Introduction
This Privacy Policy explains what data is collected on the website, how it is used, shared, retained, and the rights available to individuals under applicable laws including India’s Digital Personal Data Protection Act, 2023 (DPDP Act). The Policy applies to all visitors, customers, and account holders who interact with the store, checkout, and support channels operated on WooCommerce. Effective date: 07 October 2025 and contact email: support@rohinara.in for privacy queries or complaints
Who we are
Controller/Fiduciary: Rohinara Candles, B-17/10, Krishna Nagar, Delhi-51, operating an online store. For DPDP matters, the Data Fiduciary contact is Kunal, email: support@rohinara.in, and grievances may be escalated per the Act’s redressal framework. If designated as a Significant Data Fiduciary in future, a Data Protection Officer will be appointed and published here as required.
What we collect
Account and order data: names, emails, phone numbers, billing/shipping addresses, order details, and support messages necessary to process and fulfill purchases.
Technical data: IP address, device/browser information, and essential cookies to maintain cart state and sessions.
Payment data: payments are processed by integrated payment gateways; card information is handled by the gateway and protected under PCI DSS standards rather than stored on store servers.
How we use data
Data is used to process orders, deliver products across India, provide account features, handle customer support, and improve store performance and security. Marketing communications are sent only with appropriate consent or lawful basis, and recipients can opt out at any time via unsubscribe controls. Fraud prevention, debugging, and legal compliance activities are also performed where necessary and permitted by law.
Legal bases
Processing may rely on consent, performance of a contract (order fulfillment), compliance with legal obligations (tax/records), and legitimate interests such as preventing fraud and securing services. Under India’s DPDP Act, valid consent and permitted legitimate uses govern personal data processing alongside duties to protect children’s data and maintain security safeguards.
Cookies and tracking
We use essential cookies to keep carts functioning and sessions associated with the correct customer; common cookies. These cookies enable accurate cart totals, multi‑page checkout, and returning session continuity; disabling them may impair shopping functionality. Where non‑essential analytics/advertising cookies are used, appropriate notices and choices are provided via the site’s cookie banner and policy links.
Payments and security
Payment processing is handled by third‑party gateways that operate their own secure environments; cardholder data entered on payment forms is transmitted directly to those providers under PCI DSS requirements. Store systems use industry practices such as HTTPS/TLS, access controls, and monitoring, while gateways also implement client‑side protections emphasized in modern e‑commerce PCI guidance. Transaction and anti‑fraud reviews may be conducted with providers and service partners to maintain platform security and compliance.
Sharing of data
Personal data may be shared with service providers strictly for operations such as payment processing, fraud detection, fulfillment/shipping, customer support, and site hosting under appropriate contractual safeguards. Data may be disclosed if required by law or to protect rights and safety, consistent with applicable legal obligations. Limited data may be transferred to processors outside India where necessary, subject to legal allowances and safeguards described by the DPDP framework and international privacy regimes for cross‑border processing.
Data retention
Retention is limited to what is necessary for transactions, legal, accounting, and security purposes. After the retention period, personal data is deleted or anonymized unless further storage is required by statutory obligations or legitimate purposes permitted by law.
Rights under India’s DPDP Act
Individuals have rights to access information about processing, request correction and completion, request erasure, seek grievance redressal, revoke consent, and nominate a representative to exercise rights in case of death or incapacity. Parental consent is required before processing children’s personal data and targeted advertising to minors is restricted under the Act. Requests can be submitted to [privacy@domain.com], and unresolved grievances may be escalated per the DPDP mechanism.cookieyes+2
GDPR rights (EU/UK visitors)
EU/UK data subjects may exercise rights to be informed, access, rectification, erasure, restriction, portability, objection, and rights related to automated decision‑making and profiling as set out in GDPR Chapter 3. Where processing relies on consent, consent can be withdrawn at any time without affecting prior lawful processing, and appropriate safeguards apply for transfers. Requests can be sent to support@rohinara.in, and identification may be required to verify the requester consistent with GDPR.
CCPA/CPRA rights (California visitors)
California residents may have rights to know, delete, correct, opt out of sale/share, limit use of sensitive personal information, and be free from discrimination for exercising rights. Where applicable, the site will honor opt‑out signals and provide mechanisms such as “Do Not Sell or Share My Personal Information” in line with CPRA obligations. Requests can be submitted to support@rohinara.in and will be verified and responded to within statutory timelines.
Children’s privacy
The store does not knowingly process personal data of children without verifiable consent as required by the DPDP Act, which defines a child as under 18 years of age and restricts harmful processing and targeted advertising to minors. Parents or guardians may contact support@rohinara.in to review or delete a child’s information where applicable.
International transfers
Where services or processors are located outside the country, transfers are limited to jurisdictions and arrangements permitted by applicable law and supported by contractual safeguards and security measures. Information on the main service providers and transfer safeguards can be requested via support@rohinara.in.
How to exercise rights
To exercise any privacy right, submit a request with sufficient details to allow verification and describe the request with enough specificity to enable processing. A response will be provided within legally required timelines, and identity verification may be required to protect customers and the business.
Changes to this policy
This Policy may be updated periodically to reflect legal, technical, or business changes, and the latest version will be posted on this page with the effective date. Where material changes affect individuals’ rights or consents, reasonable notice will be provided as appropriate for the change and jurisdiction.
Contact
For questions, requests, or complaints about privacy, contact: Rohinara Candles, Attn: Privacy, B-17/10, Krishna Nagar, Delhi-51, support@rohinara.in, and include sufficient details to enable a response. If a grievance remains unresolved under the DPDP framework, escalation may be available per the DPDP Act and applicable rules.
