Privacy Policy — Bharat Grocery Store Mobile App
This policy applies to the mobile app only. If we collect data via a website or in-store, separate notices apply at those points of collection.
1. Who we are (Data Controller)
The data controller responsible for processing your personal data through the Bharat Grocery Store mobile application ("the App") is:
Münchbergerstr. 31
81549 München
Germany
Telephone: +49 89 23885888
Email: tadastithi@bharatonline.de
Authorized representative (Geschäftsführer): Ankur Gupta
Trade register: HRB 254117, Amtsgericht München
VAT ID (USt-IdNr.): DE328162511
Data Protection Officer (DPO)
We are not required to appoint a Data Protection Officer under § 38 BDSG. For all data-protection questions, contact us at tadastithi@bharatonline.de.
2. What data we collect and why
We process the following categories of personal data through the App:
2.1 Data we receive when you log in
| Data | Source | Purpose | Legal basis |
|---|---|---|---|
| Mobile phone number | You enter it; we verify it against our existing customer database | Authenticate you as an existing customer | Art. 6(1)(b) GDPR — performance of contract |
| First and last name | Already in our customer database from when you registered in-store | Personalize the App (greeting, profile screen) | Art. 6(1)(b) GDPR — performance of contract |
| Customer barcode | Already in our customer database | Display in the App so you can show it at the counter | Art. 6(1)(b) GDPR — performance of contract |
| Your chosen 4-digit PIN (stored as a one-way hash; never as plain text) | You set it on first login | Authenticate you on subsequent app launches | Art. 6(1)(b) GDPR — performance of contract |
| One-Time Password (OTP) you receive by SMS (stored as a one-way hash, deleted after 5 minutes) | We generate it; Twilio delivers it | Verify your phone number | Art. 6(1)(b) GDPR — performance of contract |
| Refresh tokens and device identifiers | Generated by the App on your device | Keep you logged in across sessions; limit the number of simultaneous devices | Art. 6(1)(b) GDPR — performance of contract |
| Failed login attempts, account-lock timestamps | App / server records them automatically | Protect your account from brute-force attacks | Art. 6(1)(f) GDPR — legitimate interest in account security |
2.2 Data we collect when you use the App
| Data | Purpose | Legal basis |
|---|---|---|
| Technical error reports (crash logs, error messages — without personal content) | Diagnose and fix App problems | Art. 6(1)(f) GDPR — legitimate interest |
| Last login timestamp | Display "last login" information; identify dormant accounts | Art. 6(1)(f) GDPR — legitimate interest |
2.3 Push notification data (future feature — not active in current version)
If and when we activate push notifications, we will additionally process a device push token (Apple Push Notification Service / Firebase Cloud Messaging) only with your explicit consent at the time you enable notifications. You can revoke consent at any time in your device settings or in the App's Profile screen.
2.4 Data we do NOT collect through the App
- We do not track your location.
- We do not access your contacts, photos, or microphone.
- We do not use advertising identifiers or behavioral tracking.
- We do not sell your data to anyone.
- We do not read your SMS messages (Android: we use the SMS Retriever API, which does not require SMS read permission).
3. Who we share data with (Recipients / Processors)
We use the following service providers ("processors" under Art. 28 GDPR). A Data Processing Agreement (Auftragsverarbeitungsvertrag / DPA) is in force with each — either signed directly or automatically incorporated through the provider's standard Terms of Service.
| Processor | Service | Data shared | Location |
|---|---|---|---|
| Twilio Inc. | SMS delivery (OTP) | Your phone number, OTP message text | Account region: United States. Message metadata stored in the US. Covered by Standard Contractual Clauses + EU-US Data Privacy Framework. |
| Server hosting provider (to be selected before public launch) | Server hosting | All app data (encrypted at rest) | EU (Germany) |
| Cloudflare Germany GmbH | Image storage (banners, product images) and static web hosting (this page) | No personal data | EU |
| Apple Inc. | App distribution via App Store | Your Apple ID — only Apple sees this; we do not receive it | US (with EU-US Data Privacy Framework certification) |
| Google Ireland Limited | App distribution via Play Store; push notifications (future) | Your Google Play account — only Google sees this; we do not receive it | EU + US (with EU-US Data Privacy Framework certification) |
We do not share your data with any other third party, with advertisers, or with analytics providers.
4. International data transfers
Most processing occurs within the European Union. Some incidental transfers may occur to the United States (e.g. Apple, Google, Twilio). These transfers are covered by:
- The EU-US Data Privacy Framework, where applicable
- Standard Contractual Clauses (SCCs) as approved by the European Commission
- The processor's own binding corporate rules
You can request a copy of the relevant safeguards by contacting us at tadastithi@bharatonline.de.
5. How long we keep your data (Retention)
| Data | Retention |
|---|---|
| Phone number, name, barcode | As long as you remain a customer of Tadastithi GmbH (these are part of our shop customer database, not specific to the App) |
| PIN hash, refresh tokens, device IDs | While your app account is active; deleted when you log out, delete your account, or 12 months after last login |
| OTP hashes | 5 minutes |
| Failed login records | 30 days |
| Crash logs / error logs | 90 days |
| Audit logs of administrative access to your data | 12 months (Art. 32 GDPR — security) |
When you delete your app account (see Section 7), we immediately remove your app login, PIN, and any active sessions. There is no grace period — deletion is final. Your underlying customer record at the shop is retained for tax, accounting, and legitimate-business-interest reasons (typically 10 years under § 257 HGB / § 147 AO if you have purchase history).
6. Your rights under GDPR
You have the following rights regarding your personal data. To exercise any of them, contact us at tadastithi@bharatonline.de. We will respond within one month (Art. 12(3) GDPR).
| Right | What it means | How to exercise |
|---|---|---|
| Access (Art. 15) | Receive a copy of all your data we hold | Use the "Export My Data" button in Profile, or email us |
| Rectification (Art. 16) | Correct inaccurate data | Email us or ask in-store |
| Erasure (Art. 17) | Have your app account deleted | Use "Delete Account" in Profile, or email us to request deletion |
| Restriction (Art. 18) | Restrict processing in certain cases | Email us |
| Portability (Art. 20) | Receive your data in a machine-readable format | Use the "Export My Data" button (returns JSON) |
| Object (Art. 21) | Object to processing based on legitimate interest | Email us |
| Withdraw consent (Art. 7(3)) | Where processing relies on consent (e.g. push notifications) | Disable in the App's Profile screen |
You may also lodge a complaint with the supervisory authority:
Promenade 18
91522 Ansbach
Germany
https://www.lda.bayern.de/
7. Account deletion
You can delete your app account at any time:
- In the App: Profile → Delete Account → confirm.
- Outside the App: Email us at tadastithi@bharatonline.de from the address tied to your account, with the subject line "Delete my app account" and your registered mobile number. We will confirm and complete the deletion within 30 days.
What happens when you delete your account:
- Your app login, PIN, all active sessions, and push notification settings are immediately and permanently removed. There is no recovery — to use the app again, you'd register from scratch.
- Historical login activity is anonymized (the link to your identity is removed; the events themselves are kept for security-audit purposes for 12 months).
- A deletion audit-log entry is created for compliance proof. It contains your customer barcode and a timestamp — no other personal data.
- Your underlying shop customer record (name, phone, barcode, purchase history) is retained for accounting and tax purposes for as long as legally required (typically 10 years). It is no longer accessible through the App. To request deletion of the shop record itself, contact us at tadastithi@bharatonline.de — note that legal retention obligations may prevent immediate deletion.
8. Security
We protect your data using:
- TLS 1.2+ encryption for all data in transit between the App and our servers
- Encryption at rest for backups
- Bcrypt hashing for PINs and OTPs (one-way; we cannot recover them)
- Tokens stored in the secure enclave of your device (iOS Keychain / Android Keystore)
- Rate limiting and account lockout to prevent brute-force attacks
- Audit logging of administrative access to customer data
- Regular dependency updates and security reviews
In the unlikely event of a data breach affecting your data, we will notify you and the supervisory authority as required by Art. 33-34 GDPR.
9. Children
The App is not intended for children under 16. We do not knowingly collect data from anyone under 16. If you believe we have, contact us at tadastithi@bharatonline.de and we will delete the data.
10. Automated decision-making
We do not use automated decision-making or profiling within the meaning of Art. 22 GDPR.
11. Changes to this policy
We may update this policy from time to time. The "Last updated" date at the top reflects the latest revision. Material changes will be notified in the App and via a notice on https://www.bharatonline.de at least 30 days before they take effect.
12. Contact
Questions about this policy or your data:
Email: tadastithi@bharatonline.de
Postal: Münchbergerstr. 31, 81549 München, Germany