Privacy Notice

What is the purpose of this document?

Agratas (defined below)) respects your privacy and is committed to protecting your personal data. This Privacy Notice (“Privacy Notice”) informs you about how we use and look after your personal data, including any data you may provide through this website, or when you request information about other products or services from Agratas or otherwise communicate with us, when we provide our products and services to you and when information and personal data is provided to us relating to our business. This Notice also informs you about your privacy rights and how the law protects you. This Privacy Notice does not apply to information that you provide to, or that is collected by, any third-party or through third-party sites you access or use in connection with Agratas’ services. Please read this Privacy Notice carefully prior to accessing any material, information or availing any services from Agratas.

Who we are?

Agratas Limited and Agratas Energy Storage Solutions Private Limited (Agratas Limited’s parent company) (each referred to in this document as “Agratas”, “we” or “us”) are each a “controller” in relation to personal data when they “process” your personal data, for example when they collect, use, share or store it. This means that when each of these companies is the controller of your personal data it is responsible for deciding how it holds and uses personal information about you, which is information which relates to you where you are identified or identifiable.

The contact details of each of these companies is included at the end of this Privacy Notice.

As a global company, we operate in a number of territories where the laws differ. This Privacy Notice provides a general overview of our privacy practices and refers to specific rights and obligations in respect of individuals who are in the territory of the Republic of India. If you are based in UK or the European Economic Area, in addition to this Privacy Notice, please also refer to the country specific addendum (“Country Addendum”) annexed herewith.

Data protection principles

We will comply with data protection law and principles, which means that your data will be:

  • Used lawfully, fairly and in a transparent way.
  • Collected only for valid purposes that we have clearly explained to you and not used in any way that is incompatible with those purposes.
  • Relevant to the purposes we have told you about and limited only to those purposes.
  • Accurate and kept up to date.
  • Kept only as long as necessary for the purposes we have told you about, unless we are required to hold it for a longer period under applicable laws.
  • Kept securely.

The kinds of Personal Data we collect

The personal data collected will include the following:

  • Personal Identification information – name, title. 
  • Contact details – address, telephone number, mobile telephone number, email address. 
  • Employment related information – job title, company, business contact information, CV and employment application. 
  • Preferences – We collect what Agratas services you are interested in and the sectors that you wish to be updated on through our preference centre. 
  • Dietary requirements – In some cases, such as for attendance at catered events, we may collect and process special dietary requirements for reasons of health or religion. 
  • Information about your health – In some cases, we may collect information which is categorised as health data such as in respect of accessibility to buildings or accessibility to documents and other materials. 
  • Equality and Diversity – You may choose to share information about your ethnicity, sexuality or beliefs with us for inclusion purposes. This information will be treated as highly confidential. 
  • Images and video footage – Images and footage are collected from our use of CCTV and similar technologies at our offices and/ or sites. Footage may also be collected via drones, body worn cameras, headcams and webcams when you visit one of our sites. In some instances, this will include audio footage. 
  • Opinion – Agratas may also contact you to ask you to take part in voluntary surveys to hear your opinion of current services or of potential new services on offer. If you choose to take part in these surveys, we will collect the information you provide. We also collect data you provide in emails and phone calls for example, your questions to customer support.
  • Any other type of personal data, with your prior consent.  

We also do not voluntarily or actively collect, use or disclose personal data of minors according to the minimum age equivalent in the relevant jurisdiction, without the prior consent of the parents or legal guardians of the minor. If we learn that we have collected the personal data of a minor, without first receiving a verifiable parental consent, we will take steps to delete the information in a manner consistent with applicable laws of India, as soon as possible.

How we collect your personal data

We may obtain information from you directly. For example you may provide us with your information, by corresponding with us by phone, e-mail or otherwise. This includes information you provide when you enquire about our services or seek to become a supplier to us. Information you send to us may be stored and processed by Agratas. This will include any emails or other electronic messages and any documents, photos or other files stored on or processed through our systems or devices. Please be aware that by entering information onto these systems you are sharing that information with Agratas

We may collect information throughout our relationship with you. This may include information about location, employees, projects, working hours and other relevant information.

If you do not provide personal data that we request, it may mean that we are unable to provide you with the services and/or perform all of our obligations under our agreement with you.

If you choose to post messages on our website or platform or leave feedback, we will collect and store such information you provide to us. We retain this information as necessary to resolve disputes, provide customer support, respond to queries, and inquires, and troubleshoot problems and improve the services we provide you. If you send us correspondence, such as emails or letters, or if other users or third parties send us correspondence about your activities on Agratas’ website or platform, we may collect and retain such information into a file specific to you for responding to your request and addressing concerns in relation to your use of Agratas’ website or platform.

The purposes for which we collect your personal data

Most of the personal data we process is for one of the following reasons:

  • To fulfil a contract we have with you, or
  • If we have a legal duty to use your data for a particular reason, or
  • When we get your consent to use it. 

We use the personal data provided by you for our general business use as provided below:

  • To respond to your requests;
  • To provide services to you including customer services issues;
  • To send communications to you about our or our affiliates’ current services, new services or promotions that we are developing, and opportunities that may be available to you;
  • To alert you to new features or enhancements to our services;
  • To communicate with you about job or career opportunities about which you have inquired;
  • To ensure that our site and our services function in an effective manner for you;
  • To measure or understand the effectiveness of advertising and outreach;
  • To send you important information regarding the website, changes in terms and conditions, user agreements, and policies and/ or other administrative information;
  • To investigate potential breaches, or to protect the rights, property or safety of Agratas and the users of our website;
  • Marketing and events: We use personal data/information to deliver marketing and event communications to you across various platforms, such as email, telephone, text messaging, direct mail and online. If we send you a marketing email, it will include instructions on how to opt out of receiving these emails in the future. We also maintain email preference centres for you to manage your information and marketing preferences. Please remember that even if you opt out of receiving marketing emails, we may still send you important service information related to your accounts and subscriptions;
  • Legal obligations: We may be required to use and retain personal data/information for legal and compliance reasons, such as the prevention, detection, or investigation of a crime; loss prevention; or fraud. We may also use personal data/information to meet our internal and external audit requirements, information security purposes, and as we otherwise believe to be necessary or appropriate;
  • Under applicable law, which may include laws outside your country of residence;
  • To respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence; 
  • To enforce and inform about our terms and condition; and 
  • For any other purpose after obtaining your explicit consent at the time of collection.

Non-Personal Information

We will also collect and hold non-personal data we collect about you from other sources. This could include:

  • Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system and platform;
  • Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number. usage details, geo-location data, IP addresses and other data collected through cookies and other tracking technologies.

Automated decision-making

If you apply with a role with us we will, as part of our recruitment process, carry out some automated decision making (including profiling) using your information. This activity enables us to effectively identify candidates (i) who do not meet set criteria critical for a specific role, or (ii) where there is very high volume of applications which require an immediate response. The consequences of automated decision making within the recruitment process is that you will not be able to continue to the next stage of the selection process.

Why might you share my personal information with third parties?

For the purposes set out in the ‘The purpose for which we collect your Personal Data’ section above, subject to your consent (or, if you are located in a territory for which a Country Addendum applies, on a legal basis as set out in that Addendum), we may share your personal information with:

  • Our third party service providers. These may include for example:
    • those we engage to host and maintain the website and IT systems
    • analytics and search engine service providers that assist us in the improvement and optimisation of this website
    • legal advisers
    • those who assist us with or partner with us in marketing campaigns.
  • Our clients. 
  • Our suppliers and sub-contractors and the suppliers and subcontractors of our clients where required. 
  • Other companies in the Agratas group.

Additionally, we will disclose your personal information to the relevant third party:

  • In the event that we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets. 
  • To third parties when it is necessary for the establishment, exercise or defence of legal claims. 
  • If we are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets. 
  • If we choose to exercise a legal power to do so. 
  • If we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply contractual terms or other agreements; or to protect the rights, property, or safety of ourselves our customers, our regulator, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and prevention of money laundering and credit risk reduction.

All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place reasonable procedures to deal with any suspected data security breach, however, please note that we cannot ensure or warrant the security of any information you transmit to Agratas or guarantee that your personal data may not be accessed, disclosed, altered, or destroyed by a breach of any of our security measures and safeguards. In the event of any actual or suspected security incident, including data breach, we will take all measures required to be undertaken under applicable laws and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

You hereby agree to, so long as you access and/or use Agratas’ website or platform (directly or indirectly), to take adequate physical, managerial, and technical safeguards, at your end, to preserve the integrity and security of your data which shall include and not be limited to your personal data.

International Transfers

Agratas may transfer your personal data to a different jurisdiction than which you reside in, subject to applicable laws. However, if you are based in India, Agratas will ensure international transfers of your personal data is not made to any restricted country (as notified by the government of India from time to time).

Third party links

Our websites may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites, are not responsible for their privacy statements or their security practices or their content. When you leave our website, we encourage you to read the privacy notice of every website you visit.

How long will you use my information for?

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider your consent to this Privacy Notice or its withdrawal thereof, the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

Your rights in connection with personal information

Under certain circumstances and depending on where you are located, by law you have the right to:

  • Request access to your personal data – You have the right to ask us for your personal data (commonly known as a “data subject access request”). Such request can be for seeking a summary of (a) the personal data being processed by Agratas; (b) the processing activities undertaken by Agratas, with respect to such personal data; and (c) the identities of the entities with whom your personal data has been shared along with description of the personal data so shared.
  • Request correction – You have the right to seek correction of the personal data that we hold about you. This enables you to have any incomplete, out of date, misleading or inaccurate information we hold about you corrected.
  • Request erasure – You have the right to seek erasure of your personal data. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. This is not a general right to erasure and there are exceptions, such as when the law requires Us to retain certain personal data about You or where such retention is required for providing services to you.
  • Request to nominate – You have the right to nominate any other individual, who may, in the event of your death or incapacity, exercise your rights with respect to your personal data in accordance with applicable laws in India.

If you want to exercise any right mentioned herein above, you may write to Agratas at dpo@agratas.net and we will endeavour to address all your requests at the earliest.

Grievance Redressal

If you have any concerns or grievances about our use of your personal data you may make a complaint to our grievance redressal officer whose contact details have been provided below:

Name: Data Protection Officer

Email: dpo@agratas.net

Address: Agratas Energy Solutions Private Limited, Army & Navy Building, 148 M G Road, Opposite Kala Ghoda Fort, Mumbai, Maharashtra, India, 400001

You can also complain to the Data Protection Board of India in the manner prescribed under applicable laws in India if you are unhappy with our handing of your personal data.

Your Consent

If you are a data principal under Indian laws, you agree that by continuing to access the website you have read, understood and agree to our Terms of Use and Privacy Notice. Further, you also undertake that you have understood our data processing practices and hereby provide your free, specific, informed, unconditional and unambiguous consent to the same.

This Privacy Notice (i) is an electronic record under the Information Technology Act, 2000 read with rules and regulations made thereunder and is generated by a computer system; and (ii) will not require any physical, electronic, or digital signature.

This Privacy Notice will be reviewed periodically and updated as required. Please check back to it regularly for any updates which may affect you.

COUNTRY SPECIFIC ADDENDUM

A. EUROPEAN UNION AND UNITED KINGDOM.

This Country Addendum applies to you if you are based in the United Kingdom or the European Union during your interactions with us, so the EU General Data Protection Regulation or the UK GDPR applies (GDPR).

How we will use information about you

We are committed to being transparent and fair in our dealings with you, therefore we only collect and hold your information where the GDPR allows. Most commonly, we will use your personal data in the following circumstances:

  • Where it is necessary for our legitimate interests (or those of a third party) and your interests and fundamental rights do not override those interests.
    Legitimate Interest means the interest of our business in conducting and managing our business effectively and efficiently. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal data for our legitimate interests. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).
  • Where we need to comply with a legal obligation.
  • Where we need to perform the contract we are about to enter into or have entered into with you or where we need to take steps at your request before entering into such a contract.

Generally, we do not rely on consent as a legal basis for processing your personal data although we will get your consent before sending third party direct marketing communications to you via email or text message. You have the right to withdraw consent to marketing at any time by contacting us.

We are allowed by the GDPR to process your personal data because it is necessary for us to do so to comply with a legal obligation. This may arise when we need to meet our internal and external audit requirements or health and safety obligations or to investigate and prevent fraud or money-laundering, or respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence.

In most other cases described in this Privacy Notice we use your personal information because it is in our legitimate interests to do so in order to run our business effectively and efficiently, for example to respond to customer questions and otherwise communicate with you, maintain the security of our website, investigate fraud and ensure the effectiveness of advertising and promotional campaigns. Please contact us if you have questions about when we use personal data on the basis of legitimate interests.

Generally we do not process special categories of personal data. These comprise information concerning health, racial or ethnic origin, political opinions, religious beliefs, trade union membership or your sexual orientation and genetic and biometric data. Information concerning criminal convictions and offences is also viewed as sensitive under the GDPR. If we process special category personal data we do so on one of the following grounds under the GDPR:

  • Consent : where you have explicitly consented to our use of your personal data. You may withdraw your consent to the use of your personal data by contacting us.
  • Vital interest : where we need to process your personal data in order to protect the vital interests of you or another natural person where you or the other person is physically or legally incapable of giving consent.
  • Legal claims : where your personal data is necessary for us to establish, exercise of defend any legal claims.
  • Substantial public interest : where we need to process your personal data for reasons of substantial public interest set out in the GDPR or the laws of the country in which you are based.

Your rights in connection with personal information

Besides the right to be informed on the processing of your personal data, the GDPR gives you the right in certain circumstances to ask us to:

  • provide you with further details on how we use and process your personal data;
  • delete personal data we no longer have grounds to process; and
  • restrict how we process your personal data whilst we consider an inquiry you have raised.

Please note that we will not charge a fee when we deal with your requests in the exercise of the above rights.

In addition, under certain conditions, you have the right:

  • where processing is based on consent, to withdraw the consent; 
  • to object to any processing of personal data that we process on the "legitimate interests" or "public interests" grounds, unless our reasons for the underlying processing outweighs your interests, rights and freedoms;
  • not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning you or similarly significantly affects you; to obtain human intervention in the decision, to express your point of view and contest the decision;
  • to object to direct marketing (including any profiling for such purposes) at any time.

These rights are subject to certain exemptions to safeguard the public interest (e.g. the prevention or detection of crime) and our interests (e.g. the maintenance of legal privilege). We will aim to respond to requests within 30 days.

You may exercise these rights by contacting us at the contact details in dpo@agratas.net of the Privacy Notice. Please note that we will not charge a fee when we deal with your requests in the exercise of these rights.

If we are unable to resolve an inquiry or a complaint, you have the right to contact the data protection regulator in the country in which you are based.

You can find the name and contacts of all the EU supervisory authorities here. In the UK, the Information Commissioner’s Office is at www.ico.org.uk.

International transfers

If you live in the UK or the European Economic Area (EEA), the personal data relating to you that we collect may be transferred to, and stored at, locations outside those territories. It may also be processed by staff operating outside the UK or EEA who work for us or for one of our service providers.

Your personal data may be transferred to Agratas group companies in India and other countries. As described in this Privacy Notice, we may also share personal data relating to you with third parties who are located overseas, for business purposes and operational, support and continuity purposes, for example, when we use IT service providers or data storage services.

Countries where personal data relating to you may be stored and/or processed, or where recipients of personal data relating to you may be located, may have data protection laws which differ to the data protection laws in your country of residence. By submitting your personal data, you accept that personal data relating to you may be transferred, stored or processed in this way. We take measures to ensure that any international transfer of information is managed carefully and in accordance with data protection law to protect your rights and interests and in accordance with this Notice.

These measures include:

  • Transfers of your personal data to countries which are recognised as providing an adequate level of legal protection for personal data;
  • Obtaining the consent of data subjects to the international transfer of their personal data;
  • Transfers to organisations where we are satisfied about their data privacy and security standards and protected by contractual commitments such as signing the International Data Transfer Agreement or Standard Contractual Clauses and, where available, further assurances such as certification schemes; and
  • If transferred to the United States of America, the transfer will be to organisations that have certified themselves for the purposes of the UK-US Data Bridge or the EU-US Data Privacy Framework.

You have the right to ask us for more information about our safeguards.