Privacy & Data
Protection Policy

Siddhanta Power and Engineering Pvt. Ltd. (the “Company”) is committed to protecting the privacy and confidentiality of personal data entrusted to us by our clients, vendors, sub-contractors, employees, and website visitors. This Policy outlines how the Company collects, uses, discloses, and safeguards "Personal Data" and "Sensitive Personal Data" (SPD) as defined under Indian law.

This Policy applies universally to all operations, including project sites, corporate offices, digital platforms, and contractual engagements (EPC, Civil, and Infrastructure projects).

Personal Data: Including but not limited to names, official addresses, email IDs, telephone numbers, and professional qualifications of Client representatives or Vendor personnel.

Sensitive Personal Data (SPD): In accordance with Rule 3 of the IT Rules 2011, the Company may collect:

• Financial information: Bank account details, PAN, GST details for vendor payments and invoicing.
• Biometric information: Strictly for site access control and attendance monitoring at project locations.
• Identity proof: Aadhaar, Passport, or Voter ID for statutory labour law compliance and background verification.

Technical Data: IP addresses, browser types, and cookies collected automatically via the Company’s official web portal to monitor site performance and security.

The Company processes data strictly for "Lawful Purposes" associated with its core business functions:

• Contractual Obligations: For the seamless execution of EPC, civil construction, and structural engineering projects.
• Regulatory Compliance: To comply with GST filings, Income Tax returns, Labour Law registrations, and EPFO/ESIC mandates.
• Security: To monitor site safety through CCTV and biometric access at high-risk infrastructure zones.
• Tendering: For the accurate submission of technical and financial bids in Government (IREPS) and Private tenders.

Express Consent: By explicitly engaging with the Company, entering into a contract, or accessing its digital services, the Data Principal (the individual) provides express consent to the processing of their data as outlined herein.

Withdrawal: A Data Principal may withdraw consent at any time by writing to the Grievance Officer. However, if such data is legally mandatory for an ongoing Contract or Statutory requirement, the Company reserves the right to terminate the associated service, employment, or contract without financial liability.

The Company operates on a strict non-disclosure basis and shall not sell or rent personal data. Disclosure is strictly limited to the following entities:

• Government Authorities: When mandated by law, court order, or for statutory audits (e.g., GST Department, Ministry of Corporate Affairs, Indian Railways).
• Financial Institutions: For processing milestone payments, releasing Advance Bank Guarantees (ABG), and Letters of Credit (LCs).
• Sub-contractors/Consultants: Exclusively on a "need-to-know" basis, provided they have executed Non-Disclosure Agreements (NDAs) adhering to confidentiality obligations no less stringent than this Policy.
• Corporate Transactions: In the event of a corporate merger, acquisition, or asset sale.

Retention Period: The Company shall retain data for the active duration of the Project, through the subsequent Defects Liability Period (DLP), and for a further mandatory period of 8 years to comply with the Companies Act, 2013 and the Limitation Act, 1963.

Security Standards: The Company implements "Reasonable Security Practices" aligned with IS/ISO/IEC 27001 standards, which include:

• End-to-end encryption of all stored financial data.
• Firewall-protected corporate servers with zero-trust architecture.
• Strict access-control logs and permission hierarchies for project-sensitive engineering designs and blueprints.

Under the Digital Personal Data Protection (DPDP) Act 2023, individuals associated with the Company possess the following enforceable rights:

• Right to Access: Request a comprehensive summary of their personal data currently being processed by the Company.
• Right to Correction: Request the immediate rectification of inaccurate, outdated, or incomplete data.
• Right to Erasure: Request the deletion of data once the primary purpose of collection is fulfilled, subject always to overriding legal/statutory retention requirements.

The Company’s digital ecosystem uses cookies to enhance user experience, authenticate sessions, and track performance metrics. Users can adjust browser settings to refuse cookies; however, disabling critical cookies may limit or break the functionality of secure portals (e.g., our internal Vendor Management Systems).

The Company reserves the unilateral right to modify, update, or amend this Privacy Policy at its sole discretion to reflect changes in Indian Law, DPDP Act updates, or internal corporate restructuring. Continued engagement with the Company post-amendment constitutes binding acceptance of the revised terms.

This Privacy Policy is governed entirely by the laws of the Republic of India. Any disputes, claims, or legal proceedings arising directly or indirectly from this policy shall be subject to the exclusive jurisdiction of the competent Courts of Kolkata, West Bengal.