Privacy Policy
Last updated: December 5, 2025
Welcome to Prettiva & Co. (“we,” “our,” or “us”). This Privacy Policy explains how we collect, use, disclose and protect your personal data when you visit or make purchases from our website https://prettiva.co and related services. This policy describes the types of data we collect, the lawful bases for processing, how long we retain data, how we share it, and the rights available to you under the Digital Personal Data Protection Act, 2023 (DPDP Act) and applicable law.
1. Information We Collect
We collect personal data necessary to provide and improve our services. Types of data we may collect include:
- Identity & contact: name, email address, phone number, shipping and billing address.
- Account data: account credentials, order history, preferences, wishlists.
- Payment data: payment instrument details processed securely by our payment partners (we do not store full card data on our servers).
- Demographic & profile: postcode, preferences, interests and responses to surveys (if you provide them).
- Technical & analytics: IP address, device and browser information, cookie identifiers, pages visited and usage data collected via analytics tools (e.g., Google Analytics, Facebook Pixel).
- User generated content: reviews, messages, images you upload when interacting with our services.
2. Lawful Basis, Purpose Limitation & Data Minimisation
We collect and process personal data only for specific, explicit and legitimate purposes and only to the extent necessary for those purposes. We rely on the following lawful bases under applicable law, including the DPDP Act:
- Performance of a contract: to process orders, deliver products, and provide customer service.
- Consent: for direct marketing, analytics cookies, and other optional processing where you have given clear, informed and unambiguous consent.
- Legal obligation: to comply with applicable laws, tax and accounting requirements.
- Legitimate interests: for fraud prevention, network and information security, and improving our services where such interests are balanced against your rights and freedoms.
We will provide clear notices at or before the point of data collection explaining the purposes and the lawful basis. We will not process your personal data for new purposes incompatible with the original purpose without further notice or consent where required.
3. How We Use Your Information
We use personal data to:
- Process and fulfil your orders and manage returns.
- Communicate with you about orders, shipping, customer service and account matters.
- Perform fraud detection and security checks.
- Operate, improve and personalize our website, products and services.
- Send marketing communications only if you have opted in; you may withdraw consent at any time as described in Section 8.
- Comply with legal obligations (tax, accounting, regulatory requests).
4. Cookies, Tracking & Consent
We use cookies and similar technologies to provide and improve our services, remember preferences and analyze site usage. When you first visit our site we present a cookie notice that explains cookie categories (necessary, preferences, analytics, marketing) and requests your consent for non-essential cookies. Necessary cookies are required for core site functionality and are used without consent. Analytics and marketing cookies are loaded only after you give consent. You can manage cookie preferences through the banner or via your browser settings and you may withdraw consent at any time using a method that is as easy as the method used to give consent. Declining certain cookies may reduce functionality or personalization.
5. Sharing Your Information
We will not sell or lease your personal data. We share information with third parties only as necessary to provide our services, under contractual confidentiality obligations and technical safeguards. Categories of recipients include:
- Print-on-demand production partners to create and fulfil orders.
- Shipping carriers and logistics partners (e.g., Blue Dart) to deliver products.
- Payment processors and gateways to securely process payments.
- Marketing and analytics service providers to help measure and optimize our services (only with appropriate safeguards or your consent where required).
- Professional advisors and auditors when necessary for legal or financial compliance.
6. Data Storage, Retention & Deletion
Your personal data is stored securely on Odoo’s hosting platform and with our authorised processors. We retain personal data only as long as necessary for the purposes described and to comply with legal obligations. Typical retention periods:
- Order and accounting records: retained for up to 7 years to meet tax and legal obligations.
- Transactional and account data: retained while your account is active and for up to 2 years after inactivity unless needed for legal claims.
- Marketing data: retained until you unsubscribe or withdraw consent.
- Analytics and cookies: retained as described in our cookie notice (typically up to 24 months for analytics identifiers unless you opt out).
When data is no longer necessary we will delete it or anonymize it so it can no longer be used to identify you, unless a longer retention period is required or permitted by law.
7. Data Security & Breach Notification
We implement reasonable technical, administrative and physical safeguards to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These measures include access controls, role-based permissions, monitoring, encryption where appropriate, secure hosting environments and contractual requirements for processors.
In the unlikely event of a personal data breach likely to result in a risk to your rights and freedoms, we will act promptly to contain the breach, assess its impact and, where required by the DPDP Act, notify the Data Protection Board of India and all affected Data Principals without undue delay. We will provide affected individuals with information about the nature of the breach, likely consequences and the steps we are taking, and guidance on measures they can take to protect themselves.
8. Your Rights Under the DPDP Act
You have the following rights in relation to your personal data (subject to applicable exemptions):
- Right of access: request a summary of personal data we hold about you, the processing purposes and categories of recipients to whom data has been disclosed.
- Right to correction: request correction or completion of inaccurate or incomplete data.
- Right to erasure: request deletion of your personal data where permitted by law.
- Right to withdraw consent: withdraw any consent you have given for processing; withdrawal will be as easy as the method used to give consent and does not affect processing carried out before withdrawal.
- Right to nominate: you may nominate a person to exercise your rights under this policy after your death or incapacity; please provide details to our Grievance Officer.
- Right to grievance redressal: you can file a grievance with our Grievance Officer.
We will acknowledge receipt of valid requests without undue delay and will respond substantively within 30 calendar days unless a different statutory timeframe applies. If more time is required we will inform you of the reason and expected timeline.
To exercise your rights, please contact our Grievance Officer using the details in Section 11.
9. Processing Without Consent
Certain processing may be performed without consent where permitted by law and the DPDP Act, for example to comply with legal obligations, to detect or prevent fraud, in an emergency to protect life or health, or when processing is necessary for the establishment, exercise or defence of legal claims. When we rely on such lawful grounds we will process only the minimum data necessary for the purpose.
10. Children’s Privacy
Our services are not intended for persons under 18 years of age. We do not knowingly collect personal data from children under 18. We do not undertake tracking or behavioural monitoring of, or targeted advertising directed at, children. If you believe we may have collected data of a child under 18, please contact us immediately.
11. Grievance Officer
We have designated a Grievance Officer for privacy and grievance matters. For privacy questions, requests to exercise your rights, or to file a grievance, please contact:
Prettiva & Co.
Flat No. G-2, Sy No. 82, Amrita College Road,
Kasavanahalli, Bengaluru Urban,
Karnataka, 560035
Phone: 9686566112
Email: care.prettivaco@gmail.com
Refund Policy: https://prettiva.co/refund-policy
12. International Transfers
Some of our service providers operate outside India and may process or store personal data in other jurisdictions. Where such cross-border transfers occur, we will ensure appropriate safeguards (such as contractual protections, standard contractual clauses where available, and technical measures like encryption) are in place in accordance with applicable law.
13. Third-Party Links & Embedded Content
Our site may contain links to third-party websites or embedded content (such as payment gateways, social media and analytics services). These third parties have their own privacy practices and policies which we do not control. We encourage you to review their privacy notices before submitting personal data to them.
14. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices, legal requirements or services. The “Last updated” date at the top will be revised when the policy is changed. Significant changes will be communicated via a notice on the website or, where required, by email. We will maintain a changelog of material revisions.
15. Contact & Remedies
If you have questions, want to exercise your rights, or wish to file a grievance, please contact our Grievance Officer (details in Section 11). If you remain unsatisfied after raising a grievance with us, you may approach the Data Protection Board of India under the DPDP Act.
For additional information on the DPDP Act and its provisions, see the Government of India guidance: DPDP Act (PDF).
Privacy Policy
Last updated: December 5, 2025
Welcome to Prettiva & Co. (“we,” “our,” or “us”). This Privacy Policy explains how we collect, use, disclose and protect your personal data when you visit or make purchases from our website https://prettiva.co and related services. This policy describes the types of data we collect, the lawful bases for processing, how long we retain data, how we share it, and the rights available to you under the Digital Personal Data Protection Act, 2023 (DPDP Act) and applicable law.
1. Information We Collect
We collect personal data necessary to provide and improve our services. Types of data we may collect include:
- Identity & contact: name, email address, phone number, shipping and billing address.
- Account data: account credentials, order history, preferences, wishlists.
- Payment data: payment instrument details processed securely by our payment partners (we do not store full card data on our servers).
- Demographic & profile: postcode, preferences, interests and responses to surveys (if you provide them).
- Technical & analytics: IP address, device and browser information, cookie identifiers, pages visited and usage data collected via analytics tools (e.g., Google Analytics, Facebook Pixel).
- User generated content: reviews, messages, images you upload when interacting with our services.
2. Lawful Basis, Purpose Limitation & Data Minimisation
We collect and process personal data only for specific, explicit and legitimate purposes and only to the extent necessary for those purposes. We rely on the following lawful bases under applicable law, including the DPDP Act:
- Performance of a contract: to process orders, deliver products, and provide customer service.
- Consent: for direct marketing, analytics cookies, and other optional processing where you have given clear, informed and unambiguous consent.
- Legal obligation: to comply with applicable laws, tax and accounting requirements.
- Legitimate interests: for fraud prevention, network and information security, and improving our services where such interests are balanced against your rights and freedoms.
We will provide clear notices at or before the point of data collection explaining the purposes and the lawful basis. We will not process your personal data for new purposes incompatible with the original purpose without further notice or consent where required.
3. How We Use Your Information
We use personal data to:
- Process and fulfil your orders and manage returns.
- Communicate with you about orders, shipping, customer service and account matters.
- Perform fraud detection and security checks.
- Operate, improve and personalize our website, products and services.
- Send marketing communications only if you have opted in; you may withdraw consent at any time as described in Section 8.
- Comply with legal obligations (tax, accounting, regulatory requests).
4. Cookies, Tracking & Consent
We use cookies and similar technologies to provide and improve our services, remember preferences and analyze site usage. When you first visit our site we present a cookie notice that explains cookie categories (necessary, preferences, analytics, marketing) and requests your consent for non-essential cookies. Necessary cookies are required for core site functionality and are used without consent. Analytics and marketing cookies are loaded only after you give consent. You can manage cookie preferences through the banner or via your browser settings and you may withdraw consent at any time using a method that is as easy as the method used to give consent. Declining certain cookies may reduce functionality or personalization.
5. Sharing Your Information
We will not sell or lease your personal data. We share information with third parties only as necessary to provide our services, under contractual confidentiality obligations and technical safeguards. Categories of recipients include:
- Print-on-demand production partners to create and fulfil orders.
- Shipping carriers and logistics partners (e.g., Blue Dart) to deliver products.
- Payment processors and gateways to securely process payments.
- Marketing and analytics service providers to help measure and optimize our services (only with appropriate safeguards or your consent where required).
- Professional advisors and auditors when necessary for legal or financial compliance.
6. Data Storage, Retention & Deletion
Your personal data is stored securely on Odoo’s hosting platform and with our authorised processors. We retain personal data only as long as necessary for the purposes described and to comply with legal obligations. Typical retention periods:
- Order and accounting records: retained for up to 7 years to meet tax and legal obligations.
- Transactional and account data: retained while your account is active and for up to 2 years after inactivity unless needed for legal claims.
- Marketing data: retained until you unsubscribe or withdraw consent.
- Analytics and cookies: retained as described in our cookie notice (typically up to 24 months for analytics identifiers unless you opt out).
When data is no longer necessary we will delete it or anonymize it so it can no longer be used to identify you, unless a longer retention period is required or permitted by law.
7. Data Security & Breach Notification
We implement reasonable technical, administrative and physical safeguards to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. These measures include access controls, role-based permissions, monitoring, encryption where appropriate, secure hosting environments and contractual requirements for processors.
In the unlikely event of a personal data breach likely to result in a risk to your rights and freedoms, we will act promptly to contain the breach, assess its impact and, where required by the DPDP Act, notify the Data Protection Board of India and all affected Data Principals without undue delay. We will provide affected individuals with information about the nature of the breach, likely consequences and the steps we are taking, and guidance on measures they can take to protect themselves.
8. Your Rights Under the DPDP Act
You have the following rights in relation to your personal data (subject to applicable exemptions):
- Right of access: request a summary of personal data we hold about you, the processing purposes and categories of recipients to whom data has been disclosed.
- Right to correction: request correction or completion of inaccurate or incomplete data.
- Right to erasure: request deletion of your personal data where permitted by law.
- Right to withdraw consent: withdraw any consent you have given for processing; withdrawal will be as easy as the method used to give consent and does not affect processing carried out before withdrawal.
- Right to nominate: you may nominate a person to exercise your rights under this policy after your death or incapacity; please provide details to our Grievance Officer.
- Right to grievance redressal: you can file a grievance with our Grievance Officer.
We will acknowledge receipt of valid requests without undue delay and will respond substantively within 30 calendar days unless a different statutory timeframe applies. If more time is required we will inform you of the reason and expected timeline.
To exercise your rights, please contact our Grievance Officer using the details in Section 11.
9. Processing Without Consent
Certain processing may be performed without consent where permitted by law and the DPDP Act, for example to comply with legal obligations, to detect or prevent fraud, in an emergency to protect life or health, or when processing is necessary for the establishment, exercise or defence of legal claims. When we rely on such lawful grounds we will process only the minimum data necessary for the purpose.
10. Children’s Privacy
Our services are not intended for persons under 18 years of age. We do not knowingly collect personal data from children under 18. We do not undertake tracking or behavioural monitoring of, or targeted advertising directed at, children. If you believe we may have collected data of a child under 18, please contact us immediately.
11. Grievance Officer
We have designated a Grievance Officer for privacy and grievance matters. For privacy questions, requests to exercise your rights, or to file a grievance, please contact:
Prettiva & Co.
Flat No. G-2, Sy No. 82, Amrita College Road,
Kasavanahalli, Bengaluru Urban,
Karnataka, 560035
Phone: 9686566112
Email: care.prettivaco@gmail.com
Refund Policy: https://prettiva.co/refund-policy
12. International Transfers
Some of our service providers operate outside India and may process or store personal data in other jurisdictions. Where such cross-border transfers occur, we will ensure appropriate safeguards (such as contractual protections, standard contractual clauses where available, and technical measures like encryption) are in place in accordance with applicable law.
13. Third-Party Links & Embedded Content
Our site may contain links to third-party websites or embedded content (such as payment gateways, social media and analytics services). These third parties have their own privacy practices and policies which we do not control. We encourage you to review their privacy notices before submitting personal data to them.
14. Changes to This Policy
We may update this Privacy Policy to reflect changes in our practices, legal requirements or services. The “Last updated” date at the top will be revised when the policy is changed. Significant changes will be communicated via a notice on the website or, where required, by email. We will maintain a changelog of material revisions.
15. Contact & Remedies
If you have questions, want to exercise your rights, or wish to file a grievance, please contact our Grievance Officer (details in Section 11). If you remain unsatisfied after raising a grievance with us, you may approach the Data Protection Board of India under the DPDP Act.
For additional information on the DPDP Act and its provisions, see the Government of India guidance: DPDP Act (PDF).