POST LISTING
Register Log in Contact us

Privacy Policy

Operator: Abhijit Patra / Relyfes SARL-S 

Primary Website: https://relyfes.com/ 

Contact: info@relyfes.com 

Last Updated: 09 March 2026

1. Introduction and Scope of This Policy

Relyfes SARL-S, operated by Abhijit Patra and trading under the name Relyfes (hereinafter referred to as "Relyfes," "we," "us," or "the Operator"), is firmly committed to protecting the privacy of all individuals who interact with the Platform accessible at https://relyfes.com/ (hereinafter "the Platform"). The present Privacy Policy (hereinafter "the Policy") sets forth in full and transparent terms the manner in which personal data is collected, processed, stored, disclosed, and otherwise handled in connection with the operation of the Platform.

The Policy applies to all natural persons who access or use the Platform, whether as registered Users, Buyers, Sellers, or casual visitors (hereinafter collectively referred to as "Data Subjects"). It has been prepared in accordance with Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (the "General Data Protection Regulation" or "GDPR"), as supplemented by the Luxembourg Law of 1 August 2018 on the organization of the Commission Nationale pour la Protection des Données (CNPD) and on the general data protection framework (hereinafter "the 2018 Luxembourg Law"). Where a conflict arises between national implementing provisions and the GDPR, the GDPR shall take precedence as a directly applicable EU regulation.

2. Data Controller

For the purposes of Article 4(7) of the GDPR, the data controller in respect of all personal data processed in connection with the Platform is:

Relyfes SARL-S Represented by: Abhijit Patra, Founder

Website: https://relyfes.com/ 

Email: info@relyfes.com

As data controller, Relyfes determines the purposes and means of the processing of personal data conducted through the Platform. Shopify Inc. and Webkul Software Pvt. Ltd., whose roles are described in Section 7 below, act as data processors on behalf of Relyfes, processing personal data solely in accordance with Relyfes' documented instructions and pursuant to binding data processing agreements.

3. Key Definitions

Throughout the Policy, the following terms carry the meanings set out below, consistent with the definitions established in Article 4 of the GDPR:

  • "Personal data": Any information relating to an identified or identifiable natural person (the "Data Subject"), as defined in Article 4(1) of the GDPR, including but not limited to name, identification number, location data, online identifier, or any factor specific to the physical, economic, cultural, or social identity of that person.

  • "Processing": Any operation or set of operations performed on personal data, including collection, recording, organisation, structuring, storage, adaptation, retrieval, use, disclosure, or erasure, whether or not performed by automated means.

  • "Data Controller": A natural or legal person that, alone or jointly with others, determines the purposes and means of the processing of personal data.

  • "Data Processor": A natural or legal person that processes personal data on behalf of the Data Controller.

  • "Consent": Any freely given, specific, informed, and unambiguous indication of the Data Subject's wishes, by which the Data Subject signifies agreement to the processing of personal data relating to them, as defined in Article 4(11) of the GDPR.

  • "Special Categories of Data": Personal data revealing racial or ethnic origin, political opinions, religious beliefs, trade union membership, genetic data, biometric data, health data, or data concerning sex life or sexual orientation, as enumerated in Article 9 of the GDPR.

4. Categories of Personal Data Collected

The categories of personal data collected and processed by Relyfes depend on the nature of the User's interaction with the Platform, and are described as follows:

4.1 Data Provided Directly by Users

When a User creates an account, lists a product, places an order, or contacts the Operator, Relyfes may collect the following categories of personal data:

  • Account registration data: Full name, email address, username, and password (stored in hashed form).

  • Seller onboarding data: For Partner Shops and, where applicable, Individual Sellers: business name, company registration number, tax identification number, and banking details, in accordance with Article 30 of Regulation (EU) 2022/2065 (the Digital Services Act).

  • Transaction data: Purchase history, billing address, delivery address, and order reference numbers.

  • Payment data: Payment card details or alternative payment method data, processed by Shopify Payments or any third-party payment processor integrated through the Platform. Note that full payment card numbers are not stored by Relyfes.

  • Communication data: Content of messages exchanged through the Platform's internal messaging system, as well as correspondence submitted to info@relyfes.com.

  • Identity verification data: Copies of identification documents where required for Seller onboarding under DSA compliance obligations.

4.2 Data Collected Automatically

When any person accesses the Platform, certain technical data is collected automatically by the Platform's infrastructure, including through Shopify's hosting environment:

  • Device and access data: IP address, browser type and version, operating system, device type, screen resolution, and referring URL.

  • Usage data: Pages visited, time spent on pages, clickstream data, search queries entered on the Platform, and session duration.

  • Cookie data: Information collected through cookies and similar tracking technologies, as described in the Cookie Policy accessible at https://relyfes.com/.

Relyfes does not intentionally collect any Special Categories of Data as defined in Article 9 of the GDPR, and Users are explicitly requested not to provide such information through any feature of the Platform.

5. Legal Bases for Processing

All processing of personal data by Relyfes is conducted on one or more of the lawful bases established in Article 6 of the GDPR. The applicable legal bases are as follows:

  • Performance of a contract (Article 6(1)(b) GDPR): Processing is necessary for the execution of a contract to which the Data Subject is a party, or in order to take steps at the request of the Data Subject prior to entering into a contract. Account registration, order processing, and Seller onboarding data are all processed on this basis.

  • Compliance with a legal obligation (Article 6(1)(c) GDPR): Processing is necessary for compliance with legal obligations applicable to Relyfes, including tax record-keeping obligations under Luxembourg VAT law, identity verification obligations under the DSA, and data breach notification requirements under Article 33 of the GDPR.

  • Legitimate interests (Article 6(1)(f) GDPR): Processing is necessary for the purposes of the legitimate interests pursued by Relyfes, provided such interests are not overridden by the fundamental rights and freedoms of the Data Subject. Legitimate interests include fraud prevention, Platform security, improvement of services, and enforcement of the Terms and Conditions. Where Relyfes relies on this basis, a proportionality and necessity assessment shall be conducted and documented.

  • Consent (Article 6(1)(a) GDPR): Where Relyfes processes personal data for marketing communications, or where the deployment of non-essential cookies requires consent, such processing is conducted solely on the basis of a freely given, specific, informed, and unambiguous consent. Consent may be withdrawn at any time, without detriment to the Data Subject, by contacting info@relyfes.com or by using the cookie consent management tool on the Platform.

6. Purposes of Processing

Personal data collected through the Platform is processed for the following specific, explicit, and legitimate purposes, in accordance with the principle of purpose limitation enshrined in Article 5(1)(b) of the GDPR:

  • Platform operation and service delivery: To create and manage User accounts, process and fulfill orders, facilitate communications between Buyers and Sellers, and administer the multivendor marketplace environment.

  • Payment processing: To transmit transaction-relevant data to Shopify Payments or other integrated payment processors for the sole purpose of completing financial transactions initiated by Users.

  • Identity verification and compliance: To fulfil obligations under Article 30 of Regulation (EU) 2022/2065, which requires Relyfes to verify Seller identity and business details before allowing traders to offer goods or services to consumers on the Platform.

  • Legal compliance and dispute resolution: To retain records as required by applicable Luxembourg and EU law, to respond to complaints or requests from competent national authorities, and to cooperate with judicial or regulatory proceedings.

  • Platform security and fraud prevention: To monitor Platform activity for signs of fraudulent transactions, unauthorized account access, or conduct prohibited under the Terms and Conditions.

  • Service improvement: To analyze aggregated and, where feasible, anonymized usage data for the purpose of understanding user behavior and improving the technical performance and product offerings of the Platform.

  • Marketing communications: Where consent has been obtained in accordance with Article 6(1)(a) of the GDPR, to send registered Users promotional information regarding new features, seller promotions, or relevant news. Opt-out mechanisms are provided in every such communication.

7. Data Processors and Third-Party Recipients

Relyfes engages certain third-party service providers who, in the performance of services on our behalf, process personal data as data processors within the meaning of Article 4(8) and Article 28 of the GDPR. Data processing agreements have been, or shall be, executed with each processor listed below, ensuring that personal data is handled in strict compliance with the GDPR.

  • Payment processors: Where payment gateway providers are used to process transactions, financial data necessary for transaction completion is transmitted to such processors. Relyfes does not retain full card numbers or authentication credentials; all payment data at rest is governed solely by the security standards of the designated payment processor.

  • Email and communication service providers: Any third-party email delivery platform engaged by Relyfes to send transactional or marketing communications shall process User email addresses and basic communication data on a processor basis.

Personal data shall not be sold, rented, or otherwise disclosed to any third party for independent commercial use. Data may be disclosed to competent public authorities, courts, or regulatory bodies where Relyfes is required to do so by applicable law, by binding judicial order, or in furtherance of legitimate law enforcement cooperation.

8. International Data Transfers

Relyfes undertakes transfers of personal data to countries situated outside the European Economic Area (EEA). Such transfers are conducted in compliance with Chapter V of the GDPR, specifically Articles 44 through 49.

Transfers to countries are governed by Standard Contractual Clauses (SCCs) adopted by the European Commission pursuant to Implementing Decision (EU) 2021/914 of 4 June 2021. Transfers to to a country not currently covered by an adequacy decision of the European Commission, are likewise conducted on the basis of the Standard Contractual Clauses as the appropriate safeguard under Article 46(2)(c) of the GDPR. Data Subjects who wish to obtain further information regarding the safeguards applicable to international transfers may contact Relyfes at info@relyfes.com.

9. Data Retention

Personal data shall not be retained for longer than is necessary for the purposes for which it was collected, in accordance with the principle of storage limitation set out in Article 5(1)(e) of the GDPR. Relyfes applies the following retention criteria:

  • Account data: Retained for the duration of the registered account and for a period of three years following account closure or the last active use of the account, to address potential contractual or legal claims that may arise.

  • Transaction records: Retained for a minimum of ten years from the date of the transaction, in conformity with Luxembourg accounting and tax record-keeping requirements under the Luxembourg Commercial Code and applicable VAT legislation.

  • Seller verification data: Retained for the period of active engagement of the Seller on the Platform plus six years, to meet potential regulatory requirements under the DSA and anti-money-laundering legislation.

  • Communication records: Correspondence submitted to info@relyfes.com shall be retained for a period of three years, unless a longer retention period is required by applicable law or the subject matter of the correspondence involves ongoing legal proceedings.

  • Cookie and tracking data: As specified in the Cookie Policy.

Upon expiry of applicable retention periods, personal data shall be securely deleted or irreversibly anonymized by Relyfes.

10. Rights of Data Subjects

Under Articles 15 through 22 of the GDPR, Data Subjects enjoy a comprehensive set of rights with respect to the personal data held about them by Relyfes. Each right is described below, together with the applicable conditions and any limitations:

  • Right of access (Article 15 GDPR): Any Data Subject may request confirmation of whether personal data concerning them is being processed and, if so, obtain a copy of that data together with supplementary information about the processing.

  • Right to rectification (Article 16 GDPR): Data Subjects may request the correction of inaccurate personal data or the completion of incomplete personal data without undue delay.

  • Right to erasure (Article 17 GDPR): Also known as the "right to be forgotten," Data Subjects may request the deletion of personal data where one of the grounds enumerated in Article 17(1) applies, including where the data is no longer necessary for the purposes for which it was collected. Erasure may be refused where retention is necessary for compliance with a legal obligation or for the establishment, exercise, or defence of legal claims.

  • Right to restriction of processing (Article 18 GDPR): Data Subjects may request that processing of their personal data be restricted in the circumstances set out in Article 18(1), such as where the accuracy of the data is contested.

  • Right to data portability (Article 20 GDPR): Where processing is based on consent or on contractual necessity and is carried out by automated means, Data Subjects may receive the personal data they have provided to Relyfes in a structured, commonly used, and machine-readable format, and may request its direct transmission to another controller where technically feasible.

  • Right to object (Article 21 GDPR): Data Subjects may object at any time to the processing of their personal data where processing is based on Relyfes' legitimate interests under Article 6(1)(f). Where the objection concerns processing for direct marketing purposes, Relyfes shall cease such processing immediately upon receipt of the objection.

  • Right to withdraw consent (Article 7(3) GDPR): Where processing is based on consent, the Data Subject may withdraw consent at any time, without affecting the lawfulness of processing carried out prior to withdrawal.

  • Right not to be subject to solely automated decision-making (Article 22 GDPR): Data Subjects shall not be subject to a decision based solely on automated processing, including profiling, which produces legal or similarly significant effects, unless one of the exceptions listed in Article 22(2) applies.

To exercise any of the foregoing rights, Data Subjects may submit a written request to info@relyfes.com. Relyfes shall respond within one calendar month of receipt, extendable by a further two months where necessary for complex or multiple requests, with notification of any extension provided within the initial one-month period, as required by Article 12(3) of the GDPR.

11. Data Security

Relyfes implements appropriate technical and organisational measures to protect personal data against accidental loss, unauthorised access, disclosure, alteration, or destruction, in accordance with Article 32 of the GDPR. Measures currently in place include, without limitation: encrypted data transmission using Transport Layer Security (TLS); access controls restricting data access to authorised personnel on a need-to-know basis; secure hosting within Shopify's PCI DSS-compliant infrastructure; and periodic review of security practices in response to emerging threats.

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of natural persons, Relyfes shall notify the CNPD without undue delay and, where feasible, within 72 hours of becoming aware of the breach, in accordance with Article 33 of the GDPR. Where the breach is likely to result in a high risk to Data Subjects, affected individuals shall also be notified directly, pursuant to Article 34 of the GDPR.

12. Children's Privacy

The Platform is not directed at children under the age of 16 years. Relyfes does not knowingly collect or process personal data from children below that age. Where Relyfes becomes aware that personal data of a child under 16 has been collected without verifiable parental or guardian consent, the relevant data shall be deleted promptly. Any parent or guardian who believes that a child has provided personal data through the Platform is invited to contact Relyfes at info@relyfes.com so that appropriate action may be taken without delay.

13. Amendments to This Policy

Relyfes may update the present Policy periodically to reflect changes in legal requirements, processing activities, or operational practices. Where amendments are material, Users who have provided a valid email address shall be notified in advance of the effective date of the revised Policy. The current version of the Policy, bearing the date of last revision at the top of the document, shall at all times be accessible at https://relyfes.com/. Continued use of the Platform following the effective date of any revision constitutes acceptance of the updated Policy.

14. Supervisory Authority and Right to Lodge a Complaint

Every Data Subject located in the European Union has the right to lodge a complaint with a competent data protection supervisory authority if they consider that the processing of personal data relating to them infringes the GDPR, pursuant to Article 77 of the GDPR.

As Relyfes is established in the Grand Duchy of Luxembourg, the lead supervisory authority under the GDPR's one-stop-shop mechanism is:

Commission Nationale pour la Protection des Données (CNPD) 15, Boulevard du Jazz, L-4370 Belvaux, Luxembourg 

Telephone: +352 26 10 60 1 

Website: https://cnpd.public.lu/en.html

Data Subjects habitually resident in another EU member state also retain the right to lodge a complaint with the supervisory authority of their country of residence or the place of the alleged infringement. Relyfes strongly encourages Data Subjects to contact us directly at info@relyfes.com in the first instance, as many concerns can be resolved efficiently without recourse to formal regulatory proceedings.