Edit Content

Get In Touch

Privacy Policy

Last Updated: 3rd February, 2026

1. Introduction and Scope of This Privacy Policy
This Privacy Policy (“Policy”) sets out the principles, practices, and procedures governing the collection, use, processing, storage, disclosure, transfer, and protection of personal data by Sarbazo Private Limited, a company incorporated under the laws of India and having its registered office in Delhi, India (“Sarbovia”, “Company”, “we”, “us”, or “our”).
This Policy applies to all personal data processed by the Company in the course of operating the website www.sarbovia.com (the “Website”), as well as in connection with its manufacturing, export, trade, and business-to-business (B2B) activities, whether such processing is carried out digitally, electronically, or through other lawful means.
The purpose of this Policy is to provide transparent information regarding:
  1. The categories of personal data collected by the Company;
  2. The purposes and lawful bases for such processing;
  3. The rights available to individuals whose personal data is processed; and
  4. The safeguards implemented to ensure compliance with applicable data protection and privacy laws.
This Policy applies to all individuals whose personal data is processed by the Company, including but not limited to:
  • Visitors to the Website;
  • Business buyers, importers, distributors, and agents;
  • Individuals submitting enquiries, requests for quotations (RFQs), or sample requests;
  • Persons communicating with the Company through email, WhatsApp, or other trade communication channels; and
  • Representatives of corporate entities interacting with the Company in a professional or commercial capacity.
This Policy is intended to comply with all applicable data protection and privacy laws, including, without limitation, the Digital Personal Data Protection Act, 2023 (India), the Information Technology Act, 2000 and rules thereunder, the General Data Protection Regulation (EU) 2016/679 (GDPR), the UK GDPR, and, where applicable, the California Consumer Privacy Act as amended by the California Privacy Rights Act (CCPA/CPRA). Where personal data is processed in multiple jurisdictions, this Policy shall be read in a manner that affords the highest level of protection required under applicable law.
The Website and the Company’s services are intended primarily for business and trade purposes. Accordingly, most personal data processed by the Company relates to professional or business contact information. Nothing in this Policy shall be construed as creating an obligation to process personal data beyond what is necessary for legitimate business, contractual, or legal purposes.
This Policy applies solely to personal data processed by or on behalf of the Company. It does not apply to the practices of third parties, including logistics providers, payment intermediaries, advertising platforms, or external websites that may be linked from the Website, which are governed by their respective privacy policies.
By accessing or using the Website, submitting personal data, or otherwise engaging with the Company in the course of business or trade, you acknowledge that you have read, understood, and agreed to the terms of this Policy, to the extent permitted under applicable law.
2. Definitions and Interpretation
2.1 Definitions
For the purposes of this Privacy Policy, unless the context otherwise requires, the following capitalized terms shall have the meanings assigned to them below:
“Applicable Data Protection Laws” means all laws, statutes, regulations, rules, guidelines, and binding directives relating to the protection of personal data and privacy, including, without limitation, the Digital Personal Data Protection Act, 2023 (India), the Information Technology Act, 2000 and rules thereunder, the General Data Protection Regulation (EU) 2016/679, the UK GDPR, and the California Consumer Privacy Act, as amended by the California Privacy Rights Act, together with any amendments, re-enactments, or replacements thereof.
“Business” shall have the meaning assigned to it under the CCPA/CPRA, where applicable.
“Company”, “Sarbovia”, “we”, “us”, or “our” means Sarbazo Private Limited, a company incorporated under the laws of India and having its registered office in Delhi, India.
“Consent” means any freely given, specific, informed, and unambiguous indication of the data subject’s agreement to the processing of personal data, whether by a clear affirmative action or as otherwise recognized under Applicable Data Protection Laws.
“Cookies” means small data files or similar technologies placed on a user’s device by a website or third party to enable functionality, analytics, advertising, or tracking.
“Data Fiduciary” shall have the meaning assigned to it under the Digital Personal Data Protection Act, 2023, and refers to the entity that determines the purpose and means of processing personal data.
“Data Principal” shall have the meaning assigned to it under the Digital Personal Data Protection Act, 2023, and refers to the individual to whom the personal data relates.
“Data Subject” shall have the meaning assigned to it under the GDPR and refers to an identified or identifiable natural person whose personal data is processed.
“Personal Data” or “Personal Information” means any information that relates to an identified or identifiable natural person and includes any information that is defined as “personal data,” “personal information,” or a similar term under Applicable Data Protection Laws.
“Processing” or “Process” means any operation or set of operations performed on personal data, whether or not by automated means, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, transfer, dissemination, alignment, restriction, erasure, or destruction.
“Processor” or “Data Processor” means any natural or legal person that processes personal data on behalf of the Company.
“Sensitive Personal Data” means such categories of personal data as may be designated as sensitive or special under Applicable Data Protection Laws, including but not limited to special category data under the GDPR.
“Services” means the Website and any related services, functionalities, trade communications, or business interactions provided by the Company.
“Third Party” means any natural or legal person, public authority, agency, or body other than the Company, the data subject, or persons authorized to process personal data under the direct authority of the Company.
“Website” means the website accessible at www.sarbovia.com, including all sub-pages, features, and functionalities.
2.2 Interpretation
In this Privacy Policy, unless the context otherwise requires:
  1. Headings are inserted for convenience only and shall not affect the interpretation of this Policy;  
  2. Words denoting the singular shall include the plural and vice versa;  
  3. Words denoting any gender shall include all genders;  
  4. References to statutes, enactments, or regulations shall include any amendments, modifications, re-enactments, or replacements thereof;  
  5. References to “including” or “includes” shall be deemed to be followed by the words “without limitation”;  
  6. References to any law or regulatory authority shall include any successor authority exercising equivalent functions;  
  7. References to clauses or sections are references to clauses or sections of this Policy unless otherwise specified.
3. Identity and Contact Details of the Data Controller
For the purposes of Applicable Data Protection Laws, including the Digital Personal Data Protection Act, 2023 (India) and the General Data Protection Regulation (EU) 2016/679 (GDPR), Sarbazo Private Limited is the entity responsible for determining the purposes and means of the processing of personal data and shall act as the Data Fiduciary and Data Controller, as applicable.
The Company’s identity and contact details are as follows:
  • Legal Name: Sarbazo Private Limited
  • Nature of Entity: Private limited company incorporated under the laws of India
  • Registered Office: Delhi, India
  • Website: sarbovia.com
  • Primary Contact Email: contact@sarbovia.com
All references in this Privacy Policy to “Sarbovia”, “Company”, “we”, “us”, or “our” shall be deemed to refer to Sarbazo Private Limited in its capacity as Data Controller / Data Fiduciary.
The Company is responsible for ensuring that personal data is processed in accordance with Applicable Data Protection Laws, including adherence to principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, and confidentiality.
For the purposes of compliance with statutory obligations relating to grievance redressal and data protection oversight, the Company has designated a Grievance Officer / Data Protection Officer, whose details are set out below:
  • Name: Parth Verma
  • Designation: Grievance Officer / Data Protection Officer
  • Email: contact@sarbovia.com
The above contact details may be used by data principals / data subjects to:
  1. Seek clarification regarding this Privacy Policy;
  2. Exercise rights available under Applicable Data Protection Laws;
  3. Raise complaints or grievances relating to the processing of personal data; or
  4. Communicate with the Company in relation to data protection matters.
The Company shall use reasonable efforts to ensure that all communications addressed to the Data Controller or the designated Grievance Officer / Data Protection Officer are acknowledged and addressed within the timelines prescribed under Applicable Data Protection Laws.
4. Applicability Across Jurisdictions
This Privacy Policy is intended to apply to the processing of personal data by Sarbazo Private Limited in a manner that ensures compliance with Applicable Data Protection Laws across multiple jurisdictions in which the Company operates, conducts business, or engages in export-related activities.
  1. India, in accordance with the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000, and rules framed thereunder;
  2. Member States of the European Union and the United Kingdom, in accordance with Regulation (EU) 2016/679 (General Data Protection Regulation) and the UK GDPR, including where the processing of personal data relates to the offering of goods or services to individuals in such jurisdictions or the monitoring of their behaviour, to the extent applicable;
  3. The United States, including the State of California, in accordance with the California Consumer Privacy Act, as amended by the California Privacy Rights Act (CCPA/CPRA), where applicable; and
  4. Any other jurisdiction in which personal data is processed by or on behalf of the Company in connection with its international trade, export operations, or business communications.
Where personal data is subject to the laws of more than one jurisdiction, the Company shall endeavour to apply the standard of protection that affords the highest level of protection to the data subject, to the extent permitted under Applicable Data Protection Laws.
Nothing in this Policy shall be construed as limiting any rights available to data subjects under mandatory local laws. In the event of any conflict between the provisions of this Policy and Applicable Data Protection Laws of a particular jurisdiction, the provisions of such local laws shall prevail to the extent of such conflict.
This Policy is designed to operate alongside, and not in derogation of, jurisdiction-specific rights, remedies, or enforcement mechanisms available to data subjects. References to rights or obligations under a particular legal regime shall be construed as applying only to the extent such regime is applicable to the processing of personal data in question.
The Company acknowledges that personal data processed in the context of cross-border trade and export activities may be subject to differing legal requirements. Accordingly, the Company adopts internal policies, contractual safeguards, and reasonable technical and organizational measures to ensure lawful processing and appropriate protection of personal data across jurisdictions.
5. Types of Personal Data We Collect

Subject to Applicable Data Protection Laws, the Company may collect, use, store, and otherwise process the following categories of personal data in connection with the operation of the Website and the conduct of its manufacturing, export, and business-to-business (B2B) activities. The personal data collected is limited to what is necessary for legitimate business, contractual, regulatory, and compliance purposes.

5.1 Identification and Contact Information
The Company may collect personal data necessary to identify and communicate with individuals acting in a professional or commercial capacity, including:
  • Full name
  • Job title or designation (where provided)
  • Business or professional email address
  • Telephone number, mobile number, and/or WhatsApp number
  • Company or organization name
  • Country of residence or business operation
5.2 Business, Trade, and Commercial Information
In the course of export-related activities and trade communications, the Company may collect:
  • Business addresses, including registered and shipping addresses
  • Importer, distributor, or agent details
  • Information contained in enquiries, RFQs, and sample requests
  • Purchase order, invoice, and logistics-related information
  • Trade correspondence and negotiation records
5.3 Taxation and Regulatory Information
Where required for compliance with applicable laws, including export, customs, and tax regulations, the Company may collect:
  • Goods and Services Tax (GST) numbers
  • Tax identification numbers or similar regulatory identifiers
  • Other compliance-related information lawfully required for international trade
5.4 Communication and Interaction Data
The Company may collect information relating to communications and interactions with users, including:
  • Emails, messages, and other correspondence
  • Records of WhatsApp or click-to-chat communications
  • Information voluntarily provided through Website forms
5.5 Technical, Usage, and Device Information
When users access or interact with the Website, the Company may automatically collect certain technical information, including:
  • Internet Protocol (IP) address
  • Browser type and version
  • Device identifiers and operating system information
  • Date, time, and duration of Website visits
  • Pages viewed and referring URLs
Such information is primarily used for analytics, security, and performance optimization.
5.6 Cookies and Similar Technologies
The Company collects information through cookies and similar tracking technologies, which may include:
  • Usage and analytics data
  • Advertising and remarketing identifiers
  • Session and preference information
Further details regarding the use of cookies are set out in the relevant section of this Privacy Policy.
5.7 Sensitive Personal Data
The Company does not intentionally collect or process sensitive personal data (including special category data under the GDPR), except where:
  1. Such data is voluntarily provided by the data subject;
  2. Processing is required or permitted under Applicable Data Protection Laws; or
  3. Processing is necessary for compliance with legal obligations.
5.8 Accuracy and Minimization
The Company endeavors to ensure that personal data collected is accurate, complete, and limited to what is necessary for the purposes for which it is processed. Data subjects are encouraged to notify the Company of any changes or inaccuracies in their personal data.
6. Sources of Personal Data
Subject to Applicable Data Protection Laws, the Company collects personal data from a variety of lawful sources in connection with the operation of the Website and the conduct of its manufacturing, export, and business-to-business (B2B) activities. Personal data is collected either directly from data subjects or indirectly through automated, commercial, or third-party sources, as described below.
6.1 Personal Data Collected Directly from Data Subjects
The Company may collect personal data directly from data subjects when such individuals:
  1. Visit, access, or interact with the Website;
  2. Submit information through contact forms, enquiry forms, requests for quotations (RFQs), or sample request forms;
  3. Communicate with the Company via email, WhatsApp, telephone, or other trade communication channels;
  4. Engage with the Company in the course of negotiations, purchase discussions, or contractual arrangements; or
  5. Voluntarily provide personal data during business meetings, trade fairs, exhibitions, or other professional interactions.
6.2 Personal Data Collected Automatically
When users access or use the Website, certain personal data may be collected automatically through technical means, including:
  1. Cookies and similar tracking technologies;
  2. Log files and analytics tools;
  3. Advertising and remarketing technologies, including pixels and tags.
Such data may include IP address, device and browser information, usage data, and interaction metrics, and is collected for purposes such as website functionality, analytics, security, and marketing effectiveness.
6.3 Personal Data Received from Third Parties
In the course of international trade and export operations, the Company may receive personal data from third-party sources, including:
  1. Logistics, freight forwarding, and shipping partners;
  2. Overseas buyers, distributors, agents, or intermediaries;
  3. Professional service providers, including CRM, IT, cloud, and communication service providers;
  4. Marketing and advertising platforms; and
  5. Public or regulatory sources, where permitted under Applicable Data Protection Laws.
Where personal data is received from third parties, the Company takes reasonable steps to ensure that such data has been collected and shared in accordance with Applicable Data Protection Laws.
6.4 Publicly Available Information
The Company may collect personal data that is lawfully available in the public domain, including business contact information published on professional websites, trade directories, or public registers, where such collection is relevant to legitimate business or trade purposes and permitted by law.
6.5 Indirect Collection and Legal Disclosures
In limited circumstances, personal data may be obtained:
  1. Pursuant to legal or regulatory requirements;
  2. In connection with audits, compliance reviews, or dispute resolution; or
  3. To protect the rights, property, or safety of the Company or others.
6.6 Compliance with Transparency Obligations
Where personal data is collected indirectly and Applicable Data Protection Laws require disclosure to the data subject, the Company shall provide the requisite information within the timelines prescribed by law, unless an exception applies.
7. Purpose of Collection and Use of Personal Data
The Company collects and processes personal data solely for specified, explicit, and lawful purposes and does not process such data in a manner that is incompatible with those purposes, except as permitted under Applicable Data Protection Laws.
Personal data is collected and used by the Company for one or more of the following purposes:
7.1 Business, Trade, and Contractual Purposes
To enable the Company to conduct its manufacturing, export, and business-to-business (B2B) operations, including:
  1. Responding to enquiries, requests for quotations (RFQs), and sample requests;
  2. Evaluating business requirements and commercial feasibility;
  3. Negotiating, entering into, and performing contracts with buyers, distributors, agents, and other trade partners;
  4. Processing purchase orders, invoices, and related commercial documentation; and
  5. Managing ongoing business relationships and communications.
7.2 Export, Logistics, and Regulatory Compliance
To comply with applicable export, customs, taxation, and trade regulations, including:
  1. Preparation and submission of shipping, logistics, and customs documentation;
  2. Coordination with logistics providers, freight forwarders, and shipping agents;
  3. Compliance with Goods and Services Tax (GST), customs, and other statutory obligations; and
  4. Responding to lawful requests from regulatory or governmental authorities.
7.3 Communication and Relationship Management
To communicate effectively with data subjects and business contacts, including:
  1. Responding to emails, messages, and trade communications;
  2. Providing updates relating to enquiries, orders, shipments, or samples;
  3. Maintaining records of correspondence for business continuity and dispute resolution; and
  4. Managing contact databases for legitimate business purposes.
7.4 Marketing, Promotion, and Trade Communications
To carry out legitimate marketing and trade-related communications, including:
  1. Sharing information about products, offerings, and business developments;
  2. Conducting remarketing and promotional activities through lawful channels;
  3. Analyzing the effectiveness of marketing campaigns; and
  4. Managing preferences and consent where required by law.
Such activities shall be conducted in accordance with Applicable Data Protection Laws, and data subjects may opt out of marketing communications at any time.
7.5 Website Operation, Analytics, and Improvement
To operate, maintain, and improve the Website, including:
  1. Analyzing usage patterns and visitor interactions;
  2. Monitoring website performance, security, and functionality;
  3. Diagnosing technical issues and preventing fraud or misuse; and
  4. Enhancing user experience and content relevance.
7.6 Legal, Risk Management, and Enforcement Purposes
To protect the rights and interests of the Company, including:
  1. Detecting and preventing fraud, misuse, or unlawful activity;
  2. Enforcing contractual rights and terms;
  3. Establishing, exercising, or defending legal claims; and
  4. Maintaining internal records and audit trails.
7.7 Aggregated and Anonymized Data
The Company may use personal data in an aggregated or anonymized form, which does not identify any individual, for internal analysis, reporting, business planning, and statistical purposes.
7.8 Purpose Limitation and Compatibility
Personal data shall not be processed for purposes other than those specified above unless:
  1. Such processing is compatible with the original purpose;
  2. The data subject has provided consent, where required; or
  3. Such processing is required or permitted under Applicable Data Protection Laws.
8. Legal Basis for Processing Personal Data
The Company processes personal data only where such processing is lawful, fair, and permitted under Applicable Data Protection Laws. Depending on the nature of the personal data, the purpose of processing, and the jurisdiction of the data subject, the Company relies on one or more of the lawful bases set out below.
8.1 Consent
The Company may process personal data where the data subject has provided free, specific, informed, and unambiguous consent for one or more specified purposes, including, where applicable, for marketing communications, cookies, or the processing of certain categories of personal data.
Where consent is relied upon as the lawful basis for processing, the data subject has the right to withdraw such consent at any time. Withdrawal of consent shall not affect the lawfulness of processing carried out prior to such withdrawal.
8.2 Performance of a Contract or Pre-Contractual Measures
The Company may process personal data where such processing is necessary for the performance of a contract to which the data subject is a party, or in order to take steps at the request of the data subject prior to entering into a contract, including but not limited to:
  1. Responding to trade enquiries and RFQs;
  2. Processing sample requests and purchase orders;
  3. Fulfilling contractual obligations relating to manufacturing, export, logistics, and delivery; and
  4. Managing ongoing contractual relationships.
8.3 Compliance with Legal Obligations
The Company may process personal data where such processing is necessary for compliance with legal or regulatory obligations, including obligations relating to:
  1. Export, customs, and trade compliance;
  2. Taxation, accounting, and statutory record-keeping;
  3. Responding to lawful requests from governmental or regulatory authorities; and
  4. Compliance with court orders or legal processes.
8.4 Legitimate Interests
The Company may process personal data where such processing is necessary for the purposes of its legitimate interests, provided that such interests are not overridden by the fundamental rights and freedoms of the data subject. Legitimate interests may include, without limitation:
  1. Conducting business-to-business (B2B) trade and export operations;
  2. Maintaining and developing commercial relationships;
  3. Communicating with buyers, distributors, agents, and other trade partners;
  4. Improving products, services, and Website functionality;
  5. Ensuring network and information security; and
  6. Preventing fraud and misuse.
Where processing is based on legitimate interests, the Company undertakes a balancing assessment to ensure that the interests of the Company do not disproportionately impact the rights of the data subject.
8.5 Processing of Sensitive or Special Category Data
The Company does not intentionally process sensitive personal data or special category data except where:
  1. The data subject has provided explicit consent, where required;
  2. Processing is necessary for compliance with legal obligations; or
  3. Processing is otherwise permitted under Applicable Data Protection Laws.
8.6 Jurisdiction-Specific Legal Bases
For data subjects located in jurisdictions with specific statutory frameworks, including the European Union, United Kingdom, and the State of California, the Company ensures that personal data is processed in accordance with the lawful bases and requirements prescribed under such laws, to the extent applicable.
8.7 No Incompatible Processing
The Company shall not process personal data for purposes that are incompatible with the purposes for which the data was originally collected, unless such processing is permitted by law or consent has been obtained where required.
9. Consent Management and Withdrawal of Consent
9.1 Obtaining Consent
Where required under Applicable Data Protection Laws, the Company shall obtain valid, lawful, and informed consent from data subjects prior to processing their personal data. Consent shall be obtained through clear and affirmative actions, including but not limited to the submission of forms on the Website, acceptance of cookie notices, or express communications indicating agreement to the processing of personal data for specified purposes.
Consent obtained by the Company shall be:
  1. Freely given, without coercion or undue influence;
  2. Specific, relating to clearly defined purposes;
  3. Informed, based on adequate disclosure of relevant information; and
  4. Unambiguous, signifying a clear indication of the data subject’s wishes.
9.2 Granularity of Consent
Where appropriate, consent shall be sought separately for different categories of processing activities, including marketing communications, cookies and tracking technologies, and any processing requiring explicit consent under Applicable Data Protection Laws. Data subjects shall not be required to provide consent beyond what is necessary for the provision of requested services or business interactions.
9.3 Record of Consent
The Company shall maintain reasonable records evidencing the consent provided by data subjects, including the date, manner, and scope of such consent, in order to demonstrate compliance with Applicable Data Protection Laws.
9.4 Withdrawal of Consent
Data subjects may withdraw their consent at any time, without detriment, by:
  1. Contacting the Company at contact@sarbovia.com;
  2. Using any opt-out or unsubscribe mechanisms provided in communications; or
  3. Modifying browser or device settings in relation to cookies and tracking technologies, where applicable.
Withdrawal of consent shall not affect the lawfulness of any processing carried out prior to such withdrawal.
9.5 Effect of Withdrawal
Upon withdrawal of consent, the Company shall cease processing personal data for the specific purposes for which consent was withdrawn, unless continued processing is required or permitted under Applicable Data Protection Laws, including where processing is necessary for:
  1. Compliance with legal or regulatory obligations;
  2. Performance of a contract; or
  3. Establishment, exercise, or defense of legal claims.
9.6 Timeframes and Acknowledgment
The Company shall use reasonable efforts to acknowledge and act upon requests for withdrawal of consent within the timelines prescribed under Applicable Data Protection Laws. Where immediate cessation of processing is not feasible, the Company shall inform the data subject of the reasons and expected timeframe.
9.7 No Adverse Consequences
Withdrawal of consent shall not result in unfair or discriminatory treatment of the data subject. However, the data subject acknowledges that withdrawal of consent may affect the Company’s ability to provide certain services or engage in certain business interactions.
10. Cookies, Tracking Technologies, and Similar Tools
10.1 Use of Cookies and Similar Technologies
The Website uses cookies and similar tracking technologies, including pixels, tags, web beacons, and scripts (collectively, “Cookies”), to collect and process information relating to user interactions with the Website. Cookies are used to enable core website functionality, analyze website performance, enhance user experience, and support business-focused marketing and remarketing activities.
Cookies may be placed either by the Company (first-party cookies) or by third-party service providers engaged by the Company (third-party cookies).
10.2 Categories of Cookies
The Company uses the following categories of Cookies:
(a) Strictly Necessary Cookies
These Cookies are essential for the operation of the Website and enable core functionalities such as security, network management, and accessibility. The Website cannot function properly without these Cookies.
(b) Analytics and Performance Cookies
These Cookies collect information about how users interact with the Website, including pages visited, time spent on the Website, and error messages. This information is used to analyze Website performance and improve functionality. The Company uses tools such as Google Analytics for these purposes.
(c) Advertising and Remarketing Cookies
These Cookies are used to deliver advertisements relevant to users and to measure the effectiveness of marketing campaigns. The Company uses technologies such as Meta (Facebook) Pixel and LinkedIn Pixel to support remarketing and trade-focused advertising activities.
(d) Functionality Cookies
These Cookies enable enhanced functionality and personalization, such as remembering user preferences or facilitating communication features, including WhatsApp click-to-chat tools.
10.3 Purpose of Cookie Usage
Cookies are used for the following purposes:
  1. Enabling and maintaining Website functionality and security;
  2. Understanding user behavior and improving Website performance;
  3. Conducting analytics and generating aggregated statistical data;
  4. Delivering relevant marketing and remarketing communications; and
  5. Facilitating trade and business communications.
10.4 Legal Basis for Cookie Processing
Cookies are processed on the following legal bases, as applicable:
  1. Strictly Necessary Cookies are processed based on the Company’s legitimate interests in operating and securing the Website;
  2. Analytics, Advertising, and Remarketing Cookies are processed based on user consent, where required under Applicable Data Protection Laws; and
  3. Where consent is not legally required, such Cookies may be processed based on legitimate interests, subject to applicable law.
10.5 Consent and Cookie Controls
Where required by law, users are provided with a cookie notice or banner seeking consent for the placement of non-essential Cookies. Users may manage or withdraw their consent at any time by:
  1. Adjusting browser or device settings;
  2. Using cookie management tools provided on the Website, where available; or
  3. Disabling Cookies through third-party opt-out mechanisms.
Withdrawing consent may impact the availability or functionality of certain features of the Website.
10.6 Third-Party Cookies
Third-party Cookies placed on the Website are governed by the privacy policies of the respective third parties. The Company does not control such Cookies and is not responsible for their operation or data practices.
10.7 Data Retention and Security
Information collected through Cookies is retained only for as long as necessary to achieve the purposes described above, unless a longer retention period is required or permitted under Applicable Data Protection Laws. The Company implements reasonable safeguards to protect data collected through Cookies.
10.8 Updates to Cookie Practices
The Company may update its use of Cookies and tracking technologies from time to time to reflect changes in technology, law, or business practices. Any material changes shall be reflected in this Privacy Policy or through an updated cookie notice.
11. Sharing and Disclosure of Personal Data
11.1 General Principles
The Company does not sell personal data and does not disclose personal data to third parties except in accordance with this Privacy Policy, Applicable Data Protection Laws, and for purposes that are lawful, specific, and necessary for the conduct of its manufacturing, export, and business-to-business (B2B) operations.
Personal data is shared strictly on a need-to-know basis, and only to the extent required to fulfil the purposes for which such data was collected.
11.2 Disclosure to Service Providers and Processors
The Company may disclose personal data to third-party service providers and data processors engaged by the Company to perform functions on its behalf, including but not limited to:
  1. Logistics, freight forwarding, shipping, and customs clearance partners;
  2. Information technology, cloud hosting, and infrastructure service providers;
  3. Customer relationship management (CRM) platforms;
  4. Email communication and marketing service providers;
  5. Website analytics, advertising, and remarketing platforms; and
  6. Professional advisors, including legal, accounting, and audit service providers.
Such service providers process personal data only in accordance with the Company’s instructions and are subject to contractual obligations requiring confidentiality, data security, and compliance with Applicable Data Protection Laws.
11.3 Disclosure in the Context of Trade and Export Operations
In the course of international trade and export activities, the Company may share personal data with:
  1. Overseas buyers, importers, distributors, and agents;
  2. Commercial intermediaries or trade partners involved in transaction execution; and
  3. Financial institutions and payment intermediaries, to the extent necessary to facilitate lawful business transactions.
Such disclosures are limited to information reasonably required for the completion of trade, logistics, or contractual obligations.
11.4 Disclosure for Legal and Regulatory Purposes
The Company may disclose personal data where such disclosure is necessary to:
  1. Comply with applicable laws, regulations, or legal processes;
  2. Respond to lawful requests from governmental, regulatory, or judicial authorities;
  3. Enforce or apply contractual rights and terms;
  4. Protect the rights, property, or safety of the Company, its business partners, or others; or
  5. Investigate or prevent fraud, misuse, or unlawful activity.
11.5 Corporate Transactions
In the event of a merger, acquisition, restructuring, sale of assets, or similar corporate transaction, personal data may be disclosed to relevant third parties, subject to appropriate confidentiality and data protection safeguards and in accordance with Applicable Data Protection Laws.
11.6 International Sharing
Where personal data is shared with recipients located outside the jurisdiction of the data subject, such sharing shall be subject to the cross-border transfer safeguards described in this Privacy Policy and Applicable Data Protection Laws.
11.7 No Unauthorised Disclosure
The Company shall not disclose personal data to third parties for purposes that are incompatible with those disclosed in this Privacy Policy, nor shall it permit such data to be used for independent purposes without a lawful basis.
11.8 Accountability and Oversight
The Company undertakes reasonable due diligence of third parties with whom personal data is shared and implements appropriate contractual, technical, and organizational measures to ensure continued protection of personal data.
12. Cross-Border Transfer of Personal Data
12.1 Nature of Cross-Border Processing
Given the international nature of the Company’s manufacturing, export, and business-to-business (B2B) operations, personal data processed by the Company may be transferred to, stored in, or accessed from jurisdictions outside the country in which the data subject is located, including jurisdictions that may have different or less stringent data protection laws.
Such cross-border transfers may occur in connection with trade communications, logistics coordination, contractual performance, marketing activities, and the use of cloud-based or third-party service providers.
12.2 Lawful Basis for Cross-Border Transfers
The Company undertakes cross-border transfers of personal data only where such transfers are permitted under Applicable Data Protection Laws and are supported by an appropriate legal basis, including:
  1. The data subject’s explicit consent, where required;
  2. Necessity for the performance of a contract or implementation of pre-contractual measures;
  3. Compliance with legal or regulatory obligations; or
  4. Legitimate interests of the Company, subject to applicable safeguards.
12.3 Safeguards for International Transfers
Where personal data is transferred outside the jurisdiction of the data subject, the Company implements appropriate safeguards to ensure an adequate level of protection, including, where applicable:
  1. Contractual arrangements incorporating standard contractual clauses or equivalent safeguards recognized under Applicable Data Protection Laws;
  2. Binding confidentiality and data protection obligations imposed on recipients;
  3. Reasonable technical and organizational security measures to protect personal data against unauthorized access, loss, or misuse; and
  4. Internal policies and procedures governing cross-border data flows.
12.4 Transfers to Specific Jurisdictions
Personal data may be transferred to and processed in jurisdictions including, without limitation, the European Union, the United Kingdom, the United States, and other countries where the Company’s buyers, agents, distributors, service providers, or cloud infrastructure are located.
Such transfers are undertaken strictly for legitimate business and trade-related purposes.
12.5 Regulatory and Statutory Compliance
For data subjects located in India, cross-border transfers are conducted in accordance with the Digital Personal Data Protection Act, 2023 and any rules or notifications issued thereunder.
For data subjects located in the European Union or United Kingdom, cross-border transfers are conducted in compliance with Chapter V of the GDPR and UK GDPR, as applicable.
12.6 Risk Acknowledgement
By engaging with the Company, submitting personal data, or using the Website, data subjects acknowledge that their personal data may be transferred to and processed in jurisdictions outside their country of residence. The Company takes reasonable steps to ensure that such transfers do not compromise the level of protection afforded to personal data.
12.7 Continued Accountability
The Company remains responsible for personal data transferred to third parties and shall use reasonable efforts to ensure that recipients process such data in accordance with Applicable Data Protection Laws and this Privacy Policy.
13. Data Retention and Storage Periods
13.1 Principle of Storage Limitation
The Company retains personal data only for as long as is necessary, proportionate, and lawful to fulfil the purposes for which such personal data was collected and processed, as described in this Privacy Policy, unless a longer retention period is required or permitted under Applicable Data Protection Laws.
Personal data shall not be retained indefinitely and shall be subject to periodic review to determine whether continued retention is justified.
13.2 Criteria for Determining Retention Periods
In determining appropriate retention periods, the Company considers, without limitation:
  1. The nature, sensitivity, and volume of the personal data;
  2. The purposes for which the personal data is processed;
  3. Contractual, commercial, and operational requirements;
  4. Statutory, regulatory, taxation, and accounting obligations;
  5. Limitation periods for legal claims and dispute resolution; and
  6. Recommendations or guidelines issued by relevant regulatory authorities.
13.3 Retention of Business and Trade-Related Data
Personal data collected in connection with business enquiries, RFQs, sample requests, and trade communications may be retained for the duration necessary to:
  1. Evaluate and pursue commercial opportunities;
  2. Manage ongoing business relationships;
  3. Maintain records of negotiations and correspondence; and
  4. Support audit, compliance, and dispute-resolution requirements.
Where no commercial relationship is established, such data may be retained for a reasonable period thereafter for internal analysis and record-keeping, unless deletion is requested or required by law.
13.4 Retention for Contractual and Legal Compliance
Personal data relating to concluded contracts, export transactions, logistics, invoicing, and regulatory compliance may be retained for the period required under applicable laws, including tax, customs, foreign trade, and accounting regulations, or for such longer period as is necessary to establish, exercise, or defend legal claims.
13.5 Retention of Technical and Usage Data
Technical data collected through cookies, analytics tools, and similar technologies is retained for durations appropriate to the purpose of such collection, including website analytics, security monitoring, and performance improvement, subject to applicable legal requirements and user consent.
13.6 Deletion, Anonymization, and Archival
Upon expiry of the applicable retention period, personal data shall be:
  1. Securely deleted;
  2. Irreversibly anonymized; or
  3. Archived in a restricted-access format, where retention is required for legal or compliance purposes.
The method of disposal shall be determined based on the nature of the data and applicable legal obligations.
13.7 Requests for Deletion
Data subjects may request deletion or erasure of their personal data in accordance with Applicable Data Protection Laws. Such requests shall be assessed on a case-by-case basis and may be declined where retention is required for legal, contractual, or regulatory reasons.
13.8 Documentation and Accountability
The Company maintains internal records documenting retention practices and shall implement reasonable measures to ensure that personal data is not retained beyond permissible periods.
14. Data Security Measures and Safeguards
14.1 Commitment to Data Security
The Company implements reasonable, appropriate, and proportionate technical and organizational measures to ensure a level of security appropriate to the risk associated with the processing of personal data, including protection against unauthorized or unlawful processing, accidental loss, destruction, alteration, or damage.
Such measures are designed taking into account the state of the art, the cost of implementation, the nature, scope, context, and purposes of processing, and the likelihood and severity of risks to the rights and freedoms of data subjects.
14.2 Technical Security Measures
The Company employs a range of technical safeguards, which may include, without limitation:
  1. Secure servers, hosting environments, and network infrastructure;
  2. Access controls, authentication mechanisms, and role-based access restrictions;
  3. Encryption and/or pseudonymization of personal data, where appropriate;
  4. Firewalls, intrusion detection systems, and malware protection tools;
  5. Secure data transmission protocols;
  6. Regular system monitoring and logging to detect unauthorized access or anomalies; and
  7. Backup, recovery, and business continuity mechanisms to protect against data loss.
14.3 Organizational Security Measures
The Company implements organizational safeguards to support data protection and confidentiality, including:
  1. Internal policies and procedures governing the handling of personal data;
  2. Restriction of access to personal data on a need-to-know basis;
  3. Designation of responsible personnel for data protection oversight;
  4. Training and awareness programs for employees and authorized personnel;
  5. Confidentiality obligations imposed on employees, contractors, and agents; and
  6. Disciplinary measures for non-compliance with data protection policies.
14.4 Third-Party and Vendor Security
Where personal data is processed by third-party service providers or processors, the Company:
  1. Conducts reasonable due diligence prior to engagement;
  2. Enters into written agreements imposing data protection, confidentiality, and security obligations;
  3. Requires third parties to implement appropriate technical and organizational measures; and
  4. Monitors compliance to the extent practicable.
14.5 Data Protection by Design and by Default
The Company endeavors to integrate data protection principles into its systems and processes from the outset, ensuring that, by default, only personal data necessary for each specific purpose is processed and that access is limited to authorized individuals.
14.6 Incident Management and Data Breach Response
The Company maintains procedures for identifying, assessing, and responding to suspected or actual personal data breaches. In the event of a breach that is likely to result in a risk to the rights and freedoms of data subjects, the Company shall take reasonable steps to:
  1. Contain and mitigate the breach;
  2. Assess the impact and scope of the incident;
  3. Comply with applicable notification requirements under Applicable Data Protection Laws; and
  4. Document the incident and remedial actions taken.
14.7 Limitations of Security Measures
While the Company employs appropriate safeguards, no method of transmission or storage of personal data is completely secure. Accordingly, the Company does not guarantee absolute security and shall not be responsible for security incidents beyond its reasonable control, except as required by law.
14.8 Periodic Review and Improvement
The Company periodically reviews and updates its security measures to address evolving threats, technological developments, and changes in legal or regulatory requirements.
15. Rights of Data Principals / Data Subjects
Subject to Applicable Data Protection Laws and any statutory limitations or exemptions thereunder, individuals whose personal data is processed by the Company (“Data Principals” under the DPDP Act and “Data Subjects” under the GDPR) are entitled to exercise the rights set out below.
The availability and scope of these rights may vary depending on the jurisdiction of the data subject and the lawful basis on which personal data is processed.
15.1 Right to Access
Data subjects have the right to obtain confirmation as to whether their personal data is being processed and, where applicable, to access such personal data along with information relating to:
  1. The categories of personal data processed;
  2. The purposes of processing;
  3. The categories of recipients to whom personal data has been disclosed;
  4. The envisaged retention period or criteria used to determine such period; and
  5. The existence of applicable rights under Applicable Data Protection Laws.
15.2 Right to Correction and Rectification
Data subjects have the right to request correction, rectification, or updating of inaccurate, incomplete, or outdated personal data processed by the Company. The Company shall take reasonable steps to ensure that such data is corrected without undue delay.
15.3 Right to Erasure (Right to be Forgotten)
Data subjects may request erasure or deletion of their personal data where:
  1. The personal data is no longer necessary for the purposes for which it was collected;
  2. Consent has been withdrawn and no other lawful basis for processing exists;
  3. The personal data has been unlawfully processed; or
  4. Erasure is required to comply with a legal obligation.
This right is subject to limitations where retention is necessary for legal, contractual, or regulatory compliance, or for the establishment, exercise, or defense of legal claims.
15.4 Right to Data Portability
Where applicable, data subjects have the right to receive personal data provided by them to the Company in a structured, commonly used, and machine-readable format, and to transmit such data to another data controller, where processing is based on consent or contract and carried out by automated means.
15.5 Right to Restriction of Processing
Data subjects may request restriction of processing where:
  1. The accuracy of the personal data is contested;
  2. Processing is unlawful and the data subject opposes erasure;
  3. The Company no longer requires the personal data but the data subject requires it for legal claims; or
  4. An objection to processing is pending verification.
15.6 Right to Object to Processing
Data subjects have the right to object, on grounds relating to their particular situation, to the processing of personal data based on legitimate interests or for direct marketing purposes. Where an objection to direct marketing is raised, the Company shall cease such processing.
15.7 Right to Withdraw Consent
Where processing is based on consent, data subjects have the right to withdraw such consent at any time. Withdrawal shall not affect the lawfulness of processing carried out prior to withdrawal.
15.8 Right to Grievance Redressal and Complaint
Data subjects have the right to lodge a grievance or complaint with the Company’s designated Grievance Officer / Data Protection Officer and, where applicable, with the competent supervisory authority in their jurisdiction.
15.9 Limitations and Exemptions
The exercise of the above rights may be subject to restrictions where processing is required for:
  1. Compliance with legal or regulatory obligations;
  2. Performance of contractual obligations;
  3. Protection of the rights and freedoms of others; or
  4. Prevention, detection, or investigation of fraud or unlawful activity.
16. Procedure to Exercise Your Data Protection Rights
16.1 Submission of Requests
Data Principals / Data Subjects may exercise their rights under Applicable Data Protection Laws by submitting a written request to the Company using one of the following methods:
  1. By email to contact@sarbovia.com; or
  2. Through any other communication channel expressly designated by the Company for data protection requests.
Requests should clearly specify the nature of the right being exercised and provide sufficient information to enable the Company to identify the requester and locate the relevant personal data.
16.2 Verification of Identity
In order to protect personal data against unauthorized access or disclosure, the Company may take reasonable steps to verify the identity of the individual submitting the request. Such verification measures shall be proportionate and may include requests for additional information necessary to confirm the requester’s identity.
The Company shall not collect excessive information for identity verification and shall use such information solely for the purpose of processing the request.
16.3 Response Timeframes
The Company shall acknowledge and respond to valid requests within the timeframes prescribed under Applicable Data Protection Laws, taking into account the nature and complexity of the request. Where an extension of time is permitted by law, the Company shall inform the requester of the reasons for the delay and the expected timeframe for response.
16.4 Manner of Response
Responses to requests shall be provided in writing or by electronic means, unless otherwise requested by the data subject and permitted by law. Information shall be provided in a clear, concise, and accessible manner.
16.5 Refusal or Limitation of Requests
The Company reserves the right to refuse or limit a request where:
  1. The request is manifestly unfounded, excessive, or repetitive;
  2. Compliance would adversely affect the rights and freedoms of others;
  3. Compliance would conflict with legal or regulatory obligations; or
  4. An exemption under Applicable Data Protection Laws applies.
In such cases, the Company shall provide the requester with a reasoned explanation, to the extent permitted by law.
16.6 Record-Keeping and Accountability
The Company shall maintain internal records of data protection requests received and the actions taken in response, in accordance with Applicable Data Protection Laws.
16.7 Right to Lodge Complaints
If a data subject is dissatisfied with the Company’s response, they may lodge a grievance with the Company’s designated Grievance Officer / Data Protection Officer or, where applicable, with the competent supervisory authority in their jurisdiction.
17. Children’s Privacy
17.1 No Intentional Collection of Children’s Data
The Website and the Company’s services are intended exclusively for business and commercial use and are not directed at children or minors. The Company does not knowingly collect, process, or store personal data relating to individuals under the age of eighteen (18) years, or such higher age as may be prescribed under Applicable Data Protection Laws.
17.2 Prohibition on Use by Children
Children and minors are not permitted to use the Website or submit personal data through the Website, including through contact forms, enquiry forms, or communication tools. Any use of the Website by a minor is contrary to the Company’s policies and terms of use.
17.3 Inadvertent Collection
In the event that the Company becomes aware that it has inadvertently collected personal data relating to a child without valid parental or guardian consent, the Company shall take reasonable steps to:
  1. Promptly delete such personal data from its records; or
  2. Where required by law, obtain verifiable parental or guardian consent.
17.4 Parental and Guardian Rights
Parents or legal guardians who believe that a child has provided personal data to the Company without consent may contact the Company at contact@sarbovia.com to request access, correction, or deletion of such data. The Company shall take appropriate action in accordance with Applicable Data Protection Laws.
18. Third-Party Links and External Websites
18.1 Presence of Third-Party Links
The Website may contain links to third-party websites, platforms, applications, or services (“Third-Party Websites”) that are operated and controlled by entities independent of the Company. Such links are provided solely for informational, convenience, or business-related purposes.
18.2 No Control Over Third-Party Practices
The Company does not control, endorse, or assume responsibility for the content, security, availability, or privacy practices of any Third-Party Websites. Any personal data collected by such Third-Party Websites is governed by their respective privacy policies and terms of use.
18.3 Disclaimer of Liability
The Company shall not be responsible or liable for any loss, damage, or misuse of personal data arising from the access to or use of Third-Party Websites, including any processing of personal data carried out by such third parties.
Data subjects are encouraged to review the privacy policies and data protection practices of Third-Party Websites before submitting any personal data.
18.4 Third-Party Tools and Integrations
The Website may integrate or interact with third-party tools or services, including analytics platforms, advertising networks, communication tools, or social media plugins. The Company does not control how such third parties collect or process personal data through their tools.
Use of such tools may result in the collection of personal data by third parties in accordance with their own privacy policies.
18.5 Links to Regulatory and Informational Resources
Where the Website provides links to external regulatory, informational, or industry resources, such links do not constitute endorsement of such resources, nor do they imply any affiliation with the Company.
19. Grievance Redressal and Data Protection Officer (DPO) Details
19.1 Appointment and Role
In accordance with Applicable Data Protection Laws, including the Digital Personal Data Protection Act, 2023 (India) and the General Data Protection Regulation (EU) 2016/679 (GDPR), the Company has designated a Grievance Officer / Data Protection Officer (DPO) to oversee compliance with data protection obligations and to serve as the primary point of contact for data principals / data subjects and regulatory authorities on matters relating to personal data.
The Grievance Officer / DPO is responsible for, inter alia:
  1. Monitoring compliance with Applicable Data Protection Laws and this Privacy Policy;
  2. Advising the Company on data protection obligations and risk management;
  3. Facilitating the exercise of data subject rights;
  4. Addressing grievances, complaints, and queries relating to the processing of personal data; and
  5. Acting as a liaison with competent supervisory or regulatory authorities, where required.
19.2 Contact Details
The contact details of the Company’s Grievance Officer / Data Protection Officer are as follows:
  • Name: Parth Verma
  • Designation: Grievance Officer / Data Protection Officer
  • Email: contact@sarbovia.com
All communications relating to personal data protection, grievances, or the exercise of data subject rights should be addressed to the above contact details.
19.3 Grievance Redressal Mechanism
Data Principals / Data Subjects may raise grievances or complaints relating to the processing of their personal data by submitting a written communication to the Grievance Officer / DPO using the contact details provided above.
Upon receipt of a grievance, the Company shall:
  1. Acknowledge receipt of the grievance within a reasonable period;
  2. Examine the grievance in accordance with internal policies and Applicable Data Protection Laws; and
  3. Take reasonable steps to resolve the grievance within the timelines prescribed under Applicable Data Protection Laws.
19.4 Escalation to Regulatory Authorities
If a data subject is not satisfied with the resolution provided by the Company, or if the grievance remains unresolved within the prescribed timelines, the data subject may have the right to escalate the matter to the appropriate data protection authority or supervisory authority in their jurisdiction, including, where applicable, the Data Protection Board of India or a competent supervisory authority in the European Union or United Kingdom.
19.5 Independence and Confidentiality
The Grievance Officer / DPO shall perform their duties independently and shall not be instructed regarding the exercise of their functions. All communications addressed to the Grievance Officer / DPO shall be treated confidentially and used solely for the purpose of addressing data protection matters.
20. Updates, Amendments, and Notification of Changes
20.1 Right to Amend
The Company reserves the right to amend, modify, update, or revise this Privacy Policy from time to time in order to reflect changes in:
  1. Applicable laws, regulations, or regulatory guidance;
  2. The Company’s business operations, data processing activities, or services;
  3. Technological developments or security practices; or
  4. Organizational or compliance requirements.
20.2 Effectiveness of Updates
Any amendments or updates to this Privacy Policy shall become effective upon publication on the Website, unless otherwise specified. The “Last Updated” date at the beginning of this Privacy Policy shall indicate the most recent revision.
20.3 Notification of Material Changes
Where amendments materially affect the rights of data subjects or the manner in which personal data is processed, the Company shall take reasonable steps to provide notice of such changes, which may include:
  1. Posting a prominent notice on the Website;
  2. Updating cookie banners or consent mechanisms, where applicable; or
  3. Providing direct notification through electronic communication, where required by Applicable Data Protection Laws.
20.4 Continued Use
Continued access to or use of the Website, or continued engagement with the Company following the effective date of any update, shall constitute acknowledgment of the revised Privacy Policy, to the extent permitted under Applicable Data Protection Laws.
20.5 Review and Version Control
The Company maintains internal version control and review procedures to ensure that this Privacy Policy remains accurate, current, and compliant with Applicable Data Protection Laws.

Subscribe to Stay Updated with the Latest News

Please enable JavaScript in your browser to complete this form.

About

Explore Sarbovia’s luxurious bed sheets, blending comfort, elegance and quality to create restful and stylish sleep.

Get In Touch

Quick links

Policies

Copyright © 2026 Sarbovia | All rights reserved.