This Privacy Policy is published in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act) and applicable rules thereunder, and governs the collection and processing of personal data by Gravit Infra Construction LLP ("Company," "we," "us") through this portal.
1. Data We Collect
We collect the following personal data when you register or submit an application:
- Identity Data: Full name, Father's/Husband's name, Date of birth
- Contact Data: Email address, Mobile number, Residential address (city, state, pincode)
- Government Identifiers: PAN number, Aadhaar number (last 4 digits displayed; full number stored encrypted)
- Financial Data: Payment screenshot (image), transaction/UTR reference number
- Technical Data: IP address, browser type, session data (collected automatically for security purposes)
2. Purpose & Legal Basis for Processing
| Purpose | Legal Basis (DPDP Act) |
|---|---|
| Account creation & authentication | Consent (at signup) |
| Processing plot applications | Performance of contract |
| Payment verification | Performance of contract |
| Sending OTPs & notifications | Consent & legitimate interest |
| RERA/regulatory compliance & audit | Legal obligation |
| Fraud prevention & security | Legitimate interest |
3. Sensitive Personal Data
PAN and Aadhaar numbers are classified as sensitive identifiers. They are collected solely for KYC purposes in the context of real estate transactions (as required by applicable regulations). They are not used for any other purpose and are not shared with third parties except as required by law. Access is restricted to authorised personnel only.
4. Data Sharing
We do not sell, rent, or trade your personal data. Data may be shared only in these circumstances:
- With RERA adjudicating officers or courts when legally required
- With email service providers (for OTP/notification delivery) under data processing agreements
- With our bank, solely to process refunds
5. Data Retention
Account and application data is retained for a minimum of 7 years after project completion, as required for RERA compliance and dispute resolution. You may request deletion of non-regulatory data by contacting us (see Section 7).
6. Security
We implement reasonable technical and organisational security measures including password hashing (bcrypt), encrypted database connections, HTTPS, session security, and file upload validation. However, no system is completely secure, and we cannot guarantee absolute security.
7. Your Rights Under DPDP Act 2023
As a Data Principal, you have the following rights:
- Right to Access: Request a copy of personal data we hold about you.
- Right to Correction: Request correction of inaccurate personal data via your dashboard or by writing to us.
- Right to Erasure: Request deletion of your account and associated data (subject to legal retention requirements).
- Right to Grievance Redressal: Contact our grievance officer (details below) for any privacy complaints.
- Right to Nominate: In case of death or incapacity, you may nominate a person to exercise these rights on your behalf.
To exercise any right, email: info@haridwarhousing.in with subject "Privacy Request." We will respond within 30 days.
8. Cookies
We use session cookies (essential) for authentication and CSRF protection. We do not use tracking or advertising cookies.
9. Changes to This Policy
We may update this policy from time to time. Continued use after changes constitutes acceptance. Significant changes will be notified via email.
10. Grievance Officer
Name: Grievance Officer, Gravit Infra Construction LLP | Email: info@haridwarhousing.in | Address: Gravit Infra Construction LLP, Haridwar, Uttarakhand — 249401