Privacy Policy

Effective Date: 13/11/2025

This document promulgates the Privacy Policy governing the collection, utilization, processing, storage, and disclosure of personal information by Vihas Interiors, hereinafter referred to as "the Company," in its capacity as the operator of the e-commerce platform Vihas Furniture (Vihasfurniture.com). The applicability of this policy extends to any individual, hereinafter referred to as "the User," who visits the website, establishes an account, avails themselves of the services, procures products, or otherwise engages with the aforementioned platform.

The Company espouses a profound commitment to the safeguarding of User privacy and the fortification of personal data security. This policy is formulated to be transparent and to ensure adherence with all applicable data protection legislation within the jurisdiction of India, inclusive of, but not limited to, the Information Technology (IT) Act, 2000, and the rules promulgated thereunder. Furthermore, it integrates the fundamental principles of transparency, lawful purpose, data minimization, and accountability as delineated in India's data protection framework, including the Digital Personal Data Protection (DPDP) Act.

Usage of the website signifies the User's acknowledgment and understanding of the terms stipulated herein. A careful perusal of this document is advised to comprehend the nature of the data collected, the methodologies of its use, and the rights accruing to the User.

1. Modalities of Information Collection

The Company effectuates the collection of personal information through several modalities: data proffered directly by the User, data gathered automatically consequent to User interaction with the website, and data procured from third-party sources. The acquisition of such information is a necessary prerequisite for the provision of services, the fulfillment of procurement orders, and the enhancement of the User experience. "Personal Information" shall be defined as any data capable of, either directly or indirectly, identifying a natural person.

A. Information Proffered Directly by the User:

This category of information is collected when Users execute specific actions, including, inter alia, the establishment of an account, the placement of a procurement order, the submission of a contact form, subscription to electronic newsletters, or engagement with the customer support apparatus.

• Contact Data: Comprises the User's full legal Name (requisite for order processing, personalization, and invoicing), telephonic contact number (for critical order notifications, logistical coordination, and verification protocols), electronic mail address (which serves as the account login identifier and the medium for transmitting order confirmations, invoices, and marketing communiques), physical Mailing Address (for product dispatch), and Billing Address (for payment verification and fraud mitigation).
• Account Credentials: Upon account creation, the User's chosen Password is collected. This credential is stored in a secure, encrypted (hashed) format, rendering it inscrutable to the Company. Its sole purpose is the protection of the User's account and the facilitation of access to order history and personal preferences.
• Financial Data: During a purchase transaction, Debit/Credit Card details or ancillary payment instrument information (e.g., UPI ID, net banking credentials) are collected. This financial data is not retained on the Company's servers. It is captured and processed directly by secure, PCI-DSS compliant third-party payment fiduciaries (namely, Razorpay and Cashfree) who possess the authorization to complete the financial transaction.
• Demographic Data: The User's Age is collected to ascertain legal eligibility to enter into binding contracts and to ensure compliance with policies prohibiting the solicitation of minors, as delineated in Section 5.
• Professional Data: The User's Job Title may be collected on an optional basis. This information, were it to be provided, facilitates a more nuanced understanding of the Company's diverse clientele (e.g., interior designers, corporate entities, domestic consumers) for the purpose of optimizing product offerings and marketing strategies.
• Correspondence Data: Information generated during communications between the User and the Company is collected. This includes, but is not limited to, records of correspondence with the customer support team via electronic mail or chat, and any data furnished by the User when reporting operational anomalies with the website or products.

B. Information Collected via Automated Processes:

Upon visiting Vihasfurniture.com, certain technical and usage-related information pertaining to the User's device and interaction with the site is automatically collected.

• Tracking Technologies & Cookies: The platform employs Cookies (diminutive text files stored within the User's browser), Local Storage (a mechanism for browser-based data storage), and Sessions (transient server-side data). These technologies are indispensable for a functional e-commerce environment, facilitating functionalities such as persistent login status, retention of items in the virtual shopping cart, and the preservation of site preferences (e.g., geographic location). Both session cookies (which are extirpated upon browser closure) and persistent cookies (which remain for a predetermined duration) are utilized.
• Analytics & Usage Data: Digital analytics software (e.g., Google Analytics) is employed to amass aggregated data concerning User behavior. This encompasses data points such as pages visited, duration of visit per page, hyperlinks clicked, referral sources, and general interaction patterns. This information, which is anonymized or aggregated and thus incapable of personal identification, is vital for comprehending website traffic, discerning popular products, and enhancing the platform's overall design, functionality, and performance.
• Device & Technical Data: The User's Internet Protocol (IP) address, browser type and version, operating system, and other technical specifications of the device used to access the site may be collected.
• Geolocation Data: Information regarding the User's approximate location (e.g., city, country), as inferred from the IP address, may be collected. This facilitates the personalization of the User experience, including the display of relevant products, calculation of shipping estimations, and regional targeting of advertisements.
• Security Measures: The service known as Google's Invisible reCAPTCHA is utilized to defend the website against spam, fraud, and automated abuse (such as automated account creation by "bots"). This tool scrutinizes User behavior on the site (including mouse movements and keystrokes) and may transmit this information to Google for the purpose of distinguishing human Users from automated agents. The use of reCAPTCHA is governed by the Google Privacy Policy and Terms of Use.

2. Purposes of Information Utilization

Information collected by the Company is utilized for specific, explicit, and lawful purposes ancillary to its e-commerce operations. No data processing shall be undertaken in a manner incompatible with these declared purposes.

• Order Fulfillment (Order Processing): The primary use of collected data is the fulfillment of User orders. This encompasses the complete order lifecycle, commencing with the processing of payment and confirmation of purchase via electronic mail, extending to communication regarding order status, coordination with logistical partners for product dispatch, and the management of any subsequent returns, refunds, or warranty claims, including the necessary data processing protocols requisite for the administration of claims submitted within the prescribed seven-day period.
• Account Management (Account Administration): Data is used to create, secure, and maintain the User's account. This facilitates the use of functionalities such as Google Social Login, review of past order history, storage of multiple shipping addresses, creation of wishlists, and management of personal preferences, thereby streamlining the checkout process.
• User Communication (Customer Service): Contact information is employed to dispatch two distinct categories of communication:
  1. Transactional Communications: These are essential, non-promotional messages pertaining to the User's account or orders, such as order confirmations, invoices, shipping notifications, password reset instructions, and policy advisories.
  2. Marketing Communications: Subject to the User's explicit, affirmative consent, marketing-related electronic mail and newsletters may be dispatched, detailing new products, seasonal promotions, special offers, and company news. The User retains the right to opt-out of such communications at any time.
• Personalization & Advertising (Marketing): Data is utilized to display relevant advertisements, including targeted banners and promotions, within the website. Retargeting services, such as the Facebook Pixel, are also employed. Consequently, subsequent to visiting the site, advertisements for Company products (e.g., a specific item viewed) may be presented to the User on external platforms (e.g., Facebook, Instagram). This is achieved through the placement of a tracking cookie within the User's browser.
• Service Improvement (Analytics & R&D): User data, predominantly in an aggregated analytics format, is analyzed to comprehend customer requirements, identify and rectify website bugs or errors, enhance the user interface (UI/UX), and inform strategic business decisions regarding product inventory, website architecture, and marketing strategy. This analysis is instrumental in maintaining an intuitive, efficient, and user-friendly platform.
• Security & Legal Compliance: Information is used to prevent and detect fraudulent activities, protect the website from malicious attacks, and safeguard the Company's legal rights. This includes monitoring for anomalous login attempts, verifying User identity, and adhering to all legal or regulatory obligations, such as the retention of records for fiscal purposes or responding to lawful requests from governmental authorities.

3. Disclosure of Information

The Company does not engage in the sale, rental, or trade of personal information to third parties for their marketing endeavors. Information is disclosed solely to trusted partners, hereinafter referred to as "Data Processors," who provide services essential to the Company's business operations, and such disclosures are contingent upon the partners' adherence to stringent data protection standards.

• Payment Fiduciaries: Financial information is shared with Razorpay and Cashfree. Their authorization to use this information is strictly limited to the secure processing of one-time payments. These entities are bound by their own rigorous privacy policies and maintain PCI-DSS compliance.
• Logistical & Delivery Partners: The User's Name, Mailing Address, and Phone Number must be disclosed to third-party courier and logistics partners to effectuate the delivery of purchased items. The permission granted to these partners to use this information is confined exclusively to the purpose of delivery and delivery-related communications.
• Advertising Partners: Certain data (often technical data derived from cookies or pseudonymized data, such as a hashed email address) is shared with advertising platforms, including Facebook (Meta) and Google, for retargeting and promotional activities. This enables the creation of "custom audiences" and the delivery of relevant advertisements on those platforms.
• Analytics Providers: Anonymized and aggregated data is shared with analytics firms (e.g., Google) to facilitate the analysis of website usage and trends. Such data is incapable of personally identifying any individual.
• Technology & Service Providers: Other third-party entities may be engaged to perform essential services. This roster includes cloud hosting providers (for website hosting), email service providers (for dispatching newsletters and order confirmations), and customer support software vendors (for helpdesk management). These providers are granted access to personal data only to the extent necessary to perform these specific tasks on the Company's behalf.
• Legal Mandates: Information may be disclosed if required by law, or if there is a good-faith belief that such action is necessary to: (a) comply with a legal obligation or respond to a valid legal process, such as a court order or governmental investigation; (b) protect and defend the rights, property, or safety of the Company; (c) prevent or investigate potential wrongdoing in connection with the services; or (d) protect the personal safety of Users or the public.
• External Hyperlinks: The website may contain hyperlinks to external websites. This Privacy Policy does not extend to, nor does it govern, those external sites. The Company bears no responsibility for the privacy practices of such sites, and Users are advised to review the privacy policies of any external site before furnishing personal data.

4. User Rights and Prerogatives

The User is vested with specific rights pertaining to their personal information. The Company is committed to facilitating the exercise of these rights.

• Cookie Management: The default configuration of most web browsers is to accept cookies. Users may manage their cookie preferences via their browser settings to block, delete, or receive notifications about cookies. It must be noted that disabling essential cookies may impede website functionality, including, but not limited to, the ability to maintain a login session or retain items in the shopping cart.
• Marketing Communications (Opt-Out): The User possesses the right to opt-out of receiving newsletters and promotional emails at any juncture. Every marketing-related email dispatched by the Company contains a conspicuous "unsubscribe" hyperlink in its footer. Activating this link will result in the immediate cessation of such communications. No penalty shall be incurred for unsubscribing, and essential transactional emails will continue to be delivered.
• Right of Access and Rectification: The User has the right to access the personal information held by the Company. A majority of this information can be reviewed and updated directly by the User via their "My Account" page. For rectification of information not editable through this portal, or to request a copy of the data, the User should contact the Company.
• Withdrawal of Consent: In instances where data processing is predicated upon User consent (e.g., for marketing communications), the User retains the right to withdraw said consent at any time. Such withdrawal shall not affect the lawfulness of any processing conducted prior to the withdrawal.
• Right to Erasure: The User may request the deletion of their personal information. The Company will comply with such requests, subject to specific exceptions. Deletion may not be possible where an overriding legal or contractual obligation for data retention exists (e.g., retention of invoices for fiscal purposes, data pertinent to active product warranties, or information required for the defense of legal claims).
• Grievance Redressal: The User has the right to lodge a complaint regarding any aspect of the Company's handling of their data. Such complaints should be directed to the Grievance Officer (details provided in Section 8), who will investigate and address the concerns. The Company endeavors to resolve all issues promptly and equitably.

5. Privacy of Minors

The Company's website and services are not intended for, nor are they directed at, individuals below the age of 13 years. The Company does not knowingly collect, solicit, or maintain personal information from children under the age of 13. Individuals under this age are strictly prohibited from attempting to register an account, effectuate a purchase, or transmit any personal information to the Company.

In the event that a parent or legal guardian discovers that a child under their care and below the age of 13 has provided personal information to the Company, immediate contact with the Company is requested. The Company will undertake prompt measures to extirpate said information from its systems.

6. Data Security Protocols

The Company accords significant importance to data security. Reasonable and appropriate administrative, technical, and physical security measures are implemented to protect personal information from unauthorized access, use, disclosure, alteration, or destruction.

• Technical Measures: These measures include, but are not limited to, the deployment of SSL (Secure Socket Layer) encryption for all data transmitted to and from the website, the encryption of sensitive data (such as passwords) within the database, and the utilization of firewalls, secure server configurations, and stringent access controls.
• Administrative Measures: These measures include restricting internal access to personal data on a strict "need-to-know" basis, granting such access only to employees whose job functions necessitate it (e.g., customer support personnel). Regular data privacy and security training is mandated for all relevant staff.

Notwithstanding these efforts, it must be acknowledged that no method of transmission over the Internet or method of electronic storage is one hundred percent secure. While the Company endeavors to use commercially acceptable means to protect personal information, its absolute security cannot be guaranteed.

7. Amendments to This Policy

This Privacy Policy may be updated periodically to reflect modifications in operational practices, the adoption of new technologies, or for legal and regulatory imperatives. Notification of any significant changes will be effected by posting the revised policy on this page and amending the "Effective Date" at the apex of this document. For changes deemed material, a more prominent notice (such as via electronic mail or a website pop-up) may be provided prior to the changes taking effect. Users are advised to review this policy periodically to remain informed of the measures being taken to protect their information.

8. Contact Information & Grievance Officer

For any questions, concerns, or complaints regarding this Privacy Policy, the Company's data practices, or for the exercise of User rights, contact should be made with the dedicated Grievance Officer. This individual is responsible for overseeing compliance with privacy legislation and addressing all User issues.

The Company will endeavor to acknowledge any query or complaint promptly and furnish a substantive response within the timeframes stipulated by applicable law.

• Electronic Mail: vihasfurniture@gmail.com
• Telephone: 7373014462
• Physical Address: No 2, 147 Block C, Cuddalore Main Road, Udayapatti, Salem-636140, Tamil Nadu
• Website: Via the contact page on Vihasfurniture.com