Privacy Policy

At Ridhi Mehra, protecting customer privacy is an important part of providing a safe and thoughtful shopping experience. This Privacy Policy explains what personal data is collected, how it is used, when it is shared, how long it is retained, and what rights customers have in relation to that data when they visit ridhimehra.com, make a purchase, contact customer care, book an appointment, or otherwise interact with the brand online or in-store.

This updated version incorporates clearer consumer-facing explanations, a more structured rights and grievance framework, stronger processor and cross-border disclosures for an online retail setup, and useful operational points such as payment gateway processing, account update/deletion routes, and more practical cookie language.

Privacy in simple words

  • Personal data is used to process orders, arrange delivery, provide support, improve the website, and send marketing only where the customer has chosen to receive it or where otherwise permitted by law.
  • Card details, UPI credentials, and banking information are not stored by Ridhi Mehra; payments are processed by payment partners through secure systems.
  • Personal data may be shared with trusted service providers such as Shopify-related tools, payment gateways, logistics providers, CRM tools, customer support platforms, analytics tools, and marketing platforms, but only for legitimate business purposes and subject to appropriate controls.
  • Customers may request access, correction, deletion, withdrawal of marketing consent, or raise a grievance using the contact details in this Policy.

1. Key definitions
For the purposes of this Privacy Policy:

  • Personal Data means any data about an individual who is identifiable by or in relation to that data.
  • Usage Data means technical and behavioural information collected when a customer uses the website, such as IP address, browser type, pages visited, time spent, and device-related information.
  • Cookies means small text files or similar technologies used to keep the website functioning, remember preferences, understand performance, and support analytics or marketing where enabled.
  • Data Principal means the individual to whom the personal data relates.
  • Data Fiduciary means Ridhi Mehra, which determines the purpose and means of processing personal data.
  • Service Providers / Data Processors means third parties engaged to support business operations, including payment gateways, shipping partners, Shopify-related tools, CRM providers, customer support tools, messaging platforms, marketing services, and analytics providers.

2. Information collected
Depending on how a customer interacts with Ridhi Mehra, the following categories of personal data may be collected.

A. Identity and contact details

  • Full name
  • Email address
  • Mobile number
  • Billing address
  • Shipping address
  • Date of birth, where voluntarily provided
  • Information provided while booking an appointment, submitting a request, or updating an account profile.

B. Order and transaction data

  • Products purchased
  • Order history
  • Transaction details
  • Payment status
  • Delivery, return, exchange, or support-related information.[file:36]

Ridhi Mehra does not store debit card numbers, credit card numbers, UPI credentials, CVV values, or banking information. Payment details are processed securely by payment gateway partners and acquiring banks through their own protected systems.

C. Technical, usage, and shopping behaviour data

  • IP address
  • Browser type and version
  • Device and operating system information
  • Referral source
  • Pages visited and time spent
  • Website activity, including products viewed, cart activity, and similar shopping interactions
  • Cookies and similar tracking technologies.

D. Marketing and communication data

  • Preferences relating to email, SMS, and WhatsApp communications
  • Responses to campaigns, launches, events, or customer outreach
  • Wishlist, browsing, or engagement data used to improve shopping experience or marketing performance, where applicable.

3. How personal data is used
Personal data is used only for legitimate business purposes and in accordance with applicable law. Some processing is necessary to provide requested services or comply with legal obligations, while some processing is based on consent or customer choice.

A. Uses necessary to provide products or comply with law
Personal data may be used to:

  • process and confirm orders;
  • arrange delivery, returns, alterations, exchanges, or appointment support;
  • provide customer care;
  • send order confirmations, service messages, and shipping updates;
  • maintain account functionality;
  • detect fraud, prevent abuse, and maintain website security; and
  • comply with accounting, tax, legal, regulatory, or dispute-resolution requirements.

B. Uses based on consent or customer choice
Where consent has been given, or where otherwise permitted by law, personal data may be used to:

  • send newsletters and launch alerts;
  • send promotional messages by email, SMS, or WhatsApp;
  • invite customers to events, previews, or campaigns;
  • personalise product recommendations and shopping experience; and
  • use non-essential analytics or marketing tools to improve website and campaign performance.

4. Marketing communications
With the customer’s consent, Ridhi Mehra may send communications by email, SMS, WhatsApp, or phone regarding new arrivals, launches, private previews, promotions, events, personalised product recommendations, and sale announcements.

Consent for promotional communications may be withdrawn at any time by clicking the unsubscribe link in an email, replying STOP where supported, updating communication preferences where available, or contacting customercare@ridhimehra.com. Withdrawal of promotional consent will not affect service or transactional communications that are necessary to process orders, respond to requests, or comply with law.

5. Cookies and similar technologies
Ridhi Mehra uses cookies and similar technologies to operate the website, improve user experience, understand website usage, and support marketing where enabled.

Cookies may include:

  • Necessary cookies, which support core website features such as cart, checkout, account login, and security;
  • Functional cookies, which remember preferences and improve convenience;
  • Analytics cookies, which help understand how visitors interact with the website; and
  • Marketing cookies, which may help measure campaigns or show more relevant content and advertisements across platforms such as Meta and Google.

Some cookies may be session-based, meaning they expire when the browser session ends, while others may be persistent and remain for a longer period unless deleted through browser settings. Customers may manage non-essential cookies through browser settings or website consent tools where available, although disabling certain cookies may affect parts of the shopping experience.

6. Sharing of personal data
Ridhi Mehra does not sell or rent personal data to third parties.

Personal data may be shared with trusted service providers only to the extent reasonably necessary to operate the business, fulfil orders, support customer care, improve services, or comply with law. These providers may include:

  • payment gateway and payment processing partners;
  • shipping, courier, and logistics partners;
  • Shopify and related e-commerce infrastructure providers;
  • CRM and customer engagement platforms;
  • email, SMS, and WhatsApp communication providers;
  • analytics and website performance tools;
  • customer support platforms; and
  • operational or reporting tools used for store management, customer experience, loyalty, fit recommendation, personalisation, fraud prevention, and related services.

Examples from the current app and platform ecosystem include WhatsApp tools, analytics tools, CRM connectors, virtual try-on or fit-related tools, reporting tools, and similar Shopify-connected applications that may process customer contact details, order history, cart data, or browsing behaviour to perform their specific functions.

All such service providers are expected to process data only for authorised purposes and to maintain appropriate confidentiality and security standards.

Personal data may also be disclosed if required by applicable law, court order, lawful governmental request, or where reasonably necessary to investigate fraud, enforce legal rights, or protect safety and security.

In the event of a merger, acquisition, restructuring, or transfer of business assets, personal data may be transferred as part of the relevant transaction, subject to appropriate legal safeguards and notice where required.

7. Cross-border data transfers
Ridhi Mehra serves customers in multiple jurisdictions and uses global platforms such as Shopify, Meta, Google, email tools, and other service providers that may process data outside India.

Where international transfers occur, reasonable steps are taken to ensure that appropriate safeguards are in place and that processing is handled in accordance with applicable law, including any restrictions that may be notified under the Digital Personal Data Protection Act, 2023.

8. Data security
Appropriate administrative, technical, and organisational safeguards are used to protect personal data from unauthorised access, misuse, loss, alteration, or disclosure.

Payment information is handled through secure payment systems operated by payment gateway providers and acquiring banks. While reasonable measures are taken to protect information, no website, transmission method, or storage system can be guaranteed to be completely secure.

Where required by law, relevant breach-related notifications will be handled in accordance with applicable legal obligations.

9. Customer choices, account updates, and deletion requests
Customers may update certain profile or account information through available account tools or by contacting customer care, as applicable.

A customer may also request closure of an account, correction of inaccurate information, or deletion of personal data that is no longer required, subject to legal, operational, fraud-prevention, accounting, tax, or dispute-related retention requirements.

To help protect privacy and security, Ridhi Mehra may request reasonable identity verification before acting on an access, correction, deletion, or account-closure request.

10. Customer rights
Subject to applicable law, including the Digital Personal Data Protection Act, 2023, a customer may have the right to:

  • request access to personal data being processed;
  • request correction, updating, or completion of inaccurate or incomplete information;
  • withdraw consent for marketing or other consent-based processing;
  • request deletion of personal data that is no longer necessary, subject to lawful retention needs;
  • seek information about how personal data is processed;
  • raise a grievance relating to privacy practices; and
  • where applicable, nominate another person to exercise rights in the event of death or incapacity.

Rights requests may be submitted using the contact details set out below.

11. Data retention
Personal data is retained only for as long as reasonably necessary for the purposes for which it was collected, including order fulfilment, customer support, legal compliance, fraud prevention, dispute resolution, and enforcement of agreements.

In general:

  • order and invoicing records may be retained for the period required under tax, accounting, and commercial laws;
  • customer care records may be retained for a limited period necessary to resolve requests or complaints;
  • marketing records may be retained until consent is withdrawn or the information is no longer reasonably required; and
  • certain records may be archived where necessary for legal, compliance, or evidentiary purposes.

Once no longer required, personal data will be deleted, anonymised, or securely archived in accordance with applicable law and internal practices.

12. Children’s privacy
The website and services are not intended for individuals under 18 years of age, and personal data of children is not knowingly collected.

If it is believed that a child’s personal data has been provided inadvertently, Ridhi Mehra should be contacted so appropriate review and deletion steps can be taken.

13. Third-party links
The website may contain links to third-party websites, social media pages, or partner services. Ridhi Mehra is not responsible for the privacy practices or content of external websites, and customers are encouraged to review the relevant privacy notices before sharing personal data with them.

14. Changes to this Privacy Policy
This Privacy Policy may be updated from time to time to reflect changes in business practices, services, technology, legal requirements, or data processing operations. The latest version will be made available on the website.

Where material changes are made, suitable notice may be provided on the website or through other appropriate channels before or when the changes become effective.

15. Grievance Officer and contact details
If a customer has a privacy-related question, would like to exercise rights, withdraw consent, correct information, request deletion, or raise a grievance, the designated contact details are as follows:

  • Brand: Ridhi Mehra
  • Flagship Store: Ambawatta One, Ground Floor, H 5/3A, Kalka Das Marg, Mehrauli, Opposite Qutub Minar, New Delhi – 110030
  • Email: customercare@ridhimehra.com
  • Phone: +91 98188 70179
  • WhatsApp: +91 98110 65143
  • Website: ridhimehra.com
  • Response Time: Privacy-related requests and grievances are intended to be addressed within 30 days of receipt, subject to identity verification and applicable law.

If a customer is not satisfied with the response provided, the customer may also have the right to escalate the matter to the Data Protection Board of India in accordance with applicable law.