facebook My Store

Privacy Policy

Last updated on 29th Aug 2025

Blue Zone Online Marketing Solutions Private Limited ("Company", "we", "our", or "us"), the owner and operator of the My Haul Store platform ("MHS" or "Platform"), is committed to protecting and managing your personal data responsibly. This Privacy Policy is designed to provide clear information about how we collect, process, store, share, and safeguard your personal data in full compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act) and other applicable data protection laws of India.

We acknowledge the importance of your privacy and are committed to:

1. Processing personal data lawfully, fairly, and transparently.

2. Limiting data collection to what is necessary for providing and improving our services.

3. Implementing robust technical and organisational measures to secure your information.

4. Respecting your rights as a data principal under the DPDP Act, including your rights to access, correction, erasure, consent withdrawal, and grievance redressal.

By accessing or using our website (https://www.myhaulstore.com) or any associated services, you agree to this Privacy Policy. If you do not agree, you should discontinue the use of our services. We encourage you to review this policy periodically to stay informed of how we are protecting your data.

1. DATA FIDUCIARY IDENTIFICATION

For the purposes of this Privacy Policy and in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act), the entity responsible for determining the purpose and means of processing your personal data — also referred to as the Data Fiduciary — is:

Blue Zone Online Marketing Solutions Private Limited
Registered Office: 690, Gold Hill Square, Hosur Road, Opp to Service Road, Bommanahalli, Bengaluru, 560068
Corporate Identification Number (CIN): U74999KA2020PTC133303
Phone: +91 8904989995

As the Data Fiduciary, Blue Zone Online Marketing Solutions Private Limited is committed to:

1. Ensuring lawful and fair processing of all personal data collected.

2. Defining the purpose, scope, and retention period for the data collected.

3. Implementing robust security measures to prevent unauthorized access, disclosure, or misuse of data.

4. Addressing user grievances promptly through the designated Grievance Redressal Officer (GRO).

By interacting with our Platform or services, you acknowledge that the above entity is the primary decision-maker for all matters concerning your personal data and its processing.

2. GRIEVANCE REDRESSAL OFFICER (GRO)

In accordance with the Digital Personal Data Protection Act, 2023 (DPDP Act), we have appointed a Grievance Redressal Officer (GRO) to address any concerns, complaints, or requests from Data Principals (users) regarding the collection, processing, or handling of their personal data.

Grievance Redressal Officer (GRO) Contact Information:
Name: Mr. Arun Dadhich
Designation: Grievance Redressal Officer, Compliance Department
Email: arun@myhaulstore.com
Phone: +91 72592 09385
Address: 690, Gold Hill Square, Hosur Road, Opp to Service Road, Bommanahalli, Bengaluru, 560068

Responsibilities of the GRO:

1. Receive and acknowledge user complaints or grievances regarding personal data.

2. Provide a written response within the statutory timelines prescribed under the DPDP Act.

3. Facilitate correction, erasure, or withdrawal of consent as requested by users, where applicable.

4. Liaise with internal teams to ensure compliance with legal and regulatory requirements.

Maintain records of grievances and resolutions as part of the compliance log.

Users can reach out to the GRO for issues including, but not limited to:

1. Accessing or correcting personal data.

2. Withdrawal of consent for specific data processing activities.

3. Reporting unauthorized use, disclosure, or security breaches.

4. Clarifications regarding the company’s data protection policies or practices.

By providing this channel, the Company ensures transparency, accountability, and timely redressal of user concerns, thereby fulfilling its obligations as a Data Fiduciary under the DPDP Act.

3. DATA COLLECTION AND USE

The Company collects and processes personal data strictly for lawful and specific purposes in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act).

3.1 Categories of Data Collected

We may collect the following types of data from you:

  1. Personal Identifiable Information (PII): Name, email address, phone number, postal address, date of birth, and other information you voluntarily provide.
  2. Account and Login Details: Usernames, passwords, or other authentication credentials for secure access to the Platform.
  3. Transactional Information: Payment details, billing addresses, and order histories for financial transactions.
  4. Usage and Interaction Data: IP addresses, browser type, device identifiers, pages visited, time spent, and interaction data for service optimization.
  5. Marketing and Communication Preferences: Information regarding your preferences for newsletters, updates, and promotional communications.
  6. Third-Party Data: Data shared with us by partners or marketers, as required for delivering platform services.

3.2 Lawful Basis of Processing

The processing of personal data will always be based on one or more of the following lawful grounds:

  1. Consent: Explicit consent obtained where required for specific activities like marketing communications.
  2. Performance of Contract: Processing necessary to provide the services you have requested.
  3. Legal Obligation: Processing necessary to comply with applicable laws and regulatory requirements.
  4. Legitimate Interest: Processing necessary to enhance user experience, security, and platform performance.

By continuing to use the Platform, you acknowledge and agree that your data may be collected and processed in accordance with this Privacy Policy and applicable legal requirements.

4. DATA STORAGE, SECURITY, AND RETENTION

The Company places the highest priority on protecting your personal data. We implement robust technical and organizational safeguards to ensure your data remains secure, confidential, and protected against unauthorized access, misuse, alteration, or destruction.

4.1 Data Storage

  1. Personal data is stored on secure servers located within India in compliance with applicable data protection regulations.
  2. Any data transfers, if required, are performed in accordance with legal safeguards and approved mechanisms under the DPDP Act.

4.2 Security Measures

We have adopted advanced security protocols to protect your personal information, including:

  1. Encryption: All sensitive data, including payment information, is encrypted during transmission and storage.
  2. Access Controls: Role-based access to personal data is restricted to authorized personnel only.
  3. Monitoring and Auditing: Regular monitoring and audits to detect and mitigate vulnerabilities or unauthorized access.
  4. Incident Response: A documented incident response plan to address and notify relevant stakeholders of any data breach in accordance with legal requirements.

4.3 Data Retention

  1. Personal data is retained only for as long as necessary to fulfill the purposes for which it was collected, or as required by applicable law.
  2. Upon fulfillment of the intended purpose or expiry of the retention period, data will be securely deleted, anonymized, or archived in compliance with legal standards.

4.4 Breach Notification

In the event of a personal data breach that is likely to cause harm to users, we will:

  1. Notify the affected users and the Data Protection Board of India (DPBI) promptly.
  2. Take immediate measures to mitigate the impact and prevent further breaches.

By using the Platform, you acknowledge and accept that while we adopt stringent safeguards, no system is entirely immune to risks. However, we are committed to ensuring continuous improvement of our security frameworks to maintain the integrity and confidentiality of your personal data.

5. USER RIGHTS UNDER THE DPDP ACT

As a Data Principal under the Digital Personal Data Protection Act, 2023 (DPDP Act), you have specific rights regarding the collection, processing, and handling of your personal data. We respect and uphold these rights, ensuring transparency and accessibility in exercising them.

5.1 Right to Access

You have the right to request details of the personal data we hold about you, including:

  1. The type of personal data collected
  2. The purposes of its processing
  3. The third parties, if any, with whom the data has been shared

5.2 Right to Correction and Erasure

You can request:

  1. Correction of inaccurate, incomplete, or outdated personal data.
  2. Erasure of personal data that is no longer necessary for the purposes for which it was collected or if consent has been withdrawn.

5.3 Right to Withdraw Consent

Where data processing is based on your consent, you have the right to withdraw that consent at any time. Withdrawal will not affect the legality of prior processing but may impact your ability to use certain services.

5.4 Right to Grievance Redressal

You can raise grievances or complaints regarding data handling by contacting the Grievance Redressal Officer (GRO). The GRO is obligated to acknowledge your complaint and respond within the statutory timelines provided under the DPDP Act.

5.5 Right to Nominate

You may nominate another individual to exercise your rights in case of death or incapacity, ensuring your data rights are managed as per your preferences.

5.6 Right to Be Informed

You have the right to be informed about how your data is collected, processed, and protected, including any significant changes to this Privacy Policy.

By providing these rights, we aim to ensure that you remain in control of your personal data while maintaining compliance with the applicable legal framework.

6. THIRD-PARTY SHARING AND DATA TRANSFERS

We may share personal data with trusted third parties to deliver and enhance the Platform Services while ensuring full compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act).

6.1 Sharing with Service Providers and Partners

Your data may be shared with:

  1. Technology and hosting providers for platform operation and maintenance.
  2. Payment gateways and financial partners for processing transactions.
  3. Marketing and analytics partners to improve user experience and engagement.
  4. Legal and compliance advisors for regulatory obligations and dispute management.
  5. Sharing with Partners or affiliates to facilitate service delivery in compliance with the law and this Privacy Policy.

All third-party vendors are contractually obligated to handle your data only for the specific purposes outlined by us and to maintain industry-standard security and confidentiality safeguards.

6.2 Data Transfers Outside India

If it becomes necessary to transfer your data to servers or entities located outside India, we will:

  1. Ensure the receiving jurisdiction provides an adequate level of data protection; or
  2. Implement appropriate safeguards, such as contractual clauses, approved under the DPDP Act.

6.3 No Unauthorized Sale of Data

We do not sell, rent, or trade your personal data to any third party for marketing purposes without your explicit consent.

7. COOKIES AND TRACKING TECHNOLOGIES

To provide a seamless and personalized experience, we use cookies and similar tracking technologies on the Platform. These technologies help us improve functionality, analyze user behavior, and enhance security, in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act).

7.1 What Are Cookies

Cookies are small text files stored on your device by your browser when you visit our Platform. They allow us to recognize you on future visits and tailor the experience to your preferences.

7.2 Types of Cookies We Use

  1. Essential Cookies: Required for core platform functionality, such as secure logins and transaction processing.
  2. Performance and Analytics Cookies: Help us analyze site usage, monitor traffic, and improve overall performance.
  3. Functional Cookies: Enable features like remembering user preferences and providing customized content.
  4. Marketing Cookies: Used to deliver targeted advertisements and measure the effectiveness of marketing campaigns.

7.3 Tracking Technologies

In addition to cookies, we may use technologies such as web beacons, pixels, and scripts to track user engagement and platform performance, integrate third-party services like analytics and ad networks and improve fraud detection and platform security.

7.4 Managing Your Cookie Preferences

You can manage or disable cookies through your browser settings. However, disabling essential cookies may limit or disrupt certain platform functionalities.

7.5 Third-Party Cookies

Some cookies may be placed by third-party service providers to support analytics, advertising, or other services. These providers are contractually obligated to comply with privacy and security standards under the DPDP Act.

7.6 Consent and Transparency

By using our Platform, you consent to the use of cookies and tracking technologies as outlined in this section. Any significant changes to our cookie practices will be updated in this Privacy Policy, and where required, we will seek renewed consent.

For more details on managing cookies or exercising your rights, please refer to the User Rights and Grievance Redressal sections of this policy.

8. CHILDREN’S DATA PROTECTION

We are committed to protect the personal data of children in strict compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act) and other applicable laws.

8.1 Age Limitation

Our Platform and services are not directed to children under the age of 18 years. We do not knowingly collect, store, or process personal data of individuals below this age unless explicit consent is provided by a parent or legal guardian and such processing is strictly necessary for providing a specific service.

8.2 Parental or Guardian Consent

If a child under the age of 18 wishes to use our services, the parent or legal guardian must:

  1. Provide verifiable consent before any personal data is collected or processed.
  2. Supervise the child’s usage of the Platform.

8.3 Rights of Parents and Guardians

Parents or guardians may request access to the personal data of their child processed by us, seek correction or deletion of such data at any time and withdraw consent for the continued processing of the child’s data.

8.4 Unintentional Data Collection

If we discover that personal data of a child under 18 years has been collected without the required parental or guardian consent, we will immediately delete or anonymize the data from our systems and notify the concerned parent or guardian of the action taken.

8.5 Security Measures for Children’s Data

In cases where parental consent is obtained, children’s personal data will be processed only for lawful and limited purposes stored securely with enhanced safeguards to prevent unauthorized access, misuse, or disclosure.

By using our Platform, parents and guardians agree to supervise the minor’s activities and ensure that the child’s interaction with our services complies with this Privacy Policy.

9. DATA SECURITY AND RETENTION

We take the protection of your personal data seriously. We have implemented robust technical, administrative, and organizational measures to ensure the security, integrity, and confidentiality of your data in full compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act).

9.1 Breach Response and Notification

In the event of a data breach that is likely to cause harm to users, we will Notify the Data Protection Board of India within the statutory timeframe, Inform affected individuals about the nature of the breach, data compromised, and corrective actions being taken and take immediate remedial actions to mitigate the impact and prevent recurrence.

9.2 Third-Party Security Compliance

All third-party service providers engaged by MHS are contractually obligated to:

  1. Implement industry-standard security measures;
  2. Process data solely for the purposes specified by MHS;
  3. Adhere to the security and privacy obligations consistent with the DPDP Act.

By using our Platform, you acknowledge and agree to the security practices described in this section.

10 . POLICY UPDATES AND NOTIFICATIONS

We reserve the right to update or modify this Privacy Policy at any time to ensure continued compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act), other applicable laws, and best industry practices.

10.1 Circumstances for Updates

This Privacy Policy may be updated under the following circumstances:

  1. Legal or Regulatory Changes: To reflect amendments or new obligations under data protection laws.
  2. Service Enhancements: When we introduce new features, services, or technology that require additional data processing.
  3. Security Enhancements: To strengthen our data protection measures.
  4. Operational Adjustments: To reflect changes in business operations or third-party partnerships.

10.2 Notification to Users

Whenever material changes are made to this Privacy Policy, we will:

  1. Publish the updated Privacy Policy on our website with a “Last Updated” date;
  2. Provide prominent notifications on the Platform;
  3. Send email or in-app notifications to registered users where required.

10.2.1 User Responsibility

It is your responsibility to review this Privacy Policy periodically to stay informed about how we are protecting your data. Continued use of the Platform after the publication of any updated policy constitutes your acceptance of those changes.

10.2.2 Effective Date

All changes will become effective immediately upon publication, unless otherwise specified in the notification. If significant changes impact your rights or the way we process your data, we will seek your consent where required by law.

By continuing to use our Platform, you acknowledge and agree to the latest version of this Privacy Policy and understand that your personal data will be handled in accordance with the most recent terms.

11. CONTACT AND GRIEVANCE REDRESSAL MECHANISM

We value the trust you place in us and are committed to addressing your queries, concerns, or complaints regarding the collection, use, or processing of your personal data. To ensure compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act), we have appointed a Grievance Redressal Officer (GRO) and the details are shared above.

11.1 How to Raise a Grievance

Users may raise grievances by:

  1. Sending an email to the official GRO email address with complete details of the concern;
  2. Providing any relevant supporting documents or screenshots;
  3. Including your registered email ID or phone number for verification purposes.

11.2 Resolution Timelines

  1. Acknowledgment: Within 24 hours of receiving the complaint.
  2. Resolution: Within 15 working days or within the time frame prescribed under applicable law.

11.3 Escalation of Unresolved Issues

If your concern is not resolved satisfactorily, you may escalate the matter to the Data Protection Board of India as per the provisions of the DPDP Act.

By contacting the GRO, you help us maintain transparency and accountability while ensuring your rights and interests are safeguarded.