Policy Version: 1.0
Last Reviewed On: 08.02.2026
Next Scheduled Review: February 2027
Privacy Policy
Earth & Mars
Issued by Proxima Centauri Global Fashion Private Limited
Effective Date: 08.02.2026
Registered office: Plot No 95 Khasra No 577 Bataha Saboli Vikas Nagar, Vikas Nagar, Lucknow, Lucknow, Uttar Pradesh 226022, India
Data Protection / Grievance Officer: info@earthmars.us .
Proxima Centauri Global Fashion Private Limited (the “Company”, “we”, “us”, or “our”), operating under the brand name Earth & Mars, acts as the Data Fiduciary / Data Controller in relation to your Personal Data.
This Privacy Policy applies exclusively to information collected through our website, digital platforms, retail stores, and customer interaction channels operated under the Earth & Mars brand (the “Site”). By accessing or using the Site, you acknowledge that you have read, understood, and agreed to the practices described herein. To ensure compliance with applicable data protection laws, the Company has appointed a Data Protection & Grievance Officer. Queries or requests relating to Personal Data may be addressed to: info@earthmars.us .
1. Introduction
This Privacy Policy explains how the Company collects, uses, stores, shares, and protects personal data in the course of operating the Earth & Mars brand. The Policy applies whenever you visit our online store, purchase products online or offline, interact with our marketing channels, enrol in promotional programs, contact customer support, or otherwise engage with our services. We reserve the right to amend this Policy at any time in accordance with prevailing data protection legislation. Where amendments occur, appropriate notice will be provided.
2. Legal Framework & Applicability
Personal data is processed in accordance with the Digital Personal Data Protection Act, 2023 (India), applicable Indian consumer, tax, and ecommerce laws, and internationally recognised data protection principles including GDPR, UK GDPR, and CCPA frameworks where applicable. This Policy applies to personal data processed within India and, where relevant, to customers located in jurisdictions where Earth & Mars offers goods or services. This Policy forms part of the Company’s overall data protection and information security governance framework.
2A. Privacy Governance & Accountability
The Company maintains an internal Privacy Governance Framework comprising designated roles, documented policies, periodic risk assessments, vendor reviews, and management oversight to ensure continuous compliance with applicable data protection laws. Privacy compliance is reviewed at periodic intervals by senior management and documented as part of the Company’s governance records. The Company conducts periodic internal audits and management reviews of privacy controls as part of its governance and compliance program. The Company maintains documented evidence of privacy compliance activities including Records of Processing Activities (ROPA), Legitimate Interest Assessments (LIA), Data Protection Impact Assessments (DPIA), vendor due-diligence records, training logs, audit findings, and incident response records. Such documentation is retained as part of the Company’s compliance evidence framework and may be produced to supervisory authorities upon lawful request. Privacy governance responsibilities are formally assigned and recorded within the Company’s organisational structure.
3. Definitions
“Personal Data” refers to information that identifies or can reasonably identify an individual.
“Processing” refers to any operation performed on personal data.
“Data Fiduciary” refers to Proxima Centauri Global Fashion Private Limited.
“Data Principal” refers to the individual whose personal data is processed.
4. Categories Of Personal Data Collected
4.1 Core Categories
- Identity & Account Data: full name; username; salted & encrypted password; optional DOB/age and gender where voluntarily provided.
- Contact Data: email address; mobile telephone number; shipping and billing addresses; alternate delivery contacts.
- Transaction & Order Data: product(s) purchased; order value; invoice and tax particulars; delivery status; returns and refund records.
- Payment Data: payment instrument identifier and transaction reference (processed via PCI-DSS-compliant providers; no storage of full card number, CVV, or PIN).
- Marketing & Preference Data: marketing opt-ins/opt-outs; newsletter subscriptions; communication channel preferences; loyalty or referral programme participation.
- Technical & Device Data: IP address; device identifiers; browser and operating system; pages visited; session timestamps; cookies and pixel data.
- Customer Support Data: recorded chats, emails, telephony logs (where recorded for quality/training); complaint and resolution history.
- Special Categories & Children: sensitive categories are collected only where expressly required and with lawful bases; services are not targeted at minors and children’s Personal Data is processed only with verifiable parental consent where applicable.
4.2 Rationale
The Company collects categories of Personal Data that are necessary and proportionate to deliver the Platform’s features: order fulfilment, secure payments, delivery logistics, customer service, marketing (where consent exists), personalisation, and legal compliance. Limiting collection to purpose-driven categories reduces privacy risk and complies with data minimisation obligations.
4.3 Data Minimisation & Purpose Limitation
The Company adheres to the principles of data minimisation and purpose limitation. Personal Data collected is strictly limited to what is directly relevant and necessary for specified, explicit, and lawful purposes described in this Policy. Personal Data shall not be further processed in a manner incompatible with those purposes unless required or authorised by law or with fresh consent of the Data Principal. Where Personal Data is required for order processing, account creation, or legal compliance, failure to provide such data may result in the inability of the Company to provide certain services or complete transactions.
5. Methods Of Collection
5.1 Direct Provision
Data Principals provide data when registering accounts, placing orders, subscribing to communications, participating in promotions, or contacting support. Users may browse the Platform without creating an account; however, certain features require registration
5.2 Automated & Passive Collection
Technical data is collected via cookies, web beacons, pixels, SDKs, server logs, and analytics tools to enable functionality, security, performance measurement, and fraud detection
5.3 Third-Party Sources
Authorised third parties such as payment gateways, logistics partners, marketing platforms, social login providers, or marketplaces may share data with the Company under contractual safeguards. Such third-party sources may provide identity confirmation data, payment status, delivery updates, marketing attribution data, or authentication information necessary for order fulfilment, fraud prevention, and account security.
5.4 Rationale
Combining direct and automated collection ensures a seamless customer experience: accurate order processing, fraud prevention, relevant communications, and continuous product and service improvement. Third-party data is only accepted where appropriate contractual and technical safeguards exist.
6. Purpose & Lawful Basis Of Processing
6.1 Purposes
Lawful Basis Mapping Table
Purpose | Lawful Basis | Data Category |
Order fulfilment & delivery | Performance of Contract | Identity, Contact, Transaction |
Fraud prevention & risk management | Legitimate Interest | Technical, Transaction |
Account authentication & support | Contract / Legitimate Interest | Identity, Contact |
Marketing communications | Consent / Legitimate Interest | Contact, Preference |
Personalisation & analytics | Legitimate Interest | Technical, Preference |
Legal, tax & compliance | Legal Obligation | Identity, Transaction |
- Order fulfilment & delivery – processing orders, payment reconciliation, shipment tracking.
- Payment, fraud prevention & risk management – anti-fraud checks, chargeback handling, dispute resolution.
- Account support & authentication – password reset, identity verification for sensitive requests.
- Customer service & quality assurance – servicing enquiries and improving support through recordings and notes.
- Marketing & communications – promotional messages, product recommendations (where consented or under legitimate interest with opt-out).
- Personalisation & analytics – product recommendations, A/B testing, behavioural analytics to improve the Platform.
- Legal, tax & compliance – record-keeping, statutory reporting, regulatory enquiries.
6.2 Lawful Bases
Processing is performed on one or more lawful bases including: performance of a contract, legal obligations, your consent, and the Company’s legitimate interests (e.g., fraud prevention, platform security), balanced against Data Principal rights. Where processing is based on legitimate interests, the Company conducts and documents a Legitimate Interest Assessment (LIA) to ensure that such interests are not overridden by the rights and freedoms of the Data Principal.
6.3 Rationale
Each processing purpose is mapped to a lawful basis to ensure legal compliance. Where legitimate interests are relied upon, the Company documents balancing tests and provides clear opt-out mechanisms for non-essential processing. Where processing activities are likely to result in high risk to the rights and freedoms of individuals, the Company undertakes and documents Data Protection Impact Assessments (DPIA) prior to implementation. Significant system changes, new technologies, or new categories of processing undergo privacy review as part of the Company’s change management process.
6.4 No Sale of Personal Data / No Harmful Profiling
The Company does not sell Personal Data and does not engage in profiling or automated decision-making that produces legal or similarly significant effects on individuals. The Company may use automated tools to detect fraudulent transactions or security anomalies; however, such tools do not independently make decisions producing legal or similarly significant effects without human review. The Company does not undertake profiling based on sensitive personal data or use such data for behavioural advertising. The Company does not use artificial intelligence, machine learning models, or automated profiling tools to make decisions that materially affect individuals.
The Company maintains internal Records of Processing Activities (ROPA) documenting categories of processing, purposes, recipients, retention, and safeguards, in accordance with applicable data protection laws. Such records are maintained in a manner capable of being produced to regulators or supervisory authorities upon lawful request. In the event any automated processing or profiling is introduced in the future, Data Principals shall have the right to request human review of such decisions.
7. Cookies & Tracking Technologies
7.1 Overview
We use cookies and similar technologies for essential functionality (session management, cart), analytics (traffic and performance), and marketing (retargeting and attribution). Example retention periods: session cookies expire upon browser close; analytics cookies may persist for up to 24 months; marketing cookies may persist for up to 12 months unless consent is withdrawn earlier. Cookies are retained for varying durations depending on their function, after which they expire or are automatically deleted.
7.2 Consent & Controls
Non-essential cookies activate only after explicit consent where required. Users may manage preferences via the cookie banner or their browser settings.
7.3 Rationale
Cookies enable critical features (shopping cart persistence, secure login) and measurable improvements to the user experience. Transparent consent practices align with regulatory expectations on prior consent for marketing cookies.
7.4 Fair Consent Practices
The Company does not employ dark patterns, forced consent, or misleading interfaces in obtaining user consent.
8. Disclosure, Sharing & Third Parties
8.1 Service Providers
We share Personal Data with processors who perform services on our behalf (payment processors, couriers, cloud hosting, CRM platforms). All processors are contractually bound to process data only on our instructions and to implement reasonable security measures. Prior to onboarding any processor, the Company undertakes reasonable due diligence including assessment of security posture, data protection practices, and contractual assurances. Processors are subject to periodic review and audit rights where appropriate. All processors are bound by written Data Processing Agreements (DPA) incorporating confidentiality obligations, security controls, audit rights, breach notification duties, and restrictions on sub-processing. Processors may not appoint sub-processors without prior written authorization from the Company and equivalent contractual safeguards. The Company maintains an internal register of all processors and sub-processors engaged in Personal Data processing, including the nature of services provided, data categories involved, locations of processing, and applicable safeguards. Processors are contractually obligated to notify the Company without undue delay upon becoming aware of any Personal Data breach and to cooperate in incident investigation and remediation. Information regarding categories of processors, sub-processors, and their processing locations may be provided to Data Principals upon reasonable request.
8.2 Affiliates & Group Companies
Where necessary for business operations, Personal Data may be shared with affiliates under strict safeguards.
8.3 Legal & Regulatory Disclosures
We may disclose Personal Data to comply with legal process, defend legal claims, or to protect rights, property or safety. The Company evaluates the legality, necessity, and proportionality of any government or law-enforcement data request before disclosure and maintains a record of such requests where legally permitted.
8.4 Business Transfers
In a merger, acquisition, or reorganisation, Personal Data may be transferred to the successor entity under confidentiality obligations. Any successor entity shall be bound by privacy obligations materially consistent with this Policy.
8.5 Rationale
Sharing is narrowly tailored to necessary operational partners and legally mandated recipients. Contractual controls and vendor due diligence reduce third-party privacy risks.
8.6 In certain integrations (e.g., marketplaces, payment gateways, logistics platforms)
The Company and the third party may act as independent Data Controllers. In such cases, respective privacy policies govern processing under their control. The Company is not responsible for processing activities carried out independently by such third parties beyond the scope of the integration.
8.7 integrations involving marketplaces
In integrations involving marketplaces, logistics providers, and payment gateways, the Company and such entities may independently determine the purposes and means of processing. In such cases, each party acts as an independent Data Controller for its respective processing activities.
9. International Data Transfers
9.1 Cross-border Transfers
Personal Data is primarily stored in India. Transfers to jurisdictions outside India may occur for hosting, processing, analytics, or vendor services.
9.2 Safeguards
Cross-border transfers are subject to appropriate safeguards: standard contractual clauses, data transfer agreements, and selection of providers that implement recognized protection measures.
9.3 Rationale
International transfers enable global infrastructure resilience and business continuity. The Company implements contractual and technical safeguards to ensure equivalent protection levels and compliance with local transfer rules.
10. Data Retention
10.1 Retention Principles
Personal Data is retained only for as long as necessary to fulfil the purpose for which it was collected, to satisfy legal obligations (e.g., tax, accounting), or to defend legal claims. Retention periods may be extended where required for ongoing investigations, legal claims, regulatory inquiries, or enforcement of contractual rights.
Upon expiry of retention periods, Personal Data is securely deleted, anonymised, or irreversibly destroyed using documented procedures. The Company maintains a detailed internal data retention schedule mapping data categories to retention periods and deletion protocols, reviewed periodically as part of governance controls. Retention periods are calculated from the date of last customer interaction, account closure, or completion of statutory or legal obligation, whichever is later.
10.2 Examples
- Transactional records and tax documentation: retained as required by law.
- Account data: retained while the account is active and for a reasonable period thereafter.
- Marketing data: retained until consent is withdrawn or the account is closed.
10.3 Rationale
A principled retention schedule minimises risk and supports compliance with statutory record-keeping obligations while respecting the data minimisation mandate.
10.4 Data Accuracy
The Company takes reasonable steps to ensure Personal Data is accurate, complete, and kept up to date. Data Principals are encouraged to promptly update their information through their account or by contacting the Company.
11. Security Measures & Breach Notification
11.1 Security Measures
We employ administrative, technical and physical safeguards including access controls, firewalls, encryption in transit and at rest, regular vulnerability assessments and vendor security reviews. Security controls include role-based access control (RBAC), multi-factor authentication for administrative access, encryption key management practices, logging and monitoring, and incident response protocols aligned with industry standards such as ISO 27001 and SOC 2 principles. Systems processing Personal Data maintain audit logs and access trails to enable monitoring, forensic review, and accountability. Employees and authorised personnel handling Personal Data are subject to confidentiality obligations and periodic privacy and security training. Where feasible, the Company employs anonymisation and pseudonymisation techniques to reduce identification risk. Personal Data is included within encrypted backups and disaster recovery systems designed to ensure availability and resilience of processing systems. Access to Personal Data is granted strictly on a need-to-know and least-privilege basis. All employees and contractors are bound by confidentiality and data protection obligations through written agreements. Access logs and security events are subject to periodic review to detect anomalies, unauthorised access, or policy violations. Employees and relevant personnel undergo periodic privacy and data protection training appropriate to their roles, and attendance is documented. Security controls are subject to periodic testing, vulnerability assessments, and where appropriate, independent security reviews to validate their effectiveness.
11.2 Breach Notification
In the event of a security incident affecting Personal Data, the Company will comply with its legal obligations to notify affected individuals and regulators within the timelines mandated by applicable law and will provide recommended remedial steps. The Company maintains an internal Personal Data Breach Register documenting incidents, risk assessments, remedial actions taken, and notification decisions as part of its accountability obligations.
11.3 Rationale
Layered security and timely notifications reduce harm to Data Principals and satisfy regulatory incident response expectations.
11.4 Privacy by Design and Privacy
The Company follows principles of Privacy by Design and Privacy by Default in the development and deployment of systems, platforms, and processes that involve Personal Data.
12. Rights Of Data Principals
12.1 Enumerated Rights
Subject to verification and legal limitations, Data Principals may exercise rights including access, rectification, erasure, restriction, portability, objection, and withdrawal of consent. Withdrawal of consent shall not affect the lawfulness of processing carried out prior to such withdrawal. Where data portability applies, Personal Data will be provided in a structured, commonly used, and machine-readable format. Withdrawal of consent shall be as simple and accessible as the mechanism used to provide consent.
12.2 Request Handling
Requests must be submitted to the Privacy Officer and will be processed within statutory timelines. The Company may require identity verification and refuse manifestly unfounded or excessive requests. The Company implements verification procedures proportionate to the sensitivity of the request to prevent unauthorised access or deletion of Personal Data. The Company applies risk-based identity verification measures proportionate to the nature of the request, including email verification, OTP validation, order history confirmation, or government-issued ID where strictly necessary. The Company maintains a documented register of Data Principal / Data Subject requests, actions taken, timelines, and outcomes to demonstrate compliance with statutory response obligations. Verification measures are designed to be proportionate and not excessive, ensuring security without creating undue barriers to the exercise of Data Principal rights.
12.3 Rationale
Structured and secure request handling ensures exercise of rights while preventing abuse and protecting third-party privacy.
13. California Privacy Rights (CCPA / CPRA)
13.1 Applicability
To the extent applicable, California residents are afforded CCPA/CPRA rights including the right to know, delete, and non-discrimination. The Company will honour verifiable consumer requests in accordance with applicable requirements.
13.2 “Shine the Light / Palm Springs” Disclosures
California residents may request disclosures regarding sharing of data for direct marketing purposes by contacting privacy@earthmars.us with subject line “Palm Springs”.
13.3 Rationale
Explicit procedures and dedicated contact ensure compliance with US state-level privacy obligations and provide clear recourse for affected consumers.
Marketing Communications, Whatsapp & TRAI/DLT Compliance
14.1 Consent & Channels
Marketing communications (email, SMS, WhatsApp) are sent only where Data Principals have provided explicit consent or where legitimate interest applies and an opt-out is provided. The Company maintains verifiable records of consent, including timestamp, method of capture, and notice presented at the time of consent.
14.2 WhatsApp & TRAI/DLT
Promotional messages sent over WhatsApp or SMS are registered on the TRAI DLT platform, mapped to approved templates and sender IDs, and comply with TRAI TCCCPR requirements in India.
14.3 Opt-out
Recipients may opt out via in-message instructions (e.g., reply STOP), account preferences, or by contacting info@earthmars.us .
14.4 Rationale
Combining consent management, regulatory DLT registration, and clear opt-out mechanisms ensures lawful and non-intrusive customer communication.
15. Children’s Privacy
The Platform is not directed at children. Where children’s Personal Data is processed, verifiable parental consent will be obtained and the data retained and used only for lawful, specified purposes.
16. Third-Party Links
The Platform may contain links to third-party services. This Policy does not apply to external sites; users should review third-party privacy practices.
17. Amendments To This Policy
The Company may amend this Policy from time to time. Material changes will be notified by posting a revised Policy and, where required by law, by providing additional notice. The Company maintains version history of this Policy and records of prior versions as part of its compliance documentation. This Policy is reviewed at least annually and upon any significant change to processing activities, technology infrastructure, or applicable law. In the event of any inconsistency between operational practices and this Policy, this Policy shall prevail and the Company shall promptly align practices to this Policy.
18. Jurisdiction-Specific Compliance
This Policy is drafted to comply with Indian law (including DPDP Act, 2023). Where the Company provides services internationally, it will adopt additional measures to align with GDPR, UK GDPR, CCPA/CPRA and other applicable laws.
19. Grievance Redressal & Contact
Privacy / Grievance Officer Proxima Centauri Global Fashion Private Limited Email: info@earthmars.us .Address: Plot No 95 Khasra No 577 Bataha Saboli Vikas Nagar, Vikas Nagar, Lucknow, Lucknow, Uttar Pradesh 226022, India
Users may escalate unresolved queries to appropriate supervisory authorities as per their jurisdiction. The Company shall acknowledge grievances within 48 hours and endeavour to resolve them within 15 business days. In the event of any conflict between this Policy and jurisdiction-specific annexures, the annexure applicable to the Data Principal’s jurisdiction shall prevail. These timelines are aligned with obligations prescribed under applicable Indian data protection law. Data Principals in India retain the statutory right to escalate unresolved grievances to the Data Protection Board of India established under the Digital Personal Data Protection Act, 2023. Data Principals may also submit requests through in-account privacy controls available on the Platform, where applicable.
20. Authorized Signatory for Privacy Compliance
F.1 Lawful Processing & Notice
The Company processes Personal Data in accordance with the Digital Personal Data Protection Act, 2023 (“DPDP Act”) and applicable rules. This Policy serves as a notice to Data Principals describing the nature and purpose of processing, categories of Personal Data, rights available, and grievance mechanisms. Data Principals retain the right to approach the Data Protection Board of India established under the DPDP Act in case of unresolved grievances.
F.2 Consent & Legitimate Uses
Where required, the Company seeks free, specific, informed, and unambiguous consent. Processing may also occur for legitimate uses recognised under the DPDP Act, including prevention of fraud, network and information security, and compliance with legal obligations.
F.3 Data Principal Rights
Data Principals may exercise rights to access information, correction and erasure, grievance redressal, and nomination in accordance with the DPDP Act by contacting the Grievance Officer.
F.4 Grievance Redressal & Escalation
Grievances may be submitted to info@earthmars.us. If unresolved, Data Principals may escalate to the Data Protection Board of India as per law.
F.5 Cross-Border Transfers
Cross-border transfers, where undertaken, comply with any restrictions or notifications issued under the DPDP Act.
F.6 Children & Persons with Disability
Where processing involves children or persons with lawful guardians, verifiable consent of the parent/guardian will be obtained in accordance with statutory requirements.
Annex G: European Union / EEA — GDPR Addendum
G.1 Roles
For individuals located in the European Union / European Economic Area (EEA), the Company acts as a Data Controller for Personal Data processed via the Platform.
G.2 Lawful Bases (Article 6 GDPR)
Processing is based on one or more of: performance of a contract, compliance with legal obligations, consent, and legitimate interests pursued by the Company (e.g., fraud prevention, platform security), subject to balancing tests.
G.3 Data Subject Rights
EEA residents may exercise rights to access, rectification, erasure (“right to be forgotten”), restriction, objection, and data portability by contacting the Privacy Officer.
G.4 International Transfers (Chapter V GDPR)
Where Personal Data is transferred outside the EEA, the Company relies on appropriate safeguards such as Standard Contractual Clauses (SCCs) and vendor commitments to equivalent protection standards.
G.5 Supervisory Authority
Data Subjects may lodge complaints with their local supervisory authority if they believe their rights have been infringed.
G.6 Automated Decision-Making
The Company does not carry out solely automated decision-making that produces legal or similarly significant effects without human involvement.
G.7 EU / UK Representative
Where the Company offers goods or services to Data Subjects located in the European Union or United Kingdom, or monitors their behaviour within those territories, the Company shall designate a representative in accordance with Article 27 of the GDPR and UK GDPR. Such representative shall be appointed by written mandate to act on behalf of the Company with regard to its obligations under applicable data protection law and shall be authorised to be addressed by Data Subjects and supervisory authorities on all issues related to processing of Personal Data. Details of the appointed representative shall be made available to Data Subjects upon request.
Annex H: California — CCPA / CPRA Consumer Notice
H.1 Categories of Personal Information Collected
In the preceding 12 months, the Company may have collected identifiers, commercial information, internet activity, and inferences for the purposes described in this Policy.
H.2 Sources
Personal information is collected directly from consumers, automatically via website technologies, and from service providers (e.g., payment processors, delivery partners).
H.3 Business or Commercial Purposes
Order fulfilment, payment processing, customer service, marketing (where permitted), analytics, fraud prevention, and legal compliance.
H.4 Sharing & Selling
The Company does not sell Personal Information. Personal Information may be shared with service providers for business purposes under written contracts.
H.5 Consumer Rights
California residents have the right to know, delete, correct, and not be discriminated against for exercising their rights. Requests may be submitted to privacy@earthmars.us.
H.6 Sensitive Personal Information
The Company does not use or disclose Sensitive Personal Information for purposes other than those permitted under CPRA.
Annex I: Plain‑Language Privacy Summary (Customer‑Friendly)
Your privacy matters to us. Here’s the simple version:
- Earth & Mars collects only the information needed to process your orders, deliver products, improve your shopping experience, and communicate with you when you allow us to.
- We do not store your card details and we do not sell your data.
- Your data may be shared only with trusted partners like payment gateways and delivery companies to complete your order.
- You control marketing messages. You can unsubscribe or opt out anytime.
- We use cookies to make the website work smoothly and to understand how to improve it.
- Your data is protected with strong security measures and is kept only for as long as required by law or business need.
- You may contact us anytime to access, correct, or delete your information.
For questions about your data, email us at info@earthmars.us .
Annex J: Cookie Banner Text (Website Use)
Short Banner Version
We use cookies to ensure our website works properly, to improve your experience, and (with your permission) to show you relevant offers. You can manage your cookie preferences anytime. The Site currently does not respond to browser “Do Not Track” signals. Users may manage tracking preferences through cookie controls provided on the Site.
Expanded Preference Text
Earth & Mars uses essential cookies for secure login and shopping cart functions. With your consent, we also use analytics and marketing cookies to understand website usage and provide personalised offers. You may accept all cookies, reject non‑essential cookies, or customise your preferences.
Buttons Suggested: Accept All | Reject Non‑Essential | Manage Preferences
Annex K: Quick Q&A for Customer Support Teams
Q1. Does Earth & Mars sell customer data?
No. We never sell personal data. Data is shared only with trusted service providers to complete orders or where legally required.
Q2. Why do we ask for phone number and email?
To send order confirmations, delivery updates, and (only if consented) promotional messages.
Q3. Are card details stored?
No. All payments are processed through secure, PCI‑DSS compliant payment gateways. We never store card numbers, CVV, or PIN.
Q4. Why are cookies used?
Cookies keep the website working (cart, login), help us improve performance, and allow us to show relevant products when consent is given.
Q5. Can a customer ask to delete their data?
Yes. Customers can email info@earthmars.us . to request access, correction, or deletion of their personal data, subject to legal retention rules.
Q6. Why might customers still receive transactional messages after opting out?
Because order confirmations, delivery updates, and service messages are legally necessary and not promotional.
Q7. Is WhatsApp messaging legal?
Yes. Messages are sent only with consent and in compliance with WhatsApp policies and TRAI/DLT regulations.
Q8. What if a customer is concerned about privacy?
Direct them to the Privacy Policy and offer to escalate the query to the Privacy/Grievance Officer at info@earthmars.us
