Purpose of the Privacy Policy

This Privacy Policy ("Policy") explains how Wizcart Inc. and its affiliated entities (collectively, "Wizcart," "we," "us," or "our") collect, use, disclose, and protect the personal information of individuals who use our e-commerce service marketplace (the "Platform") and related services (collectively, the "Services"). Wizcart is committed to transparency and to safeguarding the privacy of our users in compliance with applicable data protection laws in the United States of America (USA), Canada, and India. Data privacy is a cornerstone of customer trust and business success, and this Policy outlines our practices to uphold that commitment. We aim to provide clear and understandable information about how your personal data is handled.  

Scope (Who This Policy Applies To)

This Policy applies to all individuals who access or use the Wizcart Platform and Services, including:

• Customers: Individuals or entities seeking or booking services through the Platform.

• Service Providers: Individuals or businesses offering their services through the Platform. This includes their employees or authorized representatives whose information might be processed in connection with the Services.

• Website/Platform Users: Any individual browsing or interacting with the Wizcart website or mobile applications, even if not registered as a Customer or Service Provider.

Acceptance of the Policy

By accessing or using Wizcart's Services, you acknowledge that you have read, understood, and agree to the terms of this Privacy Policy and our Terms of Service. If you do not agree with our policies and practices, please do not use our Services. This Policy constitutes a legally binding agreement between you and Wizcart.  

Definitions

For the purposes of this Policy, the following terms have the meanings ascribed to them:

• Personal Information (or "Personal Data"): Any information relating to an identified or identifiable natural person. This can include, but is not limited to, name, contact details, identification numbers, location data, online identifiers, or factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person. The precise definition may vary slightly depending on the applicable jurisdiction (e.g., as defined under the California Consumer Privacy Act (CCPA)/California Privacy Rights Act (CPRA), Canada's Personal Information Protection and Electronic Documents Act (PIPEDA), Quebec's An Act respecting the protection of personal information in the private sector (Law 25), and India's Digital Personal Data Protection Act, 2023 (DPDP Act)).

• Customer: An individual or entity that registers on the Platform to search for, book, or receive services from Service Providers.

• Service Provider: An individual or business entity that registers on the Platform to offer, provide, and receive payment for their services to Customers. This may include their employees or authorized agents.

• User: Collectively refers to Customers, Service Providers, and any other individual accessing or using the Platform or Services.

• Data Principal: An individual to whom the personal data relates (a term used in India's DPDP Act, equivalent to "Data Subject" in other jurisdictions or "Consumer" under CCPA/CPRA).

• Data Fiduciary: The entity that, alone or jointly with others, determines the purposes and means of the processing of personal data (a term used in India's DPDP Act, equivalent to "Data Controller" in other jurisdictions or "Business" under CCPA/CPRA). For the purposes of this Policy and your interactions with our Platform, Wizcart generally acts as the Data Fiduciary.

• Data Processor: An entity that processes personal data on behalf of a Data Fiduciary (or Data Controller/Business).

• Processing: Any operation or set of operations performed on personal data, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

• Platform: The Wizcart website(s), mobile application(s), and related online services.

Understanding these definitions is important because legal terminology can differ across jurisdictions. For example, Wizcart's role as a "Data Fiduciary" under India's DPDP Act aligns with its role as a "Business" under California's CCPA/CPRA and an "Organization" under Canada's PIPEDA. While this Policy uses consistent terms like "Wizcart" and "User," these underlying legal definitions inform our responsibilities.  

2. Information We Collect

Wizcart collects various types of personal information from and about users of our Platform and Services. We are committed to collecting only the information that is necessary for the purposes identified in this Policy. The specific types of information collected depend on your interaction with us.  

2.1. Information from Customers

When you use Wizcart as a Customer, we may collect the following information:

• Account Registration & Profile Information: This includes your full name, email address, phone number, physical address (for service delivery and matching), and a password to secure your account.  

• Service Request Details: We collect information about the services you request, such as the type of service, preferred date and time, location for the service, and any specific instructions, preferences, or details you provide to help Service Providers understand and fulfill your request.  

• Payment Details: To process payments for services, we collect payment information, such as credit/debit card details (card number, expiration date, CVV), billing address, or other payment method details (e.g., digital wallet information). This information is typically collected and processed directly by our secure third-party payment processors. Wizcart may retain limited payment information, such as the last four digits of your card number, transaction IDs, and payment history for record-keeping and support purposes.  

• Communications: We collect records of your communications with Wizcart customer support, including emails, chat logs, and call recordings (where permitted by law and with appropriate notice). We also facilitate and may, with notice, monitor communications between you and Service Providers through the Platform for purposes such as quality assurance, fraud prevention, and dispute resolution.  

• Reviews and Ratings: We collect any feedback, reviews, ratings, and testimonials you provide about Service Providers and the services you receive.  

• Demographic Information (Optional): We may collect demographic information such as age, gender, or service preferences if you voluntarily provide it, or we may infer certain preferences with your consent to personalize your experience on the Platform.  

2.2. Information from Service Providers

If you register as a Service Provider on the Wizcart Platform, we may collect the following information:

• Individual Service Provider Information: Your full name, email address, phone number, physical business address (if applicable), and date of birth (for identity verification and background check purposes).  

• Business Details (if applicable): If you operate as a business entity, we collect your business name, legal structure, business registration details (e.g., certificate of incorporation, partnership deed, Goods and Services Tax Identification Number (GSTIN) in India, Employer Identification Number (EIN) or Social Security Number (SSN) for tax purposes in the US, Business Number (BN) in Canada), tax identification numbers (e.g., Permanent Account Number (PAN) in India ), service offerings, service areas, business website, and a description of your business. Similar information is collected by other marketplaces like Angi and Thumbtack for business verification.  

• Qualifications and Experience: Information regarding your skills, professional licenses (e.g., trade licenses, occupational licenses as required by local regulations ), certifications, years of experience, and a portfolio of your past work (which may include photos or videos, with necessary permissions from any individuals depicted).  

• Background Check Information (if applicable and with consent): Where permitted by law and relevant to the services offered, we may request information necessary to conduct background checks. This process is typically handled by a third-party vendor and may involve collecting your national identification number (e.g., SSN in the USA, Social Insurance Number (SIN) in Canada – though SIN collection is highly regulated and used only where legally required/authorized), criminal record history, driving records, or credit history. For example, Checkr may collect name, date of birth, driver's license number, and SSN , while Accurate Background may collect similar identifiers plus criminal records, credit history, and verification of education and employment. Marketplaces like Angi, Thumbtack, and TaskRabbit also utilize background checks. You will be provided with specific notice and an opportunity to consent before any such check is conducted.  

• Payment Information: Bank account details (account number, routing number, IFSC code in India) or other payment information necessary for us to remit payments for services rendered and to process any applicable commissions or fees.  

• Employee Information (if Service Provider is a business entity): If you are a Service Provider operating as a business and your employees or contractors will perform services booked through Wizcart, we may collect limited personal information about these individuals from you. This may include their name, role, contact information (if they are to be directly contacted by Customers or Wizcart), and potentially their qualifications, licenses, or certifications relevant to the service they will perform. As the employer, you are primarily responsible for ensuring that you have obtained all necessary consents from your employees or contractors to share their information with Wizcart for the purposes of using our Platform and Services. Wizcart's access to and use of such employee data will be limited to what is necessary for Platform functionality, such as assigning jobs, displaying relevant team member information to Customers if applicable, and for safety and verification purposes.  

• Insurance Information: Details of your business liability insurance, professional indemnity insurance, workers' compensation coverage (where applicable), and other relevant insurance policies, including policy numbers and coverage limits. This is important for verifying that you meet any applicable insurance requirements for providing services through the Platform.  

2.3. Information from All Website/Platform Users (including Customers and Service Providers)

Whether you are a Customer, a Service Provider, or a general visitor to our Platform, we automatically collect certain information when you interact with our Services:

• IP Address: Your Internet Protocol (IP) address is collected automatically when you access the Platform.  

• Cookies and Tracking Technologies: We use cookies, web beacons, pixel tags, and similar technologies to collect information about your browsing activity on the Wizcart Platform. This includes pages visited, features used, links clicked, time spent on pages, and other interaction data. Please see Section 7 (Cookies and Other Tracking Technologies) for more details.  

• Device Information: We may collect information about the device you use to access our Platform, such as the hardware model, operating system and version, browser type, preferred language, unique device identifiers (e.g., IDFA for iOS, Android Advertising ID), and mobile network information, if applicable and with your consent for mobile applications.  

• Geolocation Data: We may collect your general location information inferred from your IP address. With your explicit consent, particularly when using our mobile application, we may collect precise geolocation data from your mobile device. This can be used for purposes such as matching Customers with nearby Service Providers, allowing Service Providers to indicate their service area, or for fraud prevention.  

• Log Data: Our servers automatically record certain information ("Log Data") created by your use of the Services. Log Data may include information such as your IP address, browser type, operating system, the referring web page, pages visited, location, your mobile carrier, device information, search terms, and cookie information.  

2.4. Methods of Data Collection

We collect personal information in the following ways:

• Directly from Users: This occurs when you voluntarily provide information to us, such as when you create an account, fill out forms, submit a service request, make a payment, communicate with our support team or other users, respond to surveys, or post reviews.  

• Automatically through Technology:

  • Cookies and Similar Technologies: As you navigate and interact with our Platform, we use cookies and other tracking technologies to collect information about your activity.  

  • Server Logs: Our web servers automatically log standard access information.  

• From Third Parties: We may also receive information about you from third-party sources:

  • Payment Processors: We receive confirmation of payment transactions and sometimes partial payment details from our payment processors.  

  • Background Check Providers: For Service Providers who consent to a background check, we receive the results from our specialized third-party vendors.  

  • Social Media Platforms: If you choose to register or log in to Wizcart using a third-party social media service (e.g., Facebook, Google), we may receive personal information from that service, such as your name, email address, profile picture, and other information as permitted by your privacy settings on that platform.  

  • Analytics and Marketing Partners: We may receive aggregated or de-identified data from analytics providers, or information based on your interactions with our advertisements on third-party websites or platforms.  

  • Service Providers (Businesses): As mentioned in Section 2.2, if you are an employee of a Service Provider business, your employer may provide us with your information to enable you to perform services via the Platform.  

  • Publicly Available Sources: We may collect information from publicly available sources to verify Service Provider credentials, such as professional licenses, business registrations, and to ensure the accuracy of information provided.  

Sensitive Personal Information

Certain categories of personal information are considered "sensitive" under various privacy laws and require a higher degree of protection. This may include financial account information, government-issued identification numbers (like SSN, PAN, SIN when collected for legally mandated purposes like background checks or tax reporting), precise geolocation data, and in some jurisdictions, information about race or ethnic origin, health, or biometric data (though Wizcart does not typically collect health or biometric data for its core services). Wizcart only collects sensitive personal information when it is necessary for the provision of our Services (e.g., financial information for payments, government IDs for legally required verification of Service Providers), with your explicit consent, or as otherwise permitted or required by applicable law. We provide specific notices and obtain explicit consent for collecting and processing sensitive personal information where mandated, for example, under California's CPRA which grants a specific Right to Limit Use and Disclosure of Sensitive Personal Information.  

The collection of detailed information is essential for the functioning of a marketplace like Wizcart. However, this also means Wizcart must adhere to principles like data minimization – collecting only what is truly necessary for the specified purpose. This principle is embedded in laws like Canada's PIPEDA and India's DPDP Act , and is a best practice globally. For instance, while Maryland's stricter "reasonably necessary and proportionate" standard might not be legally binding in all of Wizcart's operating regions, adopting such a high standard internally for data collection practices can enhance user trust and reduce compliance risks. Clear differentiation between data collected directly from users, automatically, or from third parties is not just a transparency measure but a legal requirement in jurisdictions like California (requiring a notice at collection ). A particularly nuanced area is the handling of Service Provider employee data. While the primary responsibility for obtaining employee consent rests with the Service Provider business itself , Wizcart must clearly define its role and responsibilities concerning this data. This often means acting as a data processor on behalf of the Service Provider business, and this relationship must be clearly outlined in contractual agreements with the Service Provider businesses to ensure compliance and proper data governance.  

3. How We Use Your Information

Wizcart uses the personal information we collect for various purposes related to providing and improving our Platform and Services, ensuring a safe and efficient marketplace, and complying with our legal obligations. We are committed to using your information only for the purposes disclosed to you or as reasonably expected within the context of our relationship. Each use case is carefully considered to ensure it aligns with the purpose limitation principle found in laws like PIPEDA and the DPDP Act.  

3.1. Facilitating Service Bookings and Connections

A core function of Wizcart is to connect Customers with Service Providers. To do this, we use:

• Customer information (such as name, contact details, service address, and specific service request details) and Service Provider information (such as name, business details, service offerings, availability, and location) to identify and propose suitable matches.  

• This involves sharing necessary information (as detailed in Section 4.1) between a Customer and their selected Service Provider(s) to enable direct communication, confirm service details, schedule the service, and facilitate service delivery.

3.2. Processing Payments and Commissions

To manage financial transactions on the Platform:

• We use Customer payment details (processed through our third-party payment processors) to facilitate payment for services booked.

• We use Service Provider bank account or other payment details to process payouts for completed services and to manage any applicable commissions or platform fees.

• Transaction data is shared with secure third-party payment processors who handle the actual payment processing.  

3.3. Account Management and Support

To ensure smooth operation of user accounts and provide assistance:

• We use your account registration information to create, maintain, and secure your Wizcart account.  

• We use your contact information and records of your communications with us to provide customer and service provider support, respond to your inquiries, troubleshoot problems, and resolve any issues you may encounter.  

3.4. Communication with Users

We communicate with you for various service-related and (with your consent) promotional purposes:

• Transactional Communications: We send essential service-related communications via email, SMS, or in-app notifications. These include confirmations of account registration, booking confirmations and updates, payment receipts, notifications about changes to our policies (including this Privacy Policy), and other information critical to your use of the Services.  

• Marketing Communications: With your explicit consent where required by law (e.g., under Canada's Anti-Spam Legislation (CASL) which requires opt-in for most commercial electronic messages, or similar principles in other jurisdictions), we may send you promotional emails, newsletters, information about new features or services, special offers from Wizcart or our partners, and surveys.  

• Opt-Out Options: You have the right to opt-out of receiving marketing communications from us at any time. This can typically be done by clicking the "unsubscribe" link found in the footer of promotional emails, or by adjusting your communication preferences in your Wizcart account settings. Making this opt-out process simple and effective is a priority.  

3.5. Platform Improvement and Personalization

To enhance your experience and improve our Services:

• We analyze usage data (such as IP addresses, cookie data, browsing history on our Platform, device information, and data on how you interact with our Services) to understand user behavior, identify trends, improve Platform functionality, enhance user experience, and develop new service offerings.  

• We may personalize your experience on the Platform by showing you more relevant service listings, Service Provider recommendations, or content based on your past activity, stated preferences, or demographic information (where you have provided this or consented to its use for personalization). While personalization aims to improve your experience, we are mindful of using your data transparently and providing you with controls over such uses.  

3.6. Managing Service Provider Employees (if applicable through the platform)

If Service Provider businesses utilize Wizcart's platform features to manage their employees or team members (e.g., for job assignment, scheduling):

• Wizcart will use the employee information provided by the Service Provider business solely for these designated Platform functionalities, acting on the instructions of the Service Provider business.  

• In this context, the Service Provider business is the primary data controller (or Data Fiduciary) for their employees' personal information, and Wizcart acts as a data processor (or service provider) on their behalf. The Service Provider business is responsible for ensuring they have lawful grounds, including any necessary consents, for providing this employee data to Wizcart for these purposes.  

3.7. Ensuring Safety and Security, Including Fraud Prevention

Maintaining a safe and secure Platform is paramount:

• We use account information, transaction details, IP addresses, device information, and usage patterns to monitor for, detect, and prevent fraudulent activities, unauthorized access to accounts, and other security incidents or abuse of our Platform.  

• For Service Providers, we use information provided for identity verification and, with consent, for conducting background checks to enhance safety, security, and trust within the Wizcart community.  

• Where permitted and with appropriate notice to users , we may monitor communications exchanged through the Platform to identify and address safety concerns, prevent fraud, and assist in resolving disputes.  

3.8. Legal Compliance and Dispute Resolution

Wizcart may use your personal information to:

• Comply with applicable legal and regulatory obligations, including responding to lawful requests from government authorities, court orders, subpoenas, or other legal processes.  

• Resolve disputes that may arise between Customers and Service Providers, or between users and Wizcart.

• Enforce our Terms of Service, this Privacy Policy, and other Wizcart policies.

• Protect the rights, property, or safety of Wizcart, our users, or the public, as required or permitted by law.  

The use of personal information is carefully managed to ensure it aligns with the purposes for which it was collected. For example, data collected to facilitate a service booking will not be used for unrelated marketing profiling without specific, additional consent. This adherence to purpose limitation is critical under laws like PIPEDA and the DPDP Act. Similarly, while personalization features can enhance user experience , Wizcart is committed to transparency regarding the data used for such features and providing users with meaningful control, especially if sensitive inferences could be drawn.  

4. How We Share and Disclose Your Information

Wizcart shares personal information with other parties only in the ways described in this Policy, when necessary to provide our Services, for legitimate business purposes, or when legally required. We are committed to ensuring that such sharing is done transparently and with appropriate safeguards. Our vendor management processes include contractual requirements for third parties to protect the data they receive and limit its use, reflecting our accountability under laws like PIPEDA and the DPDP Act.  

4.1. Between Customers and Service Providers

To facilitate the core functionality of our marketplace:

• When a Customer books a service or accepts a quote, we share necessary information with the selected Service Provider. This typically includes the Customer's name, contact information (such as phone number or masked contact details initially, with full details upon confirmation), service address, and the specific details of the service request.  

• Conversely, we share relevant information about the Service Provider with the Customer. This includes the Service Provider's business name (or individual name if operating as such), public profile information (which may detail services offered, qualifications, experience), aggregated ratings and reviews from other Customers, and potentially the first name and/or photo of the specific individual assigned to perform the service (if the Service Provider is a business with multiple employees/agents).  

4.2. With Third-Party Payment Processors

To process payments from Customers and payouts to Service Providers, we share necessary payment information (such as credit/debit card details, bank account information) with secure third-party payment gateways and processors (e.g., Stripe, PayPal, or similar services). Wizcart does not itself store full credit card numbers; these are transmitted directly to and processed by these specialized payment providers who are compliant with Payment Card Industry Data Security Standards (PCI DSS).  

4.3. With Analytics and Marketing Service Providers

To understand how our Platform is used, improve our Services, and conduct marketing activities:

• We may share de-identified or aggregated information with analytics providers.

• With your consent where required by law (e.g., for certain cookies or for sharing identifiable data for targeted advertising), we may share personal information such as IP addresses, cookie data, device identifiers, email addresses (for custom audience campaigns), and usage patterns with third-party vendors who assist us with platform analytics, measuring the effectiveness of our advertising campaigns, and delivering targeted marketing messages.  

• Any such sharing is governed by contractual agreements that require these service providers to protect the confidentiality and security of the information and to use it only for the specific purposes authorized by Wizcart and in compliance with applicable laws. Transparency about these practices, particularly if they could be construed as "sale" or "sharing" under laws like CCPA/CPRA, is critical, and robust opt-out (or opt-in where required) mechanisms will be provided.  

4.4. With Background Check Providers (for Service Providers)

For Service Providers who consent to undergo a background check as part of their onboarding or continued participation on the Platform, we will share necessary personal information (e.g., name, date of birth, address history, government identification numbers where legally permissible) with our designated third-party background check vendors. The results of these checks are shared with Wizcart to help us maintain a safe and trustworthy platform.  

4.5. With Legal and Regulatory Authorities

We may disclose personal information if required to do so by law or in the good faith belief that such action is necessary to:

• Comply with a legal obligation, such as a subpoena, court order, or lawful request from law enforcement or other government agencies.

• Protect and defend the rights, property, or safety of Wizcart, our users, or the public.

• Prevent or investigate possible wrongdoing in connection with the Services.

• Enforce our Terms of Service or other agreements.  

4.6. Regarding Service Provider Employee Data

If a Service Provider is a business entity and manages its employees or contractors through the Wizcart Platform (e.g., for scheduling, job assignments):

• Information about those employees (such as name, schedule, assigned tasks) will be accessible to the authorized representatives of the employing Service Provider business through their administrative dashboard on the Platform.

• Limited employee information (e.g., the first name and perhaps a profile picture of the individual assigned to perform a service) may be shared with Customers to facilitate the service delivery, as directed or permitted by the Service Provider business.  

• In these instances, Wizcart typically acts as a data processor or service provider, processing this employee data on behalf of and under the instruction of the Service Provider business, which is the data controller (or Data Fiduciary) for its employees' data. The Service Provider business is responsible for obtaining all necessary consents from its employees for their information to be shared and used in this manner. The precise roles and responsibilities will be governed by our contractual agreements with Service Provider businesses.  

4.7. Business Transfers

In the event that Wizcart is involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of company assets, or transition of service to another provider, your personal information may be sold or transferred as part of such a transaction as permitted by law and/or contract. We will notify you of any such transfer and any resulting changes to this Privacy Policy, providing you with choices regarding your information where applicable.  

4.8. With Affiliates and Business Partners

• Affiliates: We may share your information with our parent company, subsidiaries, joint venture partners, or other companies under common control with Wizcart. These affiliated entities will be required to honor this Privacy Policy.  

• Business Partners: We may share your information with trusted business partners with whom we offer co-branded services, run joint promotions, or have other collaborative offerings. This will only be done with your consent where required by applicable law.  

4.9. Conditions for Data Sharing

Wizcart is committed to sharing personal information responsibly. We share personal information with third parties only when it is necessary for legitimate business purposes, when we have a lawful basis to do so (such as your consent, contractual necessity, or legal obligation), and always with appropriate safeguards in place to protect the information, in accordance with applicable laws. This includes entering into data processing agreements (DPAs) or similar contractual clauses with third-party service providers and processors. These agreements require them to:

• Protect the confidentiality and security of the personal information.

• Limit the use of the information solely to the purposes for which it was shared.

• Implement technical and organizational measures consistent with this Policy and applicable laws.

• Notify us in the event of a data breach.

• Assist us in complying with data subject rights requests.  

The handling of Service Provider employee data requires particular clarity. If Wizcart requires certain employee data for its own platform integrity or safety purposes (e.g., individual verification for high-risk services), it might act as a controller for that specific data. However, if the Service Provider (employer) inputs their employee data into Wizcart primarily for their own business management (e.g., scheduling their team), Wizcart is more likely a processor. This distinction is vital as it impacts who is primarily responsible for consent, data subject requests, and breach notifications concerning that specific employee data. Our contracts with Service Providers aim to delineate these roles clearly.

5. Data Security

Wizcart is dedicated to protecting the security of your personal information and takes reasonable and appropriate measures to safeguard it from unauthorized access, use, disclosure, alteration, or destruction. The security measures implemented are designed to be proportionate to the sensitivity of the information we collect and the risks involved.  

Commitment to Security

We implement a combination of technical, administrative, and physical security controls to maintain the safety of your personal information. While we strive to use commercially acceptable means to protect your personal information, it is important to understand that no method of transmission over the Internet or method of electronic storage is 100% secure. Therefore, we cannot guarantee its absolute security.  

Types of Security Measures

• Technical Measures:

  • Encryption: We use encryption technologies, such as Secure Socket Layer (SSL)/Transport Layer Security (TLS), to protect data in transit between your device and our servers. Sensitive information, such as payment details processed by our vendors or certain data at rest, may be protected using encryption standards like AES-256.  

  • Firewalls and Intrusion Detection/Prevention: Our systems are protected by industry-standard firewalls and we employ intrusion detection and prevention systems to monitor for and block malicious activity.  

  • Secure Server Infrastructure: We utilize reputable cloud service providers (e.g., Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure) that maintain high standards of physical and network security for their data centers.  

• Administrative Measures:

  • Information Security Program: We maintain a written information security program and policies that govern the secure processing of personal information.  

  • Access Controls: Access to personal information within Wizcart is restricted on a need-to-know basis using role-based access controls. Only authorized personnel who require access to perform their job duties are granted it.  

  • Employee Training: We provide regular training to our employees and relevant contractors on data privacy principles, security best practices, and their responsibilities in protecting user data.  

  • Data Minimization: We strive to collect and retain only the personal information that is necessary for the purposes outlined in this Policy.

  • Incident Response Plan: We have an incident response plan in place to address data security incidents, including data breaches, in a timely and effective manner.  

  • Vendor Security Management: We conduct due diligence on third-party vendors who handle personal information on our behalf and require them by contract to implement appropriate security measures and protect the confidentiality of the data.  

  • Regular Audits and Assessments: We may conduct periodic security risk assessments and audits to review and improve our security measures.  

• Physical Measures:

  • Access to our physical offices and any on-premises data processing facilities (if applicable, though most data is cloud-hosted) is controlled and restricted to authorized personnel.  

Data Breach Notification

In the unfortunate event of a personal data breach that poses a risk to your rights and freedoms, Wizcart will take steps to notify you and the relevant regulatory authorities as required by applicable data protection laws. This includes laws such as India's DPDP Act (Section 8(6)) , California's CCPA/CPRA , Canada's PIPEDA , and Quebec's Law 25. Such notifications will be provided promptly and will include information about the nature of the breach, the categories of data potentially compromised, the likely consequences, and the measures we have taken or recommend you take to mitigate potential harm.  

User Responsibility

Your role in maintaining data security is also important. You are responsible for keeping your Wizcart account password confidential and for using secure networks when accessing our Platform. You should notify us immediately if you suspect any unauthorized access to or use of your account.  

The concept of "reasonable security" is central to many data protection laws. What constitutes "reasonable" depends on factors such as the sensitivity of the personal information involved, the potential risks of harm from a breach, the size and complexity of our operations, and current industry best practices. Wizcart's security measures are designed to be appropriate to these factors. Our proactive approach includes regular reviews of our security posture, employee training, and assessments of our vendors, rather than merely reacting after an incident occurs. This proactive stance is essential for building and maintaining user trust and for demonstrating due diligence to regulatory bodies.  

6. Your Rights and Choices

Wizcart respects your rights concerning your personal information. This section outlines the rights available to you under applicable data protection laws in the USA, Canada, and India, and explains how you can exercise them. Please note that the availability and scope of these rights may vary depending on your jurisdiction and are subject to certain legal limitations and exceptions. Wizcart has developed internal procedures to ensure that requests to exercise these rights are handled efficiently and in accordance with legal timelines.  

General Statement

You have certain rights regarding the personal information we collect and process about you. Wizcart is committed to facilitating the exercise of these rights in a transparent and accessible manner.

6.1. Right to Access Your Data

You generally have the right to request access to the personal information Wizcart holds about you and to receive a copy of that information. This allows you to verify the lawfulness of our processing and the accuracy of your data. Upon request, and subject to verification of your identity, we will provide you with information such as:  

• The categories of personal information we have collected about you.

• The specific pieces of personal information we have collected (subject to certain limitations).

• The categories of sources from which the personal information was collected.

• The business or commercial purposes for collecting, selling, or sharing your personal information.

• The categories of third parties with whom we share or have shared your personal information.

• (Under India's DPDP Act) A summary of your personal data being processed, the processing activities undertaken, and identities of other Data Fiduciaries/Processors with whom data has been shared.  

6.2. Right to Rectify Incorrect Data

If you believe that any personal information we hold about you is inaccurate or incomplete, you have the right to request that we correct or complete it. We will take reasonable steps to verify the accuracy of the information and make the necessary corrections.  

6.3. Right to Erasure (Right to be Forgotten)

Under certain conditions, you have the right to request the deletion of your personal information; Quebec Law 25 (de-indexation/cessation of dissemination): ; DPDP Act: ]. This right may apply if, for example, the information is no longer necessary for the purposes for which it was collected, you withdraw your consent (and there is no other legal ground for processing), or the processing is unlawful. In Canada, under PIPEDA, this right is often achieved through the withdrawal of consent and adherence to data retention limits, leading to deletion or anonymization when data is no longer required for its identified purpose. Please note that this right is not absolute. We may be legally required or have legitimate grounds to retain certain information, such as to comply with legal obligations, resolve disputes, enforce our agreements, or prevent fraud. We will inform you if we are unable to fully comply with your erasure request and the reasons why.  

6.4. Right to Restrict Processing

In certain circumstances, you may have the right to request the restriction of the processing of your personal information. This means we would store your data but not further process it. This might apply, for example, if you contest the accuracy of the data (pending verification), if the processing is unlawful but you oppose erasure, or if we no longer need the data but you require it for legal claims.

• USA (CCPA/CPRA): You have a specific "Right to Limit Use and Disclosure of Sensitive Personal Information" to only that which is necessary to perform the services or provide the goods reasonably expected by an average consumer, or for other permitted purposes.  

• Canada (Quebec Law 25): This law includes a right to restrict processing.  

• Canada (PIPEDA) & India (DPDP Act): While not explicitly framed as a general "right to restrict processing," similar outcomes can often be achieved through the right to withdraw consent, and principles of purpose limitation and data minimization, which inherently limit how data can be processed.  

6.5. Right to Data Portability

Where technically feasible and legally provided, you may have the right to receive the personal information you have provided to us in a structured, commonly used, and machine-readable format. You may also have the right to request that we transmit this data directly to another company (another controller) where the processing is based on your consent or a contract with you, and the processing is carried out by automated means.

• USA (CCPA/CPRA): Provides for data portability in a readily usable format.  

• Canada (Quebec Law 25): Provides this right, effective September 2024, for computerized personal information collected from the applicant.  

• Canada (PIPEDA): The right to data portability under PIPEDA is more limited and subject to evolving interpretation by the Office of the Privacy Commissioner of Canada (OPC). Generally, access requests should be fulfilled in a generally understandable format.  

• India (DPDP Act): The DPDP Act explicitly does not include a right to data portability.  

6.6. Right to Object to Processing (especially for marketing)

You have the right to object to the processing of your personal information for direct marketing purposes at any time. If you object, we will stop processing your data for these purposes.

• USA (CCPA/CPRA): This is largely covered by the "Right to Opt-Out of Sale or Sharing" of personal information, which includes disclosures for cross-context behavioral advertising.  

• Canada (PIPEDA & Quebec Law 25): You can object to marketing by withdrawing consent. Quebec Law 25 also provides a right to object to automated decision-making in certain contexts.  

• India (DPDP Act): The right to object to marketing is exercised through the withdrawal of consent. In some jurisdictions, you may also have the right to object to other types of processing based on our legitimate interests, unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights, and freedoms, or for the establishment, exercise, or defense of legal claims.  

6.7. Right to Withdraw Consent

Where our processing of your personal information is based on your consent, you have the right to withdraw that consent at any time. The withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal. Upon withdrawal, we will cease processing your information for the purpose(s) you previously consented to, unless we have another legal basis to continue doing so. We will inform you of the implications of withdrawing your consent (e.g., you may not be able to use certain features of the Services).  

6.8. Right to Non-Discrimination

Wizcart will not discriminate against you for exercising any of your privacy rights. This means we will not deny you goods or services, charge you different prices or rates, provide a different level or quality of goods or services, or suggest that you may receive a different price or rate or a different level or quality of goods or services.  

6.9. Right of Grievance Redressal (India)

If you are a Data Principal in India, you have the right to an easily accessible means of grievance redressal provided by Wizcart concerning any act or omission relating to the processing of your personal data or the exercise of your rights under the DPDP Act. We are obligated to respond to your grievances within a prescribed period. You must exhaust this opportunity for grievance redressal with us before approaching the Data Protection Board of India.  

6.10. How to Exercise Your Rights

To exercise any of the rights described above, please contact us using the details provided in Section 11 (Contact Information). You can submit your request via:

• Email to: [privacy@wizcart.com]

• Our online Data Subject Request Portal: [Link to Portal, if available]

• Mail to: [Wizcart Mailing Address for Privacy Inquiries]

• For residents of certain jurisdictions like California, you may also be able to make requests via a toll-free telephone number:.

When you make a request, we may need to verify your identity to protect your privacy and security, and to prevent fraudulent requests. This verification process may require you to provide certain information to match against our records. We will only use personal information provided in a verifiable consumer request to verify the requestor's identity or authority to make the request.  

We will respond to your request within the timeframes stipulated by applicable law (e.g., generally within 45 days for CCPA/CPRA requests, which may be extended by another 45 days with notice ; and typically within one month for requests under GDPR-like frameworks, extendable by two further months for complex requests ). Generally, there is no fee to exercise your rights. However, we may charge a reasonable fee if your request is manifestly unfounded, excessive, or repetitive, or we may refuse to act on the request in such cases, as permitted by law.  

You may be able to designate an authorized agent to make a request on your behalf. If you use an authorized agent, we may require proof of their authorization and may also need to verify your identity directly.

Summary of Key User Rights by Jurisdiction

To help you understand your rights based on your primary location of residence while using Wizcart, the following table provides a general summary. Please note this is for informational purposes and the specifics are governed by the respective laws.

Right

USA (e.g., CCPA/CPRA)

Canada (PIPEDA)

Canada (Quebec Law 25)

India (DPDP Act)

Access

Yes (categories, specific pieces)

Yes (existence, use, disclosure)

Yes (existence, use, disclosure, copy)

Yes (summary of data, processing activities, recipients)

Rectification/Correction

Yes

Yes (challenge accuracy & completeness, amend)

Yes

Yes (correct, complete, update)

Erasure/Deletion

Yes (with exceptions)

Implied (via consent withdrawal, retention limits)

Yes (de-indexation, cessation of dissemination)

Yes (unless retention legally required)

Restrict Processing

Yes (Limit Use/Disclosure of Sensitive PI)

Limited (via consent withdrawal, purpose limitation)

Yes

Limited (via consent withdrawal, purpose limitation)

Data Portability

Yes (readily usable format)

Limited/Evolving

Yes (structured, commonly used technological format)

No

Object to Processing

Yes (Opt-out of Sale/Sharing for marketing/profiling)

Yes (via consent withdrawal, esp. for marketing)

Yes (automated decisions, marketing)

Yes (via consent withdrawal, esp. for marketing)

Withdraw Consent

Yes (implied by opt-out for sale/sharing)

Yes

Yes

Yes

Grievance Redressal

N/A (direct right, but can complain to AG/CPPA)

Yes (challenge compliance with organization)

Yes (complaint to organization/CAI)

Yes (with Data Fiduciary, then Board)

Non-Discrimination

Yes

Implied (fair information practices)

Implied (fair information practices)

Implied (fair information principles, though not an explicit enumerated right)

 

Successfully operationalizing these user rights across multiple jurisdictions requires Wizcart to maintain robust internal procedures for receiving, verifying, tracking, and responding to requests within statutory deadlines. This includes careful identity verification to prevent unauthorized access to data, while not collecting excessive additional personal information for verification itself. Furthermore, it's important for users to understand that these rights are not absolute and are often subject to legal exceptions, such as the need to retain data for legal compliance even when an erasure request is made.  

7. Cookies and Other Tracking Technologies

Wizcart uses cookies and similar tracking technologies (such as web beacons, pixels, and scripts) on our Platform to enhance user experience, analyze Platform usage, provide essential functionalities, and for advertising purposes. This section explains what these technologies are, how we use them, and how you can manage your preferences.  

7.1. What are Cookies and Tracking Technologies?

• Cookies: Small text files that are stored on your computer or mobile device when you visit a website. They enable the website to remember your actions and preferences (such as login, language, font size, and other display preferences) over a period, so you don’t have to keep re-entering them whenever you come back to the site or browse from one page to another. Cookies can be "session" cookies (which expire when you close your browser) or "persistent" cookies (which stay on your device until they expire or you delete them).  

• Web Beacons/Pixels: Tiny graphics files that contain a unique identifier that enable us to recognize when someone has visited our Platform or opened an email that we have sent them. They are often used in conjunction with cookies.

• Other Technologies: We may also use other similar technologies for tracking, such as local storage (HTML5) or mobile SDKs.

7.2. How We Use Cookies

Wizcart uses cookies and similar technologies for several purposes:

• Essential/Strictly Necessary Cookies: These are vital for the basic operation of our Platform. They enable core functionalities such as user authentication (keeping you logged in), account security, network management, and accessibility. Without these cookies, the Services cannot be provided properly. These cookies are typically exempt from consent requirements under laws like the ePrivacy Directive (which influences Canadian approaches) because they are essential to provide a service requested by the user.  

• Performance/Analytics Cookies: These cookies collect information about how you and other users interact with our Platform. For example, they help us understand which pages are visited most frequently, how users navigate the site, if they encounter error messages, and the overall performance of the Platform. This data is often aggregated and anonymized and helps us improve how our Platform works (e.g., using Google Analytics).  

• Functionality Cookies: These cookies allow our Platform to remember choices you make and provide enhanced, more personal features. For example, they can remember your username (if you choose), language preference, or region. The information these cookies collect may be anonymized, and they cannot track your browsing activity on other websites.

• Targeting/Advertising Cookies: These cookies are used by Wizcart and/or our third-party advertising partners to deliver advertisements that are more relevant to you and your interests. They may be used to build a profile of your interests based on your browsing activity on our Platform and other sites, and to show you relevant ads on our Platform or on other websites. They also help us measure the effectiveness of our advertising campaigns. The use of these cookies, especially those set by third parties, requires your explicit consent in many jurisdictions.  

7.3. Your Choices and Managing Preferences

We provide you with control over the use of non-essential cookies and tracking technologies:

• Cookie Consent Banner/Tool: When you first visit our Platform, you will be presented with a cookie consent banner or tool. This tool will provide you with information about the different categories of cookies we use and allow you to provide or withdraw your consent for each category of non-essential cookies (Performance, Functionality, Targeting/Advertising). This is particularly important for compliance with laws like Quebec's Law 25, which requires explicit opt-in consent for most tracking technologies. Non-essential cookies will not be placed on your device without your affirmative consent where required.  

• Browser Settings: Most web browsers allow you to control cookies through their settings. You can typically set your browser to block some or all cookies, or to alert you when cookies are being sent. You can also usually delete cookies already stored on your device. Please refer to your browser's help section for instructions. However, please be aware that if you disable or refuse cookies, some parts of our Platform may become inaccessible or not function properly.  

• Opting Out of Targeted Advertising: You can often opt out of interest-based advertising from participating third-party advertising networks through industry opt-out programs. For more information and to exercise your choices, you can visit the Network Advertising Initiative (NAI) opt-out page and the Digital Advertising Alliance (DAA) opt-out page. For mobile applications, you can typically adjust your device's advertising identifier settings to limit ad tracking.  

• Quebec Law 25: For users in Quebec, we adhere to the requirement for explicit, informed, and granular opt-in consent before deploying any technology that tracks, identifies, or profiles you, including non-essential cookies. Tracking technologies will be deactivated by default.  

The need for granular consent for non-essential cookies, particularly under Quebec's Law 25 and GDPR-aligned principles, means that Wizcart's cookie consent mechanism must allow users to make specific choices about different types of cookies, rather than a simple "accept all." Transparency about third-party cookies, including those from analytics services like Google Analytics or advertising networks, is also crucial, ideally with links to their respective privacy policies.  

7.4. Do Not Track Signals

Some web browsers may transmit "Do Not Track" (DNT) signals to websites. Currently, there is no universally accepted standard for how to respond to DNT signals. Therefore, like many other websites and online services, Wizcart does not currently alter its practices when it receives a DNT signal from a visitor's browser. However, for users in jurisdictions like California, we are committed to honoring legally recognized opt-out preference signals, such as the Global Privacy Control (GPC), with respect to the sale or sharing of personal information as defined under the CCPA/CPRA. Our cookie consent tool also provides you with direct control over tracking technologies used on our site.  

The landscape of tracking technologies and related regulations is constantly evolving. Wizcart is committed to regularly reviewing its practices and this Policy to ensure ongoing compliance and transparency.

8. International Data Transfers

Wizcart operates as a global service marketplace with users and operations in the United States, Canada, and India. As a result, your personal information may be transferred to, stored, and processed in countries other than your country of residence. These countries may have data protection laws that are different from the laws of your country. Wizcart is committed to ensuring that your personal information is protected wherever it is processed and that all international data transfers comply with applicable legal requirements.  

8.1. General Statement on Cross-Border Transfers

By using our Services, you acknowledge and, where required by law, consent to the transfer of your personal information across national borders. These transfers are often necessary for us to provide our Services effectively, such as for processing payments, providing customer support, and maintaining our global platform infrastructure.

8.2. Primary Data Storage and Processing Locations

Wizcart primarily stores and processes personal information on secure servers located in. We may also utilize cloud service providers whose servers may be located in various jurisdictions globally. We take steps to select reputable service providers that offer robust security and data protection measures.  

8.3. Safeguards for International Data Transfers

Wizcart implements appropriate safeguards to protect your personal information when it is transferred internationally, ensuring compliance with the data protection laws of the originating and recipient jurisdictions. These safeguards include:  

• Transfers To/From Canada:

  • PIPEDA Compliance: When personal information is transferred from Canada to another country (e.g., the USA or India), Wizcart ensures that a "comparable level of protection" is provided for the information while it is being processed by a third party or an affiliated entity. This is typically achieved through contractual agreements that require the recipient to implement appropriate data protection measures and limit the use of the information to the purposes for which it was transferred. Wizcart remains accountable for the protection of personal information transferred under its control, in line with PIPEDA's Accountability Principle (Principle 1 and Clause 4.1.3 of Schedule 1). We will be transparent with you about the fact that your information may be processed in a foreign country and may be accessible to law enforcement and national security authorities of that jurisdiction.  

  • Quebec Law 25 Compliance: For personal information of Quebec residents that is transferred outside of Quebec (including to other Canadian provinces or internationally to the USA or India), Wizcart adheres to the specific requirements of Law 25. This involves:

    1. Conducting a Privacy Impact Assessment (PIA) prior to the transfer. This PIA evaluates the sensitivity of the information, the purposes of its use, the protection measures (including contractual and technical safeguards) that will apply, and critically, the legal framework and data protection practices of the recipient jurisdiction.  

    2. The PIA must help determine if the information will receive protection equivalent to that offered under Quebec law. This assessment considers not only contractual clauses but also the broader legal environment and generally recognized principles of personal information protection in the recipient jurisdiction.  

    3. The transfer must be subject to a written agreement (contract) with the recipient. This agreement must incorporate measures to mitigate any risks identified in the PIA and ensure that adequate protection is provided for the personal information. While the Commission d'accès à l'information du Québec (CAI) has not mandated specific model clauses, it emphasizes the importance of these contractual safeguards.  

• Transfers To/From India:

  • DPDP Act Compliance: Under India's Digital Personal Data Protection Act, 2023 (DPDP Act), the transfer of personal data outside India is generally permitted by default. However, the Central Government of India has the authority to restrict the transfer of personal data to specific countries or territories through notification (a "negative list" or "blacklist" approach). Wizcart will diligently monitor and comply with any such restrictions issued by the Indian government.  

  • For all permitted transfers of Indian residents' personal data outside India, Wizcart will ensure:

    • A lawful basis for the transfer (such as explicit consent from the Data Principal or a legitimate use as defined under Section 7 of the DPDP Act).

    • That Data Principals are provided with notice of such transfers (typically within this Privacy Policy).

    • The implementation of contractual safeguards with the data recipient (akin to "DPDP Standard Contractual Clauses" or robust data processing agreements) to ensure a comparable level of data protection, including obligations for onward protection and prompt notification of data breaches.  

• Transfers To/From USA:

  • The United States does not currently have a single federal law comprehensively governing international data transfers in the same manner as Canada or India. When personal information is transferred from Canada or India to the USA, the safeguards and mechanisms described above (e.g., contractual clauses ensuring comparable or adequate protection based on the originating country's laws) will apply.  

  • Wizcart ensures that its data handling practices within the USA comply with applicable federal laws (like COPPA) and relevant state privacy laws (like the CCPA/CPRA).

• General Contractual Safeguards: For all international transfers, particularly to third-party service providers or affiliated entities, Wizcart relies on Data Processing Agreements (DPAs) or International Data Transfer Agreements (IDTAs). These agreements contractually obligate the recipient to:

  • Process the personal information only for the specified and authorized purposes.

  • Implement and maintain appropriate technical and organizational security measures to protect the data against unauthorized access, loss, or destruction.

  • Assist Wizcart in responding to data subject rights requests.

  • Notify Wizcart without undue delay in the event of a data breach.

  • Adhere to strict confidentiality obligations.

  • Comply with all applicable data protection laws. The principles underlying mechanisms like the EU's Standard Contractual Clauses (SCCs) often inform the structure and content of these agreements, even when not directly mandated for a specific transfer path, as they represent a high standard of data protection.  

The process of determining "comparable" (under PIPEDA) or "equivalent" (under Quebec Law 25) protection requires a careful legal assessment of the recipient jurisdiction's laws and actual data protection practices. This can be particularly complex for transfers to countries like the USA, which has a more sectoral approach to privacy and has faced scrutiny regarding government access to data. Similarly, India's "negative list" approach under the DPDP Act means Wizcart must remain vigilant for any government notifications that could impact its data transfer routes. This dynamic environment underscores the importance of robust contractual safeguards as a baseline protection for all cross-border data flows.  

8.4. User Consent

Where explicit consent is required by applicable law for the international transfer of your personal information (e.g., under certain interpretations of India's DPDP Act for specific types of transfers, or if sensitive data is involved), Wizcart will obtain such consent before making the transfer. Your use of the Services and acceptance of this Policy generally signifies your understanding that data may be transferred as described herein, subject to the safeguards mentioned.  

9. Children's Privacy

Wizcart is committed to protecting the privacy of children. This section outlines our policy regarding the collection and processing of personal information from individuals identified as children under applicable laws.

9.1. Platform Not Intended for Children

The Wizcart Platform and Services are not directed to, or intended for use by, individuals who do not meet the minimum age requirement to use our Services independently.  

9.2. Age Limit for Users

Wizcart requires all users to be at least 18 years of age to create an account and use its Services independently. This unified age limit is adopted to ensure compliance with the strictest applicable age-related data protection requirements across our operating jurisdictions, particularly India's Digital Personal Data Protection Act (DPDP Act). For context:

• India (DPDP Act): Defines a "child" as an individual who has not completed eighteen years of age. The processing of a child's personal data requires prior verifiable consent from their parent or lawful guardian].

• USA (Children's Online Privacy Protection Act - COPPA): Imposes requirements on operators of websites or online services directed to children under 13 years of age, and on operators who have actual knowledge that they are collecting personal information online from a child under 13, to obtain verifiable parental consent.  

• Canada (PIPEDA): The Office of the Privacy Commissioner of Canada (OPC) guidance generally states that meaningful consent from a parent or guardian is required for children under the age of 13. For children aged 13 up to the age of majority in their province, consent processes should be adapted to their level of maturity.  

• Canada (Quebec Law 25): Requires the consent of a person having parental authority or a tutor for the collection, use, or disclosure of personal information concerning a minor under 14 years of age.  

By setting our platform's minimum age for independent use at 18, Wizcart aims to simplify compliance and provide a consistent standard that meets or exceeds the requirements of these various laws regarding unsupervised use by minors.

9.3. No Knowing Collection of Children's Data (Under 18 without consent)

Wizcart does not knowingly collect personal information directly from individuals under the age of 18 for the purpose of creating an independent user account without verifiable parental consent as may be specifically required and facilitated under laws like the DPDP Act. We implement measures, such as age attestation during registration, to prevent individuals who do not meet our age requirements from creating accounts. If Wizcart becomes aware that we have inadvertently collected personal information from an individual under 18 in a manner that contravenes applicable law (e.g., without necessary verifiable parental consent), we will take prompt steps to delete such information from our records.  

9.4. Parental Consent for Under 18s (India)

Should Wizcart, in specific and clearly defined circumstances, permit individuals under 18 in India to use certain services with parental involvement, we will do so only upon obtaining verifiable consent from a parent or lawful guardian, as mandated by the DPDP Act. The methods for such verification would be implemented in line with guidance from the Data Protection Board of India and global best practices. However, our general policy remains that the Platform is for users 18 years and older.  

9.5. Prohibitions under DPDP Act for Children's Data

In alignment with India's DPDP Act (Section 9(2) and 9(3)), Wizcart will not undertake any processing of children's personal data (individuals under 18) that is likely to cause any detrimental effect on the well-being of a child. Furthermore, Wizcart will not engage in tracking or behavioral monitoring of children, or direct targeted advertising at children.  

The decision to set the platform age limit at 18 years is a strategic one, primarily driven by the DPDP Act's definition of a "child" and its requirement for "verifiable parental consent" for anyone under 18. Managing varying age thresholds and consent mechanisms across multiple jurisdictions (U13 for COPPA/PIPEDA, U14 for Quebec Law 25, U18 for DPDP Act) would be operationally complex and introduce significant compliance risks. Adopting the highest age threshold for independent use simplifies this landscape. While age gates are not foolproof, they represent a reasonable measure to prevent "knowing collection" from underage individuals. If such collection is discovered, prompt deletion is the standard response.

10. Changes to This Privacy Policy

Wizcart reserves the right to modify or update this Privacy Policy at any time to reflect changes in our practices, service offerings, or applicable laws. We encourage you to review this Policy periodically to stay informed about how we are protecting your information.  

Notification of Changes

If we make material changes to this Privacy Policy (i.e., changes that significantly affect your rights or the way we handle your personal information), we will provide you with notice before such changes take effect. This notice may be provided by:

• Posting the updated Policy on our Platform with a new "Last Updated" date.

• Sending an email notification to your registered email address.

• Displaying a prominent notice on our Platform or through an in-app message.  

For minor changes that do not materially affect your privacy rights, we may update the Policy by posting the revised version with an updated "Last Updated" date without additional proactive notification, though we still encourage you to review it regularly.

Effective Date

The revised Privacy Policy will be effective as of the "Last Updated" date indicated at the top of the Policy.

Review of Policy

It is your responsibility to review this Privacy Policy periodically. Your continued use of the Wizcart Platform or Services after any changes or revisions to this Privacy Policy have been posted will constitute your acknowledgment and acceptance of the terms of the revised Policy.  

Clarity on what constitutes a "material change" is important. Generally, changes to how personal information is collected, used, shared, or secured, or changes affecting user rights, would be considered material and warrant proactive notification. Maintaining an internal version history of the Privacy Policy is also a good governance practice, enabling Wizcart to demonstrate historical compliance if required.

11. Contact Information

If you have any questions, concerns, or complaints about this Privacy Policy, our data handling practices, or if you wish to exercise any of your privacy rights, please contact us through one of the following channels :  

• Email: [privacy@wizcart.com]

• Mailing Address: Wizcart Inc. Attn: Privacy Office / Data Protection Officer [Insert Wizcart's Full Mailing Address]

• Online Portal (if applicable): You may also be able to submit requests or inquiries through a dedicated privacy portal on our website: [Link to Privacy Portal, if available]

Data Protection Officer (DPO) / Privacy Officer

Wizcart has appointed a Data Protection Officer (DPO) / Privacy Officer who is responsible for overseeing our compliance with applicable data protection laws and this Privacy Policy. Our DPO/Privacy Officer can be reached via the contact methods listed above by addressing your communication to the "Data Protection Officer" or "Privacy Officer."

The appointment of a DPO/Privacy Officer is a requirement under certain laws, such as for Significant Data Fiduciaries under India's DPDP Act and under Quebec's Law 25. Canada's PIPEDA also requires organizations to designate an individual accountable for compliance. For a multi-jurisdictional operation like Wizcart, having a designated privacy lead is essential for managing complex compliance obligations effectively. This contact information must be easily accessible to users.  

12. Legal Compliance and Specific Jurisdictional Provisions

12.1. Overarching Commitment to Compliance

Wizcart is committed to complying with all applicable data protection and privacy laws in the jurisdictions where it offers its Services, including the United States of America, Canada, and India. This Privacy Policy is intended to meet the requirements of these laws. Where specific jurisdictional requirements are more stringent or provide additional rights, Wizcart will adhere to those higher standards for users in those regions. This section highlights key legal frameworks and how Wizcart addresses them. The dynamic nature of privacy laws, especially in the US with new state legislation emerging , and evolving regulations and guidance for India's DPDP Act and Quebec's Law 25 , means this section will be subject to regular review and updates.  

12.2. United States of America

• Federal Law:

  • Children's Online Privacy Protection Act (COPPA): Wizcart complies with COPPA (15 U.S.C. §§ 6501-6505; 16 C.F.R. Part 312). As stated in Section 9 (Children's Privacy) of this Policy, our Platform is not directed to children under the age of 13 (and our general platform age limit is 18). We do not knowingly collect personal information online from children under the age of 13 without verifiable parental consent. If Wizcart learns that we have inadvertently collected such information without the required consent, we will take steps to delete it promptly.  

• State-Specific Laws: Residents of certain U.S. states possess additional privacy rights concerning their personal information. Wizcart is committed to complying with applicable state privacy laws.

  • California (California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA)): The CCPA/CPRA (Cal. Civ. Code § 1798.100 et seq.) grants California residents specific rights regarding their personal information. Wizcart upholds these rights as detailed in Section 6 (Your Rights and Choices) of this Policy. These include:

    • The Right to Know what personal information is being collected, used, disclosed, sold, or shared (Cal. Civ. Code § 1798.100, § 1798.110, § 1798.115).

    • The Right to Delete personal information held by us, subject to certain exceptions (Cal. Civ. Code § 1798.105).

    • The Right to Opt-Out of Sale or Sharing of personal information. "Sharing" under CPRA refers to sharing for cross-context behavioral advertising. Wizcart provides a "Do Not Sell or Share My Personal Information" link on our website and respects legally recognized opt-out preference signals (such as the Global Privacy Control) where technically feasible and required by law.  

    • The Right to Correct Inaccurate Personal Information that we maintain about you (Cal. Civ. Code § 1798.106).  

    • The Right to Limit Use and Disclosure of Sensitive Personal Information if such information is collected or processed for purposes beyond those permitted by regulations (e.g., to infer characteristics). Wizcart will provide a mechanism for California residents to limit such use if applicable.  

    • The Right to Non-Discrimination for exercising CCPA/CPRA rights (Cal. Civ. Code § 1798.125). Wizcart's disclosures regarding the categories of personal information collected, the sources from which it is collected, the purposes for its collection and use, and the categories of third parties with whom we share or sell personal information are detailed in Sections 2, 3, and 4 of this Policy. These sections serve as our Notice at Collection and provide other disclosures required by the CCPA/CPRA.  

  • Other U.S. State Privacy Laws: Many other U.S. states have enacted comprehensive privacy laws, including Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Iowa (ICDPA), Indiana (Indiana CDPA), Tennessee (TIPA), Montana (MCDPA), Florida (FTCPA), Texas (TDPSA), Oregon (OCPA), Delaware (DPDPA), New Hampshire (NHPA), New Jersey (NJDPA), Maryland (MPPA), and Minnesota (MNCDPA). These laws generally provide residents of those states with rights similar to those under CCPA/CPRA, such as rights to access, correct, and delete their personal information, obtain a copy of their data (data portability, though not in all states like Utah and Iowa), and to opt-out of the processing of personal data for targeted advertising, the sale of personal data, and (in some states) certain types of profiling. Wizcart extends these rights to residents of these states as applicable and as detailed in Section 6 of this Policy. Where required by these laws (e.g., in Colorado, Virginia, Connecticut, Montana, Oregon, Texas, Delaware, New Jersey, Maryland, Minnesota), Wizcart conducts Data Protection Assessments (DPAs) or Privacy Impact Assessments (PIAs) for data processing activities that present a heightened risk of harm to consumers, such as processing sensitive data or data for targeted advertising or certain profiling.  

    • It is noteworthy that some states are introducing unique or more stringent requirements. For example, Maryland's law imposes a stricter data minimization standard, requiring collection to be "reasonably necessary and proportionate" for general personal information and "strictly necessary" for sensitive personal information when providing a requested product or service. Minnesota's law includes a requirement to document and include in the privacy policy the name and contact information of the company's Chief Privacy Officer or another individual responsible for compliance. Wizcart endeavors to meet these evolving standards.  

12.3. Canada

• Personal Information Protection and Electronic Documents Act (PIPEDA): Wizcart complies with Canada's federal private sector privacy law, PIPEDA (S.C. 2000, c. 5), and its Ten Fair Information Principles (Schedule 1). Our practices concerning the collection, use, and disclosure of personal information of Canadian residents are guided by these principles:

  • Accountability (Principle 1): Wizcart is responsible for personal information under its control and has designated a Privacy Officer who is accountable for our compliance with PIPEDA (see Section 11). This accountability extends to personal information transferred to third parties for processing, for which we use contractual or other means to provide a comparable level of protection (Clause 4.1.3 of Schedule 1).  

  • Identifying Purposes (Principle 2): The purposes for which personal information is collected are identified at or before the time of collection and are detailed in Sections 2 and 3 of this Policy.  

  • Consent (Principle 3): Wizcart obtains meaningful consent for the collection, use, and disclosure of personal information, as appropriate for the sensitivity of the information and the reasonable expectations of the individual. Details regarding consent are provided throughout this Policy (e.g., for marketing communications, cookie usage, and international data transfers where applicable). Users have the right to withdraw their consent at any time, subject to legal or contractual restrictions, as explained in Section 6.7.  

  • Limiting Collection (Principle 4): The collection of personal information is limited to that which is necessary for the purposes identified by Wizcart.  

  • Limiting Use, Disclosure, and Retention (Principle 5): Personal information is not used or disclosed for purposes other than those for which it was collected, except with the consent of the individual or as required or permitted by law. Personal information is retained only as long as necessary for the fulfillment of those purposes.  

  • Accuracy (Principle 6): We take reasonable steps to ensure that personal information is as accurate, complete, and up-to-date as is necessary for the purposes for which it is to be used.  

  • Safeguards (Principle 7): We protect personal information with security safeguards appropriate to the sensitivity of the information, as detailed in Section 5.  

  • Openness (Principle 8): This Privacy Policy and other information made available by Wizcart provide details about our policies and practices relating to the management of personal information.  

  • Individual Access (Principle 9): Users have the right to be informed of the existence, use, and disclosure of their personal information and shall be given access to that information, as detailed in Section 6.1.  

  • Challenging Compliance (Principle 10): Users can address a challenge concerning compliance with the above principles to our Privacy Officer (see Section 11).  

• Quebec - An Act respecting the protection of personal information in the private sector (Law 25): For residents of Quebec, Wizcart also complies with Law 25, which modernizes Quebec's privacy framework. Key provisions relevant to Wizcart's operations include:

  • Consent: We obtain explicit, free, informed, and granular consent for specific purposes of collection, use, or disclosure of personal information. Consent must be requested separately for each purpose and presented in clear and simple language. Express consent is required for sensitive personal information and for the use of technologies that allow an individual to be identified, located, or profiled (Sections 8, 9, 12, 14 of Law 25 as amended).  

  • Privacy Officer: Wizcart has designated a Privacy Officer responsible for ensuring compliance with Law 25. The title and contact information of this person are made available (Section 3.1 of Law 25).  

  • Privacy Impact Assessments (PIAs): Wizcart conducts PIAs for any project involving the acquisition, development, or redesign of an information system or electronic service delivery system that handles personal information. Critically, a PIA is mandatory before communicating personal information of Quebec residents outside of Quebec (Sections 3.3, 17 of Law 25).  

    • PIAs for cross-border transfers assess: the sensitivity of the information; the purposes for which it is to be used; the protection measures (including contractual ones) that would apply; and the legal framework applicable in the jurisdiction to which the information would be communicated, including the generally recognized principles of personal information protection applicable there, to ensure the information receives protection equivalent to that provided under Quebec law (Section 17 of Law 25).  

  • Cross-Border Transfers Contractual Requirements: Any communication of personal information of Quebec residents outside Quebec must be subject to a written agreement that takes into account the results of the PIA and, if applicable, includes terms agreed upon to mitigate the risks identified in the assessment (Section 17 of Law 25).  

  • Data Subject Rights: Quebec residents have robust rights as detailed in Section 6 of this Policy. These include the right to access their personal information, the right to rectification, the right to request cessation of dissemination or de-indexation of a hyperlink (right to erasure/be forgotten), the right to data portability (effective September 22, 2024), and the right to be informed if personal information is used to render a decision based exclusively on automated processing (Sections 27, 28, 28.1 of Law 25).  

  • Confidentiality by Default: If Wizcart offers a technological product or service to the public that has privacy settings, those settings must provide the highest level of confidentiality by default, without any intervention by the individual (Section 9.1 of Law 25).  

12.4. India

• Digital Personal Data Protection Act, 2023 (DPDP Act): Wizcart complies with India's DPDP Act (No. 22 of 2023). As a Data Fiduciary under this Act, our obligations and the rights of Data Principals (individuals to whom the personal data relates) include:

  • Lawful Purpose and Consent (Sections 4, 5, 6): We process personal data only for a lawful purpose and either with the free, specific, informed, unconditional, and unambiguous consent of the Data Principal (signified by a clear affirmative action) or for certain legitimate uses specified in Section 7 of the Act. Prior to or at the time of requesting consent, we provide a notice to the Data Principal detailing the personal data to be collected, the specified purpose(s) of processing, how they can exercise their rights, and how they can make a complaint to the Data Protection Board of India.  

  • General Obligations of Data Fiduciaries (Section 8): Wizcart is responsible for complying with the provisions of the DPDP Act. We implement appropriate technical and organizational measures and reasonable security safeguards to prevent personal data breaches. In the event of a personal data breach, we are obligated to notify the Data Protection Board of India and each affected Data Principal in the prescribed manner.  

  • Rights of Data Principals (Chapter III of DPDP Act):

    • Right to Access Information (Section 11): Data Principals have the right to obtain a summary of their personal data being processed, information about the processing activities, and the identities of other Data Fiduciaries and Data Processors with whom their personal data has been shared.  

    • Right to Correction and Erasure (Section 12): Data Principals have the right to request the correction of inaccurate or misleading personal data, the completion of incomplete personal data, the updating of personal data, and the erasure of personal data that is no longer necessary for the purpose for which it was processed (unless retention is required by law).  

    • Right of Grievance Redressal (Section 13): Data Principals have the right to readily available means of grievance redressal from Wizcart. If unsatisfied with our response, they may approach the Data Protection Board of India.  

    • Right to Nominate (Section 14): Data Principals have the right to nominate another individual to exercise their rights under the DPDP Act in the event of their death or incapacity.  

    • It is important to note that the DPDP Act, in its current form, does not explicitly grant a general right to restrict processing (beyond the implications of consent withdrawal and purpose limitation) or a right to data portability.  

  • Processing of Personal Data of Children (Section 9): As detailed in Section 9 of this Policy, Wizcart complies with the specific requirements for processing the personal data of children (defined as individuals under 18 years of age in the DPDP Act). This includes obtaining verifiable consent from a parent or lawful guardian before processing a child's personal data and refraining from processing that is likely to cause detrimental effects on a child's well-being, or engaging in tracking, behavioral monitoring, or targeted advertising directed at children.  

  • Cross-Border Data Transfers (Section 16): Wizcart may transfer personal data of Indian residents outside of India, provided such transfers are not to countries or territories restricted by the Central Government. All such transfers will be conducted in compliance with the DPDP Act and subject to appropriate safeguards as outlined in Section 8 of this Policy.  

  • Data Protection Officer (DPO): If Wizcart is designated as a "Significant Data Fiduciary" (SDF) by the Central Government under Section 10 of the DPDP Act (based on factors such as the volume and sensitivity of personal data processed, risk to Data Principals, etc.), we will appoint a Data Protection Officer based in India who will be responsible to our Board of Directors (or similar governing body) and act as the point of contact for grievance redressal. We will also comply with other obligations applicable to SDFs, such as conducting periodic Data Protection Impact Assessments and audits.  

  • Penalties (Section 33 & The Schedule): Wizcart acknowledges the significant monetary penalties that can be imposed by the Data Protection Board of India for non-compliance with the provisions of the DPDP Act, as specified in its Schedule.  

The commitment to these specific legal frameworks necessitates robust internal processes at Wizcart. For example, honoring opt-out preference signals like the Global Privacy Control for CCPA/CPRA compliance, conducting thorough PIAs for data transfers of Quebec residents' information, and implementing verifiable parental consent mechanisms if ever dealing with under-18 users in India (though currently mitigated by the 18+ platform age limit) all require dedicated operational and technical capabilities. This Legal Compliance section serves as Wizcart's public commitment to these standards, which must be backed by diligent internal governance and practice.