Privacy Policy

1. Introduction and Scope

This Privacy Policy is formulated in accordance with applicable data protection regulations, including but not limited to the Digital Personal Data Protection (DPDP) Act, general global privacy principles, and industry-standard best practices for the logistics, courier, and transportation sectors. This policy applies to all individuals, corporate clients, franchise owners, vendors, and third-party associates who interact with Gatiraja Express through our websites, mobile applications, tracking portals, physical branches, customer support channels, and direct delivery interactions.

By utilizing our services—whether by booking a shipment, visiting our website, signing a corporate logistics contract, or receiving a package delivered by our network—you acknowledge that you have read, understood, and agreed to the data practices described in this extensive policy document. If you are providing data on behalf of a third party (such as entering the details of a consignee or receiver), you confirm that you have obtained their explicit consent to share their personal information with us for the purpose of fulfilling the logistics service.

2. Comprehensive Information Collection

The nature of the courier and logistics business inherently requires the collection of specific data points to ensure that goods are transported accurately, efficiently, and legally from the point of origin to the final destination. We collect information through various touchpoints, categorised as follows:

2.1 Information Provided Directly by You

• Sender (Consignor) Details: Full legal name, corporate entity name (if applicable), complete physical pickup address including postal codes, primary and secondary contact numbers, email addresses, and tax identification numbers (such as GSTIN) required for billing and regulatory compliance.
• Receiver (Consignee) Details: Full name, delivery address, contact numbers, and email addresses. This is strictly required to route the package, attempt delivery, and communicate delivery statuses or exceptions to the recipient.
• Shipment Specifics: Detailed descriptions of the goods being transported, declared monetary value for insurance and customs purposes, package weight, volumetric dimensions, handling instructions (e.g., fragile, hazardous, temperature-controlled), and specialized Waybill or Air Waybill (AWB) numbers. Please note: While we record the declared description of goods, we do not arbitrarily inspect the physical contents of your packages unless mandated by law enforcement, aviation security regulations, or internal safety compliance audits triggered by suspicious package profiles.
• Financial and Billing Information: Bank account details, credit/debit card information, UPI IDs, billing addresses, and payment transaction histories. For our corporate clients utilizing our Cash on Delivery (COD) services, we collect extensive financial remittance data to ensure collected funds are transferred accurately and promptly.
• Customer Support Interactions: Audio recordings of calls made to our customer service centers, chat transcripts, email correspondence, and grievance reports. This data is collected for quality assurance, training purposes, and dispute resolution.

2.2 Information Collected Automatically

• Digital Footprint and Device Data: When you access our tracking portal, website, or mobile application, we automatically collect your IP address, browser type and version, operating system, device identifiers, time zone setting, and network information.
• Usage Analytics: Information about how you interact with our digital platforms, including the pages you visit, the tracking numbers you query, the duration of your visit, and the navigation paths you take. This helps us optimize our user interface and improve the digital customer experience.
• Location Data: With your explicit permission on our mobile applications, we may collect precise geolocation data to help you find the nearest Gatiraja Express drop-off location or franchise. For our delivery personnel and fleet vehicles, continuous GPS tracking is employed to monitor shipment progress, ensure driver safety, and provide real-time ETA updates to customers.

2.3 Information from Third Parties

We may receive information about you from external sources, such as our franchise partners, e-commerce marketplaces (where you made a purchase and Gatiraja Express is the designated delivery partner), identity verification services, and credit reference agencies (for corporate credit account approvals).

3. Purpose and Legal Basis for Processing

We do not collect data arbitrarily. Every piece of information we gather serves a specific, legitimate business purpose aligned with the execution of our logistics contracts and regulatory obligations. The legal bases for processing your data include:

• Performance of a Contract: The primary reason we process sender, receiver, and shipment data is to fulfill the courier or freight contract. Without this data, we cannot pickup, route, or deliver your goods.
• Legal and Regulatory Compliance: The transportation industry is heavily regulated. We process data to comply with tax laws (e.g., generating GST invoices), interstate transport regulations (e.g., E-Way bills), aviation security mandates, and customs documentation for international freight.
• Legitimate Business Interests: We process data to prevent fraud, optimize our delivery routes, enhance our cybersecurity posture, conduct internal audits, and improve our overall service offerings.
• Consent: Where required by law, we rely on your explicit consent for specific activities, such as sending promotional marketing communications or collecting precise geolocation data from your personal mobile device.

Detailed Usage Scenarios

Specifically, we use your information to:

• Generate tracking numbers (AWBs), shipping labels, and internal routing manifests.
• Dispatch couriers for pickup and assign the most efficient delivery routes to our last-mile agents.
• Send automated SMS, WhatsApp, and email notifications regarding package status (e.g., "Out for Delivery", "Delivered", "Delivery Exception").
• Capture and record Proof of Delivery (POD), which may include digital signatures, receiver names, and photographic evidence of package placement.
• Calculate shipping tariffs, process secure payments, and manage complex billing cycles for B2B corporate accounts.
• Investigate and resolve claims related to lost, damaged, or delayed shipments.
• Conduct statistical analysis to predict network bottlenecks, optimize fleet deployment, and plan capacity for peak seasons (like festival sales or holiday rushes).

4. Data Sharing and Third-Party Disclosures

Gatiraja Express operates a vast, interconnected network. To successfully deliver a package from one corner of the country to another, collaboration with trusted partners is essential. We strictly limit data sharing to what is absolutely necessary. We do not sell, rent, or trade your personal or business shipping data to third-party marketing agencies under any circumstances.

We may share your data with:

• Franchise Operators and Associate Couriers: Our network relies on localized franchise owners and independent delivery agents. They are granted access only to the specific manifest data required to execute pickups and deliveries within their designated pin codes. They are bound by strict confidentiality agreements.
• Airlines, Railways, and Line-Haul Partners: When your shipment travels via air freight, train cargo, or long-distance surface transport operated by external logistics partners, we must share the physical package (which bears the shipping label containing sender/receiver details) and associated electronic waybill data to facilitate transit.
• Technology and Infrastructure Providers: We utilize secure third-party cloud hosting services, payment gateway processors, SMS/email communication APIs, and route optimization software. These processors act strictly on our behalf and are legally bound to protect your data.
• Customs, Tax, and Law Enforcement Authorities: We are legally obligated to disclose shipment details, invoices, and sender/receiver identities to government agencies, tax boards, customs officials, and law enforcement when formally requested via subpoenas, warrants, or mandatory regulatory reporting. This is critical for preventing the transport of contraband, illegal substances, and ensuring tax compliance.
• Business Transfers: In the event of a merger, acquisition, restructuring, or sale of assets, your data may be transferred to the acquiring entity, subject to the continuation of the privacy commitments outlined in this policy.

5. Data Security Protocols

The security of your data is a critical operational priority. We have implemented a robust, multi-layered security framework designed to protect against unauthorized access, alteration, disclosure, or destruction of personal and shipment data.

• Digital Security: All data transmitted between your browser/app and our servers is encrypted using industry-standard Transport Layer Security (TLS/SSL). Our core databases are housed in highly secure, enterprise-grade cloud environments equipped with advanced firewalls, intrusion detection systems, and automated threat monitoring.
• Access Control: Access to sensitive customer data and central manifest systems is strictly governed by the principle of least privilege (PoLP). Employees, franchise owners, and delivery staff are granted access only to the specific data sets required to perform their immediate duties. All system access is logged and routinely audited.
• Physical Security: Physical waybills, invoices, and printed manifests containing personal data are stored in secure facilities. We enforce strict protocols for the secure shredding and disposal of physical documents once their mandatory retention period expires. Our warehouses and sorting hubs are monitored by 24/7 CCTV surveillance to protect both the physical packages and the attached data labels.

While we utilize state-of-the-art security measures, no system connected to the internet can be guaranteed to be 100% secure. We cannot warrant the absolute security of any information you transmit to us, and you do so at your own risk.

6. Data Retention Policies

We do not retain your data indefinitely. We keep your personal and shipment information only for as long as it is necessary to fulfill the purposes outlined in this Privacy Policy, or as mandated by applicable laws.

• Active Shipments: Data is readily available and actively processed while a shipment is in transit and until successful delivery and POD capture.
• Financial and Tax Records: Invoices, billing details, and associated shipment records (including sender/receiver data tied to the invoice) are retained for a minimum of 7 to 10 years, as mandated by national taxation laws, accounting standards, and corporate governance requirements.
• Claims and Disputes: Data related to delayed, lost, or damaged shipments, including customer support correspondence, may be retained longer until the claim is fully resolved or the statute of limitations for legal action expires.
• Account Data: If you maintain a corporate or retail user account on our portal, your account data is retained as long as the account is active. Upon account closure, data is securely archived or deleted, subject to the aforementioned legal retention requirements.

7. Your Privacy Rights and Choices

Depending on your jurisdiction, you are entitled to specific rights regarding your personal data. We are committed to facilitating these rights within the constraints of our legal obligations as a logistics provider.

• Right to Access: You have the right to request a copy of the personal data we hold about you.
• Right to Rectification: You can request corrections to inaccurate or incomplete data. Please note that changing a delivery address while a package is in transit may incur additional rerouting charges.
• Right to Erasure (Right to be Forgotten): You may request the deletion of your data. However, please be aware that we cannot delete data that we are legally required to retain for tax, accounting, or transport regulatory compliance (e.g., historical waybills).
• Right to Restrict Processing: You can ask us to pause the processing of your data under certain circumstances, such as during a dispute over data accuracy.
• Opting Out of Communications: You can opt out of receiving promotional marketing emails or SMS at any time by following the "unsubscribe" instructions in those messages. However, you cannot opt out of essential service-related communications, such as tracking updates, OTPs for secure delivery, or billing notices.

8. Cookies and Tracking Technologies

Our website and tracking portals utilize cookies, web beacons, and similar tracking technologies to enhance your browsing experience, analyze site traffic, and understand user behavior.

• Essential Cookies: These are strictly necessary for the website to function properly, such as maintaining your login session on the corporate portal or securing your connection.
• Analytical/Performance Cookies: These allow us to recognize and count the number of visitors and see how visitors move around our website. This helps us improve the way our website works, for example, by ensuring that users easily find the tracking tools they need.
• Functionality Cookies: These are used to recognize you when you return to our website, enabling us to personalize content for you (e.g., remembering your language preference or recently tracked AWBs).

You can configure your web browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. However, if you disable or refuse cookies, please note that some parts of our online services may become inaccessible or not function properly.

9. Policy Updates and Contact Information

Changes to this Privacy Policy

The logistics industry and data protection laws are constantly evolving. As such, we reserve the right to update or modify this Privacy Policy at any time. Any changes will be posted on this page with an updated "Last Updated" date. We encourage you to review this policy periodically. For significant material changes that fundamentally alter how we handle your data, we may provide a more prominent notice on our website homepage or via email to our registered corporate clients.

Contact Our Grievance Officer

If you have any questions, concerns, or complaints regarding this Privacy Policy, our data practices, or if you wish to exercise any of your privacy rights, please contact our dedicated Privacy and Grievance Team: