Privacy Policy

AveoEarth Impact Private Limited is committed to protecting your personal data. This Policy explains how we collect, use, and safeguard your information.

1. Who We Are

AveoEarth Impact Private Limited, a company incorporated under the Companies Act, 2013, having its registered office at C-129, Sector 26, Noida, Uttar Pradesh – 201301, India, operates an online marketplace connecting eco-conscious buyers with independent third-party sellers (“Sellers”).

For purposes of applicable data protection laws, including the Digital Personal Data Protection Act, 2023 (“DPDP Act”):

  • AveoEarth acts as a Data Fiduciary in relation to personal data collected directly through the Platform.
  • Sellers act as independent Data Fiduciaries for personal data they collect or process independently of the Platform (including post-delivery interactions).
  • Where AveoEarth processes personal data strictly on documented Seller instructions, it acts as a Data Processor under contractual arrangements.

We collect and process only such personal data as is necessary for specified and lawful purposes in accordance with applicable law.

2. Scope of This Policy

This Policy applies to personal data collected through:

  • www.aveoearth.com
  • Associated mobile applications
  • Customer support channels
  • Seller onboarding processes

This Policy does not apply to third-party websites, payment gateways, logistics providers, or Seller-operated services outside the Platform.

3. Personal Data We Collect

3.1 Identity & Contact Data

  • Name
  • Email address
  • Phone number
  • Shipping and billing addresses

3.2 Order & Payment Metadata

  • Order details
  • Transaction identifiers
  • Masked instrument type (card/UPI)
  • Payment gateway or bank responses

We do not store full card numbers, CVV, or unmasked payment credentials.

3.3 Device & Technical Data

  • IP address
  • Browser/device identifiers
  • Log files
  • Cookie identifiers

3.4 Communications

  • Chats
  • Emails
  • Support tickets
  • Call recordings (where notified)

3.5 Seller KYC & Compliance Data

For Seller onboarding and regulatory compliance:

  • GSTIN
  • PAN
  • Bank account details
  • Business registration documents
  • Additional documentation required under applicable law or payment partner underwriting

Sensitive KYC data is processed under strict access controls and encryption safeguards in accordance with applicable law.

4. Purposes & Lawful Basis

We process personal data only for lawful, specific, and necessary purposes:

4.1 Contractual Performance

  • Order fulfilment
  • Payments and refunds
  • Delivery coordination
  • Account management

4.2 Legal Obligations

  • KYC verification
  • Fraud prevention
  • Tax compliance
  • Regulatory reporting

4.3 Legitimate Interests

  • Risk scoring and fraud detection
  • Dispute handling
  • Platform improvement
  • Analytics and service optimisation

Where legitimate interest is relied upon, we conduct balancing assessments to ensure your rights are not overridden.

4.4 Consent (Where Required)

  • Marketing communications
  • Non-essential cookies

Consent is free, specific, informed, and provided through clear affirmative action. Consent may be withdrawn at any time. Withdrawal does not affect prior lawful processing.

5. Marketplace Data Role Clarification

5.1 AveoEarth shares limited customer information with Sellers solely for order fulfilment, delivery, and dispute resolution.

5.2 Sellers are independent Data Fiduciaries for data they process in connection with their products and statutory obligations.

5.3 Sellers are contractually required to comply with applicable data protection laws.

5.4 AveoEarth is not responsible for independent processing activities undertaken by Sellers outside the Platform.

6. Sustainability & Impact Data

Where the Platform displays sustainability metrics, carbon estimates, or ESG indicators:

  • Such information may rely on Seller-provided data and third-party datasets.
  • Sustainability analytics are indicative and based on available information.
  • Unless expressly certified, AveoEarth does not independently audit all sustainability representations.
  • Such analytics do not result in automated decisions affecting legal or similarly significant rights.

7. Sharing of Personal Data

We share personal data strictly on a need-to-know basis with:

  • Sellers (for order fulfilment)
  • RBI-regulated payment aggregators and banks
  • Card networks
  • Logistics partners
  • Cloud hosting providers
  • Analytics and technology vendors
  • Customer support vendors
  • Regulatory authorities and law enforcement where legally required

We do not sell or trade personal data.

8. International Transfers

Where service providers process data outside India:

  • Transfers are conducted in accordance with applicable Indian law.
  • Transfers are subject to any restricted jurisdictions notified by the Central Government under the DPDP Act.
  • Appropriate contractual and technical safeguards are implemented.

9. Data Security

We implement appropriate technical, administrative, and organisational safeguards designed to protect personal data against unauthorised access, disclosure, alteration, or destruction, including:

  • Encryption of data in transit using HTTPS/TLS
  • Encryption of sensitive data at rest, where appropriate
  • Role-based access controls and least-privilege access principles
  • Multi-factor authentication for privileged access
  • Audit logging and continuous security monitoring
  • Periodic vulnerability assessments and security reviews
  • Vendor security due diligence and contractual data protection obligations
  • Incident response and breach management procedures

Payment data is processed exclusively by PCI-DSS compliant payment partners in accordance with RBI tokenisation norms. No system guarantees absolute security.

10. Data Breach Response

In the event of a personal data breach, we will:

  • Investigate and contain the incident
  • Notify affected individuals and competent authorities as required under applicable law
  • Implement corrective and preventive measures

11. Data Retention

We retain personal data only as long as necessary:

  • Customer account data: duration of account + applicable legal limitation period (typically 3 years under contract law, unless extended by statute)
  • Order & transaction records: as required under tax and accounting laws (typically up to 8 years)
  • Seller KYC records: as required under regulatory or payment partner requirements
  • Support communications: retained for dispute resolution purposes
  • Technical logs: retained for operational and security needs

Upon account deletion, personal data will be deleted or anonymised, subject to statutory retention obligations.

12. Your Rights

Subject to applicable law, you may request:

  • Access to your personal data
  • Correction of inaccuracies
  • Deletion (where legally permissible)
  • Withdrawal of consent
  • Data portability (where technically feasible)
  • Nomination of a representative under the DPDP Act

Requests may be submitted to support@aveoearth.com. We respond within timelines prescribed under applicable law and, where not specified, within 30 days.

13. Children’s Privacy

The Platform is intended for individuals aged 18 years and above.

We do not knowingly collect personal data from children. Orders placed by minors without appropriate legal authority may be cancelled.

14. Cookies

We use essential, functional, analytics, and performance cookies.

Non-essential cookies require consent where applicable.

You may manage preferences via browser settings or the cookie consent tools provided.

For detailed information, refer to our Cookie Notice.

15. Automated Processing & Fraud Detection

We may use automated systems for fraud detection and risk scoring.

Such processing does not result in solely automated decisions producing legal or similarly significant effects without appropriate human review.

You may request review of automated decisions by contacting us.

16. Limitation & Relationship with Terms

Nothing in this Privacy Policy expands liability beyond that set forth in our Terms & Conditions or other applicable agreements.

Nothing limits statutory rights available under applicable law.

17. Changes to This Policy

We may update this Policy to reflect legal, operational, or regulatory changes.

Material updates will be notified on the Platform.

18. Contact & Grievance Redressal

Support

Email: support@aveoearth.com

Phone: +91-99100 77670

Grievance Officer

Name: Anand Bhardwaj Sharma

Email: support@aveoearth.com

Complaints will be acknowledged within 48 hours and resolved within 30 days in accordance with applicable law.

If unsatisfied, you may approach the Data Protection Board of India once operational.

Related Policies

Terms & Conditions Refunds & Cancellations Shipping & Delivery Cookie Policy