personal data only as necessary to run the business. We never sell your data. Third parties we may share information with:
- Payment gateways (e.g., Razorpay, PayU, UPI apps) to process online payments securely
- Logistics and courier partners to deliver jaggery from our warehouse to your address or shop
- Accounting / GST software providers to generate invoices and maintain statutory records
- SMS / WhatsApp Business API providers to send order and delivery updates
- Government authorities where required by law, court order, or for GST / tax compliance
- Our Kolhapur sourcing and logistics partners only to the extent needed to coordinate stock movement. They do not receive customer personal data, only order quantities
All third-party service providers are required to use your data only for the specific service they provide to us, and not for their own unrelated purposes.
8. Payment and Financial Data
- We do not store complete debit/credit card numbers, CVVs, or UPI PINs these are handled entirely by our RBI-authorised payment gateway partner
- For wholesale or retail partners on credit terms, we maintain records of outstanding dues, payment history, and bank details solely for billing and reconciliation purposes
- Refunds, where applicable, are processed back to the original payment method or the bank account on file
9. Data Storage, Security, and Retention
Customer and retail-partner data is stored on [secure cloud servers / local systems specify] with access restricted to authorised staff only.
We use reasonable technical and organisational safeguards including:
- Password protection and restricted access controls
- Regular data backups
- Secure deletion of data no longer required
Retention periods:
- Order and invoice records 7 years, per GST and tax record-keeping requirements
- Marketing consent and communication preferences — until you withdraw consent
- CCTV footage 30 to 90 days, then automatically deleted unless required for an ongoing investigation
- Retail partner KYC and GST records duration of the business relationship plus the applicable statutory record-keeping period
10. Your Rights as a Data Principal
Under the DPDP Act, 2023, and applicable Indian law, you have the right to:
- Access requests a copy of the personal data we hold about you
- Correct or update request correction of inaccurate or outdated information
- Withdraw consent at any time, for marketing or optional data uses, without affecting past orders
- Request erasure of your data where it is no longer needed for the purpose it was collected (subject to GST and statutory retention requirements)
- Lodge a grievance with us directly, and escalate to the Data Protection Board of India if unresolved within 90 days
To exercise any of these rights, please contact our Grievance Officer using the details in Section 14.
11. Children’s Data
Our products and services are not directed at individuals under 18 years of age. We do not knowingly collect personal data from minors. If we become aware that such data has been inadvertently collected, we will delete it promptly.
12. Data Breach Notification
In the unlikely event of a personal data breach affecting your information, we will:
- Notify the Data Protection Board of India as required under the DPDP Rules, 2025
- Inform affected individuals without undue delay, describing the nature of the breach and the steps being taken to address it
13. Retail Partner-Specific Terms
For shop owners purchasing wholesale from us:
- Your business and contact information is used strictly for order fulfilment, invoicing, credit management, and delivery coordination never sold or shared with competing suppliers
- If your shop closes its account with us, your data will be retained only as long as required for tax and legal record-keeping, and then securely deleted
- You may request a copy of all data we hold about your shop at any time by contacting our Grievance Officer
14. Grievance Officer — Contact Us
If you have questions, complaints, or wish to exercise your data rights:
| foods@aumak.com | |
| Phone | +91 7039361225 |
| Address | Mumbai, Maharashtra |
We will acknowledge your request promptly and resolve it within the timelines prescribed under applicable law, and no later than 90 days.
15. Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices or in Indian data protection law. The ‘Last Updated’ date at the top of this document will reflect the most recent revision. Significant changes affecting how we use your data will be communicated to you directly where required.
16. Governing Law
This Policy is governed by the laws of India, including the Information Technology Act, 2000, applicable rules thereunder, and the Digital Personal Data Protection Act, 2023, as provisions come into full force through May 2027.
