Dhuni Logo

Privacy Policy

Your privacy is the foundation of our trust

Last Updated: 27 January 2025Version 2.0Effective: Immediately
GDPR CompliantCCPA CompliantDPDP Act 2023

Our Privacy Principles

Transparent

Clear disclosure of all data collection and usage practices

Secure

Enterprise-grade encryption and protection measures

Your Rights

Full control to access, export, or delete your data

1. Introduction

Dhuni Worldwide Foods and Beverages Private Limited ("Dhuni Worldwide," "we," "us," or "our") is committed to protecting your privacy and ensuring transparency in how we collect, use, store, and share your personal information.

This Privacy Policy applies to all users of our website (dhuniworldwide.com), digital platforms, mobile applications, and SITE (Sustainable Integrated Traceability Ecosystem) services.

This Policy complies with:

  • GDPR (EU General Data Protection Regulation 2016/679)
  • CCPA (California Consumer Privacy Act)
  • DPDP Act 2023 (Digital Personal Data Protection Act, India)
  • Information Technology Act, 2000 (India)
  • APEDA (Agricultural and Processed Food Products Export Development Authority) guidelines

By using our services, you consent to the data practices described in this Policy. If you do not agree, please discontinue use of our services.

For questions, contact our Data Protection Officer at dpo@dhuniworldwide.com

2. Data Controller Information

Legal Entity:

Dhuni Worldwide Foods and Beverages Private Limited

WeWork NESCO IT Park, 10th Floor, Goregaon (East), Mumbai – 400063, India

CIN: U28259MH2024PTC420662

Data Protection Officer: dpo@dhuniworldwide.com

Privacy Inquiries: privacy@dhuniworldwide.com

EU Representative: (To be appointed upon EU operations)

3. Legal Basis for Processing (GDPR Article 6)

We process personal data under the following legal bases:

  • Consent (Article 6(1)(a)): When you explicitly agree to processing (e.g., marketing communications, cookies)
  • Contract Performance (Article 6(1)(b)): To fulfill service agreements, process orders, and provide SITE ecosystem access
  • Legal Obligation (Article 6(1)(c)): To comply with Indian, EU, or international laws (tax, food safety, export regulations)
  • Legitimate Interest (Article 6(1)(f)): For fraud prevention, security, business analytics, and platform improvement

You have the right to object to processing based on legitimate interests. Contact us at dpo@dhuniworldwide.com to exercise this right.

4. Information We Collect

4.1 Personal Data You Provide

  • Identity Data: Full name, date of birth, gender, government-issued ID numbers
  • Contact Data: Email address, phone number, postal address, company name
  • Account Data: Username, password (hashed), profile photo, preferences
  • Financial Data: Bank account details, payment card information (tokenized), tax identification numbers
  • Business Data: Company registration, GST/VAT numbers, business licenses, supply chain information
  • SITE Ecosystem Data: Product journey records, traceability information, farmer/producer details, GPS coordinates, quality certifications, processing data

4.2 Data Collected Automatically

  • Technical Data: IP address, browser type and version, device type, operating system, unique device identifiers
  • Usage Data: Pages visited, time spent, click patterns, search queries, feature usage, navigation paths
  • Location Data: Approximate location from IP address, precise location if GPS enabled (with consent)
  • Cookies & Tracking: Session cookies, persistent cookies, web beacons, analytics tags (see Section 11)

4.3 Data from Third Parties

  • Public Sources: Company registries, business directories, social media profiles
  • Partners & Suppliers: Logistics providers, certification bodies, payment processors
  • Analytics Providers: Google Analytics, Firebase Analytics, Mixpanel

4.4 Special Category Data

We do NOT intentionally collect sensitive personal data

This includes: racial/ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, or data concerning sex life/sexual orientation (GDPR Article 9).

If you inadvertently provide such data, it will be deleted immediately upon discovery.

5. How We Use Your Data

We process personal data for the following purposes:

Service Delivery

  • • Account creation and management
  • • Order processing and fulfillment
  • • Customer support
  • • SITE ecosystem operations

Security & Compliance

  • • Fraud prevention and detection
  • • Legal compliance (FSSAI, APEDA)
  • • Tax and accounting obligations
  • • Export/import documentation

Analytics & Improvement

  • • Usage pattern analysis
  • • Platform optimization
  • • Feature development
  • • Performance monitoring

Communications

  • • Service announcements
  • • Product updates
  • • Marketing (with consent)
  • • Partnership opportunities

6. Data Sharing & Third-Party Processors

GDPR Article 28 & CCPA Compliance

All third-party processors listed below have executed Data Processing Agreements (DPAs) with Dhuni Worldwide and are contractually obligated to protect your data in accordance with applicable privacy laws.

6.1 Infrastructure & Cloud Services

Amazon Web Services (AWS)

Purpose: Cloud hosting, database (RDS), object storage (S3), serverless computing (Lambda), CDN (CloudFront)

Data Location: ap-south-1 (Mumbai, India)

Compliance: ISO 27001, SOC 2, GDPR-compliant

DPA: AWS Customer Agreement includes Standard Contractual Clauses

Google Cloud Platform (Firebase)

Purpose: Authentication, real-time database (Firestore), file storage, push notifications, hosting

Data Location: asia-south1 (Mumbai)

Compliance: ISO 27001, SOC 2/3, GDPR-compliant

DPA: Google Cloud Data Processing Amendment

Microsoft Azure

Purpose: AI/ML services, hybrid cloud workloads, enterprise integrations

Data Location: Central India (Pune)

Compliance: ISO 27001, SOC 1/2, GDPR-compliant

6.2 Analytics & Monitoring

Google Analytics 4

Purpose: Website traffic analysis, user behavior tracking, conversion metrics

Data Collected: IP address (anonymized), device info, pages viewed, session duration

Retention: 14 months (configurable)

Opt-out: Google Analytics Opt-out Browser Add-on

Mixpanel

Purpose: Product analytics, funnel analysis, cohort tracking

Data Location: EU data residency option enabled

Sentry

Purpose: Error tracking, performance monitoring, crash reporting

Data Scrubbing: PII automatically redacted

6.3 Communication & CRM

Zoho Corporation

Purpose: CRM, email campaigns, customer support, workflow automation

Data Location: India data center

Compliance: ISO 27001, GDPR-compliant, Indian company

SendGrid (Twilio)

Purpose: Transactional emails, email delivery infrastructure

Retention: Email logs retained for 30 days

6.4 Payment Processing

Razorpay

Purpose: Payment gateway, subscription management, invoicing

Data Collected: Payment card details (tokenized), billing address, transaction history

Compliance: PCI DSS Level 1, RBI regulated

Note: We never store raw credit card numbers

Stripe

Purpose: International payments, multi-currency support

Compliance: PCI DSS Level 1, GDPR-compliant

6.5 Business Partners & Ecosystem

We may share information with:

  • Farmers & Producers: For supply chain coordination and traceability
  • Logistics Partners: For order fulfillment and delivery
  • Certification Bodies: For quality verification (FSSAI, APEDA, organic certifiers)
  • Financial Institutions: For payment processing and compliance
  • Government Authorities: When legally required or for export documentation

6.6 Public Disclosure (SITE Ecosystem)

Transparency by Design

Product journey data published through our SITE (Sustainable Integrated Traceability Ecosystem) is publicly accessible by default. This includes product origin, processing details, quality certifications, and supply chain information.

Do not include: Personal identifiers, financial data, or confidential business information in published traceability records.

6.7 What We Never Do

Prohibited Data Practices:

  • ✗ We do NOT sell, rent, or trade your personal data to third parties for their marketing purposes
  • ✗ We do NOT share data with advertisers without explicit consent
  • ✗ We do NOT use your data for purposes unrelated to our services
  • ✗ We do NOT transfer data to countries without adequate protection (unless SCCs in place)
  • ✗ We do NOT process special category data (Article 9 GDPR) without explicit consent

7. International Data Transfers

Your personal data may be transferred to, stored, and processed in locations outside your country of residence, including India, European Economic Area (EEA), and United States.

Transfer Safeguards (GDPR Chapter V):

  • Standard Contractual Clauses (SCCs): We use EU Commission-approved SCCs for transfers to third countries
  • Adequacy Decisions: We prioritize transfers to countries with adequacy decisions from EU Commission
  • Binding Corporate Rules: Our service providers with BCRs approved by EU data protection authorities
  • Data Localization: Where possible, we store EU citizen data within EEA

For California residents: Your data may be transferred outside California. We ensure equivalent protections as required by CCPA.

14. Contact Information

dpo@dhuniworldwide.com

Data Protection Officer

privacy@dhuniworldwide.com

Privacy Inquiries

DHUNI WORLDWIDE FOODS AND BEVERAGES PVT. LTD.

WeWork NESCO IT Park, 10th Floor

Goregaon (East), Mumbai – 400063, India

CIN: U28259MH2024PTC420662

EU Representative: (To be appointed upon EU operations)

Supervisory Authority (India): Ministry of Electronics and Information Technology (MeitY)

Stay Connected

Subscribe to our newsletter for the latest on our mission, new products, and stories of impact.

Dhuni Pictogram

Built on Truth. Made for Humanity.

InitiativesBlogGovernanceJoin Our MissionPrivacy PolicyTerms of Service

Registered Office: WeWork NESCO IT Park, 10th Floor, Goregaon (East), Mumbai - 400063, India (भारत)

Corporate Identification Number (CIN): U28259MH2024PTC420662

© Dhuni Worldwide. All rights reserved.