Seller platform · business.festovee.com
Privacy Policy
For sellers, manufacturers & suppliers.
1.Who we are and our role
Festovee operates a B2B online marketplace connecting verified factories, manufacturers and suppliers (“Sellers”, “you”) with business buyers. In respect of the personal data of Sellers’ proprietors, partners, directors, authorised representatives and contact persons, we act as a Data Fiduciary under the Digital Personal Data Protection Act, 2023 (“DPDP Act”). Where a Seller is a company, partnership or other entity, information about the entity itself is not “personal data”; however, information that identifies an individual (such as a director’s name, PAN or contact details) is protected under this Policy.
2.Scope and your consent
This Policy applies to all Sellers and their representatives who register or transact on the Seller Platform. By registering, completing verification, or listing products, you confirm that you have read and understood this Policy and, where you provide the personal data of other individuals (such as employees or authorised signatories), that you have obtained their consent and are authorised to share it. Where the law requires consent, we obtain it through a clear affirmative action and you may withdraw it as described in Section 14.
3.Definitions
“Personal Data”, “Processing”, “Data Principal” and “Data Fiduciary” have the meanings given under the DPDP Act. “Sensitive Personal Data or Information” (SPDI) has the meaning given under the Information Technology (Reasonable Security Practices) Rules, 2011 and includes financial information such as bank account and payment details. “KYC” means know-your-customer/know-your-business verification.
4.Personal data we collect from Sellers
4.1 Identity and account data
Name of the proprietor/authorised representative, designation, username, password (stored in hashed form), and profile details.
4.2 Contact data
Business email, mobile and telephone numbers, and registered and operational addresses.
4.3 Business and statutory data
Business/trade name, constitution, GSTIN, PAN, and where applicable, Udyam/MSME registration, Import-Export Code, FSSAI or other licences relevant to the products you sell.
4.4 Listing and transaction data
Product listings, pricing, inventory, orders received, fulfilment and dispatch records, returns, ratings and communications with Buyers.
4.5 Payout and financial data
Bank account details, cancelled cheque or bank statement, and settlement records used to remit your sale proceeds.
4.6 Technical and usage data
IP address, device and browser information, log data and cookie identifiers.
5.KYC, verification and financial data
Because Festovee markets Sellers as “verified”, onboarding requires KYC/know-your-business checks. We may collect and verify identity and business documents (such as PAN, GSTIN, incorporation/registration certificates and authorised-signatory identification) directly from you and through authorised verification partners and government databases. Financial information such as bank account details is treated as sensitive personal information and is protected with heightened security. We collect only what is reasonably necessary to verify your business, remit payouts, and comply with tax and anti-fraud obligations.
6.How we collect your data
We collect data (a) directly from you during registration, verification and while you operate your Seller account; (b) automatically through cookies and logs; and (c) from third parties such as KYC/verification agencies, payment partners and public/government registries (for example, GSTIN and PAN verification), to the extent permitted by law.
7.Purposes and lawful basis of processing
We process Seller personal data, on the basis of consent and/or legitimate uses permitted under the DPDP Act, to:
- register, verify and manage your Seller account and the “verified” status of your business;
- enable you to list products, receive and fulfil orders, and communicate with Buyers;
- calculate and remit payouts, apply fees/commissions, and generate settlement statements;
- comply with tax obligations, including any tax collected at source (TCS) and reporting required under the Central Goods and Services Tax Act, 2017;
- prevent and investigate fraud, counterfeit or prohibited listings, and policy violations;
- provide seller support and resolve disputes and grievances;
- send transactional and, where consented, promotional communications;
- improve the Seller Platform and comply with applicable laws and lawful requests.
9.Public visibility of Seller information
To operate a marketplace, certain business and contact information you provide (such as business/trade name, product listings, location and, where required by the Consumer Protection (E-Commerce) Rules, 2020, seller identity and contact details) may be displayed to Buyers and the public. You should not include personal data in listings that you do not wish to be publicly visible.
11.Data retention and erasure
We retain Seller personal data for as long as your account is active and thereafter for the periods required to meet legal, tax, accounting, audit and dispute-resolution obligations. KYC, invoicing and settlement records are retained for the periods prescribed under applicable law (including GST and company law). Security and traffic logs are retained for a minimum of one year as required under the DPDP Rules, 2025. When data is no longer required and there is no legal obligation to retain it, we erase or anonymise it.
12.Data security
We implement reasonable security practices and procedures as required under Section 43A of the Information Technology Act, 2000 and the DPDP Act, including encryption in transit, access controls, segregation of financial data, monitoring, and periodic review. You are responsible for safeguarding your account credentials and for the acts of persons you authorise to access your account.
13.Your rights as a Data Principal
Subject to applicable law, individuals whose personal data we process have the right to access a summary of their personal data and processing; to correction, completion and updating; to erasure where the data is no longer necessary; to grievance redressal; and to nominate another individual to exercise their rights in the event of death or incapacity. To exercise these rights, contact our Grievance Officer / DPO (Section 17) or use your account settings. We respond within the timelines prescribed under applicable law and may verify your identity first.
14.Withdrawal of consent
Where processing is based on consent, you may withdraw it at any time; withdrawal is as easy as giving consent. Withdrawal does not affect processing already carried out or processing for which we have another lawful basis (such as completing settlements, meeting tax/KYC obligations, or resolving disputes). Withdrawing consent necessary to operate your Seller account may result in suspension or closure of the account.
15.Cross-border transfers
We primarily store and process personal data in India. Any transfer to or access from outside India is carried out in accordance with the DPDP Act and any restrictions notified by the Central Government, with appropriate safeguards in place.
16.Data breach handling
We maintain procedures to detect, investigate and respond to personal data breaches, and will notify the Data Protection Board of India and affected Data Principals in the manner and within the timelines prescribed under the DPDP Act and the DPDP Rules, 2025.
17.Grievance Officer & Data Protection Officer
The officer designated to receive and address data-protection queries, grievances and requests is:
- Name
- Mr. Divyank Kakkar
- Designation
- Director — Grievance Officer & Data Protection Officer
- Company
- Festovee Internet Private Limited
- d@festovee.com
- Registered office
- Dehradun, Uttarakhand, India – 248002
We will acknowledge grievances within forty-eight (48) hours and endeavour to resolve them within one (1) month. Rights requests under the DPDP Act are handled within the timelines prescribed under that law.
18.Changes to this Policy
We may update this Policy to reflect changes in law or our practices. The revised Policy will be posted on the Seller Platform with a new Effective Date, and material changes will be communicated where required. Continued use of the Seller Platform after changes take effect constitutes acceptance.
19.Contact us
For general queries, email support@festovee.com or info@festovee.com. For privacy, data-protection and grievance matters, contact our Grievance Officer / DPO at d@festovee.com.
This document has been prepared for Festovee Internet Private Limited and reflects the position of Indian law as at the Effective Date. It is intended for review by qualified legal counsel and completion of any placeholders before publication. It does not by itself constitute legal advice.
