Privacy Policy for Vendors

Privacy Policy for Vendors

This Privacy Policy (“Policy”) is issued in accordance with the Digital Personal Data Protection Act, 2023 (“DPDP Act”) and other applicable laws of India.

This Policy governs the processing of Personal Data of restaurants, cloud kitchens, food vendors, and their authorized representatives (collectively referred to as “Vendors”) by Highway Delivery (hereinafter referred to as the “Company” or “Data Fiduciary”).

1. Definitions

1.1 Personal Data

“Personal Data” shall have the meaning assigned under the DPDP Act and includes any data about an identifiable individual, including owners, partners, directors, or authorized signatories of the Vendor.

1.2 Data Fiduciary

“Data Fiduciary” means Highway Delivery, which determines the purpose and means of processing Personal Data.

1.3 Data Principal

“Data Principal” means the individual to whom the Personal Data relates, including Vendor owners or authorized persons.

1.4 Processing

“Processing” includes collection, storage, use, disclosure, sharing, or deletion of Personal Data.

2. Collection of Personal Data

The Company may collect and process the following categories of Personal Data:

• Name, contact details, and identification details of owners or authorized signatories
• Business registration documents (FSSAI, GST, PAN, trade licenses)
• Bank account and settlement details
• Business address and operational details
• Menu information, pricing, images, and descriptions
• Order history, transaction records, ratings, and reviews
• Communications between the Vendor and the Company

3. Lawful Purpose and Consent

3.1

Personal Data shall be processed only for lawful purposes connected with providing platform services.

3.2

Processing is based on:

• Consent provided by the Vendor or Data Principal; and/or
• Legitimate use as permitted under the DPDP Act, including contractual necessity and legal compliance

3.3

Consent may be withdrawn at any time; however, withdrawal may impact the Vendor’s ability to use the Platform.

4. Purposes of Processing

Personal Data shall be processed for the following purposes:

• Vendor onboarding, verification, and compliance
• Listing, marketing, and sale of food products on the Platform
• Order processing, delivery coordination, and payment settlement
• Customer support, refunds, complaints, and dispute resolution
• Compliance with legal and regulatory obligations
• Fraud prevention, security, and platform integrity

5. Sharing and Disclosure of Personal Data

5.1

The Company shall not sell or commercially exploit Personal Data.

5.2

Personal Data may be shared with:

• Customers (limited to business-related information)
• Delivery partners for order fulfillment
• Payment gateways, banks, and financial institutions
• Technology service providers acting as Data Processors
• Government authorities where required by law

All Data Processors shall be bound by contractual confidentiality and security obligations.

6. Data Security Safeguards

6.1

The Company shall implement reasonable security safeguards as required under Section 8 of the DPDP Act to prevent Personal Data breaches.

6.2

In the event of a Personal Data breach, the Company shall take necessary remedial actions and notify authorities where legally required.

7. Data Retention and Erasure

7.1

Personal Data shall be retained only for as long as necessary to fulfill the stated purposes or to comply with Applicable Law.

7.2

Upon termination of the Vendor relationship, Personal Data shall be erased unless retention is required for legal, regulatory, or dispute-resolution purposes.

8. Rights of Data Principals

In accordance with the DPDP Act, Data Principals have the right to:

• Obtain information about the processing of their Personal Data
• Request correction or updating of inaccurate Personal Data
• Request erasure of Personal Data, subject to legal obligations
• Withdraw consent at any time
• Nominate another person to exercise rights in case of incapacity or death

Requests may be made as per the grievance mechanism provided below.

9. Obligations of Vendors

Vendors agree to:

• Ensure accuracy of Personal Data provided
• Obtain necessary consents from individuals whose data is shared
• Comply with applicable data protection laws
• Protect access credentials and prevent unauthorized access

10. Grievance Redressal

In compliance with the DPDP Act, the Company appoints a Grievance Officer.

Grievance Officer – Highway Delivery
Email: highwaydelivery24@gmail.com
Plot Number 24, Venkateshwara Colony, Amangal, Rangareddy, Telangana.

Grievances shall be addressed within the timelines prescribed under Applicable Law.

11. Amendments

The Company reserves the right to modify this Policy to ensure compliance with changes in law or business practices. Continued use of the Platform shall constitute acceptance of the updated Policy.

12. Governing Law and Jurisdiction

This Policy shall be governed by and construed in accordance with the laws of India. Courts having jurisdiction over the registered office of Highway Delivery shall have exclusive jurisdiction.

13. Acceptance

By registering on or using the Highway Delivery Platform, the Vendor confirms that it has read, understood, and agreed to this Privacy Policy and the processing of Personal Data as described herein.