PRIVACY POLICY

This Privacy Policy describes how Brexx.in ("we," "us," or "our") collects, uses, discloses, and protects information when you visit our website, purchase our products, or interact with our services.

This policy applies to all users of our website (brexx.in), customers who purchase our premium men's jeans and fashion products, and anyone who interacts with our brand through various channels including email, phone, or social media.

Personal Information You Provide

We collect information you voluntarily provide to us when you:

• Create an account: Name, email address, phone number, date of birth
• Make a purchase: Billing and shipping addresses, payment information (processed securely)
• Contact us: Name, email, phone number, and message content
• Subscribe to newsletters: Email address and communication preferences
• Leave reviews: Name, review content, ratings, and photos (optional)
• Participate in surveys: Feedback, preferences, and opinions

Automatically Collected Information

When you visit our website, we automatically collect certain information through cookies and similar technologies:

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Data: Pages visited, time spent on pages, click patterns, search queries
• Location Data: General geographic location (city/region level) based on IP address
• Cookies & Tracking: Website preferences, shopping cart contents, session information

Information from Third Parties

We may receive information from trusted third-party services:

• Payment processors: Transaction confirmations, payment status (we do NOT store credit card details, CVV, or OTP)
• Shipping partners: Delivery status, tracking information
• Social media platforms: Profile information (if you choose to connect your account)
• Analytics providers: Aggregated website performance data

Data Minimization Principle

We collect only the minimum personal data necessary to fulfill the stated purpose. We will not collect excessive or irrelevant information beyond what is required for providing our services.

Primary Uses (Essential Services)

We use your personal information for the following purposes:

• Order Processing: Fulfilling purchases, payment processing, shipping coordination
• Customer Service: Responding to inquiries, resolving issues, providing support
• Account Management: Creating and maintaining your account, preference settings
• Communication: Order updates, shipping notifications, transactional emails
• Security & Fraud Prevention: Protecting against fraud, unauthorized access, and security threats
• Legal Compliance: Meeting tax, accounting, and regulatory requirements

Secondary Uses (With Your Explicit Consent)

• Marketing Communications: Newsletter, promotional offers, new product announcements, exclusive deals
• Personalization: Customized product recommendations, tailored shopping experience
• Market Research: Product development, customer satisfaction surveys, feedback collection
• Analytics: Website optimization, user behavior analysis, A/B testing
• Retargeting Ads: Showing relevant advertisements on third-party platforms (if you opt-in)

Purpose Limitation

Important: Personal data will ONLY be used for purposes disclosed at the time of collection. If we need to use your data for a new purpose not covered in this policy, we will seek your fresh consent before proceeding.

Automated Decision-Making & Profiling

We may use automated systems and algorithms for:

• Product Recommendations: Suggesting products based on browsing history and purchase patterns
• Fraud Detection: Identifying potentially fraudulent transactions
• Inventory Management: Predicting demand and optimizing stock levels

Your Rights: You have the right to request human review of any automated decision that significantly affects you, and to opt-out of profiling for marketing purposes.

We Share Information With:

• Service Providers: Payment gateways (Razorpay, Paytm), shipping companies (Delhivery, Blue Dart), email service providers, web hosting services
• Business Partners: Only when necessary for order fulfillment (e.g., courier services for delivery)
• Legal Authorities: When required by law, court orders, government requests, or to protect our rights, property, and safety
• Analytics Providers: Google Analytics, Meta Pixel (aggregated, anonymized data only for website improvement)
• Professional Advisors: Lawyers, accountants, auditors (under confidentiality obligations)

We Do NOT Share Information With:

• Third-party advertisers for their independent marketing purposes
• Data brokers or information resellers
• Social media platforms for advertising (unless you explicitly connect and consent)
• Competitors or unrelated businesses

Government & Legal Disclosure

We may disclose your personal information to government authorities or law enforcement when:

• Required by law (tax audits, GST compliance, legal proceedings)
• Responding to valid court orders or subpoenas
• Protecting against fraud, security threats, or illegal activities
• Enforcing our terms of service or protecting our legal rights

We will notify you of such disclosures unless legally prohibited from doing so.

Business Transfers

In the event of a merger, acquisition, sale of assets, or business restructuring, your personal information may be transferred to the new entity. We will:

• Notify you via email at least 30 days before the transfer
• Ensure the new entity honors this privacy policy
• Provide you the option to delete your account before the transfer

We never sell, rent, or lease your personal information to third parties for their marketing purposes.

As Brexx.in operates primarily in India, your personal information is processed and stored within India. However, some of our service providers may process data in other countries.

International Transfers

Your data may be transferred to the following countries for specific purposes:

• United States: Cloud hosting (AWS, Google Cloud), email services, analytics
• European Union: Payment processing, customer support tools
• Singapore: Data backup and recovery services

Safeguards for International Transfers

When we transfer data internationally, we ensure:

• Adequate level of data protection in the destination country as per DPDP Act, 2023
• Standard Contractual Clauses (SCCs) approved by Indian authorities
• Data processing agreements with all third-party processors
• Encryption during transmission and storage
• Compliance with applicable data protection laws in both India and destination countries

Security Measures

We implement comprehensive technical and organizational security measures to protect your personal information:

• Encryption: SSL/TLS 256-bit encryption for all data transmission between your browser and our servers
• Secure Storage: AES-256 encrypted databases with restricted access controls
• Access Controls: Role-based access for employees, multi-factor authentication for admin accounts
• Regular Security Audits: Quarterly security assessments and vulnerability testing
• 24/7 Monitoring: Real-time monitoring for suspicious activities and intrusion attempts
• Backup Systems: Secure, encrypted data backup and disaster recovery procedures
• Firewalls: Advanced firewall protection and DDoS mitigation
• Secure Development: Following OWASP security guidelines for web application development

Payment Security

All payment information is processed through PCI DSS Level 1 compliant payment processors (Razorpay, Paytm). We do NOT store:

• Complete credit/debit card numbers
• CVV/CVC security codes
• Card PINs or OTPs
• Net banking credentials

Only tokenized payment references are stored for order tracking purposes.

Employee Training & Access

• All employees receive mandatory data protection and privacy training
• Access to personal data is limited to authorized personnel only
• Employees sign confidentiality agreements
• Regular awareness sessions on security best practices

Data Breach Notification

In the unlikely event of a data breach that may affect your personal information, we will:

• Notify you: Within 72 hours via email to your registered email address
• Inform authorities: Report to the Data Protection Board of India as required by law
• Provide details: Type of data affected, potential consequences, steps we're taking
• Recommend actions: Advise you on steps to protect yourself (password changes, fraud alerts)
• Investigation: Conduct thorough investigation and implement corrective measures

Under the Digital Personal Data Protection Act, 2023, you have the following rights regarding your personal information:

Your Rights Include:

• Right to Access: Request a copy of all personal information we hold about you
• Right to Correction: Update or correct inaccurate, incomplete, or outdated personal information
• Right to Erasure/Deletion: Request deletion of your personal information (subject to legal retention requirements)
• Right to Data Portability: Receive your data in a structured, commonly used, machine-readable format (CSV, JSON)
• Right to Withdraw Consent: Withdraw previously given consent for marketing, profiling, or other non-essential processing
• Right to Restriction: Limit how we use your personal information in certain circumstances
• Right to Nominate: Nominate another person to exercise your rights on your behalf in case of death or incapacity
• Right to Grievance Redressal: Lodge complaints with our Grievance Officer or the Data Protection Board of India
• Right to Opt-out: Unsubscribe from marketing communications, promotional emails, SMS, and push notifications at any time

How to Exercise Your Rights

To exercise any of these rights, you can:

• Email us: privacy@brexx.in or info.support@brexx.in
• Call us: 8700254902 (Mon-Sat, 9 AM - 7 PM IST)
• Account Dashboard: Update information directly in your account settings
• Subject Line: Use "Privacy Rights Request - [Your Request Type]"

Response Timeline

• We will acknowledge your request within 3 business days
• We will fulfill your request within 30 days from verification
• For complex requests, we may extend by an additional 30 days with prior notice
• Identity verification may be required for security purposes

How to Withdraw Consent

You can withdraw your consent for marketing and non-essential data processing through:

• Email: Click "Unsubscribe" link at the bottom of any marketing email
• Account Settings: Manage communication preferences in your dashboard
• SMS: Reply "STOP" to any promotional SMS
• Contact Us: Email privacy@brexx.in or call 8700254902

What Happens After Withdrawal:

• We will stop sending marketing communications within 48 hours
• Your account will remain active for transactional services (order processing, customer support)
• Withdrawal does not affect lawful processing done before withdrawal
• Some services may be limited if essential consent is withdrawn

Exceptions to Data Deletion

We may not be able to delete your data immediately if we need it for:

• Completing ongoing transactions or orders
• Legal compliance (tax records, financial audits - 7 years)
• Resolving disputes or enforcing agreements
• Fraud prevention and security investigations

What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us provide a better user experience and understand how you interact with our site.

Types of Cookies We Use

• Essential Cookies (Mandatory): Required for website functionality - shopping cart, login sessions, security. These cannot be disabled.
• Performance Cookies: Analytics to measure website performance, page load times, error tracking (Google Analytics)
• Functional Cookies: Remember your preferences, language settings, region selection
• Marketing Cookies (Requires Consent): Personalized content, advertisements, retargeting campaigns (Facebook Pixel, Google Ads)

Third-Party Cookies

We use the following third-party cookies:

• Google Analytics: Website traffic analysis (retained for 26 months)
• Facebook Pixel: Ad targeting and conversion tracking (if you consent)
• Payment Gateway Cookies: Secure payment processing

Managing Cookies

You can control cookies through:

• Cookie Consent Banner: Manage preferences when you first visit our website
• Browser Settings: Accept/reject all cookies, delete existing cookies, block third-party cookies
• Account Dashboard: Update cookie preferences after logging in

How to Disable Cookies in Popular Browsers:

• Chrome: Settings → Privacy and Security → Cookies and other site data
• Firefox: Settings → Privacy & Security → Cookies and Site Data
• Safari: Preferences → Privacy → Block all cookies
• Edge: Settings → Privacy, search, and services → Cookies and site permissions

Note: Disabling essential cookies may affect website functionality and prevent you from making purchases or accessing your account.

Age Restrictions

Our services are not intended for individuals under 18 years of age. We do not knowingly collect, use, or disclose personal information from children under 18 without verifiable parental consent as required by the Digital Personal Data Protection Act, 2023.

Parental Consent Requirement

If you are under 18 years old:

• You must obtain consent from your parent or legal guardian before creating an account
• Your parent/guardian must verify their identity and provide explicit consent
• We may request age verification documents if necessary

Parental Rights

Parents and legal guardians have the right to:

• Access their child's personal information
• Request correction or deletion of their child's data
• Withdraw consent at any time
• Receive information about how their child's data is used

No Behavioral Monitoring of Children

We do NOT engage in:

• Behavioral monitoring or profiling of users under 18
• Targeted advertising to children
• Tracking children's online activities across websites
• Collecting more data from children than necessary

If We Discover Underage Users

If we become aware that we have collected personal information from a child under 18 without proper parental consent, we will:

• Delete the information immediately (within 24 hours)
• Terminate the account
• Notify the parent/guardian if contact information is available

Retention Criteria

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including:

• Providing services and fulfilling orders
• Complying with legal, tax, and accounting obligations
• Resolving disputes and enforcing agreements
• Preventing fraud and maintaining security

Automatic Deletion Process

After the retention period expires, we automatically:

• Securely delete or anonymize your personal data
• Remove data from active databases and backup systems
• Use certified data destruction methods
• Maintain deletion logs for audit purposes

Active Account Deletion

You can request account deletion at any time. Upon deletion:

• Personal data will be deleted within 30 days
• You will receive confirmation via email
• Some data may be retained for legal compliance (7 years for financial records)
• Deletion is irreversible - you cannot recover your account

Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors.

When We Make Material Changes:

• We will update the "Last Updated" date at the top of this policy
• We will notify you via email at least 30 days before changes take effect
• We will post a prominent notice on our website homepage
• For significant changes affecting your rights, we may seek your renewed consent
• You have the right to object to changes and delete your account

Version History

We encourage you to review this policy periodically to stay informed about how we protect your information.

Our website may contain links to third-party websites, social media platforms, or external services (e.g., payment gateways, shipping tracking).

Important Disclaimer

• We are NOT responsible for the privacy practices of third-party websites
• These websites have their own privacy policies
• We do not control or endorse their data collection practices
• We recommend reading their privacy policies before sharing information

Examples of third-party links: Social media icons, payment gateway redirects, customer review platforms, courier tracking websites.

Lodge a Complaint

If you have any grievances regarding your personal data or privacy rights, please contact our designated Grievance Redressal Officer:

Resolution Timeline

• Acknowledgment: Within 3 business days of receiving your complaint
• Resolution: Within 15 days from acknowledgment (as per Consumer Protection Act)
• Complex Cases: May take up to 30 days with prior notice

Escalation to Data Protection Board

If you are not satisfied with our response, you have the right to lodge a complaint with:

Data Protection Board of India
Website: www.meity.gov.in
(Contact details will be updated once the Board is operational)