Heritage Foods was founded with a singular purpose: to create and share wealth ethically within the farming community through a structured and sustainable approach.

At its inception, the farming community was fragmented, lacking guidance and a unified voice.

Today, I am proud to say that we have successfully fulfilled our mission by staying true to our vision of fostering economic growth and empowering farmers.

As trustees, we pledge to uphold our moral compass, ensuring it always points to the true north, as we continue this journey of ethical and inclusive prosperity.

Smt. Bhuvaneswari Nara
Vice Chairperson & Managing Director

I BELIEVE

Smt. Bhuvaneswari Nara

Digital Personal Data Protection (DPDP) Policy


Introduction

Heritage Foods Limited ("Company" or "Data Fiduciary") is committed to protecting personal data in a lawful, fair, and transparent manner. This Policy is framed in accordance with the Digital Personal Data Protection Act, 2023 ("DPDP Act") and outlines how personal data is collected, processed, stored, and protected.

Scope and Applicability

This Policy applies to all Data Principals including suppliers, distributors, stores, and users who access or use the Company’s application, services, or platforms within India.

Definitions

For the purpose of this Policy:
  • • Data Principal means an individual to whom the personal data relates.
  • • Data Fiduciary means Heritage Foods Limited which determines the purpose and means of processing personal data.
  • • Data Processor means any person who processes personal data on behalf of the Company.
  • • Personal Data means any data about an individual who is identifiable by or in relation to such data.
  • • Processing means collection, storage, use, sharing, or deletion of personal data.
  • • Consent means free, specific, informed, unconditional, and unambiguous indication of agreement by the Data Principal.

Principles of Data Processing

The Company adheres to the following principles:
  • • Lawful and transparent processing
  • • Purpose limitation
  • • Data minimization
  • • Accuracy of data
  • • Storage limitation
  • • Security safeguards
  • • Accountability

Collection of Personal Data

The Company collects personal data such as identity details, contact information, business details, transaction data, device information, and location data necessary for providing services.

Mode of Collection

Personal data is collected directly from Data Principals through registration, transactions, and communications, and indirectly through cookies, analytics tools, and device identifiers.

Consent Management

The Company obtains valid consent prior to processing personal data. Data Principals have the right to withdraw consent at any time, subject to legal obligations.

Purpose of Processing

Personal data is processed for:
  • • User registration and account management
  • • Order processing and service delivery
  • • Communication and support
  • • Personalization and analytics
  • • Compliance with legal obligations

Use of personal data

The Company uses personal data only for the purposes specified at the time of collection and ensures no unauthorized use.

Disclosure of Personal Data

Personal data may be shared with:
  • • Affiliates and group companies
  • • Authorized service providers
  • • Government authorities where required by law

Third-party Processing

All Data Processors are bound by contractual obligations to ensure confidentiality and security of personal data.

Data Security Measures

The Company implements technical and organizational measures including encryption, access control, and audits to protect personal data.

Data Retention

Personal data is retained only as long as necessary for the specified purpose or as required by law.

Data Deletion

Upon fulfillment of purpose, personal data is securely deleted or anonymized unless retention is legally required.

Rights of Data Principals

Data Principals have the right to:
  • • Access personal data
  • • Correct inaccurate data
  • • Request erasure
  • • Withdraw consent
  • • Grievance redressal

Access and Correction

The Company provides mechanisms for Data Principals to access and update their personal data.

Erasure Rights

Data Principals may request deletion of personal data, subject to legal and contractual obligations.

Withdrawal of Consent

Withdrawal of consent will result in cessation of processing unless otherwise required by law.

Grievance Redressal

The Company shall appoint a Grievance Officer to address concerns relating to personal data processing.

Data Breach Management

In case of a personal data breach, the Company shall notify affected Data Principals and relevant authorities as per the DPDP Act.

Cookies and Tracking Technologies

The Company uses cookies to enhance user experience, analyze performance, and provide personalized services.

Cross-border Data Transfer

Personal data may be transferred outside India subject to compliance with applicable laws and safeguards.

Children’s Data

The Company shall not knowingly process personal data of children without verifiable parental consent, as required under law.

Accountability

The Company maintains records of processing activities and ensures compliance with the DPDP Act.

Employee Responsibility

Employees handling personal data are bound by confidentiality obligations and trained in data protection practices.

Audit and Compliance

Regular audits and reviews are conducted to ensure adherence to this Policy and applicable laws.

Policy Updates

This Policy may be updated from time to time to reflect changes in legal or operational requirements.

User Acceptance

Continued use of services constitutes acceptance of this Policy unless fresh consent is required.

Governing Law

This Policy shall be governed by the laws of India and subject to jurisdiction of competent courts.