Orchid Shipping Private Limited (“Company”, “we”, “us” or “our”) is committed to protecting the privacy and confidentiality of personal data in accordance with the Digital Personal Data Protection Act, 2023 (India) (“DPDP Act”). This Privacy Policy explains how personal data is collected, used, disclosed, stored and protected in connection with the Company’s website and in the course of providing freight forwarding, logistics, customs brokerage, transportation and allied services. This Privacy Policy forms an integral part of the Company’s Standard Terms & Conditions and must be read in conjunction therewith.

This Policy applies to website users, customers, owners of goods, shippers, consignees, agents, vendors, contractors, service providers and any individual whose personal data is processed during the course of the Company’s operations, whether the Company acts as agent or as principal under its contractual arrangements.

The Company may collect personal data including identity and contact information such as name, designation, company name, address, email address and telephone number; regulatory and compliance information including PAN, IEC, GST, Aadhaar or other government‑issued identifiers where required by applicable law; commercial, transactional and shipping information including invoices, packing lists, bills of lading, airway bills, shipping instructions, cargo descriptions and insurance declarations; billing and payment information; and limited technical data such as IP addresses, browser type, access logs and cookie information when users access the website.

Personal data is processed lawfully for specific and legitimate purposes including performance of contractual obligations, compliance with legal and regulatory requirements, acting on customer instructions, pursuing legitimate business interests such as risk management and fraud prevention, and based on consent where expressly required by law. Under the DPDP Act, personal data is processed only for lawful purposes that are clearly communicated and reasonably necessary to provide services.

The Company uses personal data to provide freight forwarding, logistics, customs clearance and transportation services; prepare and submit shipping and regulatory documentation; comply with customs, port, airport and governmental requirements; manage billing, payments and accounts; handle claims, insurance and dispute resolution; communicate with customers, carriers, agents, authorities and service providers; maintain business records; and ensure website security and improve functionality.

Personal data may be disclosed, strictly on a need‑to‑know basis, to shipping lines, airlines, transporters, warehouse operators, port and terminal authorities, customs and regulatory authorities, insurance providers, surveyors, banks, auditors, legal advisors, arbitrators, sub‑contractors and agents engaged for execution of services. Due to the global nature of freight forwarding, personal data may be transferred across borders, subject to appropriate contractual, legal and organisational safeguards.

Personal data is retained only for as long as necessary to fulfil contractual, legal, regulatory or operational requirements, including audits, dispute resolution and enforcement of legal rights, after which the data is securely deleted or anonymised in accordance with applicable law.

The Company implements reasonable technical and organisational measures to safeguard personal data against unauthorised access, alteration, loss or disclosure. However, no electronic transmission or storage system is completely secure, and the Company does not guarantee absolute security. The Company shall not be liable for breaches arising from events beyond its reasonable control, including cyber security incidents, force majeure events or acts or omissions of third‑party service providers.

Where applicable, individuals may exercise rights under the DPDP Act including access to information, correction, erasure and withdrawal of consent, subject to contractual and statutory obligations. Requests may be refused where processing or retention is required by law or for legitimate business purposes.

The website may use cookies or similar technologies to improve functionality and user experience. Continued use of the website constitutes consent to such use, subject to browser settings. The website may contain links to external third‑party sites, for which the Company is not responsible.

To the maximum extent permitted by law, the Company’s liability for any claim relating to personal data or privacy shall be subject to the exclusions, limitations and indemnities set out in its Standard Terms & Conditions.

The Company may amend this Privacy Policy from time to time. Updated versions shall become effective upon publication on the website, and continued use of the website or services shall constitute acceptance of the revised Policy.

This Privacy Policy shall be governed by and construed in accordance with Indian law. Any dispute arising out of or in connection with this Policy shall be resolved through arbitration seated in Mumbai, in accordance with the Company’s Standard Terms & Conditions.