This Privacy Policy is a core component of our commitment to trust and transparency with you, our Data Principal. It explains how we collect, use, and protect your personal information when you use our website, contact forms, and related services (the “Site”). We comply with the Digital Personal Data Protection Act, 2023 (DPDP Act) and other applicable Indian laws.
1. Collection of Personal Data
- Voluntary Information: The data you voluntarily provide through contact forms, email, or booking links, including your name, email, phone number, company, and message.
- Automatic Information: The data automatically collected when you visit the Site, including your IP address, device type, browser information, pages viewed, and timestamps.
- Analytics Data: If you opt in, we use tools like Google Analytics 4 (GA4) to collect anonymized information such as session counts and popular pages. This data is processed only in aggregate to understand and improve site performance.
We do not intentionally collect sensitive personal data on this Site.
2. Purpose of Processing
We process your personal data for the following specific and lawful purposes:
- To respond to your enquiries and communicate about our services.
- To operate, secure, and improve the functionality of the Site.
- To perform basic analytics, if enabled, to understand the usefulness of our content.
- To comply with legal obligations and enforce our Terms of Service.
3. Lawful Basis
We process your data on the basis of your consent when you submit a form or opt into non-essential analytics/cookies. We also process data for legitimate uses permitted by law, such as for Site security, fraud prevention, and statutory compliance. You may withdraw your consent at any time as easily as you gave it. The process is outlined in our Grievance Redressal section.
4. Cookies & Tracking Technologies
We use essential cookies and similar technologies for the basic operation and security of the Site, which do not require your consent. Non-essential analytics cookies, if enabled, are only loaded after you provide clear and affirmative consent. You can manage these preferences through your browser settings or a consent tool on the Site (when deployed).
5. Sharing and Disclosure
We do not sell or rent your personal data to any third parties. We may share limited data with trusted service providers (e.g., hosting, cloud, email, analytics) to perform functions on our behalf. All such processors are bound by contractual confidentiality and data protection commitments that align with our obligations under the DPDP Act.
6. International Transfers
Our service providers may process data outside India. All such transfers are undertaken with contractual and technical safeguards and are in compliance with the DPDP Act. We do not transfer data to any country or territory that has been specifically restricted by the Government of India.
7. Data Security and Breach Notification
We apply reasonable technical and organizational measures to protect your personal data, including HTTPS/TLS encryption, access controls, and regular backups. In the unlikely event of a personal data breach, we will notify the Data Protection Board of India and affected individuals without undue delay, as required by the DPDP Act.
8. Data Retention
- Contact enquiries: typically retained for up to 24 months from our last interaction, or longer if a project commences or as required by law.
- Analytics logs: typically retained for up to 26 months (or the provider's default), stored in aggregate form.
We delete or anonymize personal data when the purpose for which it was collected is no longer being served.
9. Data Principal Rights
As a Data Principal, you have the following rights under the DPDP Act:
- The right to access information about how we process your data.
- The right to correct or request the deletion of your personal data that we hold, subject to our legal obligations.
- The right to withdraw your consent for non-essential processing at any time.
- The right to nominate another person to exercise these rights on your behalf in the case of your death or incapacity.
10. Grievance Redressal
All grievances and requests related to personal data may be submitted to the Grievance Officer at the contact information provided below. We will acknowledge all such requests within 3 business days and aim to resolve them within 30 days, subject to applicable law.
Grievance Officer: Abhijeet Khopkar (Founder & Grievance Officer)
Email: privacy@airkraftdesign.com
11. Children’s Data
Our Site is not directed to individuals under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided data, please contact us, and we will delete it promptly.
12. Third‑Party Links and Changes to Policy
Links to external sites are provided for convenience, and they have their own policies. We may update this Policy to reflect legal, technical, or business changes. The effective date shows when it last changed, and material changes will be announced on the Site.