Privacy Policy

Summary

LaBiryani collects only the personal data needed to process orders, deliver food, support customer service, and run marketing with consent; data is protected with appropriate security controls, retained only as long as necessary, and individuals can access, correct, or delete their data under India’s DPDP Act.

About LaBiryani

Company: LaBiryani [Legal name: MultiKron LLP]
Address: Sector 1, 379 B, Vaishali, Ghaziabad, Uttar Pradesh - 201010
Contact: privacy@labiryani.in for privacy queries

This Privacy Policy explains how personal data is collected, used, shared, secured, and the rights available under India’s Digital Personal Data Protection Act.

Scope

Applies to LaBiryani’s website, mobile app, WhatsApp Business, call center, in-app ordering, third-party marketplaces (e.g., delivery aggregators), social pages, and offline interactions related to ordering and customer support.
Also covers marketing communications, loyalty programs, surveys, and complaint handling operated by or for LaBiryani.

Data We Collect

Identity and contact: name, phone, email, delivery address, and optional profile photo for accounts and delivery identification.
Order and payment: order history, cart contents, preferences, payment method tokens from payment gateways; LaBiryani does not store full card data.
Device/technical: IP address, app identifiers, cookies, session logs, and analytics data for performance and fraud prevention.
Communications: support messages, call recordings where permitted, complaints, and feedback.
Marketing preferences: opt-ins, campaign interactions, and survey responses.

How We Use Data

Fulfilling orders: account creation, order processing, delivery, refunds, and customer support.
Service improvement: quality checks, menu optimization, analytics, and fraud prevention.
Legal and security: compliance with tax/consumer laws, responding to lawful requests, incident investigation, and breach notifications where required.
Marketing with consent: offers, newsletters, and remarketing via email, SMS, WhatsApp, and push notifications; opt-out anytime.

Legal Basis and Consent

Primary bases: consent, performance of a contract (to deliver orders), compliance with legal obligations, and legitimate interests (e.g., security, service improvement).
Consent is explicit, informed, specific, and revocable; notices are clear and in plain language per DPDP rules.

Sharing and Disclosures

Delivery and logistics partners to deliver orders; only necessary data is shared.
Payment gateways and processors for payments; LaBiryani does not store full payment credentials.
Technology vendors for hosting, SMS/email/WhatsApp, analytics, and customer support tools under data processing agreements.
Legal/regulatory authorities as required by law or to protect rights, safety, and security.

International Transfers

Personal data may be processed on servers or by vendors located outside India; transfers are made subject to DPDP Act requirements and any future Rules on cross-border transfers.
Where required, contractual safeguards and localization of specified categories will be applied per evolving DPDP Rules 2025.

Data Retention

Retained only as long as necessary for the purposes described: typically account lifetime plus a limited period for legal, audit, and tax requirements.
Anonymized or aggregated data may be retained for analytics and reporting.

Security

Administrative, technical, and physical safeguards, including encryption in transit, access controls, and vulnerability management appropriate to risk.
Vendors are required to implement comparable controls and are onboarded under confidentiality and security obligations.

Individual Rights

Rights under the DPDP Act include: access, correction, deletion, grievance redressal, and withdrawal of consent without affecting prior lawful processing.
Requests can be made via privacy@labiryani.in; identity verification may be required; responses will follow statutory timelines.

Cookies and Similar Technologies

Essential cookies for login, cart, and checkout; analytics cookies to improve performance; marketing cookies used only with consent.
Cookie settings can be managed in-browser/app; disabling essential cookies may impact functionality.

Children’s Data

Services are for individuals 18+; no knowing collection from children; guardians may contact to request deletion if such data is inadvertently collected.

WhatsApp, SMS, and Calls

Order updates, support, and offers may be sent via WhatsApp/SMS/calls; opt-out links or STOP keywords are honored per channel capabilities.
Call recordings for quality and training where permitted and disclosed at call start.

Third-Party Marketplaces

If ordering via aggregators, their privacy policies apply to data they collect; LaBiryani receives only order-relevant data to fulfill the order.
Users should review marketplace privacy policies separately.

Data Breaches

Suspected breaches are investigated and, where required, notified to authorities and affected individuals within mandated timelines under DPDP.
Incident response includes containment, assessment, remediation, and communication.

Data Protection Officer/Grievance

Contact: [Name/Title], Email: privacy@labiryani.in, Postal Address: [provide full address] for privacy complaints and rights requests. If unresolved, complaints may be escalated to the Data Protection Board under the DPDP framework.

Changes to This Policy

This policy may be updated to reflect legal, technical, or business changes; the “Last updated” date will be revised and material changes communicated where required.
Continued use of services after updates signifies acceptance of the revised Policy.

Effective Date

Last updated: 28 August 2025; effective upon publication on LaBiryani channels.

How to Exercise Rights

Email: privacy@labiryani.in; Subject: “DPDP Request – [Access/Correction/Deletion/Consent Withdrawal]”; include registered mobile/email and order IDs for verification.
Typical response time: within statutory timelines; complex requests may require additional time with notification.