1. Introduction

RAAX is a premium fashion brand owned and operated by Rokks Enterprises Pvt Ltd, a company registered under the laws of India ("we", "us", "our", or the "Company"). We are committed to protecting the privacy and personal data of every individual who interacts with us — including customers, website visitors, social media followers, business partners, and job applicants (collectively, "you" or "User").

This Privacy Policy ("Policy") describes how we collect, use, store, disclose, and protect your personal information when you visit our website (www.raax.in), purchase our products, contact our customer support, or otherwise engage with RAAX across any channel — online or offline.

This Policy is published in compliance with applicable Indian law, including but not limited to:

•       The Information Technology Act, 2000 ("IT Act")

•       The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules")

•       The Digital Personal Data Protection Act, 2023 ("DPDPA") and the rules thereunder, as and when notified

•       The Consumer Protection Act, 2019 and the Consumer Protection (E-Commerce) Rules, 2020

•       The Indian Contract Act, 1872

By accessing or using our services, you acknowledge that you have read, understood, and agree to this Policy. If you do not agree, please discontinue use of our services immediately.

2. Definitions

For the purpose of this Policy, the following terms shall have the meanings assigned to them:

•       "Personal Data" means any information that relates to a natural person and which, either directly or indirectly, is capable of identifying such person, including but not limited to name, contact details, payment information, browsing behaviour, or device identifiers.

•       "Sensitive Personal Data or Information (SPDI)" means financial information, physical/physiological/mental health conditions, sexual orientation, biometric data, passwords, and any other data notified under the SPDI Rules.

•       "Data Principal" means the individual to whom personal data relates (i.e., you, the User).

•       "Data Fiduciary" means Rokks Enterprises, which determines the purpose and means of processing personal data.

•       "Processing" means any operation or set of operations performed on personal data, including collection, storage, use, disclosure, transfer, or deletion.

•       "Consent" means a freely given, specific, informed, and unambiguous indication of agreement by you to the processing of your personal data.

3. What Information We Collect

3.1 Information You Provide Directly

•       Full name, email address, phone number, and delivery address when placing an order or registering an account

•       Payment details (card number, UPI ID, wallet details) — processed via certified third-party payment gateways; we do not store raw payment card data

•       Profile information including date of birth, gender, and size preferences when voluntarily provided

•       Communications sent to our customer support team via email, WhatsApp, or chat

•       Reviews, ratings, testimonials, and user-generated content submitted on our platform

•       Business details (GST number, company name, billing address) for B2B wholesale transactions

 

3.2 Information Collected Automatically

•       IP address, browser type, operating system, device identifiers, and referring URLs

•       Pages visited, time spent, clickstream data, and navigation paths on our website

•       Cookies and similar tracking technologies (see Section 8 for full details)

•       Location data at the city or region level derived from your IP address

 

3.3 Information from Third Parties

•       Social media profile data when you interact with our official handles or use social login features

•       Delivery partner data such as shipment tracking status and delivery confirmation

•       Fraud prevention and KYC data from authorised verification providers

•       Publicly available information for business verification purposes in B2B contexts

4. How We Use Your Information

We process your personal data for the following lawful purposes:

•       Processing and fulfilling orders, including payment authorisation and logistics coordination

•       Creating and managing your account and providing customer support

•       Sending transactional communications such as order confirmations, shipping updates, and invoices

•       Sending promotional communications, offers, and marketing messages — only with your explicit consent, which you may withdraw at any time

•       Personalising your shopping experience and recommending products based on your preferences

•       Conducting internal analytics to improve our products, website, and overall user experience

•       Detecting, preventing, and investigating fraudulent transactions or abuse of our services

•       Complying with legal obligations, court orders, or requests from authorised government authorities

•       Establishing, exercising, or defending legal claims

•       Conducting market research, surveys, and business planning with aggregated and anonymised data

We will not use your personal data for any purpose that is incompatible with the purposes stated herein without obtaining your fresh consent or as otherwise permitted by law.

5. Legal Basis for Processing

We rely on the following legal bases under applicable Indian law for processing your personal data:

•       Contractual Necessity: Processing required to enter into or perform a contract with you (e.g., fulfilling your order)

•       Consent: Where you have given explicit consent, particularly for marketing communications and optional personalisation features

•       Legitimate Interests: Processing necessary for our legitimate business interests, such as fraud prevention, security, and service improvement, provided such interests are not overridden by your rights

•       Legal Obligation: Processing required to comply with applicable laws, regulations, or court orders

Where we rely on consent, you have the right to withdraw such consent at any time, without affecting the lawfulness of processing based on consent before withdrawal.

6. Sharing and Disclosure of Information

We do not sell, rent, or trade your personal data to any third party for commercial gain. We may share your information in the following limited circumstances:

6.1 Service Providers and Partners

We engage trusted third-party service providers who process data strictly on our behalf and under contractual obligations:

•       Payment processors and banking partners (e.g., Razorpay, PayU, Cashfree, or similar RBI-compliant gateways)

•       Logistics and courier partners (e.g., Shiprocket, Delhivery, Blue Dart, or similar) for order fulfilment

•       Cloud hosting, IT infrastructure, and data storage providers (operating within India or under adequate data protection frameworks)

•       Customer communication platforms for email, SMS, and WhatsApp notifications

•       Analytics, advertising technology, and marketing automation partners

•       Fraud detection and identity verification services

 

6.2 Legal and Regulatory Disclosures

We may disclose your information when required by law or in good faith belief that such action is necessary to:

•       Comply with a legal obligation, judicial proceeding, court order, or government request

•       Protect and defend the rights, property, or safety of the Company, our employees, users, or the public

•       Investigate potential violations of our Terms and Conditions or this Policy

 

6.3 Business Transfers

In the event of a merger, acquisition, restructuring, sale of assets, or any similar corporate transaction, your personal data may be transferred to the successor entity, subject to equivalent data protection obligations.

 

6.4 Aggregated and Anonymised Data

We may share aggregated, anonymised, or de-identified data that cannot reasonably identify you, for research, analytics, or marketing purposes, without restriction.

7. Data Retention

We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable law. Specifically:

•       Account data: Retained for the duration of your account and for 3 years after account deletion, unless a longer period is required by law

•       Transaction records: Retained for a minimum of 7 years in compliance with applicable tax and financial regulations under the Income Tax Act, 1961 and GST laws

•       Marketing preferences: Retained until you withdraw consent or request deletion

•       Customer support records: Retained for 2 years from the date of resolution

•       Legal hold data: Retained for the duration of any ongoing legal proceeding or regulatory investigation

Upon expiry of the applicable retention period, we will securely delete or anonymise your personal data.

8. Cookies and Tracking Technologies

Our website uses cookies, web beacons, pixel tags, and similar tracking technologies to enhance your browsing experience and collect usage data.

8.1 Types of Cookies We Use

•       Strictly Necessary Cookies: Essential for the website to function and cannot be switched off. These do not store personally identifiable information.

•       Performance and Analytics Cookies: Help us understand how visitors interact with our website by collecting anonymous metrics (e.g., Google Analytics).

•       Functional Cookies: Enable personalised features such as saved wishlists, size preferences, and language settings.

•       Targeting and Advertising Cookies: Used to deliver relevant advertisements and measure campaign effectiveness. These may be set by our advertising partners.

 

8.2 Your Cookie Choices

You may manage or disable cookies at any time through your browser settings. Please note that disabling certain cookies may affect the functionality of our website. Where required by law, we will seek your consent before placing non-essential cookies.

9. Your Rights as a Data Principal

Subject to applicable Indian law, including the DPDPA 2023 once its rules are fully notified, you have the following rights with respect to your personal data:

•       Right to Access: You may request confirmation of whether we process your personal data and obtain a copy of such data.

•       Right to Correction: You may request correction of inaccurate or incomplete personal data.

•       Right to Erasure (Right to be Forgotten): You may request deletion of your personal data, subject to legal retention obligations and overriding legitimate interests.

•       Right to Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting past processing.

•       Right to Grievance Redressal: You have the right to have your grievances addressed promptly and effectively.

•       Right to Nominate: You may nominate another individual to exercise your privacy rights in the event of your death or incapacity.

•       Right against Automated Decision-making: You may request human review of decisions made solely through automated means that significantly affect you.

To exercise any of the above rights, please contact our Grievance Officer (see Section 14). We will respond to verifiable requests within a reasonable timeframe, not exceeding 30 days unless extended under applicable law.

10. Data Security

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

•       SSL/TLS encryption for all data transmitted between your browser and our servers

•       Encryption of sensitive data at rest using industry-standard protocols

•       Role-based access controls limiting data access to authorised personnel only

•       Regular security audits, vulnerability assessments, and penetration testing

•       Employee data protection training and confidentiality obligations

•       Data processing agreements with all third-party service providers

In the event of a personal data breach that is likely to result in risk to your rights or freedoms, we will notify you and the relevant authority in accordance with applicable law. Notwithstanding our security measures, no method of transmission over the Internet is completely secure, and we cannot guarantee absolute security.

11. Cross-Border Data Transfers

We primarily process and store your personal data in India. Where your data is transferred outside India — for instance, to cloud services or analytics platforms operated internationally — we ensure that such transfers comply with applicable law, including any restrictions or conditions specified under the DPDPA 2023, and that adequate safeguards are in place to protect your data.

12. Children's Privacy

Our services are not directed at individuals under the age of 18 years. We do not knowingly collect personal data from minors. If a parent or guardian becomes aware that a child under 18 has provided us with personal data without their consent, they should contact us immediately at privacy@raax.in. Upon verification, we will promptly delete such data from our records.

13. Third-Party Links and Services

Our website or communications may contain links to third-party websites, social media platforms, or services (including Instagram, Facebook, WhatsApp for Business, etc.). This Policy does not apply to those third-party services, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services you access.

14. Grievance Redressal

In accordance with the IT Act, 2000 and the SPDI Rules, 2011, and in anticipation of the requirements under the DPDPA 2023, we have designated a Grievance Officer to address any concerns or complaints related to your personal data.

 

Grievance Officer Details:

Name: Authorised Representative, Rokks Enterprises Pvt Ltd

Email: support@raax.in

Address: Coimbatore, Tamil Nadu, India

Response Time: Within 30 (thirty) days of receipt of grievance

If you are not satisfied with our resolution, you may approach the Data Protection Board of India (once established under the DPDPA 2023) or other competent authorities as applicable.

15. Changes to This Privacy Policy

We reserve the right to update or modify this Policy at any time to reflect changes in our business practices, legal requirements, or technological developments. Any material changes will be communicated through:

•       A prominent notice on our website

•       Email notification to your registered email address

•       In-app or SMS notification where applicable

The updated Policy will carry a revised "Effective Date" at the top. Your continued use of our services after the effective date of any such changes constitutes your acceptance of the revised Policy. If you do not agree with the changes, you must discontinue use of our services and request deletion of your account.

16. Governing Law and Dispute Resolution

This Policy and any dispute or claim arising out of or in connection with it shall be governed by and construed in accordance with the laws of India. Any disputes relating to this Policy shall be subject to the exclusive jurisdiction of the courts at Coimbatore, Tamil Nadu, India.

We encourage you to contact us first through our Grievance Officer before initiating any legal proceedings, as most concerns can be resolved efficiently through dialogue.

17. Contact Us

For any questions, concerns, requests, or feedback regarding this Privacy Policy or our data processing practices, please reach out to us through the following channels:

 

Brand: RAAX

Company: Rokks Enterprises Pvt Ltd

Email: support@raax.in

Website: www.raax.in

Address: Coimbatore, Tamil Nadu, India