Privacy Policy.

This Privacy Policy explains how Gemarix Worldwide Pvt Ltd ("Gemarix", "we", "us", or "our") collects, uses, stores, and shares personal information when you visit gemarix.com or do business with us.

We are a B2B natural stone exporter based in Udaipur, Rajasthan, India. Our customers are primarily architects, importers, stone yards, and distributors located outside India. We are committed to handling your data lawfully, fairly, and with care.

1. Who we are

Data Controller: Gemarix Worldwide Pvt Ltd
Registered office: Udaipur, Rajasthan, India
Privacy contact: gemarixind@gmail.com
WhatsApp Business: +91 99299 81573

For privacy questions, requests to access or delete your data, or any complaint, please reach us using the contact details above. We respond within five working days.

2. What information we collect

Information you give us directly

• Through the contact form: your name, company, email address, country, phone or WhatsApp number (optional), the type of inquiry, stones of interest, and the project description you write.
• Through email correspondence with us: anything you choose to share.
• If you become a customer: shipping address, GST or VAT number, banking details for payment, and any documents required for export documentation.

Information collected automatically

• Server logs: IP address, browser type, referring page, time of visit. Used to keep the website running and to detect abuse.
• Email engagement (if you receive marketing emails from us): whether you opened the email, whether you clicked links inside it, your approximate location based on IP at the time. This is collected through tracking pixels and link wrappers.
• Cookies: see our Cookie Policy.

Information from third parties

• Trade exhibitions: if we collected your business card at an exhibition (for example INDEX Dubai, Marmomac Verona, or similar), we record the event name and the date as the source of consent.
• Public business directories: occasionally, we may contact distributors whose business contact details are publicly listed. We always disclose how we got your details in our first email and offer a clear unsubscribe.

3. Why we collect it, and the legal basis

To respond to your inquiry. When you submit the contact form or email us, we use your information to reply. Legal basis: legitimate interest in B2B communication, or steps prior to a possible business relationship.

To send commercial emails about our products. Catalogs, new stones, exhibition invitations, occasional newsletters. Legal basis: consent — given by submitting your card at an exhibition, ticking the consent box on our form, or by other clear opt-in. You can unsubscribe at any time using the link in every email.

To fulfill orders and ship containers. Quotations, invoices, packing documents, shipping records. Legal basis: contractual necessity.

To meet legal and accounting obligations. Tax records, export documentation, anti-money-laundering checks where required. Legal basis: legal obligation.

To keep our website and infrastructure secure. Server logs, abuse detection. Legal basis: legitimate interest.

4. Who we share your information with

We do not sell your personal data. We share it only with:

• Hosting and infrastructure providers: Oracle Cloud (website hosting, data center in India), Hostinger (database hosting). These providers process data on our behalf under their standard terms.
• Email delivery providers: Amazon Web Services (Amazon SES) for sending marketing and transactional emails. AWS is based in the United States and processes a copy of your email address in transit.
• Logistics, freight forwarders, and shipping lines: for shipments to your port, with the minimum information needed (consignee name, address, contact, customs information).
• Government and customs authorities: when required by law for export documentation.
• Professional advisors: auditors, lawyers, banks — where strictly necessary and under confidentiality.

We do not share your data with advertising networks, data brokers, or social media platforms.

5. International transfers

Because we are an exporter, your data may be transferred outside the country where you are located:

• Your data is primarily stored and processed in India.
• Email delivery uses Amazon SES, which processes data in the United States.
• For visitors and customers in the European Economic Area, the United Kingdom, or Switzerland, these transfers are made under the European Commission's Standard Contractual Clauses (SCCs), which provide a recognized safeguard for international data transfers.

If you would like a copy of the safeguards that apply to your data, write to us at gemarixind@gmail.com.

6. How long we keep your information

• Contact form submissions and email inquiries: three years after the last contact, then deleted, unless we are in an active business relationship.
• Marketing email list: until you unsubscribe, plus three months after unsubscribing to keep a record that the unsubscribe was honored.
• Order, invoice, and tax records: eight years from the end of the relevant financial year, as required by Indian tax law and the Companies Act, 2013.
• Server logs: thirty days, then automatically purged.

When we no longer need your data, we delete it or anonymize it.

7. Your rights

Depending on where you are located, you have some or all of the following rights:

• Access — request a copy of the personal data we hold about you.
• Rectification — ask us to correct anything inaccurate.
• Erasure — ask us to delete your data (subject to legal retention requirements).
• Restriction — ask us to stop processing your data while a question is resolved.
• Portability — receive a copy of your data in a machine-readable format.
• Objection — object to processing based on legitimate interest, including direct marketing.
• Withdraw consent — for anything we do based on your consent.
• Lodge a complaint with the data protection authority in your country.

To exercise any of these rights, write to gemarixind@gmail.com. We will respond within thirty days. We will not charge for any reasonable request.

EU and UK residents can also complain to their national data protection authority. Indian residents can complain to the Data Protection Board of India once it is fully established under the Digital Personal Data Protection Act, 2023.

8. How we protect your information

• HTTPS encryption on every page of the website.
• Database access restricted to a small number of named individuals.
• Backups encrypted at rest.
• Passwords rotated periodically and not shared.
• We follow security practices appropriate for a business of our size.

No system is perfectly secure. If we ever experience a data breach affecting your personal information, we will notify you and the appropriate authorities as required by applicable law.

9. Children

Our website and services are intended for business buyers and are not directed at anyone under the age of eighteen. We do not knowingly collect personal information from children. If you believe we have, contact us and we will delete it.

10. Changes to this policy

We may update this Privacy Policy from time to time. The "Last updated" date at the top tells you when. Material changes will be highlighted on this page, or notified by email where appropriate.

11. Contact

For any privacy question:

• Email: gemarixind@gmail.com
• Postal: Gemarix Worldwide Pvt Ltd, Udaipur, Rajasthan, India