top of page

Privacy Policy ( DPDP Act, 2023 Compliant )

​​

1. Purpose and Scope

1.1. This Privacy Policy explains how Octobotics Tech Pvt. Ltd. (“Octobotics”, “we”, “us”) collects, uses, shares and safeguards personal data in connection with the Site and our business operations.
1.2. This Policy applies to digital personal data processed by us in India and, where applicable, outside India in connection with offering goods or services to individuals in India, consistent with the DPDP Act, 2023.
1.3. This Policy does not apply to data in a purely personal or domestic context, or to publicly available personal data as specified by law.

​

2. Roles and Definitions

2.1. Data Fiduciary: Octobotics acts as a “Data Fiduciary” when determining the purpose and means of processing personal data.
2.2. Data Processor: Third parties processing personal data on our behalf (e.g., hosting providers, analytics tools, email/SMS gateways) act as “Data Processors” under written contracts.
2.3. Data Principal: The individual to whom the personal data relates (“you”).
2.4. Personal Data: Any data about an individual who is identifiable by or in relation to such data.
2.5. Child: A person who has not completed eighteen years of age.

​

3. Categories of Personal Data We Process

Depending on your interactions with us, we may process the following categories: 3.1. Identity and Contact Data: name, email, phone number, organisation, designation, country, address.
3.2. Business Correspondence: queries, RFQs, feedback, support requests, meeting notes, and communications.
3.3. Technical and Usage Data: IP address, device identifiers, browser type/version, operating system, time zone, referrers, pages viewed, clickstream, session logs, crash/diagnostic logs.
3.4. Marketing and Preference Data: newsletter opt-ins, cookie preferences, consent logs.
3.5. Recruitment Data (when applicable): CV/resume details, qualifications, employment history, references.
3.6. Vendor/Partner Data (B2B): contact details of supplier/partner personnel, bank/financial details when necessary for payments (processed via secure channels).
3.7. Any other data that you voluntarily provide to us or which we are permitted to process under applicable law.

​

4. Sources of Personal Data

4.1. Directly from you (forms, emails, calls, events).
4.2. Automatically via cookies and similar technologies when you use the Site (see Cookie Policy).
4.3. From third parties, including service providers, referral partners, publicly available sources, or your organisation (B2B context).

​

5. Purposes of Processing and Legal Bases

We process personal data for the purposes below, under the legal grounds available under the DPDP Act (consent and legitimate uses as provided by law): 5.1. Responding to inquiries and providing information you request; scheduling demos; providing proposals (consent or legitimate use).
5.2. Providing our products/services, including customer support and fulfilment (contractual necessity/legitimate use).
5.3. Operating and improving the Site, including security, debugging, analytics, load balancing, fraud prevention (legitimate use).
5.4. Marketing communications, newsletters, event invitations (consent; you may opt-out at any time).
5.5. Recruitment/HR for candidates who apply to roles (pre-contractual necessity/consent).
5.6. Legal compliance and enforcement, including responding to legal process, protecting our rights, investigating violations, and preventing harm (legal obligation/legitimate use).
5.7. Business operations, including mergers, acquisitions, financing, or sale of assets (legitimate use, with safeguards).

​

6. Consent and Notice

6.1. Where required, we obtain your consent prior to or at the time of collection. We provide clear notice identifying the purposes of processing, how to exercise your rights, and contact details of our Grievance Officer/Data Protection Officer (DPO).
6.2. You may withdraw consent at any time using the methods indicated in the notice, email, or cookie settings. Withdrawal does not affect prior lawful processing.
6.3. We maintain consent logs and records as evidence of consent where obtained electronically.

​

7. Children’s Data

7.1. We do not knowingly collect personal data of children under 18 years for Site interactions. Where we become aware that a child has provided data, we will delete it or obtain verifiable parental consent as required by law.
7.2. Where a person with disability has a lawful guardian, we will process data in accordance with applicable rules for guardian consent.

​

8. Data Sharing and Disclosures

8.1. We share personal data with the following categories of recipients as necessary and proportionate:
a) Service Providers/Data Processors: website hosting (e.g., Wix), content delivery and security, analytics (e.g., Google Analytics if enabled), CRM, email/SMS gateways, customer support tools, payment/finance processors for B2B transactions;
b) Affiliates: group companies for business purposes consistent with this Policy;
c) Advisors and auditors: legal, tax, compliance, cybersecurity;
d) Authorities: regulators, law enforcement, courts, or the Data Protection Board of India, where required by law;
e) Business transferees: in connection with corporate transactions, subject to confidentiality and continued protection of personal data.
8.2. We require Data Processors to implement appropriate security measures and process personal data only on our documented instructions under written contracts.

​

9. International Data Transfers

9.1. We may transfer personal data outside India (for instance, to service providers’ data centres or sub-processors) subject to applicable law.
9.2. Where required by law, we will implement appropriate safeguards and ensure transfers are not made to any jurisdiction restricted by the Government of India.

​

10. Data Security

10.1. We implement technical and organisational measures appropriate to the nature, scope and purposes of processing, including encryption in transit where feasible, access controls, least-privilege principles, secure software development practices, logging and monitoring, periodic vulnerability assessments, and staff confidentiality undertakings.
10.2. We regularly review our controls and vendor security posture.

​

11. Data Retention

11.1. We retain personal data only for as long as necessary for the purposes stated, or as required by law (e.g., tax, accounting, contract limitation periods).
11.2. When no longer required, personal data is deleted or irreversibly anonymised per our retention schedule.
11.3. Illustrative retention guidance:
• Inquiry/lead data: up to 24 months from last interaction;
• Contract/transaction records: up to 8 years or as required by law;
• Consent logs: as long as needed to demonstrate compliance;
• Security and system logs: typically 12–24 months unless required longer for investigation.

​

12. Your Rights as a Data Principal

Subject to applicable law, you have the following rights: 12.1. Right to Information about personal data processed by us and a summary of processing activities.
12.2. Right to Access your personal data.
12.3. Right to Correction and Erasure of inaccurate or incomplete personal data and to have personal data erased when it is no longer necessary or when consent is withdrawn.
12.4. Right to Grievance Redressal with us and to approach the Data Protection Board of India if unsatisfied with our response.
12.5. Right to Nominate an individual to exercise your rights in the event of your death or incapacity (as permitted by law).
12.6. Right to Withdraw Consent where processing is based on consent.
12.7. We may request reasonable information to verify your identity before acting on a request, and may decline or limit requests as permitted by law (e.g., where a request is manifestly unfounded or excessive).

​

13. Exercising Your Rights and Grievances

13.1. To exercise your rights or to raise a concern, please contact our Grievance Officer / Data Protection Officer (DPO):
Email: dpo@octobotics.tech (or connect@octobotics.tech)
Postal Address: Grievance Officer/DPO, Octobotics Tech Pvt. Ltd., 1st Floor, Plot No. 46, Sector 138, Noida, UP 201305, India.
13.2. We aim to acknowledge your request promptly and endeavour to respond within 30 days or within such time as may be prescribed by law.
13.3. If you are not satisfied with our resolution, you may escalate to the Data Protection Board of India in accordance with the DPDP Act.

​

14. Automated Decision-Making and Profiling

14.1. We do not engage in automated decision-making that produces legal or similarly significant effects on individuals via the Site. If we introduce such processing, we will provide appropriate notice and safeguards.

​

15. Cookies and Similar Technologies

15.1. We use cookies and similar technologies to operate and improve the Site, personalise content, and analyse traffic. For details, see our Cookie Policy.
15.2. Where required, non-essential cookies are placed only with your consent, which you may withdraw at any time via the cookie banner/settings.

​

16. Data Breach Management

16.1. We maintain procedures to identify, assess, and respond to personal data breaches, including containment, investigation, remediation and documentation.
16.2. Where required by law, we will notify the appropriate authority and affected individuals.

​

17. Significant Data Fiduciary

17.1. If at any time Octobotics is designated a Significant Data Fiduciary by the Government of India, we will comply with additional obligations such as the appointment of a DPO at a senior level, data protection impact assessments, periodic audits, and other measures as mandated.

​

18. Changes to this Policy

18.1. We may update this Policy from time to time. The “Last Updated” date at the top will reflect the latest changes.
18.2. Material changes may be notified on the Site.

bottom of page