Privacy Policy | AG Impex

Overview & Data Controller

AG Impex ("Company", "we", "us", "our") is committed to protecting the privacy and security of personal and business data shared with us by our wholesale partners, website visitors, and enquirers. This Privacy Policy explains what data we collect, why we collect it, how it is used, and the rights available to individuals and businesses whose data we hold.

AG Impex acts as the data controller for all personal information collected through our website, order management systems, and direct business communications. Our registered business address in India is the point of legal contact for all data-related enquiries.

This policy applies to all individuals who interact with AG Impex, including wholesale account holders, prospective buyers, website visitors, and representatives of corporate clients. It does not apply to the internal processing practices of third-party platforms we may link to.

Scope: This policy covers data collected via our website, email communications, telephone enquiries, WhatsApp business channel, trade show interactions, and any other channel through which you provide us with personal or business information.

Data We Collect

We collect only the data necessary to operate our wholesale business and comply with applicable laws. The categories of data we collect include:

Category	Examples	Collection Method
Identity Data	Full name, government ID, date of birth	Account registration, KYC verification
Business Data	Company name, registration number, trade licence, GST/VAT number	Account registration, order forms
Contact Data	Email address, phone number, WhatsApp, business address	Registration, enquiry forms, communications
Transaction Data	Order history, invoices, payment records, shipment details	Order placement and fulfilment
Financial Data	Bank account details, wire transfer records, credit references	Payment processing, credit applications
Communications Data	Email correspondence, chat logs, support tickets	Direct communications with our team
Technical Data	IP address, browser type, device information, cookies	Website usage, analytics

We do not collect: Sensitive personal data such as racial or ethnic origin, political opinions, health data, biometric data, or information about criminal convictions, unless required by specific KYC or AML regulatory obligations.

How We Use Your Data

We use collected data strictly for the purposes described below. We do not sell, rent, or trade personal data to third parties for marketing or commercial purposes.

1

Account Management: To verify your identity and business credentials, create and manage your wholesale account, and maintain our KYC and AML compliance obligations.

2

Order Processing: To receive, confirm, process, and dispatch purchase orders; prepare commercial invoices, packing lists, and export documentation; and manage the shipment lifecycle.

3

Payments & Credit: To process payments, issue credit notes and refunds, manage credit facilities for approved partners, and pursue overdue receivables where necessary.

4

Regulatory Compliance: To comply with Indian export regulations, RBI and DGFT requirements, customs authorities, FATF anti-money-laundering guidelines, and any other applicable legal obligations.

5

Customer Support: To respond to enquiries, resolve complaints, manage damage claims, and provide after-sales support related to shipped goods.

6

Business Communications: To send transactional communications (order confirmations, dispatch notices, invoices), and with your consent, periodic trade updates, new product announcements, or pricing circulars.

7

Website Improvement: To analyse website usage patterns using aggregated, anonymised analytics data to improve navigation, content, and performance.

Legal Basis for Processing

AG Impex processes personal data on the following legal bases under applicable Indian data protection law (Information Technology Act, 2000 and associated Rules) and, where relevant, international frameworks including GDPR for buyers in the European Economic Area:

Contractual Necessity

Processing required to enter into and perform our supply agreement with you, including account verification, order processing, and shipment management.

Legal Obligation

Processing required to comply with KYC, AML, customs, tax, and export control regulations under Indian and international law.

Legitimate Interests

Processing for fraud prevention, IT security, debt recovery, and improvement of our business operations, where these interests are not overridden by your rights.

Consent

For marketing communications and non-essential cookies. Consent may be withdrawn at any time without affecting the lawfulness of prior processing.

Data Sharing & International Transfers

We share your data only with parties who require it to deliver our services, comply with legal requirements, or support our business operations. We do not sell or share your data for third-party marketing purposes.

Recipient	Purpose	Data Shared
Logistics Carriers (Malca-Amit, Brinks, FedEx, DHL)	Shipment dispatch and delivery	Delivery address, contact details, shipment value
Customs & Export Authorities	Legal export compliance	Invoice, KYC documents, consignment data
Insurance Providers	Transit insurance coverage	Consignment details, declared values
Payment Processors & Banks	Payment collection and reconciliation	Invoice data, bank account references
IT & Cloud Service Providers	System hosting and data storage	Data hosted in encrypted form
Legal & Compliance Advisors	Legal advice and regulatory compliance	As required for specific matters

International Transfers: Where data is transferred outside India (e.g., to carriers or cloud providers operating in other jurisdictions), we ensure appropriate safeguards are in place through contractual protections or reliance on adequacy decisions where applicable.

Data Retention

We retain personal and business data only for as long as necessary to fulfil the purpose for which it was collected, or as required by applicable law. Our standard retention periods are:

Data Type	Retention Period	Reason
KYC & Identity Documents	7 years after account closure	AML regulatory requirement
Transaction & Invoice Records	8 years from transaction date	Tax and accounting obligations
Export Documentation	7 years from export date	Customs and DGFT compliance
Account & Contact Data	Duration of relationship + 3 years	Contractual and dispute resolution
Marketing Preferences	Until consent withdrawn	Consent-based processing
Website Analytics (anonymised)	26 months	Website improvement analysis

After the applicable retention period, data is securely deleted or anonymised. Anonymised, aggregated data may be retained indefinitely for statistical purposes without constituting personal data.

Security Measures

AG Impex implements technical and organisational security measures appropriate to the sensitivity of the data we hold. Given the high-value nature of our trade, we treat data security as a business-critical priority.

Encryption

All data stored in our systems is encrypted at rest using AES-256. Data in transit between our systems and external parties uses TLS 1.2 or higher.

Access Controls

Access to personal data is restricted on a need-to-know basis. All staff with data access undergo role-specific training and are bound by confidentiality obligations.

System Security

Our systems are protected by firewalls, intrusion detection, and regular security patches. We conduct periodic security reviews and vulnerability assessments.

Breach Response

In the event of a data breach affecting your personal data, we will notify affected parties and relevant authorities within the timelines required by applicable law.

Your Responsibility: You are responsible for maintaining the security of your account credentials and the security of your own systems. Notify us immediately at info@agcustomjewelry.com if you suspect any unauthorised access to your account.

Cookies & Tracking

Our website uses cookies and similar tracking technologies to ensure the website functions correctly and to analyse usage patterns. We use the following categories of cookies:

1

Strictly Necessary Cookies: Essential for the website to function. These include session management, security tokens, and form authentication cookies. These cannot be disabled without affecting website functionality.

2

Analytics Cookies: Used to understand how visitors use our website, which pages are visited most, and where visitors come from. Data is aggregated and anonymised. We use Google Analytics or equivalent. Requires your consent.

3

Preference Cookies: Remember your settings such as language, currency display, or account preferences to improve your experience on return visits. Requires your consent.

Managing Cookies: You can control and delete cookies through your browser settings. Note that disabling certain cookies may impact website functionality. For analytics and preference cookies, you can withdraw consent via our cookie preference centre.

Your Rights

Subject to applicable law and certain legal exemptions, you have the following rights in relation to personal data we hold about you. We will respond to all valid requests within 30 days.

Right of Access

Request a copy of the personal data we hold about you and how it is used.

Right to Rectification

Request correction of inaccurate or incomplete personal data we hold.

Right to Erasure

Request deletion of your data where there is no overriding legal basis for retention.

Right to Restrict Processing

Request that we limit how we process your data in certain circumstances.

Right to Data Portability

Receive your data in a structured, machine-readable format where technically feasible.

Right to Withdraw Consent

Withdraw consent for marketing or non-essential processing at any time without penalty.

How to Exercise Your Rights: Submit a written request to info@agcustomjewelry.com with "Data Rights Request" in the subject line. We may need to verify your identity before processing the request. There is no charge for reasonable requests.

Children's Privacy

AG Impex's services are directed exclusively at businesses and their authorised representatives, all of whom must be at least 18 years of age. We do not knowingly collect personal data from individuals under the age of 18.

If we become aware that personal data from a person under 18 has been submitted to us, we will delete that data promptly. If you believe we have inadvertently collected such data, please contact us at the address below.

Contact & Complaints

For all privacy-related queries, data rights requests, or concerns about how we handle your information, please contact our data team:

Email

info@agcustomjewelry.com
Response within 30 days for data rights requests.

Supervisory Authority

If you are unsatisfied with our response, you have the right to lodge a complaint with the relevant data protection authority in your jurisdiction, or with India's Ministry of Electronics & IT.

Send a Privacy Request