Privacy Policy

Cielo E‑Commerce Pvt Ltd (“Cielo”, “Company”, “we”, “us” or “our”) respects your privacy. This Privacy Policy describes how we collect, use, disclose and safeguard information when you visit our websites – including www.cieloecommerce.com
and any of its sub‑domains (collectively, the “Service”) – and when you interact with us through our marketing, e‑commerce and professional services. We act as a data fiduciary under India’s Digital Personal Data Protection Act, 2023 (DPDPA) and as a body corporate under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules).

By using our Service, you agree to the collection and use of your information in accordance with this Privacy Policy. If you do not agree with our practices, please do not use our Service.

1. Definitions

The following terms appear in this Privacy Policy:

Personal Data: any information relating to a natural person which can identify that person directly or indirectly (e.g., name, email address, phone number, IP address). India’s SPDI Rules treat certain information as sensitive personal data, including passwords, financial information, medical records and biometric information.

Usage Data: data collected automatically when you use our Service, such as IP address, browser type, pages visited, time spent on pages, device identifiers and diagnostic data.

Cookies: small text files stored on your device to enable features and improve your browsing experience.

Data Principal: the individual whose Personal Data is processed (also called “you” or “user”).

Data Fiduciary: the person or organization determining why and how Personal Data is processed (here, Cielo).

Service Providers: third‑party companies or individuals whom we employ to facilitate our Service (e.g., hosting, analytics, marketing partners) and who process data on our behalf.

2. Information We Collect

We collect several different types of information in order to provide and improve our Service:

2.1. Information You Provide

We collect Personal Data that you voluntarily provide when you:

Fill in contact or quotation forms on our site (e.g., your name, company name, email address, phone number and details of your project).

Subscribe to our newsletter or request marketing materials.

Send us enquiries via email, phone or social media.

Apply for a job or submit your résumé.

We may also collect sensitive personal data (such as payment details or government‑issued IDs) if necessary to perform a contract or comply with legal obligations, and we will handle such data in accordance with the SPDI Rules.

2.2. Information Collected Automatically

When you visit our website, we automatically collect Usage Data, including:

Log and device information: your IP address, browser type, operating system, device identifiers, access times and the pages you view.

Analytics information: we use cookies and similar tracking technologies to analyze how visitors use our site and to improve functionality. Cookies may store an anonymous unique identifier and gather information about your browsing behavior.

You can instruct your browser to refuse cookies or to indicate when a cookie is being sent; however, some features of the Service may not function properly without cookies.

2.3. Information from Third Parties

We may receive information about you from third‑party sources such as:

Service providers who help us perform marketing, analytics, payment processing or other business operations.

Publicly available sources, professional networking platforms or business partners.

Social media platforms when you interact with us (subject to the platform’s privacy policy).

3. How We Use Your Information

We use the collected data for various purposes based on principles of data minimization and purpose limitation:

To provide and maintain our Service – including responding to enquiries, fulfilling requests, delivering our e‑commerce, digital marketing, data services and other professional services, and performing contractual obligations.

To manage your account and send administrative information – such as confirmations, technical notices, updates, security alerts and support messages.

To communicate with you – including sending newsletters, marketing or promotional materials that may interest you, provided you have given your consent. You may opt out at any time.

To improve our website and services – by monitoring usage, analyzing trends and performing data analytics. We collect only data necessary to achieve these purposes, adhering to data minimization principles.

To detect, prevent and address security issues – implementing reasonable security practices and procedures. The SPDI Rules require us to publish a privacy policy detailing the information collected, purpose of collection, disclosure practices and security measures.

To comply with legal obligations and protect rights – including responding to lawful requests by public authorities, enforcing our Terms and Conditions, or defending ourselves in legal proceedings.

For business transfers – if we are involved in a merger, acquisition or asset sale, your Personal Data may be transferred to the acquiring entity.

4. Legal Bases for Processing

We process Personal Data only when we have a lawful basis to do so. Depending on the circumstance, our legal bases include:

Consent – you have given clear consent for us to process your Personal Data for a specific purpose. Under the SPDI Rules, consent must be informed and voluntary.

Contract performance – processing is necessary to perform a contract to which you are a party (e.g., providing services you request).

Legitimate interests – processing is necessary for our legitimate business interests (e.g., improving services, marketing) unless those interests are overridden by your fundamental rights and freedoms.

Legal obligations – processing is necessary to comply with applicable laws (e.g., tax and accounting obligations).

5. Data Retention

We retain Personal Data only as long as necessary for the purposes described in this policy or as required by law. The SPDI Rules specify that Personal Data should not be retained for longer than required for the purpose for which it was collected.

We will delete or anonymize data once it is no longer needed or when you withdraw consent, subject to our legal obligations.

6. Transfer of Data

Your information, including Personal Data, may be transferred to and maintained on computers located outside your state or country where data protection laws may differ. The DPDP Act allows transfers of personal data to countries that the Indian government considers to have adequate data protection standards.
If we transfer personal data outside India, we will ensure that the receiving country provides an adequate level of protection and that appropriate safeguards (such as contractual clauses) are in place.

7. Disclosure of Your Information

We may share your information in the following situations:

With Service Providers – We employ third‑party companies and individuals to facilitate our Service, provide services on our behalf, perform Service‑related tasks or assist us in analyzing how our Service is used. These third parties have access to your Personal Data only to perform these tasks and are obligated to adhere to confidentiality and data protection requirements.

For business transfers – If we participate in a merger, acquisition or asset sale, Personal Data may be transferred. We will provide notice before your Personal Data is transferred and becomes subject to a different Privacy Policy.

With affiliates – We may share your information with our affiliates, including our parent company and subsidiaries, provided they abide by this Privacy Policy.

With law enforcement and regulators – We may disclose your Personal Data when required to do so by law or in response to valid requests by public authorities (e.g., court orders or government agencies), including for national security or law‑enforcement requirements.

With your consent – We may disclose your Personal Data for any other purpose with your consent.

8. Security of Your Information

We implement reasonable and appropriate security measures to protect your Personal Data from unauthorized access, disclosure, alteration and destruction. Under the SPDI Rules, companies must implement reasonable security practices and procedures and publish them in their privacy policy.

We follow industry‑accepted standards such as ISO/IEC 27001 and conduct periodic audits to assess and improve our security posture.

Despite our efforts, no method of transmission over the Internet or method of electronic storage is 100% secure; therefore, we cannot guarantee absolute security.

9. Your Rights

Subject to applicable law, you have the following rights regarding your Personal Data:

Right of access – you may request copies of your Personal Data that we hold.

Right to rectification – you may request that we correct any inaccurate or incomplete data.

Right to erase – you may request deletion of your Personal Data when it is no longer needed or if processing is unlawful.

Right to withdraw consent – you may withdraw your consent at any time, and we will stop processing your data for the consented purpose.

Right to object – you may object to the processing of your Personal Data under certain circumstances.

Right to data portability – where technically feasible, you may request to receive a copy of your Personal Data in a structured, commonly used format.

Right to complaint – you may lodge a complaint with the Data Protection Board of India or another supervisory authority if you believe that your data protection rights have been violated.

We will respond to all legitimate requests within one month, as required by the SPDI Rules for grievance resolution.

10. Children’s Privacy

Our Service is not directed at individuals under the age of 18. We do not knowingly collect Personal Data from children. If we become aware that we have collected Personal Data from a child without verified parental consent, we will take steps to remove that information from our servers.

11. Third‑Party Websites

Our Service may contain links to other websites that are not operated by us. If you click on a third‑party link, you will be directed to that third party’s site. We strongly advise you to review the privacy policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third‑party sites or services.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. Changes are effective when they are posted on this page. We will notify you of significant changes by updating the “Last Updated” date at the top of this policy and, if appropriate, by email or prominent notice on our website.

13. Contact Us

If you have any questions, concerns or requests regarding this Privacy Policy or our data practices, please contact us:

Postal Address: F‑131, H.K House, Lado Sarai, New Delhi 110030, India
cieloecommerce.com

Email: info@cieloecommerce.com
cieloecommerce.com

Under the SPDI Rules, grievances must be resolved within one month of receipt
inventuslaw.com
. We will endeavour to address your concerns promptly and in accordance with applicable laws.