Comprehensive information about how we collect, use, and protect your personal data
Effective Date: October 15, 2023 | Last Updated: October 15, 2023
This Privacy Policy is a legally binding document between you ("User") and Cheap o Deal ("Company", "we", "us", or "our"). By accessing or using our website and services, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy.
Personal Data: Any information relating to an identified or identifiable natural person.
Processing: Any operation performed on Personal Data, whether or not by automated means.
Data Subject: An individual who is the subject of Personal Data.
Controller: The entity that determines the purposes and means of processing Personal Data.
Processor: An entity that processes Personal Data on behalf of the Controller.
This Privacy Policy applies to all Personal Data processed by Cheap o Deal through our website (www.cheapodeal.co.in), mobile applications, and related services (collectively, "Services").
We comply with applicable data protection laws, including but not limited to:
We collect several categories of Personal Data, which include:
| Data Category | Examples | Collection Method |
|---|---|---|
| Identity Data | Full name, username, government ID | Registration forms, verification processes |
| Contact Data | Email address, phone number, physical address | Contact forms, account registration |
| Financial Data | Payment card details, billing information | Payment processing, invoice generation |
| Technical Data | IP address, browser type, device information | Automated collection, cookies |
| Usage Data | Website interaction, service usage patterns | Analytics tools, server logs |
| Marketing Data | Communication preferences, marketing responses | Consent forms, preference centers |
We do not intentionally collect Special Categories of Personal Data (such as racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data). If we inadvertently collect such data, we will delete it immediately.
We process your Personal Data based on one or more of the following legal grounds:
Processing is necessary for the performance of a contract to which you are party or to take steps at your request before entering into a contract.
Processing is necessary for the purposes of our legitimate interests, except where such interests are overridden by your interests or fundamental rights.
Processing is necessary for compliance with a legal obligation to which we are subject.
You have given clear consent for us to process your Personal Data for a specific purpose.
For each processing activity, we can provide the specific legal basis upon request. Withdrawing consent may affect our ability to provide certain services.
We use your Personal Data for the following business purposes:
| Purpose | Data Categories Used | Legal Basis |
|---|---|---|
| Service provision and account management | Identity, Contact, Technical | Contract, Legitimate Interests |
| Payment processing and billing | Identity, Contact, Financial | Contract, Legal Obligation |
| Customer support and communication | Identity, Contact, Technical | Contract, Legitimate Interests |
| Marketing and promotional communications | Contact, Marketing, Usage | Consent, Legitimate Interests |
| Security and fraud prevention | Technical, Identity, Usage | Legitimate Interests, Legal Obligation |
| Legal compliance and regulatory requirements | All categories as required | Legal Obligation |
We will only send you marketing communications if you have explicitly consented or where we have a legitimate interest. You can opt-out at any time using the unsubscribe link in our emails or by contacting us directly.
We may share your Personal Data with the following categories of recipients:
Third-party vendors who provide services on our behalf, including:
Legal, accounting, and other professional advisors bound by confidentiality obligations.
When required by law, court order, or governmental regulations.
In connection with any merger, sale of company assets, financing, or acquisition of all or a portion of our business, your Personal Data may be transferred to the acquiring entity.
All third-party processors are bound by contractual obligations to implement appropriate security measures and process Personal Data only according to our instructions.
Your Personal Data may be transferred to, and processed in, countries other than your country of residence. We ensure such transfers are compliant with applicable data protection laws through:
We implement appropriate safeguards to ensure that your Personal Data remains protected according to the standards of this Privacy Policy when transferred internationally.
We implement appropriate technical and organizational security measures to protect your Personal Data, including:
| Security Area | Measures Implemented |
|---|---|
| Access Control | Role-based access, multi-factor authentication, principle of least privilege |
| Data Encryption | SSL/TLS encryption, database encryption, file-level encryption |
| Network Security | Firewalls, intrusion detection systems, DDoS protection |
| Physical Security | Secure data centers, access logs, environmental controls |
| Procedural Security | Security policies, employee training, incident response plans |
We have established procedures to handle any suspected Personal Data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
We retain Personal Data only for as long as necessary to fulfill the purposes for which we collected it, including for the purposes of satisfying any legal, accounting, or reporting requirements.
| Data Category | Retention Period | Basis for Retention |
|---|---|---|
| Customer account data | 7 years after account closure | Legal obligation, contract enforcement |
| Financial and transaction records | 7 years from transaction date | Tax and accounting laws |
| Marketing data | 3 years from last interaction | Legitimate interests, consent period |
| Technical and usage data | 2 years from collection | Analytics, security purposes |
| Support communications | 5 years from resolution | Quality assurance, legal protection |
Under applicable data protection laws, you have rights regarding your Personal Data, including:
| Right | Description |
|---|---|
| Right to Access | Obtain confirmation and copy of your Personal Data |
| Right to Rectification | Correct inaccurate or incomplete Personal Data |
| Right to Erasure | Request deletion of your Personal Data |
| Right to Restriction | Limit processing of your Personal Data |
| Right to Data Portability | Receive your data in a structured, machine-readable format |
| Right to Object | Object to processing based on legitimate interests |
| Right to Withdraw Consent | Withdraw consent at any time where processing is based on consent |
To exercise any of these rights, please contact us using the details in Section 14. We will respond to your request within 30 days and may need to verify your identity before processing your request.
You have the right to lodge a complaint with a supervisory authority if you believe our processing of your Personal Data violates applicable data protection laws.
For all data protection inquiries, including exercising your rights or reporting concerns, please contact our Data Protection Officer:
Email: dpo@cheapodeal.co.in
Phone: +91 98880 77739
Address: 69 Guru Har Rai Nagar, Ludhiana, Punjab 141008, India
Response Time: We endeavor to respond to all legitimate requests within 30 days. Occasionally, it may take longer if your request is particularly complex or you have made multiple requests.
This Privacy Policy is governed by and construed in accordance with the laws of India. Any disputes relating to this Privacy Policy shall be subject to the exclusive jurisdiction of the courts in Ludhiana, Punjab.
This Privacy Policy may be available in multiple languages for convenience. In case of discrepancies between the English version and any translation, the English version shall prevail for all legal purposes.