HURRAY! You are now LoggedIn!

Privacy Policy of The Coffee Bean & Tea Leaf

PRIVACY POLICY

1. Introduction

EKAAGRA OSTALARITZA PRIVATE LIMITED, is engaged inter alia in the business of setting up, developing, running, managing and operating Cafes under the brand name of "The Coffee Bean & Tea Leaf" in India and eating houses/restaurants, etc. or under any other brand names as may be marketed by ("we," "us," or "our"). We committed to protecting your privacy and personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you access or use our website and mobile application (collectively, "Services"). By using our Services, you agree to the data practices described herein.

We are committed to protecting your privacy and personal information and are actively preparing for compliance with the Digital Personal Data Protection Act, 2023 ('DPDP Act'). Currently, our data practices are governed by the Information Technology Act, 2000 and the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (the 'IT Rules 2011'), as applicable, until the provisions and Rules under the DPDP Act are officially notified and come into effect.

2. Definitions

For the purposes of this Privacy Policy:

  • Personal Data: Any information relating to an identified or identifiable natural person, such as name, email address, phone number, location data, or any other data that can directly or indirectly identify you.
  • Sensitive Personal Data or Information (SPDI): As per Indian IT Rules 2011, includes passwords, financial information, health details, biometric data, sexual orientation, medical records, and any data relating to children under 18.
  • Processing: Any operation performed on personal data, such as collection, storage, use, disclosure, transfer, or destruction.
  • Data Controller: The entity Ekaagra Ostalaritza Private Limited responsible for determining the purposes and means of processing personal data.
  • Data Processor: Any third party processing personal data on behalf of the Data Controller, including service providers like payment gateways, cloud hosting providers, or marketing agencies.
  • Cookies: Small data files placed on your device to store preferences, session information, tracking identifiers, or user behavior data.
  • Consent: Any freely given, specific, informed and unambiguous indication of the User's wishes by which the User agrees to the processing of personal data.
  • Grievance Officer: The designated person responsible for addressing your data privacy concerns and complaints.

3. Information We Collect

Personal Data

  • Name, email, postal address, phone number, account credentials.
  • Financial Information: We only collect payment details (e.g., card number, expiry date) transiently for direct transmission to our PCI-DSS compliant payment processors. We do not store your payment card details.
  • Social media profile data when you log in via social login on our website or app.

Usage and Device Information

  • IP address, device identifiers, browser type, operating system, app version.
  • Interaction data including pages visited or app screens viewed, session duration.
  • Location data collected via GPS or device services only after your explicit consent. (This data is used solely to facilitate order delivery and find the nearest cafe.)

Cookies and Tracking Technologies

  • We use cookies, pixels, and similar technologies on the website and app for analytics, personalization, and ads, based on your explicit consent as detailed in the 'Cookies and Tracking' section below.

4. How We Collect Your Information

  • Directly from you when you register, make purchases, communicate, or use interactive features.
  • Automatically through cookies, analytic SDKs embedded in the app, and web usage tracking.
  • From authorized third parties, such as social platforms when using social login.

5. Use of Your Information

We use your data to:

  • Provide, operate, and improve our Services.
  • Process transactions and customer service.
  • Send administrative, promotional, and personalized marketing communications (with your consent).
  • Analyze service usage to optimize user experience.
  • Detect and prevent fraud and security breaches.
  • Fulfill legal and regulatory obligations.

6. Legal Basis for Processing

We process data based on:

  • Your explicit Consent.
  • Execution of a contract with you (e.g., fulfilling a purchase order).
  • Legal Obligation Compliance (e.g., tax, audit, and law enforcement requests).

DPDP-Recognized Legitimate Uses (including but not limited to):

  • Security, Fraud Prevention, and Protection of property and persons (such as network security monitoring and addressing data breaches).
  • Service Improvement that does not involve extensive profiling or secondary marketing, where the benefits outweigh the minimal privacy intrusion (e.g., anonymous crash reporting).

7. Payment Processing

Payments are handled exclusively via reputable third-party payment processors (e.g., PayU, Razorpay) certified under PCI-DSS standards. We do not store your payment card details.

8. Data Sharing and Disclosure

Your information may be shared with:

  • Trusted third-party service providers strictly for hosting, payment processing, analytics, marketing, and customer service.
  • Affiliates and Business Partners (entities under common ownership or joint marketing programs) solely for the purposes defined in this policy and under strict confidentiality agreements.
  • Law enforcement or regulators where mandated by law.
  • Successors in case of mergers or acquisitions.

9. Data Storage and Transfers

Your data may be stored or processed in India or in countries where our primary Data Processors operate (such as the United States, Singapore, or European Union). We ensure that all cross-border transfers are protected by appropriate safeguards (such as Standard Contractual Clauses) to maintain a level of protection compliant with Indian law.

10. Data Retention

We retain personal data only as long as necessary to fulfill purposes or to comply with statutory requirements, such as tax and corporate laws. Upon expiry, data is securely deleted or anonymized to ensure it can no longer be linked to you.

11. Cookies and Tracking

We use cookies for analytics, personalization, and ads.

  • For non-essential cookies (like those used for advertising and personalization), we obtain your specific, informed, and affirmative Consent via a cookie preference center or banner before placing them on your device.
  • You can manage cookies via your browser or device settings, and you may withdraw your consent for marketing and personalization cookies at any time through our website's preference center.
  • Disabling cookies may limit certain functionalities of the Services.

12. Your Rights

You have the right to:

  • Access and correct your personal data.
  • Request deletion or restriction of your personal data.
  • Withdraw consent where applicable.
  • Object to processing based on legitimate interests.

To exercise your rights, contact us at Compliance@ekaagra.in. Identity verification may be necessary.

13. Location Data and Permissions

We collect location data through the app only with your explicit consent via app permissions. You can revoke location access anytime via device settings.

14. Children's Privacy

Our Services are strictly intended for users aged 18 or above, as defined by the age of majority and the DPDP Act.

  • We do not knowingly collect, process, or store Personal Data from any individual under the age of 18.
  • We use reasonable efforts at the point of registration (e.g., date of birth field) to prevent minors from registering.
  • Parents or legal guardians may contact us to request the immediate deletion of any data inadvertently collected from a child under 18.

15. Security of Your Data

We are committed to safeguarding your personal information and implement reasonable security practices as outlined in the DPDP act, IT Act IT Rules, 2011, including:

  • Physical and Logical Access Controls: Ensuring access to systems and data is restricted to authorized personnel only.
  • Data Encryption: Protecting sensitive data through encryption both in transit and at rest.
  • Regular Security Audits and Staff Training: Conducting security audits regularly and training our staff on data protection best practices.

However, please note that no system can be completely secure, and while we make every effort to protect your data, we cannot guarantee absolute security.

16. External Links

Our Services may include links to third-party websites not governed by this Policy. Please review their privacy policies before providing your personal information.

17. Policy Updates and Notifications

We may update this Privacy Policy as needed. Material changes will be posted on this page with the revision date and communicated via email or app notifications where required.

18. Contact and Grievance Officer

For privacy inquiries, complaints, or to exercise your rights, contact:

Grievance Officer: Nitin Naygandhi
Email: Compliance@ekaagra.in

19. Cybersecurity and Fraud Prevention

Be vigilant against fraudulent communications claiming to be from us. We do not request payments outside official channels. Report suspicious activity to us and relevant cybercrime authorities, including the National Cyber Crime Reporting Portal (cybercrime.gov.in).