Menu

PRIVACY POLICY

NECart (SHF Ventures Pvt. Ltd.)

Effective Date: 01.04.2026

1. INTRODUCTION

NECart, a brand operated by SHF Ventures Pvt. Ltd. (hereinafter referred to as “NECart”, “we”, “our”, or “us”), is deeply committed to protecting the privacy and confidentiality of the business and personal data entrusted to us by our users and customers (hereinafter referred to as “Data Principals”). This Privacy Policy outlines our practices concerning the collection, use, processing, storage, and disclosure of your information, affirming our dedication to transparency and adherence to the highest standards of data protection. We operate in strict compliance with the applicable laws and regulations of India, including but not limited to the Digital Personal Data Protection Act, 2023 (DPDP Act, 2023), and other relevant statutes and judicial pronouncements concerning data privacy.

2. DEFINITIONS

For the purposes of this Privacy Policy, the following terms shall have the meanings ascribed to them below, consistent with the Digital Personal Data Protection Act, 2023:

  • “Personal Data” means any data about an individual who is identifiable by or in relation to such data.
  • “Data Principal” means the individual to whom the Personal Data relates.
  • “Data Fiduciary” means any person who alone or in conjunction with other persons determines the purpose and means of processing of Personal Data. In this context, NECart is the Data Fiduciary.
  • “Processing” means a series of operations carried out on Personal Data, such as collection, storage, alteration, retrieval, use, disclosure, sharing, or erasure.
  • “Consent” means any unequivocal affirmation and clear affirmative action, signifying an agreement to the processing of their Personal Data for a specified purpose.

3. INFORMATION WE COLLECT

We collect various types of information necessary for the provision and improvement of our services. This information may include:

  • Business Identification Data: This includes the legal name of your business, Goods and Services Tax Identification Number (GSTIN), Permanent Account Number (PAN), business registration details, trade licenses, official business address, and the nature of your business operations. This data is crucial for verifying your business entity and ensuring compliance with statutory requirements.
  • Contact Data: Names and designations of authorized contact persons, business phone numbers, official email addresses, and any other communication details provided for business correspondence.
  • Financial and Transaction Data: Details pertaining to your orders, purchase history, payment methods (processed via secure third-party payment gateways, where we do not store full payment card details but may retain tokenized information), credit assessment reports, bank account details for processing refunds or payouts, and other financial transaction records.
  • Technical and Usage Data: Information automatically collected when you access or use our platform, including your Internet Protocol (IP) address, browser type and version, operating system, device identifiers, pages viewed, time spent on our platform, referral sources, and other diagnostic data. This data helps us understand user behaviour and improve platform functionality.
  • Communication Data: Records of your interactions with us, including customer support inquiries, feedback, suggestions, and any other correspondence exchanged through email, chat, or phone.

4. HOW WE COLLECT INFORMATION

We collect information through the following methods:

  • Directly from You: When you register an account, place an order, communicate with our customer support, participate in surveys, or otherwise interact with our services.
  • Automatically: Through your use of our website or mobile application, utilizing technologies such as cookies, web beacons, and similar tracking mechanisms.
  • From Third Parties: We may receive information from third-party service providers, such as credit bureaus for credit assessment, payment processors for transaction verification, or publicly available sources, where legally permissible.

5. LAWFUL BASIS FOR PROCESSING YOUR DATA

We process your Personal Data only when there is a lawful basis to do so, in accordance with the Digital Personal Data Protection Act, 2023. The lawful bases for our processing activities include:

  • Consent: Where you have provided your explicit consent for specific processing activities, such as sending marketing communications. You have the right to withdraw your consent at any time.
  • Legitimate Interests: Where processing is necessary for our legitimate interests or those of a third party, provided that such interests do not override your fundamental rights and freedoms. This includes improving our services, preventing fraud, and ensuring network and information security, Including credit risk management, fraud prevention, and protection of financial exposure.
  • Performance of a Contract: Where processing is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract, such as processing your orders and facilitating deliveries.
  • Compliance with Legal Obligations: Where processing is necessary for compliance with a legal obligation to which NECart is subject, such as tax compliance, regulatory reporting, or responding to lawful requests from public authorities.

6. HOW WE USE YOUR INFORMATION

We utilize the collected information for various purposes, ensuring that each use is aligned with the lawful bases and the principles of purpose limitation:

  • Service Provision and Fulfilment: To process and fulfil your orders, manage your account, facilitate payments, arrange for delivery of products, and provide essential services.
  • Customer Support and Communication: To respond to your inquiries, provide technical support, resolve issues, and communicate important updates regarding your account or our services.
  • Business Operations and Management: For internal record-keeping, accounting, auditing, credit assessment, debt collection, and managing our business relationships.
  • Service Improvement and Personalization: To analyse usage patterns, conduct research, develop new features, enhance the functionality and user experience of our platform, and personalize content and offers.
  • Marketing and Promotional Activities: To send you updates, newsletters, promotional offers, and information about products or services that may be of interest to you, provided you have consented to receive such communications. You may opt-out of these communications at any time.
  • Security and Fraud Prevention: To detect, prevent, and address fraudulent activities, unauthorized access, security breaches, and other illegal or harmful activities, thereby safeguarding our platform and users.
  • Legal and Regulatory Compliance: To comply with our legal and regulatory obligations, respond to lawful requests from government authorities, enforce our terms and conditions, and protect our legal rights.
  • Analytics and Research: To perform data analytics, conduct market research, and generate aggregated statistical data to understand trends and improve our business strategies.
  • We use business, financial, and transactional data (including GST and purchase history) to evaluate creditworthiness, assign credit limits, monitor payment behavior, and enforce our Credit & Collections Policy. This may include internal risk profiling and exposure control.

7. DATA SHARING AND DISCLOSURE

We affirm that we do NOT sell your Personal Data to third parties. We may share your information with trusted third parties only under specific circumstances and in accordance with this Privacy Policy and applicable laws:

  • Service Providers: We engage third-party service providers to perform functions on our behalf, such as logistics partners for delivery, payment processors for secure transactions, IT service providers for infrastructure and support, cloud hosting providers, data analytics providers, and marketing agencies. These providers are contractually obligated to protect your data and use it only for the purposes specified by us.
  • Group Companies and Affiliates: Your data may be shared with our parent company, subsidiaries, and affiliates for internal business purposes, such as consolidated reporting, customer support, and service development, ensuring consistent data protection standards across the group.
  • Regulatory and Legal Authorities: We may disclose your information if required by law, court order, or governmental regulation, or if we believe such disclosure is necessary to comply with a legal obligation, protect our rights, property, or safety, or the rights, property, or safety of others. This includes disclosures to tax authorities, law enforcement agencies, and other regulatory bodies.
  • Business Transfers: In the event of a merger, acquisition, asset sale, or other corporate restructuring, your information may be transferred to the acquiring entity or successor in interest, subject to the same privacy commitments.
  • Credit Bureaus and Financial Institutions: For the purpose of conducting credit assessments, verifying financial standing, and managing credit risks associated with your business transactions. Credit bureaus, financial institutions, or internal risk assessment systems for evaluating creditworthiness and managing credit exposure.

8. DATA SECURITY

NECart implements robust technical, administrative, and physical safeguards to protect your Personal Data from unauthorized access, disclosure, alteration, and destruction. These measures include:

  • Encryption: Use of encryption technologies for data in transit and at rest where appropriate.
  • Access Controls: Strict access controls and authentication mechanisms to limit access to Personal Data to authorized personnel only.
  • Regular Audits: Periodic security audits and vulnerability assessments to identify and mitigate potential risks.
  • Employee Training: Regular training for our employees on data protection best practices and privacy awareness.

While we strive to use commercially acceptable means to protect your Personal Data, it is important to acknowledge that no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security. We urge you to also take steps to protect your account, such as using strong, unique passwords and keeping your login credentials confidential.

9. DATA RETENTION

We retain your Personal Data for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements. The retention period is determined based on:

  • The duration of our ongoing business relationship with you.
  • The necessity to comply with legal and regulatory obligations, such as tax laws, anti-money laundering regulations, and consumer protection laws.
  • The need to resolve disputes, enforce our agreements, and protect our legitimate business interests.
  • The principles laid down under the Digital Personal Data Protection Act, 2023, which mandates that data should not be retained beyond the period necessary for the purpose for which it was processed.

Upon the expiration of the applicable retention period, your Personal Data will be securely deleted or anonymized.

10. YOUR RIGHTS AS A DATA PRINCIPAL

As a Data Principal, you are afforded certain rights under the Digital Personal Data Protection Act, 2023, which we are committed to upholding. These rights include:

  • Right to Access Information: You have the right to obtain confirmation from us as to whether your Personal Data is being processed, and if so, to access such Personal Data and other supplementary information.
  • Right to Correction and Completion: You have the right to request the correction or completion of your inaccurate or incomplete Personal Data held by us.
  • Right to Erasure (Right to be Forgotten): You have the right to request the erasure of your Personal Data under certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected or if you withdraw your consent.
  • Right to Grievance Redressal: You have the right to register a grievance with us regarding the processing of your Personal Data.
  • Right to Nominate: You have the right to nominate another individual who shall, in the event of your death or incapacity, exercise your rights under the DPDP Act, 2023.
  • Right to Withdraw Consent: Where we rely on your consent as the lawful basis for processing, you have the right to withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal.

To exercise any of these rights, please contact our Grievance Officer using the details provided in Section 15 of this Policy. We will respond to your request in accordance with applicable law.

11. COOKIES AND TRACKING TECHNOLOGIES

Our website and services use “cookies” and similar tracking technologies to enhance your user experience, analyze website usage, and for marketing purposes. Cookies are small text files placed on your device by websites that you visit.

  • Types of Cookies Used: We use essential cookies for website functionality, analytical cookies to understand how users interact with our site, functional cookies to remember your preferences, and marketing cookies to deliver relevant advertisements.
  • Managing Cookies: You have the option to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. However, this may prevent you from taking full advantage of the website.

12. THIRD-PARTY LINKS

Our platform may contain links to third-party websites or services that are not operated by us. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. We strongly advise you to review the privacy policy of every site you visit.

13. CHILDREN’S PRIVACY

Our services are not intended for individuals under the age of 18. We do not knowingly collect Personal Data from children. If we become aware that we have inadvertently collected Personal Data from a child without parental consent, we will take steps to delete that information as quickly as possible.

14. UPDATES TO THIS PRIVACY POLICY

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. Any changes will be posted on this page with an updated “Effective Date”. We encourage you to review this Privacy Policy regularly to stay informed about how we are protecting your information. Significant changes will be communicated through prominent notices on our platform or via email.

15. KYC & BUSINESS VERIFICATION (NEW SECTION)

NECart requires all customers to undergo Know Your Customer (KYC) verification prior to availing credit facilities.

  • If declared annual turnover exceeds ₹1 Crore:
    • Submission of GST Registration Certificate is mandatory
    • GST filings may be verified by NECart’s Accounts team at backend
  • NECart reserves the right to:
    • Reject onboarding
    • Withhold or revoke credit
    • Flag or suspend accounts

in case of incomplete, unverifiable, or misleading information.
Any exception to this requirement requires approval from the highest level of management.

16. GRIEVANCE REDRESSAL AND CONTACT INFORMATION

For any questions, concerns, or requests regarding this Privacy Policy or the processing of your Personal Data, you may contact our Grievance Officer:

Grievance Officer: Mr. Rituraj
Bharadwaj Email: Rituraj.bharadwaj@necart.in
Address: 19, NIPCCD Lane, Jawaharnagar, Khanapara, Guwahati, Assam. 781022
Phone: 9954010627

We are committed to addressing your grievances promptly and efficiently in accordance with the Digital Personal Data Protection Act, 2023.

Download Catalogue