Privacy Policy
1. About this Policy
1.1. Mahina is a division of Eicher Goodearth Private Limited (hereinafter referred to as “Company, We, Our, Us”) is incorporated and registered under the Companies Act, 1956, having CIN U35122DL2007PTC400898 and registered office at 3rd Floor, Select City Walk A-3 District Centre, Saket, New Delhi, New Delhi, Delhi, India, 110017.
1.2. The Company operates and manages a website i.e. https://mahina.co/ (hereinafter referred to as “Platform”) to provide women’s menstrual management and health products (hereinafter referred to as “Services”) to its Users.
1.3. The Company is committed to protect the privacy of its Users. This Privacy Policy (hereinafter referred to as “Policy”) serves as a Privacy Notice for the Platform and the Services provided under it. As a User You may visit and/or browse the Platform, purchase the Products and Services, enquire and/or avail any other ancillary services from the Platform. To facilitate the use of these Services, We shall ask Your Consent before processing Your Personal Information (PI).
2. Scope and Applicability
2.1. This Policy is published and shall be construed in accordance with the provisions of the Digital Personal Data Protection Act, 2023 and Rules thereunder (hereinafter referred to as the “DPDP Act”) and the Information Technology Act, 2000 and Rules thereunder and other applicable laws enacted from time to time (hereinafter collectively referred to as the “Applicable Laws”).
2.2 This Policy applies to Personal Information that We collect and/or receive from:
a. Visitors to the Platform;
b. Customers who purchase and use Platform Services.
c. Users who communicate with Us through the Platform
2.3. The Policy does not apply to any aggregated or de-identified data that cannot be reasonably re-identified.
2.4. This Policy should be read in conjunction with the Terms of Use/Terms and Conditions, any specific Notices, Consent requests, or disclosures provided at the time of collection of PI.
2.5. This Policy may be revised and updated from time to time to reflect changes in our data collection and processing practices, or to comply with applicable legal and regulatory requirements.
3. Definitions
3.1 Account means the online account registered by You/ User and includes any profiles, pages, handles, email address, mobile number and other similar presences by means of which You are able to access the Platform or use any of its Services
3.2 Cookies are small files that are placed on Your computer, mobile device or any other device by a website, containing the details of Your browsing history on that website among its many uses.
3.3 Consent means an affirmative action signifying Your agreement to the processing of Your Personal Information.
3.4 Data Fiduciary means any entity who alone or in conjunction with other people determines the purpose and means of processing of PI.
3.5 Data Processor means any entity who processes PI on behalf of a Data Fiduciary
3.6 Lawful Guardian shall mean an individual who is legally appointed to provide Consent on behalf of a Minor or a Person with Disability.
3.7 Child/Minor/Children shall mean any person below the age of 18 years.
3.8 Notice refers to any written or electronic communication, including this Privacy Policy, by which We inform Users of the nature, purpose, legal basis, and conditions of processing of their PI in compliance with the Applicable Laws.
3.9 Platform refers to the website i.e. https://mahina.co/
3.10 Personal Information/PI includes any information or set of information, whether alone or in combination with other Personal Information which is sufficient to identify the User.
3.11 Service (s) refers to the products and/or services provided through the Platform and as mentioned in the Terms of Use
3.12 Service Provider refers to any third-party legal entity/company or individuals, whether located in India or abroad, who provide Services and processes PI on Our behalf, including but not limited to website management, information technology, customer service, email delivery and auditing
3.13 Usage Data refers to data generated using the Services on the Platform.
3.14 User/Consumer/Visitor/You/Your means the individual accessing/viewing/purchasing the Products or using the Service, or the company/corporate entity, or other legal entity on behalf of which such individual is accessing, viewing, purchasing the products or using the service, as applicable.
4. Notice at the time of collection of PI
4.1 At the time of collection of Your PI, the Company shall provide You with a clear and accessible Notice specifying:
a. The PI proposed to be collected
b. The purpose(s) for which such PI is collected and processed;
c. The manner in which Consent may be withdrawn, wherever applicable;
d. The consequences of withdrawal of Consent;
e. The manner in which the Data Principal may exercise their rights under the DPDP Act; and
f. The details of the grievance redressal mechanism
4.2 Such Notice shall be provided through this Policy, supplemented by contextual Notices, depending on the nature of interaction with the Data Principals.
When do we need to Collect and Process Your PI?
The Platform shall process Your PI only for lawful, specified, and explicit purposes. Depending on the nature of Your interaction and activity on the Platform, such processing may include one or more of the following:
-
processing may include one or more of the following:
|
S. No. |
Information Processed |
Purposes for which We seek Your explicit consent |
|
5.1.1. |
At the time of account creation: When You create an Account on Our Platform at the time of registration, We shall require the following information:
|
Account authentication and Access to Services -
Marketing and Promotional Services
Communication Services
Security and Compliance
|
|
5.1.2. |
At the time of browsing the Platform:
Once Your Account is created, We shall record Your Account Activity on Our Servers. To learn more, kindly refer Our Cookie Policy |
|
|
5.1.3. |
|
|
|
5.1.4. |
At the time of checkout: Before completing the purchase, We shall process the following information –
**Please note that all payments made through our Platform are routed through a third-party payment gateway i.e. RazorPay and Easebuzz. We do not store any payment or card related information |
|
|
5.1.5. |
User Reviews/Testimonials:You may upload any images or videos on Our Platform while submitting a review, . |
To submit written reviews and photographs of the products |
|
5.1.6. |
Referral and Loyalty: We may offer referral programs that allow You to invite friends and family to use Our Services. To facilitate this program, We shall process PI such as _Name, Email address, Social Media account _________about the referred individual only after obtaining the explicit consent of the referred individual, in accordance with Applicable Data Protection Laws. In addition, We may also offer loyalty points for certain activities, such as submitting reviews, sharing pictures or videos for which we process Your registered PI such as Name, Mobile Number and Email address. |
|
6. Personalization of Services
6.1 To enhance Your experience on the Platform We may deliver personalized notifications, nudges, and messages, including reminders or prompts based on Your indicated interests and preferences.
6.2 We may process Your PI to conduct social studies or surveys based on Your choices and preferences, product specifications and health information in order to generate insights, predictions, or suggestions that help improve the Platform and enhance User engagement.To read more how information is processed for personalized services, kindly refer Our Cookie Policy at https://mahina.co/pages/cookie-policy
7. Sharing and Disclosure of PI
7.1 The Platform may disclose and/or share Your PI to certain third-parties only for the purposes described in this Policy, on Your request and to fulfill our legal and contractual obligations accordance with the Applicable Laws. The Platform does not sell Your PI or otherwise share it for any monetary consideration with any third-party.
7.2 The third parties engaged by Us to deliver services to You are bound under strict contractual and legal obligations.
7.3 Such disclosures include sharing PI with:
7.3.1 Service providers, vendors, or contractors engaged by the Platform to process Personal Information on its behalf for purposes such as website management, information technology, google analytics, customer service, email delivery auditing and other similar services (Data Processors).Personal information shared with them is limited to the services sought from them.
7.3.2 Affiliates or group entities, where required for internal administrative or operational purposes for specific consented purposes and in the format which maintains the security of the data within its lifetime.
7.3.3 Governmental, judicial, or regulatory authorities, including such regulatory authorities located outside India, where disclosure is required to comply with applicable legal obligations;
7.3.4 In the event, we undergo any merger, acquisition, joint venture, or sale of Our assets, in part or in full, with another company/ entity, or in the unlikely event that We go out of business or enters bankruptcy. Any processing of Your PI would still be subject to the terms of this Privacy Policy. We shall notify You about the same by providing a notice displayed at our Website at least 30 days prior to such change and You shall be provided with an opportunity to opt-out from such sharing and disclosure.
7.4 Where PI is processed by a Data Processor on behalf of the Platform, such processing shall be governed by valid contract that imposes obligations on the Data Processor to process PI only on documented instructions of the Platform and to implement appropriate safeguards.
8. Link to Third-Party Websites
8.1 In order to improve Your web experience, and to offer You products of Your interest, the Platform may provide links which may lead You to business alliance Companies, Our dealers, and other third-party sites, platforms, social media platforms or promotional partners, that are not controlled by Us. Please note that once You leave Our Platform, You will be subjected to the privacy policy of such other websites. Please be aware that the Company is not responsible for the privacy practices of such other sites and platforms. The Company encourages You to read the privacy policies of each and every site that collects Your PI.
-
Our Service Providers include –
|
S. No. |
Data Processor |
Purpose |
Links for Privacy Policies |
|
1. |
Webplanex |
To provide GST-related services |
|
|
2. |
Moengage |
To provide marketing messages on through WhatsApp, SMS or RCS |
|
|
3. |
Shopflow |
To enable checkout services |
|
|
4. |
Nectar |
|
https://www.nectar.com/about/privacy-and-legal/privacy-policy |
|
5. |
Shiprocket |
To deliver products to You |
|
|
6. |
Zoho |
To store information in cloud services |
|
|
7. |
Razorpay |
To facilitate payment for the purchase of products |
9. Consent-Based Processing
9.1 We process your PI only after obtaining Your explicit and informed Consent, unless such processing is otherwise permitted or required under Applicable Laws.
9.2 Where You choose not to provide Consent, or subsequently withdraw Consent, We may be unable to provide certain essential Services, features, or functionalities, including continued access to the Platform that are dependent on such PI. However, withdrawal of Consent shall not affect the lawfulness of any processing of PI carried out prior to the effective date of such withdrawal.
Rights of Data Principals
10.1 When You access or use the Services on our Platform and share your PI with Us, You shall have the following rights:
10.1.1 Right to Withdraw Consent – You have the right to withdraw your consent to the processing of your PI at any time by contacting Us through the details set out herein.
10.1.2 Right to Correction and Updation of PI – You shall have the right to correction, completion and updation of the PI for the processing of which You have given Consent.
10.1.3 Right to Access PI – You have a right to request access to details of categories of PI collected by Us, processing activities undertaken by Us and the identities of all Data Processors with whom Your PI is shared.
10.1.4 Right to Deletion of PI – You have the right to request deletion of Your account and the associated PI processed by Us, subject to the terms of this Privacy Policy and Applicable Laws
10.1.5 Right to Nominate – You have the right to nominate an authorized representative to exercise Your privacy rights on Your behalf.
10.2 To exercise any of Your rights you may contact us on care@mahina.co. While the majority of issues and Your queries will be handled within a period of 7 days, however complex issues may take more time. In such cases we will contact you regarding the nature of Your problem and appropriate next steps within 30 days.
11. Data Storage and Cross-Border Transfer
11.1 This policy governs the processing of PI collected through Our Platform within the territory of India.
11.2 We may store, process, or transfer PI generated through the Platform on servers and systems operated by Our third-party Data Processors, including cloud service providers. Such servers are located within India.
11.3 Our Data Processors are required to implement appropriate technical and organizational security measures, including but not limited to:
11.3.1 Encryption of PI at rest and in-transit;
11.3.2 Role-based and need-to-know access controls;
11.3.3 Audit logging and monitoring;
11.3.4 Data minimization, retention limitation and secure deletion protocols; and
11.3.5 Incident response and breach notification mechanisms
11.4 We remain responsible for the protection of PI processed on Our behalf by third-party Data Processors and take reasonable steps to ensure continued compliance with applicable privacy, confidentiality and information security requirements..
12. Information Security
12.1 We implement reasonable, technical and organizational security measures to protect your PI from unauthorized access, disclosure, alteration, loss or destruction. These measures are designed and implemented in accordance with the Applicable Data Protection Laws, and include without limitation:
12.1.1 Technical measures: Appropriate technical safeguards such as encryption of PI at rest and in transit, access controls, firewalls, secure server infrastructure, malware protection, and regular security updates.
12.1.2 Organizational measures: Organisational safeguards including role based and need to know access controls, employee confidentiality and data protection obligations, information security policies, regular security awareness practices, and incident response and recovery procedures.
12.1.3 Contractual measures: Our Data Processors are required to implement technical and organizational security measures to protect PI including without limitation encryption, pseudonymization, access controls measures, data deletion and retention protocols and process PI solely in accordance with Our documented instructions. We do not permit Our Data Processors to use, disclose, or retain PI for any purpose other than providing services to us, and prohibit onward transfer without Our prior written authorization.
12.2 While we take reasonable and appropriate precautions to safeguard PI, no method of transmission or storage can guarantee absolute security. In the event of any information security incident or personal data breach, we shall take prompt and appropriate remedial steps as required under Applicable Laws, including mitigation of potential harm and compliance with any notification obligations.
13. Retention Policy
13.1 We do not keep Your PI for longer than is necessary that is to say to provide Services of Our Platform, unless We are required to retain such PI to fulfill the legal compliances or obligations as may be required under other applicable laws for the time being in force.
13.2 Upon Your request to delete PI or withdraw consent, We shall cease processing of such PI. However, We shall retain Your PI in anonymized and encrypted form, strictly to the extent necessary to meet legal, regulatory or contractual requirements as per applicable laws.
13.3 Data retained for the above purposes shall be protected using appropriate security measures and shall not be used for any purpose incompatible with the reason for which it is lawfully retained.
13.4 Once the retention period is over, We shall delete Your PI from Our systems as well as from the Systems of Our Data Processors and shall notify You about the same.
13.5 . Deletion of PI
13.5.1 Upon creation of Your Account, We shall retain your PI for as long as Your Account remains active or to provide Services of Our Platform, unless You request for deletion of PI or withdrawal of Consent.
13.5.2 In case Your Account remains in-active for three years, We shall proceed to delete Your PI. However, We shall intimate You about the same at least 48 hours prior to such deletion.
14. Processing of PI belonging to Children or Minor
14.1. The Platform may process PI of Children or Minor only with the verifiable Consent of the parent or a lawful guardian and in accordance with the Applicable Laws.
14.2. The Platform shall take reasonable efforts to verify the age of Children or Minor and, where applicable, the authenticity of the parent or lawful guardian providing Consent, before proceeding to process their PI using such mechanisms proportionate to the nature of the processing.
14.3 The Platform shall not undertake processing of Children’s PI that is likely to cause any detrimental effect on the well-being of a Child, including tracking, behavioral monitoring, or targeted advertising, where such restrictions apply.
15. Grievance Redressal
If You have any questions, comments, or concerns about our Privacy Policy, inquiries, concerns or complaints regarding your PI or this Privacy Policy, You may contact Us or write Us at :
a. Name of the Grievance Officer – Ujala Das
b. Mobile Number – ___+919205995271 ___
c. Email address of Grievance Officer – ujala@mahina.co
d. Platform’s Email address – care@mahina.co
e. Head Office – 18B The Thinkplus workplaces, sector 32, Gurgaon - 122001
f. We shall respond to Your requests within a reasonable timeframe of 48 hours from the receipt of such request. We shall endeavor to resolve your queries or requests within a period of 7 business days. In case where We are unable to process Your request, we shall duly provide You with a justifiable reason for the same.
