PRIVACY POLICY

Data Protection and Privacy Policy

1. Objective

1.1. Ride2Repair (“Company”/ “Ride2Repair”/ "We"/ "Us" or "Our") is committed to safeguarding your privacy. We value your trust and aim to protect your personal information. This Data Protection and Privacy Policy (“Policy”) outlines how we process digital personal data submitted by individuals, groups, or entities ("You" or "User") through our platform, https://ride2repair.com, and offline sources (“Platform”). This Policy applies to all users, including visitors, customers purchasing services, partner brands, users interacting with our systems (e.g., chatbots, pop-ups), and those contacting customer support. By agreeing to this Policy and the associated Privacy Notice, you consent to our collection and processing of your data.

1.2. This Policy governs the use, disclosure, and sharing of information provided by registered users of the Company.

2. Scope and Applicability

2.1. This Policy applies to all data, including information, facts, opinions, or instructions capable of being processed or interpreted (“Personal Data”), which you voluntarily submit to our Platform with free, specific, informed, unconditional, and unambiguous consent.

2.2. The Policy ensures compliance with applicable data protection laws, including the Digital Personal Data Protection Act, 2023.

2.3. It describes how your data is stored and processed by us.

2.4. We may update this Policy, and changes will be posted on this page. If additional information is required, we will issue a new Privacy Notice for your consent.

3. What Personal Data May Be Collected

3.1. Types of Data

We may collect the following Personal and Non-Personal Data when you use our Platform:

  • Personal Information:
    • Details provided for using our services, such as name, mobile number, email, password, date of birth, address, gender, marital status, Permanent Account Number (PAN), and bank details.
    • Additional information based on services used, as outlined in the Privacy Notice and at your discretion.
    • For certain services, we may require Know Your Customer (KYC) checks, including identity, address, and financial details, along with a live video interaction to verify your identity.
    • One-time passwords (OTPs) sent via SMS for secure registration and login.
    • Transaction history, status, and details during service usage.
    • Demographic information, location, IP address, device make, model, and unique identifier when accessing the Platform via the mobile app.
    • Interactions with customer support, including chatbots, emails, or calls, which are recorded.
  • Non-Personal Information:
    • Device type, browser version, operating system, and referring website when accessing our Platform.
    • Location, IP address, device details, and browser information when using our mobile app.
    • Data collected via cookies and pixel tags to store preferences and improve your experience. You may disable cookies through browser settings.
    • Aggregated data from third parties to customize services or offers for your location.
  • Payment Information:
    • Billing address, bank details, credit/debit card number, expiration date, and other payment details for transactions.
    • We use third-party payment processors adhering to Payment Card Industry Data Security Standard (PCI-DSS). Your card data is encrypted and not stored on our servers.

3.2. Our Platform may link to third-party websites, which are not governed by this Policy. We are not responsible for their practices or content.

4. Consent for Processing Personal Data

4.1. We, as the Data Fiduciary, require your consent to process Personal Data for specific purposes. A Notice will be provided, detailing:

  • The Personal Data to be processed.
  • The purpose of processing.
  • How to withdraw consent.
  • Access to our grievance redressal mechanism.
  • How to file a complaint with the Data Protection Board of India under the Digital Personal Data Protection Act, 2023.

4.2. The Notice will be provided in English or any language listed in Schedule 8 of the Constitution of India.

4.3. We process Personal Data only after obtaining your consent.

4.4. Consent signifies that you have read and understood the Notice and agree to data processing for the specified purpose.

4.5. We do not collect Personal Data from individuals under 18 without verifiable parental consent. If such data is collected inadvertently, it will be deleted promptly. Contact us at [email protected] if you believe we have such data.

4.6. For individuals with mental disabilities, consent must be obtained from a lawful guardian.

5. Purpose of Processing Data

5.1. Personal Data

We process Personal Data to:

  • Facilitate services, including onboarding, transaction processing, and account setup.
  • Resolve queries and provide customer support.
  • Send offers and marketing materials (with your consent).
  • Customize your experience on our Platform.
  • Communicate transaction updates or issues.
  • Enable fund transfers via payment gateways.
  • Support business operations, billing, and invoicing.
  • Analyze usage to improve services and make strategic decisions.
  • Provide personalized content and advertising.
  • Comply with legal orders or public health/safety requirements.
  • Fulfill any lawful purpose specified in the Notice.

5.2. Non-Personal Data

We process Non-Personal Data to:

  • Enhance your Platform experience.
  • Troubleshoot technical issues and analyze usage trends.
  • Monitor and prevent security incidents or fraud.
  • Support product research and development.
  • Create aggregated data for marketing or design purposes.

5.3. Google APIs

Ride2Repair’s use and transfer of information from Google APIs comply with the Google API Services User Data Policy, including Limited Use requirements.

6. Disclosure of Information

6.1. We do not sell or rent Personal Data to third parties. Data is shared only in the following cases:

  • Service Providers: With vendors or partners for services like email delivery, payment processing, or technical support, under strict confidentiality.
  • State: When required by law or government authorities, with notification to you unless prohibited.
  • Analytics: With analytics providers to understand Platform usage, using de-identified data.
  • Public: Aggregated, non-identifiable data for marketing or industry trend analysis.
  • Affiliates: With related companies under common control, bound by this Policy.
  • Re-organization: In case of mergers or acquisitions, where this Policy continues to apply.

7. Protection of Personal Information

7.1. We use secure measures, including complex password requirements, to protect your Personal Data. Keep your Login ID and Password confidential and change them periodically. We are not liable for unauthorized access due to shared credentials.

7.2. Our Platform uses TLS 1.2 encryption, session timeouts, and firewalls. Passwords are inaccessible to us and can only be updated via two-factor authentication.

7.3. Social logins (e.g., Google, Facebook) are offered for convenience, but their security is governed by their respective policies. Maintain confidentiality of these credentials.

7.4. You can view or update your information via your account or by contacting customer support.

7.5. We may use your data for personalized recommendations or marketing, with an option to opt out.

8. Withdrawal of Consent / Deletion of Account

8.1. You may withdraw consent or delete your account by emailing [email protected].

8.2. Upon withdrawal, we and our processors will cease processing your Personal Data within a reasonable time.

8.3. Data processing may continue if required by law, despite withdrawal of consent.

8.4. Upon consent withdrawal, we will erase Personal Data unless retention is legally required.

8.5. Account deletion removes your profile, including name, email, date of birth, address, orders, and payment details, from our database.

8.6. Decisions regarding account deletion are final and binding.

9. Obligations of the Data Fiduciary

9.1. We comply with this Policy and the Digital Personal Data Protection Act, 2023.

9.2. We have technical and organizational measures to observe data protection laws.

9.3. We use reasonable safeguards to prevent data breaches.

9.4. We erase Personal Data upon consent withdrawal or when its purpose is fulfilled, unless legally required.

9.5. We correct, complete, or update your Personal Data upon your request.

9.6. We respond to grievances within a reasonable time.

9.7. We do not transfer Personal Data to restricted countries as notified by the Central Government.

10. Obligations of Data Principal

10.1. You must provide accurate and complete information.

10.2. Notify us of any changes to your Personal Data promptly.

10.3. Nominate an individual to exercise your rights in case of death or incapacity.

10.4. Comply with applicable laws.

10.5. Do not impersonate others when providing Personal Data.

10.6. Do not suppress material information for identity or address proofs.

10.7. Avoid raising false or frivolous complaints.

11. Data Protection Officer

11.1. Our Data Protection Officer can be contacted at: [email protected].

11.2. Any changes to the Data Protection Officer will be updated in this Policy.

11.3. For grievances, contact the Data Protection Officer via email or physical mail.

12. Contact

For concerns about our handling of personal information or this Policy, contact us at:

📞 +91 8884822201

✉️ [email protected]

13. Severability

13.1. Each section of this Policy is independent and severable. If any section is deemed invalid, the remaining sections remain effective.

14. Do Not Track

14.1. Our Platform does not respond to “Do Not Track” signals from browsers.

14.2. This Policy complies with:

  • Section 43A of the Information Technology Act, 2000;
  • Regulation 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011;
  • The Digital Personal Data Protection Act, 2023.

This Privacy Policy is effective as of February 1, 2023.