Privacy Policy

Introduction

Gesken (“Gesken”, “we”, “us”, or “our”) operates the website www.gesken.com and related mobile applications, providing a personalised toy gifting platform that enables customers to design and order custom bobbleheads, standees, stickers, and other personalised toy products for children and their loved ones.

We are deeply committed to protecting the privacy of every individual who visits our platform, places an order, or otherwise interacts with our services. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information, and describes the rights you have regarding that information.

By accessing or using the Gesken platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with this policy, please do not use our services.

1. Scope and Applicability

This Privacy Policy applies to:

• All visitors to www.gesken.com and any associated sub-domains.
• Registered users and account holders on the Gesken platform.
• Customers who place orders for personalised toy products.
• Gift recipients whose personal details are provided by the ordering party.
• Vendors, artisans, and partner manufacturers listed on our marketplace.
• Any individual who contacts us through our customer support channels, social media, or other communication tools.

This policy does not apply to third-party websites or services that may be linked from our platform. We encourage you to review the privacy policies of any third-party sites you visit.

2. Information We Collect

2.1 Information You Provide Directly

Account & Registration Information

• Full name, email address, mobile number, and password when you create an account.
• Profile photo (optional) and display preferences.

Order & Customization Information

• Recipient name, age, and physical attributes (such as hair colour, skin tone, and other features) required to create personalised bobblehead or standee products.
• Photos or images you upload to guide the customisation process.
• Gift messages, delivery instructions, and personalisation text for stickers or labels.
• Shipping address, including full postal address of the gift recipient.

Payment Information

Payments on Gesken are processed securely through Razorpay and other authorised payment gateways. We do not store your full credit/debit card numbers, CVV codes, or net banking credentials. Only tokenised payment references and transaction IDs are retained on our systems. Please refer to Razorpay’s Privacy Policy for details of their data handling practices

Customer Support Communications

• Messages, emails, and chat transcripts exchanged with our support team.
• Photographs or documents submitted to resolve order disputes or quality complaints.

2.2 Information Collected Automatically

When you visit or use the Gesken platform, we automatically collect certain technical and behavioural data, including:

• IP address, browser type and version, operating system, and device identifiers.
• Pages visited, time spent on each page, links clicked, and navigation paths.
• Referral source (how you arrived at our website).
• Search queries entered within the Gesken platform.
• Session duration and frequency of visits.

This data is collected using cookies, web beacons, pixel tags, and similar tracking technologies (see Section 7 for details).

2.3 Information from Third Parties

• If you log in using Google, Facebook, or another OAuth provider, we receive basic profile information (name, email, profile picture) from that provider, subject to the permissions you grant.
• We may receive marketing analytics data from advertising partners such as Meta Ads and Google Ads.
• Delivery partners may share shipment status and delivery confirmation data with us.

3. How We Use Your Information

We use the personal information we collect for the following purposes:

3.1 Fulfilling Orders and Providing Services

• Processing and confirming your orders for personalised toy products.
• Using uploaded photos and customisation preferences to instruct our partner artisans and manufacturers.
• Arranging pick-up, packaging, and delivery of your orders through logistics partners.
• Sending order confirmation, dispatch notifications, and delivery updates via email and SMS

3.2 Account Management

• Creating and maintaining your Gesken account.
• Authenticating your identity when you log in.
• Allowing you to view your order history and manage saved addresses.

3.3 Payment Processing

• Initiating payment requests and reconciling transactions through authorised payment gateways.
• Processing refunds, partial credits, or replacements in line with our Return Policy.
• Maintaining financial records as required under applicable law.

3.4 Customer Support

• Responding to queries, complaints, and feedback submitted through any channel.
• Investigating and resolving order disputes, quality issues, or claims.

3.5 Platform Improvement and Personalization

• Analysing usage patterns to improve website navigation, product discovery, and the customisation experience.
• Personalising product recommendations, offers, and homepage content based on your browsing and purchase history.
• Conducting A/B testing and user research to enhance our platform features.

3.6 Marketing and Communications

• Sending promotional emails, SMS messages, and push notifications about new products, seasonal offers, or discounts — but only where you have provided consent or where we have a legitimate interest to do so.
• Retargeting campaigns through Google Ads, Meta Ads, and similar platforms.
• You may opt out of marketing communications at any time (see Section 10).

3.7 Legal and Compliance Obligations

• Complying with applicable laws, regulations, and court orders, including tax obligations under the Goods and Services Tax (GST) Act and the Income Tax Act.
• Detecting, investigating, and preventing fraud, unauthorised access, and other illegal activities.
• Enforcing our Terms of Service and other agreements

4. Legal Basis for Processing

Gesken processes personal data on the following legal grounds under applicable Indian and international privacy frameworks, including the Digital Personal Data Protection Act, 2023 (DPDPA):

• Contractual necessity: Processing required to fulfil an order or provide a service you have requested.
• Consent: Where you have expressly agreed to a specific use of your data (e.g., marketing communications or upload of photographs for customisation).
• Legitimate interests: Where our use of data is necessary for our legitimate business interests, such as fraud prevention, platform security, and improving our services, provided these interests are not overridden by your rights.
• Legal obligation: Where processing is required to comply with a legal or regulatory requirement.

5. Sharing and Disclosure of Your Information

We do not sell, rent, or trade your personal information to third parties for their own marketing purposes. We may share your information with the following categories of recipients only to the extent necessary:

5.1 Vendor and Manufacturer Partners

To fulfil customisation orders, we share relevant order details — including uploaded photos, customisation preferences, and recipient information — with our network of artisans and manufacturing partners. These partners are contractually bound to use your data solely for order fulfilment and to maintain appropriate data security standards.

5.2 Logistics and Delivery Partners

We share the recipient’s name, address, and contact number with logistics partners (such as Delhivery, Shiprocket, or India Post) for the purpose of shipping and delivering your order.

5.3 Payment Processors

Payment data is transmitted securely to our payment gateway partners (including Razorpay) to process transactions. These partners comply with PCI-DSS standards and their own privacy policies.

5.4 Technology and Service Providers

We engage third-party service providers to support our platform operations, including cloud hosting (e.g., AWS, Google Cloud), email delivery (e.g., SendGrid), SMS services, customer support tools, and analytics platforms. These providers process data only on our behalf and are bound by data processing agreements.

5.5 Legal and Regulatory Bodies

We may disclose your information to government authorities, law enforcement agencies, or courts when required by applicable law, a court order, or to protect the rights, safety, and property of Gesken, our users, or the public.

5.6 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of all or part of our business, your personal information may be transferred to the successor entity. We will notify you via email or a prominent notice on our platform before your data is transferred and becomes subject to a different privacy policy.

6. Data Retention

We retain your personal information for as long as is necessary to fulfil the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. The key retention periods are:

• Account data: Retained for the duration of your account and for 3 years after account closure, unless earlier deletion is requested.
• Order and transaction data: Retained for 7 years as required under the GST Act and other financial regulations.
• Photos and customisation files: Retained for 12 months after order completion to support reprints or replacements, after which they are permanently deleted.
• Customer support communications: Retained for 2 years after resolution.
• Marketing consent records: Retained for the duration of your consent and for 1 year thereafter.
• Server and access logs: Retained for 90 days for security purposes.

When personal data is no longer required, we securely delete or anonymise it in accordance with our data destruction procedures.

7. Cookies and Tracking Technologies

Gesken uses cookies and similar tracking technologies to enhance your experience and analyse platform usage. The types of cookies we use include:

7.1 Essential Cookies

These are strictly necessary for the platform to function. They enable core features such as user authentication, shopping cart management, and secure checkout. You cannot opt out of these cookies without impairing platform functionality.

7.2 Analytics Cookies

We use tools such as Google Analytics to collect aggregated data about how visitors interact with our website. This helps us understand usage patterns and improve the platform. The data collected is anonymised where possible.

7.3 Marketing and Advertising Cookies

These cookies are placed by advertising partners (including Meta Pixel and Google Ads) to deliver targeted advertisements on other platforms based on your activity on Gesken. They also help us measure the effectiveness of our advertising campaigns.

7.4 Preference Cookies

These remember your settings and preferences (such as language, currency, and customisation defaults) to provide a more personalised experience on return visits.

7.5 Managing Cookies

You can manage cookie preferences through our cookie consent banner when you first visit the platform. You may also adjust cookie settings in your browser. Please note that disabling certain cookies may affect the functionality of the Gesken platform.

8. Children’s Privacy

Gesken’s products — including personalised bobbleheads, standees, and sticker sets — are designed as gifts for children. However, our platform and services are intended to be used by adults (persons aged 18 years or older). We do not knowingly collect personal information directly from children under the age of 18.

When a customer uploads photographs of a child for customisation purposes, such photos are collected from the adult customer with their consent. These photos are used solely to produce the personalised product and are deleted from our systems 12 months after order completion. If you believe that we have inadvertently collected personal information directly from a child under 18 without appropriate consent, please contact us immediately at privacy@gesken.com, and we will take prompt steps to delete such information.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, disclosure, alteration, or destruction. Our security measures include:

• Encryption of data in transit using TLS (Transport Layer Security) protocols.
• Encryption of sensitive data at rest, including payment tokens and uploaded images.
• Role-based access controls ensuring only authorised personnel can access personal data.
• Regular security audits, penetration testing, and vulnerability assessments.
• Secure cloud infrastructure hosted with reputable providers compliant with ISO 27001 and SOC 2 standards.
• Staff training on data protection and privacy best practices.

While we take every reasonable precaution to safeguard your information, no method of transmission over the internet or electronic storage is 100% secure. In the event of a data breach that is likely to result in a high risk to your rights, we will notify you and the appropriate regulatory authorities in accordance with applicable law.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

• Post the updated Privacy Policy on this page with a revised effective date.
• Send you an email notification if you have a registered account.
• Display a prominent banner or notice on our website for a period of at least 30 days after the change.

Your continued use of the Gesken platform after the effective date of a revised Privacy Policy constitutes your acceptance of the changes. If you do not agree with the updated policy, please discontinue use of our services and contact us to close your account.

11. Governing Law and Jurisdiction

This Privacy Policy is governed by and construed in accordance with the laws of India, including but not limited to the Information Technology Act, 2000, the Digital Personal Data Protection Act, 2023, and any rules or regulations made thereunder. Any disputes arising under this Privacy Policy shall be subject to the exclusive jurisdiction of the courts in [Noida, Uttar Pradesh — India].