top of page

Privacy Policy

This Privacy Policy explains how Atma Autotech (“Atma Autotech”, “Company”, “we”, “us”, or “our”) collects, uses, discloses, retains, and protects personal data through our website www.atmaautotech.com (the “Website”) and related services (collectively, the “Service”). It also describes your rights and choices with respect to your personal data and how to exercise them.

 

By accessing or using the Website or providing personal data to us, you agree to the terms of this Privacy Policy. If you do not agree, please do not access or use the Website.

 

 

1. Interpretation & Definitions

 

For the purposes of this Policy:

 

  • Account means a unique account created for You to access our Service or parts of our Service.

  • Company / Atma Autotech (referred to as “the Company”, “We”, “Us”, or “Our”) refers to Atma Autotech, a company incorporated under Indian law, with registered office at: [Insert full registered office address, India].

  • Data Controller / Data Fiduciary refers to Atma Autotech as the legal person that determines the purposes and means of the processing of Personal Data (for GDPR, DPDP Act and other applicable laws).

  • Device means any device that can access the Website (computer, mobile phone, tablet, etc.).

  • Personal Data / Personal Information means any information relating to an identified or identifiable natural person (e.g., name, email, phone number, IP address, identifiers).

  • Processing means any operation or set of operations performed on Personal Data (collection, recording, organisation, storage, alteration, retrieval, use, disclosure, erasure, etc.).

  • Service Provider means any natural or legal person who processes Personal Data on behalf of the Company.

  • Third-Party Social Media Service means any social media or platform through which you may log in, share, or interact with our Website.

  • Usage Data means information collected automatically when you use the Website (e.g., IP address, browser type, pages visited, time spent).

 

 

2. Scope & Legal Basis

 

This Policy applies to Personal Data we collect when you:

 

  • visit or interact with the Website;

  • create or use an Account;

  • contact us, request information or support, or participate in marketing activities;

  • otherwise interact with us offline where we link that information to your online profile.

 

Where applicable, we process Personal Data on the following legal bases:

 

  • Consent — where you have given consent for specific processing (e.g., marketing communications, cookies).

  • Contract — to perform, manage, or terminate contractual obligations with you (e.g., provision of services, order fulfilment).

  • Legal obligation — to comply with applicable laws and legal processes.

  • Legitimate interests — to operate and improve our Service, provide security, prevent fraud, and pursue business interests that do not override your rights.

 

For EU/UK residents, the above legal bases are stated as required under the GDPR. For Indian residents, processing will also be carried out in accordance with the Digital Personal Data Protection Act, 2023 and applicable rules.

 

 

3. Categories of Personal Data Collected

 

We may collect and process the following categories of Personal Data, depending on how you use the Website:

 

A. Identity & contact data

 

  • Name, title, company name, billing/shipping address, email address, phone number.

 

B. Account data

 

  • Username, password hash (securely stored), account preferences and settings.

 

C. Transaction & service data

 

  • Order histories, invoices, service requests, payment confirmations (we do not store full card data unless explicitly stated — payment providers handle payment card data).

 

D. Usage & technical data

 

  • IP address, device identifiers, browser type/version, operating system, pages visited, timestamps, referral/exit pages, error logs, cookies and tracking identifiers.

 

E. Marketing & communications data

 

  • Preferences about receiving marketing, records of consents, communication history.

 

F. Special categories

 

  • We do not intentionally collect “special categories” of personal data (sensitive personal data) such as health or biometric data. If you voluntarily provide such data, we will only process it where permitted by law and with explicit consent.

 

 

4. How We Collect Personal Data

 

We collect Personal Data:

 

  • directly from you (forms, account creation, support requests, surveys);

  • automatically when you use the Website (cookies, server logs, analytics);

  • from third parties (service providers, partners, publicly available sources) where permitted by law.

 

 

5. Use of Personal Data — Purposes

 

We use Personal Data for the following purposes (with examples):

 

  1. To provide and operate the Website and Services — deliver products/services, manage accounts, process orders and payments.

  2. To communicate with you — respond to requests, send transactional messages (order confirmations, account updates), customer support.

  3. To send marketing — newsletters, offers, promotions where you have consented; you may opt-out at any time.

  4. To improve and personalize the Website — analytics, product/service improvement, targeted content and recommendations.

  5. To detect and prevent fraud; enhance security — monitor and investigate suspicious activity; protect our rights and property.

  6. To comply with legal obligations — record-keeping, tax, regulatory requests, and law enforcement.

  7. For business transactions — in the event of a merger, acquisition, reorganisation, or sale of assets.

 

We will only use Personal Data for purposes compatible with the purpose for which it was collected unless we obtain additional consent or otherwise permitted by law.

 

 

6. Cookies, Tracking & Similar Technologies

 

We use cookies and similar technologies (pixels, local storage, device identifiers) to operate the Website and improve user experience.

 

Types of cookies used:

 

  • Strictly necessary cookies: required for basic site functions (login, security).

  • Performance and analytics: measure site usage and performance (e.g., Google Analytics).

  • Functional cookies: remember preferences and settings.

  • Advertising and targeting cookies: to deliver interest-based advertising and measure campaign performance.

 

You can manage cookie preferences through the cookie banner on the Website and via your browser settings. Note that disabling some cookies may affect functionality.

 

 

7. Third Parties & International Transfers

 

Service Providers & Sub-processors. We share data with third-party service providers who process data on our behalf (hosting providers, payment processors, analytics, CRM, email platforms). These providers are contractually required to implement appropriate safeguards.

 

Third-party links. The Website may contain links to third-party sites and social media platforms. We are not responsible for their privacy practices. Please review their privacy policies.

 

International transfers. Personal Data may be transferred to, stored, or processed in countries other than your country of residence. Where such transfers occur, we will ensure appropriate safeguards (standard contractual clauses, other legally recognized transfer mechanisms, or where permitted by law) to protect your data and comply with applicable law. For residents of the EU/EEA/UK, transfers will meet GDPR requirements (e.g., Article 46 safeguards). For Indian residents, cross-border transfers will comply with the DPDP Act and applicable Rules. See also “Contact & Grievance” below for data protection contact details. 

 

 

8. Data Retention

 

We retain Personal Data only as long as necessary for the purposes described in this Privacy Policy. Factors used to determine retention include: the nature of the data, the purpose of processing, legal or regulatory retention requirements, and the terms of any contracts.

 

As guidance:

 

  • Account and transaction data are retained for the period necessary to provide services and as required for tax and accounting obligations;

  • Usage/analytics data may be retained in aggregated/anonymized form for analytics indefinitely;

  • Where required by applicable rules or practice, general retention may follow published guidance under Indian rules (including retention considerations under DPDP Act rules and related guidance). Some guidance suggests retention periods (e.g., three years from last interaction) as a common standard in certain contexts; actual retention will be aligned with law and business need. 

 

When Personal Data is no longer required, we will securely delete or anonymize it.

 

 

9. Security Measures

 

We implement reasonable technical and organisational measures designed to protect Personal Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access. Measures include network firewalls, encryption in transit (HTTPS/TLS), access controls, penetration testing, and staff training.

 

However, no system is completely secure. Although we use commercially reasonable safeguards, we cannot guarantee absolute security. If a data breach affecting you occurs and we are obliged to notify under applicable law, we will take the required steps to notify you and the relevant authorities as required.

 

 

10. Data Subject Rights & How to Exercise Them

 

Depending on your jurisdiction and subject to applicable exceptions and verification requirements, you may have the following rights:

 

  • Right of access — obtain confirmation whether we process your Personal Data and obtain a copy.

  • Right to rectification — correct inaccurate or incomplete data.

  • Right to erasure (right to be forgotten) — request deletion where legal grounds exist.

  • Right to restrict processing — limit certain types of processing.

  • Right to data portability — receive your data in a commonly used, machine-readable format and transmit to another controller.

  • Right to object — object to processing where we rely on legitimate interests or for direct marketing.

  • Right to withdraw consent — where processing is based on consent, withdraw it (without affecting processing prior to withdrawal).

  • Right to lodge a complaint — to supervisory authorities (for example, EU residents may contact a relevant data protection authority; Indian residents may raise matters with the Data Protection Board once constituted, and must first exhaust our internal grievance redressal). 

 

How to submit a request:

Send a written request to our Grievance Officer / Data Protection Officer (DPO) at:

 

  • Grievance Officer / DPO: [Insert name]

  • Email: dpo@atmaautotech.com

  • Postal address: [Insert full registered office address, India]

  • Phone: [+91-XXXXXXXXXX]

 

We may request identity verification and additional information to process your request. We will respond to verified requests in accordance with applicable law and as promptly as possible. For many jurisdictions (GDPR guidance), controllers typically respond within one month of receipt of a valid request; that period may be extended where necessary by up to two additional months in complex cases (and you will be informed of any extension). Under the DPDP Act, Data Fiduciaries must provide readily available means of grievance redressal and respond within the period prescribed by the Central Government; we will endeavour to respond within 30 days or within any statutory timeframe. 

 

 

11. Grievance Redressal & Dispute Resolution (India-specific)

 

In line with the Digital Personal Data Protection Act, 2023, you should first make a grievance request to our designated Grievance Officer/DPO (contact above). We will acknowledge receipt and endeavour to respond and resolve your grievance in the statutory period or, where no period is prescribed, within a reasonable time (generally within 30 days). If you remain dissatisfied after exhausting the internal grievance procedure, you may approach the Data Protection Board or other statutory remedy as permitted under applicable law. 

 

 

12. Children’s Privacy

 

Our Website and Services are not intended for children under the age of 13 (or a higher minimum age applicable under local law). We do not knowingly collect Personal Data from children below this age. If we learn that we have collected Personal Data from a child under the applicable age without parental/guardian consent, we will take steps to delete the data as required by law.

 

 

13. Automated Decision-Making & Profiling

 

We may use automated means (including analytics, profiling, and machine learning) to analyse Usage Data and personalise content or offers. Where such processing produces legal effects or significantly affects you, you may have rights to obtain human intervention, express your viewpoint, and challenge the decision in some jurisdictions. If you wish to exercise these rights, contact our DPO at dpo@atmaautotech.com.

 

 

14. Changes to This Privacy Policy

 

We may update this Privacy Policy to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. We will post the updated Policy on the Website with the “Last updated” date. Substantial changes that materially affect your rights will be communicated through prominent notices or direct communication where appropriate.

 

 

15. Contact Information

 

If you have questions, want to exercise rights, or wish to raise a grievance, contact:

 

Atma Autotech

Website: https://www.atmaautotech.com

Grievance Officer / Data Protection Officer: [Insert Name]

Email: dpo@atmaautotech.com

Phone: +91-XXXXXXXXXX

Address: [Insert full registered office address, India]

 

If you are in the EU/EEA/UK and unsatisfied with our response, you may also lodge a complaint with your local data protection authority. Indian residents may ultimately pursue remedies under the DPDP Act after exhausting our internal grievance mechanism. 

 

 

16. Additional Disclosures (as relevant)

 

  • Payment processing: Payment card data are processed by third-party payment processors (e.g., Stripe/PayPal) and not stored by Atma Autotech except where explicitly stated; consult the payment provider’s privacy/security documentation.

  • Marketing & analytics providers: We use third-party analytics and marketing services (e.g., Google Analytics, email platforms). These parties have separate privacy policies and may process data in other jurisdictions.

  • Legal requests: We may disclose information to comply with legal obligations, respond to lawful requests by public authorities, or to protect rights and safety.

 

 

17. Practical Examples — What This Means for You

 

  • If you sign up for a newsletter, we will use your name and email to send newsletters until you opt-out.

  • If you place an order, we use your contact and payment details to process and fulfil that order and comply with tax laws.

  • If you request deletion, we will remove your Personal Data where legally permissible and where the data are no longer required for legitimate business or legal purposes.

 

 

18. Legal Notes & Jurisdiction

 

Processing of Personal Data will be governed by applicable Indian law (including the Digital Personal Data Protection Act, 2023) and other relevant laws where applicable. For cross-border users, this Policy aims to respect GDPR principles where applicable; however, local law may affect your rights. For contractual and dispute matters, please see our Terms & Conditions.

bottom of page