This Privacy Policy (“Policy”) is issued in accordance with the Digital Personal Data Protection Act, 2023 (“DPDP Act”) and other applicable laws of India.
This Policy governs the processing of Personal Data of restaurants, cloud kitchens, food vendors, and their authorized representatives (collectively referred to as “Vendors”) by *Flick9* (hereinafter referred to as the “Company” or “Data Fiduciary”).
1. Definitions
1.1 Personal Data
“Personal Data” means any data about an identifiable individual, including owners, partners, directors, or authorized signatories of the Vendor, as defined under the DPDP Act.
1.2 Data Fiduciary
“Data Fiduciary” means Flick9, which determines the purpose and means of processing Personal Data.
1.3 Data Principal
“Data Principal” means the individual to whom the Personal Data relates, including Vendor owners or authorized persons.
1.4 Processing
“Processing” includes collection, storage, use, disclosure, sharing, or deletion of Personal Data.
2. Collection of Personal Data
The Company may collect and process the following categories of Personal Data:
- Name, contact details, and identification details of owners or authorized signatories
- Business registration documents (FSSAI, GST, PAN, trade licenses)
- Bank account and settlement details
- Business address and operational details
- Menu information, pricing, images, and descriptions
- Order history, transaction records, ratings, and reviews
- Communications between the Vendor and the Company
3. Lawful Purpose and Consent
3.1 Personal Data shall be processed only for lawful purposes connected with providing platform services.
3.2 Processing is based on:
- Consent provided by the Vendor or Data Principal; and/or
- Legitimate use as permitted under the DPDP Act, including contractual necessity and legal compliance
3.3 Consent may be withdrawn at any time; however, withdrawal may impact the Vendor’s ability to use the Platform.
4. Purposes of Processing
Personal Data shall be processed for the following purposes:
- Vendor onboarding, verification, and compliance
- Listing, marketing, and sale of food products on the Platform
- Order processing, delivery coordination, and payment settlement
- Customer support, refunds, complaints, and dispute resolution
- Compliance with legal and regulatory obligations
- Fraud prevention, security, and platform integrity
5. Sharing and Disclosure of Personal Data
5.1The Company shall not sell or commercially exploit Personal Data.
5.2Personal Data may be shared with:
- Customers (limited to business-related information)
- Delivery partners for order fulfillment
- Payment gateways, banks, and financial institutions
- Technology service providers acting as Data Processors
- Government authorities where required by law
All Data Processors shall be bound by contractual confidentiality and security obligations.
6. Data Security Safeguards
6.1The Company shall implement reasonable security safeguards as required under Section 8 of the DPDP Act to prevent Personal Data breaches.
6.2In the event of a Personal Data breach, the Company shall take necessary remedial actions and notify authorities where legally required.
7. Data Retention and Erasure
7.1Personal Data shall be retained only for as long as necessary to fulfill the stated purposes or to comply with applicable law.
7.2Upon termination of the Vendor relationship, Personal Data shall be erased unless retention is required for legal, regulatory, or dispute-resolution purposes.
8. Rights of Data Principal
In accordance with the DPDP Act, Data Principals have the right to:
- Obtain information about the processing of their Personal Data
- Request correction or updating of inaccurate Personal Data
- Request erasure of Personal Data, subject to legal obligations
- Withdraw consent at any time
- Nominate another person to exercise rights in case of incapacity or death
Requests may be made as per the grievance mechanism provided below.
9. Obligations of Vendors
Vendors agree to:
- Ensure accuracy of Personal Data provided
- Obtain necessary consents from individuals whose data is shared
- Comply with applicable data protection laws
- Protect access credentials and prevent unauthorized access
10. Grievance Redressal
In compliance with the DPDP Act, the Company appoints a Grievance Officer:
Grievance Officer – Flick9
- Email: [flicknine2026@gmail.com](mailto:flicknine2026@gmail.com)
- Address: Plot Number 24, Venkateshwara Colony, Amangal, Rangareddy, Telangana.
Grievances shall be addressed within the timelines prescribed under applicable law.
11. Amendments
The Company reserves the right to modify this Policy to ensure compliance with changes in law or business practices. Continued use of the Platform shall constitute acceptance of the updated Policy.
12. Governing Law and Jurisdiction
This Policy shall be governed by and construed in accordance with the laws of India. Courts having jurisdiction over the registered office of Flick9 shall have exclusive jurisdiction.
13. Acceptance
By registering on or using the Flick9 Platform, the Vendor confirms that it has read, understood, and agreed to this Privacy Policy and the processing of Personal Data as described herein.