Privacy Policy
1. INTRODUCTION
Welcome to www.microshipments.com by VALUESHIPR, an E-commerce platform, operating in India through its Franchisee M/s. Decker Logistics Pvt. Ltd. having its registered office at Unit No. 123, Adarsh Industrial Estate, Sahar Road, Andheri East, Mumbai Pin - 400 099, (hereinafter referred to as "we," "us," or "our"). We are committed to safeguarding your privacy and ensuring the protection of your personal data. This Privacy Policy outlines how we collect, use, store and protect your personal data when you access our air cargo booking website and services as a sender or recipient of shipments.
By accessing or using our platform, you acknowledge and consent to the collection, processing, and use of your personal data in accordance with this policy. The processing of personal data shall be conducted in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) of the European Union, the California Privacy Rights Act (CPRA) of the United States, and the Digital Personal Data Protection Act, 2023 (DPDPA) of India. Our platform is committed to ensuring the security and lawful processing of personal data in alignment with these regulations.
2. SCOPE AND APPLICABILITY
This Privacy Policy applies to all users of the platform www.microshipments.com, including senders, recipients, account holders, third-party vendors, franchisees, service providers, and visitors. It covers all interactions, whether made through our website, email communications, mobile interfaces, customer support, or partner integrations.
(a) This policy is applicable to both online and offline data collection processes.
(b) The policy also extends to contractors and logistics agents engaged by Decker Logistics for fulfilment purposes.
3. DEFINITIONS
3.1 "Personal Data" refers to any information that can identify a person directly or indirectly such as names, contact details, IP address, payment information or identity proof.
(a): "Sensitive Personal Data" includes data such as Aadhaar numbers, financial records, or biometric identifiers.
3.2 "Processing" means any operation performed on personal data including collection, use, storage, sharing, and deletion.
3.3 "User" means any individual or entity that accesses or interacts with our platform.
3.4 "Third-Party Services" refer to platforms or tools used to support operations such as payment gateways and analytics providers.
4. INFORMATION WE COLLECT
We collect various types of personal data, including but not limited to names, addresses, contact information, government-issued identification, payment credentials, shipment tracking details, communication records, behavioural analytics and metadata from browsers and devices.
(a) Sensitive personal data such as biometric identifiers or financial account information will only be collected with explicit consent.
(b) Location data may be collected during delivery tracking or app usage with user permission.
(c) Audio and visual data from calls or CCTV footage in service centres may be retained for security purposes.
5. METHODS OF DATA COLLECTION
Data is collected directly through forms, user interactions, service transactions, identity verification checks, cookies, mobile app activity and indirectly through partner integrations and publicly available sources.
(a) Automated tools such as web beacons or analytics scripts may be deployed for behaviour monitoring.
(b) Customer service interactions via phone, chat, or email are also logged for training and quality control.
(c) Data from courier pick-ups or delivery personnel apps may be collected for transaction monitoring.
6. PURPOSE OF DATA PROCESSING
The data we collect is processed for purposes including identity verification, delivery management, billing and payments, legal compliance, fraud detection, service improvement, marketing and dispute resolution.
(a) Data may be used to personalise the user experience by adapting recommendations and offers.
(b) In cases of fraud suspicion, data will be analysed for anomaly detection and preventive actions.
(c) Delivery records and transaction history may be used to resolve customer complaints.
7. CONSENT MECHANISM
7.1 Consent is obtained through explicit acceptance at the point of data submission. Users may revoke consent at any time by contacting our Privacy Office. Services dependent on consented data may be restricted upon withdrawal.
(a) Continued use of services after policy updates shall imply continuing consent under applicable jurisdictions.
7.2 Consent logs are maintained to ensure accountability and can be shared upon lawful requests.
7.3 When data is processed on grounds other than consent, users will be informed through notices.
8. USE OF COOKIES AND TRACKING TECHNOLOGIES
We employ cookies and similar tracking technologies to improve site navigation, analyse user behaviour and enhance service personalisation.
(a) Cookie data may be shared with analytics service providers under strict contractual obligations.
8.1 Users are given the choice to accept or decline non-essential cookies.
8.2 Users can manage cookie preferences at any time via their browser settings or platform interface. [Refer to our Cookie Policy for more details]
9. DATA STORAGE AND RETENTION
9.1 Personal data collected is stored securely in data centres located within India or in jurisdictions with adequate data protection standards.
9.2 Data is retained for as long as it is necessary to fulfil the purposes outlined in this policy, unless a longer retention period is required by law.
9.3 Data related to financial transactions is retained in compliance with taxation and regulatory frameworks.
9.4 Upon expiration of the retention period, personal data is securely deleted or anonymised.
10. DATA SECURITY MEASURES
We implement appropriate technical and organisational measures to safeguard your personal data from unauthorised access, disclosure, alteration and destruction.
(a) Encryption technologies are used during data transmission and storage.
(b) Access to sensitive personal data is restricted to authorised personnel under strict confidentiality agreements.
(c) Security audits and vulnerability assessments are conducted periodically to maintain a robust defence.
11. DATA SHARING WITH THIRD PARTIES
11.1 Personal data shall be shared with third-party service providers, partners, government authorities and logistics affiliates only to the extent necessary to provide services or comply with legal obligations.
(a) All third-party recipients are contractually obligated to adhere to data protection standards equivalent to those set forth in this policy.
11.2 Sharing with law enforcement agencies shall occur only in response to lawful requests and subpoenas.
11.3 Data shared for marketing purposes shall require prior user consent, unless anonymised.
12. INTERNATIONAL DATA TRANSFERS
12.1 In accordance with applicable data protection laws, personal data may be transferred to and processed in jurisdictions outside India, where such transfers are subject to appropriate safeguards including standard contractual clauses, binding corporate rules, or other legally recognized mechanisms to ensure an equivalent level of protection as required under Indian law.
(a) Such transfers will only be made to countries recognised as providing adequate data protection by Indian authorities or relevant international frameworks.
12.2 Standard Contractual Clauses (SCCs) or other appropriate safeguards shall govern international data exchanges.
13. DATA SUBJECT RIGHTS
13.1 Users have the right to access, rectify, update, delete or restrict the processing of their personal data.
(a) Requests for access or deletion can be submitted through our privacy contact email, and responses will be provided within legally stipulated timelines.
13.2 Users may request data portability or lodge objections to processing in cases where it impacts their rights and freedoms.
14. AUTOMATED PROCESSING AND PROFILING
14.1 We may use automated systems, including profiling, to enhance the user experience by offering personalized recommendations, fraud prevention alerts, and creditworthiness assessments.
(a) Such automated processing is designed to be fair, relevant, and limited to purposes that benefit the user without infringing on their rights.
(b) These systems are not used to make decisions that produce legal effects or significantly impact individuals without appropriate human oversight or review.
14.2 Users may request clarification on how profiling affects them and may opt out of non-essential profiling activities through their account settings.
15. PRIVACY OF MINOR
Our platform is not intended for children under the age of 18. Personal data of minors is not knowingly collected without parental consent.
(a) If we become aware that data from a minor has been collected inadvertently, such data shall be promptly deleted.
16. MARKETING COMMUNICATIONS
Users may receive service updates, newsletters and promotional messages based on communication preferences.
(a) Users can opt-out of marketing communications through unsubscribe links or account settings.
(b) Transactional communications related to orders or account activity will be sent regardless of marketing preferences.
17. BEHAVIOURAL ANALYTICS
We analyse platform interactions to enhance performance, detect errors, and provide a better user experience.
(a) These analytics may involve heatmaps, scroll tracking, session replays and clickstream data.
18. DATA BREACH PROTOCOL
In the event of a data breach, users will be notified promptly with relevant details, impact assessment and remedial steps.
18.1 Notifications will be sent within 72 hours of detecting the breach as per legal mandates.
19. GRIEVANCE REDRESSAL MECHANISM
Users may raise concerns regarding data handling by contacting the appointed Grievance Officer.
(a) The Grievance Officer will acknowledge the complaints within 24 hours of receipt and resolve them within 15 business days.
(b) Escalation procedures will be clearly documented for unresolved issues.
20. LEGAL BASIS FOR PROCESSING
Processing of personal data is based on consent, contract necessity, legal obligations or legitimate interests.
(a) For marketing and profiling, consent is mandatory and documented.
(b) For fraud prevention or system security, processing may be justified on legitimate interest grounds.
21. USER AUTHENTICATION AND ACCESS CONTROL
21.1 To maintain the integrity of user accounts, strict authentication protocols are followed. Password protection, OTPs and biometric identification may be implemented depending on the access level.
(a) Multi-factor authentication may be required for certain high-risk transactions.
21.2 Users are responsible for safeguarding their credentials and must report unauthorised access immediately.
22. DATA MINIMIZATION PRINCIPLE
We limit the collection of personal data to what is directly relevant and necessary for specified purposes.
(a) Non-essential data will not be collected without user consent.
(b) Periodic reviews are conducted to assess data relevance and discard outdated information.
23. USER VERIFICATION AND KYC COMPLIANCE
Identity verification processes are aligned with KYC (Know Your Customer) norms.
(a) PAN (Permanent Account Number), AADHAAR or other government IDs may be verified using third-party verification tools.
(b) Verification documents are stored securely and used solely for compliance and fraud prevention.
24. PLATFORM MONITORING AND AUDIT TRAILS
Activity logs are maintained for all critical actions taken on the platform to detect anomalies and provide traceability.
(a) Audit trails are stored securely and regularly reviewed for detecting signs of unauthorised activity.
25. OVERSIGHT OF DATA SHARING WITH EXTERNAL ENTITIES
25.1 All partners, affiliates, contractors, and vendors engaged in the collection, storage, processing or transfer of user data on our behalf are subject to binding legal agreements that require full adherence to applicable data protection and privacy laws.
(a) These agreements incorporate comprehensive confidentiality clauses, data security obligations, audit rights and breach notification protocols in line with industry standards and regulatory expectations.
(b) Periodic due diligence and compliance audits are conducted on third party service providers to assess their ongoing data protection practices, controls and adherence to our contractual requirements.
25.2 In cases of material non-compliance, we reserve the right to impose penalties including financial sanctions, suspension of data access or immediate termination of business relationships.
25.3 Vendors shall promptly cooperate with the investigations, provide incident reports as and when requested and maintain up-to-date certifications relevant to data protection and security (e.g., ISO/IEC 27001, SOC 2).
25.4 All third parties are obligated to return or securely delete personal data at the end of the engagement unless legally required to retain such data.
25.5 Data transfer mechanisms between us and third parties, particularly those located outside India, must comply with applicable cross-border data transfer regulations, including model contractual clauses or adequacy decisions as required.
26. USE OF ARTIFICIAL INTELLIGENCE (AI)
AI tools may be utilised for route optimisation, fraud detection and personalisation.
(a) AI systems undergo fairness and accuracy evaluations.
(b) Data used for training AI is anonymised unless otherwise specified by the user.
27. CONFIDENTIALITY OBLIGATIONS
Employees and agents are under strict confidentiality contracts concerning user data.
(a) Breach of confidentiality is treated as gross misconduct and attracts disciplinary action.
28. PAYMENT DATA SECURITY
Payment data is collected and processed through PCI-DSS compliant gateways.
(a) Credit Card information is not stored on our servers.
(b) Tokenisation is used wherever applicable for recurring billing.
29. INSURANCE AND RISK MANAGEMENT
We maintain cybersecurity insurance and conduct risk assessments to protect against data-related incidents.
(a) Risk registers are updated quarterly with emerging threats.
30. IDENTITY THEFT AND FRAUD RESPONSE
Protocols are in place for managing reported identity theft or fraudulent activity.
(a) Affected accounts are immediately suspended and investigated.
(b) Verified victims may be assisted in filing reports with cybercrime cells.
31. GOVERNMENT AND LEGAL DISCLOSURES
31.1 Data shall be disclosed to government bodies in accordance with legal mandates.
31.2 Disclosures shall be made only upon formal requisition or court order.
32. BIOMETRIC DATA HANDLING
Biometric data, if collected, is subject to enhanced protections.
(a) Biometric information shall not be shared with third parties except under legal obligation.
33. COMMUNICATION SURVEILLANCE
Internal reviews of communication (chat logs, emails etc.) are conducted for compliance and dispute resolution.
(a) Such reviews shall only be performed by authorised personnel only.
34. ADVERTISING AND RETARGETING
We may engage in interest-based advertising using anonymised behavioural data.
(a) Opt-outs for personalised ads are available through browser settings or the privacy dashboard of the platform.
35. DATA ENCRYPTION STANDARDS
Advanced encryption methods such as TLS and AES-256 are employed.
(a) Data in transit and at rest is protected using state-of-the-art cryptographic protocols.
36. PLATFORM ACCESS FROM FOREIGN JURISDICTIONS
Users accessing our platform from jurisdictions outside India must ensure compliance with all applicable local laws and regulations. We shall not guarantee the availability, legality or appropriateness of its services outside India.
(a) Services offered by our platform may not be lawful or accessible in certain jurisdictions. Users from such regions may access the platform at their own discretion and risk.
(b) By using the platform from outside India, users acknowledge and consent that their personal data may be transferred to, stored in and processed within India, subject to Indian data protection laws.
(c) It is the responsibility of the user to determine whether the use of the platform complies with the laws applicable in their location. We disclaim all liability arising from unauthorised or unlawful use of its services in foreign jurisdictions.
37. CYBERSECURITY AWARENESS AND TRAINING
All personnel are required to undergo mandatory cybersecurity awareness programs.
(a) Annual refresher training will be provided to ensure updated knowledge on evolving threats.
(b) Compliance failures in training result in restricted system access.
38. PLATFORM CONSENT RECORDS
We maintain digital records of all user consents obtained during registration, updates or promotional opt-ins.
(a) These records are retained for evidentiary and compliance purposes.
39. BREACH NOTIFICATION TO AUTHORITIES
Significant data breaches are reported to designated government regulators in line with legal obligations.
(a) Reports include breach impact, affected users, containment steps and preventive actions.
40. USER CONTENT MODERATION
Content uploaded by users is subject to moderation to ensure it complies with our community guidelines.
(a) We reserve the right to remove any content that is illegal, abusive, or violates third-party rights.
41. API AND THIRD-PARTY INTEGRATIONS
Third-party applications and APIs integrated into our services are vetted for privacy compliance.
(a) Any data shared via APIs is governed by this Privacy Policy and relevant data processing agreements.
42. PHYSICAL SECURITY OF DATA CENTRES
Data hosting facilities follow strict physical security protocols including surveillance, biometric access and environmental controls.
43. DATA ANONYMIZATION PRACTICES
Where feasible, anonymised data is used for analytics, reporting and research to minimise privacy risks.
(a) Anonymisation ensures data cannot be re-associated with any specific user without additional information.
43. DATA ANONYMISATION PRACTICE
We adhere to internationally recognised data anonymisation standards to ensure that personally identifiable information (PII) is transformed in such a way that it can no longer be attributed to a specific individual, directly or indirectly, without the use of additional information.
(a) Anonymisation is applied where data retention is required for analytical, statistical or research purposes but without the need to identify individuals. This ensures compliance with the principle of data minimisation under Indian and global data protection regulations.
(b) The anonymisation techniques deployed include pseudonymisation, irreversible hashing, data masking, generalisation and aggregation, chosen based on the context and sensitivity of the data.
43.2 Anonymised data is excluded from the definition of personal data and is not subject to individual data subject rights unless it can be reasonably re-identified, in which case such data is treated as personal data under this policy.
43.3 All anonymisation processes undergo periodic validation and internal audits to verify effectiveness, non-reversibility, and alignment with current regulatory and technological standards.
(a) Where third-party tools or processors are involved in anonymisation, such parties are contractually bound to follow our approved methods and may not reverse-engineer or re-identify the data.
44. BUSINESS TRANSFERS AND MERGERS
In the event of a merger, acquisition or business restructuring, personal data may be transferred to the new entity.
(a) Users will be notified in advance of any change in data controller or policy.
45. LEGAL RETENTION OBLIGATIONS
Certain personal data may be retained longer than usual where required by tax, contract or regulatory law.
(a) Once legal retention expires, the data is deleted or anonymised securely.
46. INTERNAL AUDIT OF PRIVACY PRACTICES
Annual internal audits are conducted to assess adherence to this Privacy Policy.
47. EMAIL AND SMS COMMUNICATION MONITORING
Email and SMS communications may be logged for security, delivery assurance and compliance with regulatory standards.
(a) Users may request access logs for their communication history.
48. DISPUTE RESOLUTION FRAMEWORK & ARBITRATION
48.1 If you have concerns regarding data privacy, you may contact our customer support team for resolution.
48.2 All privacy-related disputes are subject to resolution under the laws prevailing in India.
48.3 In the event that the dispute remains unresolved, the matter shall be referred to Arbitration, in accordance with the provisions of the Arbitration and Conciliation Act, 1996 as amended from time to time.
48.4 The arbitration shall be conducted by a Sole Arbitrator appointed mutually by both parties. If the parties cannot agree on an arbitrator, the arbitrator shall be appointed by a competent authority under the Act.
48.5 The seat and venue of arbitration shall be Mumbai, India. The arbitration proceedings shall be conducted in the English language and the decision of the arbitrator shall be final, conclusive, and binding upon both parties. No appeal shall lie therefrom, except as provided under the applicable law.
49. WITHDRAWAL OF CONSENT
Users have the right to withdraw their consent at any time for data processing activities.
(a) Withdrawal will not affect the legality of prior data processing but may impact service delivery.
50. UPDATES TO THE PRIVACY POLICY
This Privacy Policy may be updated periodically to reflect legal, technological or operational changes.
(a) Users will be notified via email or platform notifications regarding major updates.
(b) Continued use of the platform after changes constitutes acceptance of the updated policy.
51. CONTACT US
If you have any questions or need assistance regarding this Privacy Policy, please contact us at: www.microshipments.com by Valueshipr Decker Logistics Private Limited Unit No. 123, Adarsh Industrial Estate, Sahar Road, Andheri East, Mumbai 400099 Phone: +91 8921 874 072 Email: support@valueshipr.com