This Privacy Policy is compliant with the Digital Personal Data Protection Act, 2023 (DPDPA) (as in effect and operationalised from 2026) and all applicable rules thereunder. This Policy describes how Forty Eight ('we', 'us', 'our', the 'Data Fiduciary') collects, uses, stores, and protects your personal data when you interact with us through our website, social media channels, or any other communication medium.
1. Data We Collect
1.1 We collect the following categories of personal data solely for the purposes of processing and fulfilling your order and providing you with relevant communications about your purchase:
Identity Data: Full name
Contact Data: Email address, mobile number
Address Data: Shipping address and billing address
Transaction Data: Order details, product specifications, payment confirmation references (we do not store card or bank details)
Communication Data: Any correspondence you share with us via email, WhatsApp, or social media in connection with your order or enquiry
1.2 We do not collect sensitive personal data (as defined under the DPDPA) and do not solicit financial credentials, government identification numbers, or biometric information.
2. Purpose of Processing
2.1 Your personal data is processed for the following lawful purposes:
2.1.1 Order Fulfilment: To process, confirm, and dispatch your order; to communicate dispatch and tracking details.
2.1.2 Customer Communication: To respond to enquiries, provide updates on production timelines, and resolve any post-delivery concerns.
2.1.3 Marketing Communications: To send you updates about new collections, limited releases, or design insights, only where you have provided your explicit consent. You may withdraw consent at any time.
2.1.4 Legal Compliance: To comply with applicable laws and regulatory requirements.
2.2 We do not sell, rent, or trade your personal data to third parties for their own marketing purposes.
3. Data Sharing
3.1 Your personal data is shared only with the following essential third parties, strictly for the purpose of order fulfilment:
3.1.1 Logistics and Courier Partners: Your name, contact number, and delivery address are shared with our logistics partners solely for the purpose of delivering your order.
3.1.2 Payment Gateway Providers: Payment processing is handled by regulated third-party payment gateways. We do not receive or retain your card details. Please refer to the privacy policy of the relevant payment gateway for their data practices.
3.2 We do not share your personal data with artisan communities, craft centres, or any other third party for commercial purposes.
4. Data Retention
4.1 We retain your personal data only for as long as is necessary for the purpose for which it was collected, or as required by applicable law.
4.2 Order-related data (including name, address, and transaction records) will be retained for a minimum period of 7 years to comply with applicable tax and accounting regulations.
4.3 Marketing data (email or contact for promotional updates) will be retained until you withdraw your consent or request erasure.
5. Your Rights as a Data Principal
Under the Digital Personal Data Protection Act, 2023, you have the following rights with respect to your personal data:
5.1 Right to Access: You may request a summary of the personal data we hold about you.
5.2 Right to Correction: You may request correction of any inaccurate or incomplete personal data.
5.3 Right to Erasure: You may request deletion of your personal data, subject to any overriding legal obligations (e.g., mandatory retention for tax compliance).
5.4 Right to Withdraw Consent: Where processing is based on your consent, you may withdraw it at any time. Withdrawal of consent will not affect the lawfulness of processing prior to withdrawal.
5.5 Right to Grievance Redressal: You have the right to raise a grievance with our designated Grievance Officer (see Section 7 below).
To exercise any of the above rights, please write to us at beyondfortyeight@gmail.com. We will respond to your request within the timeframe prescribed under applicable law.
6. Data Security
6.1 We implement industry-standard technical and organisational security measures to protect your personal data against unauthorised access, loss, alteration, or disclosure.
6.2 Access to personal data within our organisation is strictly limited to those individuals who require it for the purposes described in this Policy.
6.3 Notwithstanding the above, no data transmission over the internet or electronic storage system is 100% secure. We cannot guarantee absolute security, but we commit to taking all commercially reasonable steps to protect your data.
7. Grievance Officer
In accordance with the Digital Personal Data Protection Act, 2023, and the Information Technology Act, 2000, Forty Eight designates the following Grievance Officer for all data-related concerns:
Name: Akanksha Chopra
Designation: Co-Founder
Email: beyondfortyeight@gmail.com
Response Time: Within 48 hours of receipt of written complaint
If you are not satisfied with our response, you may escalate your concern to the Data Protection Board of India once it is operationally constituted, as provided under the DPDPA.
8. Cookies & Tracking Technologies
8.1 What Are Cookies
Cookies are small data files stored on your device when you visit our website. They help us provide a better browsing experience and understand how visitors interact with our content.
8.2 Types of Cookies We Use
8.2.1 Strictly Necessary Cookies: Essential for the operation of our website, including maintaining your session and cart. These cannot be disabled.
8.2.2 Performance & Analytics Cookies: Help us understand how visitors navigate our website so we can improve content and functionality. Activated only with your consent.
8.2.3 Marketing Cookies: Used to serve relevant advertisements and track the effectiveness of our promotional campaigns. Activated only with your explicit consent.
8.3 Your Cookie Choices
On your first visit to our website, you will be presented with a cookie consent banner. You may accept all cookies, accept only necessary cookies, or manage your preferences individually. You may also modify or withdraw your cookie consent at any time via the cookie settings link in our website footer, or by adjusting your browser settings.
9. Children's Privacy
Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that personal data of a minor has been collected without appropriate consent, we will take immediate steps to delete such data.
10. Updates to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. Any material changes will be communicated via our website with a revised effective date. We encourage you to review this Policy periodically.
10. Updates to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. Any material changes will be communicated via our website with a revised effective date. We encourage you to review this Policy periodically.