Privacy Policy
Effective Date: 10th August 2025
Entity Responsible (Controller): GreenJams BuildTech Pvt. Ltd. (“GreenJams”, “we”, “us”, “our”)
Registered Address: 401, 10-5-14/c, Mantis, Facor Layout, Ramnagar, Visakhapatnam - 530002
Email: hello@greenjams.org
Grievance Officer (India): Tarun Jami, Founder & CEO, tarun@greenjams.org, +919727139348
This Privacy Policy describes how we collect, use, disclose, and protect Personal Data when you visit greenjams websites, microsites, and online stores (the “Site”), contact us, or purchase product samples (collectively, the “Services”). By using the Services, you acknowledge this Policy.
If any local law requires stricter protection than this Policy, we comply with the stricter requirement for individuals in that jurisdiction.
1) Scope & Definitions
Personal Data means any information that identifies or can reasonably identify an individual (e.g., name, email, phone, shipping address, IP address, device identifiers, payment instrument tokens).
Processing means any operation on Personal Data (collection, storage, use, sharing, deletion).
Controller / Business refers to GreenJams when we determine purposes and means of processing.
Processor / Service Provider refers to third parties that process data on our behalf (e.g., payment gateways, cloud hosts).
2) What We Collect
We collect the following categories of data, depending on your interaction:
A. You provide directly
Identification & contact: name, organization, role, email, phone, billing/shipping address.
Account data (if you create an account): username, hashed password, preferences.
Order & transactional: items ordered (e.g., samples), order IDs, delivery instructions, support requests.
Communications: emails, forms, chat transcripts, event registrations, survey responses.
Marketing preferences & consent signals.
B. Collected automatically
Device & usage: IP address, cookie IDs, pages viewed, links clicked, time stamps, referrers, approximate location (city/region), browser and OS.
Cookies/SDKs: strictly necessary, analytics (e.g., traffic metrics), functional, and advertising/retargeting cookies (if used).
Fraud prevention signals (e.g., velocity checks, risk scores from payment/fraud tools).
C. From third parties
Payment processors (e.g., transaction confirmations, masked card details/token, success/failure status).
Logistics partners (delivery updates).
Marketing/analytics platforms (aggregated campaign performance).
Public or professional sources (trade directories, conference attendee lists) where permitted.
We do not intentionally collect sensitive Personal Data via the Site and we do not sell Personal Data as “sale” is defined under certain laws. Where “sharing” for cross-context behavioural advertising may apply, see Section 10.
3) Purposes & Legal Bases
We process Personal Data for:
Operating the Site & Services (provide pages, shopping cart, checkout, accounts)
Legal bases: contract performance; legitimate interests; consent (cookies where required).
Order fulfilment (process sample orders, take payments, deliver products, provide updates)
Legal bases: contract performance; legal obligations (tax, accounting).
Customer support & communications (respond to queries, demo requests)
Legal bases: contract performance; legitimate interests.
Security & fraud prevention (detect abuse, secure payments, protect accounts)
Legal bases: legitimate interests; legal obligations.
Analytics & improvement (measure usage, improve UX, debug, research)
Legal bases: legitimate interests; consent where cookie laws require it.
Marketing (newsletters, product updates, event invites, retargeting where used)
Legal bases: consent where required; legitimate interests with opt-out.
Compliance (recordkeeping, responding to lawful requests, enforcing terms)
Legal bases: legal obligations; legitimate interests.
You may withdraw consent at any time (see Your Rights).
4) Cookies & Similar Technologies
We use first-party and third-party cookies and tags. Categories:
Strictly Necessary: site functionality, checkout, consent management.
Functional: remember preferences.
Analytics: usage metrics (e.g., [Google Analytics/Matomo]).
Advertising/Retargeting (if enabled): convert measurement, retargeting.
Where required, we present a Cookie Banner and Preference Center to manage consent by category. See our Cookie Notice for details and lifetimes. You can also adjust your browser settings (blocking may impact Site functionality).
5) Payment Processing
Payments for sample orders are processed by PCI-DSS–compliant providers (e.g., Razorpay/Stripe/PayPal). We do notstore full payment card numbers. Processors may collect payment instrument data directly from you and share with us only tokens and transaction metadata necessary to complete your order and prevent fraud.
6) Disclosures & International Transfers
We share Personal Data only as needed and with safeguards:
Service Providers/Processors: hosting, CDNs, email/SMS platforms, analytics, payment gateways, logistics, CRM, support/chat tools, security/fraud services.
Corporate transactions: merger, acquisition, financing, or sale (with continued protection).
Legal: to comply with law or protect rights, safety, and security.
With your direction: e.g., referrals, co-marketing with consent.
Cross-border transfers. We may transfer Personal Data to countries with different data protection laws. Where required, we use appropriate safeguards such as Standard Contractual Clauses (SCCs), UK IDTA, or other recognized mechanisms, and implement technical/organizational measures.
7) Data Retention
We retain Personal Data only as long as necessary for the purposes above, including:
Orders & invoices: 7–10 years (tax/accounting).
Account data: until account deletion plus a short archival period.
Marketing: until you opt out/withdraw consent or after [X] months of inactivity.
Security logs: 12–24 months (typical).
When no longer needed, we delete or irreversibly anonymize data.
8) Security
We implement administrative, technical, and physical safeguards aligned with industry standards (e.g., access controls, encryption in transit and at rest where applicable, least-privilege, secure development practices, logging/monitoring, vendor due diligence, incident response). No system is 100% secure; please use strong, unique passwords and safeguard your account.
9) Your Rights (by Region)
Depending on your location, you may have the following rights, subject to legal limits:
EU/EEA/UK (GDPR/UK GDPR): access; rectification; erasure; restriction; portability; objection (incl. to direct marketing); withdraw consent; lodge a complaint with a supervisory authority.
India (DPDP Act, 2023): access; correction; erasure; grievance redressal; withdraw consent; nominate. Contact our Grievance Officer for redressal.
California (CCPA/CPRA): know/access specific pieces; deletion; correction; opt-out of “sale”/“sharing” for cross-context ads; limit use/disclosure of sensitive personal information (we do not intentionally process SPI via the Site). No discrimination for exercising rights.
Brazil (LGPD): confirmation; access; correction; anonymization/blocking/deletion; portability; information on sharing; withdraw consent; review of automated decisions (we do not make solely automated decisions with legal effects).
Canada (PIPEDA), Singapore (PDPA), South Africa (POPIA), Australia, etc.: rights of access, correction, withdrawal of consent, and complaint to local authorities.
How to exercise: email [privacy@greenjams.in] or use our Privacy Request Form (if provided). We will verify your request and respond within the statutory period. Authorized agent processes are supported where required.
10) Marketing, “Sale” and “Sharing”
Email/SMS: We send marketing with consent where required. You may opt out via unsubscribe links or by contacting us.
Targeted advertising: If we use ad cookies or similar tech that qualify as “sharing” under CPRA or require consent under EU ePrivacy, we will (i) request consent where applicable and (ii) offer a “Do Not Sell or Share My Personal Information” link and/or a Global Privacy Control (GPC) signal honor.
We do not knowingly “sell” Personal Data for money.
11) Children’s Privacy
The Services are not directed to children under the age applicable in their jurisdiction (e.g., under 13 in the U.S., under 18 in India without parental consent, under 16 for GDPR consent). We do not knowingly collect data from children. If you believe a child provided data, contact us for deletion.
12) User-Generated Content & Social Media
If you post content (e.g., reviews, comments) or interact with social plugins, such content may be public and processed by the relevant platforms under their policies. Please avoid sharing Personal Data in public posts.
13) Third-Party Links & Services
The Site may link to third-party websites/services. Their privacy practices are governed by their policies. Review them carefully.
14) Automated Decision-Making
We do not conduct solely automated decision-making that produces legal or similarly significant effects. If that changes, we will provide required notices and opt-out/appeal mechanisms.
15) International Representatives & Contact Points
Where required, we will appoint and publish contact details of our EU/EEA and/or UK representative(s) for data protection matters. Individuals may also contact their local data protection authority.
16) How to Contact Us
Privacy inquiries & rights requests: hello@greenjams.org
Grievance Officer (India): Tarun Jami, tarun@greenjams.org, +919727139348
17) Changes to This Policy
We may update this Policy from time to time. The “Effective Date” shows the latest version. Material changes will be highlighted on the Site and, where required, we’ll seek consent or provide additional notice.
18) Jurisdiction-Specific Addenda
To aid compliance clarity, we include jurisdiction addenda that prevail for local residents where stricter:
A) EU/EEA/UK Addendum
Controller: GreenJams BuildTech Pvt. Ltd.
Legal bases: detailed mapping available on request.
Transfers: safeguarded by SCCs/UK IDTA + supplementary measures.
Complaints: You may lodge a complaint with your local authority (e.g., CNIL, ICO).
B) India Addendum (DPDP Act & IT Rules)
Data Principal Rights: access, correction, erasure, grievance redressal, consent withdrawal, and nomination.
Consent Manager: We honour consent preferences signalled via recognised, DPB-notified consent managers (as applicable).
Grievance Redressal: We endeavour to resolve grievances within 30 days or earlier, where required.
C) California Addendum (CCPA/CPRA)
Categories collected: identifiers, commercial information, internet activity, geolocation (coarse), inferences (limited for analytics).
Sensitive Personal Information: not collected for the Site’s ordinary use.
Retention: as described in Section 7.
Your CPRA rights: see Section 9; exercise via Do Not Sell/Share link and email.
19) Data Maps & Records of Processing
We maintain internal records of processing activities, vendor due diligence, and data maps. Summaries are available upon legitimate request from regulators.
20) Contact for Security Reports & Vulnerability Disclosure
Security researchers may responsibly disclose vulnerabilities to: [security@greenjams.in]. Do not access customer data or disrupt services
Contact Us
Presence : Visakhapatnam, Bengaluru, Mysore.