This Privacy Policy is published in compliance with the Information Technology Act, 2000, the Digital Personal Data Protection Act, 2023 (“DPDP Act”), and rules thereunder. In case of any discrepancy between translations, the English version will prevail.

By accessing and using the EKKE website, mobile site, or mobile applications (together, the “Platform”), you consent to the practices described in this Privacy Policy, our Terms of Use, and other applicable EKKE policies.

Scope

This Policy governs all personal data collected by EKKE in connection with the Platform, whether directly from you, automatically through your device, or from third-party partners such as logistics, payment, or marketing affiliates.

EKKE’s services and products are offered exclusively within India, and your personal data is primarily governed by Indian law. Data may, however, be processed or stored on secure servers located outside India solely for operational continuity and efficiency, in accordance with applicable law.

This Policy applies to: (a) registered and guest users of the Platform; (b) Sellers, service providers, and affiliates onboarded on the Platform; and (c) any person interacting with EKKE’s online services or campaigns.

Definitions

• “Personal Data” means any data about an individual who is identifiable by or in relation to such data, as defined under the DPDP Act.
• “Processing” means any operation performed on personal data, such as collection, recording, organisation, storage, use, disclosure, or erasure.
• “Data Principal” refers to the individual to whom the personal data relates.
• “Data Fiduciary” refers to EKKE, which determines the purpose and means of processing personal data.
• “Consent Manager” means an entity registered with the Data Protection Board of India authorised to manage user consents, where applicable.
• “Applicable Law” includes the DPDP Act, IT Act, Consumer Protection (E-Commerce) Rules, 2020, and any successor legislation.

Applicability and Relationship with Other Policies

This Privacy Policy forms an integral part of EKKE’s Terms of Use, Return & Refund Policy, Shipping and Delivery Policy, and any other applicable EKKE policy.

In the event of inconsistency, the Terms of Use shall prevail to the extent of conflict on legal interpretation, while this Policy will govern how your personal data is handled.

EKKE may modify or update this Policy at any time by publishing a revised version on the Platform. Continued use of the Platform after such publication shall constitute your acceptance of the revised Policy.

Data Collection, Categories of Information, and Purpose of Use

We collect and process personal data to provide, improve, and secure our Platform and related services, as detailed below:

• Directly from you: When You register an Account, browse the Platform, place an order, make a payment, participate in campaigns, contact customer support, or engage with loyalty or influencer programs.
• Automatically: Information collected automatically through cookies, pixels, or similar technologies, including device identifiers, IP address, browser type, app version, operating system, location data, browsing activity, and analytics information to enhance functionality, security, and experience.
• Third parties: Information received from authorised service providers, including logistics and delivery partners, payment gateways, marketing affiliates, authentication services, and social-media platforms that You connect with or interact through.
• Derived or created by EKKE: Information generated by EKKE from Your usage and interaction history, such as purchase patterns, saved preferences, product reviews, and engagement metrics, to personalise recommendations and improve Platform operations.

Dormancy & Data Minimization: If You do not access or use Your EKKE Account for a continuous period of one (1) year, EKKE may deactivate or delete Your Account and associated data (including transaction history), except where retention is required by law or for legitimate business purposes such as fraud prevention, taxation, or audit compliance.

Categories of information collected include (illustrative, not exhaustive):

• Identity & Contact: Name, date of birth, gender, email address, mobile number, billing and shipping addresses.
• Transaction & Financial: Payment method, UPI ID, bank or card details (processed only by authorised payment gateways), order value, refund data, and transaction identifiers.
• Verification: PAN, GST number, or other government-issued identification for high-value transactions, Seller onboarding, or regulatory KYC and tax compliance purposes.
• Usage & Behavioural: Device details, IP address, browsing activity, wish lists, cart behaviour, product views, time spent, preferences, and other Platform analytics to improve functionality and personalise recommendations.
• Support & Communication: Information shared during chats, calls, or emails with EKKE’s customer care or grievance team, including recordings or transcripts retained for training and dispute resolution.
• Voluntary Data: Information You voluntarily provide when participating in surveys, feedback forms, contests, community forums, loyalty programs, or brand collaborations.
• Public Information: Content, reviews, ratings, or images You post voluntarily on the Platform or social-media integrations, which may be publicly visible to other users.

Purpose of Uses: All information collected is processed to (i) fulfil and manage orders; (ii) process payments and refunds; (iii) deliver products and updates; (iv) detect and prevent fraud; (v) provide customer support; (vi) comply with legal and tax obligations; and (vii) personalise Your Platform experience through recommendations and offers.

Lawful Processing

EKKE processes Personal Data only when it has a lawful basis to do so under Applicable Law. The primary legal grounds include:

• Consent: When You provide explicit consent for a specific purpose (e.g., marketing subscriptions, personalised recommendations, loyalty programs).
• Contractual Necessity: To perform our obligations and deliver products or services You order on the Platform.
• Legal Obligation: To comply with tax, accounting, consumer-protection, fraud-prevention, and data-retention laws.
• Legitimate Interests: To improve Platform functionality, security, and customer experience, provided such processing does not override Your fundamental rights and freedoms.

Consent for Optional Features: Where required by law, EKKE shall seek Your express consent before collecting or processing data for non-essential features such as personalised advertising, surveys, or promotional communications.

Withdrawal of Consent: You may withdraw Your consent at any time by using the Privacy Settings in Your Account or by contacting EKKE through the channels mentioned in this Policy. Withdrawal shall not affect any processing lawfully carried out prior to such withdrawal.

Consent Management through Authorised Platforms: Where consent is obtained via a registered Consent Manager under the DPDP Act, EKKE will recognise, record, and act upon such consents or withdrawals in accordance with the framework prescribed by the Data Protection Board of India.

Implied or Limited Consent: Certain activities such as order fulfilment, refund processing, and statutory compliance may require continued processing of limited Personal Data even after consent withdrawal, to the extent necessary for legitimate business or legal purposes.

Proof of Consent: EKKE maintains electronic records of all consent and withdrawal actions to demonstrate compliance with the DPDP Act and other Applicable Laws.

AI Features and Model Training

If You choose to use EKKE’s AI-enabled tools (such as personalised style suggestions, chatbot assistance, size or fit recommendations, or curated product recommendations):

• Certain data, including interaction records, device information, and voluntary uploads (e.g., photos or product preferences), may be processed to operate these features and improve model accuracy.
• Such data may be aggregated and anonymised for EKKE’s internal analytics, service optimisation, or AI model training, in compliance with the Digital Personal Data Protection Act, 2023 (“DPDP Act”).
• AI technologies may occasionally produce unexpected, incomplete, or inaccurate results. Users are advised to exercise discretion and independently verify information before relying on AI-generated suggestions.

Cookies & Tracking

We use cookies, pixels, beacons, and similar tracking technologies (“Cookies”) to enhance Platform functionality, security, and personalisation:

• Cookies enable features such as login authentication, cart management, order tracking, and saved preferences.
• Analytics cookies help EKKE measure website performance, detect errors, and understand user behaviour.
• Advertising and campaign cookies allow EKKE to evaluate marketing effectiveness and present offers tailored to Your interests.
• Security cookies promote fraud prevention and account protection.

Most cookies are “session-based” and expire automatically after You close Your browser. You may manage or disable cookies through Your browser or device settings, but certain Platform features may not function properly thereafter.

EKKE may allow authorised third parties (e.g., Google Analytics or ad partners) to use cookies solely for analytics and advertising measurement. You can opt out through Your browser or device privacy controls.

Sharing of Information

We do not sell Your personal data. However, EKKE may share information in limited circumstances for legitimate business, compliance, or service delivery purposes, including with:

• Sellers & Logistics Partners: to process orders, coordinate shipments, and manage returns, exchanges, or product recalls.
• Payment Gateways & Banks: to validate transactions, process payments and refunds, and detect or prevent fraudulent activities.
• Affiliates & Service Providers: including IT infrastructure vendors, analytics providers, marketing agencies, and customer support platforms engaged by EKKE to perform services on its behalf.
• Business Partners: offering curated promotions, loyalty benefits, or co-branded offers, subject to Your consent where legally required.
• Regulators & Law Enforcement: when required under Applicable Law, court orders, or regulatory directives, or to protect EKKE’s legal rights, property, and user safety.
• New Entities: in case of merger, acquisition, restructuring, or business transfer; such successor entity will be bound by this Privacy Policy or a substantially similar framework ensuring equal data protection standards.

Security

EKKE employs administrative, technical, and organisational measures consistent with industry standards to safeguard Your personal data:

• Whenever You access Your Account or make a payment, we use encrypted connections and secure servers.
• Firewalls, access controls, and encryption technologies are implemented to protect data against unauthorised access, alteration, disclosure, or destruction.
• EKKE regularly updates its systems, conducts security audits, and enforces access restrictions internally to maintain ongoing protection.

However, data transmission over the internet cannot be guaranteed as fully secure. By using the Platform, You acknowledge and accept these inherent risks.

You are responsible for maintaining the confidentiality of Your login credentials and for restricting access to Your devices to prevent unauthorised Account activity.

Data Retention and User Rights

As required under the DPDP Act, 2023, EKKE respects and facilitates Your data rights as a Data Principal:

• Access: You may request confirmation or a copy of the personal data held by EKKE.
• Correction: You may update or correct inaccurate or incomplete information.
• Deletion: You may request deletion of Your Account or data, subject to EKKE’s legal, tax, audit, or contractual obligations requiring retention.
• Consent Management: You may withdraw consent for non-essential data processing or communications.
• Opt-Out: You may stop receiving promotional or marketing communications at any time through unsubscribe links or the Privacy Centre.
• Grievance Redressal: You may file complaints with EKKE’s Grievance Officer (details in Clause 17) or approach the Data Protection Board of India under the DPDP Act. Requests can be submitted through the Privacy Centre available on the Platform or by contacting EKKE via the methods.

You may exercise these rights via the Privacy Centre on the Platform or by contacting us.

Children’s Information

The Platform is available only to persons competent to contract under the Indian Contract Act, 1872:

The Platform is intended only for individuals competent to contract under the Indian Contract Act, 1872. EKKE does not knowingly collect or process personal data of children under the age of eighteen (18) years).

If You provide data of a minor, You confirm that You are the parent or lawful guardian authorised to share such data and consent to its processing in accordance with this Policy.

If EKKE becomes aware that it has collected personal data of a child without verified parental consent, such data shall be deleted from EKKE’s systems as soon as reasonably practicable.

Third-Party Links

The Platform may contain links to third-party websites, mobile applications, or services for convenience or reference. These third-party sites are operated independently and are governed by their own privacy policies.

EKKE has no control or responsibility over the content, practices, or data-handling standards of such external sites and disclaims liability for any loss or damage arising from Your use of them.

Users are advised to review the privacy and cookie policies of third-party websites before providing any personal information.

Choice / Opt-Out

You may opt out of receiving non-essential or marketing communications by:

• clicking the “unsubscribe” link in emails or messages;
• adjusting notification preferences in Your Account or app settings; or
• using the Privacy Centre on the Platform.

Opting out will stop only promotional messages. Transactional or service-related communications (such as order confirmations, delivery updates, returns, and refund notifications) will continue, as they are essential to complete Your transactions.

EKKE will process opt-out requests promptly, though You may still receive communications already scheduled prior to the update of preferences.

Advertisements

EKKE may work with authorised third-party advertising partners to display product advertisements or personalised recommendations on the Platform or affiliated digital channels.

These partners may use anonymised or pseudonymised data (such as browsing activity, device identifiers, or general location) to display relevant ads based on Your interests.

You may disable personalised advertising by using the “Opt-out of Ads Personalisation” setting available in Your device’s privacy settings or through browser ad-preference controls.

Once You opt out, EKKE will not have access to third-party advertising identifiers (such as GAID or IDFA).

EKKE does not share any personally identifiable financial or sensitive information with advertising networks.

Business Transfers

In the event of any merger, acquisition, restructuring, sale, or transfer of business assets involving EKKE, personal data relevant to the transaction may be transferred to the acquiring or successor entity.

Any such successor entity shall be bound to process Your personal data in accordance with this Privacy Policy or a substantially equivalent framework ensuring equal or greater protection.

EKKE shall notify Users through Platform notices or email before or immediately after such ownership change, where required by law.

Updates

EKKE may revise or update this Privacy Policy from time to time to reflect changes in legal requirements, business practices, or technological developments.

All updates will be published on the Platform with a clearly visible “Last Updated” date.

Where material changes affect how Your data is processed, EKKE will notify You through appropriate means including email, SMS, in-app notifications, or website banners as required under applicable law.

Continued access or use of the Platform after the publication of any such updates shall constitute Your acceptance of the revised Privacy Policy.

Grievance Officer & Contact

In accordance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the DPDP Act, 2023, EKKE has designated a Grievance Officer for addressing user complaints and data-protection concerns:

Jay Trivedi
Designation: Grievance Officer
Zion Collective Private Limited
The Emporio Shop – 1 & 2, GF, AG Chowk,
Kalawad Road, Mota Mava, Rajkot - 360005, India
Email: legal@ekke.co
Phone: +91-8490023233
Timings: Mon–Fri (9:00 AM – 6:00 PM IST)

For general queries, please reach out to:
Customer Support – hello@ekke.com or call EKKE customer care at +91-8490023233 or via the Help Centre on the Platform.

Complaints will be acknowledged within forty-eight (48) hours and responded to or resolved within thirty (30) days, in line with the Consumer Protection (E-Commerce) Rules, 2020.

Eligibility & Verification Checks

For certain services, promotions, or high-value transactions, EKKE may request additional information or documentation to verify identity, address, or eligibility;

Such verification may include submission of:

• Permanent Account Number (PAN), Aadhaar, or other government-issued ID;
• GST number or business KYC details (for business purchases); and
• credit or financial information if You use credit-based or deferred-payment products.

The information provided may be shared securely with authorised banking, lending, or payment partners solely for verification, fraud prevention, and compliance with Applicable Law.

Failure to provide verification details where required may result in suspension, delay, or cancellation of the relevant order or service.

Enhanced User Experience & Loyalty Programs

To personalise and improve Your experience on the Platform, EKKE may collect and process behavioural data such as browsing patterns, shopping preferences, and device interactions;

Voluntary biometric inputs (e.g., facial images or body-fit data) may be processed when You use AI-enabled “virtual try-on” or style-advice tools. Such data is used strictly for providing the requested service and is not stored beyond operational necessity;

When You enrol in a loyalty, referral, or rewards program, EKKE may collect Your name, contact number, account identifiers, and purchase history to administer program benefits.

Participation in any loyalty, referral, or AI-based feature is optional, and withdrawal from these programs may be requested at any time via the Privacy Centre or Customer Support.

Community, Forums & Public Content

When You post reviews, feedback, photos, or content on public areas of the Platform or participate in community features or influencer collaborations, such information becomes publicly accessible;

By uploading or submitting any content, You grant EKKE a non-exclusive, royalty-free, perpetual, worldwide licence to use, reproduce, display, and share such content (with or without attribution) on the Platform, social media, and marketing materials, in accordance with EKKE’s Terms of Use.

EKKE may moderate or remove content at its discretion if it violates law, intellectual-property rights, or Platform policies, without obligation to notify the user.

EKKE encourages users not to disclose personal or sensitive information in public reviews, comments, or community forums.

Customer Support & Correspondence

Your interactions with EKKE’s customer support (including chats, calls, or emails) may be recorded, monitored, or retained to ensure quality assurance, employee training, safety, and service improvement;

These records are also used for fraud detection, dispute resolution, and regulatory compliance, consistent with Applicable Law.

Personal correspondence (including emails or communications from third parties about Your Platform activity) may be stored in Your profile for transaction history, audit, and compliance tracking.

EKKE limits access to such correspondence to authorised personnel only and retains these records for as long as reasonably necessary to fulfil the above purposes.

Third-Party Services

The Platform may integrate or provide access to services, tools, or plug-ins operated by third parties (including payment gateways, analytics tools, AI modules, ad networks, or logistics systems).

EKKE does not control and is not responsible for the data practices, policies, or content of such third-party platforms. Your use of these services is subject to their respective privacy terms and conditions.

We encourage You to review the privacy policies of all third-party service providers before sharing any personal or financial information with them.

EKKE disclaims any liability for damages, losses, or misuse of information arising from the acts or omissions of such third parties.

Children’s Data - Parental Responsibility

If You share or submit data of a child under eighteen (18) years of age on the Platform, You represent and warrant that You are the parent or lawful guardian of the child.

By providing such data, You expressly authorise EKKE to process it in accordance with this Policy, solely for the purpose for which it was shared (e.g., gift purchase, delivery, or loyalty reward registration).

EKKE may require additional verification to confirm parental consent before processing such data.

You assume full responsibility for the accuracy and legality of providing any child’s data to EKKE.

Security Breach Response

EKKE maintains a comprehensive Information Security Incident Response Plan designed to detect, contain, and remediate data breaches or unauthorised disclosures.

In the event of a security incident affecting personal data, EKKE shall:

• promptly investigate and contain the breach;
• notify affected individuals and the relevant authorities, where required by law, within the prescribed timelines; and
• take remedial actions to mitigate harm and prevent recurrence.

EKKE continuously reviews and updates its incident management protocols to align with evolving legal and industry standards.

Data Retention - Fraud Prevention

EKKE retains Personal Data only for as long as necessary to fulfil the purposes for which it was collected, or as required under Applicable Law, contractual obligations, or regulatory guidelines.

In addition to statutory retention, EKKE may retain limited Personal Data in anonymised or restricted form for the following legitimate purposes:

• preventing fraud, identity theft, or abuse of the Platform;
• detecting and investigating repeated misuse or suspicious activity; and
• enforcing EKKE’s legal rights or defending against potential claims.

Once the retention period expires, Personal Data shall be securely deleted, anonymised, or archived in accordance with EKKE’s internal data-retention and destruction policy.

Users may request deletion of their Account and associated data at any time, subject to EKKE’s obligations under law to retain specific information for audit, tax, or dispute-resolution purposes.

Cross-Border Data Transfers and Localisation

EKKE primarily processes and stores Personal Data within India:

Where limited transfers outside India are necessary for operational continuity such as hosting, content delivery, backup, or technical support EKKE ensures that:

• such transfers comply with Applicable Law;
• recipients are bound by contractual obligations ensuring equivalent protection standards; and
• Personal Data is accessed only on a need-to-know basis for legitimate business purposes.

EKKE maintains data localisation for all critical and payment-related information in accordance with RBI and other regulatory directions.

Vendor and Sub-Processor Management

EKKE engages trusted third-party vendors, contractors, and service providers (“Sub-Processors”) to perform specific functions such as hosting, analytics, logistics, payment processing, marketing, and customer support.

All such Sub-Processors operate under written contracts that require confidentiality, security safeguards, and processing solely under EKKE’s instructions.

EKKE conducts due-diligence reviews and monitors vendor compliance to ensure data protection and service integrity.

A current list or description of Sub-Processor categories is available upon request to the Grievance Officer.

Automated Decision-Making and Profiling

EKKE may use automated tools and algorithms to personalise recommendations, detect fraud, or assess risk.

Such processing is subject to appropriate human oversight and validation to ensure fairness and accuracy.

You may request an explanation of decisions significantly affecting You or object to such processing through the Privacy Centre or Grievance Officer, where permitted under law.

Security Testing and Responsible Disclosure

EKKE conducts regular vulnerability assessments, penetration tests, and security audits to maintain the confidentiality, integrity, and availability of Personal Data.

EKKE encourages responsible disclosure of potential security vulnerabilities.

Ethical security researchers may report issues to EKKE Help Centre.

Data Portability and Identity Verification

Upon a verified request, EKKE may provide You with a copy of certain Personal Data in a structured, commonly used format, where technically feasible.

To prevent unauthorised access, EKKE may require reasonable identity verification (such as OTP authentication or registered email confirmation) before processing any access, correction, deletion, or portability request.

EKKE may decline repetitive, excessive, or unfounded requests as permitted under Applicable Law.