Privacy Policy
This Privacy Policy explains how Trade Bargains collects, uses, stores and protects your personal data when you shop with us or visit our website. We are committed to full transparency and to your rights under applicable international privacy laws.
Who We Are
Trade Bargains (accessible at trade.bargains) is an international online retail store selling products directly to customers worldwide. Trade Bargains is not a marketplace — all products are sold and fulfilled directly by us. Trade Bargains is operated by:
Legal Entity & Data Controller
Hyderabad, Telangana 500064, India
Applicable Laws
This policy is prepared in accordance with India's Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023 (DPDP). It also incorporates best practices aligned with the EU General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA) to protect our international customers wherever they are located.
What Personal Data We Collect
We collect personal data only where it is strictly necessary to provide our services to you. The following categories of personal data may be collected:
2.1 Data You Provide Directly
- Identity data: First name, last name, and username or similar identifier when you create an account or place an order.
- Contact & address data: Billing address, delivery address, email address, and telephone number. This is required to fulfil and deliver your order.
- Transaction data: Details of products purchased, order value, payment method used (last 4 digits only), and order history.
- Account data: Username and encrypted password if you choose to create an account.
- Communications data: Any messages, emails, or enquiries you send us, and your marketing subscription status and preferences.
2.2 Data Collected Automatically
- Technical data: IP address (anonymised before storage), browser type and version, device type, operating system, time zone, and referring URL.
- Usage data: Pages visited, products viewed, time spent on pages, click data, and shopping behaviour — collected via Google Analytics 4 with IP anonymisation enabled.
- Cookie data: Session identifiers (cart, login), preference settings, and analytics identifiers. Full details in Section 5.
2.3 Data Received from Third Parties
- Payment processors (Stripe & PayPal): Transaction confirmation status and fraud risk signals only. We never receive or store your full payment card number — this is handled exclusively within Stripe's and PayPal's PCI-DSS certified environments.
- Google services: Anonymised website performance data from Google Analytics 4, and product listing performance data from Google Merchant Center.
What We Never Collect
We never collect sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, health or medical data, or biometric data. We do not collect, transmit, or store full payment card numbers — ever.
How We Use Your Personal Data
We use your personal data only where the law permits. The table below sets out each purpose we process your data for, the type of data involved, and the lawful basis we rely on. We never use your data for purposes incompatible with those stated here.
| Purpose of processing | Data categories used | Lawful basis |
|---|---|---|
| Process, fulfil and dispatch your order | Identity · Contact · Transaction | Contractual necessity |
| Send order confirmation, dispatch and delivery notifications | Identity · Contact · Transaction | Contractual necessity |
| Manage your customer account and login | Identity · Contact · Account | Contractual necessity |
| Process returns, exchanges and refunds | Identity · Contact · Transaction | Contractual necessity |
| Respond to enquiries and provide customer support | Identity · Contact · Communications | Legitimate interest |
| Prevent fraud, detect abuse and maintain site security | Identity · Technical · Transaction | Legitimate interest |
| Improve and optimise our website using anonymised analytics | Technical · Usage | Legitimate interest |
| Send marketing emails with exclusive deals (subscribers only) | Identity · Contact | Consent — double opt-in |
| Display personalised advertisements (Google Ads) | Technical · Usage | Consent |
| Comply with tax, accounting and legal obligations | Identity · Contact · Transaction | Legal obligation |
A Note on Marketing
We only send marketing emails to customers who have actively opted in via our newsletter subscription form (double opt-in confirmed). Every marketing email contains a visible one-click unsubscribe link. We will never sell your email address or personal data to any third-party marketer, ever.
Who We Share Your Data With
We do not sell your personal data to any third party. We share data only where strictly necessary for the operation of our business, with the following trusted categories of recipients — all of whom are bound by data processing agreements:
- Payment processors — Stripe & PayPal: To securely process your payment. They receive only the minimum data required to complete the transaction. Both hold PCI-DSS Level 1 certification. Your full card details never pass through our servers.
- Shipping and logistics carriers: Your name, delivery address, and order reference number are shared with our carrier partners (including Delhivery and international carriers such as DHL, FedEx, and others depending on destination) solely to dispatch and deliver your order.
- Web hosting — Hostinger International Ltd.: Provides our server infrastructure. Hostinger operates ISO 27001-certified data centres. Data is processed under a GDPR-compliant Data Processing Agreement.
- Google LLC: Google Analytics 4 (anonymised usage data only), Google Merchant Center (product catalogue and order data required for Shopping listings), and Google Ads (conversion tracking — only where you have consented to marketing cookies).
- Email delivery — Brevo (formerly Sendinblue): Used to send transactional emails (order confirmations, dispatch notifications) and, where consented, marketing emails. Data is processed under a GDPR-compliant Data Processing Agreement.
- Legal and regulatory authorities: We may disclose personal data to government bodies, law enforcement agencies, tax authorities, or courts where we are required to do so by applicable law, a valid court order, or to protect our legal rights and interests.
4.1 International Data Transfers
As an international business, your personal data may be transferred to and processed in countries outside India, including countries in the European Economic Area (EEA), the United Kingdom, and the United States. When we make such transfers, we ensure appropriate safeguards are in place:
- Standard Contractual Clauses (SCCs) approved by the European Commission for transfers from the EEA
- Adequacy decisions where recognised by the relevant authority
- Binding data processing agreements with all third-party processors
- Compliance with India's Digital Personal Data Protection Act, 2023 cross-border data transfer provisions
Cookies and Tracking Technologies
Our website uses cookies — small text files stored on your device when you visit — to enable core functionality, remember your preferences, and help us understand how our site is used. We operate a consent-based cookie management system that allows you to control non-essential cookies.
| Cookie type | Purpose and specific cookies | Duration | Optional? |
|---|---|---|---|
| Strictly necessary | Shopping cart persistence (woocommerce_cart_hash, woocommerce_session_*), login session (wordpress_logged_in_*), checkout security (PHPSESSID). Without these, the cart and checkout cannot function. | Session | No — essential |
| Functional | Language and currency preference, remembered display settings. These make your browsing experience consistent across sessions. | 1 year | Yes |
| Analytics (GA4) | Pages visited, traffic source, time on site, bounce rate. Set by Google Analytics 4 (_ga, _ga_*). IP address is anonymised before processing. We use this data to improve our website. | 2 years | Yes |
| Marketing | Google Ads conversion tracking (_gcl_au) and remarketing audience data. Only set after you explicitly consent. These cookies help us show you relevant advertisements. | 90 days | Yes — consent required |
Managing Your Cookie Preferences
A cookie consent banner is shown on your first visit, allowing you to accept all cookies, reject non-essential ones, or choose by category. You can update your preferences at any time by clicking "Cookie Settings" in the website footer. You may also control cookies through your browser settings, though disabling strictly necessary cookies will prevent the shopping cart and checkout from working.
Your Privacy Rights
Depending on your country of residence you have the following rights in relation to your personal data. We honour these rights for all customers worldwide, regardless of location, as part of our commitment to international best practice:
Right of Access
Request a copy of all personal data we hold about you (a Subject Access Request). We will respond within 30 days free of charge.
Right of Rectification
Request correction of any inaccurate or incomplete data. You can update most details directly in your account settings.
Right to Erasure
Request deletion of your personal data ("right to be forgotten") where there is no compelling reason for continued processing — for example, where you have withdrawn consent.
Right to Restrict Processing
Request that we suspend processing of your data in certain circumstances — for example, while we verify the accuracy of data you have disputed.
Right to Data Portability
Receive your personal data in a structured, commonly used, machine-readable format (CSV or JSON) to transfer to another service.
Right to Object
Object to processing based on legitimate interests or to direct marketing at any time. Where you object to marketing we will stop immediately.
Right to Withdraw Consent
Where processing is based on consent (e.g. marketing emails or marketing cookies), you may withdraw it at any time without affecting the lawfulness of prior processing.
Right to Lodge a Complaint
Lodge a complaint with your national supervisory authority. See Section 11 for the relevant authority for your location.
How to Exercise Your Rights
Email admin@trade.bargains with the subject line "Privacy Rights Request". Include your full name and the email address associated with your account. We may ask you to verify your identity before processing the request. We aim to respond within 30 days. There is no charge for making a request.
How Long We Keep Your Data
We retain personal data only for as long as necessary for the purposes for which it was collected and to comply with our legal obligations. Once the retention period expires, data is securely deleted or irreversibly anonymised.
| Data category | Retention period | Reason |
|---|---|---|
| Order and transaction records | 7 years from transaction date | Indian tax law (GST), accounting obligations |
| Customer account data | While account is active + 2 years after last login | Contractual; fraud prevention |
| Email subscriber records | While subscribed + 1 year after unsubscribe | Consent record-keeping; DPDP 2023 compliance |
| Analytics data (GA4) | 14 months (Google's default setting) | Legitimate interest; automatically purged by Google |
| Customer service correspondence | 3 years from last contact | Dispute resolution; legitimate interest |
| Legal hold / litigation data | Duration of proceedings + 6 years | Legal obligation |
Security of Your Personal Data
We have implemented appropriate technical and organisational measures to protect your personal data from accidental loss, unauthorised access, use, alteration, or disclosure. Our security framework includes:
- TLS encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher. Our SSL certificate is maintained and automatically renewed via Hostinger.
- PCI-DSS compliant payments: Card payment data never passes through or is stored on our servers. All card processing occurs within Stripe's PCI-DSS Level 1 certified environment and PayPal's equivalent certified system.
- Access controls: Internal access to personal data is restricted on a strict need-to-know basis. Staff who have access to personal data are bound by confidentiality obligations and receive appropriate data handling guidance.
- Secure hosting infrastructure: Our website is hosted by Hostinger, which operates ISO 27001-certified data centres with physical security controls, network monitoring, and DDoS protection.
- Ongoing security review: We conduct periodic reviews of our website security, access logs, and data handling practices to identify and address vulnerabilities.
Data Breach Notification
In the event of a personal data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours of becoming aware of the breach, and will communicate directly with affected individuals where required by law — including under India's DPDP Act, 2023.
Children's Privacy
Our website and all products and services we offer are intended for adults aged 18 and over. We do not knowingly collect personal data from children under the age of 13. If we become aware that personal data has been inadvertently collected from a child under 13, we will delete it promptly and without undue delay.
If you are a parent or guardian and believe that your child has provided us with personal data without your consent, please contact us immediately at admin@trade.bargains and we will take immediate steps to remove that information.
Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our data handling practices, applicable law, technology, or the nature of our business. When we make material changes we will:
- Update the "Last updated" date at the top of this page
- Send an email notification to all registered customers and active subscribers
- Display a prominent notice on our website for a minimum of 30 days following any material change
We encourage you to review this Privacy Policy periodically so you are always informed about how we protect your information. Your continued use of our website after any changes constitutes your acceptance of the updated policy.
Contact Us & Grievance Officer
For all privacy-related enquiries, data subject requests, or concerns, please contact us using the details below. Under India's Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023, we have designated a responsible point of contact (Grievance Officer) for data-related complaints from Indian customers:
Data Controller & Grievance Contact
Hyderabad, Telangana 500064, India
Supervisory Authorities — Lodge a Complaint
If you are not satisfied with our response to your privacy concern, you have the right to complain directly to your national supervisory authority:
India: Data Protection Board of India (dpboard.gov.in) · Ministry of Electronics & Information Technology (MeitY)
European Union / EEA: Your local Data Protection Authority (find yours at edpb.europa.eu)
United Kingdom: Information Commissioner's Office — ico.org.uk
California (USA): California Office of the Attorney General — oag.ca.gov
Australia: Office of the Australian Information Commissioner — oaic.gov.au
Wishlist & Price Alert Notifications
When you save items to your wishlist, we collect and store the following data to operate this service:
| Data | Purpose | Retention |
|---|---|---|
| Product IDs saved | Display your wishlist across sessions | 365 days or until removed |
| Email address | Send price drop notifications | Until unsubscribed or account deleted |
| Price preferences & thresholds | Trigger alerts when price drops | 365 days or until changed |
| Timestamp of save | Sort wishlist, expire stale items | 365 days |
Prices are checked daily. Email notifications are sent within 24 hours of a price reduction, with a maximum of one notification per item per week to avoid inbox overload.
What We Will Never Do
We will not share your wishlist data with third parties, use it for retargeting advertising without explicit consent, or send general marketing emails based on wishlist activity — only direct price alerts for items you have personally saved.
Your controls: Remove individual items from your wishlist at any time via My Account. Unsubscribe from price alert emails via the unsubscribe link in any alert email. Manage all email preferences under My Account → Email Settings.
Abandoned Cart Recovery
If you add items to your cart but do not complete checkout, we may store your cart contents and send recovery emails to help you return to your order. This only applies where you have provided your email address — either through account login or the checkout popup opt-in.
| Data | Purpose | Retention |
|---|---|---|
| Cart contents (product IDs, quantities) | Populate recovery email with your items | 7 days from abandonment |
| Email address (if submitted in popup) | Send recovery emails | 7 days, or until recovered/unsubscribed |
| Time spent at checkout | Analytics — improve checkout flow | Aggregated, 90 days |
Consent Is Explicit
The abandoned cart recovery popup requires an explicit checkbox opt-in. It is never pre-ticked. The opt-in is separate from your order confirmation email subscription and is clearly labelled as a recovery email series.
Recovery email limits: Maximum 3 emails per abandoned cart event, sent at no more than one per day. Recovery offers included in those emails are valid for 7 days from the send date. Cart data is deleted after 7 days if the cart is not recovered. You can unsubscribe at any time via the link in any recovery email.
Android Mobile App — Data Collection & Permissions
The Trade Bargains Android app is an extension of our website. The following data is collected when you use the app. All data is handled in accordance with this Privacy Policy and Google Play Developer Policy.
Device & Installation Data
| Data point | Why we collect it |
|---|---|
| Device ID (Android ID) | Session management, fraud prevention |
| Phone model & OS version | Bug diagnosis and app compatibility |
| App version | Support troubleshooting, update prompts |
| Installation date | Analytics — cohort analysis |
| IP address | Fraud detection, regional pricing |
| Crash reports (via Firebase Crashlytics) | Fix bugs and prevent crashes |
| App performance metrics | Identify slow screens and optimise |
User & Account Data (same as website)
Account information (email, name, address), purchase history, search queries, items viewed, wishlisted items, and payment information (encrypted, processed by Stripe/PayPal) are collected in the app identically to how they are collected on the website — see Sections 2–4 of this policy.
App Permissions
| Permission | Why it's needed | Required? |
|---|---|---|
| Internet access | All app functionality requires network access | Yes — mandatory |
| Camera | Product photo uploads, visual search | Optional — app works without it |
| Photos / Media storage | Select images from gallery for product reviews | Optional — app works without it |
| Location (approximate) | Delivery time estimation, regional pricing | Optional — app works without it |
| Contacts (auto-fill only) | Auto-fill your name and address at checkout | Optional — app works without it |
| Storage / App cache | Store images and app data for offline browsing | Yes — for normal performance |
| Push notifications | Order updates, price alerts, recovery emails | Optional — can be disabled in device settings |
Declining Permissions
Refusing optional permissions (camera, location, contacts) does not prevent core app functionality — you can still browse, search, and purchase. Certain features (visual search, auto-fill) will simply be unavailable.
Third-Party SDKs in the App
| Service | Purpose | Their Privacy Policy |
|---|---|---|
| Google Analytics for Firebase | Usage tracking, funnel analysis | policies.google.com/privacy |
| Firebase Crashlytics | Crash reporting and diagnostics | firebase.google.com/support/privacy |
| Stripe SDK | Secure payment processing | stripe.com/privacy |
| PayPal SDK | Alternative payment processing | paypal.com/privacy |
| FCM (Firebase Cloud Messaging) | Push notifications | firebase.google.com/support/privacy |
App-Level Privacy Controls
Within the app, navigate to Settings → Privacy to:
- Disable in-app analytics tracking
- Turn off personalised product recommendations
- Manage marketing and push notification preferences
- Request a download of your personal data
- Initiate account and data deletion
Uninstalling the App
Uninstalling the Trade Bargains app removes locally cached data from your device but does not delete your account or order history from our servers. To delete your account and all associated data, use Settings → Privacy → Delete Account in the app, or contact us at admin@trade.bargains.
GDPR — Your Rights (EU / EEA Users)
If you are located in the European Union or European Economic Area, the General Data Protection Regulation (GDPR) applies to how we handle your personal data. Our legal bases for processing are:
| Legal basis | When we rely on it |
|---|---|
| Contract | Processing your order, delivering products, handling returns |
| Legitimate interest | Site functionality, security, fraud prevention, internal analytics |
| Consent | Marketing emails, non-essential cookies, push notifications, abandoned cart emails |
| Legal obligation | Tax records, accounting, regulatory compliance (retained 7 years) |
Your GDPR Rights
Right of Access
Request a copy of all personal data we hold about you, including why we hold it.
Right to Rectification
Request correction of inaccurate or incomplete personal data we hold.
Right to Erasure
Request deletion of your personal data ("right to be forgotten"), subject to legal retention requirements.
Right to Restrict Processing
Ask us to pause processing of your data while a dispute or correction is pending.
Right to Data Portability
Receive a copy of your personal data in a structured, machine-readable format (JSON or CSV).
Right to Object
Object to processing based on legitimate interests, or to direct marketing — we will stop immediately.
Right to Withdraw Consent
Withdraw consent at any time for any processing based on consent, without affecting prior lawful processing.
Right to Lodge a Complaint
If unsatisfied with our response, escalate to your EU member state's Data Protection Authority.
How to Exercise Your GDPR Rights
Email admin@trade.bargains with subject line "GDPR Rights Request" and your name, account email, and the specific right you are exercising. We will verify your identity and respond within 30 days as required by GDPR. No charge applies to any rights request.
CCPA — Your Rights (California Residents)
If you are a California resident, the California Consumer Privacy Act (CCPA) as amended by the CPRA grants you specific rights over your personal information.
Categories of Personal Information We Collect
| Category | Examples | Collected? |
|---|---|---|
| Identifiers | Name, email, phone, IP address | Yes |
| Commercial information | Purchase history, cart contents, wishlist | Yes |
| Internet / network activity | Browsing history on our site, clicks, searches | Yes |
| Geolocation data | Country / state level (for shipping) | Yes — approximate only |
| Inferences | Inferred purchase preferences from behaviour | Yes — for recommendations |
| Sensory information | Photos you upload (product reviews) | Only if voluntarily uploaded |
| Biometric information | Fingerprints, facial data | No — never collected |
| Education / employment | Professional background | No — never collected |
Your CCPA Rights
| Right | What it means |
|---|---|
| Right to Know | Request details of personal information collected, used, disclosed, or sold in the past 12 months |
| Right to Delete | Request deletion of personal information we hold (subject to legal exceptions) |
| Right to Correct | Request correction of inaccurate personal information |
| Right to Opt-Out | Opt out of the "sale" or "sharing" of personal information for targeted advertising |
| Right to Limit | Limit the use and disclosure of sensitive personal information |
| Right to Non-Discrimination | We will not discriminate against you for exercising any CCPA right |
We Do Not Sell Personal Information
Trade Bargains does not sell personal information for monetary consideration. We do share limited data with service providers (payment processors, shipping partners, analytics) as required to operate our business — this is a legally required CCPA disclosure, not a "sale".
How to Exercise Your CCPA Rights
Email admin@trade.bargains with subject line "CCPA Privacy Request" and your name and account email. We will respond within 45 days as required by CCPA. For opt-out of targeted advertising, use the "Do Not Sell or Share My Personal Information" link in the site footer.