Privacy Policy

Introduction

At EternalValo, a company registered in India ("EternalValo", "we", "us", or "our"), we are committed to protecting the privacy and security of your personal data.

This Privacy Policy explains how we collect, use, disclose, store, and protect your personal data when you use our websites, mobile applications, or services (collectively, the "Services") on our platform (Eternal Store) ("Platform"). It applies to all users, including buyers, sellers, and visitors.

This Privacy Policy complies with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules), and the Digital Personal Data Protection Act, 2023 (DPDPA). It also reflects obligations under the Consumer Protection (E-Commerce) Rules, 2020, the Prevention of Money Laundering Act, 2002 (PMLA), applicable RBI guidelines, and forthcoming legislation such as the Online Gaming Bill, 2025 (if enacted).

By using our Services, you consent to the collection, use, and processing of your personal data as described in this Privacy Policy. If you do not agree, please do not use the Services.

We may update this Privacy Policy periodically, and changes will be posted on the Platform or notified via email or SMS. Your continued use of the Services after such updates constitutes acceptance of the revised policy.

1. Definitions

• Personal Data: Any information relating to an identified or identifiable individual, including name, contact details, or identification documents, as defined under the DPDPA and SPDI Rules.
• Sensitive Personal Data or Information (SPDI): Includes passwords, financial information (such as credit/debit card details), biometric data, health data, or any other sensitive data defined under the SPDI Rules.
• Data Fiduciary: EternalValo, responsible for determining the purpose and means of processing your personal data under the DPDPA.
• Data Principal: You, the individual to whom the personal data relates.
• Platform: The online platform (website, mobile site, or mobile application) operated by EternalValo.
• Intermediary: We act as an "intermediary" under Section 79 of the IT Act, 2000, which gives us safe harbor protection provided we comply with notice-and-takedown obligations.

2. Data We Collect

3. Purpose of Data Collection

We process personal data for:

• Service Delivery: Account creation, order processing, and customer support.
• Seller Verification: Using government IDs to prevent account recovery fraud and protect buyers.
• Payment Processing: Via licensed Payment Partners under the Payment and Settlement Systems Act, 2007.
• Legal Compliance: For IT Act, PMLA, GST, FEMA, DPDPA, and any gaming-related laws.
• Platform Improvement: To personalize recommendations, improve features, and debug issues.
• Security: Detecting/preventing fraud, scams, and unauthorized access.
• Communication: Transactional updates, inquiries, or important changes.
• Marketing: Promotional content, only with your opt-in consent (you may opt out anytime).
• Automated Decision-Making: Fraud detection or product recommendations. You can request human review of significant automated decisions.

4. Legal Basis for Processing

We rely on:

• Consent: Explicit consent under DPDPA, e.g., cookie tracking, marketing emails.
• Contractual Necessity: To perform obligations under Terms of Service and Sale Contracts.
• Legal Obligation: For compliance with Indian law (e.g., GST invoices, KYC checks).
• Legitimate Interests: Fraud detection, service improvement, ensuring platform security.

5. Data Sharing and Disclosure

We do not sell or share your personal data for marketing purposes without your consent. We may share data with:

• Payment Partners: Licensed providers (e.g., Razorpay, PayU) to process transactions, subject to their privacy policies.
• KYC Providers: Third-party services for identity verification, compliant with PMLA and DPDPA.
• Sellers/Buyers: Limited data (e.g., delivery address for physical goods) to facilitate transactions.
• Service Providers: IT, analytics, or customer support providers under strict confidentiality agreements.
• Legal Authorities: If required by Indian law (e.g., court orders, tax audits) or to prevent fraud/illegal activities.

For seller IDs collected to prevent account recovery fraud:

• These are stored securely and accessible only to authorized personnel for verification purposes.
• They are not shared with buyers or third parties unless required by law or to resolve disputes (e.g., fraud investigations).

6. Your Rights

Under DPDPA and SPDI Rules, you have the following rights:

• Access: Request details of your personal data we hold.
• Correction: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your data, subject to legal retention obligations.
• Restriction: Request restriction of data processing in certain cases.
• Data Portability: Request transfer of your data to another provider, where feasible.
• Withdraw Consent: Withdraw consent for data processing at any time, though this may limit Service access.
• Nominee: Designate a nominee to manage your data in case of incapacitation or death, as per DPDPA.

To exercise these rights, contact our Data Protection Officer at marotiprithvi@gmail.com. We will respond within one month, as required by DPDPA.

7. Cookies and Tracking

We use:

• Essential Cookies: For login and transactions (cannot be disabled).
• Analytics Cookies: For statistics (enabled only with your consent).
• Marketing Cookies: For ads/promotions (enabled only with your consent).

You can manage cookie preferences via your browser or our consent management tool.

8. International Data Transfers

• For international users, data is processed in India.
• If transferred outside India (e.g., to cloud providers), we ensure compliance with DPDPA cross-border transfer rules:
  • Adequacy decisions by the Indian Government, or
  • Explicit user consent.

9. Seller Data Protection Guarantee

We collect government-issued IDs from sellers solely to prevent account recovery fraud (e.g., reclaiming sold game accounts). We guarantee that:

• This data is used only for verification and fraud prevention.
• It is stored securely with encryption and restricted access.
• It is not shared with third parties except as required by law or for dispute resolution.
• Sellers can request access, correction, or deletion of their data, subject to retention obligations.

If you have concerns about your data's safety, contact our Data Protection Officer at marotiprithvi@gmail.com.

10. Grievance Redressal

As required by the Consumer Protection (E-Commerce) Rules, 2020, and DPDPA, we have appointed a Data Protection Officer and Grievance Officer:

Complaints regarding data misuse or privacy violations will be acknowledged within 48 hours and resolved within one month, as per DPDPA and E-Commerce Rules. Escalate unresolved issues to consumer forums under the Consumer Protection Act, 2019.

11. Data Breach Notification

In case of a breach:

• Users and the Data Protection Board of India will be notified within 72 hours.
• We will provide mitigation steps and guidance.

12. Children's Privacy

• We do not knowingly collect data from minors under 18 without guardian consent.
• If discovered, such data will be deleted promptly unless retention is required by law.

13. Compliance with Indian Laws

We comply with:

• Information Technology Act, 2000
• SPDI Rules, 2011
• Digital Personal Data Protection Act, 2023
• Consumer Protection (E-Commerce) Rules, 2020
• Prevention of Money Laundering Act, 2002 (PMLA)
• GST laws
• FEMA, 1999 (for cross-border payments)
• RBI Guidelines on Payment Systems
• Online Gaming Regulations (including the Online Gaming Bill, 2025, if enacted)

14. Safe Harbour under IT Act

As an intermediary under Section 79 of the IT Act, we are not liable for user content if we act upon notice of unlawful material promptly.

15. Contact Us

For questions, concerns, or to exercise your data rights, contact:

16. Updates to this Policy

We may update this Privacy Policy to reflect legal or operational changes. Updates will be posted on the Platform or notified via email/SMS. Your continued use of the Services after updates constitutes acceptance.