Privacy policy

PRIVACY POLICY

MINI MISS (hereinafter referred to as “MINI MISS”, “we”, “us”, or “our”) operates an e-commerce platform specializing in the sale of silver jewelry through the domain [https://minimissilver.com/] (the “Website”). MINI MISS is committed to safeguarding the privacy and protection of the personal data of its users, customers, and website visitors (hereinafter referred to as “Users”).

This Privacy Policy is published in compliance with the provisions of Section 43A of the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”). Furthermore, this policy incorporates the standards set forth under the Digital Personal Data Protection Act, 2023 (“DPDP Act”), reflecting our commitment to transparent and accountable data processing within the Indian jurisdiction.

Additionally, where the Website is accessed by individuals located within the European Union (EU) or the European Economic Area (EEA), MINI MISS shall process their personal data in accordance with the requirements of Regulation (EU) 2016/679, known as the General Data Protection Regulation (“GDPR”).

This Privacy Policy sets out the manner in which MINI MISS collects, processes, stores, uses, and discloses personal data, the legal bases for such processing, the rights available to Users under applicable law, and the procedures for exercising such rights or contacting us in relation to our data protection practices.

By accessing or using our website and its subsequent sub-domains, you acknowledge and consent to the practices described in this policy.

1. DEFINITIONS

In this Privacy Policy, the following definitions are used:

  • Personal Data: “Personal Data” means any data about an individual who is identifiable by or in relation to such data, including any data relating to a living individual who is identifiable from such data, either alone or in conjunction with other information that is in the possession of, or is likely to come into the possession of, the Data Fiduciary.
  • Cookies: “Cookies” mean small data files that are placed on your device by our website when you visit or access certain features thereof. Cookies enable the website to store and recall your actions or preferences over a period of time to enhance user experience and functionality.
  • Data: “Data” includes personal information, sensitive personal information, and non-personal information relating to you, which, either directly or indirectly, in combination with other information, may enable your identification when you visit our digital platform or use our services.
  • Data Fiduciary (or Data Controller): “Data Fiduciary” (or “Data Controller”) means any natural or legal person who, either alone or jointly with others, determines the purposes and means of the processing of personal data. For the purposes of this Privacy Policy, MINI MISS acts as the Data Fiduciary of your personal data.
  • Data Processors (or Service Providers): “Data Processor” (or “Service Provider”) means any natural or legal person who processes personal data on behalf of the Data Fiduciary. We may engage the services of various Data Processors (e.g., logistics partners, payment gateways) to process your personal data more efficiently.
  • Data Principal (or Data Subject): “Data Principal” (or “Data Subject”) means the individual to whom the Personal Data relates. In the context of this Website, the User is the Data Principal.
  • Processing: “Processing” means any operation or set of operations performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure, dissemination, alignment or combination, restriction, erasure, or destruction.
  • Third-Party: “Third Party” means any natural or legal person, public authority, agency, or body other than the Data Principal, Data Fiduciary, Data Processor, and persons who, under the direct authority of the Data Fiduciary or Data Processor, are authorized to process personal data.
  • User: “The User” means the individual who accesses or uses our Service and corresponds to the Data Principal to whom the Personal Data pertains.
  • Data Protection Laws: The Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. This also includes the Digital Personal Data Protection Act, 2023. For EU/EEA users, the General Data Protection Regulation (GDPR) applies where relevant.
  • Sensitive Personal Data or Information (SPDI): Data including passwords, financial information (e.g., credit/debit card details, bank account numbers), biometric data, or other sensitive information, as defined under Rule 3 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.
  • This Website: “This Website” means the platform ([Insert Website URL]) through which the User’s Personal Data is collected, processed, and managed.
  • Service: “Service” means the website, e-commerce platform, or any other digital service provided by MINI MISS to the User.

2. INFORMATION COLLECTED FROM USERS

We collect various categories of information to enhance your jewelry shopping experience and continuously improve our services.

Personal Data

While using our Service, we may request that you provide certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Such Personal Data may include, but is not limited to, your name, email address, postal address, state, province, ZIP/postal code, city, cookies, and usage data.

In addition to Personal Data, we may collect Sensitive Personal Data or Information (SPDI), such as financial information (e.g., payment instrument details) and account passwords, when you place orders for jewelry or create a secure account on our Website. We collect SPDI only with your prior written consent (e.g., via Website forms or clear affirmative checkboxes), in compliance with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the DPDP Act, 2023. You may withhold consent; however, this may limit your access to specific services, such as completing online payments or accessing personalized account features.

Where you opt to utilize our Cash on Delivery (COD) payment facility, financial data is not collected at the time of checkout. However, in the event of a product return, cancellation, or fulfillment failure requiring a refund for a COD order, we are unable to disburse cash refunds. Consequently, we will explicitly request your Bank Account details, IFSC Code, or UPI ID post-transaction. This specific financial data is collected strictly for the singular purpose of executing the refund (Purpose Limitation) and shall not be retained beyond the period necessary to complete the financial reconciliation and comply with applicable tax and audit laws.

We may use your Personal Data to communicate with you regarding newsletters, marketing or promotional materials, and other information related to our jewelry collections that may be of interest to you. You have the right to opt-out of receiving such communications at any time by following the “unsubscribe” link or instructions provided in any correspondence from us.

Voluntary Disclosure and PII

Providing Personal Data is voluntary. However, you may choose not to provide such information by refraining from using the Website or specific features that require such data. The Website may collect various types of Personally Identifiable Information (“PII”). With your consent, the PII we collect may include your name, date of birth, anniversary dates (for personalized gifting reminders), email address, mailing address, and phone number. We collect only such PII that is necessary and relevant to the jewelry services we provide, such as order fulfillment, responding to inquiries, or managing loyalty programs.

Usage Data

We may also collect information relating to your use of the Website and Service (“Usage Data”), which may include, without limitation:

  • The date, time, frequency, and duration of your access;
  • Your geographical location and usage preferences;
  • Purchasing patterns and interactions with specific jewelry categories;
  • Pages visited, time spent thereon, and navigation paths;
  • Device information (browser type, operating system, IP address, and unique device identifiers).

Such information may be aggregated and analyzed, including through third-party consultants, to improve the functionality of our website, optimize our jewelry catalog, and follow up on abandoned transactions (carts). We may disclose such information to third parties, including advertising partners, for these legitimate business purposes.

Tracking & Cookies Data

We utilize “Cookies” and similar tracking technologies to enhance your interaction with our website. Cookies are alphanumeric identifiers placed on your device that enable MINI MISS, along with our third-party partners, to:

  • Recognize your return visits and recall your jewelry preferences;
  • Customize the Service to your specific needs;
  • Personalize content and advertisements to enhance your user experience.

Cookies may also be utilized to monitor usage patterns, record registration details, and track specific jewelry items you view. While most internet browsers allow you to block or delete cookies, please be aware that disabling them may impair the functionality of certain features on our website, such as the shopping cart or personalized recommendations.

Data Rights and Correction

We will retain access to any PII you provide for as long as it remains in a readily accessible format and is necessary for the purposes outlined. You have the right to request the correction of any inaccuracies in your PII. If you wish to access, correct, or request the complete removal of your PII from our systems, please submit your request via email to care@minimiss.com.

Social Media Integration

We may collect information from third-party social networking platforms (e.g., Instagram, Facebook) when you use your social credentials to opt-in to our Services. The scope of information provided depends on your privacy settings on those platforms. We encourage you to review and manage your privacy preferences directly with the relevant social networking service.

3. MODE AND PLACE OF PROCESSING THE DATA

Methods of Processing

MINI MISS (the “Data Fiduciary”) implements stringent technical and organizational security measures to safeguard against unauthorized access, disclosure, alteration, or unlawful destruction of the Data. Data processing is conducted through the use of secure computer systems and IT-enabled tools, strictly in accordance with established organizational protocols and solely for the purposes specified within this Privacy Policy.

We employ industry-standard encryption, firewalls, and access control lists to ensure that your information remains confidential. Processing is performed primarily via automated means to facilitate order fulfillment, payment verification, and logistics tracking.

Access to Data

In addition to the Data Fiduciary, access to the Data may be granted to certain authorized personnel involved in the operation of the Website. This includes, but is not limited to, personnel from the following departments:

  • Administration & Management: For oversight of business operations;
  • Sales & Logistics: For the processing and dispatch of silver jewelry orders;
  • Marketing: For the management of newsletters and personalized promotional campaigns;
  • Legal & Compliance: For grievance redressal and statutory adherence;
  • System Administration: For the maintenance and security of the digital infrastructure.

Disclosure to External Third Parties

Furthermore, the Data may be disclosed to external third-party service providers who act as Data Processors on behalf of MINI MISS. These parties are contractually bound to process data only under our instructions and in compliance with applicable data protection laws. Such third parties include:

  • Technical Service Providers: For website maintenance and security auditing;
  • Logistics & Mail Carriers: (e.g., BlueDart, Delhivery) for the physical delivery of jewelry products. In cases involving Cash on Delivery (COD) orders, these logistics partners concurrently act as our authorized collection agents. Your Personally Identifiable Information specifically your name, delivery address, phone number, and order invoice value is shared with them to facilitate the physical delivery, collect the cash payment on our behalf, and remit the funds securely.
  • Hosting Providers: (e.g., Shopify) for the maintenance of our e-commerce platform and databases;
  • IT & Communication Agencies: For managing customer support channels, SMS gateways, and email communications.

A list of specific Data Processors may be requested from the Data Fiduciary at any time by contacting the Grievance Officer.

4. PLACE OF DATA PROCESSING AND INTERNATIONAL DATA TRANSFERS

The processing of Personal Data is carried out at the Data Fiduciary’s principal place of business and at such other locations where the parties involved in the processing such as authorized personnel or third-party service providers are situated.

Depending on the User’s geographic location, the processing of Personal Data may involve the transfer of such data to a country other than the User’s country of residence. For further details regarding the specific locations where Personal Data is processed or transferred (including the use of globally distributed cloud servers provided by Shopify and Google), Users are encouraged to refer to the relevant sections of this Privacy Policy.

Users also have the right to obtain information regarding the legal basis for any transfer of Personal Data to a country outside their jurisdiction, including any transfer made to an international organization governed by public international law (e.g., the United Nations) or established by two or more countries. MINI MISS shall also provide information regarding the safeguards implemented to ensure the lawful and secure transfer of such Data in accordance with applicable data protection laws, including the use of Standard Contractual Clauses (SCCs) and adherence to the restricted list of jurisdictions provided by the Government of India under the DPDP Act.

If any such international transfer occurs, Users may obtain additional information by reviewing the appropriate sections of this Privacy Policy or by contacting the Data Fiduciary through the contact details provided herein.

5. PURPOSE OF PROCESSING DATA

The Personal Data relating to the User may be collected, stored, processed, and used by MINI MISS for one or more of the following purposes:

i. Order Processing: To facilitate the processing, payment, delivery, and fulfillment of silver jewelry product and/or service orders placed by the User, including ring sizing and bespoke engravings.

ii. Customer Support: To address and respond to User inquiries, grievances, jewelry repair/warranty support requests, and other transactional communications.

iii. Personalization: To customize the User’s experience on the website, including providing jewelry product recommendations, promotional offers, and remembering User preferences such as metal choice or stone type.

iv. Service Improvement: To analyze usage trends, evaluate the effectiveness of the digital storefront, develop new features, and enhance the functionality and performance of the website.

v. Marketing and Communications: To send marketing communications, newsletters, updates, promotional content, and event information regarding new silver collections. The User may opt out of such communications at any time.

vi. Security and Fraud Prevention: To detect, prevent, and mitigate fraudulent jewelry transactions, unauthorized access, and other unlawful or harmful conduct on the platform.

vii. Contractual Obligations: To perform obligations and exercise rights arising out of any contract entered into between the User and MINI MISS for the sale of silver jewelry.

viii. Third-Party Sharing: To process, disclose, transmit, and/or share Data with third parties with whom MINI MISS has lawful business or contractual relationships, subject to applicable data protection laws.

ix. Loyalty Programs: In connection with the administration and operation of loyalty, reward, or “Silver Membership” programs established and maintained by MINI MISS.

x. User Communication: To communicate with the User, including responding to feedback, claims, disputes, and for customizing and improving user interactions with the boutique services.

xi. Terms Enforcement: To enforce the terms of use or any other legal agreements governing the use of the website and the purchase of jewelry.

xii. Risk Management: To protect against and prevent fraud, unlawful activity, harm, financial loss, and to address other legal, operational, and information security risks.

xiii. Statutory Compliance: To comply with applicable laws and regulations, and to fulfill legal obligations imposed on MINI MISS, including GST reporting and Income Tax Act requirements.

xiv. Additional Purposes: For any other purpose that is made known to the User at the time of data collection and for which the User has provided explicit or implied consent, or as otherwise permitted or required under applicable law.

xv. Cash on Delivery (COD) Risk Assessment: To analyze usage data, address locational metrics, and conduct automated or manual risk assessments prior to approving a Cash on Delivery (COD) option at checkout. This processing is essential to mitigate the commercial risks associated with Return to Origin (RTO) and to verify user identity (e.g., via OTP verification) to prevent fraudulent order placements.

xvi. Refund Execution: To process financial data (Bank Account/UPI details) subsequently provided by the User strictly for the purpose of executing refunds originating from Cash on Delivery (COD) returns or cancellations.

To the extent required under applicable data protection laws, any inferences drawn from the information collected shall be treated as Personal Information or Sensitive Personal Information, as the case may be. We undertake to ensure that your Personal Information shall not be processed in any manner incompatible with the purposes for which it was collected.

6. RETENTION OF DATA

The Personal Data of Users shall be processed and retained only for such duration as is necessary to fulfill the purposes for which it was collected and as required under applicable law. Accordingly:

  • Contractual Fulfillment: Personal Data collected for the purpose of fulfilling a contract or pre-contractual obligations (e.g., jewelry orders) between MINI MISS and the User shall be retained until such contract has been fully performed and all related obligations (including warranty and return periods) have been discharged.
  • Legitimate Interests: Personal Data collected in furtherance of the Data Fiduciary’s legitimate interests (e.g., website analytics or fraud logs) shall be retained for such period as is necessary to achieve the underlying purpose, unless such interests are overridden by the rights and freedoms of the User.

Where the processing is based on the User’s consent (e.g., for marketing and newsletters), MINI MISS may retain such Personal Data for a longer duration, unless and until such consent is withdrawn. Notwithstanding the foregoing, we may also be obligated to retain Personal Data for a longer period where required by applicable law, a legal obligation, or pursuant to an order from a competent authority (such as tax audits or legal disputes).

Upon expiration of the applicable retention period, or once the purpose for which the Data was collected has been fulfilled, whichever is later, the Personal Data shall be securely deleted or anonymized. Consequently, after the expiration of the retention period, the User’s rights to access, rectification, erasure, and data portability may no longer be exercised in respect of such deleted data.

7. TRANSFER OF DATA

Your information, including Personal Data, may be transferred to, and maintained on, servers or databases located outside your state, province, country, or other governmental jurisdiction where the data protection laws may differ from those of your specific jurisdiction.

By submitting your Personal Data and using the Website or any of the jewelry-related Services provided by MINI MISS, you expressly consent to such transfer. MINI MISS (the “Data Fiduciary”) shall take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and applicable Data Protection Laws. No transfer of your Personal Data shall take place to an entity, organization, or jurisdiction unless adequate safeguards are implemented, including appropriate technical and organizational security measures to protect the integrity of your data and ensure its absolute confidentiality.

Where necessary to facilitate our business operations, we may engage third-party service providers (“Data Processors”) to support our Services. These functions include, but are not limited to, billing and payment processing, digital marketing and remarketing services, customer support, logistics and delivery (e.g., courier partners for silver jewelry dispatch), website analytics, or IT infrastructure support. In doing so, we may disclose Personal Data or Non-Personal Data to such third-party providers solely to the extent necessary for them to provide the contracted services. Such disclosure is strictly subject to appropriate contractual obligations of confidentiality and data protection, ensuring they provide a level of security equivalent to our own.

If any third-party provider (such as an independent payment gateway or a social media login provider) directly handles billing, payment, or any other service independently of our platform, the collection, use, and processing of your Personal Data by such third party shall be governed by its own terms of service and privacy policy. MINI MISS shall not be held responsible for the data handling practices, security protocols, or privacy breaches of such independent third parties.

We further reserve the right, and you hereby expressly authorize us, to disclose your Personal Data where such disclosure is deemed necessary, in our sole discretion, to:

i. Compliance: Comply with any legal obligation, statutory regulation, or judicial or governmental order, including lawful requests by public authorities or law enforcement agencies;

ii. Enforcement: Enforce the terms and conditions governing the use of the Website or any Service agreements;

iii. Investigation: Investigate, prevent, or take action against illegal activities, suspected fraud (including fraudulent jewelry transactions), threats to the safety or rights of any person or property, or violations of our internal policies;

iv. Protection: Protect the rights, property, or safety of MINI MISS, our Users, or third parties.

In such instances, MINI MISS shall not be under any obligation to notify the User regarding the disclosure, particularly where such notice is prohibited by law, where it would impede a criminal investigation, or where the disclosure is made in response to a lawful request by a competent authority.

8. SECURITY OF DATA

MINI MISS implements appropriate technical and organizational security measures, consistent with industry standards and the requirements of the Information Technology Act, 2000 and the DPDP Act, 2023, to safeguard the confidentiality, integrity, and availability of your Personal Data. These measures are designed to protect your information against unauthorized access, disclosure, alteration, accidental loss, destruction, or misuse.

Our security framework includes, but is not limited to:

  • Encryption: Use of Secure Socket Layer (SSL) technology and industry-standard encryption for data at rest and in transit, particularly for transactional data.
  • Access Control: Access to Personal Data is strictly controlled and limited to authorized personnel and designated Data Processors on a “need-to-know” basis. All authorized individuals are bound by strict contractual confidentiality obligations.
  • Audit and Monitoring: Regular security audits and vulnerability assessments to ensure our systems remain resilient against emerging digital threats.

Data Breach Notification

In the event you suspect any unauthorized use, access, or disclosure of your Personal Data, or believe that a data breach may have occurred, you are urged to notify us immediately at care@minimiss.com. Prompt notification is essential so that we may take appropriate remedial action without delay, including notifying the relevant regulatory authorities if required by law.

Retention and Disposal

As outlined in previous sections of this policy, Personal Data shall be retained only for such period as is necessary to fulfill the purposes for which it was collected, or to comply with applicable legal, regulatory, contractual, or business requirements. Upon the conclusion of the retention period, MINI MISS ensures that such data is securely deleted or anonymized to prevent further identification of the User.

9. LEGAL BASIS FOR PROCESSING PERSONAL DATA

The processing of your Personal Data, including Sensitive Personal Data or Information (“SPDI”), by MINI MISS (the “Company” or “Data Fiduciary”) is conducted in accordance with the applicable provisions of the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”), and the Digital Personal Data Protection Act, 2023 (“DPDP Act”).

In the case of individuals located within the European Union (EU) or European Economic Area (EEA), such processing is carried out in compliance with the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”).

All processing activities are undertaken lawfully, based on one or more of the following legal grounds, as applicable to our silver jewelry e-commerce operations:

  • Performance of a Contract: Processing is necessary for the performance of a purchase agreement or contract to which you are a party (e.g., fulfilling an order for silver jewelry, processing a return, or managing a warranty claim), or to take steps at your request prior to entering into such a contract.
  • Consent: You have provided clear, informed, and explicit consent for the processing of your Personal Data for one or more specific purposes (e.g., subscribing to our newsletter, participating in a loyalty program, or allowing marketing cookies). You retain the absolute right to withdraw such consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
  • Legitimate Interests: Processing is necessary for the purposes of the legitimate interests pursued by MINI MISS or by a third party. This includes, but is not limited to, optimizing website performance, preventing fraudulent transactions, conducting risk profiling to determine eligibility for Cash on Delivery (COD) orders to prevent excessive Return to Origin (RTO) losses, conducting market research to improve our jewelry collections, and ensuring the security of our digital infrastructure, except where such interests are overridden by your fundamental rights and freedoms.
  • Compliance with Legal Obligations: Processing is necessary for compliance with a legal or statutory obligation to which MINI MISS is subject under Indian law (e.g., GST reporting, income tax maintenance, or responding to lawful summons) or applicable EU laws for international users.
  • Payment Processing: Processing is necessary to facilitate, manage, and verify payment-related activities in connection with the jewelry services provided. This ensures transactional integrity and protects both the Company and the User from financial risk.

Where the processing of Personal Data is based on legitimate interest or consent, you may contact the Company to obtain further information regarding the specific legitimate interest pursued or the nature of the consent granted.

10. DATA PROTECTION RIGHTS

MINI MISS is committed to protecting your data rights under Indian laws and, for EU/EEA users, the General Data Protection Regulation (GDPR). Below are your rights, categorized by the applicable legal frameworks:

Rights under Indian Law

Pursuant to the Digital Personal Data Protection Act, 2023 (“DPDP Act”) and Rule 5 of the SPDI Rules, Users (referred to as “Data Principals” under the DPDP Act) whose Personal Data or Sensitive Personal Data or Information (“SPDI”) is processed by the Company shall be entitled to the following rights:

I. Right to Information and Access: The right to obtain confirmation as to whether the Company is processing your data, a summary of the Personal Data currently held, and the identities of third parties with whom such data has been shared.

II. Right to Correction and Completion: The right to request the correction of inaccurate or misleading data, the completion of incomplete data, and the updating of out-of-date information.

III. Right to Erasure: The right to request the deletion of your Personal Data once the purpose for its collection has been fulfilled or upon the withdrawal of your consent, subject to statutory retention requirements (e.g., tax or audit laws).

IV. Right to Nominate: The right to nominate any individual to exercise your data rights on your behalf in the event of death or incapacity.

V. Right to Withdraw Consent: The right to withdraw consent for data processing at any time. Withdrawal shall be as accessible and seamless as the process of providing consent.

To exercise these rights, Users may submit a written request to the Grievance Officer at:

Email: privacy@minimiss.com

The Company shall acknowledge the receipt of such requests within 72 (seventy-two) hours and shall endeavor to provide a substantive response or resolution within 30 (thirty) days, in accordance with the timelines prescribed under the DPDP Rules.

Rights under the GDPR (Applicable to EU/EEA Users)

Where the processing of Personal Data pertains to individuals located within the EU or EEA, such processing shall be conducted in compliance with the GDPR. Subject to the conditions set forth therein, Data Subjects are entitled to:

  • Right of Access: Confirmation of processing and access to the Personal Data held.
  • Right to Rectification: Correction of inaccurate or incomplete data.
  • Right to Erasure (“Right to be Forgotten”): Deletion of data under Article 17 of the GDPR.
  • Right to Restriction of Processing: Limiting data use where accuracy is contested or processing is unlawful.
  • Right to Data Portability: Receiving your data in a structured, machine-readable format to transmit to another controller.
  • Right to Object: Objecting to processing based on legitimate interests or direct marketing.
  • Right to Withdraw Consent: Withdrawing consent at any time for consent-based processing.

EU/EEA Data Subjects may submit their requests to: privacy@minimiss.com. We may request identity verification before acting upon such requests and will respond within 30 (thirty) days.

Complaints and Regulatory Redress

  • Indian Users: If a grievance remains unresolved by our Grievance Officer, Users have the right to escalate the matter to the Data Protection Board of India (DPBI) as per Section 13 of the DPDP Act.
  • EU/EEA Users: Data Subjects have the right to lodge a complaint with their local Supervisory Authority in the member state of their residence or place of work.

11. SERVICE PROVIDERS

MINI MISS may engage third-party companies and individuals (“Service Providers”) to facilitate, operate, provide, or support our Service. These Service Providers may perform various functions on our behalf, including but not limited to delivering the Service (logistics and order fulfillment), providing customer support, conducting data analysis to optimize our silver collections, and assisting with targeted marketing and remarketing efforts.

Such Service Providers are granted access to your Personal Data solely to the extent necessary to perform their designated tasks on our behalf. They are contractually obligated to maintain the confidentiality and security of your Personal Data and are strictly prohibited from using or disclosing such data for any purposes other than those explicitly authorized by us. We conduct periodic due diligence on our Service Providers to ensure their security practices meet the “Reasonable Security” standards mandated by the DPDP Act 2023 and SPDI Rules.

12. PLATFORM SERVICES AND HOSTING

These services have the purpose of hosting and running key components of this Website, therefore allowing the provision of this Website from within a unified platform (such as Shopify or equivalent e-commerce infrastructures). Such platforms provide a wide range of tools to MINI MISS e.g., website analytics, user registration, commenting features, database management, e-commerce checkout, and payment processing that necessarily imply the collection and handling of Personal Data.

Some of these services work through geographically distributed servers across various global jurisdictions (including the US and Singapore), making it difficult to determine the actual physical location where the Personal Data is stored at any given moment. However, all such hosting services are managed under strict data processing agreements to ensure that your information is protected regardless of its physical location.

13. USER DATABASE MANAGEMENT

This type of service allows MINI MISS to build comprehensive user profiles by starting from an email address, a personal name, or other information that the User provides to this Website, as well as to track User activities through advanced analytics features. This Personal Data may also be matched with publicly available information about the User (such as social networking profiles or public professional data) and used to build private profiles that the Company can display and use for improving this Website and personalizing jewelry recommendations.

Some of these services may also enable the sending of timed and automated messages to the User, such as emails based on specific actions performed on this Website (e.g., abandoned cart reminders, birthday greetings, or anniversary-specific silver jewelry offers).

14. POLICY AMENDMENTS

MINI MISS reserves the right to change, modify, or update this Privacy Policy as it may deem necessary from time to time or as may be required by changes in law (such as new rules notified under the DPDP Act). Any changes will be immediately posted on the Website, and the “Last Updated” date at the top of the policy will be modified accordingly.

You are deemed to have accepted the terms of the updated Privacy Policy on your first use of the Website following the publication of the amendments. We encourage you to review this Privacy Policy frequently to remain informed of how we are protecting your information. For significant changes that alter the “Purpose of Processing,” we may seek your refreshed consent as required by law.

15. SEVERABILITY

If any court or competent authority finds that any provision of this Privacy Policy (or part of any provision) is invalid, illegal, or unenforceable, that specific provision or part-provision will, to the extent required, be deemed to be deleted. The validity, legality, and enforceability of the other provisions of this Privacy Policy will not be affected, and they shall remain in full force and effect.

16. GRIEVANCE OFFICER

In accordance with Rule 5(9) of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023, any complaints, concerns, or grievances relating to the collection, processing, storage, use, or disclosure of Personal Data or Sensitive Personal Data or Information (SPDI) may be addressed to the Company’s designated Grievance Officer at the contact details provided below.

The Grievance Officer shall acknowledge the receipt of any complaint or grievance within 72 (seventy-two) hours and shall endeavor to redress the grievances expeditiously, within a maximum period of 30 (thirty) days from the date of receipt of the grievance, in compliance with applicable statutory timelines.

Grievance Officer Details:

  • Name: [Insert Name of the Officer]
  • Email: privacy@minimiss.com / info@minimissilver.com
  • Phone: [Insert Contact Number]
  • Address: Shop No 15, First Floor, Heritage Tower, Nehru Nagar, MG ROAD, Agra, Agra, Uttar Pradesh, 282002