Privacy Policy
How Aheesa Digital Innovations collects, uses, shares, and protects your personal data.
This Privacy Policy ("Policy") explains how Aheesa Digital Innovations ("Aheesa") collects, uses, shares, and protects personal data obtained through its websites, applications, and related services.
It is designed to comply with the Digital Personal Data Protection Act, 2023 ("DPDP Act"), the Information Technology Act, 2000, and applicable amendments, rules, regulations and guidelines enacted thereunder from time to time ("IT Act, 2000") with specific mention of regulation 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive personal information) Rules, 2011, and any other national and state laws which relate to the processing of data and other applicable laws.
Aheesa considers the privacy and security of the personal information of its users a matter of highest concern. Accordingly, this Policy has been designed and implemented to protect user information. This Privacy Policy is an electronic record in terms of the IT Act (and any other applicable law including Digital Personal Data Protection Act, 2023 and its ensuing rules as and when applicable). This electronic record does not require any physical or digital signatures. Any new features and/or services that are added to the current scope of services offered by Aheesa at any point in the future shall also be subject to the terms set out in this Policy along with any other future relevant legislations to be incorporated as per the laws of the land.
This Privacy Policy shall apply to any person who visits, browses, uses, or accesses Aheesa's Website or uses any resources listed currently and in the future on Aheesa's Website. Where consent is required, Aheesa shall provide a notice specifying the personal data being collected, the purposes of processing, and the rights available to Data Principals.
All updates to this Policy will be communicated through Aheesa's website and/or other appropriate channels.
1. Scope of this Policy
This policy applies to:
- Personal data of users collected through Aheesa's websites and other online platforms.
- Data provided by users, customers, employees, vendors, and business partners.
- Information gathered during recruitment and operational processes.
- Data gathered automatically via digital platforms.
2. Definitions
- Data Principal
- The individual to whom the personal data belongs. For children (under 18) or persons with disabilities, this includes their parents or lawful guardians.
- Data Fiduciary
- Any person or organization (government or private) that determines the purpose and means of processing personal data. They bear the primary responsibility for compliance.
- Data Processor
- Any entity that processes personal data on behalf of a Data Fiduciary (e.g., cloud providers, payroll vendors).
- Data Processing
- Any automated or partially automated operation performed on digital personal data. This includes collection, recording, storage, use, sharing, and erasure.
- Personal Data
- Information that identifies or can identify an individual, such as name, contact details, and online identifiers.
3. Collection of Personal Data
User Data: Personal data is collected directly from individual users in the following situations:
- Where a user expresses interest in Aheesa's product offerings, by providing their name, email ID, and phone number through Aheesa's website through the Contact option.
- Where a user expresses interest in working with Aheesa, by contacting Aheesa to get a quote for the services provided.
- Where a user voluntarily provides feedback on any of Aheesa's message boards or via email.
Business and Professional Contacts: Limited data such as names, job titles, and contact details may be collected from business partners and vendors.
Employee details: Personal data of employees such as name, address, email ID, phone number, date of birth, copies of educational certificates, curriculum vitae, and identity documents may be collected during recruitment and operational processes.
Visitors to Premises: Visitors' names, contact details, and biometric data (e.g., fingerprints) may be collected upon their visit to Aheesa Digital Innovations' premises. CCTV footage is recorded for security purposes.
Automatic Collection: Data such as device identifiers, IP addresses, geolocation, and user preferences are collected via cookies and similar technologies. Users may learn more from Aheesa's Cookie Policy.
Indirect Collection: We may receive business contact information such as name, designation, employer, email address, and telephone number from trade events, webinars, industry directories, and business networking platforms for the purpose of responding to inquiries and promoting our products and services.
4. Purpose and Use of Personal Data
Aheesa processes personal data for the following purposes:
- Providing information on the services to users who sign up to receive a quote from Aheesa Digital Innovations.
- Providing information on the services and related topics to users.
- Fulfilling contractual obligations.
- Facilitating transactions.
- Training staff to provide better service.
- Providing information on offers and promotional activities and special offers on other products and services that Aheesa thinks that a user may like.
- Complying with legal and regulatory requirements.
- Improving website functionality and personalizing user experience.
- Marketing and promotional communications with consent.
- Recruitment, employment, and operational management.
- Conducting analytics and research.
The specific purposes and data collected are detailed below:
| Purpose | Data Collected |
|---|---|
| Waitlist registration | Name, Email ID, Contact Number |
| Newsletter registration | Email ID |
| Employee recruitment and onboarding | Name, Email ID, Contact Number, Address, ID Proof, Tax IDs, Bank account information, Health information |
| KYC Compliance | ID Proof, Tax IDs |
| Billing and Payments | Billing Address, Bank Account Details, Payment screenshots |
| Customer Support | Name, Contact Details, Nature of Inquiry |
5. Sharing of Personal Data
Aheesa Digital Innovations shares personal data only in the following circumstances:
- For Regulatory and Legal Compliance: Personal data may be disclosed to regulatory authorities and law enforcement agencies as required by law.
- Partner companies: Personal data may be shared with partner companies so they may offer users their services.
- Third-Party Service Providers: Aheesa Digital Innovations shares data with trusted service providers for IT support, payment processing, and marketing services. Contracts ensure that all such data is used only for intended purposes.
- Business Transfers: Personal data may be transferred during mergers, acquisitions, or asset sales.
6. Data Security
Aheesa implements robust measures to protect personal data, including:
- Encryption: AES-256 for sensitive data.
- Access Controls: Restricted access based on role and necessity.
- Audits: Regular security assessments and compliance reviews.
- Incident Response: Procedures to address potential data breaches promptly.
Aheesa Digital Innovations exercises care while sending mails to its users. In case of any mail other than business mails referring to Aheesa Digital Innovations or aheesa.com seems suspicious, a user should immediately contact Aheesa Digital Innovations and verify the credibility of the mail.
Aheesa Digital Innovations' website may contain links to third party websites and other resources which may have their own privacy policies. Aheesa Digital Innovations holds no responsibility for the data entered into third party links and urges users to go through the respective privacy policies before engaging.
Personal data may be processed, stored, or accessed outside India. Where applicable, such transfers shall be undertaken in accordance with the DPDP Act and any restrictions notified by the Government of India.
7. Retention of Personal Data
All personal data is retained only as long as necessary to fulfil its purpose or comply with legal obligations. After the retention period, data is securely deleted or anonymized. Specifically:
- Personal data and access details are stored until the service is terminated.
- Website analytics, demographics, and visitor behaviour data are stored for up to 3 years.
- Employee data may be retained during employment and thereafter for such period as required by applicable law, contractual obligation, audit requirements, and legitimate business purposes.
8. Response to Data Breaches
Aheesa shall take all measures to secure personal data it collects and retains. Should a breach occur, it shall respond to the incident in accordance with applicable legal requirements.
9. Children's Privacy
Aheesa does not collect the data of individuals aged under 18 years. If a user believes that Aheesa has collected data from a minor, they are advised to contact Aheesa Digital Innovations immediately via privacy@aheesa.com.
10. User Rights
Under the DPDP Act, a user has the following rights:
- Access: Users may request information regarding the personal data processed by Aheesa, the categories of personal data being processed, the purposes of processing, and details of entities with whom such data has been shared, subject to applicable law.
- Rectification: Users can request the correction of inaccuracies in their personal data as maintained by Aheesa.
- Erasure: Users can request the deletion of their data as maintained by Aheesa.
- Nomination: Users can nominate any other person in line with the law to exercise their rights on their behalf in relation to their data as maintained by Aheesa.
- Withdrawal of Consent: Users can revoke consent at any time for the use and processing of their data as maintained by Aheesa.
- Seek Redressal of Grievances: Users can seek to have their grievances relating to their personal data as maintained by Aheesa redressed through a grievance mechanism.
- Opting out: Aheesa Digital Innovations may contact users regarding promotions, service/product launches, feedback and surveys. If a user wishes to opt out of these activities, they may email Aheesa Digital Innovations at privacy@aheesa.com.
To exercise any of these rights, a user can contact Aheesa Digital Innovations at privacy@aheesa.com. All requests will be processed within 30 days or as required by law.
11. Changes to the Privacy Policy
This Policy may be updated periodically to reflect legal, regulatory, or operational changes. Updates will be communicated via Aheesa Digital Innovations' website.
12. Contact Information
For questions or concerns regarding this policy, a user may contact:
Data Privacy Officer
Email: privacy@aheesa.com
Address: Plot No. 772, Sri Ganapathy Nagar Colony, 5th Main Road, Semmencherry, Chennai 600119, Tamil Nadu, India.