Privacy Policy
Green Aura Environmental Solutions Private Limited
Last Updated: July 24, 2025
1. Scope and Consent
This Privacy Policy ("Policy") governs the collection, processing, storage, disclosure, and transfer of Personal Data and Sensitive Personal Data or Information ("SPDI") by Green Aura Environmental Solutions Private Limited, a company incorporated under the Companies Act, 2013, having its registered office at [Address], India ("Company", "we", "us", or "our") through our website https://greenaura.org.in and associated digital platforms ("Platform").
This Policy is formulated in compliance with the Information Technology Act, 2000 ("IT Act"), the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), and applicable provisions of the General Data Protection Regulation ("GDPR") for users within the European Economic Area.
2. Definitions
For the purposes of this Privacy Policy, the following terms shall have the meanings ascribed below:
"Personal Data" means any information relating to an identified or identifiable natural person who can be identified, directly or indirectly, by reference to an identifier such as a name, identification number, location data, online identifier, or one or more factors specific to physical, physiological, genetic, mental, economic, cultural, or social identity.
"Sensitive Personal Data or Information (SPDI)" includes passwords, financial information (bank account, credit card, debit card details), physical and mental health condition, sexual orientation, medical records, biometric information, and any detail relating to the aforementioned categories received under lawful contract or otherwise.
"Data Controller" means the natural or legal person who, alone or jointly with others, determines the purposes and means of processing Personal Data.
"Data Processor" means a natural or legal person who processes Personal Data on behalf of the Data Controller.
"Processing" encompasses any operation performed on Personal Data, including collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, restriction, erasure, or destruction.
"Consent" means any freely given, specific, informed, and unambiguous indication of the Data Subject's wishes by which they signify agreement to the processing of Personal Data relating to them.
3. Categories of Data Collected
3.1 Information Collected Directly
We collect Personal Data that you voluntarily provide when engaging with our Platform, including but not limited to:
(a) Identity Data: Full name, date of birth, gender, photographs, and government-issued identification numbers;
(b) Contact Data: Postal address, email address, telephone numbers, and emergency contact information;
(c) Professional Data: Employment details, business information, professional qualifications, and corporate affiliations;
(d) Transactional Data: Payment information, billing address, purchase history, and financial transaction records;
(e) Communication Data: Correspondence, feedback, survey responses, and customer service interactions.
3.2 Information Collected Automatically
Our Platform automatically collects certain technical and usage information through various technological means:
| Data Category | Information Collected | Collection Method |
|---|---|---|
| Technical Data | IP address, browser type, operating system, device identifiers | Server logs, Device fingerprinting |
| Usage Data | Page views, click streams, session duration, navigation patterns | Analytics tools, Tracking pixels |
| Location Data | Geographic location, IP-based location data | GPS, IP geolocation |
3.3 Third-Party Sources
We may obtain Personal Data from legitimate third-party sources, including publicly available databases, social media platforms, business partners, and data aggregators, subject to applicable legal frameworks and contractual obligations.
4. Lawful Purposes and Legal Basis for Processing
We process Personal Data only for legitimate business purposes and in accordance with applicable legal frameworks. The lawful bases for processing include:
Primary Purposes:
• Service delivery and contract performance
• Customer relationship management and support
• Payment processing and financial transactions
• Platform security and fraud prevention
• Regulatory compliance and legal obligations
Secondary Purposes:
• Business analytics and performance optimization
• Marketing communications and promotional activities
• Research and development initiatives
• Strategic business planning and decision-making
5. Cookies and Tracking Technologies
Our Platform employs various tracking technologies to enhance user experience and collect analytical data:
5.1 Cookie Categories
Essential Cookies: Strictly necessary for Platform functionality, security authentication, and session management;
Performance Cookies: Collect aggregated information about Platform usage, performance metrics, and user behavior patterns;
Functional Cookies: Enable enhanced features, personalization, and user preference storage;
Marketing Cookies: Facilitate targeted advertising, conversion tracking, and promotional campaign effectiveness measurement.
5.2 Cookie Management
Users may configure cookie preferences through browser settings or our cookie management interface. Disabling certain cookies may impact Platform functionality and user experience.
6. Data Storage and Retention
6.1 Storage Infrastructure
Personal Data is stored on secure servers located within India and other jurisdictions, utilizing industry-standard encryption protocols, access controls, and backup systems to ensure data integrity and availability.
6.2 Retention Periods
We retain Personal Data for the minimum period necessary to fulfill the purposes outlined in this Policy, subject to legal and regulatory requirements:
• Account data: Duration of active account plus 7 years post-closure
• Transactional records: 10 years as per applicable financial regulations
• Marketing data: Until consent withdrawal or legitimate interest cessation
• Technical logs: 12 months for security and performance monitoring
6.3 Data Disposal
Upon expiration of retention periods, Personal Data is securely deleted or anonymized using industry-approved methods to prevent unauthorized recovery or reconstruction.
7. Security Measures and Protocols
We implement comprehensive technical, administrative, and physical safeguards to protect Personal Data against unauthorized access, disclosure, alteration, or destruction:
7.1 Technical Safeguards
• Advanced encryption algorithms (AES-256) for data at rest and in transit
• Multi-factor authentication and access controls
• Regular security audits and vulnerability assessments
• Intrusion detection and prevention systems
• Secure API endpoints with rate limiting and authentication
7.2 Administrative Controls
• Role-based access controls and principle of least privilege
• Employee training on data protection and privacy practices
• Incident response procedures and breach notification protocols
• Regular policy reviews and compliance assessments
8. Disclosure and Third-Party Access
8.1 Permitted Disclosures
We may disclose Personal Data to third parties under the following circumstances:
Service Providers: Authorized vendors and contractors providing essential services under strict confidentiality agreements;
Legal Requirements: Compliance with court orders, legal processes, government investigations, or regulatory mandates;
Business Transfers: Mergers, acquisitions, or asset transfers involving our business operations;
Emergency Situations: Protection of life, safety, or prevention of serious harm to individuals or property.
8.2 Third-Party Processors
Our authorized third-party processors include cloud service providers, payment processors, analytics platforms, and customer support systems. All processors are contractually obligated to maintain equivalent data protection standards.
8.3 No Sale of Personal Data
We do not sell, rent, or trade Personal Data to third parties for commercial purposes without explicit consent.
9. International Data Transfers
Personal Data may be transferred to, processed, or stored in jurisdictions outside India, including countries that may not provide equivalent data protection standards.
9.1 Transfer Safeguards
International transfers are conducted with appropriate safeguards, including:
• Standard contractual clauses approved by relevant authorities
• Adequacy decisions recognizing equivalent protection levels
• Binding corporate rules for intra-group transfers
• Explicit consent for specific transfer purposes
10. Data Subject Rights
In accordance with applicable privacy laws, Data Subjects possess the following rights regarding their Personal Data:
10.1 Fundamental Rights
Right of Access: Request confirmation of processing activities and obtain copies of Personal Data;
Right of Rectification: Correct inaccurate or incomplete Personal Data;
Right of Erasure: Request deletion of Personal Data under specific legal grounds;
Right of Portability: Receive Personal Data in a structured, machine-readable format;
Right to Restrict Processing: Limit processing activities under certain circumstances;
Right to Object: Object to processing based on legitimate interests or direct marketing;
Right to Withdraw Consent: Revoke previously granted consent at any time.
10.2 Exercise of Rights
Rights requests must be submitted through our designated channels with proper identity verification. We will respond within applicable statutory timeframes and may request additional information to process requests effectively.
11. Children's Privacy Protection
Our Platform and services are not directed toward individuals under the age of 18 years ("Minors"). We do not knowingly collect, process, or solicit Personal Data from Minors without verifiable parental consent.
11.1 Parental Controls
Parents or legal guardians may:
• Review Personal Data collected from their children
• Request correction or deletion of such information
• Refuse further collection or use of children's data
11.2 Discovery of Minor Data
If we discover that Personal Data has been collected from a Minor without proper consent, we will take immediate steps to delete such information and terminate associated accounts.
12. Policy Amendments and Notifications
12.1 Policy Updates
We reserve the right to modify, amend, or update this Privacy Policy at our discretion to reflect changes in our practices, legal requirements, or business operations.
12.2 Notification Procedures
Material changes will be communicated through:
• Prominent notices on our Platform homepage
• Email notifications to registered users
• In-app notifications and pop-up alerts
• Updated effective dates and version control
12.3 Continued Use
Continued use of our Platform following policy updates constitutes acceptance of revised terms. Users who disagree with modifications should discontinue Platform usage and may request account closure.
13. Contact Information and Grievance Redressal
Data Protection Officer
Green Aura Environmental Solutions Private Limited
Attention: Data Protection Officer
Address: No 207B, Thakurpukur Rd, Thakurpukur Bazar, Paschim Barisha,
Kolkata, West Bengal 700063
Email: support@greenaura.org.in
Phone: +91 6291 279 984
Business Hours: Monday to Friday, 9:00 AM to 6:00 PM IST
13.1 Grievance Redressal Mechanism
Our grievance redressal process ensures timely resolution of privacy-related concerns:
Step 1: Submit written complaint with detailed description and supporting documentation
Step 2: Acknowledgment within 48 hours of receipt
Step 3: Investigation and resolution within 30 days
Step 4: Appeal process for unsatisfactory resolutions
13.2 Regulatory Contacts
Users may also contact relevant regulatory authorities:
Indian Computer Emergency Response Team (CERT-In)
Website:
cert-in.org.in
Ministry of Electronics and Information Technology
Website:
meity.gov.in