Privacy Policy

This Privacy Policy outlines how GOFLAMINGO BUSINESS PRIVATE LIMITED ("Goflamingo," "we," "us") collects, uses, stores, and protects the digital personal data of individuals ("Data Principals") who use our B2B SaaS platform and associated mobile applications. This Policy is designed to comply with the Digital Personal Data Protection Act, 2023 ("DPDP Act") of India.

1. Our Role as Data Fiduciary

For the purposes of the DPDP Act, Goflamingo is the **Data Fiduciary**. We determine the purpose and means of processing personal data related to the provision of e-procurement and logistics services. This policy applies uniformly to all personal data collected.[14]

2. Personal Data Collected

We collect personal data that is necessary and appropriate for the specified purposes of the services we offer (Data Minimization Principle). Categories of data collected include:

• Identity and Contact Data: Name, professional title, email address, phone number, and physical address/location associated with the Data Principal or their employer.
• Transactional and Usage Data: Details related to Purchase Requests, Bids, Quotations, PO creation, financial settlement information, the time and date of service use, and configuration of the app.[5, 8]
• Logistics and Location Data: Real-time device location data is collected when utilizing our logistics-focused applications (e.g., GoFlamingo Logistics) to enable load booking, tracking, and operational efficiency.
• Technical Data: Log Data, including device Internet Protocol (“IP”) address, device name, operating system version, and statistics, sometimes collected through integrated third-party products like Google Analytics for Firebase and Firebase Crashlytics.

3. Purpose of Processing and Lawful Basis

We process personal data solely for the following specific, clear, and lawful purposes [20]:

1. To provide, maintain, and improve our B2B SaaS platform services, including e-sourcing, e-auctions, and supply chain management.
2. To facilitate third-party logistics (3PL) services, including booking loads and ensuring fair freight rates, which requires the use of location data.
3. To fulfill legal and contractual obligations with our clients (Legitimate Use basis).
4. To implement security safeguards and prevent fraud or misuse of the Platform.

4. Consent Requirements and Management

We process personal data primarily based on the Data Principal’s **Valid Consent**. Consent must be clear, specific, informed, and evidenced by an affirmative action by the Data Principal.

4.1 Withdrawal of Consent

The Data Principal has the right to withdraw their consent at any time by notifying the Grievance Officer. Withdrawal of consent may affect our ability to provide certain services that rely on that data, particularly location-based logistics services.

4.2 Processing Data of Children

The Platform is intended for professional B2B use. If a Data Principal is under 18 years of age (a child), Goflamingo requires verifiable consent from the parent or lawful guardian prior to processing their data.

5. Rights of the Data Principal (DPDP Act)

The DPDP Act grants specific rights to the Data Principal, which Goflamingo recognizes and upholds :

• Right to Information: The right to obtain information about the personal data being processed and the processing activities.
• Right of Access: The right to request and obtain a summary of their personal data.
• Right to Correction and Erasure: The right to demand the correction of inaccurate data or the erasure of data when it is no longer necessary for the original purpose.
• Right to Grievance Redressal: The right to present grievances concerning the exercise of these rights through the mechanism detailed below.

6. Data Security, Retention, and Transfer

6.1 Security Safeguards and Breach Notification

We implement robust technical and organizational security measures, including data encryption, access restrictions, and secure storage protocols, to protect personal data from unauthorized access, misuse, or disclosure.[4, 13] In the event of a personal data breach, Goflamingo will notify the affected Data Principal(s) and the Data Protection Board of India (DPBI) as required by law.

6.2 Data Retention

We retain personal information only for as long as necessary to fulfill the purposes described in this policy, or as required by Indian law (Storage Limitation).[4, 18]

6.3 Cross-Border Data Transfer

We utilize third-party services, including Firebase Hosting and related Google services , which may involve the transfer of data outside India. Such transfers are conducted in compliance with the DPDP Act, which permits transboundary data flows unless explicitly prohibited by the Government of India. We ensure that the receiving jurisdictions provide an equivalent standard of protection.

7. Grievance Redressal

For any privacy-related questions, concerns, or to exercise your rights as a Data Principal, please contact our designated Grievance Officer:

Grievance Officer:

Email: dileep@goflamingo.co.in

Address: GOFLAMINGO BUSINESS PRIVATE LIMITED, 4th Floor, Above Cafe Coffee Day, Sector 4, HSR Layout, Bengaluru, Karnataka 560102, India

We will respond to all reasonable requests in accordance with the DPDP Act and relevant regulations.[4]