Privacy Policy

How we collect, use, and protect your personal data

This Privacy Policy is published in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act) and applicable rules thereunder, and governs the collection and processing of personal data by Gravit Infra Construction LLP ("Company," "we," "us") through this portal.

1. Data We Collect

We collect the following personal data when you register or submit an application:

  • Identity Data: Full name, Father's/Husband's name, Date of birth
  • Contact Data: Email address, Mobile number, Residential address (city, state, pincode)
  • Government Identifiers: PAN number, Aadhaar number (last 4 digits displayed; full number stored encrypted)
  • Financial Data: Payment screenshot (image), transaction/UTR reference number
  • Technical Data: IP address, browser type, session data (collected automatically for security purposes)

2. Purpose & Legal Basis for Processing

PurposeLegal Basis (DPDP Act)
Account creation & authenticationConsent (at signup)
Processing plot applicationsPerformance of contract
Payment verificationPerformance of contract
Sending OTPs & notificationsConsent & legitimate interest
RERA/regulatory compliance & auditLegal obligation
Fraud prevention & securityLegitimate interest

3. Sensitive Personal Data

PAN and Aadhaar numbers are classified as sensitive identifiers. They are collected solely for KYC purposes in the context of real estate transactions (as required by applicable regulations). They are not used for any other purpose and are not shared with third parties except as required by law. Access is restricted to authorised personnel only.

4. Data Sharing

We do not sell, rent, or trade your personal data. Data may be shared only in these circumstances:

  • With RERA adjudicating officers or courts when legally required
  • With email service providers (for OTP/notification delivery) under data processing agreements
  • With our bank, solely to process refunds

5. Data Retention

Account and application data is retained for a minimum of 7 years after project completion, as required for RERA compliance and dispute resolution. You may request deletion of non-regulatory data by contacting us (see Section 7).

6. Security

We implement reasonable technical and organisational security measures including password hashing (bcrypt), encrypted database connections, HTTPS, session security, and file upload validation. However, no system is completely secure, and we cannot guarantee absolute security.

7. Your Rights Under DPDP Act 2023

As a Data Principal, you have the following rights:

  • Right to Access: Request a copy of personal data we hold about you.
  • Right to Correction: Request correction of inaccurate personal data via your dashboard or by writing to us.
  • Right to Erasure: Request deletion of your account and associated data (subject to legal retention requirements).
  • Right to Grievance Redressal: Contact our grievance officer (details below) for any privacy complaints.
  • Right to Nominate: In case of death or incapacity, you may nominate a person to exercise these rights on your behalf.

To exercise any right, email: info@haridwarhousing.in with subject "Privacy Request." We will respond within 30 days.

8. Cookies

We use session cookies (essential) for authentication and CSRF protection. We do not use tracking or advertising cookies.

9. Changes to This Policy

We may update this policy from time to time. Continued use after changes constitutes acceptance. Significant changes will be notified via email.

10. Grievance Officer

Name: Grievance Officer, Gravit Infra Construction LLP | Email: info@haridwarhousing.in | Address: Gravit Infra Construction LLP, Haridwar, Uttarakhand — 249401