PRIVACY POLICY

The Misto and Misto Business mobile application and the domain [xyz.misto.life] (“Domain”) (collectively referred to as, “Misto Platform”) are made available by HaaBtek Labs Private Limited (“Misto”, “Misto Business”, “Misto Life”, “Company”, “We”, “Us” and “Our”), a private company established under the laws of India, having its registered office at 181 Tagore Park, Delhi 110009.

"Sellers", can use their accounts on the Misto Platform to build their online stores (“Stores”) which can be accessed by customers (“Customers”) via the Misto Platform. Sellers can also avail of various Services (as described below) including services from third-party service providers (“Partners”).

This Privacy Policy (“Policy”) describes how personal information is collected, used, disclosed, or otherwise processed when Sellers, Customers, and Partners (collectively referred to as “You” / “Your”) use the Misto Platform.

The term “Services” refers to any services offered by Misto, including but not limited to:

Providing access to the Misto Platform, with the included tools, menus, software, options, features, and functionality, as an integrated Software As a Service (“SaaS”) solution, to enable Sellers to register with us and create customized, bespoke, online Stores which can be used by Customers who visit them to purchase products and services from the Sellers;

Providing Sellers access to the Misto Platform to build their stores and subdomain within the Domain where Stores can be hosted by Sellers and accessed by Customers;

Providing data analytics services to Sellers to help them track and evaluate customer interactions and transactions that take place in the Stores; and

Providing access to multiple services such as delivery, logistics, payment solutions, advertising, etc., directly, or by enabling various Partners.
(collectively, “Services”).

Please read this Policy before using the Misto Platform, accessing a Store, or submitting any information that can be used to identify you or any other natural person (“Personal Data”) on it. This Policy is a part of and incorporated within, and is to be read along with, the Terms of Use (“Terms”). For the purposes of this policy, certain words, unless defined herein shall have the same definition as ascribed under the Terms. By using the Misto Platform, Stores, or Services, you confirm that you have read, understood, and agree with the privacy practices described in this Policy, and the Terms and the collection, storage, and processing of your information in accordance with them.

GENERAL TERMS ON ACCESS

By accessing or using the Misto Platform, Stores, or the Services, or by otherwise giving us your information, you confirm that you can enter into a legally binding contract under the Indian Contract Act, 1872, and have read, understood, and agree with the privacy practices described in this Policy, and the collection, storage, and processing of your information in accordance with them. Please go through this Policy in detail and contact us if you have any questions or require any clarifications.

If you are under 18 years of age, then please do not use or access the Service(s) at any time or in any manner.

As a Seller, you agree to comply with this obligation and to otherwise comply with any data correction, erasure, deletion, or other similar obligations.

As a Seller, you undertake not to collect or otherwise cause, or, permit, the collection of) any data relating to children, and to honor any access, correction, deletion, or disclosure requirements promptly, and efficaciously, and in an event, no later than is required under the applicable laws.

YOUR CONSENT

By using the Misto Platform, Stores, and Services, you agree, and consent to the collection, transfer, use, storage, disclosure, and sharing of your information, including third parties whether in India or abroad, as described and collected by us in accordance with this Policy. If you do not agree with the Policy, please do not use or access the Misto Platform, or the Stores. If you are accessing or using Services, the Misto Platform, or the Stores from an overseas location, you do so at your own risk and shall be solely liable for compliance with any applicable laws.

As a Seller, you undertake to comply with applicable laws notify Customers, and obtain their consent for you, as the seller, or the company to collect, use, and further share their personal data through the Store’s privacy policy and terms and conditions.

POLICY CHANGES

We may occasionally update this Policy and such changes will be posted on this page. If we make any significant changes to this Policy we will endeavor to provide you with reasonable notice of such changes, such as via prominent notice on the Misto Platform, or to your email address on record, and where required by applicable law, we will obtain your consent. Please note that your continued use of our Services after we publish, or send a notice about our changes to this Policy shall constitute your consent to the updated Policy.

LINKS TO OTHER APPS OR WEBSITES

The Misto Platform enables the creation of Stores and may also link to other mobile apps or websites.

Any Personal Data about you collected while visiting the Stores, or other websites, is not governed by this Policy. While Misto requires Sellers to operate their Stores in accordance with applicable law, it is not responsible for and has no control over the practices and content of the Sellers, Stores, Partners, or any website, that may be linked from the Misto Platform.

You further acknowledge and agree that we are not liable for any loss or damage which may be incurred by you as a result of the collection and/or disclosure of your information by the Sellers, Partners, or via third-party websites, as a result of any reliance placed by you on the completeness, accuracy or existence of any advertising, services, or other materials on, or available via such third party links. This will include all transactions, and information transmitted therein, between you, and any such third-party sites or resources, such transactions are strictly bi-partite. We shall not be liable for any disputes arising from or in connection with such transactions between you and the aforementioned third parties.

INFORMATION WE COLLECT FROM YOU

Personal Data Collected from Sellers

If you are a Seller who registers on our Misto Platform to avail of our Services, we collect all information that you provide to us about yourself and your business, such as your name, details of individuals associated with your business, name of your business, business, and warehouse address, email address, phone number and copies of government-issued identification.

We may also collect sensitive personal data or information (“SPDI”) about you when you use our Service(s) on the Misto Platform. This information may include financial information, identity information, business documentation, contracting, and other related information that we receive from you, or, on your behalf, such as your payment gateway information.

Besides your information, you understand that in order to power your Stores, We provide you our Services, and for the other purposes as detailed in this Policy, we may also have access to, process, and further share with our Partners information about Customers who visit your Stores or make purchases from you, based on the information that you make available to us. Information about Customers may include their name, address, email address, phone number, gender, date of birth, special dates, purchase pattern, product preference, price preference, transactions that take place in your Stores, and any other information provided by you to us to provide our Services. You agree and acknowledge that Customers have been notified of and have consented to such collection, use, and further sharing of their personal data by both the Seller and by the Company, for their individual purposes, through the Store’s privacy policy and terms and conditions.

Personal Data Collected from Customers

If you are a Customer visiting or transacting at a Store, you understand that certain personal data in the nature of the name, billing address, email address, dob, special dates, shipping address, transaction details, and payment details may be collected from you by the Sellers, Partners or the Company. While this Policy lays down the Purposes for which we collect and process your personal data and our privacy practices in relation to such data, you understand and acknowledge that this Policy does not cover the privacy practices of the Sellers who you transact with or the Partners providing your any services. While our Policy requires Sellers and Partners to collect, store, process, and disclose your information, in compliance with applicable laws, you acknowledge that Misto is not responsible for, and has no control over, the practices and content of the privacy policy of the Sellers, Stores or Partners. You are therefore requested to refer to the privacy policy of the relevant Store or the relevant Partner to understand how they collect, store, process, and disclose your personal information.

While transacting with Stores on the Platform, you may provide your financial information including without limitation your bank account details, credit card account details, or your details pertaining to any payment settlement or pre-paid instrument service provider. You understand, agree, and acknowledge that the Platform does not receive or have access to such financial information from these service providers. Your personal information, sensitive personal information, and financial information will be dealt with by these service providers in accordance with their respective privacy policies and other terms and conditions and Platform shall not be liable, accountable, or responsible for your personal information, sensitive personal information, and financial information which you provide to these service providers.

Personal Data Collected from Partners

If you have partnered with us to facilitate us to provide Services to the Sellers, we may collect the information you provide about yourself and your business, such as your name, details of individuals associated with your business, name of your business, address, email address, phone number and copies of government-issued identification. We may also collect data relating to the transactions between you and the Sellers, such as the status of an order, the settlement amount of an order, or details of amounts reflected in the wallet of Sellers, to enable us to provide services to the Sellers or otherwise optimize the functionality of the Platform.

We may also collect SPDI such as financial information we receive from you for any transactions that may be effectuated between you and the Company.

Personal Data and Sensitive Personal Data or Information

The IT Act and the SPDI Rules regulate the collection, usage, retention, and disclosure of personal information, including SPDI. Under the SPDI Rules, SPDI is defined as any information that relates to a natural person and, either directly or indirectly, in combination with other information available or likely to be available to a body corporate, is capable of identifying such person.

All Personal Data and SPDI are provided by you to us, voluntarily. By providing us your Personal Data, and SPDI, you provide your express consent to us to collect, store, process, transfer, and disclose to third parties your Personal Data and SPDI in accordance with the terms of this Policy.

You may choose to not provide us with any or all information, but in the event that you do so, we may be unable to provide you with our Services.

Device Information

To improve your experience on the Platform and lend stability to our Services, we may collect information or employ third-party plugins that collect information about the devices you use to access our Services, including the hardware models, operating systems and versions, software, file names and versions, preferred languages, unique device identifiers, advertising identifiers, serial numbers, device motion information, mobile network information, installed applications on device and phone state.

The information collected thus will be disclosed to or collected directly by these plugins and may be used to improve the content and/or functionality of the services offered to you. Analytics companies may use mobile device IDs to track your usage of the Misto Platform or the Stores;

Other Information

Further, we might receive information and Personal Data about you, from publicly available sources, information shared by social media platforms you are associated with, and. from other sources including from our Partners, advertisers, or information about you from our group companies.

COOKIES

The Misto Platform, Stores, Sellers, Partners, and other third parties, may use cookies, pixel tags, web beacons, mobile device IDs, “flash cookies” and similar files or technologies to collect and store information with respect to your use of the Services and third-party websites.

Cookies are small files that are stored on your browser or device by websites, apps, online media, and advertisements. We use cookies and similar technologies for purposes such as:

  1. Authenticating users;
  2. Remembering user preferences and settings;
  3. Delivering and measuring the effectiveness of advertising campaigns;
  4. Analysing Misto Platform or Store traffic and trends, and generally understanding the online behaviors and interests of people who interact with our Services.

A pixel tag (also called a web beacon or clear GIF) is a tiny graphic with a unique identifier, embedded invisibly on a webpage (or an online ad or email), and is used to count or track things like activity on a webpage or ad impressions or clicks, as well as to access cookies stored on users’ computers. We use pixel tags to measure the popularity of our various pages, features, and services. We also may include web beacons in e-mail messages or newsletters to determine whether the message has been opened and for other analytics.

We may also allow third parties to provide audience measurement and analytics services for us, to serve advertisements on our behalf across the Internet, and to track and report on the performance of those advertisements. These entities may use cookies, web beacons, SDKs, and other technologies to identify your device when you visit the Misto Platform or Stores and use our Services, as well as when you visit other online sites and services.

USES OF YOUR INFORMATION

We use the information we collect for the following purposes (collectively referred to as purposes), including, but not limited to:-

  1. To provide, maintain, and improve our Services;
  2. To carry out our obligations arising from any contracts entered into between you and us and to provide you with the relevant information and Services;
  3. To administer and enhance the security of our Misto Platform, the Stores, and for internal operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes;
  4. To provide Sellers with information about services we consider similar to those that a Seller is already using, or has enquired about, or may interest a Seller. We will contact Sellers by electronic means (e-mail, SMS, telephone, or other internet-based instant messaging systems) with information about these services;
  5. To understand the Sellers, their Customers, and Partners (what they do on our Services, what features they like, how they use them, etc.), improve the content and features of our Services (such as by personalizing content to Seller’s requirements), process and complete transactions, make special offers on Misto Platform, provide you support, process and respond to your queries;
  6. To generate and review reports and data about, and to conduct research on, our user base and Service usage patterns;
  7. To allow Sellers to participate in interactive features of our Services, if any;
  8. To measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you;
  9. To carry out academic research with academic partners;
  10. To comply with applicable law;
  11. To investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms, or as otherwise required by law; or
  12. For any other purposes that are permissible under applicable law.

Further, we may receive data on Customers from our Sellers and Partners, for the following purposes:

  1. To provide our Services effectively to Sellers, including data analysis, delivery, provision of logistics, and advertisements;
  2. To help Sellers customize their Stores based on Customer preferences and other information that Sellers share with us;
  3. To help Sellers and other third-party Service Providers process order-related information of Customers;
  4. To improve the functionality and features of our Misto Platform and the Stores;
  5. To operate and improve the Misto Platform in order to foster a positive experience for Customers;
  6. For research, growth, and development of our and our group entities’ business;
  7. To respond to Customer’s requests and communicate with Customers when a Store is no longer existent;
  8. To comply with applicable law;
  9. To investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, violations of our Terms, or as otherwise required by law; or

For any other purposes that are permissible under applicable law.

We may combine the information that we receive from third parties with the information you give to us and the information we collect about you for the purposes set out above. Further, we may anonymize and/or de-identify information collected from you through the Services or via other means, including via the use of third-party web analytic tools. As a result, our use and disclosure of aggregated and/or de-identified information is not restricted by this Policy, and it may be used and disclosed to others without limitation.

We analyze the log files of our Misto Platform that may contain Internet Protocol (IP) addresses, browser type and language, Internet service provider (ISP), device information, referring, app crashes, page viewed and exit websites and applications, operating system, date/time stamp, and clickstream data. This helps us to administer the website and mobile application, to learn about user behavior, to improve our Services, and to gather demographic information about our user base as a whole.

As a Seller, you agree to list the purposes for which the Company may collect personal information from Customers, in the Store’s privacy policy, so that Customers are informed of the purposes for which the Company collects, processes, or further shares their information.

DISCLOSURE AND DISTRIBUTION OF YOUR INFORMATION

We may share the information that we collect with third parties. We only share Personal Data as described below after ensuring that such third party has implemented data protection measures, at least as protective as those described in this Policy, or as required under applicable laws. By using the Misto Platform, the Stores, or availing our Services, you accept the terms hereof and hereby consent to the storage and processing of the Personal Data and SPDI by third parties.

  1. With Sellers: We may share your information with Sellers in accordance with this Policy for the Purposes. If you are a Partner, we may share your information with Sellers to provide them with the Services.
  2. With Partners: We may share your information with our Partners, consultants, marketing partners, research firms, and other service providers or business partners, such as payment and delivery processing companies, to support our business. For example, your information may be shared with Partners to send you emails and messages or push notifications to your devices in relation to our Services, to help us analyze and improve the use of our Services, to process and collect payments. We also may use partners for other projects, such as conducting surveys for us.
  3. With Academic Partners: We may share your information with our academic partners to carry out academic research.
  4. For Crime Prevention or Investigation: We may share this information with governmental agencies or other companies assisting us when we are:
    1. Obligated or permitted under the applicable laws to respond to court orders and processes or otherwise in good faith in furtherance of the above;
    2. Detecting and preventing against actual or potential occurrence of identity theft, fraud, abuse of Services, and other illegal acts;
    3. Responding to claims that an advertisement, posting, or other content violates the intellectual property rights of a third party;
    4. Under a duty, or otherwise required, to disclose or share your personal data in order to enforce our Terms and other agreements, policies or to protect the rights, property, or safety of the Company, our customers, or others, or in the event of a claim or dispute relating to your use of our Services. This includes exchanging information with other companies and organizations for the purposes of fraud detection and credit risk reduction.
  5. Sharing upon merger or amalgamation or intra-group transfer: Any third party to which we transfer or propose to transfer or sell any assets, merge or consolidate with, will have the right to access the information (including SPDI) provided to us by you, in accordance with the Terms and this Policy.
  6. Transfer to affiliates of the Company, third parties, and outside India: Subject to applicable law, we may at our sole discretion, transfer Personal Data and SPDI to any other body corporate (as defined under the Information Technology Act, 2000) that ensures a comparable level of protection to the data. By using the Misto Platform, Stores, or our Services, you accept the terms hereof and hereby consent to us sharing with and/or processing your Personal Data and SPDI by with any present or future member of our “Group” (as defined below) or affiliates for our internal business purposes, including in any location outside India, provided that they ensure that your SPDI is protected in compliance with standards that are comparable to the standards of protection afforded to it in India. The term “Group” means, with respect to any person, any entity that is controlled by such person, any entity that controls such person, or any entity that is under common control with such person, whether directly or indirectly, or, in the case of a natural person, any Relative (as such term is defined in the Companies Act, 1956 and Companies Act, 2013 to the extent applicable) of such person.
  7. With Advertisers and advertising networks: We may work with third parties such as network advertisers to serve advertisements on the Misto Platform and third-party websites or other media (e.g., social networking platforms). These third parties may use cookies, JavaScript, web beacons (including clear GIFs), Flash LSOs, and other tracking technologies to measure the effectiveness of their ads and to personalize advertising content for you. While you cannot opt out of advertising on the Misto Platform, you may opt out of much interest-based advertising on third-party sites and through third-party ad networks. Opting out means that you will no longer receive personalized ads from third-party ad networks from which you have opted out, which is based on your browsing information across multiple sites and online services. If you delete cookies or change devices, your opt-out may no longer be effective.
  8. To fulfill the purpose for which you provide it.
  9. We may share your information other than as described in this Policy if we notify you and you consent to such sharing.

DATA SECURITY PRECAUTIONS

We have in place appropriate technical and security measures to secure the information collected by us.

You are advised not to send your full credit/debit card details through unencrypted electronic platforms. Where you have registered using your mobile number and authenticated with an OTP that enables you to access certain parts of the Misto Platform, you are responsible for keeping these details confidential. We ask you not to share your access details with anyone.

Please be aware that the transmission of information via the Internet is not completely secure. Although we will do our best to protect your personal data, we cannot guarantee the security of your data transmitted through the Misto Platform. Once we have received your information, we will use strict physical, electronic, and procedural safeguards to try to prevent unauthorized access.

If you suspect any unauthorized use of your account, you must immediately notify us by sending an email to the contact details indicated in the contact section. You shall be liable to indemnify us due to any loss suffered by us due to such unauthorized use of your account or password.

Under certain circumstances, we shall not be able to take your prior consent before disclosing your information in case the information is demanded by government agencies or otherwise mandated under law to obtain SPDI, or during the investigation of cyber incidents, prosecution of offenses, etc.

Further, we shall not be responsible for any breach of security or for any actions of any third parties or events that are beyond our reasonable control including but not limited to acts of government, computer hacking, unauthorized access to computer data and storage devices, computer crashes, breach of security and encryption, poor quality of internet service or telephone service of the Seller, Customer or Partner, etc.

As a Seller and a Partner, to the extent you collect SPDI of Customers, you agree to comply with your obligations of having in place reasonable security measures, in accordance with the applicable law.

OPT-OUT

We maintain records of Personal Data and SPDI collected on the Platform, only till such time it is required for the Purposes after which the same is archived using permitted encryption protocols.

When you sign up for an account, you are opting in to receive emails, SMS, and WhatsApp messages from the Misto Platform. You can log in to the Misto Platform to manage your preferences and you can follow the “unsubscribe” instructions in commercial emails to manage your email preferences, but note that you cannot opt out of receiving certain administrative notices, service notices, or legal notices from Misto Platform.

CORRECTIONS AND AMENDMENTS TO YOUR INFORMATION

Rights of Sellers, Customers, and Partners:

You may review, correct, update, or change the information that you have provided, by logging into your account. Should you choose to update your personal information or SPDI or modify it in a way that is not verifiable by us, or leads to such information being incorrect, we will be unable to provide you with access to our Misto Platforms or the Services. We reserve the right to verify and authenticate your identity and your personal information to ensure accurate provision of Services. Access to or correction, updating, or deletion of your Personal Data or SPDI may be denied or limited by us if it would violate another person’s rights, and/or is not otherwise permitted by applicable law.

You should be aware that some of the Personal Data that may have been shared on third-party websites may continue to be available as we do not have control over these websites. Your Personal Data may also appear in online searches. Other Personal Data that you have shared with others, or that other users have copied, may also remain visible. You should only share Personal Data with people that you trust because they will be able to save it or re-share it with others, including when they sync the Personal Data to a device.

Rights of Customers and Obligations of Sellers:

As a Seller, you agree to promptly, and no later than 24 (twenty-four) hours, inform us: (a) of any request from the Customer to modify, amend, or delete any information of the Customer that has been shared with us and any other notices or communications that Customer may make in relation to their data on a Store or the Misto Platform. Further, as a Seller, you agree to comply with any data correction, erasure, deletion, or other similar obligations.

As a Customer, when you visit or purchase from a Seller Store, you acknowledge that the Seller controls your information including the manner of its usage, storage, and the duration of its retention. Both the Seller and the Customer agree that the Company shall not be liable for any disputes arising from or in connection with such processing or the Seller’s data privacy practices. If a Customer wishes to make any request for amendment, correction, updating, or deletion of information, you should also make the request directly to the Seller in accordance with the Store’s privacy policy. While we require Sellers to promptly support your request, we are not responsible for compliance by the Seller.

GRIEVANCE OFFICER AND MISTO PLATFORM SECURITY

If you have any queries relating to the processing or usage of information provided by you in connection with this Policy, or if you come across any abuse or violation of the Policy, please write to us at connect@misto.life. We shall endeavour to resolve your grievances within 15 (fifteen) days from the date of receipt of such grievances, however, in certain cases, it may take a longer time.

Further, please note that the Misto Platform stores your data with the cloud platform Kloudust provided by TekMonks Pte Ltd which may store this data on its servers located outside of India. The service provider has security measures in place to protect the loss, misuse, and alteration of the information.

MISCELLANEOUS

Disclaimer: We cannot ensure that all of your Personal Data and SPDI will never be disclosed in ways not otherwise described in this Policy. Therefore, although we are committed to protecting your privacy, we do not promise, and you should not expect, that your information or private communications will always remain private. While using the Misto Platform, Stores or availing any of our Services, you understand and agree that you assume all responsibility and risk for your use of the Misto Platform, Stores, and Internet generally, and the information you post or access and for your conduct on and off the Misto Platform.

Indemnity: You agree and undertake to indemnify us in any suit or dispute by any third party arising out of disclosure of information by you to third parties either through our Misto Platforms or otherwise and your use and access of websites, applications, and resources of third parties.

Severability: Each clause of this Policy shall be, and remain separate from independent of, and severable from all and any other clauses herein, except where otherwise expressly indicated or indicated by the context of the Policy. The decision or declaration that one or more clauses are null and void shall not affect the remaining clauses of this Policy.

Limitation of Liability: The Company shall not be liable for any consequential, incidental, special, indirect, exemplary, or punitive damages, or damages for any loss of profits, revenue, or business, regardless of the nature of the claim, even if the Company has been notified of the possibility of such damages. In any event, and without prejudice to the foregoing, the company shall not be liable for more than the value of the product.

Governing Law and Jurisdiction: This Policy shall be governed by the laws of India as applicable between residents of India without regard to any principles of conflict of laws. Subject to the Terms, any and all disputes arising hereunder shall be subject to the exclusive jurisdiction of the courts situated in Delhi, India.