Seller platform · business.festovee.com

Privacy Policy

For sellers, manufacturers & suppliers.

Effective 14 July 2026Version 1.0CIN U82990UT2025PTC018691Dehradun, Uttarakhand, India – 248002
This Privacy Policy is published in accordance with the Digital Personal Data Protection Act, 2023 and the Digital Personal Data Protection Rules, 2025, the Information Technology Act, 2000 (including the Reasonable Security Practices Rules, 2011 and the Intermediary Guidelines Rules, 2021), and the Consumer Protection (E-Commerce) Rules, 2020. Festovee Internet Private Limited (“Festovee”, “we”, “us” or “our”) is committed to protecting the personal data of the individuals associated with the businesses that sell on our platform.

1.Who we are and our role

Festovee operates a B2B online marketplace connecting verified factories, manufacturers and suppliers (“Sellers”, “you”) with business buyers. In respect of the personal data of Sellers’ proprietors, partners, directors, authorised representatives and contact persons, we act as a Data Fiduciary under the Digital Personal Data Protection Act, 2023 (“DPDP Act”). Where a Seller is a company, partnership or other entity, information about the entity itself is not “personal data”; however, information that identifies an individual (such as a director’s name, PAN or contact details) is protected under this Policy.

2.Scope and your consent

This Policy applies to all Sellers and their representatives who register or transact on the Seller Platform. By registering, completing verification, or listing products, you confirm that you have read and understood this Policy and, where you provide the personal data of other individuals (such as employees or authorised signatories), that you have obtained their consent and are authorised to share it. Where the law requires consent, we obtain it through a clear affirmative action and you may withdraw it as described in Section 14.

3.Definitions

“Personal Data”, “Processing”, “Data Principal” and “Data Fiduciary” have the meanings given under the DPDP Act. “Sensitive Personal Data or Information” (SPDI) has the meaning given under the Information Technology (Reasonable Security Practices) Rules, 2011 and includes financial information such as bank account and payment details. “KYC” means know-your-customer/know-your-business verification.

4.Personal data we collect from Sellers

4.1 Identity and account data

Name of the proprietor/authorised representative, designation, username, password (stored in hashed form), and profile details.

4.2 Contact data

Business email, mobile and telephone numbers, and registered and operational addresses.

4.3 Business and statutory data

Business/trade name, constitution, GSTIN, PAN, and where applicable, Udyam/MSME registration, Import-Export Code, FSSAI or other licences relevant to the products you sell.

4.4 Listing and transaction data

Product listings, pricing, inventory, orders received, fulfilment and dispatch records, returns, ratings and communications with Buyers.

4.5 Payout and financial data

Bank account details, cancelled cheque or bank statement, and settlement records used to remit your sale proceeds.

4.6 Technical and usage data

IP address, device and browser information, log data and cookie identifiers.

5.KYC, verification and financial data

Because Festovee markets Sellers as “verified”, onboarding requires KYC/know-your-business checks. We may collect and verify identity and business documents (such as PAN, GSTIN, incorporation/registration certificates and authorised-signatory identification) directly from you and through authorised verification partners and government databases. Financial information such as bank account details is treated as sensitive personal information and is protected with heightened security. We collect only what is reasonably necessary to verify your business, remit payouts, and comply with tax and anti-fraud obligations.

6.How we collect your data

We collect data (a) directly from you during registration, verification and while you operate your Seller account; (b) automatically through cookies and logs; and (c) from third parties such as KYC/verification agencies, payment partners and public/government registries (for example, GSTIN and PAN verification), to the extent permitted by law.

7.Purposes and lawful basis of processing

We process Seller personal data, on the basis of consent and/or legitimate uses permitted under the DPDP Act, to:

  • register, verify and manage your Seller account and the “verified” status of your business;
  • enable you to list products, receive and fulfil orders, and communicate with Buyers;
  • calculate and remit payouts, apply fees/commissions, and generate settlement statements;
  • comply with tax obligations, including any tax collected at source (TCS) and reporting required under the Central Goods and Services Tax Act, 2017;
  • prevent and investigate fraud, counterfeit or prohibited listings, and policy violations;
  • provide seller support and resolve disputes and grievances;
  • send transactional and, where consented, promotional communications;
  • improve the Seller Platform and comply with applicable laws and lawful requests.

8.How we share your data

We do not sell your personal data. We share it only as necessary with: Buyers (limited details required to complete transactions and enable communication); logistics partners; payment and settlement partners and financial institutions; KYC/verification, cloud, analytics and support providers acting as Data Processors under written contract; auditors and professional advisers; and legal, tax or regulatory authorities where required by law. We may also share data in connection with a merger, acquisition or restructuring, subject to this Policy continuing to apply.

9.Public visibility of Seller information

To operate a marketplace, certain business and contact information you provide (such as business/trade name, product listings, location and, where required by the Consumer Protection (E-Commerce) Rules, 2020, seller identity and contact details) may be displayed to Buyers and the public. You should not include personal data in listings that you do not wish to be publicly visible.

10.Cookies and analytics

We use cookies and similar technologies to operate the Seller Platform, keep you signed in, and understand usage so we can improve our services. You can manage non-essential cookies through your browser settings; disabling certain cookies may affect functionality.

11.Data retention and erasure

We retain Seller personal data for as long as your account is active and thereafter for the periods required to meet legal, tax, accounting, audit and dispute-resolution obligations. KYC, invoicing and settlement records are retained for the periods prescribed under applicable law (including GST and company law). Security and traffic logs are retained for a minimum of one year as required under the DPDP Rules, 2025. When data is no longer required and there is no legal obligation to retain it, we erase or anonymise it.

12.Data security

We implement reasonable security practices and procedures as required under Section 43A of the Information Technology Act, 2000 and the DPDP Act, including encryption in transit, access controls, segregation of financial data, monitoring, and periodic review. You are responsible for safeguarding your account credentials and for the acts of persons you authorise to access your account.

13.Your rights as a Data Principal

Subject to applicable law, individuals whose personal data we process have the right to access a summary of their personal data and processing; to correction, completion and updating; to erasure where the data is no longer necessary; to grievance redressal; and to nominate another individual to exercise their rights in the event of death or incapacity. To exercise these rights, contact our Grievance Officer / DPO (Section 17) or use your account settings. We respond within the timelines prescribed under applicable law and may verify your identity first.

14.Withdrawal of consent

Where processing is based on consent, you may withdraw it at any time; withdrawal is as easy as giving consent. Withdrawal does not affect processing already carried out or processing for which we have another lawful basis (such as completing settlements, meeting tax/KYC obligations, or resolving disputes). Withdrawing consent necessary to operate your Seller account may result in suspension or closure of the account.

15.Cross-border transfers

We primarily store and process personal data in India. Any transfer to or access from outside India is carried out in accordance with the DPDP Act and any restrictions notified by the Central Government, with appropriate safeguards in place.

16.Data breach handling

We maintain procedures to detect, investigate and respond to personal data breaches, and will notify the Data Protection Board of India and affected Data Principals in the manner and within the timelines prescribed under the DPDP Act and the DPDP Rules, 2025.

17.Grievance Officer & Data Protection Officer

The officer designated to receive and address data-protection queries, grievances and requests is:

Name
Mr. Divyank Kakkar
Designation
Director — Grievance Officer & Data Protection Officer
Company
Festovee Internet Private Limited
Registered office
Dehradun, Uttarakhand, India – 248002

We will acknowledge grievances within forty-eight (48) hours and endeavour to resolve them within one (1) month. Rights requests under the DPDP Act are handled within the timelines prescribed under that law.

18.Changes to this Policy

We may update this Policy to reflect changes in law or our practices. The revised Policy will be posted on the Seller Platform with a new Effective Date, and material changes will be communicated where required. Continued use of the Seller Platform after changes take effect constitutes acceptance.

19.Contact us

For general queries, email support@festovee.com or info@festovee.com. For privacy, data-protection and grievance matters, contact our Grievance Officer / DPO at d@festovee.com.

This document has been prepared for Festovee Internet Private Limited and reflects the position of Indian law as at the Effective Date. It is intended for review by qualified legal counsel and completion of any placeholders before publication. It does not by itself constitute legal advice.