GRDO Bharat Bazaar

PRIVACY POLICY

Effective Date: 18 May 2026

Last Updated: 18 May 2026

1. Introduction

Welcome to GRDO Bharat Bazaar, an online e-commerce platform operated by Global Research and Development Organisation (GRDO), a registered Non-Governmental Organisation (NGO) with its principal place of operation at Milan Earth, Rajnagar Extension, Ghaziabad, Uttar Pradesh, India. Our website is accessible at https://grdobharatbazaar.com.

We are committed to protecting the privacy and security of the personal data you share with us. This Privacy Policy explains how we collect, use, store, share, and protect your personal information when you visit our website, create an account, place an order, or interact with our platform in any manner.

This Policy is published in compliance with:

The Information Technology Act, 2000 (IT Act) and the Information Technology (Amendment) Act, 2008
The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules)
The Digital Personal Data Protection Act, 2023 (DPDP Act)
Any other applicable laws and regulations of India

By accessing or using our platform, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of our website.

2. Definitions

For the purpose of this Privacy Policy:

“We”, “Us”, “Our” refers to Global Research and Development Organisation (GRDO) operating GRDO Bharat Bazaar.
“You”, “User”, “Customer” refers to any person who accesses or uses our platform.
“Platform” refers to the website https://grdobharatbazaar.com and any associated mobile applications or services.
“Personal Data” means any data about an individual who is identifiable by or in relation to such data.
“Sensitive Personal Data or Information (SPDI)” includes passwords, financial information such as bank accounts, payment instrument details, and similar sensitive data as defined under the SPDI Rules, 2011.
“Third-Party Seller” refers to any independent seller who lists products on our platform.

3. Information We Collect

3.1 Information You Provide Directly

When you register, place an order, or interact with our platform, we may collect:

Full name
Email address
Mobile number / phone number
Delivery address (including pincode, city, state)
Login credentials (username and password — stored in encrypted form)
Payment information (processed securely via Razorpay; we do not store card/banking details on our servers)
Communication records when you contact our customer support

3.2 Information Collected Automatically

When you visit our website, we may automatically collect:

IP address and approximate location
Browser type and version
Device information (mobile/desktop, operating system)
Pages visited, time spent, and navigation behaviour
Referring URL (the site you visited before ours)
Cookie data and similar tracking technologies (see Section 8)

3.3 Information from Third Parties

We may receive information about you from:

Payment gateway partners (Razorpay) — limited transaction confirmation data
Logistics and delivery partners — delivery status updates
Third-party sellers listed on our platform — product-related interactions

4. How We Use Your Information

We use the personal data collected for the following purposes:

Account & Order Management:

Creating and managing your user account
Processing and fulfilling your orders
Sending order confirmation, shipping updates, and delivery notifications
Managing returns, refunds, and customer grievances

Communication:

Sending transactional emails and SMS related to your orders
Responding to your queries, complaints, and feedback
Sending promotional offers, newsletters, and product recommendations (only with your consent; you may opt out at any time)

Platform Improvement:

Analysing usage patterns to improve website features and user experience
Detecting and preventing fraudulent transactions and security breaches
Conducting internal research and analytics

Legal & Compliance:

Complying with applicable laws, regulations, and court orders
Resolving disputes and enforcing our Terms and Conditions

5. How We Share Your Information

We do not sell, rent, or trade your personal data to any third party. We share your information only in the following limited circumstances:

5.1 With Service Providers:

We share necessary data with trusted service providers who assist us in operating our platform, including:

Razorpay (payment processing) — subject to Razorpay’s own Privacy Policy
Logistics and courier partners — for order delivery (name, address, phone number only)
Cloud hosting and IT service providers — for website infrastructure

5.2 With Third-Party Sellers:

If you purchase a product listed by a third-party seller on our platform, we share your order details (name, delivery address, phone number) with the relevant seller solely for order fulfilment purposes. These sellers are bound by our Seller Agreement and are not permitted to use your data for any other purpose.

5.3 Legal Requirements:

We may disclose your personal data if required to do so by law, governmental authority, court order, or to protect the rights, safety, and property of GRDO Bharat Bazaar, its users, or the public.

5.4 Business Transfer:

In the event of a merger, acquisition, or restructuring of our organisation, your data may be transferred to the successor entity, subject to the same level of privacy protections.

6. Payment Information & Security

All payment transactions on GRDO Bharat Bazaar are processed through Razorpay, a PCI-DSS compliant payment gateway. We do not store your complete credit card, debit card, net banking, or UPI details on our servers.

Razorpay may collect and process your payment information in accordance with its own Privacy Policy, which we encourage you to review at https://razorpay.com/privacy/.

We use SSL (Secure Socket Layer) encryption to protect data transmitted between your browser and our website.

7. Data Retention

We retain your personal data for as long as necessary to fulfil the purposes for which it was collected, including:

Account data: retained for the duration of your account and up to 3 years after account closure
Order and transaction records: retained for 7 years as required under applicable tax and financial regulations (including GST compliance)
Customer support communications: retained for 2 years
Marketing preferences: until you withdraw consent

After the applicable retention period, your personal data is securely deleted or anonymised.

8. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience. Cookies are small text files stored on your device.

Types of cookies we may use:

Essential Cookies: Required for the website to function (e.g., maintaining your shopping cart and login session)
Analytics Cookies: To understand how users interact with our website and improve performance (e.g., Google Analytics, if enabled)
Marketing/Preference Cookies: To deliver relevant content and remember your preferences

You can control or disable cookies through your browser settings. Please note that disabling essential cookies may affect the functionality of our website.

9. Your Rights Under the DPDP Act, 2023

Under the Digital Personal Data Protection Act, 2023, you have the following rights as a Data Principal:

Right to Access: You have the right to obtain information about the personal data we hold about you and how it is being processed.
Right to Correction: You have the right to request correction of inaccurate or incomplete personal data.
Right to Erasure: You have the right to request deletion of your personal data, subject to legal retention obligations.
Right to Grievance Redressal: You have the right to raise a grievance with our Grievance Officer (details in Section 12).
Right to Nominate: You may nominate another individual to exercise your rights on your behalf in the event of your death or incapacity.
Right to Withdraw Consent: Where processing is based on your consent, you may withdraw it at any time. Withdrawal of consent does not affect the lawfulness of processing prior to withdrawal.

To exercise any of these rights, please write to us at globalgrdo@gmail.com with the subject line ‘Privacy Rights Request’. We will respond within 30 days.

10. Children’s Privacy

GRDO Bharat Bazaar is an open platform and does not impose a minimum age restriction for general browsing. However, we take the protection of children’s data seriously.

In accordance with the DPDP Act, 2023, we will not knowingly process personal data of children (below 18 years) without verifiable parental or guardian consent. If we become aware that we have collected personal data of a child without appropriate consent, we will take immediate steps to delete such data.

If you believe a child has provided us with personal data without parental consent, please contact us immediately at globalgrdo@gmail.com.

11. Third-Party Websites and Links

Our platform may contain links to third-party websites, seller pages, or external services. We are not responsible for the privacy practices of such third-party websites. We encourage you to read the privacy policies of every website you visit.

Third-party sellers operating on our platform are independent entities. While we require them to comply with applicable laws, GRDO Bharat Bazaar is not responsible for their independent data handling practices beyond the scope of their activities on our platform.

12. Data Security

We implement reasonable technical and organisational security measures to protect your personal data from unauthorised access, disclosure, alteration, or destruction. These include:

SSL/TLS encryption for all data transmitted to and from our website
Secure and encrypted storage of passwords
Access controls limiting employee access to personal data on a need-to-know basis
Regular review of our information collection, storage, and processing practices

Despite our best efforts, no method of electronic transmission or storage is 100% secure. In the unlikely event of a data breach that is likely to cause harm to you, we will notify you as required by applicable law.

13. Changes to This Privacy Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, legal requirements, or platform features. The updated policy will be posted on this page with a revised ‘Last Updated’ date.

We encourage you to review this Privacy Policy periodically. For material changes, we will notify registered users via email or a prominent notice on our website. Your continued use of the platform after any changes constitutes your acceptance of the revised policy.

14. Governing Law and Jurisdiction

This Privacy Policy is governed by and construed in accordance with the laws of India. Any disputes arising under or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts located in Ghaziabad, Uttar Pradesh, India.

15. Grievance Officer

In accordance with the Information Technology Act, 2000 and the rules made thereunder, and the Digital Personal Data Protection Act, 2023, the details of the Grievance Officer are as follows:

Name of Organisation: Global Research and Development Organisation (GRDO)

Platform: GRDO Bharat Bazaar

Address: Milan Earth, Rajnagar Extension, Ghaziabad, Uttar Pradesh, India

Email: globalgrdo@gmail.com

Response Time: Within 30 days of receipt of complaint

If you have any questions, concerns, or complaints regarding the collection, use, or disclosure of your personal data, or if you wish to exercise any of your rights under applicable data protection laws, please contact our Grievance Officer at the above details.