Your Privacy Matters to
Us

This Privacy Policy (“Privacy Policy”) governs the manner in which Ai Dream Circle Pvt. Ltd.(“Company”, “we”, “our” or “us”), the owner and operator of the brand “BORNBERRY” and of the website https://bornberry.com (together with all sub-domains, mobile-optimised versions, mobile applications and any other platforms operated by the Company from time to time, collectively the “Website” or the “Platform”), collects, receives, stores, uses, processes, deals with, transfers, shares, discloses and otherwise handles information, including personal information and sensitive personal data or information, of persons who access, browse, register with, transact on or otherwise interact with the Website (each such person hereinafter referred to as a “User”, “you” or “your”).

This Privacy Policy is published in compliance with, inter alia, (i) Section 43A of the Information Technology Act, 2000 (“IT Act”); (ii) Rule 3 and Rule 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”); (iii) Rule 3(1)(a) of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 (“Intermediary Rules”); (iv) the Digital Personal Data Protection Act, 2023 (“DPDP Act”) read with the rules and regulations framed thereunder to the extent notified and in force; and (v) the Consumer Protection (E-Commerce) Rules, 2020.

By accessing, browsing, registering with, transacting on or otherwise using the Website, you expressly signify your free, specific, informed, unambiguous and unconditional consent to the collection, receipt, storage, use, processing, sharing, disclosure and transfer of your information (including personal information and sensitive personal data or information) by the Company in accordance with, and for the purposes set out in, this Privacy Policy. If you do not agree with or do not wish to be bound by any part of this Privacy Policy, you must forthwith discontinue use of the Website and must not provide any information to the Company.

1.  Definitions

   1.1 In this Privacy Policy, unless the context otherwise requires, the following capitalised terms shall have the meanings respectively assigned to them hereunder:

   1. “Cookies” means small text files that are placed on a User's device by the Website or by third-party services used by the Website to recognise such device, collect usage statistics, personalise content and deliver advertising.
      1. “Data Principal” shall have the meaning ascribed to it in Section 2(j) of the DPDP Act, and shall mean the natural person to whom the Personal Data in question relates.
      2. “Data Fiduciary” shall have the meaning ascribed to it in Section 2(i) of the DPDP Act. For the purposes of this Privacy Policy, the Company shall be treated as the Data Fiduciary in respect of the Personal Data of Users collected through the Website.
      3. “Personal Information” shall have the meaning ascribed to it in Rule 2(1)(i) of the SPDI Rules, and shall mean any information that relates to a natural person which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person.
      4. “Personal Data” shall have the meaning ascribed to it in Section 2(t) of the DPDP Act, and shall mean any data about an individual who is identifiable by or in relation to such data.
      5. “Product” or “Products” means nutraceutical gummies sold under the brand “BORNBERRY”, including without limitation Shilajit gummies, and all variants, flavours, dosage forms and pack sizes thereof as may be offered on the Website from time to time.

1. “Sensitive Personal Data or Information” or “SPDI” shall have the meaning ascribed to it in Rule 3 of the SPDI Rules, and shall include, without limitation, passwords, financial information such as bank account or credit/debit card details, physical, physiological and mental-health conditions, sexual orientation, medical records and history, and biometric information.
   1. “Services” means all services, functionalities, features and facilities offered by the Company through the Website, including browsing, viewing product information, placing orders, processing payments, order fulfilment, customer support, personalisation, marketing communications, promotional activities and loyalty programmes.

1.  Scope and Applicability

2. This Privacy Policy applies to all Users of the Website, irrespective of whether such User has created an account, placed an order, subscribed to any communication or merely browsed the Website.
   1. This Privacy Policy forms a part of, and should be read together with, the Terms and Conditions of Use set out in Part B hereof and the Refund, Return and Cancellation Policy set out in Part C hereof. Capitalised terms used but not defined in this Privacy Policy shall have the meanings ascribed to them in the Terms and Conditions of Use.
   2. This Privacy Policy does not extend to, and the Company is not responsible for, the privacy practices, content, security or data-handling of any third- party website, application, service, platform, payment gateway, courier partner, social media platform, advertiser, affiliate or other third party that may be linked from, accessed through, or integrated with the Website. Users are advised to review the privacy policies of such third parties independently before providing any information to them.

1.  Information Collected by the Company

2. Information Provided Voluntarily. In connection with your use of the Website, the Company may collect the following categories of Personal Information and/or Personal Data that you voluntarily provide:
   1. identity and contact information such as your full name, gender, date of birth, postal address, delivery address, billing address, pin code, mobile number, landline number, e-mail address and WhatsApp number;
      1. account credentials such as your username, password, security questions and answers, one-time passwords and profile picture;
      2. transaction information such as the Products purchased, order history, wishlist, cart contents, order value, delivery preferences, discount codes applied and reward-point balances;
      3. payment information such as cardholder name, masked card number, card network, card issuer, expiry date, UPI handle, bank name, wallet identifier and payment-gateway tokens (the Company does not store full card numbers or CVV values on its own servers; such information is tokenised and processed securely by PCI-DSS compliant third-party payment gateways);
      4. communications sent by you to the Company through contact forms, e-mail, telephone, WhatsApp, SMS, chat, social-media channels and customer-support tickets, including feedback, queries, complaints and product reviews;
      5. health-related information voluntarily shared by you in the context of product recommendations, consultations or product suitability queries (for example, information regarding pre-existing conditions, pregnancy, medications or dietary preferences), which shall be treated as Sensitive Personal Data or Information;
3. marketing preferences such as your consents and opt-ins for receiving promotional communications, newsletters and targeted advertising.
   1. Information Collected Automatically. When you access or use the Website, the Company may automatically collect the following categories of information:
      1. device information such as device type, device identifier, hardware model, operating system, browser type and version, screen resolution, language settings and mobile network information;
      2. connection information such as your Internet Protocol (IP) address, Internet Service Provider, general geographic location derived from IP, referring URL and exit URL;
      3. usage information such as pages viewed, products viewed, time spent on each page, click-stream data, searches performed, filters applied, items added to cart, wishlists, session duration, access times and dates, and navigation paths;
      4. cookies, pixel tags, web beacons, local storage objects, server logs and similar tracking technologies that enable the Company and its third- party analytics, advertising and customer-engagement partners to recognise your device, personalise your experience, deliver relevant advertising and measure the effectiveness of marketing campaigns.
   2. Information from Third Parties. The Company may also receive information about you from third parties, including social-media platforms (if you choose to sign-in, share or interact with the Website through such platforms), advertising networks, analytics providers, fraud-prevention agencies, payment aggregators, logistics partners, marketplace operators and business partners, and shall combine such information with the information collected directly from you for the purposes set out in this Privacy Policy.
4. No Obligation to Provide. You are under no obligation to provide any Personal Information or Personal Data to the Company. However, certain Services (including placing an order, making payment and receiving delivery) cannot be availed without providing the necessary information. The refusal to provide such information may result in the inability to access or use some or all of the Services.

1.  Purposes of Collection and Use

2. The Company may collect, store, use, process and disclose your Personal Information and Personal Data for one or more of the following purposes, each of which is lawful, specific and directly related to the Services:
   1. creating and maintaining your account on the Website, verifying your identity and authenticating your log-in;
      1. processing, accepting, fulfilling, dispatching and delivering your orders for the Products, including through third-party logistics partners;
      2. processing payments, issuing invoices, refunds and credit notes, and preventing fraudulent transactions;
      3. providing customer service and support, responding to queries, complaints, grievances and feedback, and managing returns, replacements and cancellations under Part C hereof;
      4. communicating with you regarding your orders, account, transactions and grievances through SMS, e-mail, WhatsApp, voice calls and push notifications;

1. sending you marketing, promotional, advertising and educational communications, including newsletters, product launches, discount codes and loyalty rewards, subject to your marketing preferences and applicable law;
   1. personalising and improving your browsing experience, recommending Products based on your interests, customising content and displaying targeted advertising;
      1. conducting analytics, research, market studies, customer- satisfaction surveys, user-experience research and business intelligence in respect of the Website and the Products;
      2. detecting, investigating and preventing fraud, money-laundering, identity theft, abuse, violations of the Terms and Conditions of Use and any other unlawful activity;
      3. complying with applicable laws, regulations, court orders, judicial and regulatory directions, notices, summons, subpoenas and lawful requests from governmental and law-enforcement authorities;
      4. enforcing the Company's rights, protecting its property and taking action in relation to disputes, defences, legal claims and proceedings;
      5. protecting the safety, security and integrity of the Website, the Company, its employees, Users and the public; and
      6. such other purposes as may be notified to you at the time of collection of the information or as may be required for the proper operation of the Website and the rendering of the Services.

1.  Cookies and Similar Tracking Technologies

1. The Website uses Cookies and similar tracking technologies such as pixel tags, web beacons, local storage objects, software development kits and session identifiers, both first-party and third-party, for the purposes of remembering your preferences and log-in state, maintaining shopping-cart contents, understanding and improving site usage, performing analytics, detecting fraud, personalising content and delivering targeted advertising.
2. The Company uses the following categories of Cookies: (i) strictly necessary Cookies, which are essential for the Website to function and cannot be disabled; (ii) functional Cookies, which enable enhanced functionality and personalisation; (iii) analytics Cookies, which help the Company understand how the Website is being used; and (iv) advertising Cookies, which are used to deliver targeted advertising and measure its effectiveness.
   1. You may, at any time, disable or delete Cookies through your browser settings. However, disabling Cookies may affect the functionality of the Website and may prevent you from availing certain Services.
   2. The Website may use third-party analytics and advertising services (such as Google Analytics, Meta Pixel and similar tools). Such third parties may collect information about your online activities over time and across different websites. The use of such third-party services is governed by their respective privacy policies.

1.  Disclosure and Sharing of Information

1. The Company treats your Personal Information and Personal Data with confidentiality and shall not sell, rent, trade or lease the same to any third party. However, the Company may disclose and share such information with the following categories of recipients, for the purposes set out in Clause 4:
   1. with its affiliates, group companies, subsidiaries, parent companies and their respective directors, officers and employees, on a strict need-to-know basis;

1. with third-party service providers, vendors, consultants, agents and business partners who assist the Company in operating the Website, providing the Services, processing payments, delivering Products, hosting and storing data, performing analytics, sending communications, conducting marketing, detecting fraud and rendering professional services, subject to appropriate contractual safeguards of confidentiality and data protection;
   1. with courier partners, logistics providers and delivery personnel, solely for the purpose of order fulfilment and delivery;
      1. with payment aggregators, payment gateways, banks, wallets and other financial-services providers, solely for the purpose of processing payments, refunds and settlements;
      2. with any governmental, regulatory, judicial, quasi-judicial, law- enforcement or tax authority, in response to a lawful order, notice, subpoena, summons, search warrant, direction or request, or where the Company is obligated by law to disclose such information, or where disclosure is necessary to comply with legal process, to protect the rights, property or safety of the Company, its Users or the public, or to enforce the Terms and Conditions of Use;
      3. with any prospective or actual purchaser, investor, lender, successor, assignee or acquirer of the Company or any of its business divisions, in connection with any merger, acquisition, amalgamation, restructuring, reorganisation, sale of assets, financing or similar transaction; and
      4. with such other third parties to whom you have specifically consented to share your information.
   2. The Company shall ensure that any such third party to whom Personal Information or Personal Data is disclosed is bound by contractual obligations of confidentiality and data protection at least as stringent as those contained herein, and shall use such information solely for the purposes for which it is disclosed.

1.  Cross-Border Transfer of Information

2. The Company is based in India and the Personal Information and Personal Data collected through the Website shall ordinarily be stored and processed in India. However, the Company may, from time to time, transfer, store or process your Personal Information or Personal Data outside India, including through third-party service providers, cloud-hosting providers and affiliates located outside India, in accordance with the SPDI Rules and the DPDP Act. The Company shall, to the extent such transfer involves Sensitive Personal Data or Information, ensure that the recipient ensures the same level of data protection as is adhered to by the Company under the SPDI Rules.
   1. By providing your Personal Information and Personal Data to the Company, you expressly consent to such cross-border transfer, storage and processing, subject to compliance with applicable law.

1.  Data Retention

2. The Company shall retain your Personal Information and Personal Data only for as long as is reasonably necessary for the purposes for which it was collected, or for such longer period as may be required under applicable law (including for taxation, accounting, consumer-protection, regulatory and litigation purposes), or until you withdraw your consent or request erasure in accordance with this Privacy Policy, whichever is the later.
   1. Upon expiry of the retention period, the Company shall destroy, delete or anonymise your Personal Information and Personal Data in such manner that the same can no longer be associated with you, save and except where retention is required to comply with applicable law or to defend legal claims.

1.  Information Security Practices

2. The Company adopts and implements reasonable security practices and procedures consistent with the standards prescribed under Rule 8 of the SPDI Rules, and including without limitation administrative, physical, technical and organisational security measures such as (i) access controls, role-based permissions, password policies and multi-factor authentication;

(ii) secure socket layer (SSL) / transport layer security (TLS) encryption of data in transit; (iii) encryption of Sensitive Personal Data or Information at rest; (iv) firewalls, intrusion-detection and intrusion-prevention systems;

(v) periodic vulnerability assessments and penetration testing; (vi) logging and monitoring; (vii) employee training on data protection and information security; (viii) physical security of data-centre and office premises; (ix) contractual safeguards with service providers; and (x) an internal incident- response process.

1. Notwithstanding the Company's best efforts, no method of transmission over the internet and no method of electronic storage is wholly secure. The Company therefore cannot and does not guarantee absolute security of your Personal Information and Personal Data. You acknowledge that you provide your information at your own risk, and that the Company shall not be liable for any loss, damage, misuse or unauthorised access that is beyond its reasonable control.
   1. You are responsible for maintaining the confidentiality of your account credentials and for restricting access to your device. You shall promptly notify the Company in writing if you become aware of any unauthorised access to or use of your account.

1.  Your Rights as a Data Principal

2. Subject to applicable law, and in particular Chapter III of the DPDP Act (to the extent in force), you shall have the following rights in respect of your Personal Data:
   1. the right to obtain a confirmation from the Company as to whether your Personal Data is being processed, and to access a summary of the Personal Data being processed and the processing activities undertaken;
      1. the right to correction, completion, updating and erasure of your Personal Data, where such data is inaccurate, incomplete, out-of-date or no longer necessary for the purpose for which it was collected;
      2. the right to withdraw consent, at any time, to the processing of your Personal Data, where processing is based on consent, subject to the lawfulness of processing undertaken prior to such withdrawal and without prejudice to the Company's right to retain data for legal, regulatory or dispute-resolution purposes;
      3. the right to nominate another individual to exercise your rights in the event of your death or incapacity, in such manner as may be prescribed;
      4. the right to grievance redressal in respect of any act or omission of the Company regarding the processing of your Personal Data, in accordance with Clause 14 hereof; and
      5. any other right as may be granted to you under the DPDP Act or any other applicable law.
   2. To exercise any of the foregoing rights, you may contact the Grievance Officer whose particulars are set out in Clause 14 hereof. The Company shall endeavour to respond to your request within such time as may be prescribed

under applicable law or, in the absence of such prescription, within thirty

(30) days.

1. You acknowledge that certain rights may be subject to exceptions and limitations under applicable law, and the Company may be required to retain certain information for the purposes of compliance with legal obligations, enforcement of its rights, fraud prevention and defence of legal claims.

1.  Children and Minors

2. The Website and the Services are intended for adults aged eighteen (18) years and above. The Company does not knowingly collect, solicit or store Personal Information or Personal Data from any individual under the age of eighteen (18) years. The Products (including Shilajit gummies) are not intended for consumption by minors, pregnant women, lactating women or persons with pre-existing medical conditions except on the advice of a qualified medical practitioner.
   1. If the Company becomes aware that it has inadvertently collected Personal Information or Personal Data of any minor without verifiable parental consent, it shall take reasonable steps to delete such information. If you are a parent or guardian and believe that your child has provided Personal Information to the Company, please contact the Grievance Officer so that the Company may take appropriate action.

1.  Marketing and Promotional Communications

2. By providing your contact details on the Website, you consent to receive from the Company, its affiliates and its marketing partners, marketing and promotional communications relating to the Products, offers, discounts, contests, loyalty programmes, surveys and other activities, through e-mail, SMS, WhatsApp, voice calls, push notifications and other channels.
3. You may, at any time, unsubscribe or opt-out from receiving such marketing communications by clicking on the unsubscribe link contained in the relevant communication, by updating your account preferences or by contacting the Grievance Officer. Such opt-out shall not apply to transactional, service-related and legally required communications, which the Company shall continue to send in connection with your orders, account and the Services.

1.  Changes to this Privacy Policy

2. The Company reserves the right, at its sole discretion, to amend, modify, supplement, replace or update this Privacy Policy, in whole or in part, at any time, without any prior notice to you, to reflect changes in law, technology, business practices or the Services.
   1. The revised Privacy Policy shall be published on the Website and shall become effective upon such publication. The date of the latest revision shall be indicated at the top of this Privacy Policy. Your continued use of the Website after the publication of the revised Privacy Policy shall be deemed to be your acceptance of such revised Privacy Policy. You are advised to review this Privacy Policy periodically to remain informed of any such changes.

1.  Grievance Officer

2. In compliance with Section 43A of the IT Act read with Rule 5(9) of the SPDI Rules, Rule 3(2) of the Intermediary Rules and Rule 4(5) of the Consumer Protection (E-Commerce) Rules, 2020, the Company has designated a

Grievance Officer to receive and address grievances of Users in respect of this Privacy Policy, the processing of Personal Information and Personal Data, and any complaints regarding the Website or the Services. The particulars of the Grievance Officer are as under:

Postal Address: 320, 3RD Floor, Fortune Square Commercial Society, Near Trade Center, Bandra Kurla Complex, Bandra East, Mumbai – 400 051, Maharashtra   

Telephone Number: +91 8070066644  | e-Mail  support@bornberry.com | bornberry.com@gmail.com 

Working Hours:10:30 AM to 6:30PM (Monday to Friday, excluding public holidays)

1. Any grievance, complaint or request relating to this Privacy Policy may be addressed to the Grievance Officer in writing, in the English language, clearly setting out the nature of the grievance, the facts and circumstances giving rise thereto, and the relief sought. The Grievance Officer shall acknowledge receipt of such grievance within forty-eight (48) hours and shall endeavour to redress the grievance within a period of fifteen (15) days from the date of receipt, in accordance with applicable law.
   1. If you are not satisfied with the resolution provided by the Grievance Officer, you may escalate your grievance in accordance with applicable law, including by approaching the Consumer Helpline or the Consumer Commission having jurisdiction, or the Data Protection Board of India (once constituted under the DPDP Act).

1.  Contact the Company

2. Any queries, concerns or requests regarding this Privacy Policy or the Company's data-handling practices may be directed to the Company at the address and e-mail set out in the Terms and Conditions of Use in Part B hereof, marked “Attention: Grievance Officer “Bornberry”.
   1. By using the Website, you acknowledge that you have read, understood and agreed to this Privacy Policy.