Executive Summary

This comprehensive Data Privacy Statement and Privacy Policy document outlines how Adnak™ Group (“We,” “Us,” “Our,” “Company”) collects, processes, uses, and protects your personal data in strict compliance with applicable Indian data protection laws, including the Digital Personal Data Protection Act, 2023 (DPDP Act) and the Information Technology Act, 2000.

Our commitment is to maintain the highest standards of data privacy, security, and transparency while respecting your fundamental right to privacy as recognized under the Indian Constitution (Article 21).

PART 1: DATA PRIVACY STATEMENT

1. Introduction

This Data Privacy Statement has been prepared in strict compliance with the following applicable laws of India:

• The Digital Personal Data Protection Act, 2023 (DPDP Act)
• The Digital Personal Data Protection Rules, 2025 (DPDP Rules)
• The Information Technology Act, 2000 and rules thereunder
• The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
• The Indian Constitution, Article 21 (Right to Privacy)

Adnak™ Group is committed to processing your personal data lawfully, fairly, transparently, and in accordance with the principles established under the DPDP Act.

Our Core Commitments

• Safeguard: Protecting your personal information with appropriate technical and organizational measures
• Fair Processing: Ensuring lawful and fair processing consistent with specified, explicit, and legitimate purposes
• Respect Rights: Respecting your fundamental right to privacy as recognized under Indian law
• Accountability: Maintaining complete accountability and transparency in all data processing activities

2. Collection of Personal Data

2.1 Legal Basis for Collection

We collect personal data only when:

• It is necessary for the performance of our services or contractual obligations
• We have obtained your free, specific, informed, and unambiguous consent as per Section 6 of the DPDP Act
• Processing is required or authorized by law

2.2 Types of Personal Data Collected

Table 1: Types of Personal Data Collected by Adnak™ Group

2.3 Data Minimisation Principle

In compliance with Section 6 of the DPDP Act, we collect only the minimum quantity of personal data necessary to fulfil the specified purpose. We do not engage in excessive or unnecessary data collection.

3. Purpose and Use of Personal Data

3.1 Specified Purposes

We process your personal data only for the following specified and explicit purposes:

Table 2: Specified Purposes for Personal Data Processing

3.2 Purpose Limitation

We will not process your personal data for any secondary, unrelated, or incompatible purpose without obtaining your explicit, fresh consent. Any change in the purpose of processing requires separate notification and consent.

3.3 Lawful Processing

All processing is conducted in a manner that is:

• Lawful: In accordance with applicable laws
• Fair: Respecting the reasonable expectations of data principals
• Transparent: With clear communication about our practices

4. Consent Management

4.1 Consent Requirements Under DPDP Act

In compliance with Section 6 of the DPDP Act, our consent must be:

• Free: Without coercion, manipulation, or undue influence
• Specific: Purpose-specific, granular, and not bundled
• Informed: With complete information about data usage
• Unambiguous: Expressed through clear, affirmative action (explicit opt-in, not pre-ticked boxes)

4.2 Consent Collection Mechanism

We collect consent through:

• Explicit checkbox mechanisms (not pre-ticked)
• Written acceptance of this Statement
• Digital consent recorded and logged for audit purposes

4.3 Consent Withdrawal

You have the unconditional right to withdraw your consent at any time. Withdrawal can be exercised by:

• Emailing our Data Protection Officer
• Submitting a written request to our registered address
• Using any withdrawal mechanism we provide on our digital platforms

Upon withdrawal, we will cease processing of the relevant personal data prospectively, except where we are legally obligated to retain it.

4.4 Age and Capacity

We do not collect personal data from individuals under 18 years of age except where parental or legal guardian consent has been explicitly obtained as per Section 10 of the DPDP Act.

5. Data Security

5.1 Security Obligations

In compliance with the DPDP Rules 2025, we implement appropriate technical and organisational measures to ensure:

• Confidentiality: Protection against unauthorized access
• Integrity: Protection against alteration or corruption
• Availability: Timely and reliable access by authorized users
• Resilience: Continuity even in adverse circumstances

5.2 Security Measures Implemented

Table 3: Data Security Measures

5.3 Security Limitations

While we employ industry-standard security measures, no method of data transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but remain committed to maintaining the highest reasonable standards.

6. Disclosure of Personal Data

6.1 Non-Disclosure Policy

We do not sell, rent, lease, or trade your personal data. Disclosure occurs only in the following circumstances.

6.2 Permitted Disclosures

We may disclose your personal data only to:

Data Processors / Service Providers

• Third parties authorized to process data on our behalf
• Examples: Cloud service providers, payment processors, email service providers
• These entities operate under strict written Data Processing Agreements (DPA)
• Such processors are subject to our direct oversight and audit rights

Legal and Regulatory Requirements

• Law enforcement, government agencies, or regulatory authorities when legally mandated
• Court orders, summons, or legal process
• Compliance with statutory obligations (e.g., tax authorities, RBI, SEBI)
• With your explicit consent

Business Continuity and Corporate Transactions

• In the event of merger, acquisition, bankruptcy, or sale of assets
• With prior notice to you and opportunity to object
• Subject to this Statement or equivalent privacy protections

With Your Explicit Consent

• Disclosure to third parties not mentioned above requires your prior written consent
• Consent remains purpose-specific and revocable

6.3 Affiliate Sharing

Where we share data with affiliated entities (related companies under common ownership), such entities must honor this Statement and equivalent data protection standards.

6.4 International Transfers

Personal data of Indian data principals is processed primarily within India. Any international transfer (outside Indian territory) is permitted only where:

• Legally mandated (e.g., business operations in other jurisdictions)
• You have provided explicit consent
• Equivalent or higher data protection standards are assured in the recipient country

7. Retention of Personal Data

7.1 Retention Principle

In compliance with Section 8(2)(e) of the DPDP Act, we retain personal data only for as long as necessary to fulfil the purpose for which it was collected or as mandated by law.

7.2 Retention Schedule

Table 4: Data Retention Schedule

7.3 Secure Deletion

Upon expiry of the retention period, we securely delete or anonymize your personal data using:

• Cryptographic erasure: Destroying encryption keys
• Data shredding: Multi-pass overwriting
• Physical destruction: For hardware containing personal data
• Anonymization: Removing all identifying information

7.4 Exceptions

We may retain data longer where:

• Required or authorized by applicable law (e.g., statutory obligations)
• Necessary for legal proceedings or dispute resolution
• You have not exercised your right to erasure

8. Your Rights Under Indian Law

8.1 Data Principal Rights (Section 8, DPDP Act)

The DPDP Act grants you the following fundamental rights:

Right to Access (Section 8.1(a))

• Request confirmation whether we hold your personal data
• Obtain a copy of your personal data in intelligible form
• Requests must be processed within 30 days (extendable by another 30 days in complex cases)
• We provide information without unreasonable expense

Right to Correction (Section 8.1(b))

• Request correction, completion, or updating of inaccurate or incomplete data
• We must complete correction within 30 days of valid request
• You will be notified of any third parties who received the original inaccurate data

Right to Erasure (Section 8.1(c))

• Request deletion of your personal data in the following circumstances:
  • Data is no longer necessary for the purpose collected
  • You have withdrawn consent and no other lawful basis exists
  • Processing was unlawful
  • Data must be deleted to comply with legal obligations
• We complete erasure within 30 days of valid request
• Exceptions apply where retention is legally mandated

Right to Data Portability

• Request your personal data in a structured, commonly used, machine-readable format
• Enables transfer to another data fiduciary of your choice
• Processed within 30 days without unreasonable expense

Right to Grievance Redressal (Section 18, DPDP Act)

• Lodge complaints or grievances regarding our data processing
• Escalation mechanism: Contact our DPO → Data Protection Board of India (if unsatisfied)
• No fee charged for filing grievances

Right to Information

• Clear, intelligible information about our data practices
• Provided through this Statement and our privacy notices

8.2 How to Exercise Your Rights

To exercise any of the above rights, please submit a written request to our Data Protection Officer with:

• Clear description of your request and personal data in question
• Your contact information
• Any supporting documentation (e.g., proof of identity)

We will respond within the statutory timeframe and keep records of all requests.

9. Contact Information

For all queries, requests for rights exercise, or grievances regarding personal data:

Data Protection Officer

• Name: [To be designated]
• Email: dpo@adnakgroup.com
• Postal Address: Adnak™ Group, 2-1-31, Sri Rama Nagar, Uppal, Hyderabad, Telangana 500039, India
• Phone: +91-9963006363
• Available: Monday-Friday, 9:30 AM – 5:30 PM IST

Grievance Escalation

If you are unsatisfied with our response, you may escalate to:

Data Protection Board of India
(Contact details available on official government website once operational)

10. Amendments

10.1 Policy Updates

We may update this Statement periodically to reflect:

• Changes in Indian data protection laws
• Regulatory guidance or interpretations
• Modifications to our data handling practices
• Operational or security improvements

10.2 Notification of Changes

For material changes, we will:

• Provide at least 30 days’ notice before the change becomes effective
• Notify you via email and/or prominent notice on our website/digital platforms
• Request renewed consent where required

10.3 Continued Use as Acceptance

Your continued use of our services after notification of amendments constitutes acceptance of the updated Statement.

11. Governing Law

11.1 Jurisdiction

This Data Privacy Statement is governed by and construed in accordance with the laws of India, specifically:

• The Digital Personal Data Protection Act, 2023
• The Information Technology Act, 2000
• All other applicable Indian data protection and privacy laws

11.2 Dispute Resolution

Any disputes, claims, or legal proceedings arising from or relating to this Statement or our data practices shall be subject to the exclusive jurisdiction of the competent courts of Telangana, India.

11.3 Severability

If any provision of this Statement is held to be invalid or unenforceable under Indian law, such provision shall be modified to the minimum extent necessary to make it enforceable, and all other provisions shall remain in full force and effect.

PART 2: PRIVACY POLICY

12. Interpretation and Definitions

12.1 Defined Terms

For purposes of this Privacy Policy, the following terms have the meanings set forth below:

• Account: A unique user account created to access our services or website
• Adnak™ Group: A business entity registered in India; includes all divisions and related entities
• Affiliate: Any entity controlled by, controlling, or under common control with Adnak Group
• Cookies: Small files placed on your device to store preferences and track activity
• Country: Telangana, India (primary jurisdiction)
• Data Fiduciary: The Company, which determines purposes and means of personal data processing
• Device: Any device used to access our Service (computer, mobile, tablet, etc.)
• Personal Data: Any information relating to an identified or identifiable natural person
• Service: Our website AdnakGroup.com and associated services
• Service Provider: Third-party entities engaged to facilitate or provide services on our behalf
• Usage Data: Data automatically collected regarding your use of the Service
• You/User: The individual or entity accessing and using our Service

13. Collecting and Using Your Personal Data

13.1 Data Collection Authority

We collect and use personal data as the Data Fiduciary under the DPDP Act. Our data processing is:

• Lawful and fair: Conducted transparently and consistently with applicable law
• Purpose-specific: Limited to specified, explicit purposes communicated to you
• Consent-based: Obtained where required by law before processing
• Secure: Protected with appropriate technical and organizational safeguards

14. Types of Data Collected

14.1 Personal Data

We may request the following personally identifiable information:

Direct Collection:

• Email address and phone number
• First name and last name
• Residential address (street, city, state, postal code)
• Professional information (job title, company, qualifications)
• Identification details (PAN, Aadhaar, Passport where applicable)

Indirect Collection (with your consent or through automatic means):

• Communication records and correspondence history
• Transaction and purchase history
• Preference and interest information
• Feedback and survey responses

14.2 Usage Data

Usage Data is automatically collected when you interact with our Service. This includes:

Website Analytics:

• Internet Protocol (IP) address
• Browser type and version
• Operating system
• Pages visited and time spent on each page
• Referrer page information
• Click patterns and interaction data
• Unique device identifiers

Mobile Application Data (if applicable):

• Device type and unique device ID
• Mobile operating system and version
• Mobile internet browser type
• Geographic location (if permitted)
• Application crash reports and diagnostic data

Timing and Frequency:

• Date and time of visits
• Duration of sessions
• Frequency of visits
• Entry and exit pages

14.3 Tracking Technologies and Cookies

Cookies Classification and Management

Table 5: Cookie Types, Purposes, and Management Options

Browser Cookie Management

You can control cookies through your browser settings:

• Chrome: Settings → Privacy and Security → Cookies and other site data
• Firefox: Preferences → Privacy & Security → Cookies and Site Data
• Safari: Preferences → Privacy → Cookies and website data
• Internet Explorer/Edge: Settings → Privacy → Cookies

Important: Disabling cookies may limit your ability to use certain features of our Service.

Flash Cookies and Web Beacons

We may use Flash cookies (Local Shared Objects) for storing user preferences and preventing fraud. To manage Flash cookies, visit the Adobe Flash Player Settings Manager.

We may also use web beacons (clear GIFs, pixel tags) in emails and web pages to count user visits and track email open rates. Beacons are typically invisible to users.

15. Use of Personal Data

15.1 Authorized Uses

The Company uses Personal Data for the following purposes:

Service Delivery and Improvement:

• Providing, maintaining, and improving our Service
• Creating and managing your Account
• Delivering products and services you have requested
• Processing transactions and fulfilling contractual obligations
• Monitoring Service usage and resolving technical issues
• Conducting internal audits and quality assurance

Communication:

• Responding to your inquiries and requests
• Sending Service updates, notifications, and important announcements
• Communicating promotional offers and newsletters (with consent)
• Sending SMS, email, or push notifications were permitted
• Conducting surveys and feedback collection

Legal and Compliance:

• Complying with legal obligations and court orders
• Establishing, exercising, and defending legal claims
• Enforcing our Terms of Service and other agreements
• Protecting against fraud, unauthorized access, and security threats

Business Operations:

• Evaluating and conducting mergers, acquisitions, or asset sales
• Analyzing usage trends and improving user experience
• Conducting data analysis and generating statistical insights
• Testing new features and measuring effectiveness
• Training machine learning models (with anonymized data where possible)

Security and Fraud Prevention:

• Detecting, investigating, and preventing fraud, abuse, and security threats
• Monitoring for unauthorized access attempts
• Protecting the rights, safety, and property of the Company, users, and public
• Enforcing policies and preventing prohibited conduct

Marketing and Analytics (with consent):

• Personalizing content based on preferences
• Measuring marketing campaign effectiveness
• Retargeting and interest-based advertising
• A/B testing and feature optimization

15.2 Legitimate Interest

Where we process data based on legitimate interest (rather than consent), we ensure:

• Your interest is balanced against your rights and expectations
• The processing is fair and transparent
• You have been informed and given an opportunity to object
• The use is reasonable and anticipated by you

16. Sharing and Disclosure

16.1 Service Providers

We may share Personal Data with Service Providers who assist in operating our website and providing services:

Service Provider Obligations:

• Operate under written Data Processing Agreements (DPA)
• Process data only as instructed by us
• Maintain confidentiality and security equivalent to our standards
• Subject to our audit and compliance verification
• Not permitted to use data for their own purposes

16.2 Business Transfers

In the event of a merger, acquisition, asset sale, bankruptcy, or similar transaction:

• Your Personal Data may be transferred as part of the transaction
• You will be notified before your data becomes subject to a different privacy policy
• The successor entity must honor this Statement or equivalent protection
• You may object to such transfer by contacting us immediately

16.3 Affiliates and Related Entities

We may share data with our affiliated companies, subsidiaries, and joint ventures:

• Affiliates process data on our behalf or for legitimate business purposes
• All affiliates must honor this Privacy Policy
• You have the same rights and protections with affiliates as with us

16.4 Business Partners

With your consent, we may share information with business partners to offer:

• Co-branded products or services
• Joint promotions or offerings
• Integrated services or features

16.5 Public Interaction

When you interact in public areas of our Service (forums, comments, reviews):

• Information may be viewed by all users and the public
• Information may be indexed by search engines
• We cannot control how third parties use publicly shared information

16.6 Legal Requirements

We may disclose Personal Data when:

• Legally required (court orders, subpoenas, government requests)
• Authorized by law (law enforcement investigation, regulatory compliance)
• To protect rights and safety (protecting Company, user, or public interests)
• Preventing wrongdoing (fraud, abuse, security threats)
• Your explicit consent is provided

We will notify you of legal requests unless legally prohibited.

16.7 Non-Disclosure Policy

We do not sell, rent, lease, or trade your Personal Data to third parties for their marketing purposes under any circumstances.

17. Data Retention and Deletion

17.1 Retention Principles

We retain Personal Data only as long as:

• Necessary for the purposes described in this Policy
• Required by applicable Indian laws (tax, audit, regulatory)
• Needed to resolve disputes or enforce agreements
• You have not exercised your right to erasure

17.2 Retention Timelines

Table 6: Data Retention Timelines by Category

17.3 Deletion and Anonymization

After the retention period expires, we:

• Securely delete data using cryptographic erasure, overwriting, or destruction
• Anonymize data by removing all identifying information
• Maintain aggregated, de-identified data for statistical purposes
• Do not retain backup copies unless legally required

18. Data Transfers

18.1 Data Processing Location

Your data is primarily processed and stored in India. Servers and data centers are located within Indian territory to ensure compliance with DPDP Act.

18.2 Exceptions to In-India Processing

Data may be transferred outside India only where:

• Legally mandated (business operations in other jurisdictions)
• Contractually required (international service agreements)
• Your explicit consent is provided
• Equivalent or higher data protection standards apply in the recipient country

18.3 International Transfer Safeguards

For any international transfer, we ensure:

• Recipient countries have adequate data protection laws
• Standard contractual clauses or binding commitments are in place
• Transfers are transparent and disclosed in advance
• Right to object or restrict international transfer

19. Security of Personal Data

19.1 Security Commitment

The security of your Personal Data is of paramount importance to us. We implement comprehensive security measures including encryption, multi-factor authentication, access controls, firewalls, intrusion detection systems, regular security audits, and continuous monitoring.

19.2 Security Limitations

No method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security despite best efforts. You transmit information to us at your own risk.

Mitigation:

• We maintain comprehensive cyber insurance
• We continuously update security measures to address emerging threats
• We monitor industry best practices and adapt accordingly

19.3 User Responsibility

You are responsible for:

• Maintaining confidentiality of your Account credentials
• Promptly notifying us of unauthorized access
• Not sharing your password with others
• Logging out of your Account on shared devices
• Reviewing account activity regularly

20. Children’s Privacy

20.1 Age Restriction

Our Service is not designed for or intentionally directed to individuals under 18 years of age. We do not knowingly collect personal data from children.

20.2 Definition of Child

For purposes of this Policy, “Child” means any natural person under 18 years of age, as per Section 10 of the DPDP Act.

20.3 Parental Consent

If a parent or guardian believes their child has provided us with Personal Data, please immediately contact us with:

• Child’s name and identification
• Evidence of parental/guardianship relationship
• Consent request or deletion request

20.4 Removal of Child Data

Upon receiving notice that data of a minor was collected:

• We immediately cease processing
• We delete such data from our records within 30 days
• We send confirmation to the parent/guardian

20.5 Enhanced Protection for Minors

If we inadvertently process data of a child with proper parental consent:

• Parental consent is documented and retained
• Processing is strictly limited to necessary purposes
• Data is deleted upon child’s request or reaching age 18
• Enhanced security measures apply
• We do not share data with Service Providers except those providing necessary services with equivalent protection

21. Links to Third-Party Websites

21.1 Third-Party Links

Our Service may contain hyperlinks to third-party websites and applications not operated by us. We do not operate or control these sites and are not responsible for their content, practices, or policies.

21.2 No Endorsement

Inclusion of a link does not imply endorsement, affiliation, or approval of the third-party website.

21.3 Privacy Responsibility

You are solely responsible for reviewing the privacy policies of third-party sites before submitting information. We strongly advise:

• Reviewing Privacy Policies of all external sites
• Understanding their data handling practices
• Verifying security before entering sensitive information
• We have no control over and assume no responsibility for third-party practices

22. Changes to This Privacy Policy

22.1 Right to Update

We may update this Privacy Policy periodically to reflect:

• Changes in applicable laws or regulations
• Modifications to our data practices
• Technological advancements or new Services
• User feedback and improved clarity

22.2 Notification Procedure

For material changes:

Notice: Posted on this webpage with updated date; email notification to registered address; prominent banner or notification on website/app

Effective Date: Changes become effective after 30 days’ notice period; continued use after notification constitutes acceptance

Consent Re-Validation: Where changes require new consent, we seek it explicitly; processing based on previous consent ceases pending new consent

23. Contact Us

23.1 Privacy Inquiries and Requests

For questions, requests, or grievances regarding this Privacy Policy or our data practices:

Data Protection Officer

• Name: [To be designated]
• Title: Data Protection Officer
• Email: dpo@adnakgroup.com
• Phone: +91-XXXXXXXXXX
• Office Hours: Monday-Friday, 9:30 AM – 5:30 PM IST
• Response Time: Within 10 business days

Alternative Contact

• Company Address: Adnak Group, 2-1-31, Sri Rama Nagar, Uppal, Hyderabad, Telangana 500039, India
• General Email: info@adnakgroup.com
• Website: AdnakGroup.com

23.2 Types of Requests Handled

• Data access requests
• Correction or erasure requests
• Consent withdrawal
• Right to object or restrict processing
• Data portability requests
• Grievance complaints
• Policy clarifications
• Breach notifications
• General privacy inquiries

23.3 Request Process

1. Submit Request: Email to DPO with clear description
2. Acknowledgment: We acknowledge receipt within 5 business days
3. Verification: We verify your identity before processing
4. Response: Provide response within 30 days (extendable by 30 days)
5. Escalation: If unsatisfied, you may appeal or escalate to Data Protection Board of India

DOCUMENT GOVERNANCE

References

[1] Government of India, Ministry of Electronics and Information Technology. (2023). Digital Personal Data Protection Act, 2023. https://www.meity.gov.in

[2] Government of India, Ministry of Electronics and Information Technology. (2025). Digital Personal Data Protection Rules, 2025.

[3] Government of India. (2000). Information Technology Act, 2000. https://www.indiacode.nic.in

[4] Government of India. (2011). Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

[5] Government of India. (1950). Constitution of India, Article 21 – Protection of Life and Personal Liberty. https://indianconstitution.nic.in

This Privacy Policy and Data Privacy Statement supersede all previous versions and are effective as of 26 December 2025.

© 2025 Adnak Group. All Rights Reserved. This document is confidential and proprietary. Unauthorized reproduction or distribution is prohibited without prior written consent.

For printed or PDF versions, contact: info@adnakgroup.com