top of page

Privacy Policy

A legal disclaimer

Privacy Policy - the basics

1. whether online (through our website, apps, or digital platforms), offline (through physical forms, correspondence), or through third-party service providers.

2. DEFINITIONS Unless otherwise specified, terms used in this Policy shall have the same meaning as under the DPDPA:  Personal Data: Any data about an individual who is identifiable by or in relation to such data.  Data Principal: The individual to whom the personal data relates.  Data Fiduciary: Acaya Packaging Tech Private Limited, which determines the purpose and means of processing personal data.  Data Processor: Any person, company, or third party processing data on behalf of Acaya.  Processing: Any operation such as collection, storage, retrieval, usage, sharing, transfer, or deletion of personal data.

3. CATEGORIES OF PERSONAL DATA COLLECTED We collect and process the following categories of personal data: A. Identity and Contact Information:  Full name, date of birth, gender  Residential and mailing address  Mobile number and email address  Government-issued IDs: Aadhaar, PAN, Voter ID, Passport B. Employment and Professional Data:  CV/resume, educational qualifications  Employment history and references  Background verification reports C. Financial and Transactional Data:  Bank account details, UPI ID, IFSC code  Billing and invoice information  GST and tax-related details D. Technical and Usage Data:  IP address, browser type and version  Time zone settings, device information  Website usage data, app activity, cookies, and metadata E. Location Data (if applicable):  GPS location, IP-based location F. Special Categories of Personal Data (only if required):  Biometric data (e.g., fingerprint for attendance)  Health data (only for employment and safety purposes)

4. PURPOSE OF PROCESSING PERSONAL DATA We collect and process your personal data for the following purposes: 1. Business Operations: To provide products and services, manage business transactions, packaging logistics, and supply chain services. 2. Customer and Vendor Management: For onboarding, verification, order processing, billing, payments, and service support. 3. Employee and HR Functions: Recruitment, onboarding, payroll, leave management, performance tracking, benefits, and statutory compliance. 4. Compliance with Law: To fulfill legal obligations under Indian laws, including taxation, labour, environmental, and safety regulations.

5. IT and Security: To secure our platforms, conduct audits, and maintain cybersecurity.

6. Marketing and Communication: With your consent, to send promotional emails, newsletters, offers, and service updates.

7. Grievance Redressal: To address and resolve complaints from employees, customers, or users.

8. LEGAL BASES FOR PROCESSING Under the DPDPA, we rely on the following legal bases:  Consent of the Data Principal: Explicit consent obtained at the time of data collection.  Performance of Contract: Where processing is necessary for performance of a contract.  Legal Obligation: To comply with a statutory requirement.  Legitimate Use: For reasonable purposes such as employment, prevention of fraud, and network security.

9. CONSENT AND WITHDRAWAL We collect consent through digital or physical forms with clear purpose statements. You may withdraw consent at any time by writing to us at legal@acaya.com. Consequences of such withdrawal will be explained, and we may not be able to provide certain services thereafter.

8. DATA RETENTION AND STORAGE  Personal data is retained only for the duration necessary for the stated purposes.  Employee and business records are retained as per applicable law (e.g., Income Tax Act, Shops & Establishments Act).  Data is securely stored on encrypted servers located in India.  Disposal of personal data is done through secure erasure or destruction protocols.

9. SECURITY MEASURES We implement appropriate technical and organizational measures to safeguard personal data:  Firewalls, antivirus software, intrusion detection  Role-based access control and strong password policies  Regular security audits and vulnerability assessments  Employee training on data protection and confidentiality

10. DISCLOSURE AND SHARING OF PERSONAL DATA We may share personal data with:  Internal departments such as HR, IT, Legal, Accounts  Third-party service providers under strict confidentiality agreements  Government agencies and regulators (e.g., MCA, GSTN, EPFO) where required by law  Auditors, consultants, and legal advisors We do not sell personal data.

11. CROSS-BORDER DATA TRANSFERS Acaya does not transfer personal data outside India unless such transfer is compliant with Section 16 of the DPDPA, supported by appropriate contractual safeguards, and conducted in accordance with government-issued guidelines.

12. RIGHTS OF DATA PRINCIPALS Under the DPDPA, you have the following rights:  Right to Access: Request access to your personal data.  Right to Correction: Request rectification of inaccurate or incomplete data.  Right to Erasure: Request deletion of personal data when no longer necessary.  Right to Grievance Redressal: File a complaint regarding misuse or denial of rights.  Right to Nominate: Nominate a person to exercise your rights in case of incapacity or death. To exercise your rights, email our DPO at Legal@Acaya.com

13. USE OF COOKIES AND DIGITAL TOOLS Our website uses cookies and similar technologies to:  Enhance user experience  Track website analytics and performance  Remember preferences and authentication Users may opt out or disable cookies through browser settings.

14. CHILDREN'S PRIVACY We do not knowingly collect data from individuals under the age of 18 without verified parental consent. If such data is inadvertently collected, we shall take steps to delete it.

15. GRIEVANCE REDRESSAL MECHANISM Data Protection Officer (DPO): Name: Kushagra Bhardwaj Email: Legal@Acaya.com Phone: +91 8826497101 Address: 1207, 12th Floor, Signature Towers, Block- B, Sector Road Block- L, South City- I, Sector 30, Gurugram, Haryana, India- 122001 Grievances will be acknowledged within 3 working days and resolved within 7 working days in accordance with Rule 8 of the DPDPA Rules. If unresolved, you may approach the Data Protection Board of India.

16. UPDATES TO THIS POLICY We may revise this Privacy Policy from time to time to comply with law or business requirements. Updated versions will be made available on our website, with the effective date clearly stated.

17. CONTACT US Acaya Packaging Tech Private Limited Registered Address: 1207, 12th Floor, Signature Towers, Block- B, Sector Road Block- L, South City- I, Sector 30, Gurugram, Haryana, India- 122001 Email: Care@acaya.com Website: www.acaya.com

bottom of page