Privacy Policy

2.1 This Policy applies to all personal data collected by the Company through: the Website (www.alifqurbani.com); mobile applications (if any); email, phone, and WhatsApp communications; and any offline interactions related to orders placed online.

2.2 This Policy does NOT apply to: third-party websites linked from the Website; Razorpay's processing of your payment data (governed by Razorpay's own Privacy Policy and Buyer Privacy Notice at razorpay.com); or Meta/WhatsApp's processing of your messaging data.

2.3 This Policy is to be read alongside our Terms of Service. All capitalised terms not defined here have the meaning given in the Terms of Service.

6.1 The Company does NOT sell, rent, lease, or trade your personal data to any third party for commercial or marketing purposes. This is an absolute commitment.

6.2 We may share your data with the following categories of recipients, strictly on a need-to-know basis:

• Razorpay Software Pvt. Ltd. for payment processing, fraud detection, RBI compliance, and chargeback management. Razorpay processes your data as per its own Privacy Policy and Buyer Privacy Notice (razorpay.com/buyer-privacy-notice). Razorpay is a separate and independent data fiduciary for data it processes.
• Animal Vendors / Slaughterhouse Operators limited to: order reference number, type of animal/service, and date; NO personal contact information is shared.
• Logistics / Courier Partners limited to: recipient name, delivery address, PIN code, phone number, and order reference; strictly for delivery fulfilment.
• Cloud Hosting & IT Infrastructure Providers hosting your data on servers located in India; bound by data processing agreements with confidentiality and security obligations.
• SMS / Email / WhatsApp Communication Platforms limited to mobile number and/or email for sending transactional and (with consent) marketing messages.
• Legal & Regulatory Authorities RBI, SEBI, FIU-IND, Income Tax Department, GST authorities, law enforcement agencies, courts when required by law, court order, or valid legal process.
• Professional Advisors lawyers, auditors, consultants under strict professional confidentiality obligations.

6.3 In the event of a merger, acquisition, restructuring, or sale of all or part of the Company's business, your personal data may be transferred to the successor entity, subject to a commitment from the acquirer to comply with this Privacy Policy.

6.4 Aggregate / Anonymised Data: We may share aggregated, de-identified statistical data that does not identify you as an individual (e.g., '70% of our customers are from outside India') with partners, investors, or for public reporting.

7.1 In compliance with the Reserve Bank of India's circular on Storage of Payment System Data (RBI/2017-18/153, dated April 6, 2018), all payment system data including end-to-end transaction data collected by Razorpay for processing your payments is stored exclusively on systems located within India.

7.2 Your personal data collected by the Company is stored on cloud infrastructure located within India.

7.3 Where any data is processed or accessed outside India (e.g., by a cloud provider with global operations), the Company ensures that: (a) such data is deleted from foreign systems within the timeframes mandated by the RBI; and (b) appropriate contractual safeguards are in place. By using the Website, you consent to such processing as permitted under the DPDP Act, 2023.

8.1 The Website uses cookies, web beacons, pixels, and similar tracking technologies. By using the Website with your browser set to accept cookies, you consent to our use of cookies as described below.

8.2 Types of cookies and tracking technologies we use:

• Essential / Strictly Necessary Cookies: Required for the Website to function (session management, login state, shopping cart, Order ID tracking). Cannot be disabled without breaking the Website.
• Analytics Cookies: Google Analytics (anonymised) to understand traffic patterns, popular pages, and user behaviour. Data is anonymised and aggregated. IP addresses are anonymised.
• Marketing / Advertising Pixels: Meta Pixel (Facebook/Instagram) and Google Ads Conversion Tracking to measure the effectiveness of our advertising and serve relevant ads to users who have visited our Website. These may track your behaviour across other websites. These are enabled only with your consent.
• Razorpay Embedded Scripts: Razorpay sets cookies on the payment page for fraud detection, session management, and payment processing. These are governed by Razorpay's Cookie Policy and are necessary for payment security.
• WhatsApp Business Plugin (if used): May set cookies for chat widget functionality.

8.3 Cookie Control: You may manage cookie preferences through your browser settings or, where provided, through our Cookie Consent Manager. Disabling non-essential cookies will not affect your ability to place orders.

8.4 Do Not Track: The Website currently does not respond to browser 'Do Not Track' signals. We will update this Policy if our practices change.

9.1 The Company implements the following technical and organizational security measures:

• SSL/TLS encryption for all data transmission between your browser and the Website (HTTPS).
• Encrypted storage of sensitive data.
• Access controls personal data is accessible only to authorized personnel on a need-to-know basis.
• Regular security reviews and penetration testing.
• Secure data processing agreements with all third-party data processors.

9.2 Payment Security: The Website integrates Razorpay's PCI DSS v4.0.1 compliant payment infrastructure. No raw card data, CVV, or UPI credentials ever pass through or are stored on the Company's servers. Razorpay uses bank-grade encryption and tokenization for all payment instrument data.

9.3 Limitation: No method of transmission over the internet or electronic storage is 100% secure. While the Company takes all reasonable measures, it cannot guarantee absolute security. The Company shall not be liable for any data breach caused by factors beyond its reasonable control (cyberattacks, state-sponsored attacks, zero-day exploits, etc.), provided the Company has implemented reasonable security practices.

9.4 Data Breach Notification: In the event of a personal data breach that is likely to result in high risk to your rights and freedoms, the Company will notify the Data Protection Board of India (DPBI) and affected Data Principals as required under the DPDP Act, 2023 and DPDP Rules, 2025.

12.1 The Website is intended for use by adults (18 years and above).

12.2 Under Section 9 of the DPDP Act, 2023, the Company shall not process personal data of children (below 18 years) without verifiable parental/guardian consent.

12.3 The Company does not knowingly collect personal data from anyone below the age of 18. If we become aware that a minor has submitted personal data without parental consent, we will delete such data promptly.

12.4 If you are a parent or guardian and believe your child has provided personal data to us without your consent, contact privacy@alifqurbani.com immediately.

13.1 The Website accepts orders from users globally. If you are accessing the Website from outside India, please note that your personal data will be transferred to and processed in India.

13.2 Indian data protection law governs our data practices. By using the Website, you consent to the transfer, storage, and processing of your personal data in India under the laws of India.

13.3 Cross-border data transfer: Certain cloud infrastructure providers may process data in jurisdictions outside India. The Company ensures contractual safeguards consistent with the DPDP Act, 2023 and RBI localization requirements. Payment transaction data is stored exclusively in India per RBI mandate.

15.1 Meta Pixel / Facebook Ads: The Website uses Meta's Pixel tracking tool to measure ad performance and enable retargeting. Meta may receive your IP address, device ID, and browsing behaviour on the Website. Meta's data practices are governed by Meta's Privacy Policy (facebook.com/privacy/policy/). You may opt out of Meta's ad targeting at facebook.com/ads/preferences/.

15.2 Google Analytics / Google Ads: We use Google Analytics with IP anonymisation enabled. Google's data practices are governed by Google's Privacy Policy. You may opt out at tools.google.com/dlpage/gaoptout.

15.3 WhatsApp Business: Order notifications and customer support are provided via WhatsApp Business API. WhatsApp's data practices are governed by WhatsApp's Privacy Policy. Communications on WhatsApp are subject to Meta's end-to-end encryption for individual chats.

15.4 Shipping Partners: Logistics partners receive your name, phone number, and delivery address strictly for delivery purposes and are bound by data processing agreements.

16.1 The Company reserves the right to modify this Privacy Policy at any time to reflect changes in law, technology, business practices, or the DPDP Act regulations.

16.2 Material changes affecting your rights will be communicated via email or prominent Website notice at least 7 days before they take effect, wherever practicable.

16.3 The 'Last Revised' date at the top of this Policy indicates the most recent update. Your continued use of the Website after the effective date of changes constitutes your acceptance of the updated Policy.