PRIVACY POLICY


This Privacy Policy sets out the basis on which Four Aces Fashion House Private Limited ("Company", "we", "us", or "our") collects, uses, discloses, and otherwise processes personal data through our website at www.beinghumanclothing.com ("Website") and any features, products or services offered through it (collectively, the "Platform"). 

Please read this Privacy Policy carefully. By accessing or using the Platform, you acknowledge that you have read and understood its terms. This Privacy Policy is to be read together with our Terms and Conditions, also available on the Platform.


1. SCOPE AND APPLICATION

This Privacy Policy applies to all Data Principals, being individuals whose personal data is processed by us in connection with the Platform. It does not apply to:

  • personal data processed by us in the course of any purely personal or domestic activity; 

  • personal data lawfully available in the public domain; or

  • non-personal or anonymised data that cannot be used to identify you.

Where the Platform contains links to third-party websites, platforms, or services, this Privacy Policy does not govern their data practices. We encourage you to review the privacy policies of those third parties before sharing any information with them.


2. IDENTITY OF THE DATA FIDUCIARY

The Data Fiduciary responsible for your personal data is:

Four Aces Fashion House Private Limited 13th Floor, ABR Emerald, Plot No. D-8, Street No. 16, MIDC, Andheri East, Mumbai 400 093, Maharashtra, India

For all privacy-related queries, complaints, or requests, you may contact our Grievance Officer whose details are set out in Clause 10 below.


3. PERSONAL DATA WE COLLECT

We collect personal data that you provide to us directly, personal data we collect automatically when you use the Platform, and personal data we may receive from third parties. The categories of personal data we collect are described below.


3.1 Personal data you provide to us

  • Account registration: name, email address, phone number, date of birth, gender, nationality, delivery address, and billing address.

  • Transactions and orders: bank account details (for refund processing), limited payment card details for transaction tracking and reconciliation purposes, billing address, and financial information necessary for refunds, payment processing, or transaction verification.

  • Customer support: name, phone number, order or product details, and records of your communications with us.

  • Promotional and marketing activities, surveys, and reviews: any personal data you choose to share when participating in our promotional programmes or posting reviews or feedback on the Platform.

  • Government-issued identification: where required for verification purposes, such as for returns or account recovery.


3.2 Personal data collected automatically

When you access or use the Platform, we and our technology partners may automatically collect:

  • device identifiers, including device type, browser type, operating system, and unique device or session identifiers;

  • IP address and network information;

  • usage data, including pages visited, content viewed, mouse movements, clicks, taps, swipes, frequency of use, and browsing preferences;

  • location data, where your device shares location information with the Platform, including through beacon technologies; and

  • data collected through cookies, pixels, tags, and similar tracking technologies (see Clause 4 below).


3.3 Personal data received from third parties

We may receive personal data about you from third parties in the following circumstances:

  • Where you register or log in to the Platform using a third-party account (such as a social media account), we may receive account information from that platform in accordance with their terms.

  • From public databases, joint marketing partners, and advertising platforms (such as Google and Meta), to the extent permitted under applicable law.

  • From our group companies or affiliates, in connection with the Platform and services.

We will only use such third-party sourced data for the purposes described in Clause 5 and to the extent that we have a lawful basis to do so under applicable law.


4. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar technologies to operate our website, improve user experience, analyse usage, and provide personalised content. Where required by law, we use optional cookies only with your consent, which you may withdraw at any time through the cookie settings available on our website.

We use cookies for the following purposes:

  • Authentication: to keep you signed in across sessions and devices.

  • Preferences and personalisation: to remember your settings, language, and browsing preferences.

  • Analytics and performance: to understand how users interact with the Platform and to improve its functionality.

  • Advertising: to serve you relevant advertising based on your browsing behaviour, to the extent you have consented.

You may manage or disable cookies through your browser settings at any time. Please note that disabling certain cookies may affect the functionality of the Platform. 


5. PURPOSES OF PROCESSING AND LAWFUL BASIS

The table below sets out the primary purposes for which we process your personal data and the corresponding processing basis.


Purpose

Lawful Basis 

Data Categories Used

Account creation and management, including fulfilling orders, processing payments, returns, refunds, exchanges, and cancellations

Consent, including in the context of performing contractual obligations 

Identity data, contact data, transactional data

Verifying your identity and processing your requests for services

Consent, including in the context of performing contractual obligations; performing our legal obligations

Identity data, government IDs

Customer support and communicating with you about your orders

Consent, including in the context of performing contractual obligations

Contact data, communication records

Personalising your experience on the Platform

Consent

Usage data, preference data

Providing product recommendations based on your usage and preferences

Consent

Usage data, purchase history

Sending promotional and marketing communications (including by call, SMS, email, or electronic means)

Consent

Contact data, preference data

Fulfilling legal and regulatory obligations, including responding to lawful requests from public authorities

Performing our legal obligations 

All categories as applicable

Fraud prevention, security, error detection, and enforcement of our Terms and Conditions

Legitimate uses; performing our legal obligations; other legitimate purposes 

Identity data, usage data, device data

Analytics, research, and product improvement

Consent; other legitimate purposes

Usage data, aggregated/ anonymised data

Corporate transactions, such as a merger, acquisition, or sale of assets

Legitimate uses; performing our legal obligations; other legitimate purposes 

All categories as applicable


Where we rely on your consent as the basis for processing, you may withdraw that consent at any time by contacting our Grievance Officer or using the withdrawal mechanism available on the Platform. Withdrawal will not affect any processing already carried out before you withdrew. It also will not affect processing that is necessary for us to complete an existing transaction or fulfil an obligation we have already undertaken at your request.

Where we process your personal data as necessary to perform the contractual relationship you have entered into with us, for instance to fulfil an order you have placed, process a return, or handle a payment dispute, that processing will continue for as long as necessary to complete the transaction, regardless of any consent withdrawal. You may of course choose not to place future orders or to close your account, in which case no new processing on this basis will occur. 

We do not process your personal data for any purpose beyond those set out above, except where required by applicable law or with your prior consent.

By providing your contact details and consenting to receive marketing communications from us, you agree that we may contact you by call, SMS, email, or other electronic means even if your mobile number is registered under the DND or NCPR list maintained under the Telecom Commercial Communications Customer Preference Regulations, 2018. This consent may be withdrawn at any time by following the unsubscribe instructions in any marketing communication or by contacting our Grievance Officer.



6. DISCLOSURE AND SHARING OF PERSONAL DATA

We do not sell your personal data. We may share your personal data with third parties only in the circumstances described below.


6.1 Data Processors

We engage third-party service providers who process personal data on our behalf as Data Processors, including for order fulfilment, payment processing, logistics, customer support, analytics, and marketing services. These entities are permitted to process your personal data only on our documented instructions and for no other purpose. We require all Data Processors to maintain appropriate technical and organisational security measures.


6.2 Group companies and affiliates

We may share your personal data with our group companies and affiliates where necessary to provide services, to conduct our internal business operations, or for advertising and promotional purposes. Such entities are bound by obligations consistent with this Privacy Policy.


6.3 Legal and regulatory disclosure

We may disclose your personal data to a court, tribunal, regulator, law enforcement authority, or other public authority where we are required to do so by applicable law, court order, or lawful request, or where we believe disclosure is necessary to protect our legal rights or those of others.


6.4 Corporate transactions

In the event of a merger, acquisition, reorganisation, or sale of all or a portion of our business or assets, your personal data may be disclosed to the counterparty as part of the transaction. We will notify you of any such change in control where required by applicable law.


6.5 Anonymised data

We may share aggregated or anonymised data with third parties for research, analytics, or other purposes, provided that such data cannot be used to identify you.


6.6 Third-party platforms

Where you use a third-party platform to interact with our services (such as a social media account linked to the Platform), any personal data you share with that third party will be governed by their own privacy policy and not ours.

 

6.7 Payment service providers

When you make a payment on the Platform, you will be directed to or interact with a payment gateway or other payment service provider, such as a payment aggregator, card network, or bank. These entities process your payment information, including your card or account details, independently and in their own right. They are not acting on our instructions when they do so, and they are subject to their own privacy policies, terms of use, and applicable financial regulations, including the Reserve Bank of India's guidelines on payment aggregators and payment gateways.

We do not store your full card or bank account details on our systems. Any payment information you enter through a payment interface on the Platform is transmitted directly to and handled by the relevant payment service provider under their own security and compliance framework.

We encourage you to review the privacy policy of the payment service provider you use before completing a transaction. We are not responsible for how they collect, use, or protect your payment data.


7. RETENTION OF PERSONAL DATA

We retain personal data for no longer than is necessary for the purposes described in this Privacy Policy, or as required by applicable law, whichever is longer. The criteria we use to determine the retention period include:

  • the nature and sensitivity of the personal data;

  • the purposes for which it is processed and whether those purposes have been fulfilled;

  • applicable legal, regulatory, or contractual requirements, including any minimum retention periods under law;

  • the risk of harm from unauthorised use or disclosure; and

  • any consent you have given in relation to retention.

On expiry of the applicable retention period, we will erase your personal data in a manner that makes it non-recoverable, or anonymise it so that it can no longer be attributed to you. Where we have an alternative legal basis to retain personal data beyond the primary purpose for which it was collected, we will continue to hold it on that basis for the period permitted or required.

Notwithstanding the above, the following retention practices apply:

Transaction and financial data. Records of your purchases, payments, returns, refunds, and related financial transactions will be retained for a minimum of eight years from the date of the transaction, or such longer period as may be required under applicable law, for the purposes of: (a) accounting, auditing, and tax compliance; (b) responding to disputes, chargebacks, or fraud investigations; and (c) establishing, exercising, or defending legal claims.

Account deletion. Where you delete your account, we will erase or anonymise the personal data associated with your account. However, we will retain a limited set of data, being sufficient to identify you as a returning user or customer, to prevent fraud, enforce our Terms and Conditions, and protect the integrity of the Platform. This residual data will not be used for marketing or profiling.

Legal and regulatory compliance. Where we are required by applicable law, court order, or regulatory direction to retain personal data for a specified period, we will do so regardless of whether the primary purpose for collection has been fulfilled. This includes retention required under applicable corporate, tax and financial regulations, and any directions issued by competent authorities.

Dispute resolution and legal claims. Where a complaint, dispute, or legal proceeding is ongoing or reasonably anticipated at the time the applicable retention period would otherwise expire, we will retain the relevant personal data until the matter is finally resolved or time-barred under applicable law, whichever is later.


8. TRANSFER OF YOUR PERSONAL DATA OUTSIDE INDIA

In providing the Platform and its services, we use third-party service providers, technology platforms, and infrastructure that may be located outside India. As a result, your personal data may be transferred to, stored in, or processed in countries other than India.

Where such transfers occur, they will be made in accordance with applicable law, including any requirements that the government may specify from time to time in relation to transfers to particular countries or entities. We do not transfer your personal data to any country or entity in respect of which transfers have been restricted or prohibited by the government.

We take steps to ensure that your personal data, wherever it is processed, receives a standard of protection consistent with this Privacy Policy and applicable Indian law. Where we share your personal data with Data Processors outside India, we require them by contract to process it only on our instructions and to maintain appropriate security measures.

The categories of service providers who may receive your personal data outside India in the ordinary course include providers of cloud hosting and storage, payment processing, logistics and order fulfilment, customer support tools, analytics, and advertising and marketing platforms.


9. YOUR RIGHTS AS A DATA PRINCIPAL

As a Data Principal, have the following rights in relation to your personal data:

Right to access information

You may request a summary of the personal data we hold about you and the processing activities we carry out in respect of that data.

Right to correction and erasure

You may request that we correct inaccurate or incomplete personal data or erase personal data that is no longer necessary for the purposes for which it was collected, subject to any legal retention obligations.

Right to grievance redressal

You may raise a grievance with our Grievance Officer in relation to any act or omission of ours concerning your personal data. We will acknowledge and address grievances within legally prescribed time limits.

Right to nominate

You may nominate another individual to exercise your rights (under the Digital Personal Data Protection Act) on your behalf in the event of your death or incapacity.

Right to withdraw consent

Where we process your personal data on the basis of your consent, you may withdraw that consent at any time, subject to the consequences described in Clause 5. The consent withdrawal mechanism is available on the Platform under page.

To exercise any of the rights above, please contact our Grievance Officer using the details in Clause 10. We may require you to verify your identity before processing your request. We will respond to your request in accordance with the timelines prescribed under applicable law.

Please note that certain rights may be subject to conditions or exceptions under applicable law, including where processing is necessary for compliance with a legal obligation or for the performance of a contract with you.


10. GRIEVANCE OFFICER

We have designated a Grievance Officer for the purpose of addressing complaints and queries relating to the processing of your personal data.

Grievance Officer: ; Svetlana Deshmukh, Four Aces Fashion House Private Limited 13th Floor, ABR Emerald, Plot No. D-8, Street No. 16, MIDC, Andheri East, Mumbai 400 093, Maharashtra, India

Email: svetlana.deshmukh@beinghumanclothing.com

If you are not satisfied with our resolution of your complaint, you may approach the Data Protection Board of India once it is constituted and operationalised.


11. SECURITY OF PERSONAL DATA 

Keeping your personal data safe is important to us. We have implemented security measures designed to protect your personal data from unauthorised access, misuse, loss, or disclosure. These measures apply to personal data we hold directly and to personal data processed by third-party service providers on our behalf.

In line with applicable law, these measures include:

  • protecting your personal data using techniques such as encryption, masking, and similar safeguards that make it unreadable to anyone who should not have access to it;

  • controlling who within our organisation and among our service providers can access your personal data, so that only those who need it for a permitted purpose can do so;

  • maintaining logs and monitoring systems that allow us to detect, investigate, and respond to any attempt at unauthorised access;

  • keeping data backups and recovery procedures so that your personal data remains available and intact even if something goes wrong with our systems;

  • keeping records of how your personal data has been processed, to help us investigate any security incidents; and

  • requiring our service providers, through their contracts with us, to maintain security standards consistent with our own.

We review and update these measures regularly as technology and threats evolve.

If there is a security breach despite our best efforts, no system is completely immune to security incidents. If we become aware of a personal data breach that affects you, here is what we will do.

We will notify you without delay through your account with us or through the contact details you have registered with us. We will tell you what happened, what information was affected, what steps we are taking to fix the problem and limit any harm, and what you can do to protect yourself. We will also give you the contact details of a person on our team who can answer your questions.

We will also notify relevant regulatory authorities, in accordance with law.

What you can do to help

Security is a shared responsibility. You can help keep your account safe by using a strong and unique password, not sharing your login details with anyone, and logging out when you are done, especially on a shared or public device. If you think your password has been compromised, change it straight away.

Tell us if something seems wrong

If you think your account or personal data may have been compromised, or if you receive a message that claims to be from us but seems suspicious, please contact our Grievance Officer straight away using the details provided below. We will look into it and get back to you as quickly as we can.


12. CHILDREN'S DATA

The Platform is not directed at children below the age of 18 years. We do not knowingly collect personal data from children without the prior verifiable consent of a parent or lawful guardian, as required under applicable law.

Before processing any personal data that may relate to a child, we will implement age-verification or parental consent mechanisms. If you are a parent or guardian and believe that a child in your care has submitted personal data without your consent, please contact our Grievance Officer.


13. CHANGES TO THIS PRIVACY POLICY

The date of the most recent revision will be indicated at the top of this Privacy Policy. Where we make changes that do not affect the purposes for which we process your personal data or the rights available to you, we will notify you and your continued use of the Platform after the effective date of the change will constitute your acknowledgement of the updated policy.

Where we make material changes that involve new or different purposes for processing your personal data, we will seek your fresh consent before we begin processing your data for those new purposes. 

In either case, if you do not agree with the changes, you may discontinue use of the Platform and, where applicable, delete your account.


14. INTELLECTUAL PROPERTY

All trademarks, logos, service marks, and trade names displayed on the Platform are the property of Four Aces Fashion House Private Limited or are used under licence from the respective owners. All content on the Platform, including text, graphics, logos, button icons, images, audio clips, and software, is the property of Four Aces Fashion House Private Limited or its licensors and is protected by applicable intellectual property laws.

You are permitted to access and use the Platform for personal, non-commercial purposes only. Any reproduction, modification, distribution, transmission, republication, display, or performance of Platform content, beyond what is strictly necessary for personal use, is prohibited without our prior written consent.


15. GOVERNING LAW

This Privacy Policy is governed by and construed in accordance with the laws of India. Any disputes arising out of or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts at Mumbai, Maharashtra.

 

FREE SHIPPING

FREE 15-DAY RETURNS

SHOP NOW, PAY LATER