PRIVACY POLICY INDIA
Privacy Notice for Individuals in India
Last updated: 10-03-2026
At Natural Resistance, we hold ourselves to the same standard with data as we do with product design — nothing unnecessary, nothing hidden.
Handling your personal data responsibly is something we take seriously. This notice explains how Natural Resistance AB, 559462-9877, ("Natural Resistance", "we" or "us") collects, uses, discloses and otherwise processes your personal data when you purchase our weighted fitness garments and related products, create a customer account, sign up for our newsletter, browse www.naturalresistance.com ("the Website") or get in touch with us.
This notice is issued specifically for individuals in India under the Digital Personal Data Protection Act, 2023 ("DPDPA") and the DPDP Rules, 2025. It is a standalone document that can be read and understood on its own. It sets out your rights as a Data Principal and explains how to exercise them. All processing described here is carried out in accordance with the DPDPA and applicable Indian law.
1. Key Terms
Personal Data refers to any data about an individual who is identifiable by or in relation to such data, this includes identifiers like your name and address, but also things like an IP address when it can be tied back to you.
Data Fiduciary is the entity that determines the purpose and means of processing personal data. Natural Resistance AB is the Data Fiduciary for the processing described in this notice.
Data Principal is the individual whose personal data is being processed, that is you, if you are an individual in India.
Processing covers any operation performed on personal data collection, storage, use, sharing, restriction, erasure, and everything in between.
Data Processor is a third party that processes personal data on behalf of the Data Fiduciary, under the Data Fiduciary's instructions.
Consent means a free, specific, informed, unconditional and unambiguous indication of your agreement to the processing of your personal data for a specified purpose, given by a clear affirmative action.
2. Who Is Responsible for Your Data?
The Data Fiduciary responsible for processing your personal data is:
Natural Resistance AB
Org. no. 559462-9877
Ringduvegatan 6, 431 32 Mölndal, Sweden
Website: www.naturalresistance.com
For any privacy-related questions, rights requests, or complaints relating to this notice, our designated contact is reachable at:
Email: sam@naturalresistance.com
This contact is responsible for responding to your requests and questions about how we handle your personal data. Contact details are also published on our Website.
3. Our Legal Basis for Processing
Under the DPDPA, we process your personal data on the following bases:
Your consent: Where you give us explicit, specific consent for example, to receive marketing communications or newsletters, we process your data solely for that stated purpose. Each consent request is separate and unbundled. You may withdraw your consent at any time with the same ease as it was given, see Section 9 for how.
Transaction completion (legitimate use under Section 7 of the DPDPA): Where you voluntarily provide your personal data to complete a purchase or access our services, and you have not indicated non-consent, we may process it to fulfil that specific transaction. This covers order processing, delivery, account management, and after-sales support.
Legal compliance: We retain and process certain data to comply with applicable legal obligations, including accounting, tax and financial record-keeping requirements.
We do not rely on 'legitimate interest' as a standalone basis for processing, as this is not available under the DPDPA.
4. What Personal Data We Collect
The following is an itemised list of the personal data we collect from you, depending on how you interact with us:
Name: provided by you at checkout or account registration.
Email address: provided by you at checkout, account registration, or newsletter sign-up.
Postal address: provided by you at checkout for delivery purposes.
Phone number: provided by you at checkout or account registration.
Payment data: provided by you at checkout. We do not store full card details; payments are processed by authorised third-party payment processors.
Order details: generated when you place an order: products ordered, quantities, amounts paid, order history.
Customer account data: your account ID, login credentials (password stored in hashed form), and account preferences, if you create an account.
Customer correspondence: any messages you send to our team, including enquiries, complaints, warranty or return requests.
Technical data: automatically collected when you visit the Website: IP address, browser type and version, device type, screen resolution, operating system, pages visited, access times, and referring URLs. This data is collected via cookies and similar technologies.
All personal data we hold about you comes directly from you or is generated by your use of the Website. You are never obliged to provide it; however, certain information, such as your name, address, email and payment details, is necessary to process and fulfil your order. If you do not provide it, we may not be able to complete your purchase or respond to your enquiry.
5. Why We Use Your Personal Data
Each item of personal data we collect is tied to a specific purpose and to the goods or services that processing enables. We will not use your data for any purpose not listed here without requesting your consent.
Purpose 1 - Order fulfilment (enables: purchase and delivery of weighted fitness garments and accessories)
Data used: name, email address, postal address, phone number, payment data, order details.
We use this data to accept your order, process your payment, arrange delivery of your products, send you order confirmations and parcel tracking updates by email or SMS, and handle any returns or exchanges. This processing is based on transaction completion.
Purpose 2 - Customer account management (enables: access to order history, saved preferences, and streamlined future purchases)
Data used: name, email address, phone number, customer account data, order details.
If you create an account, we use this data to manage your account, allow you to view your order history and saved details, and provide you with account-related communications. This processing is based on transaction completion.
Purpose 3 - Customer support (enables: resolution of queries, complaints, warranty claims, and returns)
Data used: name, email address, phone number, order details, customer correspondence.
We use this data to respond to your questions, resolve complaints, handle warranty or return requests, and maintain a record of our communications. This processing is based on transaction completion.
Purpose 4 - Marketing communications (enables: receipt of newsletters, product updates, and promotional offers from Natural Resistance)
Data used: email address, phone number, order details (for existing customers).
With your consent, we may send you newsletters, product updates, and promotional offers by email or SMS. You can withdraw this consent at any time, see Section 9. This processing is based on your consent.
Purpose 5 - Advertising through third-party platforms (enables: display of relevant Natural Resistance advertisements on platforms such as Meta and Google)
Data used: email address (shared in hashed and pseudonymised format only).
With your consent, we may share your hashed contact details with advertising platforms such as Meta or Google so that they can show you relevant advertisements and identify similar audiences. No raw personal data is shared for this purpose. This processing is based on your consent.
Purpose 6 - Website operation and improvement (enables: delivery and improvement of the Natural Resistance website and shopping experience)
Data used: technical data (IP address, browser and device data, pages visited, access times).
We use technical data to keep the Website running, diagnose technical issues, prevent fraud, understand how visitors use the Website, and improve its functionality and content. This processing is based on transaction completion for necessary operations and your consent for analytics cookies.
Purpose 7 - Legal compliance and rights protection (enables: compliance with applicable legal obligations and protection of Natural Resistance's legal rights)
Data used: name, order details, payment data, correspondence, as relevant.
We retain and process data to meet our obligations under applicable law including accounting, tax and financial record-keeping requirements and where necessary to defend against or enforce legal claims. This processing is based on legal compliance.
6. Who We Share Your Data With
We do not sell your personal data. We may share it with the following categories of recipients where necessary to fulfil the purposes described in Section 5:
Employees and contractors: Access to personal data is restricted to those who need it to perform their role. All staff and contractors are bound by confidentiality obligations.
Payment processors: We share payment data with authorised payment service providers to process your transactions securely. They process this data only for that purpose.
Logistics and delivery companies: We share your name and delivery address with courier and logistics providers to fulfil your order.
IT and hosting providers: Providers who operate and maintain the Website and our systems process technical and account data on our behalf, under our instructions.
Advertising platforms (Meta, Google): With your consent, we share hashed contact details with these platforms for advertising purposes, as described in Purpose 5 above. We recommend reviewing Meta's and Google's own privacy policies for information on how they handle data as independent controllers.
Public authorities: We may be legally required to disclose personal data to regulators, courts, law enforcement agencies, the Data Protection Board of India, or other public bodies. We will do so only to the extent required by law.
Business transaction parties: If we sell, transfer or restructure any part of our business, personal data may be disclosed to professional advisors or prospective buyers as part of that process. Any such transfer will be subject to appropriate confidentiality obligations.
We do not permit our service providers to use your personal data for their own purposes beyond what is needed to deliver services to us, unless they are acting as independent controllers in their own right.
7. Where Your Data Is Processed
Your personal data will be transferred to and stored in Sweden, where Natural Resistance is headquartered. As of the date of this notice, Sweden is not on any list of countries to which personal data transfers are restricted by the Government of India under Section 16 of the DPDPA. This transfer is therefore currently permitted.
Some of our service providers such as payment processors, logistics companies, and advertising platforms may process your data in other countries. We will comply with any future notifications issued by the Government of India restricting transfers to specific countries, and will update this notice accordingly.
If you have questions about international transfers of your data, please contact us at sam@naturalresistance.com.
8. How Long We Keep Your Data
We retain personal data only for as long as it is needed for the purpose it was collected, or as required by law.
Order and transaction data: up to 7 years, for accounting and legal compliance purposes.
Customer account data: for as long as your account is active. If you do not log in or otherwise engage with us for a continuous period, we will notify you at least 48 hours in advance and then erase your account data unless you take action to retain it, subject to any legal retention obligations.
Marketing and newsletter data: until you withdraw your consent or unsubscribe, whichever comes first.
Customer service correspondence: up to 3 years after resolution of your query.
Technical and cookie data: as set out in our Cookie Policy available at www.naturalresistance.com.
In all cases, once the applicable retention period has passed, data is securely deleted or irreversibly anonymised. We will give you at least 48 hours' prior notice before erasing your personal data where this is required under the DPDPA.
9. Your Rights as a Data Principal
The DPDPA gives you the following rights over your personal data. You may exercise any of these rights by contacting us at sam@naturalresistance.com or through the relevant settings on the Website. We will respond within 90 days of receiving your request. We may ask you to verify your identity before acting on a request.
Right of access: You can request a summary of the personal data we hold about you and information about how it is being processed.
Right to correction and completion: If the data we hold is inaccurate, incomplete or outdated, you can ask us to correct or update it.
Right to erasure: You can ask us to erase your personal data when it is no longer needed for the purpose it was collected, or when you withdraw your consent. Erasure may be subject to our legal retention obligations.
Right to withdraw consent: Where processing is based on your consent, you may withdraw it at any time, with the same ease as it was given.
You can do this by:
Clicking the unsubscribe link in any marketing email or SMS.
Writing to us at sam@naturalresistance.com.
Withdrawal does not affect the lawfulness of any processing carried out before you withdrew your consent.
Right to grievance redressal: If you believe we have not complied with the DPDPA or your rights have been violated, you may raise a complaint with us directly. If we do not resolve it to your satisfaction within a reasonable time, you may escalate to the Data Protection Board of India, see Section 10.
Right of nomination: You may nominate another individual to exercise your data rights on your behalf in the event of your death or incapacity. To register a nomination, please contact us at sam@naturalresistance.com.
10. Grievance Redressal
If you have a concern about how we handle your personal data, please contact us first, we are committed to resolving issues directly wherever possible.
Designated contact: sam@naturalresistance.com
Natural Resistance AB, Ringduvegatan 6, 431 32 Mölndal, Sweden
Website: www.naturalresistance.com
We will acknowledge your complaint promptly and aim to resolve it as quickly as possible. If you are not satisfied with how we have handled your complaint, you have the right to approach the Data Protection Board of India once it is fully operational. Information about how to file a complaint with the Board will be available at the Board's official website.
11. Cookies
The Natural Resistance Website uses cookies and similar tracking technologies. Cookies are small files placed on your device that allow us to recognise you and improve your browsing experience.
We use the following categories of cookies:
Strictly necessary cookies: required for the Website to function, such as maintaining your shopping basket and enabling secure checkout. These do not require your consent.
Analytics cookies: help us understand how visitors use the Website so we can improve it. These are used with your consent.
Marketing cookies: used to deliver relevant advertisements on third-party platforms. These are used with your consent.
You can manage your cookie preferences at any time through the cookie settings tool on the Website, or by writing to us at sam@naturalresistance.com.
12. Links to Other Websites
Our Website may include links to third-party websites. These sites are not operated by Natural Resistance and we have no control over their content or privacy practices. We are not responsible for how those sites handle your data. We recommend reviewing the privacy notice of any third-party site before sharing your personal information with them.
13. Security and Data Breach Notification
We take the security of your personal data seriously and have put in place appropriate technical and organisational measures to protect it against unauthorised access, loss, disclosure or misuse. These include measures such as encryption, access controls and regular security reviews.
No system connected to the internet can be made entirely secure. We do everything reasonably within our power to protect your data. In the event of a personal data breach that is likely to affect you:
We will notify you without delay through your registered email address or account, describing the nature of the breach, the data affected, and the steps we are taking.
We will also notify the Data Protection Board of India without delay, providing a full description of the breach, its nature, extent, timing, and location, as required under Rule 7 of the DPDP Rules, 2025.
14. Children's Data
We do not knowingly collect personal data from children under the age of 18. If you are under 18, please do not provide us with your personal data without the consent of your parent or legal guardian.
Where we are required under the DPDPA to process the personal data of a child, we will obtain verifiable consent from a parent or legal guardian before doing so, and we will implement appropriate age verification measures. We will not process a child's personal data in a manner that is detrimental to their wellbeing, and we will not track, monitor, or target advertising at children.
If we discover that we have collected personal data from a child without proper consent, we will erase it without delay.
15. Updates to This Notice
We may update this notice from time to time to reflect changes in how we operate, changes in law, or improvements to our practices. When we do, the updated version will be published on the Website at www.naturalresistance.com with a revised date. Where a change is significant, we will take reasonable steps to inform you directly for example, by email or a notice on the Website.
This privacy policy was last updated on 10-03-2026.
Natural Resistance AB
Ringduvegatan 6, 431 32 Mölndal, Sweden
Company registration number: 559462-9877
Email: sam@naturalresistance.com
©2026 Natural Resistance AB. All rights reserved.
