Privacy Policy

1. Who We Are

VIRDI Electric Works Pvt. Ltd. (referred to as "VIRDI", "we", "us", or "our") is a Government of India MSME-registered industrial manufacturer established in 1963. We are headquartered at C-21, Sector-63, Noida – 201301, Uttar Pradesh, India. We manufacture Distribution Transformers, Servo Voltage Stabilizers, Electroplating Rectifiers, Online UPS Systems, and Industrial Welding Machines for clients across India and internationally. For the purposes of the Digital Personal Data Protection Act, 2023 (DPDP Act), VIRDI Electric Works Pvt. Ltd. is the Data Fiduciary responsible for the personal data collected through this website and our business operations.

2. Applicable Legal Framework

This Privacy Policy is prepared in accordance with and governed by the following Indian laws and regulations:

• —Digital Personal Data Protection Act, 2023 (DPDP Act) — India's primary legislation governing the processing of digital personal data.
• —Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (IT-SPDI Rules).
• —Indian Contract Act, 1872 — governing the legal enforceability of consent and agreements.
• —Any sector-specific regulations or directions issued by competent Indian authorities from time to time.

3. Information We Collect

When you interact with our website or contact us via phone, email, or WhatsApp, we may collect the following categories of personal data:

• —Identity Data: Full name, designation, and company/organisation name.
• —Contact Data: Business or personal email address, phone/mobile number, and postal/registered address.
• —Enquiry & Transaction Data: Product specifications, technical requirements, purchase order details, or quote request details submitted via our website, email, or WhatsApp.
• —Technical & Usage Data: IP address, browser type and version, pages visited, time on site, device type, and referral source — collected via web server logs or analytics tools.
• —Communication Records: Records of email, phone call, or WhatsApp communications with our sales, technical, or support teams.

4. Purpose & Legal Basis for Processing

Under the DPDP Act, 2023, we process your personal data only for specified, lawful purposes. We rely on the following legal bases:

• —Consent (Section 6, DPDP Act): Where you have given free, specific, informed, and unambiguous consent — for example, when subscribing to product updates or marketing communications. You may withdraw consent at any time.
• —Contractual Necessity: To respond to and fulfil your product enquiries, prepare quotations, process purchase orders, coordinate delivery, and provide after-sales support.
• —Legitimate Interests (Compliance): To maintain business records, improve our website, and manage lawful client relationships — provided such interests are not overridden by your fundamental rights.
• —Legal Obligation: To comply with applicable Indian laws including tax regulations (Income Tax Act, GST), company law (Companies Act, 2013), and directions of competent authorities.

5. How We Use Your Information

We use the information we collect strictly for the following purposes:

• —To respond to product enquiries, technical questions, and quote requests submitted via the website or WhatsApp.
• —To prepare and send formal product quotations, technical data sheets, and compliance documents.
• —To fulfil purchase orders, coordinate logistics, and provide after-sales and warranty support.
• —To send relevant product updates, new launches, or industry communications — only if you have explicitly opted in.
• —To maintain statutory business records as required under the Companies Act, 2013, GST Act, and Income Tax Act, 1961.
• —To improve our website content, user experience, and navigation based on anonymised analytics.
• —To comply with legal obligations and respond to lawful requests from Indian regulatory or judicial authorities.

6. Data Sharing & Third Parties

We do not sell, rent, trade, or commercially transfer your personal data to any third party. We may share information only in the following strictly limited circumstances:

• —With authorised distributors, channel partners, or service agents strictly to fulfil your order or enquiry — bound by confidentiality obligations.
• —With logistics, freight, and courier partners solely for the purpose of product delivery and dispatch tracking.
• —With professional advisers (legal counsels, chartered accountants, statutory auditors) bound by professional confidentiality under applicable laws.
• —With government or regulatory authorities, law enforcement agencies, or courts where legally mandated (e.g., GST authorities, Income Tax Department, Registrar of Companies).
• —In the event of a lawful merger, acquisition, demerger, or sale of business assets — subject to prior notice to you and continuation of this Policy's protections.

7. WhatsApp & Social Media Platforms

Our website includes links and communication channels via WhatsApp (Meta Platforms, Inc.), LinkedIn, Facebook, and Instagram. If you choose to communicate with us through these platforms, please be aware that:

• —Your communications on these platforms are also governed by the respective platform's Privacy Policy and Terms of Service.
• —VIRDI Electric Works is not responsible for the data practices, storage, or processing carried out by these third-party platforms.
• —WhatsApp communications may be stored on Meta's servers, which may be located outside India.
• —We recommend reviewing the privacy policies of WhatsApp (Meta), LinkedIn, Facebook, and Instagram independently before sharing personal data through them.

8. Data Retention

We retain personal data only for as long as is necessary to fulfil the purpose for which it was collected, or as required by law:

• —Client and transaction records: Retained for a minimum of 8 years in accordance with the Companies Act, 2013 (Section 128) and Income Tax Act, 1961 requirements.
• —GST-related records: Retained for 6 years as required under the Central Goods and Services Tax Act, 2017.
• —General enquiry records (non-converted): Retained for up to 2 years, then securely deleted or anonymised.
• —Website technical logs and analytics data: Retained for no longer than 12 months, then automatically purged.
• —Marketing consent records: Retained until consent is withdrawn, plus an additional 1 year for audit purposes.

9. Data Security

We implement industry-standard technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction — in line with the IT (SPDI) Rules, 2011 and the DPDP Act, 2023:

• —Access controls: Personal data is accessible only to authorised personnel on a need-to-know basis.
• —Encryption: Sensitive data in transit is protected using SSL/TLS encryption.
• —Regular reviews: We periodically review our security practices and update them in line with current standards.
• —Data breach response: In the event of a personal data breach, we will notify the affected Data Principals and, where required, the Data Protection Board of India, as per the DPDP Act, 2023.

10. Your Rights as a Data Principal

Under the Digital Personal Data Protection Act, 2023 and the IT (SPDI) Rules, 2011, you — as a Data Principal — have the following rights in relation to your personal data held by us:

• —Right to Access & Summary (Section 11, DPDP Act): Request confirmation of whether we are processing your personal data and obtain a summary of the data held and processing activities undertaken.
• —Right to Correction & Erasure (Section 12, DPDP Act): Request correction of inaccurate or incomplete data, or erasure of data that is no longer required for the specified purpose.
• —Right to Grievance Redressal (Section 13, DPDP Act): Lodge a grievance with us regarding processing of your personal data, to be resolved within the timeline specified.
• —Right to Nominate (Section 14, DPDP Act): Nominate another individual to exercise your data rights in the event of your death or incapacity.
• —Right to Withdraw Consent: Where processing is based on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
• —Right to Complain to the Data Protection Board (Section 25, DPDP Act): If you are not satisfied with our response to your grievance, you may approach the Data Protection Board of India.

11. Children's Privacy

Our website and services are not directed at children under the age of 18. In accordance with Section 9 of the Digital Personal Data Protection Act, 2023, we do not knowingly process the personal data of children without verifiable parental consent. If you believe we have inadvertently collected personal data of a child, please contact our Grievance Officer immediately. We will take prompt steps to delete such data and, where applicable, notify the concerned parent or guardian.

12. Grievance Officer

In accordance with the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 and the Digital Personal Data Protection Act, 2023, we have appointed a Grievance Officer to address concerns related to your personal data:

13. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our data practices, business operations, or applicable Indian legal requirements (including any Rules notified under the DPDP Act, 2023). Significant changes will be communicated by updating the "Last Updated" date at the top of this page. We encourage you to review this page periodically. Continued use of our website after any changes constitutes your acceptance of the revised Policy.