Privacy Policy

1. Introduction and Scope

Globalmart.ai ("we," "us," or "our") operates an AI-powered global vendor directory platform accessible at globalmart.ai (the "Platform"). This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you access or use our Platform.

This Policy applies to all individuals who interact with our Platform, including vendors, buyers, and visitors, regardless of their geographic location. We are committed to protecting your personal data in compliance with applicable data protection laws worldwide, including but not limited to:

• The General Data Protection Regulation (GDPR) — European Union and United Kingdom
• The California Consumer Privacy Act and California Privacy Rights Act (CCPA/CPRA) — United States
• The Digital Personal Data Protection Act, 2023 (DPDPA) — India
• The Lei Geral de Proteção de Dados (LGPD) — Brazil
• The Personal Information Protection and Electronic Documents Act (PIPEDA) — Canada
• The Protection of Personal Information Act (POPIA) — South Africa
• The Privacy Act 1988 — Australia

By accessing or using our Platform, you acknowledge that you have read and understood this Privacy Policy. Where consent is the legal basis for processing, we will obtain your explicit consent before collecting your personal data.

2. Data Controller Information

Globalmart.ai is operated from India. For the purposes of applicable data protection laws, we are the data controller (or equivalent) responsible for your personal data.

• Entity: Globalmart.ai
• Registered Address: India
• Privacy Contact: privacy@globalmart.ai
• General Contact: hello@globalmart.ai

If you are located in the European Union or the United Kingdom and have questions about how your data is processed, you may contact us at privacy@globalmart.ai.

3. Personal Data We Collect

3.1 Data You Provide Directly

When you register for early access or interact with our Platform, we may collect the following information that you voluntarily provide:

• Full name — to identify you and personalise your experience
• Email address — to communicate with you about your registration and Platform updates
• Phone number — to contact you regarding your registration or provide support

3.2 Data Collected Automatically

When you access our Platform, we automatically collect certain technical information:

• IP address — for security, fraud prevention, and approximate geographic identification
• Browser user agent string — to optimise the Platform for your device and browser
• Timestamps — the date and time of your interactions with the Platform
• Form source identifier — which page or form you used to register

3.3 Data from Third Parties

We do not currently collect personal data about you from third-party sources. If this changes in the future, we will update this Privacy Policy accordingly and, where required, obtain your consent.

4. Purpose and Legal Basis for Processing

We process your personal data for the following purposes, with the corresponding legal basis under applicable regulations:

4.1 Registration and Account Management

• Purpose: Processing your early access registration and managing your vendor profile
• Legal Basis (GDPR): Performance of a contract / Consent
• Legal Basis (DPDPA): Consent of the Data Principal

4.2 Communication

• Purpose: Sending you launch notifications, service updates, and responding to your inquiries
• Legal Basis (GDPR): Consent / Legitimate interest
• Legal Basis (DPDPA): Consent of the Data Principal

4.3 Security and Fraud Prevention

• Purpose: Protecting the Platform from abuse, detecting fraudulent activity, and ensuring system integrity
• Legal Basis (GDPR): Legitimate interest
• Legal Basis (DPDPA): Legitimate uses as defined under the Act

4.4 Analytics and Platform Improvement

• Purpose: Understanding how users interact with the Platform to improve functionality and user experience
• Legal Basis (GDPR): Legitimate interest
• Legal Basis (CCPA): Business purpose

5. Cookies and Tracking Technologies

Our Platform uses cookies and similar technologies to ensure proper functionality and enhance your experience.

5.1 Essential Cookies

These cookies are necessary for the Platform to function correctly and cannot be switched off. They include:

• CSRF Token: A security cookie that protects against cross-site request forgery attacks when you submit forms
• Session Cookie: Maintains your session state as you navigate the Platform

5.2 Analytics Cookies

We may use analytics tools to understand how visitors interact with our Platform. These cookies collect information in an aggregated form to help us improve the Platform. Where required by law, we will obtain your consent before placing analytics cookies.

5.3 Managing Cookie Preferences

You can control and manage cookies through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling essential cookies may affect the functionality of the Platform. For more information on managing cookies, consult your browser's help documentation.

6. Data Sharing and Disclosure

We may share your personal data with the following categories of recipients, solely to the extent necessary for the purposes described in this Policy:

• Hosting and Infrastructure Providers: Cloud services that store and process data on our behalf, bound by data processing agreements
• Email Service Providers: To send you communications about your registration and Platform updates
• Analytics Providers: To help us understand Platform usage patterns (data is aggregated where possible)

We may also disclose your personal data in the following circumstances:

• Legal Obligations: When required by law, regulation, court order, or governmental request
• Protection of Rights: To protect the rights, property, or safety of Globalmart.ai, our users, or the public
• Business Transfers: In connection with a merger, acquisition, reorganisation, or sale of assets, in which case your data may be transferred to the successor entity

7. International Data Transfers

Globalmart.ai is operated from India, and your personal data is primarily stored and processed in India. If you access the Platform from outside India, your data will be transferred to India for processing.

7.1 For Users in the European Union and United Kingdom

Where we transfer personal data outside the European Economic Area (EEA) or the United Kingdom, we ensure that appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions by the European Commission or UK authorities, where applicable
• Your explicit consent, where other safeguards are not available

7.2 For Users in Other Jurisdictions

By using the Platform, you acknowledge and consent to the transfer of your personal data to India, where data protection laws may differ from those in your jurisdiction. We take reasonable measures to ensure your data is treated securely and in accordance with this Privacy Policy.

7.3 India (DPDPA)

Under the Digital Personal Data Protection Act, 2023, personal data may be transferred to jurisdictions that are not restricted by the Central Government of India. We comply with all applicable requirements for cross-border data transfers under Indian law.

8. Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law.

• Early access registration data (name, email, phone): Retained until your account is created on the Platform, or until you request deletion, whichever occurs first
• Automatically collected data (IP address, user agent): Retained for up to 12 months for security and analytical purposes, then deleted or anonymised
• Communication records: Retained for as long as necessary to resolve inquiries and for our legitimate business purposes

When your data is no longer needed, we will securely delete or anonymise it so that it can no longer be associated with you.

9. Your Rights

Depending on your location, you may have the following rights regarding your personal data. To exercise any of these rights, please contact us at privacy@globalmart.ai.

9.1 Rights Under GDPR (EU and UK Users)

• Right of Access (Article 15) — Request a copy of the personal data we hold about you
• Right to Rectification (Article 16) — Request correction of inaccurate or incomplete data
• Right to Erasure (Article 17) — Request deletion of your personal data ("right to be forgotten")
• Right to Restrict Processing (Article 18) — Request that we limit how we use your data
• Right to Data Portability (Article 20) — Receive your data in a structured, machine-readable format
• Right to Object (Article 21) — Object to processing based on legitimate interests
• Right to Withdraw Consent (Article 7) — Withdraw consent at any time, without affecting the lawfulness of prior processing
• Right to Lodge a Complaint — File a complaint with your local data protection supervisory authority

9.2 Rights Under CCPA/CPRA (California Residents)

• Right to Know — Request disclosure of what personal information we collect, use, and share
• Right to Delete — Request deletion of your personal information
• Right to Correct — Request correction of inaccurate personal information
• Right to Opt-Out of Sale — We do not sell personal information; however, you may exercise this right at any time
• Right to Limit Use of Sensitive Information — Request that we limit the use and disclosure of your sensitive personal information
• Right to Non-Discrimination — We will not discriminate against you for exercising any of your privacy rights

9.3 Rights Under DPDPA (Indian Users)

• Right to Access — Obtain information about the personal data being processed and the processing activities
• Right to Correction and Erasure — Request correction of inaccurate data or erasure of data no longer necessary
• Right to Grievance Redressal — Lodge a complaint with our Grievance Officer or the Data Protection Board of India
• Right to Nominate — Nominate another individual to exercise your rights in case of death or incapacity

As a Data Principal under the DPDPA, you also have a duty to provide accurate information and not to file frivolous complaints.

9.4 Rights Under LGPD (Brazilian Users)

• Confirmation of the existence of processing and access to your data
• Correction of incomplete, inaccurate, or outdated data
• Anonymisation, blocking, or deletion of unnecessary or excessive data
• Portability of data to another service provider
• Information about entities with whom your data has been shared
• Revocation of consent

9.5 Rights Under Other Jurisdictions

• Canada (PIPEDA): Right to access your personal information and challenge its accuracy
• South Africa (POPIA): Right to access, correct, and delete your personal information; right to object to processing
• Australia (Privacy Act): Right to access and correct your personal information; right to lodge a complaint with the Office of the Australian Information Commissioner (OAIC)

If your jurisdiction provides additional rights not listed above, we will honour those rights to the extent required by applicable law. Please contact us at privacy@globalmart.ai with your request.

9.6 How to Exercise Your Rights

To exercise any of the above rights, please email us at privacy@globalmart.ai with the subject line "Privacy Rights Request." We will respond to your request within 30 days, or within the timeframe required by applicable law. We may need to verify your identity before processing your request.

10. Children's Privacy

Our Platform is designed for businesses and professionals and is not directed at individuals under the age of 18 (or the applicable age of majority in your jurisdiction). We do not knowingly collect personal data from children.

Under the DPDPA, processing personal data of children (below 18 years) requires verifiable consent from a parent or legal guardian. If we become aware that we have collected personal data from a child without appropriate consent, we will take steps to delete that data promptly.

If you believe that a child has provided us with personal data, please contact us at privacy@globalmart.ai so we can take appropriate action.

11. Security Measures

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

• Encryption in Transit: All data transmitted between your browser and our servers is encrypted using HTTPS/TLS protocols
• CSRF Protection: All forms on the Platform are protected against cross-site request forgery attacks
• Rate Limiting: Form submissions are rate-limited to prevent automated abuse
• Access Controls: Administrative access to stored data is restricted to authorised personnel only and protected by authentication
• Regular Reviews: We regularly review and update our security practices to address emerging threats

While we strive to protect your personal data, no method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, but we are committed to maintaining industry-standard protections.

12. Do Not Track Signals

Some web browsers transmit "Do Not Track" (DNT) signals to websites. There is currently no universally accepted standard for how websites should respond to DNT signals. At present, our Platform does not respond differently based on DNT signals. We will update this section if a standard for DNT response is established.

13. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, applicable laws, or regulatory requirements. When we make changes:

• The "Last Updated" date at the top of this page will be revised
• For material changes, we will provide prominent notice on the Platform or notify you via email
• Where required by law, we will obtain your consent before applying material changes to the processing of your data

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your data.

14. Contact Information and Grievance Officer

If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact us:

• General Inquiries: hello@globalmart.ai
• Privacy Inquiries: privacy@globalmart.ai

Grievance Officer (India)

In compliance with the Information Technology Act, 2000, the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and the Digital Personal Data Protection Act, 2023, we have appointed a Grievance Officer:

• Name: Grievance Officer, Globalmart.ai
• Email: grievance@globalmart.ai
• Response Time: We will acknowledge your grievance within 24 hours and resolve it within 30 days of receipt

If you are not satisfied with our response, you may lodge a complaint with the Data Protection Board of India or the relevant supervisory authority in your jurisdiction.

For EU/UK Users

You have the right to lodge a complaint with your local data protection supervisory authority. A list of EU supervisory authorities can be found on the European Data Protection Board website.

For California Residents

To submit a CCPA request, please email privacy@globalmart.ai with the subject line "CCPA Request." We will verify your identity and respond within 45 days as required by law.