Privacy Policy — Bighand India | How We Protect Your Data

🔒 This Privacy Policy was last revised on 15 March 2025 and applies to all users of bighand99.shop.

🔐

Overview

Bighand India ("we", "us", "our") operates bighand99.shop and is committed to protecting your personal information and your right to privacy. This Privacy Policy explains what information we collect, why we collect it, how we use it, and your rights over it.

This policy applies to all personal data we process whether online (via our website, emails, or WhatsApp) or offline (via phone interactions). By using our website or placing an order, you consent to the practices described in this policy.

✅ Our Privacy Promise: We never sell your personal data. We only collect what is necessary to serve you, and we protect it with industry-standard security measures.

Information We Collect

We collect personal data in the following categories:

Category	Data Points	When Collected
Identity Data	Full name, username/login ID	Account registration, order placement
Contact Data	Email address, phone number, WhatsApp number	Registration, contact form, checkout
Delivery Data	Shipping address, city, state, pin code, country	Order placement
Transaction Data	Order ID, items purchased, price, payment method (not card details)	Every purchase
Technical Data	IP address, browser type, device type, OS, screen resolution	Website visit (via cookies/analytics)
Usage Data	Pages visited, search queries, click behaviour, time spent	Website visit
Communication Data	Emails sent/received, WhatsApp messages, contact form submissions	Customer support interactions
Marketing Preferences	Consent to receive newsletters, SMS, promotional emails	Registration / checkout opt-in

⚠️ We do NOT collect or store: Credit card numbers, CVV codes, debit card PINs, net banking passwords, or any biometric data. Payment processing is handled by PCI-DSS compliant payment gateways.

How We Use Your Data

We use your personal data only for the purposes listed below, and only to the extent necessary:

Order Fulfilment: Processing, dispatching, and delivering your orders. Sharing necessary details with our courier partners.
Payment Processing: Verifying transactions and preventing fraud (we never see full card details).
Account Management: Creating and maintaining your account, order history, and wishlist.
Customer Support: Responding to queries, managing returns/exchanges, and resolving disputes.
Marketing (with consent): Sending newsletters, product recommendations, sale alerts, and promotional offers. You can unsubscribe at any time.
Website Improvement: Analysing usage data to improve site performance, navigation, and product offerings.
Legal Compliance: Complying with applicable Indian and international laws, including tax regulations, consumer protection laws, and court orders.
Fraud Prevention: Detecting and preventing suspicious activity, duplicate accounts, and payment fraud.
Personalisation: Showing relevant product recommendations, recently viewed items, and personalised offers.

📌 We will never use your data for purposes materially different from those listed above without obtaining your explicit prior consent.

Cookies & Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience.

Cookie Type	Purpose	Can Disable?
Essential Cookies	Shopping cart, login session, CSRF protection	No — required for core functionality
Preference Cookies	Currency selection, language, wishlist state	Yes (with functionality impact)
Analytics Cookies	Google Analytics — page views, traffic sources, behaviour	Yes
Marketing Cookies	Meta Pixel, Google Ads — ad targeting and conversion tracking	Yes

You can manage or disable cookies through your browser settings. Note that disabling certain cookies may affect website functionality.

💡 We use localStorage (not traditional cookies) for cart, wishlist, and currency preferences on your device. This data stays only on your device and is never transmitted to our servers.

Data Sharing & Third Parties

We share your data only with trusted service providers who are essential to our operations. We never sell your data.

Third Party	Purpose	Data Shared
Courier Partners (Delhivery, Bluedart, DTDC)	Order delivery	Name, address, phone, order details
Payment Gateways (Razorpay, PayU, etc.)	Secure payment processing	Order amount, email (no card data from our end)
Google Analytics	Website analytics	Anonymised usage data, IP (truncated)
Meta (Facebook) Pixel	Ad performance tracking	Anonymised conversion data
WhatsApp Business API	Order updates, customer support	Phone number, order info
Email Service Provider	Transactional & marketing emails	Email, name, order details
Legal/Government Authorities	Compliance with law, court orders	As required by applicable law

All third-party service providers are contractually required to protect your data and use it only for the specified purpose.

Data Security

We implement industry-standard technical and organisational security measures to protect your personal data:

SSL/TLS Encryption: All data transmitted between your browser and our website is encrypted using HTTPS/TLS.
Secure Payment Processing: All payments are processed via PCI-DSS compliant gateways. We never see or store complete card information.
Access Controls: Employee access to customer data is restricted on a need-to-know basis with role-based permissions.
Regular Security Audits: Our systems are regularly reviewed and updated to address potential vulnerabilities.
Data Minimisation: We only collect and retain data that is strictly necessary for the stated purpose.

⚠️ Data Breach Notification: In the unlikely event of a data breach that poses a significant risk to your rights, we will notify affected users within 72 hours of becoming aware, in accordance with applicable law.

🔒 Despite our best efforts, no data transmission over the internet is 100% secure. We cannot guarantee absolute security but commit to following best practices and notifying you promptly of any incidents.

Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by law:

Data Type	Retention Period	Reason
Order and Transaction Records	7 years	Indian tax and legal requirements
Customer Account Data	Active + 3 years after last login	Customer service, legal basis
Marketing Preferences	Until opt-out or account deletion	Consent-based
Communication Records (email/WhatsApp)	2 years	Dispute resolution
Analytics Data (anonymised)	26 months	Google Analytics default
Security Logs (IP, access)	90 days	Fraud detection

When data is no longer needed, we securely delete or anonymise it.

International Data Transfers

Bighand India is based in India and your data is primarily stored and processed in India. However, some of our third-party service providers (e.g., Google Analytics, Meta) may process data in other countries.

For customers in the European Economic Area (EEA), UK, or other regions with specific data protection requirements, we ensure transfers comply with applicable regulations through appropriate safeguards.
International customers by using our website consent to their data being transferred to and processed in India.
We apply the same privacy standards regardless of where data is processed.

Children's Privacy

Our website and services are intended for users aged 18 years and above. We do not knowingly collect personal data from children under 18.

If you are under 18, please do not register or make purchases without parental or guardian consent.
If we become aware that we have inadvertently collected data from a child under 18, we will delete it promptly.
Parents or guardians who believe their child's data has been collected should contact us at support@bighand99.shop immediately.

Your Privacy Rights

You have the following rights over your personal data. To exercise any of these, email us at support@bighand99.shop:

👁️

Right to Access

Request a copy of all personal data we hold about you

✏️

Right to Rectify

Correct inaccurate or incomplete personal data

🗑️

Right to Erasure

Request deletion of your data ("right to be forgotten")

⏸️

Right to Restrict

Restrict how we process your data in certain circumstances

📦

Data Portability

Receive your data in a machine-readable format

🚫

Right to Object

Object to processing for marketing or legitimate interests

We will respond to all data rights requests within 30 days. Complex requests may take up to 60 days — we will inform you if an extension is needed.

⚠️ Note: Some rights may be limited where we are required to retain data for legal compliance (e.g., tax records must be kept for 7 years).

Marketing Communications & Opt-Out

With your consent, we may send you:

Order confirmations, shipping updates, and delivery notifications (transactional — cannot be opted out)
Promotional emails about new collections, sales, and offers
WhatsApp messages about your orders and support replies
SMS notifications for delivery updates

How to Opt-Out of Marketing:

Click "Unsubscribe" in any marketing email
Email us at support@bighand99.shop with subject "Unsubscribe"
WhatsApp us "STOP" at +91 9713921016
Update preferences in your account at bighand99.shop/account.html

💡 Even if you opt out of marketing, you will still receive important transactional messages like order confirmation, shipping updates, and return notifications.

Third-Party Links

Our website may contain links to external websites (social media, payment portals, courier tracking pages). These third-party sites have their own privacy policies, which we have no control over.

We are not responsible for the privacy practices or content of third-party websites.
We recommend reviewing the privacy policy of any external site you visit.
Links to social media platforms (Instagram, Facebook, Pinterest, YouTube) are governed by their respective privacy policies.

Legal Basis for Processing (GDPR)

For customers in the European Economic Area (EEA) or United Kingdom, we process your data under the following legal bases:

Processing Activity	Legal Basis
Processing and fulfilling orders	Performance of a contract
Customer account management	Performance of a contract
Sending marketing communications	Your explicit consent
Analytics and website improvement	Legitimate interests
Fraud prevention and security	Legitimate interests
Complying with legal obligations	Legal obligation

For Indian customers, data processing is governed by the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements.

The "Last Updated" date at the top of this page will always reflect the most recent version.
For material changes (those that significantly affect your rights), we will send an email notification to registered users at least 14 days before the change takes effect.
Continued use of our website after the effective date of changes constitutes acceptance of the updated policy.
Previous versions of this policy are available on request.

For any privacy-related questions, data rights requests, or concerns, please contact:

Contact Method	Details	Response Time
📧 Privacy Email	support@bighand99.shop	Within 72 hours
📧 Data Rights Subject	Email with subject: "Privacy / Data Rights Request"	Within 30 days
💬 WhatsApp	+91 9713921016	Within 24 hours
📍 Postal Address	Bighand India, Huzur, Bhopal, Madhya Pradesh 462001, India	—

Privacy Questions or Data Requests?

We take every privacy inquiry seriously and respond within 72 hours

📧 Email Privacy Team 💬 WhatsApp Us