2.1 India’s Digital Personal Data Protection (DPDP) Act, 2023: This Act represents a comprehensive framework for personal data protection in India, emphasising consent-based data processing. It requires organisations to obtain explicit and informed consent before collecting and using personal data. The Act grants individual’s robust rights, including the ability to access, correct, and request the deletion of their data. Additionally, the DPDP Act addresses cross-border data transfers, imposing stringent conditions to ensure that personal data is protected even when transferred outside India. Non-compliance with the DPDP Act can result in significant penalties.

2.2 Information Technology Act, 2000: As one of India's foundational cyber laws, the Information Technology Act, 2000, governs the processing, protection, and handling of personal and sensitive personal data. This Act provides a legal framework for electronic governance by ensuring that digital transactions are secure and reliable. It also sets out penalties for various cybercrimes, including unauthorised access to personal data and data breaches.

2.3 Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011: These rules, issued under the IT Act, outline the specific guidelines for the collection, storage, and processing of sensitive personal information. They require organisations to implement reasonable security practices to protect personal data, such as encryption, secure access controls, and regular security audits. The rules also mandate that organisations obtain explicit consent from individuals before collecting sensitive personal data, such as financial information, health records, and biometric data.

2.4 Indian Contract Act, 1872: This Act forms the backbone of contractual law in India, including contracts entered into digitally. It ensures that all agreements, including those related to the collection and processing of personal data, are legally valid and enforceable. The Indian Contract Act mandates that consent must be free, informed, and obtained without coercion for any contract, including those involving data processing.

2.7 Indian Penal Code, 1860 (as amended): The Indian Penal Code addresses criminal liabilities for various offences, including those related to unauthorised access to computer systems and data breaches. Amendments to the IPC have introduced provisions specifically targeting cybercrimes, ensuring that individuals and organisations responsible for data breaches or unauthorised access are held accountable under criminal law.

3.1 Data Collected from Engineers Providing Services To deliver quality services to consumers, engineers may need to provide access to specific features of their devices. This access is governed by our privacy principles and is used solely to enhance service efficiency. The categories of information collected include:

3.1.1 Camera Access: Engineers may use camera functionality to document services, perform visual inspections, and capture images necessary for the service process. This data is treated with confidentiality and is only used for service-related purposes.

3.1.2 Location Access: We collect real-time location data from engineers to ensure optimised task assignment, efficient routing, and timely service delivery. Location data helps us coordinate services effectively, allocate resources based on proximity, and improve overall operational efficiency.

3.1.3 Microphone Access: The microphone may be accessed for voice communication during service tasks, recording audio instructions, and troubleshooting issues in real time. This feature enhances the quality-of-service interactions and facilitates quick resolution of technical problems.

3.1.4 Notification Access: Engineers receive task assignments, status updates, and critical service alerts through notifications. This access ensures that engineers are informed of new assignments, schedule changes, and other essential updates necessary for providing efficient and timely services.

4.1 Installation and Setup: Engineers provide comprehensive assistance with the installation and configuration of devices and equipment. This includes setting up hardware and software systems, ensuring proper connectivity, and verifying the functionality of installed systems to meet the specified requirements. The installation process is executed with precision to minimise disruptions and ensure seamless integration with existing infrastructure.

4.2 Repair and Maintenance: Engineers address technical issues promptly, undertaking repairs to restore functionality and performing routine maintenance checks to prevent potential problems. This service encompasses diagnostic procedures to identify faults, the replacement of defective components, and the implementation of preventive measures to maintain equipment efficiency and longevity.

4.3 Inspection and Diagnostics: Engineers conduct thorough evaluations and diagnostic assessments to identify underlying issues with equipment. This involves using advanced diagnostic tools and techniques to analyse performance, detect anomalies, and provide recommendations for corrective actions. The goal is to ensure that equipment operates at peak performance and to pre-emptively address any potential malfunctions.

4.4 Customer Support: Our engineers offer dedicated customer support, addressing and resolving queries related to our services. This service includes providing detailed explanations, guidance on service-related issues, and troubleshooting assistance. Engineers are trained to communicate effectively with customers, ensuring that their concerns are handled professionally and efficiently

4.5 Scheduled Service Visits: Engineers perform routine service visits as part of a scheduled maintenance program. These visits are designed to conduct regular inspections, execute preventive maintenance tasks, and ensure that equipment continues to function optimally. Scheduled service visits are organised in advance and adhere to a predetermined timetable to minimise inconvenience for customers.

4.6 Emergency Assistance: In situations requiring immediate intervention, engineers are available to provide emergency assistance. This service is designed to address urgent technical issues promptly, minimising downtime and restoring functionality as quickly as possible. Emergency assistance ensures that critical issues are managed with priority to mitigate any adverse impact on operations.

5.1 Service Delivery: To ensure the timely and efficient provision of services by coordinating tasks, managing engineer assignments, and fulfilling service requests. This includes optimising service delivery based on user needs and preferences.

5.2 Payment Processing: To facilitate secure payment transactions through Razorpay, ensuring compliance with legal and regulatory requirements related to financial transactions and data security.

5.3 Customer Support: To provide comprehensive customer assistance, address inquiries, resolve issues, and enhance the overall user experience. This includes using data to improve support processes and customer satisfaction.

5.4 Legal Compliance and Security: To meet our legal obligations, safeguard against unauthorised access, and maintain the integrity and security of our systems. This involves implementing appropriate measures to protect data and ensure compliance with applicable laws.

5.5 Service Improvement: To enhance the quality and efficiency of our services by analysing usage data, user feedback, and performance metrics. This helps us identify areas for improvement and implement necessary changes to better serve our users.

6.1 Consent: We obtain explicit consent from users before accessing and processing sensitive personal data, such as information from cameras, microphones, location data, and notifications. Consent is obtained in a clear and transparent manner, allowing users to make informed decisions.

6.2 Contractual Necessity: Data processing is required to fulfil contractual obligations between consumers and engineers. This includes processing data necessary to deliver services and manage service agreements.

6.3 Legal Obligation: We comply with Indian laws and regulations governing data protection and privacy. This includes adhering to legal requirements related to data handling and maintaining records in accordance with regulatory standards.

6.4 Legitimate Interests: Processing may be necessary to protect our legitimate interests, such as improving service quality, ensuring data security, and maintaining operational efficiency. This processing is conducted with consideration of users' rights and interests.

7.1 Third-Party Service Providers: We engage with trusted third-party service providers to support and enhance our operations. These providers may include, but are not limited to, payment processors, analytics services, and technical support vendors. Such third parties are contractually obligated to maintain the confidentiality and security of your personal data and are permitted to use it solely for the purposes for which it was disclosed.

7.2 Legal and Regulatory Obligations: We may disclose your personal data to governmental authorities, courts, regulatory bodies, or other legal entities as required by law. This includes compliance with judicial orders, legal processes, or statutory obligations. We may also disclose information in response to lawful requests for data from authorities or regulatory agencies

7.3 Business Transfers: In the event of a merger, acquisition, reorganisation, or sale of all or a portion of our assets, your personal data may be transferred to a third party as part of the transaction. Such transfers will be conducted in accordance with applicable legal standards, and we will take reasonable steps to ensure that the recipient maintains appropriate data protection measures.

7.4 Protecting Rights and Safety: We may disclose your personal data if necessary to protect our rights, property, or safety, or that of our users, employees, or others. This includes disclosing data to enforce our terms and conditions, respond to claims of violations, or protect against fraudulent or illegal activities.

7.5 Consent-Based Sharing: We may also share your personal data if you have provided explicit consent for such sharing. This could include instances where you authorise us to share your data with specific third parties for purposes that are not covered by this Privacy Policy

7.6 Research and Analytics: We may share aggregated, anonymized data with research institutions, academic entities, or industry partners for purposes of analysis and research. Such data will not identify you personally and will be used solely to gain insights and improve our services.

8.1 Encryption: We employ robust encryption protocols to secure your personal data both during transmission and while at rest. Encryption ensures that your data is rendered unreadable to unauthorised individuals, thereby protecting it from potential interception or access.

8.2 Access Controls: We maintain stringent access controls to ensure that only authorised personnel have access to sensitive data. This includes implementing multi-factor authentication, role-based access controls, and regularly reviewing access permissions to minimise the risk of unauthorised access.

8.3 Security Audits: To continuously enhance our security posture, we conduct regular security audits and vulnerability assessments. These audits are designed to identify potential weaknesses in our systems and processes, allowing us to take proactive measures to address and mitigate any identified risks.

8.4 Incident Response: We have established comprehensive incident response plans to address and manage any data breaches or security incidents that may occur. Our response protocols include immediate investigation, containment, and remediation of incidents, as well as notification to affected individuals and regulatory authorities as required by law.

8.5 Physical Security: In addition to digital security measures, we also implement physical security controls to protect our data centres and facilities. This includes secure access to premises, surveillance systems, and environmental controls to safeguard against physical threats.

8.6 Employee Training: We provide ongoing training for our employees on data protection practices and security awareness. This training ensures that our staff are well-informed about their responsibilities and the measures they should take to protect personal data.

9.1 Purpose-Driven Retention: Personal data is retained for the duration required to achieve the purposes for which it was collected, such as service provision, transaction processing, and compliance with legal obligations. Once the data is no longer needed for these purposes, it will be securely deleted or anonymized.

9.2 Legal and Regulatory Requirements: We adhere to legal and regulatory requirements regarding data retention. This includes maintaining data for periods specified by laws, regulations, or contractual obligations, and ensuring compliance with any statutory retention periods.

9.3 Secure Storage: During the retention period, personal data is stored securely using encryption and access controls to protect it from unauthorised access or disclosure. We implement measures to ensure the integrity and confidentiality of the data throughout its lifecycle.

9.4 Disposal and Deletion: When personal data is no longer required, we implement secure disposal procedures to ensure that it is completely and irreversibly deleted. This includes using secure deletion methods for digital data and appropriate methods for physical records.

9.5 Data Review: Periodic reviews are conducted to assess the necessity of retaining data. Data that is no longer relevant or necessary for the purposes for which it was collected is identified and removed in accordance with our data retention policies.

10.1 Access and Correction: You have the right to request access to the personal data we hold about you. This includes obtaining a copy of your data and details on how it is processed. If you find that your personal data is inaccurate or incomplete, you may request corrections or updates to ensure that your information remains accurate and up-to-date.

10.2 Withdraw Consent: Where we rely on your consent as the legal basis for processing your personal data, you have the right to withdraw that consent at any time. This withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal. To withdraw consent, please contact us through the channels provided in this Privacy Policy.

10.3 Opt-Out of Communications: You have the right to opt out of receiving promotional communications, marketing materials, or updates from us. If you wish to stop receiving such communications, you can do so by following the unsubscribe instructions provided in the communication or by contacting us directly to update your preferences.

10.4 Submit Complaints: If you believe that your personal data has been mishandled or that your data protection rights have been violated, you have the right to lodge a complaint with the relevant data protection authorities. We encourage you to contact us first to address any concerns or issues you may have. However, you have the right to seek recourse through the appropriate regulatory body.

10.5 Data Portability: Under certain conditions, you have the right to request the transfer of your personal data to another data controller. This right allows you to obtain your data in a structured, commonly used, and machine-readable format and to transmit it to another entity, where technically feasible.

10.6 Restrict Processing: You may request the restriction of processing your personal data under specific circumstances, such as when you contest the accuracy of the data or object to the processing. During such periods of restriction, we will continue to store your data but will not process it further unless required by law or with your consent.

11.1 Notification of Changes: When we make material changes to this Privacy Policy, we will notify you in advance by posting the updated policy on our App or by sending you an email notification. Such changes will take effect as of the date specified in the revised Privacy Policy.

11.2 Review of Policy: We recommend that you review this Privacy Policy regularly to stay informed about how we are protecting your personal data. It is your responsibility to check for any updates and to ensure that you understand and agree with our current data practices.

11.3 Version History: The effective date of this Privacy Policy will be indicated at the top of the document. Previous versions of the policy may be archived for your reference and can be accessed upon request.

12.1 Email:info@ieelifts.com

12.2 Phone: +91 81237 13000

12.3 Mailing Address: E-26, Industrial Area, Phase 7, Sector 73, Mohali 160055 (PB)