Privacy Policy

1. POLICY

We at 3SC consider customer trust as our top priority. We deliver services to millions of customers across the country and internationally. Our customers trust us with some of their most sensitive information.

This policy explains our approach to the collection, use, storage, disclosure, transfer, and protection of personal data when you use our Services and the choices you have associated with that data.

This Privacy Policy is meant to help you understand the following:

1.1. WHAT DATA DO WE COLLECT?

While using our Services, we may ask you to provide us with certain personally identifiable information (PII) / personal data that can be used to contact or identify you.

Personal data may include, but is not limited to:

• Email address
• First name and Last name
• Phone number
• Address, State, Province, ZIP/Postal code, City
• KYC Documents (e.g., Aadhaar, Passport, PAN as legally required)
• Geographical Location
• Cookies and Tracking Data

We do not intentionally collect sensitive personal data (such as biometric, health, political opinion or religious information), unless explicitly required by law (e.g., KYC norms) or with your consent.

1.1.1. COOKIES DATA

We use cookies and similar tracking technologies to improve the functionality, security, performance & track activity on our services and hold certain information.

Cookies are small files placed on your device by a website. They may contain a unique identifier that help us recognise your browser from a website and stored on your device. Tracking technologies used include beacons, tags, and scripts to collect and track information, and to improve and analyse our services.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, some portions of our services may not function properly.

Examples of Cookies we use:

• Session Cookies: We use Session Cookies to operate our Service.
• Preference Cookies: We use Preference Cookies to remember your preferences and various settings.
• Security Cookies: We use Secure Cookies for security purposes.
• Analytics Cookies: To help us analyse site usage (with your consent).

1.2. HOW DO WE COLLECT YOUR DATA?

We collect personal data from you in a number of ways, including but not limited to:

• Applications used for providing our services
• Web Forms and account registration
• Off-site services (e.g., delivery and pickup operations)
• APIs and integrations with business partners
• Legal and compliance checks (e.g., customs, KYC requirements)

1.3. WHY DO WE COLLECT YOUR DATA?

We use the collected data for various purposes, including but not limited to:

• To provide products and services you request (such as parcel transportation, warehousing, freight, reverse logistics, cross-border and technology services)
• To allow you to participate in interactive features of our Service when you choose to do so
• To perform analysis and gain valuable insights so that we can improve our services
• To monitor and ensure proper use of the Service
• To detect, address and prevent technical issues or security incidents
• To provide customer support and respond to your requests, questions and comments
• To send tracking updates to consignor and consignee
• To provide convenient delivery options for consignee
• To evaluate and improve our business (including developing new products and services; managing communications; determining the effectiveness of our sales; analysing and enhancing our products, services, websites and apps; ensuring the security of our networks and information systems; performing accounting, auditing, invoicing, reconciliation and collection activities; and improving and maintaining the quality of our customer services)
• To perform data analysis (including market research, trend analysis, financial analysis, and anonymisation of personal information)
• To protect against, identify and prevent fraud, misuse, or other prohibited or illegal activities, claims and liabilities
• To comply with applicable legal and regulatory requirements, including KYC, tax, audit, and customs obligations.

1.3.1. LEGAL BASES FOR PROCESSING

Depending on jurisdiction, we process personal data based on one or more of the following legal grounds:

• Contractual necessity – when data processing is required to enter into a contract to deliver our services to you.
• Legal obligation – when processing is necessary for compliance with applicable laws including tax, audit, KYC, customs, or other regulatory requirements.
• Legitimate interest – for improving services, fraud prevention, and ensuring security, provided such interests are not overridden by your fundamental rights.
• Consent – for optional purposes such as marketing communications, analytics cookies, and your explicit consent for sensitive personal data or cross-border transfers is required by law. You may withdraw your consent at any time, without affecting the lawfulness of processing carried out before such withdrawal.

1.4. WHY DO WE SHARE YOUR DATA AND WITH WHOM?

As a rule, we do not share your personal data with third parties except in the circumstances described below:

1.4.1. LEGAL REQUIREMENTS

We may disclose your Personal Data in good faith belief that such action is necessary to:

• To comply with a legal or regulatory obligation
• To protect and defend the rights, or property of SS Supply Chain Solutions Pvt Ltd
• To prevent or investigate fraud, security incidents, or other unlawful activities in connection with the Service
• To protect the personal safety of users of the Service or the public

1.4.2. ANALYTICS AND MARKETING PARTNERS

• We use Google Analytics, a web analytics service provided by Google, to better understand website usage and improve our services.
• Google Analytics may collect information such as your device type, browser type, IP address (with IP anonymization enabled, where applicable), pages visited, time spent on pages, and interactions with our website.
• Where required by law (e.g., GDPR, DPDPA), we only enable Google Analytics after obtaining your explicit consent through our cookie banner or preference settings. You may withdraw your consent at any time.
• The data generated by Google Analytics may be transmitted to and stored by Google on servers located outside your country (including the United States), & such transfers are subject to adequate safeguards.
• You may manage your preferences through our cookie settings or opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on.
• For more information on the privacy practices of Google, please visit the Google Privacy Terms web page: http://www.google.com/intl/en/policies/privacy/

1.4.3. THIRD PARTY VENDORS

We may employ trusted third-party vendors and individuals to facilitate our services, perform service-related transactions, or assist us in analyzing how our services are used.

• These parties act strictly on our documented instructions and within the scope and purpose defined in contracts and may only process personal data defined in contracts with the controller.
• We enter into legally binding like contracts and agreements with such vendors, requiring them to implement appropriate technical and organizational measures, confidentiality obligations, and security controls.
• Vendors are subject to regular assessments for compliance with our contractual, legal, and security requirements.
• We take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy.
• Your personal data may be transferred to and maintained on systems located outside your state, province, country, or other jurisdiction where data protection laws may differ. Such transfers only occur with adequate safeguards in place (e.g., Standard Contractual Clauses, adequacy decisions, or equivalent mechanisms under applicable law).

1.5. HOW LONG DO WE KEEP YOUR PERSONAL DATA?

We will retain your personal data for as long as necessary to fulfill the purpose for which it was collected, and for a reasonable period thereafter to comply with audit, accounting, contractual, technical, or legal requirements, and/or to resolve any future disputes.

Retention will be strictly limited to the duration necessary as per the instructions of the Data Controller or applicable legal obligations. After processing ends, personal data will be securely disposed of or deleted.

1.5.1 DEFAULT RETENTION TIMELINES

• Client Data (includes master records, transaction data, user data, access logs, files, and backups) shall be retained for 90 days. Ownership lies with the Engineering team.
• System Logs (such as platform and application logs) shall be retained for 180 days and managed by the Engineering team.
• Support Records (includes tickets, chat transcripts, incident logs, and resolution notes) shall be retained for 1 year. Ownership lies with the Customer Support team.
• Financial Records (includes invoices, and payment records) shall be retained for 7 years in alignment with statutory financial and tax obligations. The Finance team holds responsibility.

1.6. HOW DO WE SECURE YOUR PERSONAL DATA?

We implement appropriate administrative, technical, and physical safeguards to protect personal data against accidental, unlawful, or unauthorized destruction, loss, alteration, access, disclosure, or use.

Our key focus areas include application, data, infrastructure, and network security, enforced through industry best practices and aligned with international standards such as ISO/IEC 27001 (Information Security Management).

1.6.1. DATA HANDLERS AND DISCLOSURE

We remain responsible for your personal data at all times.

• Internal Access: Only authorized employees with a legitimate "need-to-know" may access your data.
• Vendors/Partners: Service providers (e.g., logistics, cloud hosting, IT support, payment processors) may process data strictly for agreed purposes and only under contract.
• Contracts & Oversight: All third parties are bound by strict confidentiality, data protection, and security obligations through Data Processing Agreements (DPAs) and may be subject to audits or penalties for non-compliance.
• Data Protection Officer (DPO): For privacy-related concerns, you can contact our DPO at InfoSec_Team@3scsolution.com.

1.7. WHAT ARE YOUR RIGHTS AS A DATA SUBJECT?

Depending on applicable data protection laws, you have the following rights regarding your personal data:

• Right to be informed: You have the right to clear, transparent, and easily understandable information about how we collect, use, share, and protect your personal data.
• Right of access: You can request confirmation of whether we process your personal data, obtain a copy of it, and understand the purposes of processing, categories of data, and any recipients.
• Right to rectification: You may request correction or updating of any inaccurate, incomplete, or outdated personal data we hold about you.
• Right to erasure (right to be forgotten): You can request deletion of your personal data when it is no longer necessary for the purposes for which it was collected, when consent is withdrawn, or when required under applicable law.
• Right to restrict processing: You may request that we limit the processing of your personal data in certain situations (e.g., when accuracy is contested, or processing is unlawful but you prefer restriction over deletion).
• Right to object (including profiling & direct marketing): You have the right to object to processing of your personal data where we rely on legitimate interests, and you may always object to processing for direct marketing purposes, including profiling related to such marketing.
• Right to data portability: Where legally applicable, you may request to receive your personal data in a structured, commonly used, and machine-readable format, and transmit it to another controller.
• Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
• Right to grievance redressal / complaint (internal & regulator): You may raise concerns with us at InfoSec_Team@3scsolution.com or compliance@3scsolution.com.
• Right to nominate a representative: Under India's DPDPA, you may nominate another individual to exercise your data subject rights on your behalf in the event of your death or incapacity.

1.8. CHANGES TO THIS PRIVACY POLICY

We may amend or update 3SCSolution's Privacy Policy from time to time. The revised policy will be updated and posted on our official website directly. You are advised to review this Privacy Policy periodically to stay informed for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

1.9. DEFINITION

In this policy, the following terms shall have the following meanings:

• "Consignee" shall mean the entity (individual/firm) who is contractually responsible (the buyer) for the receipt of a shipment.
• "Consignor" shall mean a person or firm (usually the seller) who delivers a consignment to a carrier for transporting it to a consignee.
• "Data Subject" shall mean any natural person who can be identified, directly or indirectly, via an identifier such as a name, an ID number, location data.
• "Third Party Vendors" shall mean any individual or organization providing goods or services to 3SC Solutions Private Limited on a contractual basis.
• "We/Us/Our" shall mean 3SC Solutions Private Limited and its employees/authorized representatives.

1.10. INTERNATIONAL DATA TRANSFERS

• Your personal data may be transferred to and stored in countries where our partners, service providers, or cloud storage providers are located (including but not limited to India, EU, and US). Such transfers occur only under documented instructions from the controller and with appropriate safeguards as per applicable jurisdictional requirements.
• We ensure such transfers comply with applicable data protection laws (e.g., Standard Contractual Clauses under GDPR, local DPA clauses).
• We take appropriate safeguards to ensure your rights are protected, including contractual commitments, technical measures, and ensuring an equivalent level of data protection across jurisdictions.

1.11. DATA BREACH NOTIFICATION

In the event of a data breach:

• When acting as a Data Processor: We will promptly assess the impact and inform the Data Controller (our client) without undue delay and no later than 24 hours after becoming aware of a breach, enabling them to meet their obligations to notify the relevant data protection authorities and affected individuals under GDPR, DPDPA, and other applicable laws.
• When acting as a Data controller: We will promptly assess the impact and inform affected users and the supervisory authorities, where required, within legally mandated timelines e.g., 72 hours under GDPR, 6 hours under CERT-In in India, or as otherwise required.
• Our notification will include the nature of the breach, possible consequences, and steps taken to mitigate risks.
• Where necessary, we will also advise you on measures you can take to protect yourself.

1.13. CHILDREN'S DATA

Our services are not intended for individuals under the age of 18 (or the age of majority as defined under applicable law).

• If we discover we have collected personal data of a minor without necessary parental/guardian consent, we will take immediate steps to delete such data, unless required by law to retain it.

2. YOUR CONSENT

By using our services, you acknowledge that you have read and understood this Privacy Policy and Cookie Policy.

Where required by law, we will seek your explicit consent for the collection and processing of certain categories of personal data (such as cookies, marketing communications, or sensitive personal data).

You have the right to withdraw your consent at any time by contacting us at the details below or by using the available preference management tools (e.g., cookie banner, unsubscribe links).