nicsphere

PRIVACY POLICY

This Privacy Policy ("Policy") explains how Nicsphere Saakar LLP ("we," "us," "our," or the "Company"), a limited liability partnership registered in India engaged in the manufacture and supply of Nicotine USP liquid, collects, uses, stores and protects personal data obtained through our website at nicsphere.com and the associated B2B Buyer Portal (collectively, the "Platform").

This Policy is designed to comply with:

  • • The European Union General Data Protection Regulation (EU GDPR) - for users in the European Economic Area
  • • The California Consumer Privacy Act (CCPA) and Virginia Consumer Data Protection Act (VCDPA) - for users in the United States
  • • The Digital Personal Data Protection Act, 2023 (DPDP Act) - for users in India

By accessing our Platform, you acknowledge that you have read and understood this Policy. If you do not agree, please discontinue access immediately.

1. WHO WE ARE - DATA CONTROLLER
/ FIDUCIARY

Entity: Nicsphere Saakar LLP

Type: Limited Liability Partnership (LLP), India

Business: Manufacture and Supply of Nicotine USP Liquid

Platform: nicsphere.com

Email: info@nicsphere.com

Address: 18th Floor, A-1801-1802, Sankalp Square - 3, Sindhubhavan Road, Taj Skyline, Shilaj, Ahmedabad, Gujarat, 380059, India

For EU GDPR purposes, Nicsphere Saakar LLP acts as the Data Controller. For Indian DPDP Act purposes, we are the Data Fiduciary. For US users, we are the Business under applicable state privacy laws.

2. SCOPE OF THIS POLICY

This Policy applies to:

  • • Visitors to our public-facing website
  • • Registered B2B buyers accessing the Buyer Portal
  • • Any individual whose personal data is provided in the course of a business relationship with us

This Policy does not apply to our employees, contract workers, or to data processed purely in an employment context, which is governed by separate internal HR policies.

3. WHAT DATA WE COLLECT AND WHY

We collect only the minimum personal data necessary for our legitimate business operations. We do not collect sensitive personal data (e.g., health, biometric, or financial information beyond business transaction records). The table below summarises the data we collect:

Data Category
Business Contact Info (name, email, phone)
Company & GST Details
Purchase & Order History
Portal Usage Data (login logs, page views)
Correspondence Records
Purpose
Buyer portal access & communication
Regulatory compliance, invoicing
Order management, internal analytics
Security monitoring, internal analytics
Dispute resolution, audit trail
Legal Basis
Contract / Legitimate Interest
Legal Obligation
Contract / Legitimate Interest
Legitimate Interest
Legal Obligation / Legitimate Interest
Retention
Duration of business relationship + 3 years
7 years (statutory)
7 years (statutory)
12 months
7 years

All data collection is purposeful, minimal and directly tied to the operation of the Buyer Portal and our regulatory obligations as a manufacturer of Nicotine USP liquid.

4. HOW WE COLLECT DATA

We collect data through the following means:

  • • Registration and onboarding forms on the Buyer Portal
  • • Purchase orders and related transactional documents submitted by buyers
  • • Correspondence via email, phone, or in-person communication
  • • Automatically via server logs when you access the Platform (IP address, browser type, session timestamps - used for security and analytics only)
  • • KYC and compliance documentation required under applicable law

This Policy does not apply to our employees, contract workers, or to data processed purely in an employment context, which is governed by separate internal HR policies.

5. LEGAL BASIS FOR PROCESSING

We process personal data under the following legal bases:

Under EU GDPR (Article 6):

  • • Article 6 (1) (b) - Processing necessary for the performance of a contract (Buyer Portal access, order fulfilment)
  • • Article 6 (1) (c) - Processing necessary to comply with a legal obligation (GST, customs, export control laws)
  • • Article 6 (1) (f) - Processing for legitimate interests (internal analytics, platform security, fraud prevention)

Under Indian DPDP Act, 2023:

  • • Consent of the Data Principal where required
  • • Legitimate uses as defined under Section 7 of the DPDP Act (legal obligation, State functions, employment, public interest)

Under CCPA / US State Laws:

  • • We process data for business purposes as defined under applicable US privacy statutes. We do not sell personal information.

6. OUR CORE DATA COMMITMENT — NO SALE, NO THIRD-PARTY SHARING

Nicsphere Saakar LLP makes the following absolute commitments regarding your personal data:

We NEVER sell your personal data to any third party, ever.

We do NOT share your data with advertisers, data brokers or marketing firms.

Data is used exclusively for internal business operations and internal analytics.

Limited and controlled data access may be provided to:

  • • Our IT infrastructure providers and cloud hosting services (acting as data processors under a Data Processing Agreement)
  • • Statutory auditors, tax consultants or legal advisors under a strict duty of confidentiality
  • • Government authorities and regulatory bodies where required by applicable law (e.g., GST authorities, customs, export licensing bodies)

In each such case, access is strictly limited to what is necessary for the specific purpose and appropriate contractual safeguards are in place.

7. INTERNAL ANALYTICS

We use anonymised and aggregated usage data from the Buyer Portal for internal analytics purposes, including:

  • • Understanding platform usage patterns to improve user experience
  • • Monitoring portal performance and uptime
  • • Identifying and resolving technical issues
  • • Generating internal business intelligence reports

This analytics data is not linked back to individual users for profiling and is not shared with any external party.

8. DATA RETENTION

We retain personal data only for as long as necessary for the purpose for which it was collected, or as required by applicable law:

  • • Business contact and portal account data: Duration of the business relationship + 3 years after termination
  • • Transaction, order, and invoicing records: 7 years (as required by Indian statutory and tax law)
  • • Regulatory compliance and KYC documents: As mandated by applicable export control, drugs and excise regulations
  • • Server and access logs: 12 months, then automatically purged

Upon expiry of the applicable retention period, data is securely deleted or anonymised in accordance with our internal data disposal procedures.

9. INTERNATIONAL DATA TRANSFERS

Nicsphere Saakar LLP is headquartered in India. If you are accessing the Platform from the EU or the United States, your data may be transferred to and processed in India. We ensure such transfers comply with applicable law:

  • • For EU data: We rely on Standard Contractual Clauses (SCCs) as adopted by the European Commission, or other approved transfer mechanisms under Chapter V of the GDPR
  • • For US data: We implement appropriate contractual and organisational safeguards consistent with applicable US state privacy laws
  • • All international transfers occur under appropriate data processing agreements and security controls

10. YOUR RIGHTS

Depending on your jurisdiction, you have the following rights regarding your personal data:

EU / EEA Users (GDPR):

  • • Right of access (Article 15) - to obtain a copy of data we hold about you
  • • Right to rectification (Article 16) - to correct inaccurate data
  • • Right to erasure (Article 17) - to request deletion (subject to legal retention obligations)
  • • Right to restriction of processing (Article 18)
  • • Right to data portability (Article 20)
  • • Right to object (Article 21) - particularly to processing based on legitimate interests
  • • Right to lodge a complaint with your local supervisory authority

Indian Users (DPDP Act 2023):

  • • Right to access information about processing (Section 11)
  • • Right to correction and erasure (Section 12)
  • • Right to grievance redressal (Section 13)
  • • Right to nominate a nominee (Section 14)

California / US Users (CCPA/VCDPA):

  • • Right to know what personal information is collected
  • • Right to delete personal information
  • • Right to opt-out of sale - we do not sell data, so this right is inherently satisfied
  • • Right to non-discrimination for exercising privacy rights

To exercise any of these rights, please contact us at info@nicsphere.com. We will respond within 30 days (or shorter if required by applicable law). We may request verification of your identity before processing the request.

11. DATA SECURITY

Nicsphere Saakar LLP implements appropriate technical and organisational security measures to protect personal data against unauthorised access, loss, alteration, or disclosure, including:

  • • Encrypted data transmission (TLS/SSL) for the Buyer Portal
  • • Role-based access controls limiting internal access to data on a need-to-know basis
  • • Regular security assessments and vulnerability monitoring
  • • Secure cloud hosting infrastructure with reputable providers
  • • Internal data handling policies and staff awareness

No system is entirely immune from security threats. In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant regulatory authority within the timeframes required by applicable law.

12. COOKIES AND TRACKING

The Buyer Portal may use the following types of cookies:

  • • Strictly Necessary Cookies: Required for login sessions and portal functionality - cannot be disabled
  • • Analytics Cookies: Used for internal, anonymised usage analytics - no third-party tracking

We do not use advertising cookies, third-party tracking pixels or cross-site tracking. You may manage cookie preferences through your browser settings, though disabling strictly necessary cookies will prevent portal access.

13. CHILDREN’S DATA

The Platform is intended solely for B2B buyers who are business entities. We do not knowingly collect data from or about individuals under the age of 18. If you believe a minor has provided us with personal data, please contact us immediately and we will take prompt corrective action.

14. GRIEVANCE OFFICER (INDIA — DPDP ACT)

In accordance with the Digital Personal Data Protection Act, 2023, we have designated a Grievance Officer for India:

Name: Rishabh Chadha

Designation: Senior Manager

Email: info@nicsphere.com

Address: 18th Floor, A-1801-1802, Sankalp Square - 3, Sindhubhavan Road, Taj Skyline, Shilaj, Ahmedabad, Gujarat, 380059, India

Response Time: Within 30 days of receipt of complaint

15. CHANGES TO THIS POLICY

We may update this Privacy Policy from time to time to reflect changes in law, our practices, or our Services. We will post the revised Policy on the Platform with an updated effective date. Material changes will be communicated to registered Buyer Portal users via email. Continued use of the Platform after such changes constitutes acceptance of the revised Policy.

16. CONTACT & DATA PROTECTION INQUIRIES

For any privacy-related queries, access requests, or concerns:

Company: Nicsphere Saakar LLP

Website: nicsphere.com

Email: info@nicsphere.com

Address: 18th Floor, A-1801-1802, Sankalp Square - 3, Sindhubhavan Road, Taj Skyline, Shilaj, Ahmedabad, Gujarat, 380059, India