We respect your privacy and are committed to protecting your Personal Information. This Privacy Policy (the “Policy”) outlines how Zumbo Innovations Private Limited (“Company” or "us" or "we" or "our") and its affiliates and our third-party service providers collect, use, store, process, transfer, and disclose your information through our Website https://joinjumbo.com/ (“Website”), our mobile application “Jumbo” (“App”) and our Services or any other websites, applications and services we offer from time to time by or in connection therewith (collectively called as the “Platform”). At our Platform, we provide an engaging and skill-based gaming experience through our unique 'No Money Loss Gaming' concept. By downloading the App, players can participate in various games to win exciting Cash Winnings. The players can either withdraw their Cash Winnings or redeem the same as Shopping Credits to purchase a curated selection of branded products available within the App, ensuring a rewarding experience without the risk of monetary loss (the “Services”). By reviewing this Policy, you will gain a comprehensive understanding of your privacy rights and choices.

Your access to and/or utilization of our Platform and/or Services signifies your agreement to be governed by this Policy. By providing us with your Personal Information, you expressly consent to the use and disclosure of your Personal Information as outlined in this Policy. This Policy, along with the Terms of Service, Returns and Refund Policy, Delivery and Shipping Policy, Game Rules, and other policies incorporated by way of reference herein, is applicable to your use of the Services, and you explicitly agree and acknowledge to read the Privacy Policy in conjunction with the aforementioned policies.

The term “Personal Information” shall mean any information that relates to an identified or identifiable individual, and can include information that you provide to us and that we collect about you, such as when you engage with our Platform (e.g. device information, IP address, location etc.).

By utilizing the Platform and/or Services, or furnishing your Personal Information, you explicitly agree and acknowledge that you accept the terms delineated in this Policy. The terms 'you', 'your', or ‘User’ in the context of this Policy collectively pertain to any individual utilizing our Platform, whether for personal use or on behalf of others.

By visiting the Platform or providing your information, you expressly agree to be bound by this Privacy Policy and agree to be governed by the data protection and privacy laws of India including but not limited to the Information Technology Act, 2000, Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (IT Rules), and the Digital Personal Data Protection Act (DPDPA), 2023, and other relevant regulations governing data protection and privacy.

IF YOU DO NOT CONSENT TO THE COLLECTION, USE, AND DISCLOSURE OF YOUR PERSONAL INFORMATION AS SET FORTH IN THIS PRIVACY POLICY, PLEASE REFRAIN FROM ACCESSING AND/OR USING OUR PLATFORM.

1. TO WHOM DOES THIS POLICY APPLY?

   1. This Policy is inclusive and applies to all Users of our Platform and/or Services, irrespective of their browsing intent or their extent of utilizing the Services offered on our Platform.

   2. The applicability of this Policy extends to users regardless of the device type used for accessing our Platform and/or Services, whether it be a laptop/desktop or a mobile/tablet device.

   3. We do not knowingly collect or solicit Personal Information from anyone under the age of eighteen (18) or knowingly allow such persons to register for and/or utilise the Services. If you are under the age of eighteen (18), please do not attempt to register for the Services or send any information about yourself to us. No one under the age of eighteen (18) may provide any Personal Information to us.

2. WHAT IS THE INFORMATION THAT WE COLLECT FROM YOU?

   1. To utilize our Services, you must download the App from an official app store compatible with your mobile device (e.g., Apple App Store for iOS devices).

   2. Upon installing our App you need to complete the one-time sign-in process with us by setting up a user account (the “Account”). To utilize our Services, we collect certain Personal Information from you. This may include but is not limited to the following:

      1. Basic Information: You are required to provide basic information such as full name, date of birth and address;

      2. Contact information: such as email address, contact number and/or WhatsApp mobile number;

      3. Verification Data: We may collect information relevant to your use of our Platform and Services, such as a One-Time Password (OTP) sent at the time of account creation, log-in, and/or at the time of making payments;

      4. Transaction Data: including the details of the payment method such as credit or debit card number, UPI information, and bank account information. Please note that we do not collect the transaction data directly, but our payment partner Razorpay does. You agree that in providing such transaction data, you consent to the privacy policy of Razorpay, which can be found here;

      5. Sensitive Personal Information: We may collect Aadhaar Card and PAN Card information relevant to your use of our App and Services such as claiming cash rewards, to complete KYC (Know Your Customer) verification as mandated by the Company.

      6. Recruitment Information: If you apply for a job at our Company through the careers page on our Platform, we may collect specific Personal Information, including your full name, email address, contact number, LinkedIn profile, and any other information provided in your resume;

      7. Additional Information: It includes without limitation, when you fill in information through our payment partner, Razorpay, or make payments through Razorpay, place your orders within the App, when you provide additional information on WhatsApp to seek support concerning KYC or related issues, participate in promotions, communicate with the Company’s support team, provide your address and/or geolocation, or share your experience with us;

      8. Communication with us: This can include any communication that you send to us, including communications for any inquiries, payments, technical support, etc;

      9. Device Identification data: This includes information that may assist us in identifying your device, including browser type, and version, your operating system, etc;

      10. Other Data: This can include the following, based on your interaction with the Platform and/or Services-

          1. Number of times you access our Platform and/or Services;

          2. The length of time you spent on the Platform;

          3. The period of time from when you became active and have continued to be active on the Platform;

          4. Other similar statistics we may collect with the intention to improve the user experience of the Platform.

   3. You agree to provide us with your Personal Information whenever you use our Services by performing any of the following functions:

      1. Accessing our Platform and/or Services by means of any web browser or any device;

      2. Creating an Account, playing games and shopping on the App;

      3. Inquiring about our Services through our Platform;

      4. Initiating and maintaining correspondence with us.

   4. You understand and agree that we do not directly collect Personal Information from Users and all sensitive Personal Information collected through our Platform is introduced solely by the User. We do not collect any personal or sensitive information without the User’s explicit input and consent. Users are responsible for the accuracy and completeness of the information they provide. By using our Platform and Services, you acknowledge that you are bound by the terms and policies of our third-party service providers such as our payment provider Razorpay and storage partner Amazon Web Services (AWS) and potentially others as may be applicable. We prioritize User privacy and security by relying on trusted third-party service providers, and we encourage Users to review and understand the policies of these platforms to protect their interests.

   5. You understand that our payment partner, Razorpay provides you with the convenience of storing your payment methods on the Platform. By opting for this feature, you consent to the storage of your Personal Information, including your payment method.

   6. We strive to take extra precautions to ensure that such Personal Information is kept secure and confidential, and we will only retain this data for as long as necessary for the purposes for which we collect it as per the permissible laws of the land.

   7. This Policy will not apply to any unsolicited information provided by you through the Platform or through any other means. This includes but is not limited to, information posted on any public areas of the Platform. All such unsolicited information shall be deemed to be non-confidential and we will be free to use and disclose such unsolicited information without limitation.

   8. We shall not be liable for any loss or damage sustained by you as a result of any disclosure (inadvertent or otherwise) of any Personal Information concerning your payment-related information in the course of any online transactions or payments made for any Services offered through the Platform. For this purpose, we recommend that you go through the terms of service of our payment service provider, Razorpay which can be found here. 

   9. Access to your Personal Information is limited to employees, agents, partners, and third parties, who we reasonably believe will need that information to enable us to provide Services to you. However, we are not responsible for the confidentiality, security, or distribution of your own Personal Information by our partners and third parties (who have their own privacy policies) outside the scope of our agreement with such partners and third parties.

   10. When you use our Platform, we collect and store your information which is provided by you from time to time. In general, you can browse the Platform without telling us who you are or revealing any Personal Information about yourself. Once you give us your Personal Information, you are not anonymous to us. Where possible, we indicate which fields are required and which fields are optional. You always have the option to not provide information by choosing not to use a particular service, product, or feature on the Platform.

3. HOW DO WE COLLECT THE INFORMATION?

   1. We employ various methods to gather information, ensuring a comprehensive understanding of User interactions and preferences. The collection of Personal Information is facilitated through the following processes:

      1. Information you give us: When you provide us with the information referred to in Clauses 2.2 and 2.3 through the methods outlined in Clause 2.4;

      2. Session Management: We study session metrics to understand how Users interact with the Platform. This helps us learn the average time Users spend on the Platform and when they prefer to engage. We use tools like Google Analytics (or alternatives) to collect anonymous data, including the number of views, how long Users stay, screen views, button clicks, and where they're visiting from. This data allows us to optimize the User experience, making informed enhancements to cater to User preferences and behaviors;

      3. User analytics: We analyze User behavior and preferences, by collecting and analyzing Personal Information within the Platform to track and ensure accuracy, promptly identify any unauthorized transactions, and detect fraudulent activities, allowing us to take immediate corrective action. For this purpose, we integrate and utilize marketing automation tools, including but not limited to Webengage and Mixpanel. Please note that you are subject to such third-party marketing tools and it is your responsibility to read and understand their terms and conditions.  

   2. In addition to direct User interactions, we utilize various data collection methods to enhance User experience and optimize App functionality. These methods assist in tracking User preferences, providing personalized experiences, and improving the performance of our App. Users have the option to manage their data preferences through their device settings. Below are the categories of data collection methods used in our App along with a description of what they are used for:

      1. Essential Data Storage: These mechanisms are essential for running our App and keeping it secure. They also help us comply with applicable regulations and keep your details safe and private. Examples include storing authentication tokens and app settings.

      2. Functional Data Storage: These mechanisms remember preferences such as your region or country, preferred language, and accessibility options like large font or high-contrast pages. They ensure the app functions according to your preferences every time you use it.

      3. Performance Tracking: These mechanisms tell us how you and other Users use our App. We aggregate and analyze this data to improve the performance and functionality of our services. Examples include tracking screen views, button clicks, and usage patterns.

      4. Event Tracking: Through this mechanism, our App can define custom events to track specific actions taken by Users, such as completing a level in a game, or sharing content.

      5. Log Files: Our servers automatically collect information sent by Users' devices, known as log files. This data may include IP addresses, device information, operating systems, browser type, and timestamps. Log files are instrumental in analyzing trends, administering the Platform, and diagnosing technical issues; 

      6. Third-Party SDKs: We integrate third-party Software Development Kits (SDKs) to provide additional functionality, such as analytics and advertising. These SDKs may collect information about your device, app usage, and interactions to help us understand User behavior and deliver targeted content.

      7. Advertising Identifiers: We use the Identifier for Advertisers provided by your iOS device for advertising purposes, such as Google AdMob. Google AdMob uses IDFA under the guidelines laid out in the iOS Developer Program License Agreement. These identifiers help us deliver personalized ads and track the effectiveness of our advertising campaigns.

   3. Cookies: We utilize cookies, which are small text files stored on your device’s hard drive by web browsers. These cookies help us and third parties identify Users, track preferences, analyze usage patterns, and optimize the Website’s functionality to provide a customized experience. Cookies enable us to store preferential information and understand browsing activities. You may manage cookie preferences through your browser settings. Below is the limited list of the categories of cookies we use, along with their purposes:

      1. Strictly Necessary Cookies: These cookies are needed to run our Website, to keep it secure when you are accessing the Website, and to obey regulations that apply to us. They also help us keep your details safe and private;

      2. Functional Cookies: These cookies are used for remembering things such as your region or country, your preferred language, accessibility options like large font or high-contrast pages;

      3. Performance Cookies: These cookies tell us how you and our other users use our Website. We combine all this data together and study it. This helps us to improve the performance of our Services and/or the Website;

      4. Session Cookies: We use session cookies, which are stored temporarily during your browsing session and deleted when you close your browser or application. These cookies support Website functionality and help us analyze usage, including pages visited, links clicked, content viewed, and time spent on each page.

      5. Analytics Cookies: Analytics cookies collect data about your use of the Website, allowing us to improve its performance. These cookies provide aggregated information to monitor site functionality, track page visits, identify technical issues, analyze user traffic, and measure the effectiveness of our advertising, including emails sent to you.

      6. Purpose of Cookies We Use: We utilize Personal Information obtained through cookies to enhance the speed, security of your interaction with us, and overall user experience. These cookies serve various purposes, including but not limited to:

         1. Preferences: Cookies enable the Website to remember information that alters the site’s behavior or appearance, such as your preferred language or geographic region. By retaining your preferences, we can customize and present advertisements and other content tailored to you.

         2. Security/Optimisation: Cookies play a crucial role in maintaining security by verifying Users, preventing fraudulent use of Services, and safeguarding User data from unauthorized access. Specific types of cookies assist in blocking various types of attacks, such as attempts to pilfer content from Website forms.

         3. Processing: Cookies contribute to the efficient functioning of the Website, allowing us to deliver the Services expected by visitors and/or Users. These cookies facilitate tasks like navigating web pages and accessing secure sections of the Website.

         4. Analytics and Research: Cookies aid in comprehending how individuals utilize our Services, enabling us to enhance them for a better User experience. This data-driven insight helps us refine and improve our offerings.

   4. Web Beacons, Pixel Tags, and Trackers: We may employ Web Beacons, Pixel tags, and trackers which are tiny graphic images and/or small blocks of code placed on mobile apps, ads, or in the emails that allow us to determine whether you performed a specific action. When you access these pages, or when you open an email, you let us know that you have accessed the Platform or opened the email. These tools help us measure responses to our communications and improve our promotions.

   5. Information from other sources: We may collect Personal Information from other sources, including but not limited to:

      1. If a User or any third party submits a complaint about you, we may receive information relating to the specific complaint made in order to understand and, where relevant, address the complaint; and

      2. To the extent permitted by applicable law, we may receive additional information about you, such as references, demographic data, and information to help detect fraud and safety issues from (i) third-party service providers, other third parties, and/or partners, or (ii) Users and any other individuals, entities, and authorities, and combine it with information we have about you. For example, we may receive background check results or fraud warnings from identity verification service providers for use in our fraud prevention, security investigation, and risk assessment efforts. We may receive information about you and your activities on and off the Platform, including from Users of our Platform, members of the public, or governmental, public, or tax authorities, or about your experiences and interactions with our partners. We may receive health information including, but not limited to, health information related to contagious diseases.

4. WHY DO WE COLLECT YOUR INFORMATION?

   1. You agree and acknowledge that we shall collect your information only for lawful and legally permissible purposes which are as follows:

      1. Contractual Necessity: We process your Personal Information to fulfil our contractual obligations to you. This includes actions such as disbursing cash rewards, managing orders and delivering Services;

      2. User Authentication: We collect your information to help us identify you as and when you access the Platform, when you register an Account with us or log in, or when you utilize our Services;

      3. Transactions and Payments: To facilitate secure and efficient payment processing, as well as handle transactions related to Services on the Platform. Also, Personal information is utilized to enable or authorize payment services, including detecting and preventing money laundering, fraud, abuse, and security incidents, complying with legal obligations, enforcing payment policies, and improving payment services;

      4. Research and development: We will utilize Personal information to deliver the Services and to develop, test, and enhance the quality and usability of both the Platform and Services;

      5. Communicate with you: We use your Personal Information to communicate with you concerning our Services via different channels (e.g., by phone, e-mail, chat) including to inform you regarding delivery location;

      6. Fraud Prevention and Credit Risks: We use your Personal Information to prevent and detect fraud and abuse to protect the security of our Users;

      7. Troubleshoot Problems: We use your Personal Information to provide functionality, analyze performance, fix errors, and improve the usability and effectiveness of the Platform and/or Services;

      8. Compliance with law: To be able to perform any contractual and legal obligation;

      9. Enhancing User Experience: To analyze User behavior and preferences for improving our Services and User experience and to be able to provide location-specific services, if any; 

      10. Enhanced Advertising and Marketing Efforts: In our efforts to provide, personalize, measure, and enhance our advertising and marketing endeavors, we engage in several key activities. Firstly, we utilize User information to send promotional and marketing messages, tailoring them to suit individual preferences and interests. Additionally, we strive to customize and optimize advertising on various platforms to ensure relevance and effectiveness. Furthermore, we may administer referral programs, rewards, surveys, sweepstakes, contests, and other promotional activities to engage Users and foster community participation. Through the analysis of User characteristics and preferences, we aim to send targeted promotional messages that resonate with each User segment. Finally, we extend invitations to Users for events and relevant opportunities, enriching their overall experience with our Platform; and

      11. Providing alerts/notifications: To effectively communicate with you through emails/SMS/notifications through the Platform to inform you  about any other new apps or services that we may from time to time develop.

   2. In the course of operating the Platform and/or Services, we collect and utilize Personal Information in accordance with our Privacy Policy.

   3. You consent and recognize that your Personal Information may be disclosed on our Platform authorized by you for the purpose of utilizing our Services. Additionally, you agree and acknowledge that we are permitted to communicate with you through messaging, calls, emails, or other means, to facilitate the performance of our services wherever necessary.

5. WHO DO WE SHARE YOUR PERSONAL INFORMATION WITH AND WHY?

   1. To facilitate our Services and enhance User experience, we may share Personal Information with the following entities:

      1. Payment Processors: During the disbursement of cash rewards, we may need to share your Personal Information necessary for transaction processing with our trusted financial institution or payment gateway partner to ensure cash rewards transferred to you;

      2. Third-party Service Providers: We engage the services of third parties to carry out various functions on our behalf such as payment processing, data analysis, postal and email communications, hosting services, storage, customer service,  KYC (Know Your Customer) verification, and marketing assistance. While these third-party service providers have access to the necessary Personal Information to fulfill their functions, they are prohibited from using it for any other purposes. Moreover, they are obligated to process the Personal Information in compliance with applicable laws. While we do not own or control these third parties, when you interact with them and choose to use their services, you are providing your information to them. Your use of these services is subject to the privacy policies of those providers, including, without limitation, Razorpay’s Privacy Policy and AWS Privacy Policy.

      3. Affiliates: We may share your information with our affiliates, in which case we will require those affiliates to honor this Privacy Policy. Affiliates may include our parent company and any subsidiaries, joint venture partners, or other companies that we control or that are under common control with us;

      4. Business Transfers: In the course of our business operations, we may reorganize, merge, sell, or acquire businesses or services. In such transactions, user information is typically considered a transferable business asset. If we are acquired, merge with another entity, or undergo a sale of assets, your information may be transferred to the successor entity. Similarly, in the event of bankruptcy or business closure, user information may be transferred to or acquired by a third party. You acknowledge that such transfers may occur, and the transferee may honor the commitments outlined in this Privacy Policy unless you provide alternative consent or are notified of changes.

      5. Legal Compliance: 

         1. We may disclose your information to courts, law enforcement, governmental or public authorities, tax authorities, authorized third parties, or other Users, if and to the extent we are required or permitted to do so by law or where disclosure is reasonably necessary to: (i) comply with our legal obligations, (ii) comply with a valid legal request, such as a summons or court order, or to respond to claims asserted against us, (iii) respond to a valid legal request relating to a criminal investigation to address alleged or suspected illegal activity, or to respond to or address any other activity that may expose us, you, or any other of our Users to legal or regulatory liability, (iv) enforce and administer our agreements with Users, including our Terms, additional legal terms, and policies, (v) respond to requests for or in connection with current or prospective legal claims or legal proceedings concerning us and/or third parties, in accordance with applicable law, or (vi) protect the rights, property or personal safety of the Company, its employees, its User, or Users of the public;

         2. Where legally required or permissible according to applicable law, we may disclose User information to relevant tax authorities or other governmental agencies, depending on where you are based, for the purpose of the tax authorities’ determination of proper compliance with relevant tax obligations;

         3. Where appropriate and/or legally required, we may notify the User about legal requests, unless: (i) providing notice is prohibited by the legal process itself, by court order we receive, or by applicable law, or (ii) we believe that providing notice would be futile, ineffective, create a risk of injury or bodily harm to an individual or group, or create or increase a risk of fraud upon or harm to the Company, our Users, or expose the Company to a claim of obstruction of justice.

      6. Service Improvement: We may share certain aggregated, anonymized information with third parties (for example, for Google Analytics) in order to assess the Platform usage and information pertaining to the ease of navigation;

      7. Advertisements: We use third-party advertising companies to serve ads when you visit our Platforms. These companies may use information (not including your name, address, email address, or telephone number) about your visits to the Platform and other websites in order to provide personalized advertisements about games, and other services of interest to you;

      8. Collaborations: We may share your Personal Information with reputable partners to facilitate joint initiatives, promotions, or integrated services; and

      9. Growth and Expansion: As our Platform evolves and expands, there may be instances where sharing Personal Information with new entities or parties becomes necessary for the enhancement of our Platform. Any such sharing will be carried out with the utmost consideration for User privacy and in accordance with relevant legal frameworks.

   2. We do not ever sell or rent your Personal Information without your explicit approval. 

   3. We may also de-identify or aggregate information and convert it into non-personal information so that it can no longer reasonably be used to identify you (“De-Identified Information”). We may use De-Identified Information for any of the purposes described in Clause 4 and Clause 5 of this Policy. We will maintain and use De-Identified Information in de-identified form and will not attempt to re-identify the information, except to confirm our de-identification processes or unless required by law.

   4. We may share aggregated Non-Identifying Information, and we may otherwise disclose Non-Identifying Information or De-Identified Information to third parties.

   5. We are not responsible for the actions of third parties with whom you share personal or sensitive data, and we have no authority to manage or control third-party solicitations. If you no longer wish to receive correspondence, emails, or other communications from third parties, you are responsible for contacting the third party directly.

6. HOW LONG DO WE KEEP YOUR PERSONAL INFORMATION?

In compliance with applicable laws, we retain your Personal Information for a duration no longer than necessary for the purpose for which it was collected or as mandated by relevant laws. In some cases, where immediate deletion is not feasible due to technical or legal constraints, we may instead anonymize your data to ensure it can no longer be linked to you, effectively removing all personal identifiers. The anonymized data may be retained solely for analytical and research purposes. However, certain data related to you may be retained beyond this period if we reasonably believe it is necessary to prevent fraud, mitigate potential abuse, allow us to exercise our legal rights, defend against legal claims, or fulfill other legitimate purposes required by law or for analytical and research purposes. Additionally, we may continue to retain your Personal Information for the following purposes including but not limited to:

1. Legitimate Business Interest: We may retain your Personal Information as necessary for our legitimate business interests, such as the prevention of money laundering, fraud detection and prevention, and enhancing safety;

2. Legal, Tax, Reporting, and Auditing Obligations: We may retain and use your Personal Information to the extent necessary to comply with our legal, tax, reporting, and auditing obligations;

3. Shared Information: Information you have shared with others, such as reviews and forum postings, may continue to be publicly visible on the App, even after your access/use is restricted; and

4. Residual Copies: Residual copies of your Personal Information (either in the form of De-Identified Information, Non-Identifying Information, or identified information) may remain in our backup systems for a limited period of time, primarily to ensure compliance with legal obligations and to protect against accidental loss or destruction. We strive to anonymize your data to prevent any personal identifiers from being linked to you. However, in rare cases where legal or operational requirements are necessitated, identifiable information may be retained temporarily. Such retention is strictly limited and governed by applicable laws.

7. HOW DO WE PROVIDE FOR THE SECURITY OF YOUR PERSONAL INFORMATION WITH US?

   1. We prioritize the security of your data, utilizing secure cloud servers where your Personal Information is encrypted at rest, adding an extra layer of protection against unauthorized access. We take reasonable steps to ensure appropriate physical, technical, and managerial safeguards are in place to protect your Personal Information from unauthorized access, alteration, transmission, and deletion. 

   2. We work to protect the security of your Personal Information during transmission by using encryption protocols. We use multi-layered controls to help protect our infrastructure, constantly monitoring and improving our applications, systems, and processes to meet the growing demands and challenges of security. We ensure that the third parties who provide services to us under appropriate contracts take appropriate security measures to protect your Personal Information in line with our policies.

   3. You understand and agree that despite the security measures in place, we cannot be held liable for any issues related to data security. Nevertheless, we implement reasonable physical, electronic, and procedural safeguards to maintain the confidentiality and integrity of your information. As part of this commitment, it is imperative that you also review and adhere to the terms of service and privacy policy of our third-party service providers.

   4. While we take comprehensive measures to safeguard your information, Users acknowledge and accept the inherent security implications of data transmission over the Internet and the World Wide Web. Despite our efforts, complete security cannot be guaranteed, and inherent risks persist. Users bear the responsibility of safeguarding login credentials for their Accounts. Any transmission of Personal Information is at your own risk. We are not responsible for the circumvention of any privacy settings or security measures contained on the Platform. While acknowledging these risks, we remain committed to continually enhancing our security protocols to address emerging threats and maintain the trust of our Users.

8. HOW DO WE HANDLE DATA BREACHES AND SECURITY INCIDENTS?

In the event of a data breach or security incident, we maintain a proactive approach to ensure swift resolution and mitigate potential risks. We have established a comprehensive incident response plan designed to address such occurrences promptly and effectively:

1. Identification: We promptly identify and acknowledge any signs of a data breach or security incident within our systems or infrastructure;

2. Containment: Immediate action is taken to contain the impact of the breach, preventing further unauthorized access or damage to data;

3. Notification: We prioritize transparency by promptly notifying affected parties, including Users and relevant stakeholders, about the breach and its potential impact on their data;

4. Collaboration: We collaborate with relevant authorities, such as regulatory bodies and law enforcement agencies, to report the incident and comply with any legal obligations or regulatory requirements; and

5. Post-Incident Assessment: Following the resolution of the incident, we conduct thorough assessments to evaluate the effectiveness of our response measures and identify areas for improvement.

9. DATA CONTROLLER AND DATA PROCESSOR OF YOUR PERSONAL INFORMATION

   1. We will act as the data controller where we make decisions on how your Personal Information is used in connection with the Platform or our Services. We will act as the data processor where we only use your Personal Information as authorized and instructed by a third party in connection with the Platform or Services.

   2. Where we are acting as the data controller, we are responsible for the obligations of a data controller under data protection laws in connection with the processing of your Personal Information and we use this Privacy Policy to provide you with information about our use of your Personal Information.

   3. Where we are acting as a data processor, the relevant third party will be acting as a data controller and will be responsible for the obligations of a data controller under data protection laws in connection with the processing of your Personal Information. If you are accessing the Platform or our Services through a third party, you should contact them with queries regarding the processing of your Personal Information or compliance with data protection law.

10. WHAT ARE YOUR RIGHTS AS A DATA SUBJECT?

    1. You, as a data subject, have certain rights to your Personal Information under the applicable laws, as outlined below:

       1. Right to Access: You have the right to access any of the Personal Information we hold about you at any time. For security purposes, when you request access to your Personal Information, you will need to provide us with enough information to verify your identity. We will generally provide you with access to your Personal Information, subject to some exceptions permitted by law. If we are unable to provide you with all or any of the information we hold about you, we will inform you why your request has been denied or limited.

       2. Right to Consent: Your explicit consent is required for the collection and processing of your Sensitive Personal Data or Information (SPDI).

       3. Right to withdraw consent: The consent that you provide for the collection, use, and disclosure of your Personal Information will remain valid until such time it is withdrawn by you in writing. You may withdraw your consent at any time by contacting us. Upon withdrawal, we will cease processing the relevant personal information, except where other legal grounds for processing exist under applicable laws. We will respond to your request within a reasonable timeframe.

       4. Opting Out of Marketing Materials: You may object to our use of your Personal Information for marketing purposes. You can always opt out of this through the functionality provided in each marketing communication (e.g. by clicking “unsubscribe” at the bottom of an email).

       5. Right to Review and Correction: You are responsible for maintaining the accuracy of the information you submit to us. You can review the information you have provided and ensure it is accurate and up-to-date. If you wish to make a request to correct or update any of the Personal Information that we hold about you, you may update your information by writing to us at company@joinjumbo.com.

       6. Right of Access and Portability: In some jurisdictions, applicable law may entitle you to request certain copies of your Personal Information or information about how we handle your Personal Information, request copies of Personal Information that you have provided to us in a structured, commonly used, and machine-readable format, and/or request that we transmit this information to another service provider, where technically feasible.

       7. Right of Erasure: In some jurisdictions, you can request that your Personal Information be deleted.

       8. Right to Grievance Redressal: You have the right to lodge a complaint regarding the processing of your Personal Data with our Data Protection Officer. You can submit your complaint in writing to our Data Protection Officer at company@joinjumbo.com, with the subject line "Appeal of Privacy Rights Request.”

    2. If you believe your rights have been violated or are dissatisfied with our response, you have the right to lodge a complaint with the Office of the Data Protection Commissioner of India (DPIC). The DPIC is responsible for handling complaints related to data protection and ensuring compliance with the DPDPA.

11. ARE CHILDREN ALLOWED TO USE OUR WEBSITE AND/OR SERVICES?

    1. This Platform and/or Services are strictly prohibited for use by individuals under the age of eighteen (18) years old ("Minors"). Accessing or using the Platform and/or Services by Minors constitutes a violation of our Terms of Service and Privacy Policy.

    2. We do not knowingly solicit, collect, or process any Personal Information from Minors. We implement commercially reasonable age verification measures and data protection practices to prevent such unauthorized collection and usage.

    3. If you are a parent or legal guardian ("Guardian") and believe your child has provided us with Personal Information, we urge you to promptly contact us at company@joinjumbo.com. Upon verification of your Guardian status, we will promptly take all necessary steps to remove and delete such information from our records.

12. HOW CAN YOU EXPRESS YOUR COMPLAINTS AND CONCERNS?

User satisfaction is one of the key focus areas and an integral part of our Platform’s founding principles and business policies. We strongly believe that user satisfaction is the most important factor in the growth and development of our business and hence, we have adopted user-centricity as a priority in developing our business processes. The terms below shall constitute our “User Grievance Redressal Policy” which outlines the framework for addressing user grievances:

1. Objective: The objective of this Grievance Policy is to provide a framework:

   1. to ensure the provision of timely and effective resolution of issues raised by users; and 

   2. to keep users informed about the manner in which they can reach out to us to resolve their queries and grievances.

2. Governing Principles: The policy on grievance redressal is governed by the following principles:

   1. User shall be treated fairly at all times;

   2. Issues raised by users are always attended to with courtesy and on time;

   3. Users are provided with effective and satisfactory resolution within a reasonable time period; and 

   4. Users are fully informed of avenues to escalate their issues/ grievances if they are not fully satisfied with the response to their complaints.

3. Grievance Redressal: Any user can reach out to our Grievance Redressal Officer, Parth B. through electronic mode by way of email communication at company@joinjumbo.com;  

4. Must Know: You must know and understand that:

   1. We DO NOT solicit confidential details like your OTP/CVV/PIN/Card Number/ Bank account details through any means other than explicitly mentioned by us.

   2. Scamsters/fraudsters attempt various techniques such as ‘phishing’, to contact, influence, and defraud consumers. We regularly caution our users against sharing any personal or payment-sensitive information with unknown persons as such sharing leads to unauthorized use and/or fraud and consequent financial loss.

   3. We shall not be liable for any loss, damage, or expense incurred by a user where the user has shared personal and/or payment-sensitive information with scamsters/fraudsters.

   4. Additionally, we also request and encourage our users to report such attempts or incidents to us at company@joinjumbo.com to enable us to investigate and explore legal recourse.

   5. We rely on our payment processor and banks. In certain cases involving payment issues, we might see a delay as that is beyond our control once we pass the investigation to them; however, we try our best not to exceed reasonable timelines.

13. HOW ARE CHANGES MADE TO THIS POLICY?

This Policy may be updated at our sole discretion or due to changes in the law. Such changes, unless otherwise stated, will be effective from the day and date of posting on the Platform. We reserve the right to update the Policy without obligation to notify users. It is recommended to regularly review this Policy for any changes, as your continued access and use of the Platform and/or Services will be considered your approval and acceptance of all modifications to this Policy. In cases where applicable law mandates, we may notify you of updates through email or on the Platform. If you do not agree with this Policy governing our Platform and/or Services, please refrain from using the Platform and/or Services provided by us.

14. HOW CAN YOU CONTACT US?

Should you need additional information or have any questions or complaints regarding the handling of your Personal Information, please feel free to reach out to us through any of the following channels:

Email: company@joinjumbo.com

Contact No.: +919873986189

Additionally, you can reach out to us through our Contact Us page for further assistance.