Privacy Policy

Effective Date: November 2025
Last Updated: November 10, 2025

1. Introduction and Scope

Ravathi Infra ("we," "us," "our," or "Company") is a leading supplier of building materials based in India. We are committed to protecting your privacy and ensuring you have a positive experience on our website and when interacting with us through any medium.

This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website, contact us via email or telephone, make purchases, or otherwise interact with Ravathi Infra. This policy applies to all personal data and sensitive personal data we process as a Data Fiduciary under the Digital Personal Data Protection Act, 2023 (DPDP Act), and in compliance with the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

Please read this Privacy Policy carefully. If you do not agree with the terms of this Privacy Policy, please do not access our website or use our services.

This Privacy Policy applies to:

Our website (www.ravathiinfra.com)
Email communications
Telephone inquiries
Physical visits to our facilities
Interactions through third-party platforms or representatives

2. Information We Collect

2.1 Personal Data

We collect the following categories of personal information from you:

Identity Information:

Full name
Job title and company name
Business designation
Professional credentials

Contact Information:

Email address
Telephone number (mobile and landline)
Postal address
Physical business location

Business Information:

Business type and nature
Company registration details
GST identification number
PAN (Permanent Account Number)
Business turnover and financial details
Purchase history and preferences
Delivery preferences and logistics details

Identification Documents:

Government-issued photo ID (for verification purposes)
Business registration certificates
Trade licenses
Bank account details (for payment processing)

Transaction Information:

Order details and history
Payment information
Billing and delivery addresses
Product preferences and quantities
Invoice and receipt records
Return and warranty claims

2.2 Sensitive Personal Data or Information (SPDI)

We collect certain sensitive information that requires special protection:

Financial data (bank account numbers, credit card information processed through secure payment gateways)
Biometric information (if applicable for facility access)
Health information (if relevant to product recommendations or delivery conditions)

Important: We do not store complete credit card information on our servers. Payment processing is handled through secure, PCI-DSS compliant payment gateways.

2.3 Technical and Usage Information

When you visit our website, we automatically collect:

IP address and browser type
Pages visited and time spent on each page
Links clicked
Search queries
Device information (type, operating system)
Referring website URL
Cookie identifiers
Timestamp of visits

2.4 Information Collected Through Communication

When you contact us, we collect:

Email content and attachments
Telephone call recordings (with your consent)
Chat messages and support tickets
Feedback and complaint information
Inquiry details and preferences

2.5 Information from Third Parties

We may receive information about you from:

Payment processors and financial institutions
Logistics and delivery partners
Industry databases and business registries
Referral sources and business associates
Public records and government agencies (for verification)

3. How We Collect Information

We collect information through the following methods:

3.1 Direct Collection

Information you voluntarily provide through inquiry forms on our website
Information submitted via email or telephone
Information provided during business meetings or facility visits
Registration information for catalogs or newsletters
Purchase orders and related documentation

3.2 Automatic Collection

Cookies and similar tracking technologies
Web beacons and pixel tags
Server log files
Analytics tools (Google Analytics with anonymization enabled)

3.3 Cookies and Similar Technologies

Our website uses the following types of cookies:

Essential Cookies: Required for website functionality (login, security, site administration)

Performance Cookies: Help us understand how visitors use our website (Google Analytics)

Functional Cookies: Remember your preferences and settings

Marketing Cookies: Track your interests for targeted communications (if you opt-in)

You can control cookie settings through your browser preferences. However, disabling certain cookies may affect website functionality.

4. Purpose of Collection and Use of Information

We collect and process your personal information for the following lawful purposes:

4.1 Primary Business Purposes

To process and fulfill your orders for building materials
To provide quotations and pricing information
To manage customer accounts and maintain business relationships
To arrange delivery and logistics
To process payments and invoicing
To provide customer support and handle inquiries
To maintain warranty records and handle claims
To ensure product quality and suitability for your needs

4.2 Communication Purposes

To send order confirmations and shipping updates
To provide product information and technical documentation
To respond to your inquiries and complaints
To send newsletters and industry updates (with your consent)
To notify you of special offers and promotions (with your consent)
To conduct surveys and gather feedback

4.3 Compliance and Legal Purposes

To comply with applicable laws and regulations (GST, Income Tax, etc.)
To maintain required business records and accounts
To verify identity and prevent fraud
To respond to legal requests from authorities
To enforce our Terms of Service and other agreements

4.4 Business Analytics and Improvement

To analyze usage patterns and website performance
To identify trends in product demand
To improve our products, services, and website
To conduct market research and competitive analysis
To optimize delivery routes and logistics efficiency
To personalize your experience with us

4.5 Security and Risk Management

To prevent fraud and unauthorized access
To detect and investigate security breaches
To protect against malicious attacks
To maintain the integrity of our systems
To verify authenticity of transactions

4.6 Advertising and Marketing (with consent)

To send promotional materials about our products
To create targeted marketing campaigns
To display relevant advertisements
To analyze marketing effectiveness

Legitimate Use Without Consent:
We may process your personal data for legitimate business purposes without explicit consent, including:

Fulfilling contractual obligations
Complying with legal and regulatory requirements
Protecting vital interests and safety
Pursuing legitimate business interests that do not override your rights

5. Data Retention

We retain your personal information for the following periods:

CategoryRetention PeriodReason

Customer Account InformationDuration of business relationship + 3 yearsLegal compliance and audit purposes

Transaction Records7 yearsGST and Income Tax compliance

Payment InformationUntil transaction completion + 1 yearDispute resolution and fraud prevention

Communications (Email/Chat)3-5 yearsDispute resolution and customer service records

Inquiry/Lead Information2 yearsBusiness relationship development

Website Analytics26 monthsPerformance analysis and improvement

CookiesAs per cookie type (max 2 years)Functionality and user experience

Complaint Records5 yearsCompliance with consumer protection laws

Employee/Vendor InformationDuration of engagement + 3 yearsEmployment/contractual records

We delete personal information once it is no longer necessary for the purpose for which it was collected, except where:

Legal or regulatory requirements mandate retention
Tax compliance requires retention
Litigation or dispute resolution is pending
A claim or dispute may reasonably arise

6. Data Sharing and Disclosure

6.1 We Do NOT Sell Personal Information

Ravathi Infra does not sell, trade, or rent your personal information to third parties for their independent use. We only share data when necessary to fulfill our services or comply with legal obligations.

6.2 Authorized Data Sharing

We share your personal information with the following categories of recipients only for specified purposes:

Service Providers and Business Partners:

Logistics and transportation providers (for delivery)
Warehouse and storage facilities (for inventory management)
Payment processors and financial institutions (for transactions)
Web hosting and IT infrastructure providers
Email service providers
Business analytics and CRM software providers
Accounting and bookkeeping firms
Insurance providers

Each service provider:

Is contractually bound to maintain confidentiality
Has limited access to only necessary information
Cannot use data for their own purposes
Is required to implement appropriate security measures

Legal and Regulatory Bodies:

Government agencies and authorities
Tax authorities (GST, Income Tax Department)
Law enforcement agencies (upon legal request)
Industry regulators (if applicable)
Courts and judicial authorities

Other Disclosures:

To protect legal rights and prevent fraud
To enforce our Terms of Service and agreements
To respond to lawful requests from authorities
In case of business transfer, merger, or acquisition (with appropriate safeguards)

6.3 Data Sharing Across Company Entities

If Ravathi Infra operates multiple business divisions or subsidiaries, we may share your information internally for:

Coordinated customer service
Combined business operations
Shared compliance functions

All internal sharing follows this Privacy Policy and applicable data protection laws.

6.4 Cross-Border Data Transfer

Data Localization: We comply with data localization requirements under the DPDP Act. Sensitive personal data is stored within India, and access from international locations is restricted.

For any international data transfer:

Transfers occur only to countries with adequate data protection levels as notified by the Government of India
Appropriate contractual safeguards are in place
Your explicit consent is obtained (where required)
We ensure compliance with DPDP Act provisions on cross-border transfers

7. Your Privacy Rights

Under the Digital Personal Data Protection Act, 2023, and the Information Technology Act, 2000, you have the following rights:

7.1 Right to Access Information

You have the right to know:

What personal data we hold about you
Why we are processing it
How long we will retain it
Who has access to it

How to Exercise: Send a written request to our Data Protection Officer with your full name, email address, and specific details of information requested. We will provide a response within 30 days.

7.2 Right to Correction and Rectification

You can request correction of inaccurate, incomplete, or misleading personal data. We will update records within 15 business days and notify affected parties (where applicable).

7.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data when:

The data is no longer necessary for the original purpose
You withdraw consent
You object to processing based on legitimate interests
The data was processed unlawfully
Legal obligations require deletion

Exceptions: We may retain data when required by law, to fulfill contractual obligations, or to establish or defend legal claims.

7.4 Right to Withdraw Consent

You can withdraw consent for data processing at any time by notifying us in writing. However, this does not affect the lawfulness of processing before withdrawal.

7.5 Right to Restrict Processing

You can request that we limit the use of your personal data while we verify accuracy or consider your objection to processing.

7.6 Right to Object

You can object to processing of your personal data for:

Direct marketing purposes
Processing based on our legitimate interests
Automated decision-making

7.7 Right to Grievance Redressal

You can lodge a complaint if you believe your data privacy rights have been violated. We will:

Acknowledge receipt within 5 business days
Investigate the complaint thoroughly
Provide a resolution within 30 days
Allow escalation to the Data Protection Board of India

8. Data Security and Protection

We implement comprehensive security measures to protect your personal information from unauthorized access, disclosure, alteration, and destruction.

8.1 Technical Security Measures

Encryption:

SSL/TLS encryption for all data in transit over the internet
AES-256 encryption for sensitive data at rest
End-to-end encryption for sensitive communications

Access Controls:

Role-based access control (RBAC) limiting employee access
Multi-factor authentication for sensitive systems
Unique user IDs with password protection
Regular access reviews and removal of unnecessary permissions

Network Security:

Firewalls and intrusion detection systems
Regular security audits and penetration testing
Virtual private networks (VPN) for remote access
DDoS protection mechanisms

Data Backup and Recovery:

Daily automated data backups to secure locations
Regular testing of backup integrity
Disaster recovery procedures
Business continuity plans

8.2 Organizational Security Measures

Personnel Security:

Background checks for employees with data access
Data protection and confidentiality training for all staff
Non-disclosure agreements and employment contracts
Regular reminders about data security obligations
Incident reporting procedures

Administrative Controls:

Data protection policies and procedures
Data inventory and mapping
Regular risk assessments
Incident response protocols
Data breach notification procedures

Physical Security:

Restricted access to facilities housing data
Surveillance systems
Secure document storage and disposal
Lock-and-key provisions for sensitive areas
Visitor management

8.3 Vendor and Third-Party Security

All service providers are required to:

Maintain adequate security standards
Pass security audits and certifications
Sign Data Processing Agreements
Report security incidents immediately
Limit data access to necessary personnel
Delete data upon contract termination

8.4 Security Limitations

While we implement industry-standard security measures, no method of transmission over the internet is 100% secure. We cannot guarantee absolute security. You use our services at your own risk, and you are responsible for maintaining the confidentiality of your login credentials.

9. Data Breach Notification

9.1 Breach Detection and Response

In the event of a personal data breach, we will:

Immediate Investigation: Conduct an immediate investigation to determine:
- Nature and scope of the breach
- Types and volume of data affected
- Number of affected individuals
- Consequences for affected persons
Containment: Take immediate action to contain and stop the breach
Notification Timeline:
- Notify affected data principals within 72 hours (or as required by law)
- Notify the Data Protection Board of India as prescribed
Notification Content: Our notification will include:
- Nature of the personal data breach
- Categories and approximate number of affected individuals
- Likely consequences of the breach
- Measures taken or proposed to address the breach
- Contact details of our Data Protection Officer
- Recommendations for affected individuals to protect themselves

9.2 Your Obligations Upon Breach

If you suspect a data breach or unauthorized access to your account:

Notify us immediately at [support email] or [phone number]
Change your passwords
Monitor financial accounts for unauthorized transactions
Consider placing fraud alerts with credit agencies

10. Children's Data Protection

This website and our services are not intended for individuals under 18 years of age. We do not knowingly collect personal data from children.

If we become aware that we have collected data from a child:

We will not use such data for any purpose
We will delete it as soon as possible
We will not retain such data even if initially provided

For children's data (if required for business purposes), we require:

Verifiable parental consent
Identity verification of the parent/guardian
Restrictions on tracking and behavioral advertising
Age-appropriate privacy notices

11. Your Choices and Controls

11.1 Email Communications

You can manage your email preferences:

Opt-out of promotional emails by clicking "Unsubscribe" in any email
Modify communication preferences through your account settings
Request removal from our mailing list
Note: We will continue to send transactional emails (order confirmations, shipping updates)

11.2 Website Tracking

You can control tracking through:

Browser "Do Not Track" signals (we honor this)
Cookie preference settings in your browser
Cookie consent management tools on our website
Opting out of analytics services

11.3 Location Services

If our services use location data:

Grant or deny location access through device settings
Revoke location permissions at any time
Note: Some location services may be necessary for delivery

12. International Users

12.1 GDPR Compliance (if applicable)

If you are located in the European Union, United Kingdom, or other GDPR-applicable jurisdictions:

We comply with GDPR requirements
You have additional rights under GDPR
Our legal basis for processing includes your consent and legitimate interests
You can lodge complaints with your local supervisory authority

12.2 Other International Jurisdictions

Users in other countries should note:

We store data primarily in India
Your data is subject to Indian data protection laws
We comply with applicable local laws
Cross-border transfers comply with local regulations

13. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect:

Changes in our data processing practices
New legal or regulatory requirements
Technological developments
User feedback and evolving privacy standards

13.1 Notification of Changes

Significant changes will be communicated through:

Notice on our website homepage
Email notification to registered users
Updated "Last Updated" date on this policy
Request for renewed consent (if legally required)

Minor changes will be indicated by the updated date only.

Your Continued Use of our website and services after changes indicates acceptance of the updated Privacy Policy.

14. Specific Provisions Under Indian Laws

14.1 Information Technology Act, 2000 Compliance

Sensitive Personal Data or Information (SPDI) Rules:

We collect SPDI only with explicit written consent
We do not disclose SPDI to third parties without consent
We implement reasonable security practices per Section 43A
We provide privacy policies and grievance mechanisms

Section 72A Protections:

Our employees and service providers are contractually bound to maintain confidentiality
Unauthorized disclosure of personal information is prohibited
Penalties for violations are clearly documented in employment contracts

14.2 Digital Personal Data Protection Act, 2023 Compliance

Consent Requirements:

Consent is free, informed, specific, and unambiguous
Provided through clear affirmative action
Can be withdrawn at any time
Documented for verification

Data Fiduciary Obligations:

Ensure accuracy and completeness of personal data
Implement reasonable security safeguards
Maintain data retention schedule
Conduct Data Protection Impact Assessments
Appoint a Data Protection Officer
Respond to data principal rights requests within stipulated timelines

Significant Data Fiduciary (SDF):

If we are categorized as an SDF, we will implement enhanced obligations
Maintain detailed records of processing
Conduct regular compliance audits
Prepare annual compliance reports

14.3 Consumer Protection Act, 2019

We ensure:

Transparency in terms of service
Product information accuracy
Grievance redressal mechanisms
Protection of consumer data and rights

15. Grievance Redressal

15.1 Internal Grievance Mechanism

To file a grievance:

Contact our Grievance Officer:

Name: [Grievance Officer Name]
Email: [grievance@ravathiinfra.com]
Telephone: [Phone Number]
Address: Ravathi Infra, [Address], [City], [State], [Pin Code]
Response Timeline: Within 30 days

Escalation: If your grievance is not resolved within 30 days, you can escalate to:

Name: [Senior Management Contact]
Email: [senior.management@ravathiinfra.com]
Telephone: [Phone Number]

15.2 Data Protection Officer Contact

Name: [DPO Name]
Email: [dpo@ravathiinfra.com]
Telephone: [Phone Number]
Availability: Monday to Friday, 9 AM to 6 PM IST

15.3 Data Protection Board of India

If your grievance is not satisfactorily resolved, you can file a complaint with:

Data Protection Board of India
(Contact details to be updated as per government notification)

16. Contact Information

16.1 General Inquiries

Email: [info@ravathiinfra.com]
Telephone: [Phone Number]
Website: www.ravathiinfra.com
Business Hours: Monday to Saturday, 9 AM to 6 PM IST

16.2 Data Protection and Privacy Inquiries

Email: [privacy@ravathiinfra.com]
Telephone: [Phone Number]
Mailing Address:

Ravathi Infra
[Full Address]
[City], [State] [Pin Code]
India

Response Time: All privacy inquiries will receive a response within 15 business days.

17. Definitions

Personal Data: Any information relating to an identified or identifiable individual.

Sensitive Personal Data (SPDI): Personal data revealing racial or ethnic origin, political opinion, religious belief, trade union membership, genetic data, biometric data, health data, or data concerning sex life or sexual orientation.

Data Fiduciary: An entity that determines the purpose and means of processing personal data. Ravathi Infra functions as a Data Fiduciary.

Data Processor: An entity that processes personal data on behalf of a data fiduciary.

Processing: Any operation performed on personal data, including collection, recording, organization, structuring, storage, use, or sharing.

Consent: Voluntary, specific, informed, and unambiguous affirmation by the data principal to process their personal data.

Data Principal: The individual to whom personal data relates.

Data Breach: Any unauthorized access, loss, or disclosure of personal data.

Significant Data Fiduciary (SDF): A data fiduciary notified by the government as significant based on volume and nature of personal data processed.

18. Acknowledgment and Acceptance

By using Ravathi Infra's website, services, or providing personal information to us, you acknowledge that:

You have read and understood this Privacy Policy
You consent to the collection and processing of your personal data as described herein
You understand your privacy rights and our obligations
You agree to abide by the terms of this Privacy Policy

Version: 1.0
Effective Date: November 2025
Document Status: Active
Next Review Date: November 2026

This Privacy Policy is compliant with the Digital Personal Data Protection Act, 2023, Information Technology Act, 2000, Information Technology Rules, 2011, and other applicable Indian data protection regulations as of the effective date.

RAVATHI INFRA