PRIVACY POLICY

Engenies (Engenome Technologies LLP)

Last Updated: 30 September, 2025

Effective Date: 30 September, 2025

1. INTRODUCTION

Engenies (“we,” “us,” or “our”) is an Indo-American IT consulting and outsourcing company focused on AI, Cloud, GIS, and IoT solutions. We are committed to protecting your privacy and ensuring the security of your personal information in compliance with applicable data protection laws, including the Information Technology Act, 2000, SPDI Rules 2011, GDPR (where applicable), and other relevant regulations.

This Privacy Policy explains how we collect, use, process, store, and protect your personal information when you interact with our services, website (www.engenies.com), or engage with us for IT outsourcing and consulting services.

Contact Information:

  • Company: Engenies (Engenome Technologies LLP)
  • Website: www.engenies.com
  • Email: wish@engenies.com
  • Data Protection Officer: Ankit Patel (ankit@engenies.com)

2. DEFINITIONS

  • Sensitive Personal Data (SPDI): Includes passwords, financial information, health records, biometric information, sexual orientation, and other sensitive categories as defined under IT Rules 2011
  • Data Controller: Engenies, when we determine the purposes and means of processing personal data
  • Data Processor: When we process data on behalf of our clients per their instructions
  • Processing: Any operation performed on personal data, including collection, storage, use, disclosure, or deletion

3. TYPES OF INFORMATION WE COLLECT

3.1 Personal Information

  • Identity Data: Name, title, designation, employee ID
  • Contact Data: Email address, phone number, postal address
  • Professional Data: Job title, company affiliation, work experience, skills
  • Technical Data: IP address, browser type, device information, system logs

3.2 Sensitive Personal Data (SPDI)

  • Financial information (bank details for payments, tax information)
  • Authentication credentials (passwords, security tokens)
  • Biometric data (if applicable for security purposes)
  • Health information (if relevant for employee benefits or insurance)

3.3 Business Data

  • Project requirements and specifications
  • Technical documentation
  • Business communications and correspondence
  • Performance metrics and analytics

4. LEGAL BASIS AND PURPOSES FOR PROCESSING

4.1 Legal Basis

We process your personal data based on:

  • Consent: Explicit consent for specific processing activities
  • Contract Performance: To fulfill our IT outsourcing and consulting agreements
  • Legal Obligation: To comply with applicable laws and regulations
  • Legitimate Interest: For business operations, security, and service improvement

4.2 Purposes of Processing

  • Service Delivery: Providing AI, Cloud, GIS, and IoT solutions
  • Project Management: Managing outsourcing projects and client relationships
  • Communication: Business correspondence and support services
  • Legal Compliance: Meeting regulatory requirements and audit purposes
  • Security: Protecting our systems and preventing fraud
  • Business Operations: HR management, accounting, and administration

5. DATA SHARING AND DISCLOSURE

5.1 Third-Party Sharing

We may share your information with:

  • Subcontractors and Partners: For service delivery (under strict NDAs and data processing agreements)
  • Cloud Service Providers: For hosting and infrastructure (AWS, Azure, Google Cloud)
  • Legal Authorities: When required by law or to protect our rights
  • Business Partners: For joint ventures or collaborative projects (with consent)

5.2 International Transfers

  • For our Indo-American operations, data may be transferred between India and the United States
  • All international transfers comply with applicable data protection laws
  • Appropriate safeguards include Standard Contractual Clauses (SCCs) and adequacy decisions
  • Client data is processed according to specific geographic requirements and restrictions

5.3 No Sale of Personal Data

We do not sell, rent, or trade your personal information to third parties for marketing purposes.

6. DATA SECURITY MEASURES

6.1 Technical Safeguards

  • Encryption: Data encryption at rest and in transit using industry-standard protocols
  • Access Controls: Role-based access with multi-factor authentication
  • Network Security: Firewalls, intrusion detection systems, and secure VPNs
  • Regular Security Audits: Vulnerability assessments and penetration testing

6.2 Organizational Measures

  • Employee Training: Regular data protection and security awareness programs
  • Data Processing Agreements: Comprehensive agreements with all processors and partners
  • Incident Response: 24/7 monitoring and incident response procedures
  • Physical Security: Secure facilities with controlled access

7. YOUR RIGHTS AND CHOICES

7.1 Under Indian Law (IT Act 2000 & SPDI Rules)

  • Right to Access: Request information about your personal data we hold
  • Right to Correction: Request correction of inaccurate information
  • Right to Withdraw Consent: Withdraw consent for processing (where applicable)
  • Right to Complain: File complaints with relevant authorities

7.2 Under GDPR (for EU Data Subjects)

  • Right to Access: Obtain confirmation and copy of your personal data
  • Right to Rectification: Correct inaccurate or incomplete data
  • Right to Erasure: Request deletion of your personal data
  • Right to Restrict Processing: Limit how we use your data
  • Right to Data Portability: Receive your data in a structured format
  • Right to Object: Object to processing based on legitimate interests

7.3 How to Exercise Your Rights

Contact us at wish@engenies.com or write to our Data Protection Officer. We will respond to requests within the legally required timeframes (typically 30 days).

8. DATA RETENTION

8.1 Retention Principles

  • We retain personal data only as long as necessary for the purposes collected
  • Retention periods vary based on legal requirements and business needs
  • Data is securely deleted when no longer required

8.2 Typical Retention Periods

  • Client Data: Duration of contract plus 7 years for legal compliance
  • Employee Data: Duration of employment plus 7 years
  • Marketing Data: Until consent is withdrawn or 3 years of inactivity
  • System Logs: 12 months for security and troubleshooting

9. COOKIES AND TRACKING TECHNOLOGIES

9.1 Types of Cookies

  • Essential Cookies: Required for website functionality
  • Analytics Cookies: Google Analytics for website performance (anonymized)
  • Marketing Cookies: For targeted advertising (with consent)

9.2 Cookie Management

You can control cookies through your browser settings. Disabling essential cookies may affect website functionality.

10. CHILDREN’S PRIVACY

We do not knowingly collect personal information from children under 16. If we become aware of such collection, we will delete the information immediately and implement additional safeguards.

11. DATA BREACH NOTIFICATION

11.1 Breach Response

  • Detection: Continuous monitoring for potential breaches
  • Assessment: Immediate risk assessment and containment
  • Notification: Authorities notified within 72 hours (GDPR) or as required by local law
  • Communication: Affected individuals informed without undue delay

11.2 Client Notification

For client data breaches, we notify affected clients within 24 hours and provide detailed incident reports.

12. CROSS-BORDER DATA TRANSFERS

12.1 Transfer Mechanisms

  • Adequacy Decisions: Transfers to countries with adequate protection
  • Standard Contractual Clauses (SCCs): For transfers to countries without adequacy decisions
  • Binding Corporate Rules: For intra-group transfers
  • Consent: Explicit consent for specific transfers (where required)

12.2 Data Localization

We comply with local data localization requirements and can provide in-country hosting when required by clients or regulations.

13. VENDOR AND PARTNER MANAGEMENT

13.1 Due Diligence

  • Comprehensive security assessments for all vendors
  • Data Processing Agreements (DPAs) with all processors
  • Regular audits and compliance monitoring
  • Vendor risk ratings and continuous evaluation

13.2 Subprocessor Management

  • Maintained list of approved subprocessors
  • Client notification for new subprocessors (GDPR requirement)
  • Same level of protection ensured through contractual obligations

14. COMPLIANCE AND GOVERNANCE

14.1 Governance Framework

  • Privacy by Design: Built into all our systems and processes
  • Data Protection Impact Assessments (DPIAs): Conducted for high-risk processing
  • Regular Training: Ongoing privacy and security training for all staff
  • Policy Updates: Regular review and updates of privacy policies

14.2 Regulatory Compliance

  • Regular compliance audits and assessments
  • Engagement with regulatory authorities when required
  • Participation in industry privacy and security initiatives

15. CONTACT INFORMATION AND COMPLAINTS

15.1 Privacy Contacts

  • Data Protection Officer: Ankit Patel (ankit@engenies.com)
  • Privacy Team: wish@engenies.com
  • General Inquiries: wish@engenies.com

15.2 Regulatory Authorities

You may also file complaints with relevant data protection authorities:

  • India: Cyber Crime Coordination Centre, MeitY
  • EU: Your local data protection authority
  • US: Federal Trade Commission (FTC)

16. POLICY UPDATES

This Privacy Policy may be updated periodically to reflect changes in our practices, services, or applicable laws. We will:

  • Notify users of material changes via email or website notice
  • Maintain previous versions for reference
  • Update the “Last Updated” date at the top of this policy

Material changes will be effective 30 days after notice is provided.

17. GOVERNING LAW

This Privacy Policy is governed by:

  • Indian Law: Information Technology Act, 2000 and SPDI Rules 2011
  • GDPR: For EU data subjects
  • Local Laws: As applicable based on data subject location and business operations

By engaging with Engenies services or using our website, you acknowledge that you have read, understood, and agree to this Privacy Policy.

This Privacy Policy demonstrates our commitment to data protection and privacy. For specific questions about how this policy applies to your situation, please contact our Data Protection Officer.