SBR Facilities ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and share your personal information when you use our Platform at sbrfacilities.com or interact with our services. This policy is compliant with the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 of India.
By registering or using our Platform, you consent to the practices described in this Privacy Policy.
1. Information We Collect
1.1 Information You Provide Directly
| Category | Data Collected | Purpose |
|---|---|---|
| Account Registration | Full name, email address, mobile number, password (hashed) | Account creation and authentication |
| B2B Registration | Company name, GSTIN (optional), designation | GST-compliant invoicing, account verification |
| Orders | Delivery address, order details, special instructions | Order fulfilment and delivery |
| Payments | Payment method, transaction reference (we do not store full card numbers) | Payment processing and reconciliation |
| Profile | Name, contact details, preferences | Account management |
| Communications | Messages, support queries, feedback | Customer support |
1.2 Information Collected Automatically
- Log data — IP address, browser type, pages visited, time and date of access, referring URL
- Device information — device type, operating system, browser version
- Usage data — features used, order history, session duration
- Cookies and tracking technologies — see our Cookie Policy for full details
- Location data — approximate location via IP address; precise GPS location only if you grant permission (used for delivery tracking)
1.3 Information from Third Parties
We may receive information about you from referral sources (e.g. if you registered using a BNI or partner referral code), payment gateways, or logistics partners to fulfil your orders.
2. How We Use Your Information
We use your personal information for the following purposes:
- Creating and managing your account, including identity verification
- Processing, fulfilling, and tracking your orders
- Generating GST-compliant invoices and maintaining financial records
- Communicating with you about orders, deliveries, and account status via email, SMS, or WhatsApp
- Sending service updates, order confirmations, payment reminders, and delivery notifications
- Personalising your experience and recommending products relevant to your procurement history
- Detecting fraud, preventing unauthorised access, and ensuring Platform security
- Complying with legal and regulatory obligations under Indian law
- Analytics to improve Platform performance and user experience
3. Sensitive Personal Data or Information (SPDI)
Under the IT Rules 2011, the following constitute Sensitive Personal Data or Information:
- Passwords — stored using industry-standard bcrypt hashing; never stored in plain text
- Financial information — bank account/payment details are processed by PCI-DSS compliant third-party payment gateways. We do not store full card numbers on our servers.
We collect SPDI only to the extent necessary for the stated purpose and with your explicit consent.
4. Legal Basis for Processing
We process your personal information on the following grounds:
- Contract performance — to deliver the services and products you have ordered
- Legal obligation — to comply with GST, tax laws, and other applicable regulations
- Legitimate interests — to improve our services, prevent fraud, and manage our business
- Consent — for marketing communications (where you have opted in)
5. Data Sharing & Disclosure
We do not sell your personal data. We may share it only in the following circumstances:
5.1 Service Providers
We work with trusted third parties who process data on our behalf, including:
- Payment processors — to securely handle transactions
- Logistics / courier partners — to deliver your orders
- WhatsApp/SMS gateway providers — to send transactional notifications
- Cloud hosting providers — to operate the Platform infrastructure
- Analytics providers — to analyse Platform usage
All service providers are bound by confidentiality obligations and may only process your data as instructed by us.
5.2 Legal Requirements
We may disclose your information if required to do so by law, court order, or government authority, or to protect the rights, property, or safety of SBR Facilities, our users, or the public.
5.3 Business Transfer
In the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity, subject to the same privacy protections.
6. Data Retention
We retain your personal data for as long as necessary to fulfil the purposes described in this policy, subject to:
- Active accounts — retained for the duration of your account and as needed for ongoing business
- Invoices and financial records — retained for a minimum of 8 years as required under Indian tax and accounting laws
- Order history — retained for 5 years from the date of the last order
- Inactive accounts — we may delete or anonymise accounts inactive for more than 3 years, after providing notice
- Legal hold — data relevant to ongoing disputes may be retained until the matter is resolved
7. Data Security
We implement appropriate technical and organisational measures to protect your information, including:
- HTTPS encryption for all data transmission (TLS 1.2/1.3)
- Passwords hashed using bcrypt — never stored in plain text
- Role-based access control — employees access only the data necessary for their role
- Two-factor authentication (TOTP) mandatory for administrative accounts
- Regular security audits and vulnerability assessments
- Session security with HTTPS-only, SameSite cookies
No method of transmission or storage is 100% secure. While we take all reasonable precautions, we cannot guarantee absolute security. In the event of a data breach affecting your rights, we will notify you as required by applicable law.
8. Your Rights
Subject to applicable law, you have the following rights regarding your personal data:
- Access — request a copy of the personal data we hold about you
- Correction — request correction of inaccurate or incomplete data
- Deletion — request deletion of your data (subject to legal retention requirements)
- Withdrawal of consent — withdraw consent for marketing communications at any time
- Portability — request your data in a structured, commonly used format
- Grievance redressal — lodge a complaint with our Grievance Officer (see below)
To exercise any of these rights, email us at info@sbrfacilities.com. We will respond within 30 days.
9. Grievance Officer
As required under Rule 5(9) of the IT Rules 2011, we have designated a Grievance Officer:
| Name | Jyoti Singh |
|---|---|
| Designation | Proprietor & Grievance Officer |
| info@sbrfacilities.com | |
| Phone | +91 77019 35024 |
| Address | 311/1 Lajpat Nagar, New Railway Road, Gurugram, Haryana – 122001 |
Grievances will be addressed within 30 days of receipt.
10. Children's Privacy
The Platform is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from minors. If we become aware that we have collected data from a minor without parental consent, we will delete it promptly.
11. Links to Third-Party Websites
The Platform may contain links to third-party websites. We are not responsible for the privacy practices of those sites. We encourage you to review the privacy policies of any third-party sites you visit.
12. Changes to This Policy
We may update this Privacy Policy from time to time. Changes will be posted on this page with the revised "Last Updated" date. Continued use of the Platform after such changes constitutes your acceptance of the updated policy.
13. Governing Law
This Privacy Policy is governed by the laws of India. Disputes shall be subject to the jurisdiction of courts in Gurugram, Haryana.