+91-7078600429
Nafed Hone Page Logo
Product has been added to your cart.

PRIVACY POLICY

OBJECTIVE

  1. The National Agricultural Cooperative Marketing Federation of India Limited. (“NAFED”, “We”, “Us” “Our”) is committed to protecting the privacy, confidentiality and security of personal data processed through its mobile application NAFED – Bharat Sales App (“App”) of the users (“You”, “Your”). is a Multi-State Co-operative Society deemed to be registered under the  MSCS Act, 2002, we process personal data strictly for lawful, official, statutory and operational purposes only connected with agricultural marketing, procurement, logistics, payments and related activities.
  2. This Privacy Policy explains how personal data is collected, used, disclosed, stored, and protected when You access or use the App. We encourage You to read this Privacy Policy carefully to understand our data practices.
  3. This Privacy Policy applies only to the NAFED mobile application and must be read together with the applicable terms of use and other policies issued by NAFED from time to time.

 

SCOPE AND APPLICABILITY

  1. This Privacy policy applies to:
  • NAFED employees and officials.
  • .Salespersons appointed by NAFED’s authorised distributors and other authorised stakeholders; and
  • Any individual accessing or using the App in an official or business capacity in accordance with authorisation granted by NAFED.
  1. The App is not intended for use by minors. By using the App, You confirm that You are eighteen (18) years of age or above.
  2. The App is intended for restricted internal operational use and is not a public consumer facing application.

 

DEFINITIONS

  1. “Personal Data” / “Personal Information” means any data about an individual who is identifiable by or in relation to such data.
  2. “Non-Personal Data” means anonymised or aggregated data that does not identify an individual.
  3. “Data Principal” means the individual to whom the Personal Data relates.
  4. “Applicable Law(s)” means any and all laws, rules, regulations, ordinances, orders, directives, codes, judgments, decrees, injunctions or any interpretations, determinations, awards, permits, licenses, authorisations, directives, rulings or decisions of agreements with, or by any government authority applicable from time to time.
  5. “Data Processor” means any person who processes personal data on behalf of a Data Fiduciary.
  6. “Data Fiduciary” means any entity that determines the purpose and means of processing of Personal Data and shall for the purposes of this App means NAFED.

 

USER CONSENT

By downloading, installing, registering on or using the App, You consent to the collection, use, storage and disclosure of Your Personal Data in accordance with this Privacy Policy. Where required under Applicable Laws, including the DPDP Act, explicit consent shall be sought for specific categories of data or processing activities. You may withdraw such consent at any time, subject to legal and operational limitations.

INFORMATION WE COLLECT

The Personal Information provided by You is processed strictly for the purpose for which it is collected, in accordance with the DPDP Act and shall not be used for any unrelated purpose without your explicit consent.

Information provided by You: Depending on the nature of your role and use of the App, We may collect:

  • Name, designation and organisation name.
  • Mobile number, email address (for login, OTP verification, alerts and official communication purposes.)
  • GST number and business identifiers. (where applicable)
  • Billing, invoice, procurement or transaction related details entered by authorised users.
  • In limited cases, the App may collect the Aadhaar number of the end customer for identification purposes. Submission of Aadhaar is optional and is required only where alternative identification such as mobile number, address or photograph is not provided.

 

  1. Device permissions and technical data: The App may request the following permissions, strictly for functional and official purposes:
  • Camera: The camera permission is used only for limited functional purposes, including QR code and barcode scanning and uploading documents or images strictly required for specific modules of the App. We do not store, retain or access any camera images beyond the purpose for which such permission is expressly granted.
  • Storage: Storage access is used solely for saving invoices, reports and PDFs generated through the application, uploading documents required for official processes and enabling offline data storage with subsequent backup and synchronisation.We do not access personal files unrelated to the functioning of the App.
  • Internet and Network Access: Internet and network permissions are used strictly for syncing data with Our servers, loading product, procurement and MIS related information, enabling GST validation and online statutory reporting.
  • Bluetooth / USB: Bluetooth and USB permissions are used only for connecting with authorised POS devices, printers, barcode scanners or other approved hardware required for official operations. We do not collect, store or process any Bluetooth data.
  • Location: Location access is used only for limited and contextual purposes, such as device or POS verification and statutory or GST related invoice geo location where applicable. We do not track, monitor or store continuous or background location data.
  • Notifications: Notification permissions are used exclusively for sending operational alerts, status updates and system related communications necessary for the functioning of the App. You may manage or disable notification preferences through Your device settings at any time.
  • Phone State: Phone state access may be required by certain integrated payment SDKs solely to detect network type, enable secure transaction processing and prevent fraud.
  • Vibration: Vibration access is used only to provide haptic feedback for user interactions such as button clicks and barcode or QR code scans in order to enhance usability and user experience.
  1. Information collected automatically

We may automatically collect limited technical information, including IP address       device identifiers, cookies (where applicable through embedded web views), application usage logs and timestamps and error or security logs generated during the use of the App. Such information is collected solely for purposes of system security, audit trails, maintaining system integrity troubleshooting and improving the performance and reliability of the App and is is processed strictly for the purpose for which it is collected, in accordance with the DPDP Act and shall not be used for any unrelated purpose without your explicit consent.

 

PURPOSE AND LAWFUL BASIS OF PROCESSING

  1. We process Personal Data collected through the App strictly for lawful, official, statutory and operational purposes connected with its functions as an apex cooperative and public sector entity. The processing of such data is undertaken only on legally permissible grounds including performance of statutory duties, execution of authorised functions, compliance with applicable laws and consent where expressly required as per the DPDP Act.
  2. In particular the information collected through the App is for the following purposes:
  • Generation, creation, storage and management of invoices and related records in connection with procurement, sales, and allied activities carried out by or on behalf of Us;
  • Calculation, validation, reconciliation and reporting of GST, taxes, levies, totals and other statutory or regulatory requirements;
  • Synchronisation of sales, purchase, inventory and transaction data between authorised devices and NAFED’s servers including deferred synchronisation in cases of offline usage;
  • Enabling offline billing and subsequent secure data upload once network connectivity is restored;
  • Facilitating device level communication with authorised accessories such as POS machines, printers, scanners and other approved hardware through Bluetooth or USB connections; and
  • Monitoring, maintaining and improving the performance, security, reliability, and integrity of the App and associated systems.
  1. We do not sell, rent, license or otherwise commercially exploit any Personal Data collected through the App. All processing is limited to the purposes stated above or such other purposes as may be required under Applicable Laws.

 

DISCLOSURE OF INFORMATION

  1. The App does not process, route or facilitate any payment transactions. Any payments, if applicable, are handled outside the App through independent mechanisms.
  2. Personal Data may be disclosed only to the following entities and any such disclosure shall be strictly limited to the minimum data necessary for the specific Applicable Laws or authorised purpose:
  • Government departments, regulators, auditors, vigilance authorities or law enforcement agencies, as required by Applicable Laws.
  • Banks, payment gateways, or financial institutions for processing authorised transactions.
  • Technology vendors, cloud service providers, and IT partners acting as Data Processors, under binding confidentiality and data protection obligations as per Applicable Laws.
  • Courts, tribunals, or statutory authorities pursuant to legal process.
  1. Cyber threat: To monitor the performance and proper functioning of the App, prevent misuse, detect and respond to security incidents, cyber threats, fraud or unauthorised access and to maintain the security and integrity of the App and its systems.
  2. Cross border data transfer: If any processing involves transfer of Personal Data outside India, such transfer shall be undertaken only as permitted under the DPDP Act and Applicable Laws, with adequate security safeguards in place and with appropriate disclosure to the User. Such jurisdictions may have different data protection laws and Personal Data may be subject to access or disclosure by governmental, regulatory or other authorities in accordance with local laws or official processes.

 

LOG FILES

Likemost mobile applications and application servers, the App generates and maintains log files. These may include IP address, device and application identifiers, date and time stamps, and system activity logs. Such information is collected and used in an aggregated and non-identifiable manner solely for monitoring App performance, administering the App, ensuring system security, detecting misuse and maintaining the integrity and reliability of the App.

 

DATA STORAGE AND SECURITY

We use industry standard security practices to protect data processed through the App. All data transmissions are secured using encrypted communication protocols (HTTPS/SSL). Data is stored using secure storage mechanisms with restricted access, and no unnecessary data logging is undertaken. Access to server side data is limited strictly to authorised personnel on a need to know basis. Further, We ensure that all data remains confidential and secure in accordance with Applicable Laws.

 

DATA RETENTION

Personal Data is retained only for such a period as is necessary to fulfil the purpose for which it was collected, to comply with applicable statutory record keeping, audit, taxation or vigilance requirements and to resolve disputes or enforce legal rights. If You uninstall the App, any data stored locally on your device is deleted. Data stored on Our servers may be removed upon a request, unless continued retention is required under Applicable Laws. Where Personal Data is to be erased, We shall give prior notice of at least forty eight (48) hours to You through in App notification email or other effective means.

 

THIRD PARTY SERVICES

  1. We may use third party SDKs strictly for App functionality, including:
  • ZXing Scanner: for barcode and QR code scanning.
  • Ezetap File Provider: for secure file sharing related to billing.
  • Newland / UART: for POS hardware integration.
  • PayU / Payment Gateway: for secure payment processing; and
  • Cloud / Server APIs : for data syncing and system operations
  1. We are not responsible for the privacy practices of such third parties. Use of such services is governed by their respective privacy policies.

 

RIGHTS OF DATA PRINCIPALS

  1. To the extent mandated by Applicable Laws, You may exercise the following rights:
  • Access and correction of Personal Data.
  • Withdrawal of consent (where processing is consent based)
  • Right to nominate another individual to exercise rights on your behalf in the event of death or incapacity.
  • Right to be informed of a personal data breach, as may be required under Applicable Laws.
  • Grievance redressal under the DPDP Act.
  1. Requests may be made as per the procedure notified by Us. Exercise of these rights shall be subject to the procedure and limitations prescribed under Applicable Laws and as notified by Us from time to time.

 

CHILDREN PRIVACY

The App is not intended for individuals below eighteen (18) years of age. We do not knowingly collect Personal Data of minors. If such data is inadvertently collected, it will be deleted in accordance with Applicable Laws. Age declaration and verification mechanisms including self-declaration and technical controls shall be implemented to prevent access by minors.

 

DATA BREACH NOTIFICATION

If We learn of a Personal Data breach, we shall be subject to Applicable Laws and instructions from any agency or authority, promptly notify affected Users and the relevant regulatory or statutory authorities and take appropriate remedial measures.

 

GOVERNING LAW AND DISPUTE RESOLUTION

  1. This Privacy Policy shall be governed by, construed, and enforced in accordance with the laws of India.
  2. In case of any dispute or difference either in interpretation or otherwise, of any terms of these Terms between the parties hereto, the parties shall attempt to resolve the same through discussion. In case the parties fail to arrive at an amiable solution through discussion, the same shall be referred to Arbitration at the request of either Party in writing, in accordance with the provisions of Arbitration and Conciliation Act, 1996, as amended from time to time. The arbitration shall be conducted by a sole Arbitrator to be mutually appointed between the Parties and decision of the arbitrator shall be final and binding on the parties hereto. The seat and venue of arbitration shall be New Delhi, India. The rights and remedies provided in these Terms are cumulative and are in addition to and not in substitution for any other rights and remedies available at law or in equity.

 

CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time to reflect changes in Applicable Laws, technology or operational requirements. Updated versions will be made available through the App. Continued use of the App constitutes acceptance of the updated policy.

 

NOTICE

Upon registration and use of the App, We shall provide You with a clear and accessible notice setting out the details of the data collected, its use and along with a dedicated communication link for accessing such notice withdrawing consent and submitting requests or complaints.

 

CONTACT AND GREIVANCE REDRESSAL

For any queries, concerns, or requests relating to this Privacy Policy, please contact Our Data Protection Officer at retailbusinessdivision@nafed-india.com.