PRIVACY NOTICE

This Privacy Notice explains how the Company collects, processes and safeguards the User’s personal data during their time on its Platform. The Company is dedicated to respecting Users’ privacy and ensuring the practices align with applicable data protection laws in India.

INTRODUCTION

Dharampal Satyapal Limited (hereinafter referred to as “us,” “we,” “our,” “DSL,” or the “Company”) operates the Rajnigandha trade scheme platform for wholesalers, which may be accessed or used through our digital interfaces, including our website scheme.rajnigandha.com , mobile application, or any other online platform operated by the Company (“Platform”). Through the Platform, registered wholesalers can participate in trade schemes, earn and redeem scheme-based benefits, and receive trade-related incentives, promotional offers, vouchers, and other business rewards.

The Company is committed to ensuring the security and responsible management of personal data in order to operate effectively and provide an enhanced experience for its stakeholders and members in India (hereinafter referred to as “you,” “your,” or “Member”).

The Company is committed to protecting and respecting your privacy and processes your personal data through lawful and proper means in compliance with the Digital Personal Data Protection Act, 2023, Digital Personal Data Protection Rules, 2025, and other rules, regulations and notifications thereunder, as may be issued from time to time, and other applicable laws in India (collectively referred to as the “Data Protection Legislation”).

PURPOSE AND SCOPE

The purpose of this Privacy Notice (hereinafter ‘‘Notice’’) is to describe how the Company processes i.e., collects, uses, stores, organises, records, adapts, retrieves, aligns and shares your personal data when you access and use our Platform, to manage its customer relationships, provide services, process payments, communicate with you (where consent has been obtained), and maintain its internal records, in accordance with applicable Data Protection Legislation.

This Notice is also designed to supply information on how the Company ensures the security of your personal data, discloses your personal data to third parties, and processes your requests in exercising your rights set out under the Data Protection Legislation.

This Notice applies to all Users who access, use or interact with our Platform and whose personal data is collected through the Platform, including but not limited to our customers, prospective buyers, service providers, and business partners.

This Notice is to be read and construed together with all other policies and notices of the Company which are available at https://scheme.rajnigandha.com.

For the purposes of this Notice, the terms “Personal Data”, “Processing”, “certain legitimate uses” and “Data Processors” shall have the meaning ascribed to them under the respective Data Protection Legislation.

PERSONAL DATA WE COLLECT

Personal data may be collected when you access or use our Platform, register an account, report a problem with the Platform, request to address any of your queries, register with us, engage with us through email or any other electronic means, or exchange communications with us.

We will process your personal data only based on your consent, unless we are entitled to do so for certain legitimate uses as permitted under the Data Protection Legislation.

(i) Personal data provided by you:

• User information: Full name, email address, phone/mobile number, father’s name, date of birth, city, district, state, postal address and postal index number.
• Login credentials: Username, membership number (registered mobile number), transactional history, queries, comments and complaints.
• Financial information: Bank details, PAN card details, UPI or other payment instrument details. PAN may be collected strictly for government statutory, legal and regulatory compliance with explicit consent.

Financial information is processed over SSL-secured communication channels to ensure encryption and data security and is not stored on our Platform.

(ii) Personal data that we collect automatically:

• Device and Log Information: When you access our Platform, we collect information about you with the help of technologies such as cookies (please refer to our Cookie Policy here https://scheme.rajnigandha.com/cookies-policy to help us analyse our web page flow, measure promotional effectiveness, understand your preferences, and improve our Platform and our quality of services. The following are the examples of the device and log information that we process: information about the hardware configuration of your device, web browsers used, browser version, device make/model, internet protocol (IP) address unique device identifiers, language preference, referring site, the date and time of access, time spent on the Platform, operating system, and mobile network information.
• Usage Information: We collect information about your usage of our Platform. We also collect information about what happens when you use our Platform such as page views, consumption pattern, details of the services availed by you on our Platform, interactions with other parts of our services along with information about your supported device (e.g., mobile device manufacturer), mobile internet browser you use, and other diagnostic data. We use this information to provide customised services to you, get insights on how you use our Platform so that we can make our Platform better, and understand and make predictions about user retention and interest highlighted.
• Information from Cookies: A cookie is a string of information that is stored on your device and that your browser provides to the Platform each time you visit. We may collect information about you using first-party and third-party cookies to collect information about how you interact with the Platform. Additionally, please note that our Platform may include links to websites of third-parties whose privacy practises may differ from those of the Company; if you provide any personal data to any of those websites, your personal data will be governed by their privacy notices and statements.
• Web Beacons: Certain sections of our Platform and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related Platform statistics (for example, recording the popularity of a certain section and verifying system and server integrity). We may include web beacons in promotional e-mail messages or R-Club newsletters in order to determine whether messages have been opened and acted upon. We may also place web beacons from third parties on our site in order to compile aggregated statistics and to help determine the effectiveness of our joint promotional or advertising campaigns. However, we prohibit web beacons on our Platform from being used by third parties to access your personal data, in accordance with the provisions of Data Protection Legislation.

(iii) Personal Data that we collect from other sources pursuant to your consent:

This includes your personal data available with third parties, vendors, and other third-party referrals such as your full name, father’s name, date of birth as per Pan and validation of other payment/ account related information.

This may also include accessing your PAN details from our affiliated platforms or linked systems (including but not limited to various websites, apps including business.rajnigandha.com, retail.rajnigandha.com or Rajnigandha.com) upon obtaining your explicit consent, solely for necessary government statutory, legal and regulatory compliance.

HOW AND WHY WE USE YOUR PERSONAL DATA

We will only process your personal data when we have your consent or for certain legitimate purposes when applicable Data Protection Legislation allows us to do so. Where consent is provided, we process your personal data for purposes including but not limited to:

• Provide you with our Platform's core features and services by legal and contractual obligations.
• Enable you to customize or personalize your experience of our Platform.
• Prepare monthly statements for maintenance of your user account on our Platform.
• Contact and communicate with you.
• Improving our products and services and other customer relationship management processes.
• Managing our operations with other companies that provide services to us and our customers.
• Developing new ways to meet your needs and grow our business.
• Marketing and events-related communication including inviting you to events organised or funded by our Company, update you on any additional services provided by us and undertaking marketing/business development activities.
• Managing CRO for us and our Users.
• Investigating and responding to complaints, feedback, and suggestions.
• For any other purpose disclosed by us, when you provide it.
• To any other successors in title to our business undertaking.
• To quickly process your transactions.
• To send SMS, WhatsApp, email, web notification or application-based notifications, messages including but not limited to your order or other products and services, promotional messages, greetings such as birthday/ anniversary greetings, e-greetings, physical greetings cards, etc.
• To trace computer resources or any person who may have contravened or is suspected of having or being likely to contravene, any provision of law, that is likely to have an adverse impact on the services provided on the Platform or otherwise by us.
• To ensure accurate financial transactions, verify the identity of parties involved and comply with regulatory requirements and regulations, including for managing high-value transactions, maintaining detailed financial records and ensuring compliance with our business operations in compliance with applicable laws.
• To collect, access, verify and process your Permanent Account Number (PAN) for all necessary government statutory, legal and regulatory compliance, managing high-value reward transactions, and maintaining statutory financial records in accordance with applicable law.
• Where required under applicable law, we will obtain your explicit consent prior to collecting or accessing your PAN details. Your PAN will not be processed for purposes incompatible with government statutory, legal and regulatory compliance unless otherwise required by law.
• To keep track of scheme coupon redemptions for solving any issue relating to transactions on the Platform, dealing with your requests, enquiries or complaints and related activities, and all other general administrative and business activities, marketing our products and services.
• To allow us to serve you better in responding to your service requests.
• To seek your feedback or opinion or to contact you in relation to the services offered on our Platform, allocating or offering rewards, other benefits as a part of the schemes program.
• To administer a contest, promotion, survey or other features of the Platform.
• For internal business purposes and services, including warehousing services, delivery services, IT support services and data analysis services.
• To promote a safe service on the Platform and protect the security and integrity of the Platform, our services and the Users.
• To detect, prevent and protect us from any errors, fraud and other criminal or prohibited activity on the Platform.
• To enforce and inform you about our terms of use.
• To communicate important notices or changes in our services, use of Platform, and terms of use which govern the relationship between you and the Company, as applicable.
• To carry out research with relevant partners.

Your personal data will not be further processed in a manner that is incompatible or in non-compliance with the aforesaid purposes or Data Protection Legislation. We may combine your voluntarily provided, and automatically collated, personal data with general information or research data we receive in the ordinary course from other sources in compliance with Data Protection Legislation. For example, our marketing and market research activities may uncover data and insights, which we may combine with information about how you use our Platform as a medium to ask for information and how you experience your journey on our Platform.

COMMUNICATIONS FROM THE PLATFORM

If you no longer wish to receive any of our marketing or promotional-related communications, you can opt out at any time by following the unsubscribe instructions included in the email you receive or by contacting us at scheme@dsgroup.com. However, even if you opt out of marketing or promotional content, we may still send you transaction-related messages and other important service-related announcements in accordance with Data Protection Legislation, when it is necessary to do so. For instance, we may send you essential service-related communications, such as notices about maintenance, outages, or policy updates. These are not promotional and are necessary for service delivery; therefore, you cannot opt out of them unless you delete your account or unsubscribe from the services.

PROCESSING OF MINOR DATA OR DATA OF PERSONS WITH DISABILITIES

We do not knowingly solicit or process personal data of individuals below the age of 18 (eighteen) (hereinafter, “Child(ren)”), or of individuals who have long term physical, mental, intellectual or sensory impairment which, in interaction with barriers, hinders their full and effective participation in society equally with others, including those suffering from conditions relating to autism, cerebral palsy, mental retardation or a combination of any two or more of such conditions, or individuals suffering from severe multiple disability, and who, despite being provided adequate and appropriate support, are unable to take legally binding decisions (hereinafter, “Person(s) with Disability”). If you notify us or we discover that we have unintentionally processed personal data of a Child, or of a Person with Disability, we will erase their personal data from our records promptly. However, the Company may process personal data of Children or Persons with Disability after obtaining and verifying the consent from their parent or lawful guardian directly, in accordance with Data Protection Legislation. In such cases, we take reasonable steps to verify the identity of the parent or lawful guardian before processing the personal data.

USE OF COOKIES

Our Platform may use “cookies” to enhance your user experience and collect information about you and your activity across our Platform. A cookie is a small piece of data that our Platform stores on your device, and accesses each time you visit, so we can understand how you use our Platform. This helps us serve you content based on preferences you have specified. You may choose to set your web browser to refuse cookies, customise your cookies, or to alert you when cookies are being sent. If you do so, please note that some parts of the Platform may not function properly. For further details on how we use cookies, please refer to our Cookie Policy which is available at https://scheme.rajnigandha.com/cookies-policy

HOW LONG WE KEEP YOUR PERSONAL DATA

We uphold the principle of retaining your personal data only for the duration necessary to fulfil its intended purpose as outlined in our Notice or until you request for the withdrawal or erasure of your personal data. Nevertheless, there are certain circumstances where we may need to keep your personal data for a longer time period, for the following purposes: (i) for compliance with Data Protection Legislation, including for certain legitimate uses such as employment-related processing of social security contributions/ payments (including provident fund and gratuity); and (ii) for compliance with applicable laws, including maintaining adequate records for the purpose of financial, tax, accounting or reporting obligations for such time periods as prescribed under applicable laws, and for statistical analysis.

Unless retention is necessary under Data Protection Legislation or any other applicable laws as mentioned above, if we have had no interactions with you for a consecutive 1 (one) year period, we will send you a request 48 (forty-eight) hours before the expiry of the aforementioned timeline to confirm whether you wish to stay in touch with us. If you we do not hear from you, we may unsubscribe you, stop sending you communications and remove/anonymise your personal data from our records. For instance, if you have provided personal data while raising a query, we may retain such personal data if your account is active on our system for a period of 1 (one) year. If your personal data is no longer needed for such purposes, we will notify you in accordance with this Clause, and then remove it or anonymize it by removing any identifiable details and cause our data processors, who process your personal data on behalf of us, to do the same.

ACCESS, CORRECTION AND ERASURE OF YOUR PERSONAL DATA

In the event you wish to: (i) request access and seek details in relation to the processing and disclosure activities undertaken by us or our data processors in respect of your personal data; (ii) request for change/correction in the personal data you have provided to us; (iii) request for erasure of your personal data; or (iv) wish to nominate another individual to exercise your rights in accordance with the Data Protection Legislation, please reach out to our Data Protection Officer, whose details are set out in this Notice.

ACCURACY OF PERSONAL DATA

Please note that we rely on you with regard to the accuracy of the information shared on the Platform. You hereby represent to us that: (i) the information you provide to us from time to time is and shall be authentic, correct, current and updated and you have all the rights, permissions and consents, as may be required, to provide such information to us; and (ii) your providing of the information to us and our consequent processing of such information shall not be in violation of applicable law.

We and each of our representatives, officers, directors, contractors and agents do not independently verify the accuracy and shall not be responsible for the authenticity of the information that you provide to us. You shall indemnify and hold harmless, us and each of our officers, directors, contractors, agents or any third party relying on the information provided by you in the event: (i) you are in breach of this Notice; and (ii) any suit, action or claim is brought against us by any third party with respect to the information provided by you to us.

CONSENT AND WITHDRAWAL

Where processing of your personal data is based on consent, you may manage, review or withdraw consent at any time. However, upon such withdrawal there may be certain consequences such as you may be unable to access the Platform, we may not be able to provide services to you or continue our engagement with you. Also, please note that your request for withdrawal will not affect the legality of any processing carried out before you withdraw your consent. Upon your request for withdrawal, the Company and its processors will cease processing your personal data within a reasonable time, unless otherwise required by applicable laws.

SECURITY OF YOUR PERSONAL DATA

The security of your personal data is of utmost importance. We implement appropriate technical and organizational measures to safeguard the information you provide, ensuring protection against loss, unauthorized access, disclosure, and misuse. These measures are designed to align with the sensitivity of the data we collect, process, and store, as well as the current advancements in technology. The Company implements reasonable security practices and procedures as mandated under the Data Protection Legislation and has implemented necessary internal control measures that are commensurate with respect to the personal data and information being collected and the nature of our business.

However, it is important to note that due to the inherent nature of electronic communication and information processing technology, we cannot guarantee absolute security against external intrusions while transmitting data over the internet or when it is stored in our systems. Additionally, when you click on a link leading to a third-party website, please be aware that you will be leaving our site, and we do not have control over or endorse the content found on such third-party sites.

LINKS TO THIRD PARTY WEBSITES

Our Platform may include links to third-party websites to which you may be redirected for convenience, transactions, and/or other services; these sites are not under our control and their privacy practices may differ from those of the Company. If you provide any personal data to any of those websites, your personal data will be governed by their privacy notices and statements. Once you have left our Platform, we shall not be responsible for the protection and privacy of any information for the period of absence from our Platform and for the information which you provide to any third-party websites. You should exercise caution and look at the privacy statement applicable to the website in question.

If you provide any information through third-party websites, you will be governed by the privacy policy and practises of such third-party platforms in addition to this Notice. For example, if you communicate with us through any messaging platform such as WhatsApp or Gmail, any personal data that you share with us during the course of your communication, including your name, contact details, or delivery address, will be governed by the privacy policy and data-handling practices of WhatsApp or Gmail, in addition to this Notice. We do not control how such third-party platforms process your personal data, and you should exercise caution and look at their applicable privacy notices before sharing personal data through them.

DISCLOSURE OF PERSONAL DATA TO THIRD PARTIES

We may disclose your personal data to third-parties, including third party service providers and our parent and subsidiary company(ies), affiliate(s), business partners, or collaborated institutions. Please note that we do not, or have not in the past, under any circumstances disclose/share your personal data for any additional purposes (other than as outlined in this Notice), unless we are entitled to do so under Data Protection Legislation or are required to fulfil a statutory obligation in compliance with Data Protection Legislation and other applicable laws. Where required, we will request for and seek your consent before transferring your personal data to third-parties. For avoidance of doubt, “third-parties” under this section includes third-party service providers, including contractors, data processors, IT service providers, data storage, hosting and service providers, analytics, error loggers, debt collectors, maintenance or problem-solving providers, professional advisors, payment systems operators, and financial institutions. We may disclose personal data under the following circumstances:

• (a) Third-Party Service Providers

  • These include vendors and partners who assist the Company in carrying out business operations such as scratch coupon processing, customer support, payment processing, website and application hosting, technology development, logistics, research, analytics, and IT support. Such service providers are authorised to process personal data only on our behalf, strictly in accordance with our instructions and for the purposes for which they are engaged.

• (b) Marketing, Media, and Analytics Partners

  • We may share personal data with advertising agencies, advertising networks, social media platforms, analytics providers, and other marketing or communication partners to enable promotional campaigns, audience measurement, analytics, and product-related communications. Such sharing shall be undertaken only in accordance with applicable law and, where required, based on your consent.

• (c) Data Enrichment and Personalisation Partners

  • To enhance user experience, personalise communications, and improve the relevance of offers, the Company may share personal data with trusted data enrichment or personalisation partners. Such sharing shall occur only for identified and lawful purposes, and where explicit user consent is required, such consent shall be obtained prior to such processing.

• (d) Data Security and Safeguards

  • All third parties with whom personal data is shared are required to implement appropriate contractual, technical, and organisational safeguards to ensure the confidentiality, integrity, and lawful processing of personal data in accordance with applicable Data Protection Legislation.

CROSS-BORDER TRANSFER OF YOUR PERSONAL DATA

We may transfer your personal data to our affiliates or business partners located outside India, for the purposes set out under this Notice. While the Data Protection Legislation currently does not restrict cross-border transfers, we will ensure that such affiliates or business partners provide a level of protection comparable to that offered by us. In the event of any such cross-border transfer of your personal data, we will ensure compliance with the Data Protection Legislation and also that such partners implement reasonable security measures. Your personal data will not be transferred to any country/territory outside India which is restricted/blacklisted by the Indian Government. Any cross- border transfer of personal data will be carried out in accordance with the applicable grounds of processing outlined in this Notice and in compliance with the requirements of the Data Protection Legislation.

PRIVACY GRIEVANCES

In case you have any questions or grievances with regard to the nature of processing your personal data undertaken by us, or any questions regarding this Notice, or you wish to withdraw your consent or exercise any of your rights available to you under applicable Data Protection Legislation, you may contact the Data Protection Officer (DPO) as identified below:

Name: Balwant Singh
Email: privacy@dsgroup.com
Contact: 0120-4032200
Address: C 6-10, Dharampal Satyapal (DS) Road, Sector-67, Noida – 201309

If you are a resident of India and have a complaint that we have not addressed to your satisfaction, you may refer the matter to the Data Protection Board of India, once constituted and notified by the Government of India, in accordance with the applicable provisions of the Data Protection Legislation.

UPDATES TO PRIVACY NOTICE

At our discretion, we may update our Notice from time to time to reflect updates in our business processes, current acceptable practices, or legislative or regulatory changes, and inclusion/ exclusion of target audience and stakeholders. All updates will be posted at the same link.

If the changes are significant and if required by applicable law, we will notify you through email, website alerts or your chosen communication preferences.

Last updated on 05th March, 2026