Effective: to be set when legal signs off.
Data Fiduciary: M/s Prince Jewellery (operating as Prince Pure),
having its principal place of business in India. All references to "we",
"us", "the brand" or "Prince Pure" mean the same legal entity.
1. Why we have this policy
India's Digital Personal Data Protection Act, 2023 ("DPDP Act") requires
us to tell you, in clear language, what personal data we collect, why we
collect it, how long we keep it, who we share it with, and what rights
you have. This page is that disclosure. If anything below is unclear,
please write to our Grievance Officer at the address in §10.
2. What we collect
When you fill in a capture form at one of our events, attend our store,
purchase from us, or sign up to a scheme, we may collect:
- Contact details — your name, mobile number, email (if you give it),
and the area / locality you live in.
- Optional life-event dates — date of birth, anniversary date, and
wedding date if you choose to share these.
- Marketing preferences — your consent to receive WhatsApp / SMS /
email messages, and the channels you are willing to be reached on.
- Purchase context — items you bought, schemes you enrolled in, and
vouchers you redeemed (collected through our point-of-sale system).
- Old-gold details at the time of valuation — weight, karat, and the
receipt that we hand you in return.
- Vendor information if you are a vendor working with us on a
marketing activity — your PAN / GSTIN, bank account, and IFSC. These
are stored encrypted at rest.
We do not collect Aadhaar numbers, biometric data, financial
account passwords, or any data classified as Sensitive Personal Data
under the DPDP Act unless explicitly required by law and disclosed to
you at the point of collection.
3. Why we collect it (purposes)
- To deliver the service you asked for — your voucher, your scheme
enrollment, your old-gold receipt.
- To send you the marketing communications you have opted into
(birthday wishes, festival greetings, scheme updates, event invites).
- To keep accounting and tax records as required by Indian law.
- To verify the identity and tax status of our vendors (KYC).
- To improve our services through aggregate analytics — never to single
individuals out for profiling without their consent.
4. Lawful basis
Your consent, given by ticking the consent box on our capture form,
is the primary lawful basis. For statutory record-keeping (e.g. PMLA
reporting on gold transactions above the threshold) we rely on the
legitimate purpose of legal compliance.
5. Who we share data with
- Communication providers — Meta WhatsApp Cloud API, Gupshup, MSG91
(SMS), Amazon SES (email). These vendors are bound by their own DPDP-
compliant data-processing agreements with us.
- Government authorities when ordered by a court or compelled by
applicable law.
- Auditors appointed by us under non-disclosure agreements.
We do not sell your personal data to third parties for advertising.
6. How long we keep your data
- Active customers: for the duration of the relationship plus seven
(7) years from the date of your last interaction with us. Seven years
is the jewellery-industry norm for audit + PMLA inquiry windows.
- Vendor KYC: for ten (10) years from the end of the engagement,
per Income-tax Act record-retention requirements.
- Marketing-only profiles (you signed up at an event but never
bought anything): for three (3) years, after which we anonymise the
record and retain only aggregate statistics.
When the retention period expires, we erase or anonymise the data.
7. Your rights
Under the DPDP Act you have the right to:
- Access the personal data we hold about you.
- Correct any inaccuracies.
- Erase your data (subject to legal-retention obligations).
- Withdraw consent at any time — reply STOP to any marketing message,
or contact our Grievance Officer.
- Lodge a complaint with the Data Protection Board of India.
A customer self-service portal that lets you exercise these rights
yourself is on our roadmap. Meanwhile please contact the Grievance
Officer — we respond within thirty (30) days.
8. How we protect your data
- Encryption at rest — sensitive identifiers (PAN, GSTIN, bank
account, IFSC) are stored using authenticated symmetric encryption.
- Encryption in transit — all access to our systems is over HTTPS
/ TLS 1.2 or higher.
- Role-scoped access — each staff member sees only the data
relevant to their role. Access is logged.
- Audit trail — every staff access to customer details is recorded.
9. Cookies and tracking
We use only the cookies necessary to keep you logged in and to
maintain your session. We do not use third-party analytics cookies or
advertising trackers on customer-facing pages.
10. Grievance Officer
- Name: to be filled by Prince Pure management
- Email: privacy@princejewellery.com
- Address: to be filled by Prince Pure management
We respond to grievances within thirty (30) days of receipt.
11. Changes to this policy
When we change this policy materially we will publish a new version
here with a new effective date. Old versions are kept for audit.
12. Contact us
For any data-protection or privacy query, write to