top of page
superk logo.webp

SuperK- Privacy Policy

SuperK- Privacy Policy

 

  1. Introduction

 

    1. At SuperK (the “Company”), we are committed to ensuring the confidentiality, integrity, and availability of all data and information. This Privacy Policy outlines the principles and guidelines for protecting sensitive data and maintaining the security of its information assets. All employees, contractors, and third-party partners must adhere to this Privacy Policy.

 

    1. This Privacy Policy describes how the Company collect, use, process, store, and share individual personal data when a user interacts with its platform via its website, applications, or through any other mode of communication. “Personal Data” refers to any information that relates to an identified or identifiable individual, including but not limited to name, phone number, email address, payment details, or location information.

 

    1. This Privacy Policy should be read in conjunction with the terms and conditions, product or service-specific terms, and any specific privacy notices presented its users at the time of data collection. In case of any conflict, such specific privacy notices shall prevail.

 

    1. If an individual provide Personal Data on behalf of another individual, entity, or organization, confirm that the individual have the legal authority, including obtaining necessary consent, to share such data for the stated purposes.

 

    1. This Privacy Policy does not apply to any of our affiliated companies, franchisees, or service partners, who may maintain their own independent privacy policies. If an individual interact with such parties, we recommend reviewing their respective privacy policies to understand how their data will be handled.

 

  1. What data do we process and why?

 

    1. Data Collection and Classification. The Company processes the data when one interacts with the Company’s platform through its website, mobile application, or other services. The Company classifies an individual’s Data into three categories, namely:

 

      1. Confidential Data: Data that, if disclosed or compromised, could result in significant harm to the organization or its stakeholders.

 

      1. Sensitive Data: Data that, if disclosed or compromised, could have a moderate impact on the organization or its stakeholders.

 

      1. Public Data: Data that is intended for public consumption and does not require special protection.

 

    1. This data is collected for the purposes including but not limited to verifying user identity and securing access to the Company’s services, processing orders and payments, personalizing user experience and sending relevant offers, conducting internal analysis to improve performance and functionality and ensuring platform security, preventing fraud, and complying with legal requirements.

 

    1. Where permitted, the Company may also use cookies, tags, and other tracking technologies to collect information automatically. This includes IP address, browser type, device type, referring source, and user activity across our digital platforms. Individuals may manage cookie preferences via their browser settings.

 

    1. All such data is handled in accordance with applicable laws, and is processed either with user-consent, for the performance of a contract, or where there is a legitimate interest in providing and improving our services.

 

  1. Consent and Disclosure

 

    1. By accessing or using our services, individual consent to the collection, use, storage, and processing of the personal data in accordance with the terms of this Privacy Policy.

 

    1. The Company collect personal data only for specified and lawful purposes and ensure that such data is processed fairly and transparently. Individuals will be informed at the time of collection about the nature of the data being collected, the purpose for which it is being collected, whether the data is mandatory or optional, and the potential consequences of refusing to provide such data.

 

    1. Where required, the Company seek the user’s express consent before collecting or processing sensitive personal information. Individual may withdraw their consent at any time by contacting the Company through the contact details provided below; however, please note that such withdrawal may impact the Company’s ability to provide certain services.

 

    1. Each user’s personal data may be disclosed to authorised service providers, payment gateway partners, or other third parties solely for the purposes stated in this policy, and under strict obligations of confidentiality and data protection. The Company do not sell, rent, or otherwise disclose personal data to third parties for marketing purposes without user’s explicit consent.

 

  1. Types of Data Collected and Purpose

 

    1. Data Collected

 

This Privacy Policy collects the following categories of personal and sensitive personal data from users:

 

Data Collected

Purpose

Phone Number

For billing, offers, etc.

E-mail

To engage with customer and pass on communication

Name

To address customer in any future communication

Date of Birth (DoB)

To engage with customer, offer any special discounts

Gender

For analysis purposes

Address

Required only for processing online orders

Credit Card Details

For making purchases online, through Razorpay gateway

Debit Card Details

For making purchases online, through Razorpay gateway

UPI Details

For making purchases online, through Razorpay gateway

Location

To conduct demographic analysis

Customer Contacts

To engage/market to potential customers in future

 

 

    1. Purpose

 

      1. The Company collects and uses the data for ensuring that its functionalities and working are aligned with the statutory compliances and business intent of the Company. The Company uses this data for:

 

        1. Administering and maintaining our website, application, and backend systems, including internal testing, security audits, and technical troubleshooting;

 

        1. Monitoring and analyzing user behaviour to identify usage patterns and improve our services;

 

        1. Customizing user experience based on location, preferences, or prior usage;

 

        1. Verifying user identity to enable secure access and fulfill service requests;

 

        1. Aggregating and anonymizing user data for internal analysis and insights;

 

        1. Collecting statistics, feedback, and interaction metrics to refine our offerings;

 

        1. Enhancing platform security and proactively detecting fraud, misuse, or unauthorized access;and

 

        1. Enforcing our internal policies and protecting the business, users, and third parties associated with us.

 

    1. Responsibilities

 

      1. Management. The management of the Company is responsible for defining and enforcing data security policies and ensuring appropriate resources are allocated to maintain data security. Management must also ensure that personal data collected and processed across the Company’s systems is used for legitimate business purposes, including internal administration, legal compliance, and service improvement.

 

      1. Employees: All employees are responsible for understanding and adhering to data security policies and guidelines. Employees must handle data in a manner consistent with its classification (Confidential, Sensitive, or Public) and must report any data-related incidents or suspected breaches without delay.

    2. Data Handling and Storage

 

      1. The Company ensures that all confidential and sensitive data is stored securely using encryption, access controls, and regular backups. All data is classified and labelled appropriately based on sensitivity and risk.

 

      1. The Company protects all physical and electronic storage media from theft, loss, unauthorized access, or damage.

 

      1. The Company stores data only on systems that are approved, authorized, and compliant with internal security protocols.

 

      1. The Company retains personal data for as long as necessary to fulfill the purposes for which it was collected, or to comply with legal, regulatory, contractual, or operational requirements. Once such data is no longer required, it is securely deleted or irreversibly anonymized.

 

      1. Individuals may request deletion of their account information and associated personal data by contacting the Grievance Officer or, where applicable, by using in-app features. The Company processes such requests in accordance with applicable law, subject to any requirement to retain certain information for dispute resolution, fraud prevention, or legal compliance.

 

      1. Any user may also request deletion of account information and Personal Data by contacting and writing to the Company at [●].

 

        1. Data deletion specifics: Upon account deletion, all Personal Data, such as name, email address, and phone number will be permanently removed from our records. Non-personal data (personally non-identifiable data), including but not limited to usage data and analytics, may be retained and used in an anonymized form that cannot be linked back to any individual.

 

        1. Additional Information: The account deletion process is immediate, but it may take a few days to ensure complete removal from all systems. The user will receive a confirmation once their account and associated Personal Data have been fully deleted.

 

      1. While the Company endeavours to work to fulfil such deletion request, the Company may retain certain Personal Data for a while longer for the following reasons:

 

        1. To perform its contractual obligations to which a user is subjected to, or to respond to user queries, or to provide necessary services or support;

 

        1. To prevent fraud, resolve complaints, address inquiries, or exercise/defend legal claims, including providing evidence in legal proceedings;

 

        1. To comply with legal obligations, exercise our rights, resolve disputes, or for security and safety reasons, as permitted under the law (such as adhering to applicable statutes of limitations or regulatory investigations); and

 

        1. The Company may also retain anonymized data, aggregated with other anonymized information, for analytics, research, or other business purposes.

 

  1. Access Control

 

    1. The Company grants access to data strictly on a need-to-know basis. Employees are permitted to access only the data necessary to carry out their specific roles and responsibilities.

 

    1. The Company requires that all passwords used to access systems or data be strong, unique, and updated regularly in accordance with internal security guidelines.

 

    1. The Company implements multi-factor authentication wherever applicable to enhance the security of systems and prevent unauthorized access.

 

  1. Data Transmission

 

    1. The Company encrypts all data transmitted over networks using secure and industry-standard protocols to safeguard the confidentiality and integrity of information in transit.

 

    1. The Company ensures that emails containing sensitive or confidential information are encrypted and protected against unauthorized access, interception, or disclosure.

 

  1. Marketing Communication. The Company may provide individuals with the option to subscribe to marketing communications, including newsletters, promotional content, product or service updates, and event announcements. Such communications may be delivered through various channels, including the Company’s website, mobile application (where applicable), messaging platforms (such as WhatsApp), social media, third-party advertisements, and customer service interactions.

 

    1. For this purpose, the Company may process the following categories of personal data:

 

      1. Information voluntarily submitted by the individual at the time of subscription or engagement, such as name, email address, phone number, address, company details (if applicable), and location data;

 

      1. Data relating to the individual’s interaction with the Company’s digital platforms, including service usage and browsing activity, to tailor and improve the relevance of marketing content.

 

    1. All marketing communications are sent based on the individual’s explicit consent. Consent may be withdrawn at any time by using the opt-out mechanism provided in the communication or by contacting the Grievance Officer. Withdrawal of consent shall not affect the validity of any communications sent prior to such withdrawal.

 

  1. Children’s Privacy

 

    1. The Company’s website, applications, and services are not intended for use by individuals under the age of 18. The Company does not knowingly collect, process, or store personal data of children below 18 years of age.

 

    1. Individuals under the age of 18 are requested not to share any personal data through any of the Company’s platforms or services.

 

    1. Parents or legal guardians who become aware that their child may have submitted personal data to the Company are encouraged to contact the Grievance Officer using the details provided under the Grievance Redressal Mechanism section, to request deletion of such data in accordance with applicable law.

 

  1. Third Parties Links and Services

 

    1. The Company’s website, applications, or services may contain links to third-party websites, platforms, or services that are not operated or controlled by the Company. Any personal data shared with such third parties will be governed by their respective privacy policies and terms of use.

 

    1. The Company is not responsible for the privacy practices, content, services, or operations of such external third-party platforms, including any subcontractors they may engage. Users access such websites or services at their own risk and are strongly encouraged to review the applicable privacy policies before sharing any personal data.

 

  1. Security Practices and Procedures

 

    1. The Company is committed to safeguarding personal information and has implemented reasonable security practices and procedures, as mandated under the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

 

    1. The Company adopts appropriate technical, operational, and organisational measures to protect personal and sensitive personal data from unauthorised access, alteration, disclosure, or destruction. These measures include, but are not limited to, the use of secure servers, firewalls, encryption protocols, access controls, and periodic audits of systems and processes to detect vulnerabilities and ensure ongoing security compliance.

 

    1. While the Company strives to maintain the highest standards of security, no system can guarantee absolute protection. Users are encouraged to notify the Company immediately in case of any suspected security incident or concern

 

    1. Any employee who suspects or becomes aware of a security incident must immediately report it to the IT department and management. All reported incidents will be investigated promptly, and appropriate remedial and corrective measures will be implemented as necessary to mitigate risks and prevent recurrence.

 

  1. Training and Awareness

 

    1. The Company ensures that all employees receive regular training on data security policies, procedures, and responsibilities relevant to their roles.

 

    1. The Company conducts periodic awareness programs to keep employees informed about evolving security threats, industry best practices, and compliance requirements, thereby fostering a culture of proactive data protection and accountability.

 

  1. Compliance and Monitoring

 

    1. The Company regularly monitors compliance with this Privacy Policy and conducts periodic security assessments and audits to ensure adherence to applicable data protection standards and internal protocols.

 

    1. Any instance of non-compliance with this policy may result in appropriate disciplinary action, including but not limited to warnings, suspension, or termination of employment, in accordance with the Company’s disciplinary procedures and applicable laws.

 

    1. This Privacy Policy shall be reviewed and updated regularly to adapt to evolving security threats and changes in technology.

 

  1. Grievance Redressal Mechanism

 

    1. The Company has appointed a Grievance Officer to address any questions, concerns, or complaints relating to the collection, use, processing, or disclosure of personal data. Individuals who believe their privacy rights have been violated may reach out to the Grievance Officer using the contact details provided below.

 

Grievance Officer Details:

 

Name

Naveen Thontepu

Designation

Tech Lead

Email

contact@superk.in

Phone

8790248157

Address

Bangalore

 

    1. All complaints will be acknowledged within 24 (twenty-four) hours and resolved within 15 (fifteen) working days from the date of receipt, or within such other time period as may be prescribed under applicable laws.

 

    1. To help us process individual’s grievance effectively, please include all relevant facts, supporting documents (if any), and a clear description of the issue.

 

    1. The Company is committed to protecting personal data and resolving all grievances in a fair, transparent, and timely manner. By complying with this Privacy Policy, the Company seeks to maintain the trust of users, customers, and franchisee partners.

 

SuperK

10th July 2025

bottom of page