Get ₹500 Off + Free Home Delivery on Your 1st Order Above ₹5,000!

Click Allow to Get Coupon Code & New Updates

Collections
Best Sellers
Buy In Store
Popular Searches
Electric Cycles Treadmill For Home Geared Bicycle Single Speed Bicycle BLDC Moter Treadmill Electric Scooter Cardio Exercise Machine Electric Toy For Kids Bicycle Accessories
Trending Now
All
  • All
  • Electric Cycles
  • Electric Scooters
  • Treadmills
  • Bicycles
  • Bianchi Bikes
  • Backpacks
  • Accessories

Privacy Policy

This Privacy Policy is a standalone notice issued pursuant to Rule 3 of the DPDP Rules, 2025 and Rule 4 of the SPDI Rules, 2011. It is distinct from, and shall not be construed as part of, our Terms and Conditions, any contract of sale, or any employment agreement.

1. At a Glance

This section is a plain-language summary. It is not a substitute for the detailed clauses that follow.

  • We do not collect personal data from you without a lawful basis. Where consent is required, we obtain it by a clear affirmative action before collection.
  • We do not sell your personal data. We share data only with vetted processors who act on our written instructions, or where required by law.
  • We use limited, purpose-bound data to operate the Platform, fulfil your orders, provide after-sales service and, where you opt in, to personalise your experience.
  • Cookies and similar technologies are used for site functionality, security and, where you have consented, for analytics and marketing. You can control non-essential cookies at any time.
  • You have the rights listed in Section 11 below. To exercise them, or to lodge a complaint, please contact our Grievance Officer whose details are in Section 16.

2. Who We Are

Alphavector (India) Private Limited ("Company", "we", "us", "our", also trading as "Ninety One") operates the brand "Ninety One" and the e-commerce platform at https://www.outdoors91.com and related mobile applications (collectively, the "Platform"), through which it sells bicycles, electric cycles, electric scooters, ride-on vehicles, treadmills, accessories and related goods and services. References to "you" and "your" are to any User of the Platform, customer, prospective customer, employee, applicant, contractor, supplier representative or other individual whose personal data we process.

For the purposes of the DPDP Act, we are the "Data Fiduciary" in respect of the personal data we process. For the purposes of the IT Act, 2000 read with the SPDI Rules, 2011, we are the "body corporate" that collects, receives, possesses, stores, deals with or handles information.

3. Scope

This Privacy Policy applies to all personal data we collect, receive, store, possess, deal with, handle, process, disclose or transfer in connection with (a) the Platform, (b) the sale or servicing of our products, (c) our offline stores, experience zones and authorised dealers (to the extent they process data on our behalf), (d) our marketing and customer-support activities, and (e) our employment, contracting and supplier relationships.

This Privacy Policy does not apply to personal data processed by independent third parties whose services may be linked to from the Platform (including social networking sites, payment gateways and courier partners operating in their own capacity as data fiduciaries). Their privacy practices are governed by their own policies.

4. Definitions

"Consent" means a free, specific, informed, unconditional and unambiguous indication of your wishes, signified through clear affirmative action.

"Personal Data" means any data about you by which you are identifiable.

"Sensitive Personal Data or Information" or "SPDI" means the categories listed in Rule 3 of the SPDI Rules, 2011, including passwords, financial information such as bank account, credit card, debit card or other payment instrument details, physical, physiological and mental health condition, sexual orientation, medical records and history, and biometric information.

"Processing" means any operation performed on personal data, as defined in Section 2(x) of the DPDP Act.

"Processor" or "Data Processor" means any person who processes personal data on our behalf under a written contract.

"Platform" has the meaning assigned in Section 2.

5. Categories of Personal Data We Collect

Pursuant to Rule 3(3)(a) of the DPDP Rules, 2025 and Rule 4(1) of the SPDI Rules, 2011, the following categories of personal data are, or may be, collected by us:

5.1 Identity and Contact Data

Full name, gender, date of birth, email address, mobile and alternate telephone number, delivery address, permanent address, billing address, user registration ID, password (stored in hashed form only), date of registration, bicycle registration details and other fields you choose to populate in your Platform profile.

5.2 Transaction and Financial Data

Order history, invoice details, payment instrument details (processed by our PCI-DSS-compliant payment service providers and not stored by us in the clear), shipping and returns records, warranty claims, and records of refunds, cashbacks and credit notes.

5.3 Device, Usage and Technical Data (Log Information)

When you access the Platform, our servers automatically record information sent by your browser. This may include your Internet Protocol (IP) address, device identifier, processor or device serial number, browser type, browser language, operating system, Internet Service Provider, referring and exit pages, date/time stamp, URI stem, URI query, Win32 status, bytes sent and received, method, clickstream data, and one or more cookies that may uniquely identify your browser.

5.4 Marketing and Preference Data

Subscription status, communication preferences across email, SMS, WhatsApp, voice calls and postal channels, survey responses, event participation, customer satisfaction scores and inferences we draw about the product categories likely to interest you.

5.5 Sensitive Personal Data or Information (SPDI)

Payment instrument details (as above); passwords; in limited HR contexts, physical or physiological health condition relevant to product fit, accessibility, leave entitlements or insurance.

5.6 Location Data

Approximate or precise location data, only where you have enabled location services on your device and provided consent for the relevant feature (for example, nearest-store locator or delivery tracking).

5.7 Children's Data

The Platform is intended for adults. We do not knowingly process personal data of children (persons below 18 years of age) except where the purchase is made by a parent or lawful guardian for the benefit of the child and verifiable parental consent has been obtained in accordance with Section 9 of the DPDP Act and Rule 10 of the DPDP Rules, 2025. Tracking, behavioural monitoring and targeted advertising directed at children is prohibited on the Platform.

6. How We Collect Personal Data

  • Directly from you at the point of registration, checkout, warranty registration, contest or campaign participation, customer-support interactions, job applications, dealer onboarding and any other voluntary submission you make.
  • Automatically through cookies, web beacons, SDKs in our mobile applications and server log files, as described in Section 5.3 and Section 7.
  • From our authorised dealers, offline stores and service centres, where you have provided data to them in connection with a purchase or service request.
  • From payment service providers, logistics providers and credit-check partners who share transaction-related data with us under contract.
  • From publicly available sources and social media, only where such sources are lawfully accessible and the processing is compatible with the purpose for which you made the data public.

7. Cookies and Similar Technologies

Cookies are small text files that our servers send to your browser and that are stored on your device. We use cookies, pixels, tags and similar technologies to: (i) operate the Platform and retain your session; (ii) remember your preferences and language; (iii) aggregate usage trends so we can improve our content; and (iv) deliver personalised content or advertising, where you have consented.

Most browsers are initially set to accept cookies. You can reset your browser to refuse all cookies, to indicate when a cookie is being sent, or to accept only essential cookies. If you disable cookies, some features of the Platform may not function properly.

Third-party advertisers and analytics providers may set their own cookies on your browser. Their collection is governed by their own privacy policies. The Platform may contain links to other websites which we do not own, manage or control; we are not responsible for their privacy practices.

8. Purposes and Legal Bases for Processing

We process your personal data only for the following specified purposes. For each purpose, the relevant legal basis under Section 4 read with Sections 6, 7 and 9 of the DPDP Act, and Rule 5 of the SPDI Rules, 2011, is stated.

Creating and managing your user account Consent (DPDP Act, s.6) and performance of contract
Processing orders, payments, deliveries and returns Performance of contract; legitimate use under DPDP Act, s.7(a)
Providing warranty, after-sales service and product recalls Performance of contract; compliance with law (Consumer Protection Act)
Responding to customer enquiries, complaints and grievances Consent and legitimate use under DPDP Act, s.7(b)
Fraud prevention, platform security and abuse monitoring Legitimate use under DPDP Act, s.7(g)
Compliance with Indian law (tax, GST, CERT-In, consumer, legal metrology, anti-money laundering) Compliance with law, DPDP Act, s.7(c)
Marketing, promotions, surveys and personalised recommendations Consent; withdrawable at any time
Employment, recruitment, payroll, statutory benefits and HR administration Contract of employment; compliance with labour and tax law
Defence of legal claims, responding to judicial or regulatory orders Compliance with law; DPDP Act, s.17(1)(d)

We will not process your personal data for a purpose that is not described above without first updating this Privacy Policy and, where required, obtaining fresh consent.

9. Sharing and Disclosures

We do not sell your personal data. We disclose personal data only in the circumstances set out below and only to the minimum extent necessary.

9.1 Processors Acting on Our Instructions

We share personal data with payment service providers, logistics and courier partners, warehousing and reverse-logistics vendors, customer-support and CRM providers, cloud hosting and data-centre providers, email, SMS and WhatsApp communication providers, analytics providers, marketing agencies, background-verification agencies (for employment), statutory auditors and external counsel. Each such processor is bound by a written contract requiring compliance with this Privacy Policy, the SPDI Rules and the DPDP Act, appropriate security safeguards, confidentiality obligations, purpose limitation and breach-notification obligations to us.

9.2 Group Companies

We may share personal data with our subsidiaries and affiliates for the purposes listed in Section 8, subject to the same protections that apply to external processors.

9.3 Compliance with Law and Legal Proceedings

We disclose personal data to Indian courts, tribunals and governmental or regulatory authorities where such disclosure is required by law, or permitted by Section 17(1)(c) or 17(1)(d) of the DPDP Act. This includes disclosures to the Cert-In under the CERT-In Directions dated 28 April 2022, to tax authorities, to the Central Consumer Protection Authority, to the Legal Metrology authorities, and to any law-enforcement agency acting under lawful authority.

9.4 Enforcement and Safety

We may disclose personal data to enforce our Terms and Conditions, investigate fraud or abuse, detect, prevent or address security or technical issues, and to protect against imminent harm to the rights, property or safety of the Company, our users or the public, as required or permitted by law.

9.5 Business Transfers

In the event of any merger, demerger, sale of assets, reorganisation, insolvency proceeding or similar transaction, personal data may be transferred to the acquirer or successor entity as a transferred asset, subject to the recipient being bound to this Privacy Policy or a policy offering no lesser protection.

9.6 Publicly Accessible Areas (Blogs, Forums, Reviews, Testimonials)

Any information you voluntarily disclose in publicly accessible areas of the Platform, such as product reviews, blog comments, community forums, social-media posts tagging us or testimonials we post with your prior consent, may be read, collected and used by others. You are responsible for the content you publish in such areas. You may request removal of a testimonial or forum post at any time by writing to the Grievance Officer at the address in Section 16.

9.7 Promotional Initiatives on Social Media

Our presence on social networking websites (including but not limited to LinkedIn, Facebook, Instagram, X (Twitter), YouTube and Google) is a promotional initiative inviting registration and participation by prospective customers. Domain links contained therein may direct you to the Platform or invite feedback and suggestions. We disclaim any liability for the use or misuse by third parties of feedback, suggestions or views posted by you on such social networking websites, to the extent permitted by law.

10. Cross-Border Transfers

Your personal data is primarily stored on servers located in India. We may, from time to time, transfer personal data to, or allow access from, countries outside India for the purposes set out in Section 8 and only to the extent permitted by Section 16 of the DPDP Act and Rule 14 of the DPDP Rules, 2025. Such transfers are subject to any restriction, condition or country-specific prohibition notified by the Central Government.

Where a transfer occurs, we take the following safeguards: (a) a written contract with the recipient requiring compliance with the DPDP Act and, at a minimum, ISO/IEC 27001:2013 level controls; (b) purpose limitation; (c) confidentiality obligations; and (d) an obligation on the recipient to notify us of any data breach within a time frame enabling us to meet our CERT-In obligations.

11. Your Rights

Subject to the DPDP Act, the DPDP Rules, 2025 and the SPDI Rules, 2011, you have the following rights:

Right to access To obtain a summary of the personal data we hold about you and the processing activities we undertake.
Right to correction, completion, updation and erasure To have inaccurate, incomplete or misleading data corrected or completed; to have data erased where the purpose has been fulfilled or consent is withdrawn, subject to lawful retention obligations.
Right to grievance redressal To lodge a grievance with the Grievance Officer and, if unresolved, with the Data Protection Board of India established under the DPDP Act.
Right to nominate Right to nominate To nominate an individual to exercise your rights on your behalf in the event of your death or incapacity.
Right to withdraw consent To withdraw, at any time, any consent you have provided, with effect from the date of withdrawal. Withdrawal does not affect the lawfulness of prior processing or processing on any other legal basis.
Right to review (SPDI) To review the information you have provided and ensure that any inaccurate or deficient SPDI is corrected or amended, as provided under Rule 5(6) of the SPDI Rules, 2011.
Right to opt out of marketing To unsubscribe from promotional communications by following the unsubscribe instructions in our emails, replying STOP to SMS/WhatsApp, or writing to us at bikes@outdoors91.com.

To exercise any of these rights, please contact the Grievance Officer at the address in Section 16. We will respond within the timelines prescribed by law (generally, within 30 days for grievances under the Intermediary Guidelines and within the period specified under the DPDP Rules for DPDP requests).

12. Security Practices and Procedures

We have in place reasonable administrative, technical, physical and organisational safeguards and security measures designed to protect personal data against accidental, unauthorised or unlawful loss, destruction, damage, alteration, access, disclosure or use and any other unlawful form of processing. Our security programme is benchmarked to the international standard IS/ISO/IEC 27001:2013 "Information Technology - Security Techniques - Information Security Management System - Requirements", which is the standard recognised under Rule 8(2) of the SPDI Rules, 2011, and to other industry standards and codes of best practice notified and approved by the Central Government from time to time.

Without limiting the generality of the above, our measures include: role-based access controls with multi-factor authentication for administrative access; encryption of personal data at rest using AES-256 and in transit using TLS 1.2 or higher; network segmentation; daily monitoring and annual penetration testing; secure software development practices; vendor security assessments; written confidentiality and data-protection obligations binding on employees and processors; periodic information-security training; incident response and business continuity plans; and an internal Data Handling and Information Security Standard Operating Procedure.

No system is entirely impervious to security incidents. If a personal data breach occurs that is reasonably likely to cause harm, we will notify you and the Data Protection Board of India in accordance with Section 8(6) of the DPDP Act and Rule 7 of the DPDP Rules, 2025. We will also notify CERT-In within six hours of becoming aware of any reportable cyber incident under the CERT-In Directions dated 28 April 2022.

13. Retention

We retain personal data only for as long as is necessary for the purpose for which it was collected, or for as long as required by law, whichever is longer. Indicative retention periods are set out below; the complete retention schedule is maintained in our internal Data Handling and Information Security Standard Operating Procedure.

Customer account data For the duration of the account plus 3 years from the date of account closure, for warranty and dispute purposes.
Order, invoice and GST records 8 years from the end of the relevant financial year (Companies Act, 2013 and GST law).
Warranty registrations Duration of the warranty plus 2 years.
Payment card data We do not store in the clear. Tokens are retained as long as the payment service provider requires.
Marketing consents and preferences Until withdrawal of consent plus a further 3 years to evidence prior consent.
CCTV footage at our offices and stores 30 days rolling, unless preserved for investigation.
Employment records Duration of employment plus 8 years, or longer if required by tax, provident fund, gratuity or labour law.
Website analytics and log files 12 months by default; aggregated or anonymised records may be retained for longer.

After the retention period expires, we will erase or anonymise the personal data, except for any minimum record required to evidence compliance with our legal obligations.

14. Your Representations and Obligations

By providing personal data to us, you represent and confirm that:

  • The information you provide is authentic, correct, current, complete and updated, and will be updated by you if and when it changes.
  • You have all rights, permissions and consents necessary to provide such information to the Company and to permit us to use it for the purposes set out in Section 8.
  • Your provision of such information, and our consequent storage, collection, usage, transfer, access or processing, will not be in violation of any third-party agreement, applicable law, charter documents, judgment, order or decree.
  • Where you provide personal data of a third person (such as an additional user on your account, a gift recipient, a referral or a dependant), you have obtained that person's informed consent to the disclosure and to our processing in accordance with this Privacy Policy.
  • You will not provide us with special-category or sensitive personal data other than that necessary for the purpose for which you are submitting it.

14.1 Account Credentials

You may be required to create a username, password and/or other identification information to use the Platform. You are solely responsible for keeping these credentials confidential and for all activities that occur under your account. You shall not disclose them to, or share them with, anyone. You shall notify us immediately of any unauthorised access to or use of your account.

15. Employee, Contractor and Candidate Data

Where you interact with us as an employee, contractor or job applicant, we process personal data necessary for recruitment, onboarding, payroll, statutory benefits (provident fund, gratuity, insurance, maternity benefit, state insurance), performance management, grievance handling, workplace safety, access control and compliance with employment, tax and labour laws. Collection of SPDI from employees is supported by a separate written consent form and is governed by our internal Data Handling and Information Security Standard Operating Procedure.

16. Grievance Redressal and Contact Points

In accordance with Rule 5(9) of the SPDI Rules, 2011, Rule 3(2) of the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, and Sections 8(10) and 13 of the DPDP Act, 2023, we have appointed the following officers. These officers are distinct from our Customer Service Officer for sales and warranty enquiries.

Grievance Officer (SPDI / Intermediary Guidelines) [NAME], [Designation], Alphavector (India) Private Limited, 101-108, 10th Floor, City Center, Swastik Cross Road, C.G. Road, Navrangpura, Ahmedabad, Gujarat 380009, India. Email: grievance@outdoors91.com. Telephone: [____]. Working hours: Monday to Friday, 09:30 to 18:30 IST.
Data Protection Officer / point of contact under DPDP Act [NAME], [Designation], Alphavector (India) Private Limited, 101-108, 10th Floor, City Center, Swastik Cross Road, C.G. Road, Navrangpura, Ahmedabad, Gujarat 380009, India. Email: dpo@outdoors91.com. Telephone: [____].
Escalation If your grievance is not resolved within 30 days of receipt of a complete complaint, you may approach the Data Protection Board of India established under Chapter V of the DPDP Act.
Customer Service (non-privacy queries) cares@outdoors91.com / as published on the Platform.

17. Communications and Marketing

Where we have obtained your consent, we may send you service updates, product information, offers, surveys, event invitations and loyalty programme communications by email, SMS, WhatsApp, voice call or postal mail. You can opt out at any time by following the unsubscribe link in the email, replying STOP to SMS/WhatsApp, adjusting your account preferences or writing to cares@outdoors91.com. Service-related communications (such as order confirmations, payment receipts, delivery updates, warranty notices, safety recalls and legally required disclosures) are not marketing and may be sent regardless of your marketing preferences.

18. Children

In accordance with Section 9 of the DPDP Act, 2023 and Rule 10 of the DPDP Rules, 2025, we do not (a) process the personal data of a child in a manner likely to cause any detrimental effect on the well-being of the child, (b) undertake tracking or behavioural monitoring of children, or (c) direct targeted advertising at children. Where a purchase is made for the benefit of a child, we process the data on the basis of verifiable consent from the parent or lawful guardian who places the order.

19. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. The current version is identified by the version number and effective date in the header table. Material changes will be notified to you by prominent notice on the Platform or in another reasonable manner, at least 7 days before they take effect, except where an earlier effective date is required by law. Continued use of the Platform after the effective date of a change constitutes acknowledgement of the updated Privacy Policy; it does not, however, constitute consent for any processing that requires fresh consent under the DPDP Act.

20. Governing Law and Jurisdiction

This Privacy Policy is governed by the laws of India. Subject to the rights of the Data Protection Board of India under the DPDP Act and any other statutory authority having exclusive jurisdiction, the courts at Ahmedabad, Gujarat shall have exclusive jurisdiction in respect of any dispute, difference or claim arising out of or in connection with this Privacy Policy.

21. Account Termination

You may close your account at any time by writing to Cares@outdoors91.com. We may suspend or terminate your account where (a) you breach our Terms and Conditions or this Privacy Policy, (b) we are required to do so by law, or (c) we have a reasonable belief that your account is being used for fraudulent, unlawful or abusive purposes. You remain liable for any charges incurred through your account prior to termination. Closure of your account does not, of itself, erase personal data we are required to retain under Section 13.

22. Indemnity

You agree to defend, indemnify and hold the Company harmless from and against any and all claims, damages, costs and expenses, including reasonable attorneys' fees, to the extent arising from (a) your breach of this Privacy Policy, (b) your breach of any representation in Section 14, or (c) personal data you have provided to us in respect of a third party without that person's informed consent. Nothing in this clause limits any right or remedy we may have under applicable law.

Bicycles
Shashank Singh from Nainital just became a proud owner of Amsterdam 29T 7 Speed