Eureka Forbes Limited (EFL) Privacy Policy

Effective Date: 31-12-2025
 

At Eureka Forbes Limited ("EFL," "we," "us," or "our"), we are committed to protecting the privacy and personal data of our customers, employees, partners, and all individuals who interact with our products, services, and website. This Privacy Policy outlines how we collect, use, store, disclose, and protect your personal data in compliance with the Digital Personal Data Protection Act, 2023 ("DPDP Act") and its associated rules and regulations.


1. Definitions

 

  1. Personal Data: Any data about an individual who is identifiable by or in relation to such data.
  2. Data Principal: The individual to whom the personal data relates.
  3. Data Fiduciary: Any person who alone or in conjunction with other persons determines the purpose and means of processing of personal data. (In this policy, EFL is the Data Fiduciary).
  4. Data Processor: Any person who processes personal data on behalf of a Data Fiduciary.
  5. Processing: Any operation or set of operations performed on personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
  6. Consent: Any unconditional, clear affirmation and an affirmative action, and signifies an agreement to the processing of their personal data for the specified purpose.


2. Principles of Data Processing


EFL adheres to the following principles when processing personal data:
 

  1. Lawfulness, Fairness, and Transparency: Personal data is processed lawfully, fairly, and in a transparent manner.
  2. Purpose Limitation: Personal data is collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
  3. Data Minimisation: Personal data collected is adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
  4. Accuracy: Personal data is accurate and, where necessary, kept up to date.
  5. Storage Limitation: Personal data is kept in a form which permits identification of Data Principals for no longer than is necessary for the purposes for which the personal data are processed.
  6. Integrity and Confidentiality: Personal data is processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organisational measures.
     

3. What Personal Data Do We Collect?


We may collect various types of personal data, including but not limited to:
 

  1. Contact Information: Name, address, email address, phone number.
  2. Demographic Information: Age, gender, date of birth.
  3. Financial Information: Payment details, bank account, wallet information (for transactions).
  4. Identification Information: Government-issued IDs (e.g., Aadhaar, PAN, Passport) where required by law or for specific services.
  5. Service Usage Data: Information about how you use our products and services, including website browsing history, IP address, device information, and location data.
  6. Customer Service Interactions: Records of communications with our customer support.
  7. Employment-Related Data: For employees, this includes employment history, qualifications, performance reviews, and other HR-related data.
  8. Marketing and Communication Preferences: Your preferences for receiving marketing communications from us.


4. How Do We Collect Your Personal Data?
 

We collect personal data through various channels, including:

 

  1. Directly from you: When you purchase our products or services, register on our website, fill out forms, participate in surveys, or interact with our customer service.
  2. Through our website and mobile applications: Via cookies, web beacons, and other tracking technologies.
  3. From third-party sources: With your consent, or where legally permitted, from partners, public databases, or social media platforms.
  4. Through our employees and agents: During service visits, sales interactions, or other direct engagements.


5. How Do We Use Your Personal Data?
 

We use your personal data for the following purposes:

 

  1. To provide and manage our products and services: Including order fulfillment, delivery, installation, maintenance, and customer support.
  2. To process payments and manage accounts.
  3. To communicate with you: Regarding your orders, services, updates, and promotional offers (where you have consented).
  4. To improve our products, services, and user experience: Through data analysis, research, and feedback.
  5. For marketing and promotional activities: To send you relevant offers, newsletters, and information about new products or services, based on your preferences.
  6. To comply with legal and regulatory obligations: Including tax, audit, and reporting requirements.
  7. For internal business operations: Such as human resources management, accounting, and risk management.
  8. To detect and prevent fraud, security breaches, and other illegal activities.
     

6. Lawful Basis for Processing


We will only process your personal data when we have a lawful basis to do so, including:
 

  1. Consent: Where you have given clear consent for us to process your personal data for a specific purpose.
  2. Contractual Necessity: Where processing is necessary for the performance of a contract with you or to take steps at your request before entering into a contract.
  3. Legal Obligation: Where processing is necessary for compliance with a legal obligation to which EFL is subject.
  4. Legitimate Interests: Where processing is necessary for the purposes of the legitimate interests pursued by EFL or by a third party, except where such interests are overridden by your interests or fundamental rights and freedoms.


7. Disclosure of Personal Data
 

We may share your personal data with:

 

  1. Our Affiliates and Group Companies: For internal administrative purposes and to provide integrated services.
  2. Service Providers and Business Partners: Who perform services on our behalf (e.g., payment processors, logistics partners, IT service providers, marketing agencies). These third parties are contractually obligated to protect your data and use it only for the purposes for which it was disclosed.
  3. Government Authorities and Regulators: When required by law, court order, or to comply with legal processes.
  4. In the event of a merger, acquisition, or sale of assets: Your personal data may be transferred to the acquiring entity.
     

We will ensure that any third party with whom we share your personal data provides a level of data protection consistent with this Privacy Policy and the DPDP Act.


8. International Data Transfers
 

Your personal data may be transferred to, and stored at, a destination outside of India. Where such transfers occur, we will ensure that appropriate safeguards are in place to protect your personal data in accordance with the DPDP Act.


9. Data Security


We implement robust technical and organisational measures to protect your personal data from unauthorised access, alteration, disclosure, or destruction. These measures include:

 

  1. Encryption: For data in transit and at rest where appropriate.
  2. Access Controls: Limiting access to personal data to authorised personnel only.
  3. Regular Security Audits: To identify and address vulnerabilities.
  4. Employee Training: On data protection and privacy best practices.
  5. Incident Response Plan: To address any potential data breaches promptly.
     

10. Your Rights as a Data Principal/Customer


Under the DPDP Act, you have the following rights concerning your personal data:
 

  1. Right to Access Information: You have the right to obtain confirmation from us as to whether or not personal data concerning you is being processed, and, where that is the case, access to the personal data.
  2. Right to Correction and Erasure: You have the right to request the correction of inaccurate or misleading personal data and the erasure of personal data that is no longer necessary for the purpose for which it was collected.
  3. Right to Grievance Redressal: You have the right to have your grievances redressed by us.
  4. Right to Nominate: You have the right to nominate another individual to exercise your rights in the event of your death or incapacity.


To exercise any of these rights, please contact our Data Protection Officer using the details provided below. We will respond to your request in accordance with applicable law.
 

11. Data Retention


We will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.
 

12. Children's Privacy
 

Our products and services are not directed at individuals under the age of 18. We do not knowingly collect personal data from children without parental consent. If we become aware that we have collected personal data from a child without appropriate consent, we will take steps to delete such information.
 

13. Changes to This Privacy Policy
 

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated policy on our website or through other appropriate communication channels. We encourage you to review this Privacy Policy periodically.
 

14. Contact Us


If you have any questions about this Privacy Policy or our data protection practices, or if you wish to exercise your rights, please contact our Data Protection Officer:
 

Data Protection Officer: Eureka Forbes Limited 
 

dpo@eurekaforbes.com
B1/B2, 701, 7th Floor, Marathon Innova,
Off. Ganpatrao Kadam Marg, 
Lower Parel (West), Mumbai, 
Maharashtra – 400013 

 

WhatsappButton