©2025
Privacy*
Last Updated: 15th July, 2025
#YourDataYourChoice
At Burgundy Industries, your privacy matters to us. We are committed to protecting your personal data and being transparent about how we use it. This Privacy Policy explains what personal data we collect, how we use it, why we collect it, and the rights you have in relation to your data.
Who is collecting your data?
This Privacy Policy applies to all personal data that is collected, used, or processed by or on behalf of Burgundy Industries (“Burgundy Industries”, “we”, “us”, or “our”), a company incorporated under the laws of India and having its registered office at 11-449, Main Road, Kanchikacherla, NTR District, Vijayawada, Andhra Pradesh - 521180, as well as its group companies, subsidiaries, affiliates, business units, contractors, and authorized third-party service providers, whether operating within India or globally.
Burgundy Industries is committed to upholding the trust you place in us when you share your personal data. We consider ourselves the "data fiduciary" under applicable Indian data protection laws (such as the Digital Personal Data Protection Act, 2023), and the “data controller” as defined by equivalent global privacy laws, such as the General Data Protection Regulation (GDPR) in the European Union.
This Policy covers the collection of personal data in a wide range of circumstances, including but not limited to the following:
When you interact with our websites, mobile apps, or digital platforms;
When you engage with offline activities, such as participating in product demonstrations, customer engagement programs, exhibitions, surveys, or promotional campaigns;
When you purchase products, create accounts, contact our support team, or communicate with us in any capacity;
When you subscribe to our newsletters or marketing communications;
When you register for loyalty programs, competitions, or customer reward schemes;
When you engage with our content or advertisements on third-party platforms such as social media websites (like Facebook, Instagram, or YouTube), affiliate marketplaces, or digital advertising networks;
When we collect your data from trusted third-party sources that have your consent or legal basis to share your data with us.
A. Legal Entity Responsible for Your Data
A. Legal Entity Responsible for Your Data
The primary entity responsible for the collection and processing of your data is:
Burgundy Industries
11-449, Main Road, Kanchikacherla, NTR District, Vijayawada, Andhra Pradesh - 521180
Email: communications@burgundyindustries.com
In specific contexts, your personal data may also be collected by our affiliated companies, business units, or contractual partners operating under strict privacy and data protection obligations. These may include authorized distributors, technology service providers, marketing agencies, e-commerce logistics partners, or data analytics vendors engaged to process data only on our behalf and under our instructions.
B. Scope of This Policy
This Privacy Policy applies to:
All digital properties and content owned, operated, or controlled by Burgundy Industries, including our official websites (e.g., www.burgundyindustries.com), mobile applications, e-commerce platforms, and microsites or campaign landing pages;
Any form of electronic communication (emails, newsletters, text messages, etc.) initiated by Burgundy Industries to users, customers, business partners, or other stakeholders;
All offline engagements through which data is voluntarily shared with us, including trade shows, feedback forms, product warranty cards, customer care calls, and physical forms collected in retail settings;
Any third-party website or platform where Burgundy Industries maintains a verified business presence or operates a branded interface, such as social media pages, partner e-commerce platforms, or advertising networks.
Note that when you interact with Burgundy Industries on external platforms (e.g., Facebook, Google, Amazon, etc.), your data may also be subject to the privacy policies of those platforms. We strongly recommend reviewing the privacy notices of such third parties in addition to this one.
C. Consent and Relationship of Trust
Burgundy Industries respects your autonomy and acknowledges that your personal data is your own. Therefore, we collect and process your data only:
When you have given your explicit consent;
When the processing is necessary to perform a contract with you (e.g., for an online order);
When we are legally required to collect or disclose such data (e.g., tax, regulatory compliance);
Or when we have a legitimate business interest that is not overridden by your rights (e.g., ensuring digital platform security or improving user experience).
Your trust is foundational to our business. We do not rent, sell, or trade your personal data with unauthorized entities. Where we use data processors or service providers, we ensure they are bound by confidentiality obligations and process data only under our instructions and within the scope of legitimate business operations.
D. Types of Entities Who May Act on Our Behalf
As part of our business operations, we may designate certain external parties to collect, store, or process data on our behalf. These may include:
Technology providers: web hosting services, cloud storage companies, CRM tools, etc.;
Payment gateways: to securely process your transactions and manage billing;
Logistics and supply chain partners: for delivery, returns, and fulfillment;
Customer engagement vendors: for chatbots, customer service platforms, or survey tools;
Marketing and advertising partners: for campaign execution, analytics, and targeted advertising;
Professional advisors: such as auditors, legal firms, and consultants.
E. When You Contact Us
Whenever you contact Burgundy Industries, whether via email, phone, feedback forms, customer care helplines, or social media messages, any personal data you provide to us in those interactions (such as your name, contact information, or order ID) will be stored securely and used strictly for the purpose of responding to your query or request. If your concern involves a legal or regulatory issue, it may also be escalated internally to our Data Protection Officer (DPO).
F. Collection on Behalf of Others
In rare cases, Burgundy Industries may also collect data on behalf of partners or clients under a separate agreement (e.g., joint promotions or brand partnerships). In such instances, we will clearly indicate the identity of the party on whose behalf data is being collected, and such data will be governed jointly or separately as per the applicable agreement.
What data do we collect?
At Burgundy Industries, we believe that transparency is key to building trust. Therefore, we want to clearly explain the kinds of personal data we collect, the means through which we collect them, and the contexts in which this information may be shared or used. We are committed to collecting only that data which is necessary for legitimate business purposes, improving user experience, enhancing our services, and complying with legal obligations.
The term "personal data" refers to any information — whether directly or indirectly — that can be used to identify an individual. This includes information such as your name, contact details, online identifiers, financial data, and user preferences, as well as technical data like IP addresses and device identifiers.
A. Categories of Personal Data We Collect
Identity Data
Full name (first, middle, last)
Username, display name, or similar identifiers
Date of birth and age
Gender
Photograph (when voluntarily provided)
Contact Data
Residential or business address
Email address
Phone number (mobile and/or landline)
Social media handles (if interacting via platforms like Instagram, Facebook, etc.)
Account and Profile Data
Account registration details (username, password, security questions)
User preferences, settings, and interests
Saved delivery addresses, billing preferences
Loyalty program IDs, membership levels, and reward points
Financial and Transaction Data
Payment card details (processed securely via PCI-DSS compliant gateways)
UPI IDs, digital wallet information
Purchase history and invoices
Transaction records (e.g., refunds, returns, and exchanges)
Note: We do not store your card verification values (CVV) or other sensitive financial credentials. All such data is encrypted and managed by secure payment gateways.
Marketing and Communication Data
Consent status for receiving promotional emails, newsletters, SMS, or app notifications
Communication preferences
Participation in surveys, polls, or contests
Reviews, ratings, testimonials, or comments submitted to our platforms
Location Data
General location based on IP address
Precise location (e.g., GPS data) if permitted via mobile app settings
Region-specific browsing behavior for personalized offers and regional language support
Technical and Device Data
IP (Internet Protocol) address
MAC address and device ID
Browser type and version
Operating system and platform
Mobile device information (e.g., make, model, operating system)
Time zone, language settings
Cookie IDs and session tokens
Usage and Interaction Data
Browsing behavior on our websites and mobile apps
Clickstream data (pages visited, products viewed, search terms used)
Time spent on pages or in the app
Download history (e.g., brochures, product guides)
User navigation patterns, scroll activity, or bounce rates
Interaction with banners, ads, popups, or chatbot elements
Social Media and Third-Party Data
Public profile information from social media platforms (if you engage with us there)
Engagements like likes, shares, mentions, or comments
Interests and demographics as shared by social networks
Referral data from influencers, affiliate partners, or ad networks
Sensitive Personal Data (only if explicitly provided)
Health-related information (e.g., allergies, dietary preferences) if needed for specific product recommendations
Child-related information (e.g., age of child for kids’ nutrition products)
Biometric identifiers (only if ever used for authentication, e.g., face recognition in app)
Government-issued ID (only where legally required for verification)
B. How Do We Collect This Data?
Register or create an account on our website or app
Fill out online or physical forms (feedback, warranty registration, event participation)
Subscribe to our newsletters or product alerts
Contact our customer support team
Enter a contest, survey, sweepstakes, or promotion
Participate in a market study or product trial
Provide feedback or testimonials
Cookies and tracking pixels
Web beacons and session storage
App usage monitoring (via SDKs, crash logs, app analytics)
Analytics scripts like Google Analytics, Facebook Pixel, and similar platforms
Advertising networks
Social media platforms (as per your permissions)
Ecommerce platforms (e.g., Amazon, Flipkart, if you buy our product via these partners)
Logistics and fulfillment companies
Payment gateways
Data enrichment service providers
Market research companies
C. Aggregated and Anonymized Data
In addition to identifiable data, we may also collect and process aggregated, anonymized, or pseudonymized information for analytics and research purposes. For example:
Demographic summaries (e.g., “40% of our users are from South India”)
Product usage trends
Web performance diagnostics
D. Special Note on Cookies and Tracking Technologies
We use cookies, tracking pixels, web beacons, and session identifiers to improve our website functionality, personalize your experience, and serve relevant ads. These may store:
Session IDs for login continuity
Cart and checkout data
Browsing preferences
Product recommendations
You can choose to accept, reject, or customize your cookie preferences when prompted. For more details, please refer to our [Cookie Policy].
E. Voluntary vs. Mandatory Data
Not all data is mandatory. Wherever possible, Burgundy Industries distinguishes between required and optional fields. However, if you choose to withhold essential data (e.g., contact or payment information), we may be unable to process your orders, respond to queries, or provide personalized services.
F. Accuracy and Currency of Data
To ensure we provide the best services, we rely on you to keep your personal data accurate and up to date. You may access, correct, or update your data at any time by logging into your account or contacting our Data Protection Officer.
Why Do We Collect Your Data?
At Burgundy Industries, we collect and process your personal data for a variety of clearly defined, legitimate purposes—each driven by a commitment to enhance your experience, deliver value, maintain trust, and fulfill our legal, operational, and contractual obligations.
We do not collect data arbitrarily. Every piece of information we collect is directly tied to providing you with better products, services, communications, and customer support. We also use your data to fulfill any commitments we have toward you as a user, customer, partner, supplier, or stakeholder.
Our data practices are built on the principles of necessity, transparency, accountability, and purpose limitation—meaning we only collect the data we need, and only use it for the purposes clearly outlined below.
Purposes for Which We Collect and Process Your Personal Data
Your personal data may be used for one or more of the following reasons:
1. To Fulfill Orders, Deliver Products, and Manage Transactions
We collect data like your contact information, address, and payment details so we can:
Process and fulfill orders placed through our website, mobile app, or marketplace partners;
Deliver products or coordinate with third-party logistics and shipping providers;
Provide real-time order status updates and shipment tracking;
Validate payments, generate invoices, and handle returns or refunds;
Prevent duplicate or fraudulent orders and verify customer identity where needed.
Legal basis: Contractual necessity; Legitimate interest
2. To Provide Customer Support and Resolve Queries
We process your contact information, communication history, and interaction logs to:
Respond to your inquiries, requests, or complaints promptly;
Troubleshoot issues related to product performance, delivery, or usability;
Handle warranty claims, service requests, or feedback escalation;
Ensure internal quality assurance and training for our customer service staff.
Legal basis: Legitimate interest; Consent (if applicable); Contractual obligation
3. To Improve Our Products, Services, and Platforms
We use your browsing data, product usage feedback, purchase trends, and survey responses to:
Monitor user behavior to identify bugs or usability issues;
Enhance website and mobile app functionality, design, and experience;
Innovate and develop new product offerings based on consumer preferences;
Analyze market demand and segment-specific needs (e.g., children, health-conscious users, eco-friendly buyers).
Legal basis: Legitimate interest; Consent (if voluntarily submitted)
4. To Personalize Your Experience and Product Recommendations
We analyze your interactions, preferences, and behavior to:
Customize your homepage, search results, or product listings;
Recommend items you may like based on past purchases or browsing;
Deliver tailored offers, product bundles, or discounts;
Reduce irrelevant content and present what matters to you.
Legal basis: Consent; Legitimate interest
5. To Send You Marketing and Promotional Communications
If you opt-in or show interest, we use your data to:
Share newsletters, updates, product launches, or upcoming events;
Notify you of discounts, exclusive offers, or rewards programs;
Promote campaigns or contests we think you may enjoy;
Re-engage inactive users via email, SMS, push notifications, or targeted social media ads.
We will always provide you with the option to unsubscribe or opt out.
Legal basis: Consent
6. To Enable Participation in Promotions, Surveys, and Loyalty Programs
When you join a Burgundy campaign, loyalty program, or contest, we use your data to:
Register and authenticate your participation;
Track points, entries, or benefits you accrue;
Select and notify winners or eligible beneficiaries;
Deliver rewards, freebies, or participation certificates.
Legal basis: Contractual obligation; Consent
7. To Conduct Profiling and Segmentation for Enhanced User Targeting
Using advanced analytics, we create user profiles by combining:
Online behavior (pages visited, time spent, clicks);
Demographics and location data;
Purchase history and product interests;
Communication engagement (e.g., which emails you open).
These profiles help us:
Understand consumer needs at a deeper level;
Group users into segments (e.g., health-conscious parents, budget shoppers);
Offer more relevant recommendations, messaging, and advertising.
Legal basis: Consent (opt-in to profiling); Legitimate interest (for broad segments)
8. To Ensure Safety, Security, and Fraud Prevention
Your personal and technical data helps us:
Detect and block fraudulent transactions or activities;
Secure user accounts against unauthorized access;
Monitor unusual patterns, bots, or suspicious logins;
Maintain platform integrity and compliance with cybersecurity frameworks.
Legal basis: Legal obligation; Legitimate interest
9. To Comply With Legal and Regulatory Obligations
We may collect and disclose certain data to:
Comply with laws, regulations, and court orders;
Respond to legitimate government requests;
Satisfy tax, accounting, or audit requirements;
Ensure product recalls or safety notices reach affected users;
Enforce terms and conditions or resolve disputes.
Legal basis: Legal obligation; Public interest
10. To Carry Out Business Operations and Management
As part of normal business conduct, we may process your data for:
Internal analytics, budgeting, forecasting, and reporting;
Corporate restructuring, acquisitions, or due diligence;
Vendor, distributor, or partner management (if you represent a business);
Strategic planning, legal defense, or compliance audits.
Legal basis: Legitimate interest; Legal obligation
B. Legal Basis for Processing Your Data
We rely on a combination of lawful bases for processing your personal data, depending on the specific context. These include:
Your Consent – When you actively opt in (e.g., marketing emails, surveys)
Contractual Necessity – To fulfill our obligations if you order or subscribe
Legal Obligation – When required to comply with applicable laws or regulations
Legitimate Interest – When it benefits you or us in a reasonable and non-intrusive way
Where consent is used, you may withdraw your consent at any time without affecting the lawfulness of prior processing.
C. Automated Decision-Making and AI-Based Processing
We may use automated systems and AI-based tools to:
Analyze patterns and predict your preferences;
Determine eligibility for promotional offers;
Score customer interactions for support prioritization.
No significant decision impacting your rights or finances will be made solely based on automated processing unless it is necessary for entering into a contract or has your explicit consent.
Special Categories of Data (Sensitive Personal Data)
Certain types of personal data are classified as “Special Categories of Data” or “Sensitive Personal Information” under various data protection laws, such as India’s Digital Personal Data Protection Act (DPDPA), the General Data Protection Regulation (GDPR) in the EU, and similar global frameworks.
These categories include information that, if misused or mishandled, could pose a higher risk to your privacy and individual rights. Burgundy Industries takes extra precautions when collecting, storing, or processing any such data. We only do so in strict adherence to legal requirements and with your explicit, informed, and affirmative consent.
A. What Is Sensitive Personal Data?
Sensitive personal data (SPD) may include, but is not limited to:
Health-related data: Medical conditions, allergies, dietary requirements, or disabilities
Biometric data: Facial recognition, voice prints, fingerprint data (only if used for authentication)
Genetic data: DNA or inherited health traits (not typically collected)
Religious or philosophical beliefs
Sexual orientation or gender identity
Racial or ethnic origin
Government-issued IDs: Aadhaar number, PAN, passport, or driving license, when required
Children’s data: Information related to minors (under the age of 18 in India)
B. When Do We Collect Special Categories of Data?
We may request or process sensitive personal data only in limited and clearly defined scenarios. These include:
1. Health & Nutrition Preferences
If you are purchasing or inquiring about health-focused, age-specific, or dietary-sensitive products (e.g., baby food, fortified cereals, or allergy-free powders), we may ask:
Whether you or your child has specific dietary restrictions (e.g., nut allergies, lactose intolerance)
If you are pregnant, nursing, or have a condition that requires tailored nutrition
This allows us to:
Recommend suitable products
Prevent promotion of unsuitable items
Provide safety notices and accurate usage directions
2. Children’s Data
If you register your child (e.g., to receive age-specific product offers or parenting tips), we may collect:
Child’s age or date of birth
Gender
Developmental preferences or needs (e.g., "toddler nutrition")
Such data will be collected only with the verified consent of a parent or legal guardian and used solely for age-appropriate communications, loyalty programs, or tailored offers.
Example: A parent signs up for our “Burgundy Kids” newsletter, indicating their child is 2 years old. We may use this to recommend stage-2 weaning products, notify about toddler-safe promotions, or avoid sending irrelevant content.
3. Event Participation or Research Studies
If you voluntarily take part in:
Product trials (e.g., allergy-friendly formulas)
Health or lifestyle surveys
Consumer panels related to sensitive subjects
We will inform you in advance about any sensitive data involved and obtain your consent.
4. Government IDs for Verification
In specific regulatory or tax-related situations (e.g., high-value purchases, prize fulfillment, or distributor agreements), we may require copies of:
Aadhaar, PAN, GSTIN
Driver’s License or Passport (for KYC)
This will only be collected where mandated by law, and stored in secure, encrypted formats.
5. Biometric Information
Currently, we do not collect biometric data for general users. If biometric authentication (e.g., fingerprint login in app) is introduced in the future, it will:
Be entirely optional
Use device-level encryption
Never be stored on Burgundy servers
C. How Do We Process Sensitive Personal Data?
Whenever we collect sensitive data:
We explicitly explain the reason and purpose during collection.
We store the data securely, with additional layers of encryption and access control.
We ensure only trained and authorized personnel can access such information.
We never sell, rent, or share this data with third parties for unrelated marketing purposes.
Additionally, you always have the right to opt out or decline to provide such data without impacting your general use of our website or services, unless the data is strictly required for a specific transaction (e.g., identity verification for financial compliance).
D. Consent and Withdrawal
We will always seek your informed and explicit consent before processing any sensitive personal data. This consent will:
Be recorded and timestamped
Clearly describe the nature of the data, the reason for collection, and how it will be used
If at any time you wish to withdraw your consent, you may do so by:
Visiting your account settings
Contacting our Data Protection Officer or customer care team
Submitting a request via the Privacy Portal
Once consent is withdrawn, we will promptly delete or anonymize the associated data unless required to retain it for legal, tax, or regulatory compliance.
E. Children’s Privacy and Parental Consent
Burgundy Industries is committed to protecting the privacy of minors. We do not knowingly collect personal data from children below the age of 18 without:
Prior, verifiable consent from a parent or guardian, and
Full disclosure of how that information will be used
If we learn that a child’s data has been collected without proper authorization, we will delete it immediately.
We also use age filters and screening tools to:
Ensure eligibility for contests or campaigns
Prevent children from accessing age-restricted content or offers
F. Sensitive Data Sharing Limitations
We will never share your sensitive personal data with any third party except:
Where legally mandated (e.g., for law enforcement, fraud investigations)
Where required for a service you have explicitly signed up for (e.g., allergy-safe product trial)
With trusted partners or service providers under strict contractual obligations and confidentiality
During emergencies, to protect your life, health, or safety
All such sharing is documented and monitored for compliance.
How Do We Protect Children’s Privacy?
At Burgundy Industries, we recognize the critical importance of safeguarding children’s personal data and privacy rights. Our commitment to protecting minors extends beyond legal compliance—it's a foundational value that guides the way we design our products, marketing efforts, digital platforms, and customer engagement policies.
As many of our products, especially in the nutritional and wellness category, may be consumed or purchased for children, we have developed special protocols and safeguards to ensure that any data collected in this context is handled responsibly, transparently, and with the highest degree of sensitivity.
A. Age-Appropriate Access and Parental Involvement
Burgundy’s websites, mobile apps, and online platforms are intended for general audiences, but we are aware that some users may be parents, guardians, or caregivers purchasing or researching products for children.
To ensure child privacy is preserved:
We do not knowingly collect personal data directly from children under the age of 18, unless verifiable consent has been provided by a parent or legal guardian.
If a service, feature, or campaign is aimed at children (e.g., a baby nutrition guide or child growth tracker), we explicitly state that only adults may register, manage, or interact with such services on behalf of the child.
In countries like India, where the Digital Personal Data Protection Act (DPDPA) mandates parental consent for processing data of individuals under 18, we have built-in consent verification mechanisms.
B. When We May Collect Children’s Data
We may collect limited data about children only when it is provided by an adult user for purposes such as:
Registering for a parenting program or newsletter
E.g., A mother registers for updates on toddler nutrition products.
Data collected may include the child’s age range (e.g., 1–3 years), name, or birthdate.
Participating in age-based offers, contests, or promotions
We ask for age verification and parental consent before accepting entries.
Proof of age may be required to confirm eligibility.
Tailoring product recommendations
When a user requests suggestions based on their child’s age, dietary needs, or health conditions.
Purchasing products designed specifically for children
For example, organic baby food, fortified cereals, or sensitive-skin formulations.
In all such cases, data collection is limited, purpose-specific, and done only with consent from the parent or legal guardian.
C. Safeguards for Children’s Data
When children’s data is collected (via the parent or guardian), we ensure:
Minimal data collection: We only request what is strictly necessary (e.g., age group instead of exact birth date, where possible).
Clear explanation of the purpose and how the data will be used.
No profiling, tracking, or behavioral targeting is conducted on the child’s data.
No advertising or direct marketing is directed at children based on their personal information.
No public disclosure: Children’s data is never published, posted, or made publicly accessible on any of our platforms.
Data storage is secured using the same encryption, access restrictions, and retention controls as adult personal data—often with additional review.
We do not permit third-party ad networks or plugins to collect personal data on any child-oriented sections of our websites or apps.
D. Parental Rights and Controls
If you are a parent or legal guardian, you have the right to:
Review the personal data we have collected about your child;
Request access, correction, or deletion of that data at any time;
Withdraw your consent for further collection or use of your child’s data;
Object to any processing that you believe is unnecessary or intrusive.
You can exercise these rights by contacting our Privacy Office or using the Contact Us form on our website.
We will take all reasonable steps to verify your identity and authority as the child’s parent or guardian before processing such requests.
If Burgundy Industries learns that we have inadvertently collected personal data from a child under 18 without proper consent, we will:
Immediately delete or anonymize the data from our records;
Notify the parent or guardian, if contact details are available;
Review and enhance the relevant process to prevent recurrence.
We also monitor our systems regularly to detect any unauthorized access or improper handling of child data.
F. Age-Based Restrictions on Access and Participation
To further support child safety, we impose age restrictions on certain areas of our website or app, such as:
Contests or sweepstakes that require users to be 18+;
Loyalty programs, reward schemes, or feedback surveys;
Product reviews, community forums, or UGC uploads;
Account creation and payment-related features.
Where necessary, we implement age-verification gates or disclaimers, and we require adults to manage accounts on behalf of children.
G. Educational Resources and Responsible Content
Burgundy strives to offer content that is:
Parent-guided and responsibly curated;
Educational, informative, and free of manipulative design;
Built in line with digital wellbeing standards and ethical marketing practices;
Compliant with global frameworks like UNICEF’s Guidelines on Children’s Data Privacy, the DPDPA, and COPPA (where applicable).
H. Summary of Our Commitment
We never knowingly collect, use, or share personal data from children without verified consent;
We enforce strict internal protocols, monitor compliance, and train our teams on children’s privacy laws;
We encourage parents to actively monitor their child’s use of digital platforms, including Burgundy websites and services.
If you have any concern or suspicion regarding children’s data privacy at Burgundy, please contact us immediately at:
What Purpose Do We Use Your Data For?
At Burgundy Industries, we collect and use your personal data solely for lawful, fair, specific, and necessary purposes. Whether you're engaging with us online, purchasing our products, signing up for our updates, or simply browsing our websites, we process your data to improve your experience, fulfill our commitments, and uphold our obligations.
We ensure all use of personal data aligns with applicable data protection laws such as India’s Digital Personal Data Protection Act (DPDPA) and other regional or international standards, depending on the jurisdiction of use.
Below, we outline in detail the purposes for which we collect and process your personal data:
A. To Provide and Deliver Our Products and Services
We use your data to:
Process your product purchases and manage transactions
Arrange for product deliveries, including packaging, shipment, and notifications
Confirm order status, provide invoices or digital receipts
Manage returns, exchanges, cancellations, and refunds
Authenticate your identity and prevent payment fraud
Example: When you place an order on our e-commerce portal, we require your name, delivery address, contact number, and payment details to process and deliver your order efficiently and securely.
B. To Communicate With You
We use your contact details and preferences to:
Respond to your queries, complaints, or support requests
Share transactional communications, such as order confirmations, delivery status, or product recalls
Send you updates related to your account, preferences, or consent status
These communications are essential for fulfilling our contract with you and are not promotional in nature unless you have opted in to receive marketing content.
C. To Provide Customer Support and Service Quality
We may process personal data during:
Customer care calls, chats, or emails
Grievance redressal requests
Product feedback, satisfaction surveys, or issue resolution
Your communication may be recorded or monitored for quality control, training, and documentation purposes.
D. To Improve Our Products, Services, and Platforms
Your interactions help us:
Understand usage patterns, preferences, and product performance
Conduct consumer insights, usability testing, and research
Refine product formulations, packaging, and delivery experiences
Troubleshoot website/app bugs, loading speeds, and technical errors
Example: If users consistently abandon the checkout process on a certain mobile screen, we use anonymized session data to analyze and fix user experience issues.
E. To Personalize Content, Recommendations, and Offers
Where you have consented, we may use your data to:
Tailor product recommendations based on browsing or purchase history
Curate content based on your interests or demographics (e.g., parenting tips, millet nutrition, etc.)
Offer personalized discounts, early access to new launches, or special bundles
Serve relevant banners, notifications, or alerts via app, web, or email
We never use sensitive personal data (such as health or religious beliefs) for personalization unless you have explicitly consented to it.
F. To Send You Marketing Communications
If you opt in, we will:
Send newsletters, product launches, or promotional messages
Share educational or lifestyle content aligned with your preferences
Inform you of events, webinars, brand stories, and behind-the-scenes content
You can opt out of such communications at any time via your account settings, unsubscribe links, or by contacting our support team.
G. To Operate Loyalty Programs and Promotions
When you participate in:
Reward schemes
Membership benefits (e.g., Burgundy Circle)
Giveaways, contests, or sample trials
We use your data to:
Validate your eligibility
Deliver rewards, coupons, or gifts
Communicate participation results or instructions
We ensure that such programs comply with local age and consent laws, especially when children’s data may be involved.
H. For Internal Business Operations
We may use your data for:
Audits, risk management, or business planning
Compliance with applicable taxation, e-commerce, or consumer laws
Tracking product performance, logistics, and supplier operations
Monitoring inventory, restocking alerts, or demand forecasting
Data used here is often aggregated and not used for profiling individuals unless absolutely necessary.
I. To Detect and Prevent Fraud, Security Breaches, or Misuse
We process certain personal data to:
Authenticate login attempts or device access
Detect suspicious activities such as bot attacks or account hijacks
Prevent fraudulent returns, fake accounts, or misuse of promotional offers
Report any incidents to regulatory authorities when required
We may use cookies, IP addresses, device fingerprints, and location data for these purposes.
J. To Fulfill Legal, Regulatory, and Contractual Obligations
Your data may be processed to:
Comply with statutory, legal, or regulatory requirements (e.g., GST reporting, KYC norms)
Enforce our Terms of Use, refund policy, or e-commerce rules
Cooperate with law enforcement or court orders
Comply with obligations under consumer protection, food safety, tax, or IT laws
K. To Create Segments and Profiles (with Your Consent)
We may, with your explicit permission:
Segment audiences based on preferences (e.g., vegan users, first-time parents, fitness enthusiasts)
Run A/B tests to enhance content
Profile interest groups to deliver more relevant product suggestions or campaigns
Profiling never involves automated decisions that have legal or similarly significant effects on you without human intervention.
You can opt out of such profiling anytime via our privacy dashboard.
L. For Research, Innovation, and Product Development
We may use de-identified and aggregated data to:
Analyze consumer behavior trends
Conduct nutritional research, especially for our food and wellness categories
Co-create products with user insights
Collaborate with universities or healthcare partners under strict data-sharing protocols
M. For Emergency Communications
In the rare event of:
A product safety recall
A data breach
A public health concern
We may use your registered contact information to promptly notify you, even if you have opted out of other communications, to protect your health and rights.
Conclusion: Transparent, Responsible Use
We will always notify you—either at the time of collection or within a reasonable period—regarding:
The purpose for which your data is collected,
The legal basis we rely on,
Whether providing it is mandatory or optional, and
The consequences of refusing to provide it.
When we rely on your consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before the withdrawal.
Who Will Your Data Be Shared With?
At Burgundy Industries, we deeply respect your trust. When you provide us with your personal data, we commit to protecting it and sharing it only in ways that are transparent, secure, legally compliant, and beneficial to you.
We do not sell your personal data to third parties. However, to deliver our products and services efficiently, and to improve your experience with our brand, we may share your data in controlled, contractually bound, and purpose-specific ways.
Below are the types of entities with whom your personal data may be shared:
A. Within Burgundy Industries and Our Group Companies
We may share your personal data internally across departments and entities within the Burgundy Industries group, including any future subsidiaries, affiliates, or associated businesses, to:
Fulfill orders and services
Personalize your experience across platforms
Conduct joint marketing, product development, or loyalty programs
Streamline customer service and feedback mechanisms
Comply with internal audits, security protocols, or legal obligations
All such internal sharing is done under confidentiality agreements and access control policies, and your data is only shared with teams on a need-to-know basis.
B. With Third-Party Service Providers (On Our Behalf)
To support our business operations, we engage trusted third-party vendors to perform certain tasks on our behalf. These may include:
Website and app hosting providers
Payment gateway and transaction processors
Customer support and grievance redressal agents
Delivery and logistics partners
Data analytics and insight platforms
Email, SMS, and push notification services
Marketing and digital ad agencies
Survey and feedback collection platforms
Cybersecurity or risk management partners
Each of these partners is contractually obligated to:
Process your data only for the purpose intended,
Maintain data security and confidentiality,
Not use your data for their own business gain, and
Comply with applicable data protection laws.
Example: When you place an order through our website, your payment details are securely processed by a third-party payment provider (e.g., Razorpay, PayU), and your address is shared with a logistics partner for delivery. Both partners only use this data to fulfill your request.
C. With Marketing and Advertising Partners (With Consent)
Where you have explicitly opted in to receive personalized content or offers, we may share data with third-party marketing, media, or advertising platforms, including:
Social media platforms (e.g., Facebook, Instagram, YouTube)
Ad-serving networks (e.g., Google Ads, Meta Ads)
Programmatic advertising partners
Influencer or affiliate marketing platforms
Data enrichment or segmentation tools
This helps us:
Show you ads relevant to your preferences
Avoid redundant marketing messages
Measure and optimize campaign performance
You may opt out of this data-sharing anytime via our privacy center, unsubscribe links, or device settings (e.g., “Limit Ad Tracking”).
D. With Contest or Program Sponsors (If Applicable)
If you participate in a campaign, contest, wellness initiative, nutrition study, or co-branded loyalty program, your data may be shared with:
Co-sponsoring companies (e.g., a baby food brand in a joint promotion)
Healthcare or nutrition experts assisting in product feedback or development
Educational partners in our parenting or child development programs
We will always disclose co-sponsorship clearly, and your participation is voluntary. Data shared in such instances is restricted to the purpose of fulfilling the program objectives or communicating outcomes.
E. With Legal, Regulatory, or Governmental Authorities
We may disclose personal data when required by law, including in the following situations:
To comply with legal obligations (e.g., tax filing, food safety requirements, compliance checks)
When responding to a valid subpoena, court order, or government request
To prevent fraud, cybersecurity threats, or violations of law
In connection with legal claims, disputes, or audits
To report suspicious transactions under anti-money laundering laws
To cooperate with public health authorities or product safety recalls
Such disclosures are made in good faith and in accordance with due process, while ensuring minimum disclosure of personal data required for the legal process.
F. In the Event of a Business Reorganization or Acquisition
If Burgundy Industries were to undergo a merger, acquisition, sale, restructuring, or bankruptcy, your personal data may be shared as part of the due diligence process or transferred as a business asset.
In such events:
We will ensure that the receiving entity continues to protect your data under equivalent safeguards.
You will be notified, and your rights will remain protected under applicable data protection laws.
Example: If Burgundy merges with another wellness brand, your data may be shared with that entity to ensure continuity of service and product history.
G. With Consent or as Explicitly Authorized by You
You may voluntarily authorize us to share your data in scenarios like:
Referring a friend to a product or loyalty program
Participating in testimonials or user stories
Granting permission for a child’s data to be used in a nutrition monitoring program
We will always document your consent and clearly explain:
What data is being shared
With whom it is being shared
For what purpose
H. With Partners Outside India (International Data Transfers)
As a brand committed to innovation and responsible sourcing, some of our technology, analytics, or support functions may operate globally. If your personal data is transferred outside India (for example, to cloud servers or global vendors), we ensure that:
The receiving party has comparable data protection measures in place
Data transfer agreements are in accordance with local and international laws
Your data is encrypted or pseudonymized where possible
We will not transfer your personal data across borders unless it is legally permitted, contractually protected, and beneficial to your interests.
Every time we share your personal data, we ensure:
There is a legitimate purpose
Only minimum necessary data is shared
Your rights remain protected
Partners uphold our security and confidentiality standards
How Do We Protect Your Personal Data?
At Burgundy Industries, safeguarding your personal data is one of our highest priorities. We are committed to implementing and maintaining robust administrative, technical, and physical security measures to protect your data from unauthorized access, misuse, loss, or disclosure.
Whether you engage with us online through our websites, mobile apps, emails, or offline through events, product orders, or customer support, we apply the same level of diligence and protection to your personal information.
A. Our Security Philosophy
We treat your data as an extension of your trust in us — and that trust is non-negotiable. Every layer of our system is designed to minimize risk and maximize control, privacy, and transparency.
Our approach includes:
Privacy by design: Data protection is integrated from the early stages of system or product development.
Data minimization: We only collect data that is relevant, necessary, and proportionate to the purpose.
Zero-trust mindset: Every access or action must be authenticated and justified.
B. Technical Safeguards
We employ advanced cybersecurity technologies to prevent breaches and maintain the confidentiality, integrity, and availability of your personal data:
Data encryption: Personal data is encrypted both in transit (using HTTPS and SSL/TLS protocols) and at rest using industry-standard encryption algorithms.
Access control: Access to personal data is role-based and restricted to authorized personnel only, based on the principle of least privilege.
Firewall and intrusion detection: Our infrastructure is protected by network firewalls, antivirus software, and intrusion detection systems (IDS) that monitor unusual activity.
Secure servers and hosting: Our data is hosted on secure servers located in certified data centers, compliant with standards such as ISO/IEC 27001, SOC 2, and GDPR (where applicable).
Multi-factor authentication (MFA): Used internally and for platform admin access to ensure added protection against unauthorized logins.
C. Organizational Safeguards
Our internal policies and procedures ensure that data protection is a shared responsibility across all levels of the organization:
Employee training and awareness: All Burgundy team members undergo mandatory training on data privacy, phishing awareness, and ethical handling of consumer information.
Confidentiality agreements: Every employee, contractor, or service provider handling personal data is bound by a Non-Disclosure Agreement (NDA) or a confidentiality clause.
Incident response plan: We have a well-defined Data Breach Response Protocol to manage and report any suspected or confirmed data incidents within legally required timelines.
Vendor due diligence: Third parties who process data on our behalf are required to demonstrate technical and legal compliance and sign Data Processing Agreements (DPAs).
D. Process and Policy Controls
We adhere to strong procedural controls to enforce responsible handling of data at all touchpoints:
Consent management: Your preferences and consents are captured, stored, and honored through a centralized consent management platform.
Audit trails: We maintain secure logs of data access, modifications, and transfers to detect misuse or anomalies.
Data classification: We classify data based on sensitivity — e.g., general, personal, sensitive personal — and apply security policies accordingly.
Anonymization and pseudonymization: Wherever possible, we transform personal data into a format that cannot be used to identify individuals without additional information, to further minimize risk.
E. Physical Security
For any physical locations where data is stored or accessed (e.g., corporate offices, fulfillment centers, archival facilities), we implement:
Access badges and visitor logs
24/7 CCTV surveillance
Secured file storage with access protocols
Restricted zones for systems holding sensitive data
F. Protection Against Emerging Threats
We continuously evolve our security infrastructure to protect against:
Zero-day vulnerabilities
Ransomware and malware attacks
Phishing, spoofing, or social engineering
Credential stuffing or brute-force attempts
This is achieved through:
Regular penetration testing
Vulnerability assessments
Automated patch management
Collaboration with external cybersecurity consultants
G. Data Backup and Disaster Recovery
To prevent loss of data due to accidental deletion, system failure, or disaster:
We maintain secure backups at multiple locations.
Our systems are designed for failover recovery, ensuring minimal downtime.
In the event of a breach or outage, we follow a structured Business Continuity Plan (BCP).
H. How You Can Help Protect Your Own Data
While we take every possible step to protect your information, you also play an important role. We recommend:
Creating strong, unique passwords
Never sharing your login credentials
Logging out of your account on shared devices
Being cautious of phishing emails or suspicious links
Regularly reviewing your privacy preferences via our user portal
If you suspect unauthorized use of your account or data, please notify us immediately at privacy@burgundyindustries.in.
I. Independent Assessments and Legal Compliance
Burgundy Industries:
Conducts periodic privacy audits and security risk assessments
Remains compliant with applicable data protection laws including the Digital Personal Data Protection Act, 2023 (India) and where relevant, GDPR (EU) or CCPA (California)
Seeks certifications and third-party security attestations as required by partners, clients, or platforms we integrate with
J. In Case of a Data Breach
If, despite all efforts, a personal data breach occurs that is likely to result in harm to your rights or freedoms:
We will notify you without undue delay, explaining the nature of the breach, its potential impact, and recommended next steps.
We will also report the breach to the Data Protection Board of India or any relevant Supervisory Authority, as per legal timelines.
Remedial actions will be implemented immediately to contain the breach and prevent recurrence.
Conclusion: Privacy Is Our Responsibility
Your personal data is not just numbers to us — it’s a reflection of your trust. We take every reasonable measure — technical, organizational, and human — to protect your identity, uphold your dignity, and ensure your data is treated with the respect it deserves.
How Long Do We Keep Your Personal Data?
At Burgundy Industries, we retain your personal data only for as long as it is necessary to fulfill the purpose for which it was collected, and to comply with legal, operational, and contractual obligations. We do not keep your data indefinitely and actively review our data retention schedules to ensure we store only what we reasonably need.
The duration for which we keep your data depends on:
The purpose for which it was collected (e.g., order fulfillment, customer support, legal compliance)
The type of data (e.g., contact details vs. payment information vs. child health preferences)
The legal or regulatory retention obligations applicable in your jurisdiction
The consent status you have provided (opted in, withdrawn, or objected)
Our need to resolve disputes, enforce agreements, or prevent fraud
A. Retention by Purpose
Here is a breakdown of how long we generally retain different types of personal data:
Purpose | Typical Retention Period |
|---|---|
Order fulfillment & transaction history | Up to 7 years (for taxation, accounting, and audit) |
User account and profile data | As long as the account is active + 3 years post-deletion |
Customer support communications | 2 to 5 years depending on the issue |
Product warranty or loyalty program data | Duration of the program + 3 years |
Email marketing or promotional subscriptions | Until unsubscribed + 12 months for processing |
Feedback, surveys, and contest entries | 3 years from submission or end of campaign |
Cookie and tracking data | As per cookie type (typically 6 to 24 months) |
Health or sensitive data (with consent) | Only for duration of campaign/program + 1 year |
Grievance redressal logs | 3 to 5 years from date of closure |
Legal, tax, and compliance records | As required by law (typically 7–10 years) |
Note: The retention periods may vary depending on applicable Indian law (such as the Income Tax Act, 1961, Companies Act, 2013, or the Digital Personal Data Protection Act, 2023) and international data laws where relevant.
B. Data Minimization and Anonymization
When your personal data is no longer required for the purposes for which it was collected, and there is no legal, regulatory, or legitimate business need for us to retain it, we will take one or more of the following actions:
Permanently delete the data from our databases and systems
Anonymize the data so that it can no longer be linked to you and may be used for statistical or research purposes
Restrict processing of the data until final deletion (e.g., by archiving it securely with limited access)
C. Retention After Consent Withdrawal or Account Closure
If you choose to withdraw your consent, unsubscribe, or close your account, we will:
Stop using your data for the specific purpose (e.g., marketing or product recommendations)
Retain only the minimum necessary data to:
Comply with the law (e.g., financial records)
Prevent fraud or abuse
Respond to future legal claims or complaints
Delete or anonymize all remaining data within a reasonable period (usually within 90–180 days unless otherwise required by law)
D. Children’s Data
Where data is collected from or about a child (under the applicable age of digital consent), we retain such data:
Only for the duration of the campaign, offer, or program (e.g., a nutritional program for infants)
With the explicit consent of the parent or guardian
For a limited period post-program (typically 1 year) to allow follow-ups or queries
After which it is securely deleted or anonymized
E. Automated Review and Deletion
To ensure our data is current and relevant, we use automated workflows that:
Flag dormant or outdated data
Schedule deletion or archival based on category and age of data
Prompt periodic reviews by the Data Governance team
Ensure we do not store personal data beyond its useful or lawful lifecycle
F. Your Rights in Retention
You have full control over how long we retain your data in certain contexts. Specifically:
You may request deletion of your personal data at any time (see Section 11)
You may object to processing that is not essential to a legal or contractual obligation
You may withdraw consent where applicable, which will trigger our deletion protocols for that data
G. Summary of Our Retention Principles
We keep your data only for as long as necessary
We comply with all legal retention rules
We minimize storage and reduce data footprint
We act on your requests to delete or anonymize
We securely dispose of personal data when no longer needed
How Do You Contact Us?
At Burgundy Industries, we value your trust and are committed to being transparent, responsive, and respectful when it comes to your personal data. If you have any questions, concerns, feedback, or wish to exercise your rights as outlined in this Privacy Policy, we are here to assist you.
We have set up multiple channels to make it easy and convenient for you to reach out to us regarding your privacy-related queries or grievances.
General Privacy Contact
If you would like to:
Request access to or correction of your personal data
Withdraw your consent or opt out of marketing communications
Delete or restrict the processing of your data
Ask general questions about how we collect, use, or share your personal data
Seek clarification about this Privacy Policy
You may contact our Data Privacy Team directly via email at:
Email: communications@burgundyindustries.com
We aim to acknowledge all queries within 7 working days and to respond with a resolution within 15–30 working days, depending on the complexity of the request and applicable legal obligations.
Escalations, Complaints & Grievances
If you are not satisfied with the response you receive from our general privacy contact or if your concern requires escalation, you may raise your grievance with our designated Privacy Grievance Officer or Data Protection Officer (DPO).
Privacy Grievance Officer
Burgundy Industries
[Insert Registered Office Address]
Email: communications@burgundyindustries.com
(Please mention "Attention: Privacy Grievance Officer" in the subject line.)
Escalation to Data Protection Authorities
If your concern remains unresolved or if you believe that your data rights have not been handled appropriately by Burgundy Industries, you have the right to escalate the issue to the Data Protection Board of India or the relevant Supervisory Authority in your jurisdiction.
We will support you in understanding how to initiate that process, if required.
When Contacting Us
When submitting a request or complaint:
Please specify the nature of your query clearly (e.g., "Request to Delete My Data" or "Consent Withdrawal")
Include enough identifying information so we can verify your identity (such as your name, email address, phone number, and order ID, if applicable)
Avoid including any unnecessary sensitive data in your email (such as passwords, financial details, or health data)
If your request is complex or requires more information, we may reach out to you for clarification before resolving the issue.
Response Timelines
Request Type | Expected Timeline |
|---|---|
General queries | 7 business days (acknowledgment) |
Data access, correction, deletion | 15–30 days from request |
Grievance redressal | Within 30 days from filing |
Escalations to DPO | Within 15 days from escalation |
We are committed to addressing every concern promptly, transparently, and respectfully.
©2025
Privacy*
Last Updated: 15th July, 2025
#YourDataYourChoice
At Burgundy Industries, your privacy matters to us. We are committed to protecting your personal data and being transparent about how we use it. This Privacy Policy explains what personal data we collect, how we use it, why we collect it, and the rights you have in relation to your data.
Who is collecting your data?
This Privacy Policy applies to all personal data that is collected, used, or processed by or on behalf of Burgundy Industries (“Burgundy Industries”, “we”, “us”, or “our”), a company incorporated under the laws of India and having its registered office at 11-449, Main Road, Kanchikacherla, NTR District, Vijayawada, Andhra Pradesh - 521180, as well as its group companies, subsidiaries, affiliates, business units, contractors, and authorized third-party service providers, whether operating within India or globally.
Burgundy Industries is committed to upholding the trust you place in us when you share your personal data. We consider ourselves the "data fiduciary" under applicable Indian data protection laws (such as the Digital Personal Data Protection Act, 2023), and the “data controller” as defined by equivalent global privacy laws, such as the General Data Protection Regulation (GDPR) in the European Union.
This Policy covers the collection of personal data in a wide range of circumstances, including but not limited to the following:
When you interact with our websites, mobile apps, or digital platforms;
When you engage with offline activities, such as participating in product demonstrations, customer engagement programs, exhibitions, surveys, or promotional campaigns;
When you purchase products, create accounts, contact our support team, or communicate with us in any capacity;
When you subscribe to our newsletters or marketing communications;
When you register for loyalty programs, competitions, or customer reward schemes;
When you engage with our content or advertisements on third-party platforms such as social media websites (like Facebook, Instagram, or YouTube), affiliate marketplaces, or digital advertising networks;
When we collect your data from trusted third-party sources that have your consent or legal basis to share your data with us.
A. Legal Entity Responsible for Your Data
A. Legal Entity Responsible for Your Data
The primary entity responsible for the collection and processing of your data is:
Burgundy Industries
11-449, Main Road, Kanchikacherla, NTR District, Vijayawada, Andhra Pradesh - 521180
Email: communications@burgundyindustries.com
In specific contexts, your personal data may also be collected by our affiliated companies, business units, or contractual partners operating under strict privacy and data protection obligations. These may include authorized distributors, technology service providers, marketing agencies, e-commerce logistics partners, or data analytics vendors engaged to process data only on our behalf and under our instructions.
B. Scope of This Policy
This Privacy Policy applies to:
All digital properties and content owned, operated, or controlled by Burgundy Industries, including our official websites (e.g., www.burgundyindustries.com), mobile applications, e-commerce platforms, and microsites or campaign landing pages;
Any form of electronic communication (emails, newsletters, text messages, etc.) initiated by Burgundy Industries to users, customers, business partners, or other stakeholders;
All offline engagements through which data is voluntarily shared with us, including trade shows, feedback forms, product warranty cards, customer care calls, and physical forms collected in retail settings;
Any third-party website or platform where Burgundy Industries maintains a verified business presence or operates a branded interface, such as social media pages, partner e-commerce platforms, or advertising networks.
Note that when you interact with Burgundy Industries on external platforms (e.g., Facebook, Google, Amazon, etc.), your data may also be subject to the privacy policies of those platforms. We strongly recommend reviewing the privacy notices of such third parties in addition to this one.
C. Consent and Relationship of Trust
Burgundy Industries respects your autonomy and acknowledges that your personal data is your own. Therefore, we collect and process your data only:
When you have given your explicit consent;
When the processing is necessary to perform a contract with you (e.g., for an online order);
When we are legally required to collect or disclose such data (e.g., tax, regulatory compliance);
Or when we have a legitimate business interest that is not overridden by your rights (e.g., ensuring digital platform security or improving user experience).
Your trust is foundational to our business. We do not rent, sell, or trade your personal data with unauthorized entities. Where we use data processors or service providers, we ensure they are bound by confidentiality obligations and process data only under our instructions and within the scope of legitimate business operations.
D. Types of Entities Who May Act on Our Behalf
As part of our business operations, we may designate certain external parties to collect, store, or process data on our behalf. These may include:
Technology providers: web hosting services, cloud storage companies, CRM tools, etc.;
Payment gateways: to securely process your transactions and manage billing;
Logistics and supply chain partners: for delivery, returns, and fulfillment;
Customer engagement vendors: for chatbots, customer service platforms, or survey tools;
Marketing and advertising partners: for campaign execution, analytics, and targeted advertising;
Professional advisors: such as auditors, legal firms, and consultants.
E. When You Contact Us
Whenever you contact Burgundy Industries, whether via email, phone, feedback forms, customer care helplines, or social media messages, any personal data you provide to us in those interactions (such as your name, contact information, or order ID) will be stored securely and used strictly for the purpose of responding to your query or request. If your concern involves a legal or regulatory issue, it may also be escalated internally to our Data Protection Officer (DPO).
F. Collection on Behalf of Others
In rare cases, Burgundy Industries may also collect data on behalf of partners or clients under a separate agreement (e.g., joint promotions or brand partnerships). In such instances, we will clearly indicate the identity of the party on whose behalf data is being collected, and such data will be governed jointly or separately as per the applicable agreement.
What data do we collect?
At Burgundy Industries, we believe that transparency is key to building trust. Therefore, we want to clearly explain the kinds of personal data we collect, the means through which we collect them, and the contexts in which this information may be shared or used. We are committed to collecting only that data which is necessary for legitimate business purposes, improving user experience, enhancing our services, and complying with legal obligations.
The term "personal data" refers to any information — whether directly or indirectly — that can be used to identify an individual. This includes information such as your name, contact details, online identifiers, financial data, and user preferences, as well as technical data like IP addresses and device identifiers.
A. Categories of Personal Data We Collect
Identity Data
Full name (first, middle, last)
Username, display name, or similar identifiers
Date of birth and age
Gender
Photograph (when voluntarily provided)
Contact Data
Residential or business address
Email address
Phone number (mobile and/or landline)
Social media handles (if interacting via platforms like Instagram, Facebook, etc.)
Account and Profile Data
Account registration details (username, password, security questions)
User preferences, settings, and interests
Saved delivery addresses, billing preferences
Loyalty program IDs, membership levels, and reward points
Financial and Transaction Data
Payment card details (processed securely via PCI-DSS compliant gateways)
UPI IDs, digital wallet information
Purchase history and invoices
Transaction records (e.g., refunds, returns, and exchanges)
Note: We do not store your card verification values (CVV) or other sensitive financial credentials. All such data is encrypted and managed by secure payment gateways.
Marketing and Communication Data
Consent status for receiving promotional emails, newsletters, SMS, or app notifications
Communication preferences
Participation in surveys, polls, or contests
Reviews, ratings, testimonials, or comments submitted to our platforms
Location Data
General location based on IP address
Precise location (e.g., GPS data) if permitted via mobile app settings
Region-specific browsing behavior for personalized offers and regional language support
Technical and Device Data
IP (Internet Protocol) address
MAC address and device ID
Browser type and version
Operating system and platform
Mobile device information (e.g., make, model, operating system)
Time zone, language settings
Cookie IDs and session tokens
Usage and Interaction Data
Browsing behavior on our websites and mobile apps
Clickstream data (pages visited, products viewed, search terms used)
Time spent on pages or in the app
Download history (e.g., brochures, product guides)
User navigation patterns, scroll activity, or bounce rates
Interaction with banners, ads, popups, or chatbot elements
Social Media and Third-Party Data
Public profile information from social media platforms (if you engage with us there)
Engagements like likes, shares, mentions, or comments
Interests and demographics as shared by social networks
Referral data from influencers, affiliate partners, or ad networks
Sensitive Personal Data (only if explicitly provided)
Health-related information (e.g., allergies, dietary preferences) if needed for specific product recommendations
Child-related information (e.g., age of child for kids’ nutrition products)
Biometric identifiers (only if ever used for authentication, e.g., face recognition in app)
Government-issued ID (only where legally required for verification)
B. How Do We Collect This Data?
Register or create an account on our website or app
Fill out online or physical forms (feedback, warranty registration, event participation)
Subscribe to our newsletters or product alerts
Contact our customer support team
Enter a contest, survey, sweepstakes, or promotion
Participate in a market study or product trial
Provide feedback or testimonials
Cookies and tracking pixels
Web beacons and session storage
App usage monitoring (via SDKs, crash logs, app analytics)
Analytics scripts like Google Analytics, Facebook Pixel, and similar platforms
Advertising networks
Social media platforms (as per your permissions)
Ecommerce platforms (e.g., Amazon, Flipkart, if you buy our product via these partners)
Logistics and fulfillment companies
Payment gateways
Data enrichment service providers
Market research companies
C. Aggregated and Anonymized Data
In addition to identifiable data, we may also collect and process aggregated, anonymized, or pseudonymized information for analytics and research purposes. For example:
Demographic summaries (e.g., “40% of our users are from South India”)
Product usage trends
Web performance diagnostics
D. Special Note on Cookies and Tracking Technologies
We use cookies, tracking pixels, web beacons, and session identifiers to improve our website functionality, personalize your experience, and serve relevant ads. These may store:
Session IDs for login continuity
Cart and checkout data
Browsing preferences
Product recommendations
You can choose to accept, reject, or customize your cookie preferences when prompted. For more details, please refer to our [Cookie Policy].
E. Voluntary vs. Mandatory Data
Not all data is mandatory. Wherever possible, Burgundy Industries distinguishes between required and optional fields. However, if you choose to withhold essential data (e.g., contact or payment information), we may be unable to process your orders, respond to queries, or provide personalized services.
F. Accuracy and Currency of Data
To ensure we provide the best services, we rely on you to keep your personal data accurate and up to date. You may access, correct, or update your data at any time by logging into your account or contacting our Data Protection Officer.
Why Do We Collect Your Data?
At Burgundy Industries, we collect and process your personal data for a variety of clearly defined, legitimate purposes—each driven by a commitment to enhance your experience, deliver value, maintain trust, and fulfill our legal, operational, and contractual obligations.
We do not collect data arbitrarily. Every piece of information we collect is directly tied to providing you with better products, services, communications, and customer support. We also use your data to fulfill any commitments we have toward you as a user, customer, partner, supplier, or stakeholder.
Our data practices are built on the principles of necessity, transparency, accountability, and purpose limitation—meaning we only collect the data we need, and only use it for the purposes clearly outlined below.
Purposes for Which We Collect and Process Your Personal Data
Your personal data may be used for one or more of the following reasons:
1. To Fulfill Orders, Deliver Products, and Manage Transactions
We collect data like your contact information, address, and payment details so we can:
Process and fulfill orders placed through our website, mobile app, or marketplace partners;
Deliver products or coordinate with third-party logistics and shipping providers;
Provide real-time order status updates and shipment tracking;
Validate payments, generate invoices, and handle returns or refunds;
Prevent duplicate or fraudulent orders and verify customer identity where needed.
Legal basis: Contractual necessity; Legitimate interest
2. To Provide Customer Support and Resolve Queries
We process your contact information, communication history, and interaction logs to:
Respond to your inquiries, requests, or complaints promptly;
Troubleshoot issues related to product performance, delivery, or usability;
Handle warranty claims, service requests, or feedback escalation;
Ensure internal quality assurance and training for our customer service staff.
Legal basis: Legitimate interest; Consent (if applicable); Contractual obligation
3. To Improve Our Products, Services, and Platforms
We use your browsing data, product usage feedback, purchase trends, and survey responses to:
Monitor user behavior to identify bugs or usability issues;
Enhance website and mobile app functionality, design, and experience;
Innovate and develop new product offerings based on consumer preferences;
Analyze market demand and segment-specific needs (e.g., children, health-conscious users, eco-friendly buyers).
Legal basis: Legitimate interest; Consent (if voluntarily submitted)
4. To Personalize Your Experience and Product Recommendations
We analyze your interactions, preferences, and behavior to:
Customize your homepage, search results, or product listings;
Recommend items you may like based on past purchases or browsing;
Deliver tailored offers, product bundles, or discounts;
Reduce irrelevant content and present what matters to you.
Legal basis: Consent; Legitimate interest
5. To Send You Marketing and Promotional Communications
If you opt-in or show interest, we use your data to:
Share newsletters, updates, product launches, or upcoming events;
Notify you of discounts, exclusive offers, or rewards programs;
Promote campaigns or contests we think you may enjoy;
Re-engage inactive users via email, SMS, push notifications, or targeted social media ads.
We will always provide you with the option to unsubscribe or opt out.
Legal basis: Consent
6. To Enable Participation in Promotions, Surveys, and Loyalty Programs
When you join a Burgundy campaign, loyalty program, or contest, we use your data to:
Register and authenticate your participation;
Track points, entries, or benefits you accrue;
Select and notify winners or eligible beneficiaries;
Deliver rewards, freebies, or participation certificates.
Legal basis: Contractual obligation; Consent
7. To Conduct Profiling and Segmentation for Enhanced User Targeting
Using advanced analytics, we create user profiles by combining:
Online behavior (pages visited, time spent, clicks);
Demographics and location data;
Purchase history and product interests;
Communication engagement (e.g., which emails you open).
These profiles help us:
Understand consumer needs at a deeper level;
Group users into segments (e.g., health-conscious parents, budget shoppers);
Offer more relevant recommendations, messaging, and advertising.
Legal basis: Consent (opt-in to profiling); Legitimate interest (for broad segments)
8. To Ensure Safety, Security, and Fraud Prevention
Your personal and technical data helps us:
Detect and block fraudulent transactions or activities;
Secure user accounts against unauthorized access;
Monitor unusual patterns, bots, or suspicious logins;
Maintain platform integrity and compliance with cybersecurity frameworks.
Legal basis: Legal obligation; Legitimate interest
9. To Comply With Legal and Regulatory Obligations
We may collect and disclose certain data to:
Comply with laws, regulations, and court orders;
Respond to legitimate government requests;
Satisfy tax, accounting, or audit requirements;
Ensure product recalls or safety notices reach affected users;
Enforce terms and conditions or resolve disputes.
Legal basis: Legal obligation; Public interest
10. To Carry Out Business Operations and Management
As part of normal business conduct, we may process your data for:
Internal analytics, budgeting, forecasting, and reporting;
Corporate restructuring, acquisitions, or due diligence;
Vendor, distributor, or partner management (if you represent a business);
Strategic planning, legal defense, or compliance audits.
Legal basis: Legitimate interest; Legal obligation
B. Legal Basis for Processing Your Data
We rely on a combination of lawful bases for processing your personal data, depending on the specific context. These include:
Your Consent – When you actively opt in (e.g., marketing emails, surveys)
Contractual Necessity – To fulfill our obligations if you order or subscribe
Legal Obligation – When required to comply with applicable laws or regulations
Legitimate Interest – When it benefits you or us in a reasonable and non-intrusive way
Where consent is used, you may withdraw your consent at any time without affecting the lawfulness of prior processing.
C. Automated Decision-Making and AI-Based Processing
We may use automated systems and AI-based tools to:
Analyze patterns and predict your preferences;
Determine eligibility for promotional offers;
Score customer interactions for support prioritization.
No significant decision impacting your rights or finances will be made solely based on automated processing unless it is necessary for entering into a contract or has your explicit consent.
Special Categories of Data (Sensitive Personal Data)
Certain types of personal data are classified as “Special Categories of Data” or “Sensitive Personal Information” under various data protection laws, such as India’s Digital Personal Data Protection Act (DPDPA), the General Data Protection Regulation (GDPR) in the EU, and similar global frameworks.
These categories include information that, if misused or mishandled, could pose a higher risk to your privacy and individual rights. Burgundy Industries takes extra precautions when collecting, storing, or processing any such data. We only do so in strict adherence to legal requirements and with your explicit, informed, and affirmative consent.
A. What Is Sensitive Personal Data?
Sensitive personal data (SPD) may include, but is not limited to:
Health-related data: Medical conditions, allergies, dietary requirements, or disabilities
Biometric data: Facial recognition, voice prints, fingerprint data (only if used for authentication)
Genetic data: DNA or inherited health traits (not typically collected)
Religious or philosophical beliefs
Sexual orientation or gender identity
Racial or ethnic origin
Government-issued IDs: Aadhaar number, PAN, passport, or driving license, when required
Children’s data: Information related to minors (under the age of 18 in India)
B. When Do We Collect Special Categories of Data?
We may request or process sensitive personal data only in limited and clearly defined scenarios. These include:
1. Health & Nutrition Preferences
If you are purchasing or inquiring about health-focused, age-specific, or dietary-sensitive products (e.g., baby food, fortified cereals, or allergy-free powders), we may ask:
Whether you or your child has specific dietary restrictions (e.g., nut allergies, lactose intolerance)
If you are pregnant, nursing, or have a condition that requires tailored nutrition
This allows us to:
Recommend suitable products
Prevent promotion of unsuitable items
Provide safety notices and accurate usage directions
2. Children’s Data
If you register your child (e.g., to receive age-specific product offers or parenting tips), we may collect:
Child’s age or date of birth
Gender
Developmental preferences or needs (e.g., "toddler nutrition")
Such data will be collected only with the verified consent of a parent or legal guardian and used solely for age-appropriate communications, loyalty programs, or tailored offers.
Example: A parent signs up for our “Burgundy Kids” newsletter, indicating their child is 2 years old. We may use this to recommend stage-2 weaning products, notify about toddler-safe promotions, or avoid sending irrelevant content.
3. Event Participation or Research Studies
If you voluntarily take part in:
Product trials (e.g., allergy-friendly formulas)
Health or lifestyle surveys
Consumer panels related to sensitive subjects
We will inform you in advance about any sensitive data involved and obtain your consent.
4. Government IDs for Verification
In specific regulatory or tax-related situations (e.g., high-value purchases, prize fulfillment, or distributor agreements), we may require copies of:
Aadhaar, PAN, GSTIN
Driver’s License or Passport (for KYC)
This will only be collected where mandated by law, and stored in secure, encrypted formats.
5. Biometric Information
Currently, we do not collect biometric data for general users. If biometric authentication (e.g., fingerprint login in app) is introduced in the future, it will:
Be entirely optional
Use device-level encryption
Never be stored on Burgundy servers
C. How Do We Process Sensitive Personal Data?
Whenever we collect sensitive data:
We explicitly explain the reason and purpose during collection.
We store the data securely, with additional layers of encryption and access control.
We ensure only trained and authorized personnel can access such information.
We never sell, rent, or share this data with third parties for unrelated marketing purposes.
Additionally, you always have the right to opt out or decline to provide such data without impacting your general use of our website or services, unless the data is strictly required for a specific transaction (e.g., identity verification for financial compliance).
D. Consent and Withdrawal
We will always seek your informed and explicit consent before processing any sensitive personal data. This consent will:
Be recorded and timestamped
Clearly describe the nature of the data, the reason for collection, and how it will be used
If at any time you wish to withdraw your consent, you may do so by:
Visiting your account settings
Contacting our Data Protection Officer or customer care team
Submitting a request via the Privacy Portal
Once consent is withdrawn, we will promptly delete or anonymize the associated data unless required to retain it for legal, tax, or regulatory compliance.
E. Children’s Privacy and Parental Consent
Burgundy Industries is committed to protecting the privacy of minors. We do not knowingly collect personal data from children below the age of 18 without:
Prior, verifiable consent from a parent or guardian, and
Full disclosure of how that information will be used
If we learn that a child’s data has been collected without proper authorization, we will delete it immediately.
We also use age filters and screening tools to:
Ensure eligibility for contests or campaigns
Prevent children from accessing age-restricted content or offers
F. Sensitive Data Sharing Limitations
We will never share your sensitive personal data with any third party except:
Where legally mandated (e.g., for law enforcement, fraud investigations)
Where required for a service you have explicitly signed up for (e.g., allergy-safe product trial)
With trusted partners or service providers under strict contractual obligations and confidentiality
During emergencies, to protect your life, health, or safety
All such sharing is documented and monitored for compliance.
How Do We Protect Children’s Privacy?
At Burgundy Industries, we recognize the critical importance of safeguarding children’s personal data and privacy rights. Our commitment to protecting minors extends beyond legal compliance—it's a foundational value that guides the way we design our products, marketing efforts, digital platforms, and customer engagement policies.
As many of our products, especially in the nutritional and wellness category, may be consumed or purchased for children, we have developed special protocols and safeguards to ensure that any data collected in this context is handled responsibly, transparently, and with the highest degree of sensitivity.
A. Age-Appropriate Access and Parental Involvement
Burgundy’s websites, mobile apps, and online platforms are intended for general audiences, but we are aware that some users may be parents, guardians, or caregivers purchasing or researching products for children.
To ensure child privacy is preserved:
We do not knowingly collect personal data directly from children under the age of 18, unless verifiable consent has been provided by a parent or legal guardian.
If a service, feature, or campaign is aimed at children (e.g., a baby nutrition guide or child growth tracker), we explicitly state that only adults may register, manage, or interact with such services on behalf of the child.
In countries like India, where the Digital Personal Data Protection Act (DPDPA) mandates parental consent for processing data of individuals under 18, we have built-in consent verification mechanisms.
B. When We May Collect Children’s Data
We may collect limited data about children only when it is provided by an adult user for purposes such as:
Registering for a parenting program or newsletter
E.g., A mother registers for updates on toddler nutrition products.
Data collected may include the child’s age range (e.g., 1–3 years), name, or birthdate.
Participating in age-based offers, contests, or promotions
We ask for age verification and parental consent before accepting entries.
Proof of age may be required to confirm eligibility.
Tailoring product recommendations
When a user requests suggestions based on their child’s age, dietary needs, or health conditions.
Purchasing products designed specifically for children
For example, organic baby food, fortified cereals, or sensitive-skin formulations.
In all such cases, data collection is limited, purpose-specific, and done only with consent from the parent or legal guardian.
C. Safeguards for Children’s Data
When children’s data is collected (via the parent or guardian), we ensure:
Minimal data collection: We only request what is strictly necessary (e.g., age group instead of exact birth date, where possible).
Clear explanation of the purpose and how the data will be used.
No profiling, tracking, or behavioral targeting is conducted on the child’s data.
No advertising or direct marketing is directed at children based on their personal information.
No public disclosure: Children’s data is never published, posted, or made publicly accessible on any of our platforms.
Data storage is secured using the same encryption, access restrictions, and retention controls as adult personal data—often with additional review.
We do not permit third-party ad networks or plugins to collect personal data on any child-oriented sections of our websites or apps.
D. Parental Rights and Controls
If you are a parent or legal guardian, you have the right to:
Review the personal data we have collected about your child;
Request access, correction, or deletion of that data at any time;
Withdraw your consent for further collection or use of your child’s data;
Object to any processing that you believe is unnecessary or intrusive.
You can exercise these rights by contacting our Privacy Office or using the Contact Us form on our website.
We will take all reasonable steps to verify your identity and authority as the child’s parent or guardian before processing such requests.
If Burgundy Industries learns that we have inadvertently collected personal data from a child under 18 without proper consent, we will:
Immediately delete or anonymize the data from our records;
Notify the parent or guardian, if contact details are available;
Review and enhance the relevant process to prevent recurrence.
We also monitor our systems regularly to detect any unauthorized access or improper handling of child data.
F. Age-Based Restrictions on Access and Participation
To further support child safety, we impose age restrictions on certain areas of our website or app, such as:
Contests or sweepstakes that require users to be 18+;
Loyalty programs, reward schemes, or feedback surveys;
Product reviews, community forums, or UGC uploads;
Account creation and payment-related features.
Where necessary, we implement age-verification gates or disclaimers, and we require adults to manage accounts on behalf of children.
G. Educational Resources and Responsible Content
Burgundy strives to offer content that is:
Parent-guided and responsibly curated;
Educational, informative, and free of manipulative design;
Built in line with digital wellbeing standards and ethical marketing practices;
Compliant with global frameworks like UNICEF’s Guidelines on Children’s Data Privacy, the DPDPA, and COPPA (where applicable).
H. Summary of Our Commitment
We never knowingly collect, use, or share personal data from children without verified consent;
We enforce strict internal protocols, monitor compliance, and train our teams on children’s privacy laws;
We encourage parents to actively monitor their child’s use of digital platforms, including Burgundy websites and services.
If you have any concern or suspicion regarding children’s data privacy at Burgundy, please contact us immediately at:
What Purpose Do We Use Your Data For?
At Burgundy Industries, we collect and use your personal data solely for lawful, fair, specific, and necessary purposes. Whether you're engaging with us online, purchasing our products, signing up for our updates, or simply browsing our websites, we process your data to improve your experience, fulfill our commitments, and uphold our obligations.
We ensure all use of personal data aligns with applicable data protection laws such as India’s Digital Personal Data Protection Act (DPDPA) and other regional or international standards, depending on the jurisdiction of use.
Below, we outline in detail the purposes for which we collect and process your personal data:
A. To Provide and Deliver Our Products and Services
We use your data to:
Process your product purchases and manage transactions
Arrange for product deliveries, including packaging, shipment, and notifications
Confirm order status, provide invoices or digital receipts
Manage returns, exchanges, cancellations, and refunds
Authenticate your identity and prevent payment fraud
Example: When you place an order on our e-commerce portal, we require your name, delivery address, contact number, and payment details to process and deliver your order efficiently and securely.
B. To Communicate With You
We use your contact details and preferences to:
Respond to your queries, complaints, or support requests
Share transactional communications, such as order confirmations, delivery status, or product recalls
Send you updates related to your account, preferences, or consent status
These communications are essential for fulfilling our contract with you and are not promotional in nature unless you have opted in to receive marketing content.
C. To Provide Customer Support and Service Quality
We may process personal data during:
Customer care calls, chats, or emails
Grievance redressal requests
Product feedback, satisfaction surveys, or issue resolution
Your communication may be recorded or monitored for quality control, training, and documentation purposes.
D. To Improve Our Products, Services, and Platforms
Your interactions help us:
Understand usage patterns, preferences, and product performance
Conduct consumer insights, usability testing, and research
Refine product formulations, packaging, and delivery experiences
Troubleshoot website/app bugs, loading speeds, and technical errors
Example: If users consistently abandon the checkout process on a certain mobile screen, we use anonymized session data to analyze and fix user experience issues.
E. To Personalize Content, Recommendations, and Offers
Where you have consented, we may use your data to:
Tailor product recommendations based on browsing or purchase history
Curate content based on your interests or demographics (e.g., parenting tips, millet nutrition, etc.)
Offer personalized discounts, early access to new launches, or special bundles
Serve relevant banners, notifications, or alerts via app, web, or email
We never use sensitive personal data (such as health or religious beliefs) for personalization unless you have explicitly consented to it.
F. To Send You Marketing Communications
If you opt in, we will:
Send newsletters, product launches, or promotional messages
Share educational or lifestyle content aligned with your preferences
Inform you of events, webinars, brand stories, and behind-the-scenes content
You can opt out of such communications at any time via your account settings, unsubscribe links, or by contacting our support team.
G. To Operate Loyalty Programs and Promotions
When you participate in:
Reward schemes
Membership benefits (e.g., Burgundy Circle)
Giveaways, contests, or sample trials
We use your data to:
Validate your eligibility
Deliver rewards, coupons, or gifts
Communicate participation results or instructions
We ensure that such programs comply with local age and consent laws, especially when children’s data may be involved.
H. For Internal Business Operations
We may use your data for:
Audits, risk management, or business planning
Compliance with applicable taxation, e-commerce, or consumer laws
Tracking product performance, logistics, and supplier operations
Monitoring inventory, restocking alerts, or demand forecasting
Data used here is often aggregated and not used for profiling individuals unless absolutely necessary.
I. To Detect and Prevent Fraud, Security Breaches, or Misuse
We process certain personal data to:
Authenticate login attempts or device access
Detect suspicious activities such as bot attacks or account hijacks
Prevent fraudulent returns, fake accounts, or misuse of promotional offers
Report any incidents to regulatory authorities when required
We may use cookies, IP addresses, device fingerprints, and location data for these purposes.
J. To Fulfill Legal, Regulatory, and Contractual Obligations
Your data may be processed to:
Comply with statutory, legal, or regulatory requirements (e.g., GST reporting, KYC norms)
Enforce our Terms of Use, refund policy, or e-commerce rules
Cooperate with law enforcement or court orders
Comply with obligations under consumer protection, food safety, tax, or IT laws
K. To Create Segments and Profiles (with Your Consent)
We may, with your explicit permission:
Segment audiences based on preferences (e.g., vegan users, first-time parents, fitness enthusiasts)
Run A/B tests to enhance content
Profile interest groups to deliver more relevant product suggestions or campaigns
Profiling never involves automated decisions that have legal or similarly significant effects on you without human intervention.
You can opt out of such profiling anytime via our privacy dashboard.
L. For Research, Innovation, and Product Development
We may use de-identified and aggregated data to:
Analyze consumer behavior trends
Conduct nutritional research, especially for our food and wellness categories
Co-create products with user insights
Collaborate with universities or healthcare partners under strict data-sharing protocols
M. For Emergency Communications
In the rare event of:
A product safety recall
A data breach
A public health concern
We may use your registered contact information to promptly notify you, even if you have opted out of other communications, to protect your health and rights.
Conclusion: Transparent, Responsible Use
We will always notify you—either at the time of collection or within a reasonable period—regarding:
The purpose for which your data is collected,
The legal basis we rely on,
Whether providing it is mandatory or optional, and
The consequences of refusing to provide it.
When we rely on your consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before the withdrawal.
Who Will Your Data Be Shared With?
At Burgundy Industries, we deeply respect your trust. When you provide us with your personal data, we commit to protecting it and sharing it only in ways that are transparent, secure, legally compliant, and beneficial to you.
We do not sell your personal data to third parties. However, to deliver our products and services efficiently, and to improve your experience with our brand, we may share your data in controlled, contractually bound, and purpose-specific ways.
Below are the types of entities with whom your personal data may be shared:
A. Within Burgundy Industries and Our Group Companies
We may share your personal data internally across departments and entities within the Burgundy Industries group, including any future subsidiaries, affiliates, or associated businesses, to:
Fulfill orders and services
Personalize your experience across platforms
Conduct joint marketing, product development, or loyalty programs
Streamline customer service and feedback mechanisms
Comply with internal audits, security protocols, or legal obligations
All such internal sharing is done under confidentiality agreements and access control policies, and your data is only shared with teams on a need-to-know basis.
B. With Third-Party Service Providers (On Our Behalf)
To support our business operations, we engage trusted third-party vendors to perform certain tasks on our behalf. These may include:
Website and app hosting providers
Payment gateway and transaction processors
Customer support and grievance redressal agents
Delivery and logistics partners
Data analytics and insight platforms
Email, SMS, and push notification services
Marketing and digital ad agencies
Survey and feedback collection platforms
Cybersecurity or risk management partners
Each of these partners is contractually obligated to:
Process your data only for the purpose intended,
Maintain data security and confidentiality,
Not use your data for their own business gain, and
Comply with applicable data protection laws.
Example: When you place an order through our website, your payment details are securely processed by a third-party payment provider (e.g., Razorpay, PayU), and your address is shared with a logistics partner for delivery. Both partners only use this data to fulfill your request.
C. With Marketing and Advertising Partners (With Consent)
Where you have explicitly opted in to receive personalized content or offers, we may share data with third-party marketing, media, or advertising platforms, including:
Social media platforms (e.g., Facebook, Instagram, YouTube)
Ad-serving networks (e.g., Google Ads, Meta Ads)
Programmatic advertising partners
Influencer or affiliate marketing platforms
Data enrichment or segmentation tools
This helps us:
Show you ads relevant to your preferences
Avoid redundant marketing messages
Measure and optimize campaign performance
You may opt out of this data-sharing anytime via our privacy center, unsubscribe links, or device settings (e.g., “Limit Ad Tracking”).
D. With Contest or Program Sponsors (If Applicable)
If you participate in a campaign, contest, wellness initiative, nutrition study, or co-branded loyalty program, your data may be shared with:
Co-sponsoring companies (e.g., a baby food brand in a joint promotion)
Healthcare or nutrition experts assisting in product feedback or development
Educational partners in our parenting or child development programs
We will always disclose co-sponsorship clearly, and your participation is voluntary. Data shared in such instances is restricted to the purpose of fulfilling the program objectives or communicating outcomes.
E. With Legal, Regulatory, or Governmental Authorities
We may disclose personal data when required by law, including in the following situations:
To comply with legal obligations (e.g., tax filing, food safety requirements, compliance checks)
When responding to a valid subpoena, court order, or government request
To prevent fraud, cybersecurity threats, or violations of law
In connection with legal claims, disputes, or audits
To report suspicious transactions under anti-money laundering laws
To cooperate with public health authorities or product safety recalls
Such disclosures are made in good faith and in accordance with due process, while ensuring minimum disclosure of personal data required for the legal process.
F. In the Event of a Business Reorganization or Acquisition
If Burgundy Industries were to undergo a merger, acquisition, sale, restructuring, or bankruptcy, your personal data may be shared as part of the due diligence process or transferred as a business asset.
In such events:
We will ensure that the receiving entity continues to protect your data under equivalent safeguards.
You will be notified, and your rights will remain protected under applicable data protection laws.
Example: If Burgundy merges with another wellness brand, your data may be shared with that entity to ensure continuity of service and product history.
G. With Consent or as Explicitly Authorized by You
You may voluntarily authorize us to share your data in scenarios like:
Referring a friend to a product or loyalty program
Participating in testimonials or user stories
Granting permission for a child’s data to be used in a nutrition monitoring program
We will always document your consent and clearly explain:
What data is being shared
With whom it is being shared
For what purpose
H. With Partners Outside India (International Data Transfers)
As a brand committed to innovation and responsible sourcing, some of our technology, analytics, or support functions may operate globally. If your personal data is transferred outside India (for example, to cloud servers or global vendors), we ensure that:
The receiving party has comparable data protection measures in place
Data transfer agreements are in accordance with local and international laws
Your data is encrypted or pseudonymized where possible
We will not transfer your personal data across borders unless it is legally permitted, contractually protected, and beneficial to your interests.
Every time we share your personal data, we ensure:
There is a legitimate purpose
Only minimum necessary data is shared
Your rights remain protected
Partners uphold our security and confidentiality standards
How Do We Protect Your Personal Data?
At Burgundy Industries, safeguarding your personal data is one of our highest priorities. We are committed to implementing and maintaining robust administrative, technical, and physical security measures to protect your data from unauthorized access, misuse, loss, or disclosure.
Whether you engage with us online through our websites, mobile apps, emails, or offline through events, product orders, or customer support, we apply the same level of diligence and protection to your personal information.
A. Our Security Philosophy
We treat your data as an extension of your trust in us — and that trust is non-negotiable. Every layer of our system is designed to minimize risk and maximize control, privacy, and transparency.
Our approach includes:
Privacy by design: Data protection is integrated from the early stages of system or product development.
Data minimization: We only collect data that is relevant, necessary, and proportionate to the purpose.
Zero-trust mindset: Every access or action must be authenticated and justified.
B. Technical Safeguards
We employ advanced cybersecurity technologies to prevent breaches and maintain the confidentiality, integrity, and availability of your personal data:
Data encryption: Personal data is encrypted both in transit (using HTTPS and SSL/TLS protocols) and at rest using industry-standard encryption algorithms.
Access control: Access to personal data is role-based and restricted to authorized personnel only, based on the principle of least privilege.
Firewall and intrusion detection: Our infrastructure is protected by network firewalls, antivirus software, and intrusion detection systems (IDS) that monitor unusual activity.
Secure servers and hosting: Our data is hosted on secure servers located in certified data centers, compliant with standards such as ISO/IEC 27001, SOC 2, and GDPR (where applicable).
Multi-factor authentication (MFA): Used internally and for platform admin access to ensure added protection against unauthorized logins.
C. Organizational Safeguards
Our internal policies and procedures ensure that data protection is a shared responsibility across all levels of the organization:
Employee training and awareness: All Burgundy team members undergo mandatory training on data privacy, phishing awareness, and ethical handling of consumer information.
Confidentiality agreements: Every employee, contractor, or service provider handling personal data is bound by a Non-Disclosure Agreement (NDA) or a confidentiality clause.
Incident response plan: We have a well-defined Data Breach Response Protocol to manage and report any suspected or confirmed data incidents within legally required timelines.
Vendor due diligence: Third parties who process data on our behalf are required to demonstrate technical and legal compliance and sign Data Processing Agreements (DPAs).
D. Process and Policy Controls
We adhere to strong procedural controls to enforce responsible handling of data at all touchpoints:
Consent management: Your preferences and consents are captured, stored, and honored through a centralized consent management platform.
Audit trails: We maintain secure logs of data access, modifications, and transfers to detect misuse or anomalies.
Data classification: We classify data based on sensitivity — e.g., general, personal, sensitive personal — and apply security policies accordingly.
Anonymization and pseudonymization: Wherever possible, we transform personal data into a format that cannot be used to identify individuals without additional information, to further minimize risk.
E. Physical Security
For any physical locations where data is stored or accessed (e.g., corporate offices, fulfillment centers, archival facilities), we implement:
Access badges and visitor logs
24/7 CCTV surveillance
Secured file storage with access protocols
Restricted zones for systems holding sensitive data
F. Protection Against Emerging Threats
We continuously evolve our security infrastructure to protect against:
Zero-day vulnerabilities
Ransomware and malware attacks
Phishing, spoofing, or social engineering
Credential stuffing or brute-force attempts
This is achieved through:
Regular penetration testing
Vulnerability assessments
Automated patch management
Collaboration with external cybersecurity consultants
G. Data Backup and Disaster Recovery
To prevent loss of data due to accidental deletion, system failure, or disaster:
We maintain secure backups at multiple locations.
Our systems are designed for failover recovery, ensuring minimal downtime.
In the event of a breach or outage, we follow a structured Business Continuity Plan (BCP).
H. How You Can Help Protect Your Own Data
While we take every possible step to protect your information, you also play an important role. We recommend:
Creating strong, unique passwords
Never sharing your login credentials
Logging out of your account on shared devices
Being cautious of phishing emails or suspicious links
Regularly reviewing your privacy preferences via our user portal
If you suspect unauthorized use of your account or data, please notify us immediately at privacy@burgundyindustries.in.
I. Independent Assessments and Legal Compliance
Burgundy Industries:
Conducts periodic privacy audits and security risk assessments
Remains compliant with applicable data protection laws including the Digital Personal Data Protection Act, 2023 (India) and where relevant, GDPR (EU) or CCPA (California)
Seeks certifications and third-party security attestations as required by partners, clients, or platforms we integrate with
J. In Case of a Data Breach
If, despite all efforts, a personal data breach occurs that is likely to result in harm to your rights or freedoms:
We will notify you without undue delay, explaining the nature of the breach, its potential impact, and recommended next steps.
We will also report the breach to the Data Protection Board of India or any relevant Supervisory Authority, as per legal timelines.
Remedial actions will be implemented immediately to contain the breach and prevent recurrence.
Conclusion: Privacy Is Our Responsibility
Your personal data is not just numbers to us — it’s a reflection of your trust. We take every reasonable measure — technical, organizational, and human — to protect your identity, uphold your dignity, and ensure your data is treated with the respect it deserves.
How Long Do We Keep Your Personal Data?
At Burgundy Industries, we retain your personal data only for as long as it is necessary to fulfill the purpose for which it was collected, and to comply with legal, operational, and contractual obligations. We do not keep your data indefinitely and actively review our data retention schedules to ensure we store only what we reasonably need.
The duration for which we keep your data depends on:
The purpose for which it was collected (e.g., order fulfillment, customer support, legal compliance)
The type of data (e.g., contact details vs. payment information vs. child health preferences)
The legal or regulatory retention obligations applicable in your jurisdiction
The consent status you have provided (opted in, withdrawn, or objected)
Our need to resolve disputes, enforce agreements, or prevent fraud
A. Retention by Purpose
Here is a breakdown of how long we generally retain different types of personal data:
Purpose | Typical Retention Period |
|---|---|
Order fulfillment & transaction history | Up to 7 years (for taxation, accounting, and audit) |
User account and profile data | As long as the account is active + 3 years post-deletion |
Customer support communications | 2 to 5 years depending on the issue |
Product warranty or loyalty program data | Duration of the program + 3 years |
Email marketing or promotional subscriptions | Until unsubscribed + 12 months for processing |
Feedback, surveys, and contest entries | 3 years from submission or end of campaign |
Cookie and tracking data | As per cookie type (typically 6 to 24 months) |
Health or sensitive data (with consent) | Only for duration of campaign/program + 1 year |
Grievance redressal logs | 3 to 5 years from date of closure |
Legal, tax, and compliance records | As required by law (typically 7–10 years) |
Note: The retention periods may vary depending on applicable Indian law (such as the Income Tax Act, 1961, Companies Act, 2013, or the Digital Personal Data Protection Act, 2023) and international data laws where relevant.
B. Data Minimization and Anonymization
When your personal data is no longer required for the purposes for which it was collected, and there is no legal, regulatory, or legitimate business need for us to retain it, we will take one or more of the following actions:
Permanently delete the data from our databases and systems
Anonymize the data so that it can no longer be linked to you and may be used for statistical or research purposes
Restrict processing of the data until final deletion (e.g., by archiving it securely with limited access)
C. Retention After Consent Withdrawal or Account Closure
If you choose to withdraw your consent, unsubscribe, or close your account, we will:
Stop using your data for the specific purpose (e.g., marketing or product recommendations)
Retain only the minimum necessary data to:
Comply with the law (e.g., financial records)
Prevent fraud or abuse
Respond to future legal claims or complaints
Delete or anonymize all remaining data within a reasonable period (usually within 90–180 days unless otherwise required by law)
D. Children’s Data
Where data is collected from or about a child (under the applicable age of digital consent), we retain such data:
Only for the duration of the campaign, offer, or program (e.g., a nutritional program for infants)
With the explicit consent of the parent or guardian
For a limited period post-program (typically 1 year) to allow follow-ups or queries
After which it is securely deleted or anonymized
E. Automated Review and Deletion
To ensure our data is current and relevant, we use automated workflows that:
Flag dormant or outdated data
Schedule deletion or archival based on category and age of data
Prompt periodic reviews by the Data Governance team
Ensure we do not store personal data beyond its useful or lawful lifecycle
F. Your Rights in Retention
You have full control over how long we retain your data in certain contexts. Specifically:
You may request deletion of your personal data at any time (see Section 11)
You may object to processing that is not essential to a legal or contractual obligation
You may withdraw consent where applicable, which will trigger our deletion protocols for that data
G. Summary of Our Retention Principles
We keep your data only for as long as necessary
We comply with all legal retention rules
We minimize storage and reduce data footprint
We act on your requests to delete or anonymize
We securely dispose of personal data when no longer needed
How Do You Contact Us?
At Burgundy Industries, we value your trust and are committed to being transparent, responsive, and respectful when it comes to your personal data. If you have any questions, concerns, feedback, or wish to exercise your rights as outlined in this Privacy Policy, we are here to assist you.
We have set up multiple channels to make it easy and convenient for you to reach out to us regarding your privacy-related queries or grievances.
General Privacy Contact
If you would like to:
Request access to or correction of your personal data
Withdraw your consent or opt out of marketing communications
Delete or restrict the processing of your data
Ask general questions about how we collect, use, or share your personal data
Seek clarification about this Privacy Policy
You may contact our Data Privacy Team directly via email at:
Email: communications@burgundyindustries.com
We aim to acknowledge all queries within 7 working days and to respond with a resolution within 15–30 working days, depending on the complexity of the request and applicable legal obligations.
Escalations, Complaints & Grievances
If you are not satisfied with the response you receive from our general privacy contact or if your concern requires escalation, you may raise your grievance with our designated Privacy Grievance Officer or Data Protection Officer (DPO).
Privacy Grievance Officer
Burgundy Industries
[Insert Registered Office Address]
Email: communications@burgundyindustries.com
(Please mention "Attention: Privacy Grievance Officer" in the subject line.)
Escalation to Data Protection Authorities
If your concern remains unresolved or if you believe that your data rights have not been handled appropriately by Burgundy Industries, you have the right to escalate the issue to the Data Protection Board of India or the relevant Supervisory Authority in your jurisdiction.
We will support you in understanding how to initiate that process, if required.
When Contacting Us
When submitting a request or complaint:
Please specify the nature of your query clearly (e.g., "Request to Delete My Data" or "Consent Withdrawal")
Include enough identifying information so we can verify your identity (such as your name, email address, phone number, and order ID, if applicable)
Avoid including any unnecessary sensitive data in your email (such as passwords, financial details, or health data)
If your request is complex or requires more information, we may reach out to you for clarification before resolving the issue.
Response Timelines
Request Type | Expected Timeline |
|---|---|
General queries | 7 business days (acknowledgment) |
Data access, correction, deletion | 15–30 days from request |
Grievance redressal | Within 30 days from filing |
Escalations to DPO | Within 15 days from escalation |
We are committed to addressing every concern promptly, transparently, and respectfully.
©2025
Privacy*
Last Updated: 15th July, 2025
#YourDataYourChoice
At Burgundy Industries, your privacy matters to us. We are committed to protecting your personal data and being transparent about how we use it. This Privacy Policy explains what personal data we collect, how we use it, why we collect it, and the rights you have in relation to your data.
Who is collecting your data?
This Privacy Policy applies to all personal data that is collected, used, or processed by or on behalf of Burgundy Industries (“Burgundy Industries”, “we”, “us”, or “our”), a company incorporated under the laws of India and having its registered office at 11-449, Main Road, Kanchikacherla, NTR District, Vijayawada, Andhra Pradesh - 521180, as well as its group companies, subsidiaries, affiliates, business units, contractors, and authorized third-party service providers, whether operating within India or globally.
Burgundy Industries is committed to upholding the trust you place in us when you share your personal data. We consider ourselves the "data fiduciary" under applicable Indian data protection laws (such as the Digital Personal Data Protection Act, 2023), and the “data controller” as defined by equivalent global privacy laws, such as the General Data Protection Regulation (GDPR) in the European Union.
This Policy covers the collection of personal data in a wide range of circumstances, including but not limited to the following:
When you interact with our websites, mobile apps, or digital platforms;
When you engage with offline activities, such as participating in product demonstrations, customer engagement programs, exhibitions, surveys, or promotional campaigns;
When you purchase products, create accounts, contact our support team, or communicate with us in any capacity;
When you subscribe to our newsletters or marketing communications;
When you register for loyalty programs, competitions, or customer reward schemes;
When you engage with our content or advertisements on third-party platforms such as social media websites (like Facebook, Instagram, or YouTube), affiliate marketplaces, or digital advertising networks;
When we collect your data from trusted third-party sources that have your consent or legal basis to share your data with us.
A. Legal Entity Responsible for Your Data
A. Legal Entity Responsible for Your Data
The primary entity responsible for the collection and processing of your data is:
Burgundy Industries
11-449, Main Road, Kanchikacherla, NTR District, Vijayawada, Andhra Pradesh - 521180
Email: communications@burgundyindustries.com
In specific contexts, your personal data may also be collected by our affiliated companies, business units, or contractual partners operating under strict privacy and data protection obligations. These may include authorized distributors, technology service providers, marketing agencies, e-commerce logistics partners, or data analytics vendors engaged to process data only on our behalf and under our instructions.
B. Scope of This Policy
This Privacy Policy applies to:
All digital properties and content owned, operated, or controlled by Burgundy Industries, including our official websites (e.g., www.burgundyindustries.com), mobile applications, e-commerce platforms, and microsites or campaign landing pages;
Any form of electronic communication (emails, newsletters, text messages, etc.) initiated by Burgundy Industries to users, customers, business partners, or other stakeholders;
All offline engagements through which data is voluntarily shared with us, including trade shows, feedback forms, product warranty cards, customer care calls, and physical forms collected in retail settings;
Any third-party website or platform where Burgundy Industries maintains a verified business presence or operates a branded interface, such as social media pages, partner e-commerce platforms, or advertising networks.
Note that when you interact with Burgundy Industries on external platforms (e.g., Facebook, Google, Amazon, etc.), your data may also be subject to the privacy policies of those platforms. We strongly recommend reviewing the privacy notices of such third parties in addition to this one.
C. Consent and Relationship of Trust
Burgundy Industries respects your autonomy and acknowledges that your personal data is your own. Therefore, we collect and process your data only:
When you have given your explicit consent;
When the processing is necessary to perform a contract with you (e.g., for an online order);
When we are legally required to collect or disclose such data (e.g., tax, regulatory compliance);
Or when we have a legitimate business interest that is not overridden by your rights (e.g., ensuring digital platform security or improving user experience).
Your trust is foundational to our business. We do not rent, sell, or trade your personal data with unauthorized entities. Where we use data processors or service providers, we ensure they are bound by confidentiality obligations and process data only under our instructions and within the scope of legitimate business operations.
D. Types of Entities Who May Act on Our Behalf
As part of our business operations, we may designate certain external parties to collect, store, or process data on our behalf. These may include:
Technology providers: web hosting services, cloud storage companies, CRM tools, etc.;
Payment gateways: to securely process your transactions and manage billing;
Logistics and supply chain partners: for delivery, returns, and fulfillment;
Customer engagement vendors: for chatbots, customer service platforms, or survey tools;
Marketing and advertising partners: for campaign execution, analytics, and targeted advertising;
Professional advisors: such as auditors, legal firms, and consultants.
E. When You Contact Us
Whenever you contact Burgundy Industries, whether via email, phone, feedback forms, customer care helplines, or social media messages, any personal data you provide to us in those interactions (such as your name, contact information, or order ID) will be stored securely and used strictly for the purpose of responding to your query or request. If your concern involves a legal or regulatory issue, it may also be escalated internally to our Data Protection Officer (DPO).
F. Collection on Behalf of Others
In rare cases, Burgundy Industries may also collect data on behalf of partners or clients under a separate agreement (e.g., joint promotions or brand partnerships). In such instances, we will clearly indicate the identity of the party on whose behalf data is being collected, and such data will be governed jointly or separately as per the applicable agreement.
What data do we collect?
At Burgundy Industries, we believe that transparency is key to building trust. Therefore, we want to clearly explain the kinds of personal data we collect, the means through which we collect them, and the contexts in which this information may be shared or used. We are committed to collecting only that data which is necessary for legitimate business purposes, improving user experience, enhancing our services, and complying with legal obligations.
The term "personal data" refers to any information — whether directly or indirectly — that can be used to identify an individual. This includes information such as your name, contact details, online identifiers, financial data, and user preferences, as well as technical data like IP addresses and device identifiers.
A. Categories of Personal Data We Collect
Identity Data
Full name (first, middle, last)
Username, display name, or similar identifiers
Date of birth and age
Gender
Photograph (when voluntarily provided)
Contact Data
Residential or business address
Email address
Phone number (mobile and/or landline)
Social media handles (if interacting via platforms like Instagram, Facebook, etc.)
Account and Profile Data
Account registration details (username, password, security questions)
User preferences, settings, and interests
Saved delivery addresses, billing preferences
Loyalty program IDs, membership levels, and reward points
Financial and Transaction Data
Payment card details (processed securely via PCI-DSS compliant gateways)
UPI IDs, digital wallet information
Purchase history and invoices
Transaction records (e.g., refunds, returns, and exchanges)
Note: We do not store your card verification values (CVV) or other sensitive financial credentials. All such data is encrypted and managed by secure payment gateways.
Marketing and Communication Data
Consent status for receiving promotional emails, newsletters, SMS, or app notifications
Communication preferences
Participation in surveys, polls, or contests
Reviews, ratings, testimonials, or comments submitted to our platforms
Location Data
General location based on IP address
Precise location (e.g., GPS data) if permitted via mobile app settings
Region-specific browsing behavior for personalized offers and regional language support
Technical and Device Data
IP (Internet Protocol) address
MAC address and device ID
Browser type and version
Operating system and platform
Mobile device information (e.g., make, model, operating system)
Time zone, language settings
Cookie IDs and session tokens
Usage and Interaction Data
Browsing behavior on our websites and mobile apps
Clickstream data (pages visited, products viewed, search terms used)
Time spent on pages or in the app
Download history (e.g., brochures, product guides)
User navigation patterns, scroll activity, or bounce rates
Interaction with banners, ads, popups, or chatbot elements
Social Media and Third-Party Data
Public profile information from social media platforms (if you engage with us there)
Engagements like likes, shares, mentions, or comments
Interests and demographics as shared by social networks
Referral data from influencers, affiliate partners, or ad networks
Sensitive Personal Data (only if explicitly provided)
Health-related information (e.g., allergies, dietary preferences) if needed for specific product recommendations
Child-related information (e.g., age of child for kids’ nutrition products)
Biometric identifiers (only if ever used for authentication, e.g., face recognition in app)
Government-issued ID (only where legally required for verification)
B. How Do We Collect This Data?
Register or create an account on our website or app
Fill out online or physical forms (feedback, warranty registration, event participation)
Subscribe to our newsletters or product alerts
Contact our customer support team
Enter a contest, survey, sweepstakes, or promotion
Participate in a market study or product trial
Provide feedback or testimonials
Cookies and tracking pixels
Web beacons and session storage
App usage monitoring (via SDKs, crash logs, app analytics)
Analytics scripts like Google Analytics, Facebook Pixel, and similar platforms
Advertising networks
Social media platforms (as per your permissions)
Ecommerce platforms (e.g., Amazon, Flipkart, if you buy our product via these partners)
Logistics and fulfillment companies
Payment gateways
Data enrichment service providers
Market research companies
C. Aggregated and Anonymized Data
In addition to identifiable data, we may also collect and process aggregated, anonymized, or pseudonymized information for analytics and research purposes. For example:
Demographic summaries (e.g., “40% of our users are from South India”)
Product usage trends
Web performance diagnostics
D. Special Note on Cookies and Tracking Technologies
We use cookies, tracking pixels, web beacons, and session identifiers to improve our website functionality, personalize your experience, and serve relevant ads. These may store:
Session IDs for login continuity
Cart and checkout data
Browsing preferences
Product recommendations
You can choose to accept, reject, or customize your cookie preferences when prompted. For more details, please refer to our [Cookie Policy].
E. Voluntary vs. Mandatory Data
Not all data is mandatory. Wherever possible, Burgundy Industries distinguishes between required and optional fields. However, if you choose to withhold essential data (e.g., contact or payment information), we may be unable to process your orders, respond to queries, or provide personalized services.
F. Accuracy and Currency of Data
To ensure we provide the best services, we rely on you to keep your personal data accurate and up to date. You may access, correct, or update your data at any time by logging into your account or contacting our Data Protection Officer.
Why Do We Collect Your Data?
At Burgundy Industries, we collect and process your personal data for a variety of clearly defined, legitimate purposes—each driven by a commitment to enhance your experience, deliver value, maintain trust, and fulfill our legal, operational, and contractual obligations.
We do not collect data arbitrarily. Every piece of information we collect is directly tied to providing you with better products, services, communications, and customer support. We also use your data to fulfill any commitments we have toward you as a user, customer, partner, supplier, or stakeholder.
Our data practices are built on the principles of necessity, transparency, accountability, and purpose limitation—meaning we only collect the data we need, and only use it for the purposes clearly outlined below.
Purposes for Which We Collect and Process Your Personal Data
Your personal data may be used for one or more of the following reasons:
1. To Fulfill Orders, Deliver Products, and Manage Transactions
We collect data like your contact information, address, and payment details so we can:
Process and fulfill orders placed through our website, mobile app, or marketplace partners;
Deliver products or coordinate with third-party logistics and shipping providers;
Provide real-time order status updates and shipment tracking;
Validate payments, generate invoices, and handle returns or refunds;
Prevent duplicate or fraudulent orders and verify customer identity where needed.
Legal basis: Contractual necessity; Legitimate interest
2. To Provide Customer Support and Resolve Queries
We process your contact information, communication history, and interaction logs to:
Respond to your inquiries, requests, or complaints promptly;
Troubleshoot issues related to product performance, delivery, or usability;
Handle warranty claims, service requests, or feedback escalation;
Ensure internal quality assurance and training for our customer service staff.
Legal basis: Legitimate interest; Consent (if applicable); Contractual obligation
3. To Improve Our Products, Services, and Platforms
We use your browsing data, product usage feedback, purchase trends, and survey responses to:
Monitor user behavior to identify bugs or usability issues;
Enhance website and mobile app functionality, design, and experience;
Innovate and develop new product offerings based on consumer preferences;
Analyze market demand and segment-specific needs (e.g., children, health-conscious users, eco-friendly buyers).
Legal basis: Legitimate interest; Consent (if voluntarily submitted)
4. To Personalize Your Experience and Product Recommendations
We analyze your interactions, preferences, and behavior to:
Customize your homepage, search results, or product listings;
Recommend items you may like based on past purchases or browsing;
Deliver tailored offers, product bundles, or discounts;
Reduce irrelevant content and present what matters to you.
Legal basis: Consent; Legitimate interest
5. To Send You Marketing and Promotional Communications
If you opt-in or show interest, we use your data to:
Share newsletters, updates, product launches, or upcoming events;
Notify you of discounts, exclusive offers, or rewards programs;
Promote campaigns or contests we think you may enjoy;
Re-engage inactive users via email, SMS, push notifications, or targeted social media ads.
We will always provide you with the option to unsubscribe or opt out.
Legal basis: Consent
6. To Enable Participation in Promotions, Surveys, and Loyalty Programs
When you join a Burgundy campaign, loyalty program, or contest, we use your data to:
Register and authenticate your participation;
Track points, entries, or benefits you accrue;
Select and notify winners or eligible beneficiaries;
Deliver rewards, freebies, or participation certificates.
Legal basis: Contractual obligation; Consent
7. To Conduct Profiling and Segmentation for Enhanced User Targeting
Using advanced analytics, we create user profiles by combining:
Online behavior (pages visited, time spent, clicks);
Demographics and location data;
Purchase history and product interests;
Communication engagement (e.g., which emails you open).
These profiles help us:
Understand consumer needs at a deeper level;
Group users into segments (e.g., health-conscious parents, budget shoppers);
Offer more relevant recommendations, messaging, and advertising.
Legal basis: Consent (opt-in to profiling); Legitimate interest (for broad segments)
8. To Ensure Safety, Security, and Fraud Prevention
Your personal and technical data helps us:
Detect and block fraudulent transactions or activities;
Secure user accounts against unauthorized access;
Monitor unusual patterns, bots, or suspicious logins;
Maintain platform integrity and compliance with cybersecurity frameworks.
Legal basis: Legal obligation; Legitimate interest
9. To Comply With Legal and Regulatory Obligations
We may collect and disclose certain data to:
Comply with laws, regulations, and court orders;
Respond to legitimate government requests;
Satisfy tax, accounting, or audit requirements;
Ensure product recalls or safety notices reach affected users;
Enforce terms and conditions or resolve disputes.
Legal basis: Legal obligation; Public interest
10. To Carry Out Business Operations and Management
As part of normal business conduct, we may process your data for:
Internal analytics, budgeting, forecasting, and reporting;
Corporate restructuring, acquisitions, or due diligence;
Vendor, distributor, or partner management (if you represent a business);
Strategic planning, legal defense, or compliance audits.
Legal basis: Legitimate interest; Legal obligation
B. Legal Basis for Processing Your Data
We rely on a combination of lawful bases for processing your personal data, depending on the specific context. These include:
Your Consent – When you actively opt in (e.g., marketing emails, surveys)
Contractual Necessity – To fulfill our obligations if you order or subscribe
Legal Obligation – When required to comply with applicable laws or regulations
Legitimate Interest – When it benefits you or us in a reasonable and non-intrusive way
Where consent is used, you may withdraw your consent at any time without affecting the lawfulness of prior processing.
C. Automated Decision-Making and AI-Based Processing
We may use automated systems and AI-based tools to:
Analyze patterns and predict your preferences;
Determine eligibility for promotional offers;
Score customer interactions for support prioritization.
No significant decision impacting your rights or finances will be made solely based on automated processing unless it is necessary for entering into a contract or has your explicit consent.
Special Categories of Data (Sensitive Personal Data)
Certain types of personal data are classified as “Special Categories of Data” or “Sensitive Personal Information” under various data protection laws, such as India’s Digital Personal Data Protection Act (DPDPA), the General Data Protection Regulation (GDPR) in the EU, and similar global frameworks.
These categories include information that, if misused or mishandled, could pose a higher risk to your privacy and individual rights. Burgundy Industries takes extra precautions when collecting, storing, or processing any such data. We only do so in strict adherence to legal requirements and with your explicit, informed, and affirmative consent.
A. What Is Sensitive Personal Data?
Sensitive personal data (SPD) may include, but is not limited to:
Health-related data: Medical conditions, allergies, dietary requirements, or disabilities
Biometric data: Facial recognition, voice prints, fingerprint data (only if used for authentication)
Genetic data: DNA or inherited health traits (not typically collected)
Religious or philosophical beliefs
Sexual orientation or gender identity
Racial or ethnic origin
Government-issued IDs: Aadhaar number, PAN, passport, or driving license, when required
Children’s data: Information related to minors (under the age of 18 in India)
B. When Do We Collect Special Categories of Data?
We may request or process sensitive personal data only in limited and clearly defined scenarios. These include:
1. Health & Nutrition Preferences
If you are purchasing or inquiring about health-focused, age-specific, or dietary-sensitive products (e.g., baby food, fortified cereals, or allergy-free powders), we may ask:
Whether you or your child has specific dietary restrictions (e.g., nut allergies, lactose intolerance)
If you are pregnant, nursing, or have a condition that requires tailored nutrition
This allows us to:
Recommend suitable products
Prevent promotion of unsuitable items
Provide safety notices and accurate usage directions
2. Children’s Data
If you register your child (e.g., to receive age-specific product offers or parenting tips), we may collect:
Child’s age or date of birth
Gender
Developmental preferences or needs (e.g., "toddler nutrition")
Such data will be collected only with the verified consent of a parent or legal guardian and used solely for age-appropriate communications, loyalty programs, or tailored offers.
Example: A parent signs up for our “Burgundy Kids” newsletter, indicating their child is 2 years old. We may use this to recommend stage-2 weaning products, notify about toddler-safe promotions, or avoid sending irrelevant content.
3. Event Participation or Research Studies
If you voluntarily take part in:
Product trials (e.g., allergy-friendly formulas)
Health or lifestyle surveys
Consumer panels related to sensitive subjects
We will inform you in advance about any sensitive data involved and obtain your consent.
4. Government IDs for Verification
In specific regulatory or tax-related situations (e.g., high-value purchases, prize fulfillment, or distributor agreements), we may require copies of:
Aadhaar, PAN, GSTIN
Driver’s License or Passport (for KYC)
This will only be collected where mandated by law, and stored in secure, encrypted formats.
5. Biometric Information
Currently, we do not collect biometric data for general users. If biometric authentication (e.g., fingerprint login in app) is introduced in the future, it will:
Be entirely optional
Use device-level encryption
Never be stored on Burgundy servers
C. How Do We Process Sensitive Personal Data?
Whenever we collect sensitive data:
We explicitly explain the reason and purpose during collection.
We store the data securely, with additional layers of encryption and access control.
We ensure only trained and authorized personnel can access such information.
We never sell, rent, or share this data with third parties for unrelated marketing purposes.
Additionally, you always have the right to opt out or decline to provide such data without impacting your general use of our website or services, unless the data is strictly required for a specific transaction (e.g., identity verification for financial compliance).
D. Consent and Withdrawal
We will always seek your informed and explicit consent before processing any sensitive personal data. This consent will:
Be recorded and timestamped
Clearly describe the nature of the data, the reason for collection, and how it will be used
If at any time you wish to withdraw your consent, you may do so by:
Visiting your account settings
Contacting our Data Protection Officer or customer care team
Submitting a request via the Privacy Portal
Once consent is withdrawn, we will promptly delete or anonymize the associated data unless required to retain it for legal, tax, or regulatory compliance.
E. Children’s Privacy and Parental Consent
Burgundy Industries is committed to protecting the privacy of minors. We do not knowingly collect personal data from children below the age of 18 without:
Prior, verifiable consent from a parent or guardian, and
Full disclosure of how that information will be used
If we learn that a child’s data has been collected without proper authorization, we will delete it immediately.
We also use age filters and screening tools to:
Ensure eligibility for contests or campaigns
Prevent children from accessing age-restricted content or offers
F. Sensitive Data Sharing Limitations
We will never share your sensitive personal data with any third party except:
Where legally mandated (e.g., for law enforcement, fraud investigations)
Where required for a service you have explicitly signed up for (e.g., allergy-safe product trial)
With trusted partners or service providers under strict contractual obligations and confidentiality
During emergencies, to protect your life, health, or safety
All such sharing is documented and monitored for compliance.
How Do We Protect Children’s Privacy?
At Burgundy Industries, we recognize the critical importance of safeguarding children’s personal data and privacy rights. Our commitment to protecting minors extends beyond legal compliance—it's a foundational value that guides the way we design our products, marketing efforts, digital platforms, and customer engagement policies.
As many of our products, especially in the nutritional and wellness category, may be consumed or purchased for children, we have developed special protocols and safeguards to ensure that any data collected in this context is handled responsibly, transparently, and with the highest degree of sensitivity.
A. Age-Appropriate Access and Parental Involvement
Burgundy’s websites, mobile apps, and online platforms are intended for general audiences, but we are aware that some users may be parents, guardians, or caregivers purchasing or researching products for children.
To ensure child privacy is preserved:
We do not knowingly collect personal data directly from children under the age of 18, unless verifiable consent has been provided by a parent or legal guardian.
If a service, feature, or campaign is aimed at children (e.g., a baby nutrition guide or child growth tracker), we explicitly state that only adults may register, manage, or interact with such services on behalf of the child.
In countries like India, where the Digital Personal Data Protection Act (DPDPA) mandates parental consent for processing data of individuals under 18, we have built-in consent verification mechanisms.
B. When We May Collect Children’s Data
We may collect limited data about children only when it is provided by an adult user for purposes such as:
Registering for a parenting program or newsletter
E.g., A mother registers for updates on toddler nutrition products.
Data collected may include the child’s age range (e.g., 1–3 years), name, or birthdate.
Participating in age-based offers, contests, or promotions
We ask for age verification and parental consent before accepting entries.
Proof of age may be required to confirm eligibility.
Tailoring product recommendations
When a user requests suggestions based on their child’s age, dietary needs, or health conditions.
Purchasing products designed specifically for children
For example, organic baby food, fortified cereals, or sensitive-skin formulations.
In all such cases, data collection is limited, purpose-specific, and done only with consent from the parent or legal guardian.
C. Safeguards for Children’s Data
When children’s data is collected (via the parent or guardian), we ensure:
Minimal data collection: We only request what is strictly necessary (e.g., age group instead of exact birth date, where possible).
Clear explanation of the purpose and how the data will be used.
No profiling, tracking, or behavioral targeting is conducted on the child’s data.
No advertising or direct marketing is directed at children based on their personal information.
No public disclosure: Children’s data is never published, posted, or made publicly accessible on any of our platforms.
Data storage is secured using the same encryption, access restrictions, and retention controls as adult personal data—often with additional review.
We do not permit third-party ad networks or plugins to collect personal data on any child-oriented sections of our websites or apps.
D. Parental Rights and Controls
If you are a parent or legal guardian, you have the right to:
Review the personal data we have collected about your child;
Request access, correction, or deletion of that data at any time;
Withdraw your consent for further collection or use of your child’s data;
Object to any processing that you believe is unnecessary or intrusive.
You can exercise these rights by contacting our Privacy Office or using the Contact Us form on our website.
We will take all reasonable steps to verify your identity and authority as the child’s parent or guardian before processing such requests.
If Burgundy Industries learns that we have inadvertently collected personal data from a child under 18 without proper consent, we will:
Immediately delete or anonymize the data from our records;
Notify the parent or guardian, if contact details are available;
Review and enhance the relevant process to prevent recurrence.
We also monitor our systems regularly to detect any unauthorized access or improper handling of child data.
F. Age-Based Restrictions on Access and Participation
To further support child safety, we impose age restrictions on certain areas of our website or app, such as:
Contests or sweepstakes that require users to be 18+;
Loyalty programs, reward schemes, or feedback surveys;
Product reviews, community forums, or UGC uploads;
Account creation and payment-related features.
Where necessary, we implement age-verification gates or disclaimers, and we require adults to manage accounts on behalf of children.
G. Educational Resources and Responsible Content
Burgundy strives to offer content that is:
Parent-guided and responsibly curated;
Educational, informative, and free of manipulative design;
Built in line with digital wellbeing standards and ethical marketing practices;
Compliant with global frameworks like UNICEF’s Guidelines on Children’s Data Privacy, the DPDPA, and COPPA (where applicable).
H. Summary of Our Commitment
We never knowingly collect, use, or share personal data from children without verified consent;
We enforce strict internal protocols, monitor compliance, and train our teams on children’s privacy laws;
We encourage parents to actively monitor their child’s use of digital platforms, including Burgundy websites and services.
If you have any concern or suspicion regarding children’s data privacy at Burgundy, please contact us immediately at:
What Purpose Do We Use Your Data For?
At Burgundy Industries, we collect and use your personal data solely for lawful, fair, specific, and necessary purposes. Whether you're engaging with us online, purchasing our products, signing up for our updates, or simply browsing our websites, we process your data to improve your experience, fulfill our commitments, and uphold our obligations.
We ensure all use of personal data aligns with applicable data protection laws such as India’s Digital Personal Data Protection Act (DPDPA) and other regional or international standards, depending on the jurisdiction of use.
Below, we outline in detail the purposes for which we collect and process your personal data:
A. To Provide and Deliver Our Products and Services
We use your data to:
Process your product purchases and manage transactions
Arrange for product deliveries, including packaging, shipment, and notifications
Confirm order status, provide invoices or digital receipts
Manage returns, exchanges, cancellations, and refunds
Authenticate your identity and prevent payment fraud
Example: When you place an order on our e-commerce portal, we require your name, delivery address, contact number, and payment details to process and deliver your order efficiently and securely.
B. To Communicate With You
We use your contact details and preferences to:
Respond to your queries, complaints, or support requests
Share transactional communications, such as order confirmations, delivery status, or product recalls
Send you updates related to your account, preferences, or consent status
These communications are essential for fulfilling our contract with you and are not promotional in nature unless you have opted in to receive marketing content.
C. To Provide Customer Support and Service Quality
We may process personal data during:
Customer care calls, chats, or emails
Grievance redressal requests
Product feedback, satisfaction surveys, or issue resolution
Your communication may be recorded or monitored for quality control, training, and documentation purposes.
D. To Improve Our Products, Services, and Platforms
Your interactions help us:
Understand usage patterns, preferences, and product performance
Conduct consumer insights, usability testing, and research
Refine product formulations, packaging, and delivery experiences
Troubleshoot website/app bugs, loading speeds, and technical errors
Example: If users consistently abandon the checkout process on a certain mobile screen, we use anonymized session data to analyze and fix user experience issues.
E. To Personalize Content, Recommendations, and Offers
Where you have consented, we may use your data to:
Tailor product recommendations based on browsing or purchase history
Curate content based on your interests or demographics (e.g., parenting tips, millet nutrition, etc.)
Offer personalized discounts, early access to new launches, or special bundles
Serve relevant banners, notifications, or alerts via app, web, or email
We never use sensitive personal data (such as health or religious beliefs) for personalization unless you have explicitly consented to it.
F. To Send You Marketing Communications
If you opt in, we will:
Send newsletters, product launches, or promotional messages
Share educational or lifestyle content aligned with your preferences
Inform you of events, webinars, brand stories, and behind-the-scenes content
You can opt out of such communications at any time via your account settings, unsubscribe links, or by contacting our support team.
G. To Operate Loyalty Programs and Promotions
When you participate in:
Reward schemes
Membership benefits (e.g., Burgundy Circle)
Giveaways, contests, or sample trials
We use your data to:
Validate your eligibility
Deliver rewards, coupons, or gifts
Communicate participation results or instructions
We ensure that such programs comply with local age and consent laws, especially when children’s data may be involved.
H. For Internal Business Operations
We may use your data for:
Audits, risk management, or business planning
Compliance with applicable taxation, e-commerce, or consumer laws
Tracking product performance, logistics, and supplier operations
Monitoring inventory, restocking alerts, or demand forecasting
Data used here is often aggregated and not used for profiling individuals unless absolutely necessary.
I. To Detect and Prevent Fraud, Security Breaches, or Misuse
We process certain personal data to:
Authenticate login attempts or device access
Detect suspicious activities such as bot attacks or account hijacks
Prevent fraudulent returns, fake accounts, or misuse of promotional offers
Report any incidents to regulatory authorities when required
We may use cookies, IP addresses, device fingerprints, and location data for these purposes.
J. To Fulfill Legal, Regulatory, and Contractual Obligations
Your data may be processed to:
Comply with statutory, legal, or regulatory requirements (e.g., GST reporting, KYC norms)
Enforce our Terms of Use, refund policy, or e-commerce rules
Cooperate with law enforcement or court orders
Comply with obligations under consumer protection, food safety, tax, or IT laws
K. To Create Segments and Profiles (with Your Consent)
We may, with your explicit permission:
Segment audiences based on preferences (e.g., vegan users, first-time parents, fitness enthusiasts)
Run A/B tests to enhance content
Profile interest groups to deliver more relevant product suggestions or campaigns
Profiling never involves automated decisions that have legal or similarly significant effects on you without human intervention.
You can opt out of such profiling anytime via our privacy dashboard.
L. For Research, Innovation, and Product Development
We may use de-identified and aggregated data to:
Analyze consumer behavior trends
Conduct nutritional research, especially for our food and wellness categories
Co-create products with user insights
Collaborate with universities or healthcare partners under strict data-sharing protocols
M. For Emergency Communications
In the rare event of:
A product safety recall
A data breach
A public health concern
We may use your registered contact information to promptly notify you, even if you have opted out of other communications, to protect your health and rights.
Conclusion: Transparent, Responsible Use
We will always notify you—either at the time of collection or within a reasonable period—regarding:
The purpose for which your data is collected,
The legal basis we rely on,
Whether providing it is mandatory or optional, and
The consequences of refusing to provide it.
When we rely on your consent, you may withdraw it at any time without affecting the lawfulness of processing carried out before the withdrawal.
Who Will Your Data Be Shared With?
At Burgundy Industries, we deeply respect your trust. When you provide us with your personal data, we commit to protecting it and sharing it only in ways that are transparent, secure, legally compliant, and beneficial to you.
We do not sell your personal data to third parties. However, to deliver our products and services efficiently, and to improve your experience with our brand, we may share your data in controlled, contractually bound, and purpose-specific ways.
Below are the types of entities with whom your personal data may be shared:
A. Within Burgundy Industries and Our Group Companies
We may share your personal data internally across departments and entities within the Burgundy Industries group, including any future subsidiaries, affiliates, or associated businesses, to:
Fulfill orders and services
Personalize your experience across platforms
Conduct joint marketing, product development, or loyalty programs
Streamline customer service and feedback mechanisms
Comply with internal audits, security protocols, or legal obligations
All such internal sharing is done under confidentiality agreements and access control policies, and your data is only shared with teams on a need-to-know basis.
B. With Third-Party Service Providers (On Our Behalf)
To support our business operations, we engage trusted third-party vendors to perform certain tasks on our behalf. These may include:
Website and app hosting providers
Payment gateway and transaction processors
Customer support and grievance redressal agents
Delivery and logistics partners
Data analytics and insight platforms
Email, SMS, and push notification services
Marketing and digital ad agencies
Survey and feedback collection platforms
Cybersecurity or risk management partners
Each of these partners is contractually obligated to:
Process your data only for the purpose intended,
Maintain data security and confidentiality,
Not use your data for their own business gain, and
Comply with applicable data protection laws.
Example: When you place an order through our website, your payment details are securely processed by a third-party payment provider (e.g., Razorpay, PayU), and your address is shared with a logistics partner for delivery. Both partners only use this data to fulfill your request.
C. With Marketing and Advertising Partners (With Consent)
Where you have explicitly opted in to receive personalized content or offers, we may share data with third-party marketing, media, or advertising platforms, including:
Social media platforms (e.g., Facebook, Instagram, YouTube)
Ad-serving networks (e.g., Google Ads, Meta Ads)
Programmatic advertising partners
Influencer or affiliate marketing platforms
Data enrichment or segmentation tools
This helps us:
Show you ads relevant to your preferences
Avoid redundant marketing messages
Measure and optimize campaign performance
You may opt out of this data-sharing anytime via our privacy center, unsubscribe links, or device settings (e.g., “Limit Ad Tracking”).
D. With Contest or Program Sponsors (If Applicable)
If you participate in a campaign, contest, wellness initiative, nutrition study, or co-branded loyalty program, your data may be shared with:
Co-sponsoring companies (e.g., a baby food brand in a joint promotion)
Healthcare or nutrition experts assisting in product feedback or development
Educational partners in our parenting or child development programs
We will always disclose co-sponsorship clearly, and your participation is voluntary. Data shared in such instances is restricted to the purpose of fulfilling the program objectives or communicating outcomes.
E. With Legal, Regulatory, or Governmental Authorities
We may disclose personal data when required by law, including in the following situations:
To comply with legal obligations (e.g., tax filing, food safety requirements, compliance checks)
When responding to a valid subpoena, court order, or government request
To prevent fraud, cybersecurity threats, or violations of law
In connection with legal claims, disputes, or audits
To report suspicious transactions under anti-money laundering laws
To cooperate with public health authorities or product safety recalls
Such disclosures are made in good faith and in accordance with due process, while ensuring minimum disclosure of personal data required for the legal process.
F. In the Event of a Business Reorganization or Acquisition
If Burgundy Industries were to undergo a merger, acquisition, sale, restructuring, or bankruptcy, your personal data may be shared as part of the due diligence process or transferred as a business asset.
In such events:
We will ensure that the receiving entity continues to protect your data under equivalent safeguards.
You will be notified, and your rights will remain protected under applicable data protection laws.
Example: If Burgundy merges with another wellness brand, your data may be shared with that entity to ensure continuity of service and product history.
G. With Consent or as Explicitly Authorized by You
You may voluntarily authorize us to share your data in scenarios like:
Referring a friend to a product or loyalty program
Participating in testimonials or user stories
Granting permission for a child’s data to be used in a nutrition monitoring program
We will always document your consent and clearly explain:
What data is being shared
With whom it is being shared
For what purpose
H. With Partners Outside India (International Data Transfers)
As a brand committed to innovation and responsible sourcing, some of our technology, analytics, or support functions may operate globally. If your personal data is transferred outside India (for example, to cloud servers or global vendors), we ensure that:
The receiving party has comparable data protection measures in place
Data transfer agreements are in accordance with local and international laws
Your data is encrypted or pseudonymized where possible
We will not transfer your personal data across borders unless it is legally permitted, contractually protected, and beneficial to your interests.
Every time we share your personal data, we ensure:
There is a legitimate purpose
Only minimum necessary data is shared
Your rights remain protected
Partners uphold our security and confidentiality standards
How Do We Protect Your Personal Data?
At Burgundy Industries, safeguarding your personal data is one of our highest priorities. We are committed to implementing and maintaining robust administrative, technical, and physical security measures to protect your data from unauthorized access, misuse, loss, or disclosure.
Whether you engage with us online through our websites, mobile apps, emails, or offline through events, product orders, or customer support, we apply the same level of diligence and protection to your personal information.
A. Our Security Philosophy
We treat your data as an extension of your trust in us — and that trust is non-negotiable. Every layer of our system is designed to minimize risk and maximize control, privacy, and transparency.
Our approach includes:
Privacy by design: Data protection is integrated from the early stages of system or product development.
Data minimization: We only collect data that is relevant, necessary, and proportionate to the purpose.
Zero-trust mindset: Every access or action must be authenticated and justified.
B. Technical Safeguards
We employ advanced cybersecurity technologies to prevent breaches and maintain the confidentiality, integrity, and availability of your personal data:
Data encryption: Personal data is encrypted both in transit (using HTTPS and SSL/TLS protocols) and at rest using industry-standard encryption algorithms.
Access control: Access to personal data is role-based and restricted to authorized personnel only, based on the principle of least privilege.
Firewall and intrusion detection: Our infrastructure is protected by network firewalls, antivirus software, and intrusion detection systems (IDS) that monitor unusual activity.
Secure servers and hosting: Our data is hosted on secure servers located in certified data centers, compliant with standards such as ISO/IEC 27001, SOC 2, and GDPR (where applicable).
Multi-factor authentication (MFA): Used internally and for platform admin access to ensure added protection against unauthorized logins.
C. Organizational Safeguards
Our internal policies and procedures ensure that data protection is a shared responsibility across all levels of the organization:
Employee training and awareness: All Burgundy team members undergo mandatory training on data privacy, phishing awareness, and ethical handling of consumer information.
Confidentiality agreements: Every employee, contractor, or service provider handling personal data is bound by a Non-Disclosure Agreement (NDA) or a confidentiality clause.
Incident response plan: We have a well-defined Data Breach Response Protocol to manage and report any suspected or confirmed data incidents within legally required timelines.
Vendor due diligence: Third parties who process data on our behalf are required to demonstrate technical and legal compliance and sign Data Processing Agreements (DPAs).
D. Process and Policy Controls
We adhere to strong procedural controls to enforce responsible handling of data at all touchpoints:
Consent management: Your preferences and consents are captured, stored, and honored through a centralized consent management platform.
Audit trails: We maintain secure logs of data access, modifications, and transfers to detect misuse or anomalies.
Data classification: We classify data based on sensitivity — e.g., general, personal, sensitive personal — and apply security policies accordingly.
Anonymization and pseudonymization: Wherever possible, we transform personal data into a format that cannot be used to identify individuals without additional information, to further minimize risk.
E. Physical Security
For any physical locations where data is stored or accessed (e.g., corporate offices, fulfillment centers, archival facilities), we implement:
Access badges and visitor logs
24/7 CCTV surveillance
Secured file storage with access protocols
Restricted zones for systems holding sensitive data
F. Protection Against Emerging Threats
We continuously evolve our security infrastructure to protect against:
Zero-day vulnerabilities
Ransomware and malware attacks
Phishing, spoofing, or social engineering
Credential stuffing or brute-force attempts
This is achieved through:
Regular penetration testing
Vulnerability assessments
Automated patch management
Collaboration with external cybersecurity consultants
G. Data Backup and Disaster Recovery
To prevent loss of data due to accidental deletion, system failure, or disaster:
We maintain secure backups at multiple locations.
Our systems are designed for failover recovery, ensuring minimal downtime.
In the event of a breach or outage, we follow a structured Business Continuity Plan (BCP).
H. How You Can Help Protect Your Own Data
While we take every possible step to protect your information, you also play an important role. We recommend:
Creating strong, unique passwords
Never sharing your login credentials
Logging out of your account on shared devices
Being cautious of phishing emails or suspicious links
Regularly reviewing your privacy preferences via our user portal
If you suspect unauthorized use of your account or data, please notify us immediately at privacy@burgundyindustries.in.
I. Independent Assessments and Legal Compliance
Burgundy Industries:
Conducts periodic privacy audits and security risk assessments
Remains compliant with applicable data protection laws including the Digital Personal Data Protection Act, 2023 (India) and where relevant, GDPR (EU) or CCPA (California)
Seeks certifications and third-party security attestations as required by partners, clients, or platforms we integrate with
J. In Case of a Data Breach
If, despite all efforts, a personal data breach occurs that is likely to result in harm to your rights or freedoms:
We will notify you without undue delay, explaining the nature of the breach, its potential impact, and recommended next steps.
We will also report the breach to the Data Protection Board of India or any relevant Supervisory Authority, as per legal timelines.
Remedial actions will be implemented immediately to contain the breach and prevent recurrence.
Conclusion: Privacy Is Our Responsibility
Your personal data is not just numbers to us — it’s a reflection of your trust. We take every reasonable measure — technical, organizational, and human — to protect your identity, uphold your dignity, and ensure your data is treated with the respect it deserves.
How Long Do We Keep Your Personal Data?
At Burgundy Industries, we retain your personal data only for as long as it is necessary to fulfill the purpose for which it was collected, and to comply with legal, operational, and contractual obligations. We do not keep your data indefinitely and actively review our data retention schedules to ensure we store only what we reasonably need.
The duration for which we keep your data depends on:
The purpose for which it was collected (e.g., order fulfillment, customer support, legal compliance)
The type of data (e.g., contact details vs. payment information vs. child health preferences)
The legal or regulatory retention obligations applicable in your jurisdiction
The consent status you have provided (opted in, withdrawn, or objected)
Our need to resolve disputes, enforce agreements, or prevent fraud
A. Retention by Purpose
Here is a breakdown of how long we generally retain different types of personal data:
Purpose | Typical Retention Period |
|---|---|
Order fulfillment & transaction history | Up to 7 years (for taxation, accounting, and audit) |
User account and profile data | As long as the account is active + 3 years post-deletion |
Customer support communications | 2 to 5 years depending on the issue |
Product warranty or loyalty program data | Duration of the program + 3 years |
Email marketing or promotional subscriptions | Until unsubscribed + 12 months for processing |
Feedback, surveys, and contest entries | 3 years from submission or end of campaign |
Cookie and tracking data | As per cookie type (typically 6 to 24 months) |
Health or sensitive data (with consent) | Only for duration of campaign/program + 1 year |
Grievance redressal logs | 3 to 5 years from date of closure |
Legal, tax, and compliance records | As required by law (typically 7–10 years) |
Note: The retention periods may vary depending on applicable Indian law (such as the Income Tax Act, 1961, Companies Act, 2013, or the Digital Personal Data Protection Act, 2023) and international data laws where relevant.
B. Data Minimization and Anonymization
When your personal data is no longer required for the purposes for which it was collected, and there is no legal, regulatory, or legitimate business need for us to retain it, we will take one or more of the following actions:
Permanently delete the data from our databases and systems
Anonymize the data so that it can no longer be linked to you and may be used for statistical or research purposes
Restrict processing of the data until final deletion (e.g., by archiving it securely with limited access)
C. Retention After Consent Withdrawal or Account Closure
If you choose to withdraw your consent, unsubscribe, or close your account, we will:
Stop using your data for the specific purpose (e.g., marketing or product recommendations)
Retain only the minimum necessary data to:
Comply with the law (e.g., financial records)
Prevent fraud or abuse
Respond to future legal claims or complaints
Delete or anonymize all remaining data within a reasonable period (usually within 90–180 days unless otherwise required by law)
D. Children’s Data
Where data is collected from or about a child (under the applicable age of digital consent), we retain such data:
Only for the duration of the campaign, offer, or program (e.g., a nutritional program for infants)
With the explicit consent of the parent or guardian
For a limited period post-program (typically 1 year) to allow follow-ups or queries
After which it is securely deleted or anonymized
E. Automated Review and Deletion
To ensure our data is current and relevant, we use automated workflows that:
Flag dormant or outdated data
Schedule deletion or archival based on category and age of data
Prompt periodic reviews by the Data Governance team
Ensure we do not store personal data beyond its useful or lawful lifecycle
F. Your Rights in Retention
You have full control over how long we retain your data in certain contexts. Specifically:
You may request deletion of your personal data at any time (see Section 11)
You may object to processing that is not essential to a legal or contractual obligation
You may withdraw consent where applicable, which will trigger our deletion protocols for that data
G. Summary of Our Retention Principles
We keep your data only for as long as necessary
We comply with all legal retention rules
We minimize storage and reduce data footprint
We act on your requests to delete or anonymize
We securely dispose of personal data when no longer needed
How Do You Contact Us?
At Burgundy Industries, we value your trust and are committed to being transparent, responsive, and respectful when it comes to your personal data. If you have any questions, concerns, feedback, or wish to exercise your rights as outlined in this Privacy Policy, we are here to assist you.
We have set up multiple channels to make it easy and convenient for you to reach out to us regarding your privacy-related queries or grievances.
General Privacy Contact
If you would like to:
Request access to or correction of your personal data
Withdraw your consent or opt out of marketing communications
Delete or restrict the processing of your data
Ask general questions about how we collect, use, or share your personal data
Seek clarification about this Privacy Policy
You may contact our Data Privacy Team directly via email at:
Email: communications@burgundyindustries.com
We aim to acknowledge all queries within 7 working days and to respond with a resolution within 15–30 working days, depending on the complexity of the request and applicable legal obligations.
Escalations, Complaints & Grievances
If you are not satisfied with the response you receive from our general privacy contact or if your concern requires escalation, you may raise your grievance with our designated Privacy Grievance Officer or Data Protection Officer (DPO).
Privacy Grievance Officer
Burgundy Industries
[Insert Registered Office Address]
Email: communications@burgundyindustries.com
(Please mention "Attention: Privacy Grievance Officer" in the subject line.)
Escalation to Data Protection Authorities
If your concern remains unresolved or if you believe that your data rights have not been handled appropriately by Burgundy Industries, you have the right to escalate the issue to the Data Protection Board of India or the relevant Supervisory Authority in your jurisdiction.
We will support you in understanding how to initiate that process, if required.
When Contacting Us
When submitting a request or complaint:
Please specify the nature of your query clearly (e.g., "Request to Delete My Data" or "Consent Withdrawal")
Include enough identifying information so we can verify your identity (such as your name, email address, phone number, and order ID, if applicable)
Avoid including any unnecessary sensitive data in your email (such as passwords, financial details, or health data)
If your request is complex or requires more information, we may reach out to you for clarification before resolving the issue.
Response Timelines
Request Type | Expected Timeline |
|---|---|
General queries | 7 business days (acknowledgment) |
Data access, correction, deletion | 15–30 days from request |
Grievance redressal | Within 30 days from filing |
Escalations to DPO | Within 15 days from escalation |
We are committed to addressing every concern promptly, transparently, and respectfully.