Privacy policy

 

Gimi Gimi

(A brand of Alimento Agro Foods Private Limited)

Effective Date: [25 May 2026]

Last Updated: [25 May 2026]

1. Introduction and Commitment

Alimento Agro Foods Private Limited (hereinafter referred to as "the Company", "We", "Us", or "Our"), the entity behind the Gimi Gimi brand, is committed to conducting its business with the highest ethical standards and maintaining appropriate internal controls with respect to the protection of Your information. This Privacy Policy applies to personal data collected when You visit our website at https://gimigimifoods.com/ (the "Website"), use our mobile applications, or otherwise interact with the Gimi Gimi brand and its associated products and services (collectively, the "Services").

Recognising its role as a ‘Data Fiduciary’ under the Digital Personal Data Protection Act, 2023 ("DPDPA 2023") and a body corporate under the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), the Company has adopted this comprehensive privacy policy to govern the collection, storage, processing, use, disclosure, and destruction of personal data within its custody.

By accessing or using the Website or Services, You consent to the collection, use, and disclosure of Your information in accordance with this Privacy Policy. If You do not agree with the terms of this Privacy Policy, please do not access or use the Website or Services.

2. Definitions

For the purposes of this Privacy Policy, the following terms shall have the meanings ascribed to them below:

"Applicable Law" means all applicable statutes, enactments, acts of legislature, laws, ordinances, rules, bye-laws, regulations, notifications, guidelines, policies, directions, directives, and orders of any governmental authority, tribunal, or court in India, including but not limited to the Information Technology Act, 2000, the SPDI Rules, and the DPDPA 2023.

"Consent" means free, specific, informed, unconditional, and unambiguous consent given by a Data Principal for a specified purpose, by way of a clear affirmative action, as defined under the DPDPA 2023.

"Data Fiduciary" means any person (including the Company) who alone or in conjunction with other persons determines the purpose and means of processing of personal data, as defined under the DPDPA 2023.

"Data Principal" means the individual to whom the personal data relates, or where such individual is a child, the parent or lawful guardian of such child.

"Data Processor" means any person who processes personal data on behalf of a Data Fiduciary.

"Non-Personal Information" means information that is in no way personally identifiable and that is obtained automatically through Your use of the Website with a web browser or through Your use of the Services. Non-Personal Information includes, without limitation, aggregated data, anonymised information, and statistical data that cannot be used to identify any individual user.

"Personal Data" means any data about an individual who is identifiable by or in relation to such data, as defined under the DPDPA 2023. For the purposes of this Privacy Policy, Personal Data includes Sensitive Personal Data or Information ("SPDI") as defined under the SPDI Rules.

"Sensitive Personal Data or Information" or "SPDI" means personal information relating to passwords, financial information (such as bank account or credit/debit card details), physical, physiological, and mental health conditions, sexual orientation, medical records and history, and biometric information, as defined under Rule 3 of the SPDI Rules.

"Services" means all products, services, content, features, technologies, and functions offered by the Company through the Website or otherwise under the Gimi Gimi brand.

"Website" means the website accessible at https://gimigimifoods.com/ and any associated subdomains, mobile applications, or digital platforms operated by the Company under the Gimi Gimi brand.

"You" or "Your" refers to the Data Principal accessing or using the Website or Services.

3. Legal Basis for Processing Personal Data

The Company processes Your Personal Data on the following lawful bases under the DPDPA 2023 and other Applicable Law:

3.1 Consent: Where You have given clear, free, specific, informed, and unambiguous consent to the processing of Your Personal Data for one or more specified purposes. Consent shall be obtained through a clear affirmative action, including through electronic means, and You shall have the right to withdraw such consent at any time.

3.2 Legitimate Uses: Processing that is necessary for any of the following purposes as recognised under the DPDPA 2023:

(a) The performance of any function under any law or for compliance with any order issued under any law;

(b) The performance of any function by the State or any of its instrumentalities in the interest of the sovereignty and integrity of India, security of the State, or maintenance of public order;

(c) Responding to a medical emergency involving a threat to life or health;

(d) Taking measures to provide medical treatment or health services during an epidemic, outbreak of disease, or other threat to public health; and

(e) Ensuring safety of, or providing assistance or services to, any individual during any disaster or breakdown of public order.

3.3 Certain Legitimate Uses Without Consent: Processing that is necessary for the purposes specified under Section 7 of the DPDPA 2023, which does not require consent, including but not limited to the fulfilment of any obligation under law, compliance with court orders, or the performance of functions in the interest of public order.

4. Information We Collect

The Company collects various categories of information in connection with the provision of our Services and the operation of our Website. The following sections describe the types of information We collect and the methods by which such information is gathered.

4.1 Personal Data Collected Directly from You

We may collect Personal Data directly from You when You:

(a) Register for an account on the Website or place an order for products or services;

(b) Provide information on applications, registration forms, or other forms on the Website;

(c) Contact Us via any medium, including email, telephone, social media interaction, or customer service channels;

(d) Participate in surveys, promotions, contests, or feedback programmes;

(e) Subscribe to our newsletters or marketing communications; and

(f) Use a mobile device platform to access the Services or communicate with Us.

The categories of Personal Data We may collect include: Your name, email address, postal address, telephone number, date of birth, payment information (credit/debit card details, bank account information, UPI identifiers), delivery address, purchase history, and any other information You voluntarily provide to Us.

4.2 Sensitive Personal Data or Information (SPDI)

In accordance with the SPDI Rules, We may collect the following categories of SPDI where necessary for the provision of Services:

(a) Financial information such as bank account details, credit/debit card numbers, or other payment instrument details;

(b) Passwords and authentication credentials; and

(c) Any other information that falls within the definition of SPDI under Rule 3 of the SPDI Rules.

We shall obtain Your prior, informed, and explicit consent before the collection, storage, or processing of any SPDI.

4.3 Non-Personal Information and Technical Data

We automatically collect certain Non-Personal Information when You access or use our Website, including:

(a) Browser type, version, and language preferences;

(b) Internet protocol (IP) address;

(c) Device information, including device type, unique device identifiers, operating system, and mobile network information;

(d) General usage patterns relating to Your interaction with our Website and Services;

(e) The URL of the website from which You arrived and the website to which You navigate upon leaving;

(f) Location data passed to Us from third-party services or GPS-enabled devices that You have enabled; and

(g) Log files, server records, and clickstream data.

This information is collected automatically and does not, by itself, permit direct association with any specific individual.

4.4 Information Collected Through Third-Party Services

We may utilise tracking technologies provided by third-party partners to identify visitors to our Website and to associate Website activities with previously collected information where consent has been provided. Information You provide to third-party websites is not within the control of the Company, and the terms and privacy policies of such third parties shall govern their use of such information.

4.5 Information Collected Through Customer Service Interactions

We collect information when You interact with our customer service team in order to accurately categorise and respond to customer inquiries, provide support, and continually improve the quality of our Services. Such information may include correspondence records, support tickets, and related communications.

5. Purpose Limitation and Use of Information

5.1 Data Minimisation

The Company strictly adheres to the principle of data minimisation. We collect Personal Data only for specified, explicit, and legitimate business purposes, and only to the extent that is reasonably necessary to achieve those purposes.

5.2 Purposes for Which We Use Your Information

We use the information We collect for the following purposes:

(a) To deliver, process, and fulfil Your orders, including payment processing, delivery, and returns management;

(b) To deliver, improve, and personalise our Services to meet Your specific needs and preferences;

(c) To communicate updates, provide support, and inform You of product enhancements, new features, promotions, and offers;

(d) To verify Your identity and manage Your account;

(e) To fulfil legal, regulatory, or contractual obligations to which We are subject, including compliance with Applicable Law;

(f) To conduct analytics and research to improve our Website, products, and Services;

(g) To ensure the functionality, security, and performance of our Website and Services, including monitoring system performance, diagnosing technical problems, and optimising the user experience;

(h) To accurately categorise and respond to customer inquiries and to investigate breaches of our terms of use;

(i) To conduct market research and gather feedback to improve our offerings; and

(j) To prevent, detect, and investigate fraud, security breaches, or other potentially prohibited or illegal activities.

5.3 Restrictions on Usage

Purpose Limitation: We collect data only for specific, clear, and legitimate purposes as described in this Privacy Policy. Data is not used for any other purposes without Your explicit consent.

Prohibition on Unnecessary Processing: The processing of any Personal Data that is not demonstrably aligned with the Company’s lawful and necessary purposes as stated herein is strictly prohibited.

6. Consent Mechanisms

6.1 Obtaining Consent

The Company shall obtain Your free, specific, informed, unconditional, and unambiguous consent prior to collecting, processing, or using Your Personal Data, in accordance with the DPDPA 2023 and the SPDI Rules.

Consent shall be obtained through clear affirmative action, including but not limited to:

(a) Electronic consent through the Website via clear and unambiguous opt-in mechanisms (such as tick-boxes) that are time-stamped and logged;

(b) Written consent through a physical document signed by the Data Principal; and

(c) Authenticated digital consent through secure digital portals or electronic signatures.

6.2 Notice at the Time of Consent

At the time of requesting consent, We shall provide You with a clear and plain-language notice containing the following information, as required under Section 5 of the DPDPA 2023:

(a) The Personal Data proposed to be collected;

(b) The purpose for which such data is proposed to be processed;

(c) The manner in which You may exercise Your rights as a Data Principal; and

(d) The manner in which You may make a complaint to the Data Protection Board of India.

6.3 Withdrawal of Consent

You have the right to withdraw Your consent at any time. Such withdrawal shall be as easy as giving consent. Withdrawal of consent shall not affect the lawfulness of processing carried out prior to such withdrawal. Upon withdrawal, We shall cease processing Your Personal Data (unless processing is required under Applicable Law) and shall delete such data within such time as may be prescribed, unless retention is required by law.

6.4 Consent for Children's Data

Our Services are not intended for individuals under the age of 18 years. We do not knowingly collect Personal Data from children. If We become aware that We have inadvertently collected Personal Data from a child, We will take immediate steps to delete such information from our systems. In compliance with Section 9 of the DPDPA 2023, before processing any Personal Data of a child, We shall obtain verifiable consent from the parent or lawful guardian of such child.

7. Cookies and Tracking Technologies

7.1 Use of Cookies

The Website may send a "cookie" to Your computer or device. Cookies allow Us to recognise You as a user when You return to our Website using the same computer and web browser. We use cookies to identify which areas of our Website You have visited, to analyse how You use the Website, and to enhance the user experience. We also may use this information to personalise the content that You see and to improve the relevance of our communications with You.

7.2 Types of Cookies We Use

(a) Essential Cookies: Necessary for the operation of the Website and enabling core functionality such as security, network management, and account access;

(b) Analytics and Performance Cookies: Used to understand how visitors interact with the Website, enabling Us to improve performance and user experience;

(c) Functionality Cookies: Used to recognise You when You return to the Website and to personalise content for You; and

(d) Advertising and Targeting Cookies: Used to deliver advertisements more relevant to You and Your interests.

7.3 Managing Cookies

You can manage or disable cookies through the cookie banner displayed on our Website or through Your browser settings. If cookies are rejected, tracking will not occur; however, some features of the Website may be limited or unavailable.

7.4 Web Beacons and Pixels

We may use web beacons, pixels, and similar technologies to collect Non-Personal Information about Your use of the Website, to collect anonymous, aggregated auditing and research data, and to collect data related to Your use of special promotions or newsletters. Our web beacons are not used to track Your activity outside of the Website.

8. Data Sharing and Disclosure

The Company maintains a stringent prohibition against the disclosure, transfer, or sharing of any Personal Data to unauthorised third parties. Except as set forth below or as specifically agreed to by You, We will not disclose any Personal Data gathered from You on the Website or through the Services.

8.1 Service Providers

We share Personal Data with trusted vendors, contractors, and service providers (including hosting providers, payment processors, logistics partners, analytics services, and support providers) that perform services on our behalf and are bound by strict confidentiality obligations. Access to Your Personal Data by such service providers is limited to the information reasonably necessary for the provider to perform its function. We contractually require that such providers: (a) protect the privacy of Your Personal Data consistent with this Privacy Policy; and (b) not use or disclose Your Personal Data for any purpose other than providing services to Us.

8.2 Legal Compliance

We may share Personal Data as required by law, including in response to a court order, a legally binding statutory obligation, or a directive from a competent regulatory authority. In such cases, disclosure shall be limited to the minimum data necessary to comply with the legal requirement. In the event that We are legally compelled to disclose Your Personal Data to a third party, We will attempt to notify You unless doing so would violate the law or court order.

8.3 Business Transfers

If the entire or substantial ownership of the Website or the Services were to change, whether through a merger, acquisition, reorganisation, or sale of all or a substantial portion of our assets, Your information may be transferred to the new owner so the Services can continue operations. In any such transfer, Your information would remain subject to the promises of the then-current Privacy Policy.

8.4 Use of Aggregate and Anonymised Data

We may combine Non-Personal Information with information from other users to create aggregate data that may be disclosed to third parties. Aggregate information does not contain any information that could be used to identify You and does not include Your personal contact information. Non-identifiable insights may be used for internal analysis or public reporting.

8.5 With Your Consent

We may share Your Personal Data with third parties where You have provided explicit, informed consent for such sharing, clearly specifying the purpose of the disclosure and the nature of the information being shared.

9. Data Security

9.1 Commitment to Security

We use industry-leading measures to protect Your data. Our Website and Services utilise various information security measures to protect Your Personal Data, accounts, passwords, and other confidential information.

9.2 Technical Security Measures

Our security measures include:

(a) Encryption: We employ encryption at rest and in transit using industry-standard strong encryption algorithms (such as AES-256 and TLS protocols) to ensure that Your data is protected during storage and transmission.

(b) Access Controls: We implement enterprise-grade access controls, authentication protocols (including multi-factor authentication where appropriate), and comprehensive audit logs to monitor and control access to Your data. Access is managed on the principle of least privilege.

(c) System Protection: Comprehensive antivirus and anti-malware software is installed and automatically updated on all relevant systems. Regular malware and vulnerability scanning is performed.

(d) Network Security: Internet firewalls, intrusion detection systems, and network segmentation are employed to protect against unauthorised access.

(e) Employee Security: We maintain secure device setups, require confidentiality agreements from all personnel with access to Personal Data, and implement device management protections.

9.3 Compliance Standards

We maintain compliance with industry-standard security frameworks and conduct regular security audits to ensure ongoing adherence to best practices.

9.4 Incident Management

Any suspected or confirmed security breach involving Personal Data shall be immediately escalated to our designated Incident Response Team. We maintain a defined protocol for isolating affected systems, eradicating threats, and restoring services securely. All incidents are thoroughly documented, and corrective actions are implemented to prevent future occurrences.

10. Data Retention and Destruction

10.1 Retention Principles

We retain Personal Data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements.

Information may be retained for an extended period in the following circumstances:

(a) Where required by any investigations under Applicable Law or as part of any requirement before courts, tribunals, forums, commissions, or other judicial or regulatory bodies;

(b) To comply with statutory and regulatory mandates regarding minimum retention periods; and

(c) To establish, exercise, or defend legal claims.

10.2 Secure Disposal

Upon expiry of the applicable retention period, or upon a verified request from You in accordance with Your rights under this Privacy Policy and Applicable Law, Personal Data will be securely deleted or anonymised using industry-standard data sanitisation methods to render the data irrecoverable.

10.3 Disposal Records

A comprehensive log shall be maintained for every instance of data destruction, detailing the type of data destroyed, the date of destruction, the method used, and the identification of the individual who authorised the destruction.

11. Rights of Data Principals

11.1 Your Rights Under the DPDPA 2023

As a Data Principal, You have the following rights under the DPDPA 2023 and other Applicable Law:

(a) Right to Access Information: You have the right to obtain from the Company a summary of Your Personal Data that is being processed and the processing activities undertaken with respect to such data, as provided under Section 11 of the DPDPA 2023;

(b) Right to Correction and Erasure: You have the right to request the correction of inaccurate or misleading Personal Data, the completion of incomplete Personal Data, the updating of Personal Data, and the erasure of Personal Data that is no longer necessary for the purpose for which it was collected, as provided under Section 12 of the DPDPA 2023;

(c) Right to Withdraw Consent: You have the right to withdraw Your consent at any time. Such withdrawal shall be as easy as giving consent. The consequences of such withdrawal shall be borne by You;

(d) Right of Grievance Redressal: You have the right to have readily available means of grievance redressal provided by the Company in respect of any act or omission of the Company regarding Your Personal Data;

(e) Right to Nominate: You have the right to nominate any other individual to exercise Your rights in the event of Your death or incapacity, as provided under Section 14 of the DPDPA 2023; and

(f) Right to Complain to the Data Protection Board: You have the right to lodge a complaint with the Data Protection Board of India if You believe Your rights under the DPDPA 2023 have been violated.

11.2 Additional Rights Under the SPDI Rules

In addition to the rights set forth above, under the SPDI Rules, You have the right to:

(a) Review the information You have provided and ensure that any information found to be inaccurate or deficient is corrected or amended;

(b) Formally request the withdrawal of consent for the collection, storage, processing, or use of Your SPDI; and

(c) Request data correction, modification, or updating of any inaccurate or incomplete SPDI held by the Company.

11.3 How to Exercise Your Rights

To exercise any of the rights described above, please contact our Grievance Officer using the details set out in Section 14 below. We will respond to Your request within the timeframes prescribed by Applicable Law and will take all reasonable steps to verify Your identity before processing any request.

Please note that the exercise of certain rights may result in Our inability to continue providing You with certain Services or features. We shall inform You of any such consequences at the time of Your request.

12. Obligations of the Data Fiduciary

The Company, as a Data Fiduciary under the DPDPA 2023, undertakes the following obligations:

12.1 Reasonable Security Safeguards: To protect Personal Data in its possession or under its control by taking reasonable security safeguards to prevent personal data breach, in accordance with Section 8(4) of the DPDPA 2023 and the SPDI Rules.

12.2 Breach Notification: In the event of a personal data breach, to give the Data Protection Board of India and each affected Data Principal intimation of such breach in such form and manner as may be prescribed.

12.3 Data Erasure: To erase Personal Data upon withdrawal of consent by the Data Principal or when the specified purpose is no longer being served, whichever is earlier, unless retention is required under Applicable Law.

12.4 Grievance Redressal: To publish the business contact information of a Data Protection Officer or other designated person to answer questions and address grievances of Data Principals.

12.5 Accuracy of Data: To make reasonable efforts to ensure that Personal Data processed is accurate, complete, and not misleading, having regard to the purpose for which it is processed.

12.6 Purpose Limitation: To process Personal Data only for the purpose for which it was collected and not for any other purpose, unless fresh consent is obtained.

12.7 Data Retention Limitation: To not retain Personal Data beyond the period necessary for the specified purpose, and to erase such data at the end of the specified period.

13. International Data Transfers

Data may be transferred and processed in countries outside India. Where such transfers occur, We implement standard contractual clauses and other appropriate safeguards to ensure that Your Personal Data receives an adequate level of protection in accordance with this Privacy Policy and Applicable Law.

The Company shall not transfer Personal Data to any country or territory outside India unless the Central Government, by notification, has determined that such country or territory ensures an adequate level of protection for Personal Data, or unless such transfer is otherwise permitted under the DPDPA 2023.

14. Grievance Redressal

14.1 Grievance Officer

In accordance with Rule 5(9) of the SPDI Rules and the requirements of the DPDPA 2023, the Company has designated the following individual as the Grievance Officer to address any concerns, queries, or complaints related to data privacy and the processing of Personal Data:

Attribute

Detail

Grievance Officer Name

Siddharth Agarwal

Designation

Marketing Manager

Official Email Address

sid@mealofthemoment.com

Address

Building No./Flat No.: C-7 to C-12
Road/Street: KORITAL FOOD PARK,CABLE NAGAR,NH-12
City/Town/Village: Kewal Nagar
District: Kota
State: Rajasthan
PIN Code: 325003

Phone No.

91 8955006021


14.2 Service Standards

(a) Acknowledgement: The Grievance Officer shall formally acknowledge the receipt of any written request, complaint, or communication within 48 hours (or such shorter period as may be prescribed under DPDPA 2023) of receiving the same.

(b) Resolution: The Grievance Officer shall make all reasonable efforts to resolve the grievance within 30 calendar days from the date of receipt, or within such period as may be prescribed by the Data Protection Board of India or under the DPDPA 2023.

14.3 Escalation to the Data Protection Board

If You are not satisfied with the resolution provided by the Grievance Officer, You have the right to file a complaint with the Data Protection Board of India in such manner as may be prescribed under the DPDPA 2023.

15. Behavioural Targeting and Marketing

We may partner with third-party advertising networks to either display advertising on our Website or to manage our advertising on other sites. Our advertising partners may use cookies and web beacons to collect non-personally identifiable information about Your activities on our Website and other websites to provide You with targeted advertising based upon Your interests.

You may opt out of receiving targeted advertising by contacting Us at the details provided in Section 14 above or by managing Your cookie preferences through the cookie banner on our Website.

16. Links to Other Websites

The Website and/or Services may contain links to other websites. We are not responsible for the actions, practices, or content of such websites linked to or from our Website. You understand that such websites may have their own legal documents to which You must agree prior to use, and that We have no control over these legal documents.

17. Market Research

We may conduct online research surveys in order to gather feedback about the Website and opinions on important issues. When participating in a survey, We may ask You to submit Personal Data. Such Personal Data is used for research purposes and is not used for sales solicitations. Personal Data collected through market research will be used only by Us and will not be given or sold to a third party without Your consent.

18. Changes to This Privacy Policy

This Privacy Policy may be updated from time to time to reflect new practices, technological changes, regulatory developments, or legal standards.

If We make any material changes to this Privacy Policy, We will notify You by email (where We have Your email address) or by posting a prominent notice on the Website prior to the change becoming effective. Significant changes will be posted on the Website with an updated "Effective Date."

Your continued use of the Website or Services after the posting of changes constitutes Your agreement to be bound by such changes. Your only remedy, if You do not accept the terms of this Privacy Policy, is to discontinue use of the Website and Services.

19. Exemptions

This Privacy Policy does not apply to:

(a) Any information You post from the Website to third-party websites or social media platforms, due to the public nature of such postings;

(b) Information that is freely available in the public domain; and

(c) Processing of Personal Data that is exempted under the DPDPA 2023, including processing by the State for purposes of national security, processing of data that is publicly available, or processing for research, archiving, or statistical purposes where the data is not used to take any decision specific to a Data Principal.

20. Governing Law and Jurisdiction

This Privacy Policy shall be governed by and construed in accordance with the laws of India. Any disputes arising from or in connection with this Privacy Policy shall be subject to the exclusive jurisdiction of the courts in Mumbai, India.

21. Contact Information

For questions, concerns, or data subject requests regarding this Privacy Policy or our data practices, please contact Us at:

Company: Alimento Agro Foods Private Limited

Email: reach@gimigimifoods.com

Address:Building No./Flat No.: C-7 to C-12
Road/Street: KORITAL FOOD PARK,CABLE NAGAR,NH-12
City/Town/Village: Kewal Nagar
District: Kota
State: Rajasthan
PIN Code: 325003

Phone: +918955006021
———

© Alimento Agro Foods Private Limited. All rights reserved.