Effective date: 01/02/2026

This Privacy Policy explains how Pitambara Royal Heritage Gems & Jewellery Pvt. Ltd. (“we”, “us”, “our”) collects, uses, discloses and protects personal data when you use our website or services. We aim to meet international privacy standards (GDPR) and Indian data protection expectations (DPDP Act / e-commerce rules) and apply appropriate technical and organisational measures to protect personal data. See the sections below for full details. Key sources we follow include EU GDPR guidance and Indian DPDP developments. GDPR.eu)

1. Data Controller

Pitambara Royal Heritage Gems & Jewellery Pvt. Ltd.
Address: Cokarma, G-5, Next To EIPL, Kokapet, Gandipet, K.V.Rangareddy, Rajendra Nagar, Telangana, India, 500075
DPO / Privacy contact: dpo@pitambararoyalheritage.com  

2. What personal data we collect

We collect the following categories of personal data:

  • Identity & contact data: name, billing/shipping address, phone number, email.
  • Account data: username, password (hashed), order history.
  • Payment data: payment card tokens/transaction IDs processed by our payment provider(s) (we do not store full card PANs). Payment processing is handled by PCI-compliant payment processors. (PCI Security Standards Council)
  • Transactional data: order details, returns, refunds, communications.
  • Device & technical data: IP address, browser, device identifiers, cookies and usage logs.
  • Marketing preferences: subscription status, communication preferences.
  • Optional sensitive data: if you provide personalization requests (for example, birthdates for engraving or gifting), we collect only what you consent to provide.

3. How we collect data

We collect data directly from you (during purchase, account creation, newsletter sign-up), automatically via cookies and server logs, and from third-party services (payment processors, shipping partners, marketing platforms) where you have interacted with those services.

4. Purposes and lawful bases for processing

We process personal data to:

  • Perform the contract (process orders, payments, shipping) — contractual necessity.
  • Comply with legal obligations (tax, anti-fraud, consumer laws) — legal obligation.
  • Send transactional communications (order confirmations, shipping updates) — contractual / legitimate interest.
  • Provide marketing only with your consent (where required) — consent.
  • Improve the Site and detect/prevent fraud — legitimate interest.

Under EU GDPR, data subjects have rights including access, rectification, erasure, restriction, portability and objection. We will honor these rights in line with applicable law. For customers in India, we also comply with applicable DPDP principles and emerging operational rules. (GDPR.eu)

5. Cookies and tracking

We use cookies and similar technologies for essential functioning, analytics, and marketing. See our Cookies Policy for full details (below).

6. Data sharing and third parties

We may share data with:

  • Payment processors (for transaction processing) — PCI-compliant providers. (PCI Security Standards Council)
  • Shipping & logistics partners (to deliver orders).
  • Marketing & analytics providers (with your consent when required).
  • Legal or regulatory authorities when required by law.

We require third parties to implement appropriate security and confidentiality measures.

7. International transfers

Where processing involves transfer of personal data outside India or the EEA, we rely on appropriate safeguards (e.g., standard contractual clauses, adequate protection in the destination country) or legal bases as required. We will notify you if transfers require specific disclosures.

8. Data retention

We retain personal data for as long as necessary to fulfil the purposes set out (e.g., to manage orders, after-sales service, tax and accounting obligations, and legal compliance). Typical retention periods: order records — up to 7 years for tax/accounting purposes; marketing preferences — until consent is withdrawn.

 

9. Security

We follow industry practice to secure personal data with technical and organisational measures (access controls, encryption in transit, monitoring). For payment data, we integrate only with PCI-compliant gateways and do not store full payment card PANs on our systems. Organizations should follow PCI DSS v4.x requirements for payment environments. (PCI Perspectives)

10. Children

Our Site is not intended for children under 18. We do not knowingly collect personal data from children. If we learn that we have collected children’s data without verifiable parental consent, we will delete it.

11. Data subject rights and requests

You can exercise rights (access, correction, erasure, portability, restriction, objection) by contacting our DPO at dpo@pitambararoyalheritage.com  or by postal mail to our registered address. We will respond within legal timeframes as required by applicable law.

12. Breach notification

If a personal data breach occurs that creates a risk to your rights, we will notify the affected data subjects and relevant supervisory authority as required by applicable law (for EU residents under GDPR and in India under DPDP rules). Recent DPDP rules set out operational notification timelines and obligations for data fiduciaries.

13. Changes to this Privacy Policy

We may update this Policy to reflect legal or operational changes. The current version’s effective date is at the top.

14. Contact

Data Protection Officer: dpo@pitambararoyalheritage.com
Postal contact: Pitambara Royal Heritage Gems & Jewellery Pvt. Ltd., Cokarma, G-5, Next To EIPL, Kokapet, Gandipet, K.V.Rangareddy, Rajendra Nagar, Telangana, India, 500075

Legal note: This Privacy Policy states our internal practices. For jurisdiction-specific legal compliance (for example, GDPR enforcement nuances or DPDP operational rules), please consult your legal advisor.

Sources / Authorities referenced: GDPR guidance; DPDP Act & rules developments; PCI SSC guidance. (GDPR.eu)