Himalay.io - Source Globally from India's Most Reputable B2B E-commerce Platform

Privacy PolicyLast Updated: February 2025

Privacy Policy of www.himalay.ioThis Website hosts this page and collects some Personal Data from its Users. Users may be subject to different data protection standards, and therefore certain Users may be subject to more extensive standards. Users may contact the Owner for more information about these standards. This document can be printed for reference using the print command in any browser's settings.

Owner and Data ControllerPadamade Private Limited — A-1506, Princeton CHS, Hiranandani Estate, Thane West, Maharashtra, India. 400607. India Owner contact email address: main@himalay.io Grievance Officer (India): Joel Daniel, joel@himalay.io,

1. INTRODUCTIONHimalay.io ("Himalay", the "Platform", "we") is a B2B sourcing and procurement platform that helps Buyers engage Indian manufacturers/suppliers ("Suppliers"). The Platform is for business use only and is not intended for personal or consumer use. This Privacy Policy explains how we collect, use, disclose, store, and protect Personal Data of visitors and Users (including employees/representatives of business Users) when they access or use the Platform through websites, apps, APIs, or other interfaces.This Privacy Policy does not apply to third-party sites or services that are linked from the Platform or integrated by Users. Those third parties process data under their own policies. This Privacy Policy also does not apply where we act strictly as a Data Processor for another business under a separate written agreement.

2. TYPES OF PERSONAL DATA COLLECTEDAmong the types of Personal Data that this Website collects, by itself or through third parties, there are: Trackers; Usage Data; first name; last name; company name; job title; department; business email address; phone number; business address; postal code; country; billing address; shipping/delivery address; account identifiers; account credentials (hashed password); enquiry/RFQ details; quotations; purchase order details; invoice details; transaction references; bank/payment identifiers (as applicable); communications content (email/message content); file uploads (specifications, drawings, certificates); User Content; profile picture (optional); message date; time message sent; message sender; number of Users; session statistics; device information; IP address; approximate location data.Data may be provided directly by you, generated through your use of the Platform, or received from third parties (e.g., KYC providers, payment processors, logistics partners). Unless stated otherwise at the point of collection, requested data is required to provide the Service; if you do not provide it, certain features may be unavailable.Users are responsible for any Personal Data of third parties obtained, published or shared through this Website (for example, when uploading contact details, shipping contacts, or documents containing personal data).

3. DETAILS OF DATA PROCESSING3.1 Information you provide to usWe may collect: contact details; account credentials; business identifiers (GSTIN/CIN/IEC); corporate registration details; tax info; authorized signatory details; documentation for verification; RFQs, bids and purchase/order information; payment settlement information; and support communications.3.2 Information collected automaticallyWe may collect: device and browser data; IP address; logs; approximate location; session and usage analytics; pages viewed; searches; time spent; referral data; and cookie identifiers.3.3 Information from third partiesWe may receive: verification results (KYC/AML/sanctions/identity checks); payment confirmations; logistics and shipment updates; customer support transcripts handled by vendors; and publicly available business registry information.

4. PURPOSES OF PROCESSINGWe process Personal Data to: (a) register and manage accounts; (b) verify business eligibility and conduct KYC/AML and fraud prevention; (c) facilitate RFQs, bids, communication, and transactions; (d) process and reconcile payments (where enabled); (e) provide logistics/documentation support; (f) operate customer support and dispute resolution; (g) improve the Platform via analytics and testing; (h) market the Platform and provide updates (subject to consent where required); (i) comply with legal obligations and respond to lawful requests; and (j) protect the rights, safety, and security of Users, the Platform, and third parties.

5. LEGAL BASES / GROUNDSIndia (DPDP Act): We process personal data based on consent or permitted legitimate uses, and where necessary for performance of contract, compliance with law, fraud prevention, security, and dispute handling.IT Act / SPDI Rules (where applicable): We obtain consent for collection/use/disclosure of Sensitive Personal Data or Information (SPDI) where applicable and follow reasonable security practices.EU/UK (GDPR): Legal bases may include contract necessity, legitimate interests, legal obligation, and consent (especially for non-essential cookies and marketing).Brazil (LGPD): Legal bases may include contract performance, compliance with law, legitimate interest, consent, and credit protection.United States: We provide applicable notices and honor statutory rights where required.

6. DISCLOSURE OR SHARING OF PERSONAL DATAWe may share Personal Data with:

Other Users (Buyer-Supplier) where necessary to facilitate RFQs, bids, orders, documentation and communications.
Service providers: hosting, analytics, messaging, security, customer support, payment processors, KYC/AML, logistics, email delivery, CRM.
Professional advisers: auditors, legal counsel, insurers.
Authorities: law enforcement and regulators when required by law or to protect rights and safety.
Corporate transactions: buyers/merger partners and advisers in the event of reorganization or sale (subject to confidentiality safeguards).

We do not sell Personal Data. We may share de-identified/aggregated data that does not identify individuals.

7. INTERNATIONAL TRANSFERSWe may process and store Personal Data in India and other jurisdictions where we or our service providers operate (e.g., EU/EEA, UK, Singapore, USA). We use contractual and organizational safeguards for cross-border transfers, including Standard Contractual Clauses (where applicable) and security controls. Some transfers are necessary to perform contracts (e.g., international shipping and payments).

8. RETENTIONWe retain Personal Data as long as needed to provide the Service, meet contractual obligations, comply with law (e.g., tax/accounting), resolve disputes, enforce agreements, and maintain security. If we no longer need the data, we delete or anonymize it, unless retention is required by law.

9. COOKIES AND TRACKERSWe use cookies/trackers for security, functionality, analytics, and (where enabled) marketing. Non-essential cookies may be used only with consent where required. See the separate Cookie Policy (Part B).

10. YOUR RIGHTSIndia (DPDP Act): you may request access, correction, erasure, withdrawal of consent, nomination, and grievance redressal.EU/UK (GDPR): you may request access, rectification, erasure, restriction, portability, and objection; you may also withdraw consent and lodge a complaint with a supervisory authority.Brazil (LGPD): you may request confirmation, access, correction, anonymization, portability, deletion, information about sharing, consent withdrawal, and review of automated decisions where applicable.United States: you may have rights to know, delete, correct, and opt out of certain processing under state laws.Requests can be made using the contact details in "How to contact us". We may need to verify your identity and authority before acting on requests.

11. MINORSThe Platform is intended for adults (18+). We do not knowingly collect Personal Data from minors.

12. SECURITY MEASURESWe implement reasonable technical and organizational measures, including access controls, encryption in transit, logging, least-privilege, and vendor due diligence. No transmission over the Internet is perfectly secure; you use the Service at your own risk.

13. DATA BREACHIf we become aware of a personal data breach, we will investigate, mitigate, and provide notices where required by applicable law.

14. CHANGES TO THIS PRIVACY POLICYWe may update this Privacy Policy. Material changes will be communicated via the Platform and/or email where appropriate. The "Last Updated" date reflects the latest version.

15. HOW TO CONTACT USPrivacy contact: main@himalay.io Grievance Officer (India): Joel Daniel, joel@himalay.io Registered office: A-1506, Princeton CHS, Hiranandani Estate, Thane West, Maharashtra, India. 400607. India, India

16. LANGUAGEIf there is any conflict between the English version and another language version, the English version shall prevail.