Legal & Compliance

Privacy Policy

Effective Date: 09/04/2026

1. Introduction

Welcome to Shivra Ecom. We respect your privacy and are committed to protecting your personal data. This privacy policy will inform you as to how we look after your personal data when you visit our website (regardless of where you visit it from) and tell you about your privacy rights and how the law protects you.

Shivra Ecom ("we", "us", or "our") is the data controller and is responsible for your personal data.

2. The Data We Collect About You

We may collect, use, store, and transfer different kinds of personal data about you which we have grouped together as follows:

  • Identity Data: First name, last name, username or similar identifier, title.
  • Contact Data: Billing address, delivery address, email address, and telephone numbers.
  • Business Data: Company registration details, VAT numbers, eCommerce platform store links, and performance metrics necessary for our service delivery.
  • Financial Data: Bank account and payment card details (processed securely via our payment gateways).
  • Technical Data: Internet protocol (IP) address, browser type and version, time zone setting and location, browser plug-in types and versions, operating system, and platform.
  • Usage Data: Information about how you use our website and services.

3. How We Use Your Personal Data

We will only use your personal data when the law allows us to. Most commonly, we will use your personal data in the following circumstances:

  • Performance of a Contract: Where we need to perform the contract we are about to enter into or have entered into with you (e.g., providing eCommerce management services).
  • Legitimate Interests: Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
  • Legal Obligation: Where we need to comply with a legal or regulatory obligation (e.g., UK HMRC requirements).
  • Consent: We rely on consent only for sending third-party direct marketing communications to you via email. You have the right to withdraw consent at any time.

4. Disclosures of Your Personal Data

We may have to share your personal data with the parties set out below for the purposes outlined in Section 3:

  • Internal Third Parties: Our technology and development partner, Cyber Drift Solutions Private Limited, for the purposes of delivering web infrastructure, app development, or automation services.
  • External Third Parties: Service providers acting as processors (e.g., IT and system administration services), professional advisers (lawyers, bankers, auditors, insurers), and HM Revenue & Customs or other authorities based in the UK/EU.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

5. International Data Transfers

Some of our external third parties or partners (such as Cyber Drift Solutions) may be based outside the UK or the European Economic Area (EEA). Whenever we transfer your personal data out of the UK/EEA, we ensure a similar degree of protection is afforded to it by implementing at least one of the following safeguards:

  • Transferring data to countries that have been deemed to provide an adequate level of protection.
  • Using specific contracts approved for use in the UK/EEA which give personal data the same protection it has within the UK/EEA (Standard Contractual Clauses).

6. Data Security & Retention

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements.