INDIAN SHOP, hereinafter referred to as ‘We’, attaches great importance to protecting and respecting your privacy.

Through this policy, we aim to provide you with clear and precise information regarding the collection and processing of personal data that you may provide to us through the website www.padmini.ch (hereinafter referred to as the ‘Website’).

Art.1 Confidentiality rules
The General Data Protection Regulation of 27 April 2016 (hereinafter referred to as the GDPR) came into force on 25 May 2018. It imposes strict rules and conditions on companies and traders in relation to the processing of personal data belonging to their customers and prospects, in order to protect their privacy.

Art.2 Data controller
The ‘data controller’ of your personal data is INDIAN SHOP, which is responsible for the website www.padmini.ch that you are visiting and to which you are providing data.

Art. 3 Legal basis for data processing and use
We may only use your personal data for purposes that are both legitimate and necessary (Art. 6 of the GDPR). In practical terms, this means that we process your personal data, whether in electronic form or otherwise, for legitimate purposes in the context of the contractual relationship, business and security/safety.

These purposes include, but are not limited to, the following:
Processing and executing your orders and contracts;
Managing your account and commercial relationship;
To send you commercial, promotional, advertising or service-related information;
Communications in connection with the performance of a contract;
To improve the design, layout and overall functionality of the website;
To analyse data for statistical purposes.

Art. 4 What is personal data?
Personal data includes all information about you that can be used to identify you (hereinafter referred to as ‘data’). Anonymous data, which cannot be used to identify you, is therefore not considered personal data. Your personal data may therefore include:

Data relating to your identity (surname, first name, address, VAT number, company number, etc.);
Personal status data (telephone number, personal email address, etc.);
Financial and transaction data (data relating to payment methods, bank account number, billing details, etc.);
Data relating to the performance of the contract concluded with us (subject matter of the contract, billing address, professional data, etc.);
Data relating to the use of electronic equipment, such as computers (password, log data, electronic identification data, billing details, etc.);
Sensitive data:
The processing of personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, as well as the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning a natural person's sex life or sexual orientation is prohibited.
We are committed to strictly complying with this prohibition.

Art. 5 Sources and origins of personal data
In principle, the data we hold comes from you when you fill in a form. If you do not wish to provide the mandatory or necessary information, you may lose certain benefits and/or we may decide to terminate our services to you or we will be unable to perform the contract.

Art.6 Access to personal data – Who do we share your information with?
In accordance with current regulations, data may be transmitted to the competent authorities upon request, in particular to public bodies, exclusively to meet legal obligations, to court officials, ministerial officers and bodies responsible for debt collection, as well as in the case of investigations into offences committed on the internet.

Your data is mainly for internal use. We may disclose your data to third-party companies, which will be able to process it, for legitimate reasons and in particular for the proper performance of the contract, when we use service providers and subcontractors to fulfil orders or provide services (technical services, payment services, payment security, deliveries, commercial prospecting, etc.).

We only send them the data they need to perform their services.

However, we will ensure that our subcontractors comply with GDPR regulations.

The processing of data by subcontractors is governed by a strict legal framework.

Art.7 Data retention period
We take all necessary measures to ensure that the retention of personal data for the purposes described above does not exceed the legal time limits.

Art.8 What are your rights?
We undertake to take appropriate technical and organisational measures to ensure the security of the processing of everyone's personal data (Art. 32 of the GDPR).

In accordance with the applicable laws and regulations on personal data protection, you have a number of rights relating to your personal data, namely:

Right of access (Art. 15 of the GDPR) and information
You have the right to be informed in a concise, transparent, intelligible and easily accessible manner about how your data is processed. You also have the right to obtain confirmation that data concerning you is being processed and, where applicable, to access your own personal data and the right to obtain or make a copy of it within reasonable limits.

Right to rectification (Art. 16 GDPR)
You have the right to obtain the rectification of inaccurate data concerning you. You also have the right to complete incomplete data.

Right to be forgotten (or Right to erasure - Art. 17 of the GDPR) and Right to restriction of processing (Art. 18 of the GDPR)
We undertake to erase your personal data in the following cases in particular:

Data that is no longer necessary for the purposes for which it was collected or processed;
You object to the processing;
The personal data has been unlawfully processed.
Right to data portability (Art. 20 GDPR)
You have the right to receive your data in a structured, commonly used and machine-readable format, for your personal use or to transmit it to a third party of your choice.

Right to withdraw consent at any time (Art. 7 of the GDPR)
You may withdraw your consent to the processing of your data when the processing is based on your consent. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.

Right to lodge a complaint (Art. 77 of the GDPR)
The customer has the right to lodge a complaint with the Privacy Commission at any time if they believe that the processing of their personal data constitutes a violation of the GDPR.

To exercise your rights, you can contact us by email

Art. 9 Our commitment
Our objective is to implement security techniques to protect stored data against unauthorised access, inappropriate use, alteration, illegal or accidental destruction, and accidental loss.

Art.10 Procedure in the event of breaches
It is always possible that personal data processed in the context of the contractual relationship may fall into the wrong hands as a result of human error, computer error, etc.
When the breach poses a high risk to the rights and freedoms of the individual, we will immediately inform them of the facts and measures taken. We will ensure that the necessary steps are taken to notify the Privacy Commission of the breach within 72 hours of becoming aware of it, unless the breach does not pose a high risk to the rights and freedoms of the individual. (Art. 32-34 of the GDPR).

Art. 11 Consent
You give your express, informed and unambiguous consent to the processing of personal data as described in this Privacy Notice. You have the right to withdraw your consent at any time, upon written request. We reserve the right to modify this Privacy Notice.

Art. 12 Changes to our Privacy Policy
We may occasionally modify this privacy policy, in particular to comply with any regulatory, jurisprudential, editorial or technical developments.

Art. 13 Contact
If you have any questions about this Privacy Policy or any requests regarding your data, you can contact us:

By email at the following address: indian.shop.suisse@gmail.com
By post at the following address: INDIAN SHOP, 15, ch. Taverney, 1218 Le Grand-Saconnex