1. Introduction

Atmiya Developers ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy applies to all information collected through our website, mobile applications, services, and other digital platforms related to our real estate development business.

This policy is designed to comply with applicable Indian data protection laws, including the Information Technology Act, 2000, and its rules, as well as international standards for data protection.

2. Information We Collect

2.1 Personal Information

We collect various types of personal information when you interact with our services:

2.2 Sensitive Personal Information

Under certain circumstances, we may collect sensitive personal information including:

• Financial information (bank account details, credit history)
• Government-issued ID numbers (Aadhaar, PAN, Passport)
• Biometric data (if required for property verification)

Note: We collect sensitive information only when necessary for legitimate business purposes and with your explicit consent.

2.3 Information from Third Parties

We may receive information about you from:

• Credit bureaus and financial institutions
• Government databases for verification
• Real estate partners and referral sources
• Marketing and analytics service providers

3. How We Use Your Information

3.1 Primary Purposes

We use your personal information for the following purposes:

• Property Sales and Services: Processing bookings, managing transactions, providing customer support
• Legal Compliance: Meeting regulatory requirements, KYC verification, tax obligations
• Communication: Sending project updates, promotional materials, important notices
• Service Improvement: Analyzing usage patterns, improving our services and website
• Marketing: Promoting relevant properties and services (with consent)

3.2 Legitimate Interests

We may process your data based on our legitimate business interests, including:

• Fraud prevention and security
• Business development and strategic planning
• Quality assurance and training
• Legal claims management

3.3 Automated Decision Making

We may use automated systems for:

• Credit assessment and eligibility evaluation
• Fraud detection and risk assessment
• Marketing personalization

You have the right to request human intervention in automated decision-making processes that significantly affect you.

4. How We Share Your Information

4.1 Authorized Sharing

We may share your information with:

• Service Providers: Banks, payment processors, legal advisors, construction partners
• Government Authorities: Regulatory bodies, tax authorities, law enforcement (when legally required)
• Business Partners: Financial institutions for loan processing, insurance companies
• Professional Advisors: Lawyers, accountants, auditors

4.2 Data Transfer Safeguards

When sharing data with third parties, we ensure:

• Contractual data protection obligations
• Appropriate technical and organizational measures
• Regular compliance monitoring
• Data minimization principles

4.3 International Transfers

For NRI clients, we may transfer data internationally with appropriate safeguards including:

• Standard contractual clauses
• Adequacy decisions
• Explicit consent where required

5. Data Security

5.1 Technical Safeguards

• Encryption: Data encrypted in transit and at rest using industry-standard protocols
• Access Controls: Role-based access with multi-factor authentication
• Network Security: Firewalls, intrusion detection, and monitoring systems
• Regular Updates: Security patches and system updates

5.2 Organizational Measures

• Regular security training for employees
• Data handling policies and procedures
• Incident response and breach notification procedures
• Regular security audits and assessments

5.3 Data Breach Response

In the event of a data breach, we will:

• Assess and contain the breach within 24 hours
• Notify relevant authorities within 72 hours (where required)
• Inform affected individuals without undue delay
• Provide clear information about the breach and protective measures

6. Data Retention

6.1 Retention Periods

6.2 Secure Deletion

When data is no longer required, we ensure secure deletion using:

• Data wiping standards compliant with industry best practices
• Certificate of destruction for physical documents
• Regular purging of backup systems

7. Your Rights

7.1 Exercising Your Rights

To exercise any of these rights:

• Contact us using the details provided in this policy
• Provide sufficient information to verify your identity
• Specify which right you wish to exercise
• We will respond within 30 days of receiving your request

7.2 Right to Complain

If you're not satisfied with how we handle your personal data, you have the right to lodge a complaint with the relevant data protection authority in India or your country of residence.

8. Cookies and Tracking Technologies

8.1 Types of Cookies We Use

8.2 Managing Cookie Preferences

You can manage cookies through:

• Browser settings to block or delete cookies
• Our cookie preference center (available on first visit)
• Third-party opt-out tools for advertising cookies

Note: Blocking essential cookies may affect website functionality.

9. Third-Party Services

9.1 Integrated Services

Our website and services integrate with third-party providers:

• Google Analytics: Website usage analytics
• Payment Gateways: Secure payment processing
• Social Media Platforms: Social login and sharing
• Customer Support Tools: Live chat and helpdesk
• Marketing Tools: Email campaigns and lead management

9.2 Third-Party Privacy Policies

When you interact with third-party services, their privacy policies apply. We recommend reviewing:

• Google Privacy Policy
• Facebook Privacy Policy
• Payment gateway privacy policies (as applicable)

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect:

• Changes in our business practices
• New legal requirements
• Technology updates
• Enhanced security measures

10.1 Notification of Changes

When we make significant changes, we will:

• Post the updated policy on our website
• Send email notifications to registered users
• Display prominent notices on our website
• Update the "Last Modified" date at the top of this policy

Important: Continued use of our services after policy updates constitutes acceptance of the changes.

11. Special Provisions for NRI Clients

11.1 Cross-Border Data Transfers

For Non-Resident Indian (NRI) clients, we may transfer personal data internationally for:

• Communication and customer service
• Financial transaction processing
• Legal and regulatory compliance
• Property management services

11.2 FEMA Compliance

We ensure compliance with Foreign Exchange Management Act (FEMA) regulations by:

• Verifying NRI status and eligibility
• Maintaining required documentation
• Reporting to relevant authorities as required
• Ensuring proper fund flow documentation

11.3 International Data Protection Standards

For international clients, we strive to comply with applicable data protection laws including:

• European Union General Data Protection Regulation (GDPR)
• California Consumer Privacy Act (CCPA)
• Other relevant regional data protection laws

12. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that we have collected information from a child, we will take steps to delete such information promptly.

12.1 Parental Rights

If you are a parent or guardian and believe your child has provided personal information, please contact us immediately. We will:

• Verify the relationship
• Provide access to the child's information
• Delete the information upon request
• Prevent further collection

13. California Privacy Rights (CCPA)

For California residents, you have additional rights under the California Consumer Privacy Act:

13.1 Right to Know

• Categories of personal information collected
• Sources of personal information
• Business purposes for collection
• Categories of third parties with whom information is shared

13.2 Right to Delete

Request deletion of personal information we have collected about you (subject to certain exceptions).

13.3 Right to Non-Discrimination

We will not discriminate against you for exercising your CCPA rights.

13.4 Authorized Agents

You may designate an authorized agent to make requests on your behalf. We may require proof of authorization.

14. Data Subject Request Process

14.1 How to Submit Requests

To exercise your data protection rights:

1. Email: privacy@atmiya-developers.com
2. Phone: Call our data protection officer at (+91) 6354345653
3. Mail: Send written requests to our registered address
4. Online Form: Use our privacy request form on the website

14.2 Verification Process

To protect your privacy, we will verify your identity before processing requests:

• Government-issued photo ID
• Proof of address
• Additional verification for sensitive requests

14.3 Response Timeline

• Acknowledgment: Within 48 hours
• Initial Response: Within 15 days
• Complete Response: Within 30 days
• Complex Requests: Up to 90 days (with notification)

15. Contact Information

16. Definitions

For the purposes of this Privacy Policy:

• "Personal Data" means any information relating to an identified or identifiable natural person
• "Processing" means any operation performed on personal data, including collection, use, storage, or disclosure
• "Data Controller" means Atmiya Developers, which determines the purposes and means of processing personal data
• "Data Processor" means any third party that processes personal data on behalf of Atmiya Developers
• "Data Subject" means the individual to whom personal data relates
• "Consent" means freely given, specific, informed, and unambiguous indication of agreement to processing