Privacy policy
This Privacy Policy governs the collection, processing, storage, disclosure, transfer, retention, and protection of personal data by By All Means (BAM) (“Company”, “we”, “us”, or “our”) in connection with the use of www.livebyallmeans.com (“Website”) and the purchase of products therefrom.
This Policy is issued in compliance with the Digital Personal Data Protection Act, 2023 (“DPDP Act”), the Information Technology Act, 2000, the Consumer Protection (E-Commerce) Rules, 2020, and all applicable Indian laws.
1. STATUS AS DATA FIDUCIARY
For the purposes of the DPDP Act, the Company acts as a Data Fiduciary in relation to personal data collected through the Website.
Registered Entity: By All Means (BAM)
Registered Office: PASH VENTURES
House no. 3450 Dev Nagar ,
Nagpur , Maharashtra 440015
Email: support@livebyallmeans.com
Mobile: +91 9373340861
2. CATEGORIES OF PERSONAL DATA COLLECTED
The Company may collect and process the following categories of personal data:
Identity Data, including name and contact details.
Contact Data, including billing and shipping address, email address, and phone number.
Transaction Data, including order history, payment confirmation status, refund history, and chargeback records.
Usage Data, including browsing behaviour, product interaction, clickstream data, and time spent on pages.
Communication Data, including customer support communications, grievances, and feedback submissions.
Marketing Preference Data, including subscription status and consent records.
The Company does not store complete debit card numbers, credit card numbers, UPI PINs, CVV codes, or other sensitive financial authentication credentials.
3. PURPOSE OF PROCESSING
Personal data is processed strictly for specified and lawful purposes, including:
- Performance of contract arising from product purchases.
- Order confirmation, dispatch coordination, and delivery management.
- Customer account administration and grievance redressal.
- Fraud detection, prevention of unauthorized transactions, and chargeback defence.
- Cybersecurity monitoring and system integrity maintenance.
- Regulatory, taxation, and accounting compliance.
- Enforcement of legal rights and dispute resolution.
- Marketing communications, where explicit consent has been obtained.
Personal data shall not be processed for purposes incompatible with the purpose for which it was originally collected.
4. LEGAL BASIS FOR PROCESSING
Processing of personal data is undertaken based on one or more of the following lawful grounds:
Consent of the Data Principal.
Performance of contractual obligations.
Compliance with legal obligations.
Legitimate uses permitted under applicable law.
Where processing is based on consent, such consent may be withdrawn by contacting the Company, subject to statutory limitations. Withdrawal shall not affect processing already undertaken prior to such withdrawal.
5. PAYMENT PROCESSING AND FINANCIAL DATA
All payment transactions are processed through authorized third-party payment gateway providers. By initiating payment, the User acknowledges that financial data may be transmitted directly to such third-party processors.
The Company does not directly store complete card credentials or sensitive authentication information. Payment processors operate independently and are responsible for their own regulatory compliance, including applicable RBI and PCI-DSS standards.
The Company shall not be liable for transaction failures, banking errors, reversals, or security breaches occurring within the infrastructure of third-party payment processors, except where directly attributable to proven negligence of the Company.
6. FRAUD PREVENTION
The Company may process transaction records, IP logs, device identifiers, delivery confirmations, communication records, and behavioural indicators to detect fraud and defend against payment chargebacks.
In the event of a dispute or chargeback initiated by a customer, the Company reserves the right to share relevant transaction evidence, including digital logs and delivery confirmations, with payment processors, acquiring banks, card networks, and dispute resolution authorities.
Electronic records generated through the Company’s systems shall constitute valid transaction evidence.
7. DISCLOSURE OF PERSONAL DATA
Personal data may be disclosed on a need-to-know basis to logistics partners, courier providers, payment processors, IT infrastructure providers, cybersecurity vendors, cloud hosting providers, professional advisors, auditors, and statutory authorities.
Disclosure to law enforcement or regulatory bodies shall occur only where legally required.
The Company does not sell personal data to third parties.
8. DATA PROCESSORS AND THIRD-PARTY SERVICE PROVIDERS
The Company may engage third-party service providers to process personal data on its behalf for hosting, analytics, communication, payment processing, fraud monitoring, and technical infrastructure.
Such service providers are contractually bound to maintain confidentiality, implement appropriate security safeguards, and process personal data only for specified purposes.
9. CROSS-BORDER DATA TRANSFER
Where personal data is processed outside India through authorized service providers, the Company implements reasonable contractual, technical, and organisational safeguards, including encryption, access control restrictions, and vendor compliance monitoring.
Cross-border transfers shall occur only in accordance with applicable legal permissions.
10. DATA RETENTION
Personal data shall be retained only for as long as necessary to fulfil contractual obligations, comply with regulatory requirements, address accounting and taxation obligations, defend legal claims, prevent fraud, and resolve disputes.
Upon expiry of the retention period, personal data shall be securely deleted or anonymised, unless continued retention is required by law.
11. DATA SECURITY MEASURES
The Company implements reasonable technical and organisational safeguards including encryption in transit, secure hosting infrastructure, access restriction mechanisms, monitoring systems, and incident response procedures.
While reasonable safeguards are maintained, no system can guarantee absolute security. The User acknowledges that transmission of information over the internet involves inherent risks.
12. CHILDREN’S DATA
The Website is not directed toward individuals under eighteen (18) years of age. The Company does not knowingly collect personal data of minors.
If personal data of a minor is inadvertently collected without lawful basis, such data shall be deleted in accordance with applicable law.
13. RIGHTS OF DATA PRINCIPALS
Subject to applicable law, Data Principals have the right to:
Seek confirmation regarding processing of personal data.
Request access to personal data.
Request correction of inaccurate or misleading data.
Request erasure of personal data where legally permissible.
Withdraw consent.
Nominate another individual to exercise rights in case of incapacity.
Lodge a grievance regarding processing.
Requests may be submitted to the designated Grievance Officer.
14. GRIEVANCE REDRESSAL MECHANISM
Email: support@livebyallmeans.com
Grievances shall be acknowledged within forty-eight (48) hours and resolved within thirty (30) days in accordance with statutory requirements.
15. DATA BREACH RESPONSE
In the event of a personal data breach that is likely to cause harm, the Company shall take reasonable mitigation steps and comply with statutory reporting obligations as required under applicable law.
16. AMENDMENTS TO THIS POLICY
The Company reserves the right to amend this Privacy Policy at any time. Updated versions shall be published on the Website with revised effective dates.
Continued use of the Website constitutes acceptance of the updated Policy.