privacy policy

4. Sensitive Personal Data

We may, with your explicit consent, collect certain sensitive personal data as defined under the IT (SPDI) Rules, 2011, including religious beliefs (for puja customisation purposes) and financial information processed through secure gateways. Such data is collected only to the extent necessary for service delivery and is never used for any other purpose.

5. Sharing of Personal Data

We do not sell, rent, or trade your personal data. We may share your data with:

• Empanelled Pandits — limited to your name, contact number, and booking details necessary to conduct the service
• Payment Gateway Providers — for processing transactions (RBI-authorised entities only)
• Logistics and Delivery Partners — name and delivery address for prasad delivery only
• Technology Service Providers — hosting, analytics, and communication platforms that process data on our behalf under strict data processing agreements
• Regulatory and Law Enforcement Authorities — when required by applicable law, court order, or government directive
• Successor Entities — in the event of a merger, acquisition, or business transfer, subject to equivalent data protection obligations

In all cases, third-party data processors are bound by contractual obligations to process your data only for the specified purpose and in accordance with applicable Indian law.

6. Data Retention

We retain your personal data for as long as your account is active or as necessary to fulfil the purposes described in this Policy. Specific retention periods are as follows:

• Account data: Retained for the duration of your account and for 3 years thereafter
• Transaction records: Retained for 8 years as required under the GST Act, 2017, and the Income Tax Act, 1961
• Customer communications: Retained for 2 years
• Marketing data: Retained until you withdraw consent

Upon expiry of the retention period or upon a valid deletion request, your data will be securely deleted or anonymised.

7. Data Security

We implement industry-standard technical and organisational security measures to protect your personal data against unauthorised access, disclosure, alteration, or destruction. These measures include SSL/TLS encryption for data in transit, encryption of sensitive data at rest, role-based access controls, regular security audits, and employee training on data protection. We are committed to the reasonable security practices mandated under the IT (SPDI) Rules, 2011.

In the event of a personal data breach that is likely to result in risk to your rights and freedoms, we will notify you and the relevant authorities as required under applicable law.

8. Cookies and Tracking Technologies

We use cookies, web beacons, and similar tracking technologies to enhance your experience on our platform. Types of cookies we use:

• Strictly Necessary Cookies — required for the platform to function (e.g., login session, cart data)
• Analytical / Performance Cookies — help us understand how users interact with the platform (e.g., Google Analytics)
• Functional Cookies — remember your preferences (e.g., language, region)
• Marketing Cookies — used to deliver relevant advertisements and promotional content

You may manage and withdraw consent for non-essential cookies at any time through your browser settings or our cookie preference centre. Disabling certain cookies may affect platform functionality.

9. Your Rights as a Data Principal

Under the Digital Personal Data Protection Act, 2023, you have the following rights:

• Right to Access — Request information about the personal data we hold about you and how it is processed
• Right to Correction — Request correction of inaccurate or incomplete personal data
• Right to Erasure — Request deletion of your personal data, subject to legal retention obligations
• Right to Grievance Redressal — Have your complaint addressed within the timelines prescribed by law
• Right to Nominate — Nominate another individual to exercise your rights in the event of your incapacity or death
• Right to Withdraw Consent — Withdraw consent for processing at any time, without affecting the lawfulness of processing prior to withdrawal

To exercise any of the above rights, please write to us at contactboonandblessings@gmail.com. We will respond within 30 days as required by law.

10. Children's Data

Our services are not directed at children below the age of 18 years. We do not knowingly collect personal data of minors. If a booking is made on behalf of a minor for a religious ceremony, the parent or legal guardian assumes responsibility for providing consent and ensuring compliance with this Policy. If we become aware that we have inadvertently collected data of a child without verified parental consent, we will delete such data promptly.

11. Cross-Border Data Transfers

Your personal data is currently stored and processed within India. In the event any data is transferred outside India (e.g., through internationally-hosted technology service providers), such transfers will be carried out in accordance with the provisions of the Digital Personal Data Protection Act, 2023 and any rules or orders issued thereunder by the Central Government.

12. Grievance and Data Protection Officer

Contact for Privacy Grievances: 

✉️ contactboonandblessings@gmail.com 

Subject Line: Privacy Grievance – [Brief Description] 

Address: 2nd Floor, 201, JOP Plaza, Noida Sector 18, Uttar Pradesh, India – 201301 

Response: Acknowledgement within 48 hours; Resolution within 30 days

You also have the right to approach the Data Protection Board of India (once constituted under the DPDPA, 2023) if you are not satisfied with our response.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in law, technology, or our business practices. All changes will be posted on this page with the updated effective date. For material changes, we will notify you via email or a prominent notice on the platform. We encourage you to review this Policy periodically.