Privacy policy

Privacy and Data Protection Policy

Effective Date: February 01, 2026

Maison Amrit (operating under the brand Amrit Rastogi – Fine Jewelry) is committed to safeguarding your privacy and upholding the highest standards of data protection, in accordance with the Indian Digital Personal Data Protection (DPDP) Act 2023, EU GDPR, UAE Federal Decree-Law No. 45/2021, and US privacy principles.

This Privacy Policy outlines how we collect, use, disclose, and protect your personal data when you visit our website www.amritrastogi.com, contact us, or engage with our services.

1. Information We Collect

We collect both personally identifiable information (PII) and non-personal data to provide a seamless experience:

1.1 Personal Information Collected during order placement, account setup, or design requests:

  • Full Name
  • Phone Number
  • Email Address
  • Shipping & Billing Address
  • Government ID & KYC Documents: Such as PAN Card (mandatory for Indian transactions above INR 2,00,000 or equivalent in any currency) or National ID/Passport/Tax ID, strictly used for customs clearance and legal tax compliance.
  • Delivery Authentication Data: At the time of shipping and delivery, the customer may be asked to provide an OTP for confirming the delivery (and no other OTP). Furthermore, a National ID (such as Aadhar, PAN Card, or Passport, whichever confirms the required details) must be presented in-person. A snapshot of this ID might be collected by the delivery services to confirm your identity before handing over the precious items, ensuring delivery strictly to the verified customer.
  • Audio/Visual Data: Call recordings from bespoke virtual consultations or customer-submitted unboxing videos used strictly for insurance and quality assurance claims. Any customer material (such as feedback, photos, or videos) intended for the company's marketing initiatives will only be used with your explicit prior permission. No personal data will be utilized for marketing or shared with third parties without your direct authorization.
  • Payment Details (processed via secure third-party gateways – we do not store card data)
  • Custom design notes or preferences (for bespoke services)

1.2 Automatically Collected Information

  • Device type & browser
  • IP address
  • Geographic location (coarse-level)
  • Pages visited, session duration, click paths
  • Referral source (e.g., Instagram, direct, search)

2. How We Use Your Information

We use your data strictly for business operations, product personalization, and legal compliance.

2.1 Order Fulfilment

  • Processing and shipping orders
  • Coordinating bespoke design updates
  • Sending confirmations and receipts

2.2 Customer Communication

  • Responding to support queries
  • Sending order updates and design clarifications
  • Optional marketing emails and WhatsApp messages (only with consent)

2.3 Product & Experience Enhancement

  • Analyzing user behavior to improve UI/UX
  • Curating personalized recommendations
  • Conducting A/B testing and analytics (via tools like Google Analytics, Meta, etc.)

3. Lawful Basis for Processing (GDPR-compliant)

We process personal data under the following lawful bases:

  • Contractual necessity (order fulfilment)
  • Legitimate interest (improving services, fraud prevention)
  • Consent (marketing communication)
  • Legal obligation (KYC or tax compliance in India/UAE)

4. Data Sharing & Third Parties

We do not sell your personal data. We only share limited data with:

  • Logistics providers and Customs Brokers (e.g., Sequel, DHL, Delhivery) – including necessary KYC/Customs ID data and delivery authentication snapshots required for domestic insurance or international border clearance.
  • Payment Gateways (e.g., Cashfree, Razorpay, Stripe – with PCI DSS compliance)
  • CRM and marketing automation tools (Meta, WhatsApp API, email service providers)
  • Analytics & behavior platforms (Google Analytics, Meta Pixel – with IP anonymization where applicable)

All third-party processors are bound by confidentiality agreements and data protection clauses, including cross-border data transfer protections as required under GDPR & UAE laws.

5. Your Rights

Depending on your jurisdiction, you have the following rights:

Indian Users (DPDP Act, 2023)

  • Right to obtain information about the processing of your personal data.
  • Right to seek correction and erasure of your personal data.
  • Right to nominate another person to exercise these rights in the event of death or incapacity.
  • Right to readily available grievance redressal (via Data Protection Officer, see Section 9).

EU/UK Users (GDPR)

  • Right to access, rectify, erase (‘right to be forgotten’)
  • Right to data portability
  • Right to object to profiling/automated decisions
  • Right to restrict processing

US Users (CCPA/CPRA)

  • Right to know what personal information is being collected and shared.
  • Right to opt-out of the "sale" or "sharing" of personal information (Note: We do not sell your personal data).
  • Right to non-discrimination for exercising your privacy rights.
  • Right to limit the use of sensitive personal information.

UAE Users (Law 45/2021)

  • Right to clear and transparent notice
  • Right to correction and erasure
  • Right to withdraw consent
  • Right to lodge a complaint with the UAE Data Office

To exercise these rights, email us at: inquiry@maisonamrit.com

6. Cookies & Tracking Technologies

We use cookies, pixels, and tags to:

  • Remember preferences
  • Provide chat and concierge services
  • Track engagement and behavior
  • Offer personalized recommendations

You may opt-out of cookies via your browser settings or cookie banners. EU users will see a GDPR-compliant cookie consent popup.

7. Data Security

We implement ISO/IEC 27001-aligned security standards:

  • SSL/TLS encryption for all data transmissions
  • Role-based data access and server firewalls
  • Payment processing via certified providers only
  • Secure backups and regular vulnerability testing

In the event of a data breach, users will be informed within 72 hours, as per GDPR and UAE requirements.

8. Data Retention

We retain data:

  • For as long as required to fulfill orders and support requests
  • Up to 5 years for accounting/tax compliance (India/UAE)
  • Until consent is withdrawn for marketing data
  • Subject to anonymization for analytics beyond this period

9. Contact Us & Company Details

We are committed to continuous improvement and always welcome your feedback, suggestions, or questions regarding our data protection practices. For any privacy-related concerns, you can reach out to our Data Protection Officer (DPO):

  • Name: Amrit Rastogi
  • Email: inquiry@maisonamrit.com
  • Address: 32, Aminabad Park, Second Floor, Lucknow, UP – 226018, India
  • Phone: +91 96511 34081
  • GSTIN: 09AALCP7322C1ZF
  • IEC Code: AALCP7322C

10. Changes to this Privacy Policy

We reserve the right to update this policy at any time to reflect changes in law, technology, or our services. Major changes will be communicated via email (where possible) and updated on the website.

11. Legal Disclaimer

The information contained in this Privacy Policy is provided for transparency and legal compliance purposes. While Maison Amrit implements commercially reasonable and industry-standard security measures to protect your personal data, no method of transmission over the Internet or electronic storage is 100% secure. Maison Amrit cannot guarantee absolute security and shall not be held liable for unauthorized access, data breaches, or data loss caused by third-party actions, cyberattacks, or circumstances beyond our reasonable control. By using our website and services, you acknowledge and accept these risks.

Last Updated: February 01, 2026