We process personal data only for lawful purposes connected with operating this ecommerce service. Where consent is required, the request should be specific, informed, clear, and capable of being withdrawn.
Scope and legal basis
This policy applies to visitors, customers, delivery recipients, and persons contacting Farm Vedika through this website. It covers digital personal data collected online and personal data first collected offline and later digitised.
It is prepared with reference to India's Digital Personal Data Protection Act, 2023 (DPDP Act) and the Digital Personal Data Protection Rules, 2025. The Rules use a phased commencement schedule, so Farm Vedika will update its operational practices as applicable provisions take effect.
Personal data we collect
| Category | Examples | Source |
|---|---|---|
| Identity and contact | Name, mobile number, email address | Provided by you |
| Delivery information | Address, village or town, district, state, PIN code, landmark, delivery notes | Provided by you |
| Order information | Products, quantity, price, shipping charge, order reference, order status | Created during purchase |
| Payment-related details | PayPal email, payer name, payment note or reference | Provided by you |
| Support communications | Questions, complaints, return requests, photographs voluntarily supplied | Provided by you |
| Technical information | IP address, browser type, device information, timestamps, page requests and security logs | Generated automatically |
We do not request PayPal passwords, card PINs, one-time passwords, or online banking credentials. Do not submit such confidential authentication data.
Purposes of processing
- To create and manage the shopping cart, checkout, order, and delivery workflow.
- To verify shipping information and coordinate dispatch within India.
- To communicate order confirmations, delivery updates, support responses, returns, and refunds.
- To maintain transaction, tax, accounting, fraud-prevention, and legal compliance records.
- To secure the website, investigate misuse, diagnose faults, and maintain service availability.
- To improve products and customer experience using aggregated or appropriately de-identified information where practical.
We will not use personal data for a new purpose that is incompatible with the stated purpose without providing an appropriate notice and obtaining consent where required.
Consent, notice, and withdrawal
Before collecting data based on consent, we aim to provide a clear notice that identifies the data requested, the purpose, the service enabled by processing, and a method to exercise rights or make a complaint.
You may withdraw consent by emailing farmvedikaprivatelimited@gmail.com. Withdrawal will be handled with reasonable ease comparable to giving consent. It does not affect processing already lawfully completed. Some services may no longer be available if the necessary data cannot be processed.
Reasonable security safeguards
We use proportionate technical and organisational measures intended to prevent unauthorised access, disclosure, alteration, loss, destruction, or misuse. Measures may include access controls, secure configurations, encryption or masking where appropriate, logging, backups, vendor controls, staff confidentiality, and incident response procedures.
If a personal data breach occurs, we will assess, contain, document, and notify affected Data Principals and the Data Protection Board of India in the manner and timeframe required by applicable law.
Retention and erasure
Personal data is retained only for as long as needed for the disclosed purpose or a legal obligation. Indicative periods are:
- Incomplete cart data: stored locally in the customer's browser until cleared.
- Order and delivery records: retained while the order is active and afterwards for accounting, tax, warranty, dispute, and legal requirements.
- Support records: retained until the issue is resolved and for a reasonable follow-up period.
- Security logs: retained for a limited period proportionate to security and fraud-prevention needs.
When retention is no longer necessary, data will be deleted, anonymised, or securely isolated unless continued retention is required by law.
Your rights as a Data Principal
Subject to applicable provisions, you may request:
- A summary of personal data being processed and the processing activities.
- The identities or categories of other Data Fiduciaries and processors with whom data has been shared, where applicable.
- Correction of inaccurate or misleading data and completion or updating of incomplete data.
- Erasure of personal data that is no longer necessary, unless retention is legally required.
- Withdrawal of consent and access to grievance redressal.
- Nomination of another individual to exercise rights in the event of death or incapacity, where the applicable provisions permit.
Requests should include sufficient information to verify identity and locate the relevant record. We may ask for limited additional information to prevent unauthorised disclosure or deletion.
Children's personal data
This ecommerce service is intended for adults capable of entering purchase transactions. We do not knowingly seek personal data from a child. Where processing a child's data is necessary and legally permitted, verifiable consent of the parent or lawful guardian will be obtained as required.
We do not undertake tracking, behavioural monitoring, or targeted advertising directed at children through this website.
Cross-border processing
Website infrastructure or service providers may process data outside India. Such processing will be subject to applicable Indian restrictions, contractual safeguards, security controls, and any country or territory restrictions notified by the Central Government.
Grievance redressal and contact
Privacy requests or complaints should first be sent to Farm Vedika using the contact details below. Include your name, contact information, request type, and any relevant order reference.
If a complaint is not resolved through our grievance mechanism, you may use remedies available under applicable Indian law, including approaching the Data Protection Board of India when the relevant process is available.
Updates and authoritative sources
We may update this policy to reflect legal, operational, security, or service changes. The effective date at the top identifies the current version.
- Digital Personal Data Protection Act, 2023 — MeitY
- Digital Personal Data Protection Rules, 2025 — MeitY
This page is an operational privacy notice, not legal advice. In case of conflict, the applicable law and official government notifications prevail.