1. Purpose of Privacy Policy

This is the Privacy Policy (“Policy”) for Design of India, a sole proprietorship owned by Neha Kothari (DOI). This Privacy Policy applies to persons who access, browse or use the Services (“User”) provided by DOI on its website. This Policy is intended to provide a clear and concise summary of DOI’s approach to the handling of personal information (including but not limited to its collection, use, storage and disclosure) in accordance with the Digital Personal Data Protection Act, 2023, (“DPDPA, 2023”), Information Technology Act, 2000 (“IT Act, 2000”) and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules, 2011”). 

For the purpose of this Policy, wherever the context so requires “you” or “your” shall mean the User and the term “we”, “us”, “our” shall mean DOI.

2. User’s Consent

    By accessing and using this website of DOI, you agree and consent to the collection, storage, processing, transmission, and use of your personal information (including any changes thereto as provided by you) as described by DOI in this Privacy Policy. If you do not agree with the Policy, please do not use or access this website or any services or products from DOI.

    3. What is personal information?

      Under the Digital Personal Data Protection Act, 2023, personal data is defined to mean ”any data about an  individual, or an individual who is identifiable by, or in relation to such data.”

      4. Personal Information that we collect and hold

      DOI collects, holds and uses the personal information or data collected as per this Policy in order to provide and improve its products and services. If we do not collect personal information, or the information provided is incomplete or inaccurate, we may not be able to deliver products or provide our services effectively, and/or our services may be compromised. Hence, in order to enhance your experience of interaction on the website, we may request access to your personal information. This permission you grant to us would be voluntary in nature.

      We generally collect personal information in the following ways:

      • information that you give to us (for example through our website, via email or telephone);
      • information that we get from your use of our website;
      • information we receive from third party service providers, for example our payment gateway service provider who is compliant with Payment Card Industry Data Security Standard (PCI-DSS);
      • publicly available sources;
      • using cookies and similar technologies.

      The types of personal information that we can collect and hold include:

      • name;
      • contact details including address, email address and telephone number;
      • order information including details of purchases;
      • information that you provide when you register or create an account with us;
      • your location;
      • information from third party services to enable DOI to monitor and analyse web and app traffic and can be used to keep track of website and user behaviour.

      5. Cookies

      We may use cookies.  A cookie is a small text file which may be placed on your Internet browser and which we access each time you visit a website. Without limitation, we may use cookies to collect and store information for:

      • helping the website to function correctly or to improve the usability, content or user experience of the website;
      • monitoring our website’s performance;
      • for security;
      • building up a picture of the websites, products and services you prefer, so that we can then provide you with a personalised experience of our website and provide you with recommendations, and information of interest to you;
      • placing advertisements for our products on other external sites;
      • monitoring how our marketing is performing.

      Our advertisers may also assign their own cookies to your browser (if you click on their ads etc.), a process that we do not control. Any content or information that you may share on such other websites would be governed as per their own Privacy Policy. So please read the same before sharing your personal information on such third-party websites.

      Most browsers automatically accept cookies, but you can usually modify your browser settings to decline cookies. You may delete or decline cookies by changing your browser settings. (Click “Help” in the toolbar of most browsers for instructions or review the cookie management guide produced to correctly modify your cookies as per your convenience.). If you do so, some of the features and services of the site may not function properly.

      6. Server log files

      The website provider automatically collects and stores information that your browser automatically transmits to us in “server log files” which include the following:

      • browser type and browser version;
      • operating system used;
      • referrer URL;
      • host name of the accessing computer;
      • time of the server request;
      • IP address.

      This data will not be combined with data from other sources.

      7. Browser plugin

      You can prevent these cookies being stored by selecting the appropriate settings in your browser. However, we wish to point out that doing so may mean you will not be able to enjoy the full functionality of our website. You can also prevent the data generated by cookies about your use of our website (including your IP address) from being passed to Google, and the processing of this data by Google, by downloading and installing the browser plugin available at: https://tools.google.com/dlpage/gaoptout?hl=en.

      8. Third-Party Links and Services

      The Services may contain links to third-party websites. Your use of these features may result in the collection, processing or sharing of information about you, depending on the feature. Please be aware that we are not responsible for the content or privacy practices of other websites or services which may be linked on our services. We do not endorse or make any representations about third-party websites or services. Our Privacy Policy does not cover the information you choose to provide to or that is collected by these third parties. We strongly encourage you to read such third parties’ privacy policies.

      9. Disclosure of your personal information

      XS World never sells any sensitive personal information. XS World may disclose your personal information to following people in certain circumstances for the purpose of processing personal information on its behalf. We also ensure that these recipients of such Information agree to process such information based on our instructions and in compliance with this Policy and any other appropriate confidentiality and security measures:

      • personnel involved with the operation of our apps and our websites including IT, administration, sales, marketing and system administration staff.
      • lawyers and other professional advisers;
      • our service providers and contractors including mail carriers, couriers, hosting providers, IT companies and communications agencies;
      • our agents, associates and business partners;
      • other third parties.for any other legitimate uses as described under Section 7 of the DPDPA, 2023
      • any entity to which we are required or authorised by or under law to disclose such information for the purpose of verification of identity, or for the prevention, detection, investigation including but not limited to cyber incidents, or for prosecution and punishment of offences. These disclosures are made in good faith and belief that such disclosure is reasonably necessary for enforcing these Terms or for complying with the applicable laws and regulations.
      • We may also share your information to investigate and address threats or potential threats to the physical safety of any person, to investigate and address violations of this Privacy Policy or the website terms and conditions, or to investigate and address violations of the rights of third parties and/or to protect the rights, property and safety of the Company and its group companies, our employees, users or the public. 
      • to prospective or actual buyers in the event we sell our business or assets;

      By continuing to use our website or our app(s) you expressly consent to DOI disclosing your personal information in the manner outlined above.

      10. Use of your personal information

        DOI uses personal information for the purpose of providing its products and associated services including facilitation of payment and other functions.

        Personal information, such as email addresses, contact information and other personally identifiable information is also used for the following purposes and services:

        • marketing and advertising;
        • contacting you or communicating with you;
        • to understand more about you, so that we can provide better products and services;
        • to improve our products and services;
        • displaying content from external platforms;
        • interaction with external social networks and platforms;
        • managing support and contact requests;
        • analytics;
        • content commenting and moderation;
        • hosting and back-end infrastructure;
        • managing contacts and sending messages;
        • remarketing and behavioural targeting;
        • to meet contractual obligations;
        • internal record keeping, management and administration.

        Any personally identifiable information provided by you will not be considered as sensitive if it is freely available and/or accessible in the public domain like any comments, messages, blogs, scribbles available on social platforms like Facebook, twitter etc.

        Any posted/uploaded/conveyed/communicated by users on the public sections of the Sites becomes published content and is not considered personally identifiable information subject to this Policy.

        In case you choose to decline to submit personally identifiable information on the Sites, we may not be able to provide certain services on the Sites to you. We will make reasonable efforts to notify you of the same at the time of opening your account. In any case, we will not be liable and or responsible for the denial of certain services to you for lack of you providing the necessary personal information.

        11. Marketing and Advertising

          DOI will never use or disclose any sensitive information for marketing or advertising purposes.

          We may use and disclose your personal information (other than sensitive information) to provide you with information about products or services offered by DOI. You consent to receipt of direct marketing information including by email or SMS.

          If at any time you do not wish to receive marketing communications from us or you do not want your personal information disclosed for marketing purposes, please contact our Privacy Officer and we will remove your details from our marketing database.

          12. Information Security

            While we will take reasonable steps to protect the personal information that we hold from misuse, loss, unauthorised access and modification or disclosure, you should be aware that no system is completely secure against cyber-attack.

            In addition, the open nature of the internet is such that information exchanged via the internet may be accessed and used by people other than those for whom the data is intended.  Any information sent via the internet is sent at the sender’s risk.

            You should contact us immediately if you believe that there has been unauthorised access or disclosure with respect to any personal information that we hold about you.

            When personal information that we collect is no longer required by DOI, we will destroy or de-identify that personal information unless we are required by law or a court/tribunal to retain the personal information. We may retain personal information for so long as it is required for any of our business purposes, for the prevention of fraud, for insurance and governance purposes and in our IT back-up.

            13. De-identified data

              You consent to DOI using and disclosing your de-identified data (data that no longer identifies you) for any purpose, including without limitation research, statistical analysis, product development, marketing and business planning and any other commercial purpose.  We undertake technical measures to make sure that this data cannot be associated back to you.

              14. Retention of Data

                We shall retain the records as per the PMLA (Prevention of Money Laundering Act 2002) guidelines and such other statutory/regulatory requirements or existing law in India from time to time. In the event any legal /regulatory proceeding is pending, we can retain records for a longer period as may be required by regulatory /statutory authorities.

                15. Access and Correction

                  Individuals can request the following from DOI:

                  1. access to their personal information or the processing activities undertaken by DOI regarding their personal data,
                  2. the identities of all other third parties and data processors with whom their personal data has been shared along with a description of the personal data so shared by DOI, or
                  3. any other information related to their personal data and its processing held by DOI,

                  by sending a written request to our Privacy Officer. DOI does not impose a charge for making a request for access, however we may charge for reasonable administrative costs incurred in providing access.

                  The above-described rights of access granted to the Users are subject to the condition provided under Section 11 (2) of the DPDPA, 2023.

                  You can ask our Privacy Officer to request or update your personal information. However, such modification or updates would be carried subject to any requirement for such personal information or sensitive personal data or information to be retained by law or for legitimate business purposes.  DOI does not impose any charge with respect to requests for correction or updates.

                  Before providing access to personal information, or correcting or updating personal information, DOI will require your identity to be confirmed.

                  Requests for access or correction may be refused if the requests are unreasonably repetitive or systematic, require disproportionate technical effort, jeopardize the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backup tapes), or for which access is not otherwise required.. If we refuse to provide access, or to correct or update personal information, DOI will provide you with reasons for the refusal. If we refuse to correct your personal information you have the right to associate with the information a statement that the information is inaccurate, out-of-date, incomplete, irrelevant or misleading. We will take such steps as are reasonable in the circumstances to associate that statement with all records we hold that contain the relevant information.

                  16. Notifiable Data Breaches

                    We will notify you and the Data Protection Board about any data breach that is likely to result in serious harm to you in such form and manner as may be prescribed. There are exceptions where notification is not required, for example where we have already taken appropriate remedial action that removes the risk of serious harm to any individuals.

                    17. Policy Related to Minors

                      We do not knowingly collect personal information from minors under the age of 18. Minors are not permitted to use our website or Services, and we request that minors under the age of 18 not to submit any personal information to the website. Since information regarding minors under the age of 18 is not collected, we do not knowingly distribute personal information regarding minors under the age of 18.

                      18. Complaints/Grievance Redressal

                        Privacy related complaints or breach of these terms should immediately be directed to our Privacy Officer i.e., Neha Kothari via email provided below:

                        Name: Neha Kothari

                        Email: supportdoi@designofindia.com

                        We will do our best to ensure that our investigation is completed, and a decision about your complaint is communicated to you, within 30 days of our being advised of the complaint. We will inform you if we need more time.

                        The Company shall not be responsible for any communication, if addressed, to any non-designated person in this regard.

                        19. Changes to this Privacy Policy

                          This policy may be amended from time to time. We will publish any updated versions of this policy on our website. By continuing to use our website, you will be deemed to have consented to any amended versions of this policy that are published on our website.

                          Last updated: 11 February 2025.