Privacy policy

Privacy Policy (India)

Bull Padel India by Gamepark Private Limited

Gamepark Private Limited (“Gamepark” “we” “us”) operates Bull Padel India (the “Store”) and this website including all related information, content, features, tools, products and services (collectively, the “Services”). This Privacy Policy explains how we collect, use, share and protect personal data when you visit, use or transact on the Services.

This Privacy Policy is designed for India and aligns with the Digital Personal Data Protection Act, 2023 and the Digital Personal Data Protection Rules, 2025.

1. Key terms

  • Personal Data means any data about an individual who is identifiable by or in relation to such data.

  • Data Principal means the individual to whom the personal data relates.

  • Data Fiduciary means the entity that determines the purpose and means of processing personal data (Gamepark is the Data Fiduciary for the Services).

2. Personal data we collect

Depending on how you use the Services, we may collect the following:

A. Identity and contact data
Name, phone number, email, billing address and shipping address.

B. Transaction and payment data
Order details, products purchased, returns/exchanges and payment confirmations. Payment card data is typically processed by payment gateways and Shopify.

C. Account data
Username, password (hashed), preferences and settings.

D. Device and usage data
IP address, browser type, device identifiers and logs about how you interact with the Services.

E. Communications
Information you share when you contact customer support or message us.

3. Sources of personal data

We collect personal data:

  • Directly from you when you place an order, create an account or contact support

  • Automatically through cookies and similar tech when you browse the Services

  • From service providers (payments, shipping, analytics, customer support and cloud services)

  • From partners where you explicitly connect or enable an integration

4. Why we process your personal data and our legal basis

We process personal data only for lawful purposes and on permitted grounds, including consent and other grounds allowed under Indian law.

A. Order execution and service delivery
Processing payments, fulfilling orders, shipping, returns, exchanges and customer support.

B. Account operations
Account creation, login, security validation and preference management.

C. Marketing and promotions
Sending offers and promotional messages where you have provided consent or where permitted. You can opt out anytime.

D. Security and fraud risk management
Preventing fraud, abuse and unauthorized access using reasonable safeguards.

E. Legal and compliance
Complying with applicable Indian laws, responding to lawful requests and enforcing our terms.

5. Consent, notice and withdrawal

Where we rely on consent, we provide a clear notice describing what data we collect and why and how you can withdraw consent and exercise rights. Withdrawal must be as easy as giving consent.
If you withdraw consent, we will stop processing unless we are required or permitted to continue under law (for example, for an already paid order, compliance, dispute handling or record retention).

6. How we share personal data

We may share personal data strictly on a need-to-know basis with:

  • Shopify (hosting and commerce infrastructure) and its approved sub-processors for enabling the Services

  • Payment processors for payment collection and fraud checks

  • Logistics and courier partners for delivery, returns and reverse logistics

  • Support and IT vendors for customer support, ticketing, cloud hosting and security monitoring

  • Analytics and advertising partners for measuring performance and marketing, subject to your choices and applicable law

  • Authorities and regulators when required by law or valid legal process

We do not “sell” personal data as a business model. If we run targeted advertising, it is executed via controlled vendor contracts and opt-out mechanisms where applicable.

7. Cookies and similar technologies

We use cookies and similar technologies to:

  • keep the site functional

  • remember your preferences

  • understand traffic and performance

  • reduce fraud and improve security

You can control cookies through your browser settings. Some functions may degrade if cookies are disabled.

8. Children’s data

A child means an individual under 18.
We do not knowingly process children’s personal data without verifiable consent of a parent or lawful guardian.
We do not undertake processing that is likely to cause a detrimental effect on a child’s well-being and we do not do tracking or behavioural monitoring of children or targeted advertising directed at children.

9. Security safeguards

We implement reasonable technical and organisational measures to protect personal data against unauthorized access, alteration, loss or misuse. If we engage processors, we contractually require them to maintain reasonable safeguards.

No system is “perfectly secure.” Please avoid sharing sensitive information over unsecured channels.

10. Personal data breach response

If we become aware of a personal data breach, we will:

  • inform affected users without delay with key facts, impact, mitigation steps and a contact point

  • intimate the Data Protection Board and provide required details within timelines including 72 hours for detailed updates where applicable

11. Retention and deletion

We retain personal data only as long as needed for:

  • the purpose for which it was collected

  • legal compliance, dispute resolution and enforcement

  • security logs and auditability

DPDP Rules require retention of certain processing logs and related data for at least one year in defined cases.
When retention is no longer required, we delete or anonymize the data.

12. Cross-border transfers

Your personal data may be processed outside India (for example, via cloud or platform vendors). Transfers are permitted unless restricted for specific countries/territories as notified by the Central Government and subject to any other Indian law that imposes higher protection or restrictions.

13. Your rights (India)

Subject to applicable law, you can exercise these rights:

  • Right to access information about your personal data and sharing details

  • Right to correction, completion, updating and erasure (where retention is not legally required)

  • Right of grievance redressal (you must first use our grievance channel before approaching the Board)

  • Right to nominate another person to exercise rights in case of death or incapacity

  • Right to withdraw consent where consent is the basis of processing

14. Grievance and contact

For questions, requests or complaints about privacy or to exercise rights, contact:

Email: zubin@padelpark.in

If your grievance is not resolved through our mechanism, you may escalate as permitted under applicable law including approaching the Data Protection Board after exhausting our grievance process.

15. Changes to this Privacy Policy

We may update this Privacy Policy for operational, legal or regulatory reasons. The updated version will be posted on this page with a revised “Last updated” date.