Privacy Policy

1. INTRODUCTION AND COMMITMENT TO PRIVACY

1.1 Overview

Fizito Envirotech Pvt. Ltd. ("Company," "we," "us," or "our") is committed to protecting the privacy and personal data of all visitors, customers, and users of our website www.fizitoenvirotech.com ("Website") and all associated services ("Services").

1.2 Privacy Policy Purpose

This Privacy Policy explains:

(a) What personal data we collect;
(b) How we collect and process your personal data;
(c) Why we collect and use your information;
(d) How we protect your data;
(e) Your rights regarding your personal data;
(f) How long we retain your information;
(g) Our contact information for privacy-related inquiries.

1.3 Applicability

This Privacy Policy applies to all individuals who:

(a) Access or browse our Website;
(b) Place orders or purchase Products;
(c) Subscribe to our services or communications;
(d) Interact with our business through any digital channel;
(e) Provide information to us in any manner.

1.4 Legal Framework

This Privacy Policy complies with:

(a) India's Digital Personal Data Protection Act (DPDPA), 2023;
(b) Information Technology Act, 2000, and Rules thereunder;
(c) Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011;
(d) Consumer Protection Act, 2019;
(e) General Data Protection Regulation (GDPR) for EU residents;
(f) All other applicable data protection and privacy laws.

2. DEFINITIONS

2.1 Key Definitions

"Personal Data" means any information relating to an identified or identifiable natural person, including but not limited to name, address, email, phone number, IP address, device identifiers, and transaction information.
"Sensitive Personal Data" means personal data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, health data, data concerning sex life or sexual orientation.
"Data Principal" means the individual to whom personal data relates.
"Data Fiduciary" means the Company or entity that determines the purpose and means of processing personal data.
"Data Processor" means any person or entity that processes personal data on behalf of the Data Fiduciary.
"Processing" means any operation performed on personal data, including collection, recording, organization, structuring, storage, use, analysis, transmission, or deletion.
"Consent" means voluntary, informed, unambiguous, and specific agreement by the Data Principal for processing of their personal data.
"Cookie" means a small text file stored on a user's device for tracking and analytical purposes.

3. WHAT PERSONAL DATA WE COLLECT

3.1 Data Collected Directly from You

We collect personal data when you voluntarily provide it through:

(a) Website Registration/Account Creation:
- Full name
- Email address
- Phone number
- Postal address (including city, state, postal code)
- Date of birth
- Gender (optional)
- Business entity information (if applicable)
- GST number (if provided)

(b) Order Placement:
- Shipping and billing address
- Payment information (processed securely through payment gateways)
- Order history and preferences
- Product specifications and customization requests
- Quantity and delivery preferences

(c) Communication and Support:
- Enquiries and messages submitted through contact forms
- Customer support tickets and correspondence
- Feedback, reviews, and ratings
- Complaint details and grievance information

(d) Newsletter and Subscriptions:
- Email address for marketing communications
- Subscription preferences and interests
- Communication frequency preferences

(e) Website Forms and Surveys:
- Information from contact forms
- Responses to surveys and questionnaires
- Product inquiry details

3.2 Data Collected Automatically

We automatically collect certain information about your interaction with the Website:

(a) Device Information:
- Device type (computer, mobile, tablet)
- Operating system and version
- Device identifiers and unique device IDs
- Browser type and version
- Device settings and software

(b) Network and Usage Information:
- IP address (Internet Protocol address)
- Internet Service Provider (ISP) information
- Connection type
- Pages accessed and duration of visits
- Referring website or link
- Search queries and keywords used
- Date and time of access

(c) Cookie and Tracking Data:
- Cookie identifiers
- Web beacon and pixel tracking information
- Session data
- Tracking pixels and similar technologies

(d) Location Information:
- Approximate geographic location derived from IP address
- GPS location (only if you grant explicit permission)
- Location-based service data

(e) Browsing Behavior:
- Pages viewed and interaction patterns
- Time spent on specific pages
- Links clicked
- Downloads initiated
- Search history within the Website

3.3 Data from Third Parties

We may receive personal data about you from:

(a) Payment gateways and processors;
(b) Delivery and logistics partners;
(c) Business partners and affiliates;
(d) Publicly available sources;
(e) Third-party service providers;
(f) Social media platforms (if you link accounts or authorize integration);
(g) Government databases (for verification purposes where permitted);
(h) Marketing partners and data brokers (where lawful).

3.4 Children's Data

We do not knowingly collect personal data from individuals under 18 years of age. If we become aware that we have collected data from a minor without appropriate parental consent, we shall delete such data immediately. Parents or guardians who believe we have collected data about their child should contact us immediately.

4. PURPOSE AND LEGAL BASIS FOR DATA PROCESSING

4.1 Purposes of Data Collection and Processing

We process your personal data for the following legitimate purposes:

(a) Service Delivery:
- Creating and managing your account
- Processing and fulfilling orders
- Providing products and services
- Arranging delivery and logistics
- Technical support and customer service
- Resolving disputes and complaints

(b) Communication:
- Sending order confirmations and shipping notifications
- Responding to inquiries and support requests
- Providing transactional communications
- Updates about product changes or recalls
- Service announcements

(c) Marketing and Promotional Activities:
- Sending newsletters, promotions, and special offers (with consent)
- Personalizing marketing communications
- Conducting marketing campaigns
- Market research and customer analysis
- Product recommendations based on preferences

(d) Business Operations:
- Maintaining accurate records
- Generating invoices and financial statements
- GST and tax compliance
- Business analytics and performance monitoring
- Inventory management

(e) Legal and Compliance Obligations:
- Complying with legal requirements and court orders
- Regulatory compliance and audits
- Fraud prevention and detection
- Security and data protection compliance
- Dispute resolution

(f) Website Improvement:
- Analytics and performance monitoring
- Identifying usage patterns and trends
- Testing and optimizing website functionality
- Enhancing user experience
- Conducting A/B testing

(g) Security and Fraud Prevention:
- Preventing fraudulent transactions
- Detecting unauthorized access attempts
- Implementing security measures
- Investigating suspicious activities
- Protecting against cyber threats

4.2 Legal Basis for Processing

Our processing of your personal data is based on:

(a) Consent: You have given explicit, informed consent for processing (DPDPA Section 7);
(b) Contractual Obligation: Processing is necessary to perform our contract with you (order fulfillment);
(c) Legal Obligation: We are required by law to process your data (tax laws, consumer protection laws);
(d) Legitimate Interest: We have a legitimate interest in processing your data that is not overridden by your rights (business operations, fraud prevention);
(e) Public Interest: Processing is necessary for matters of public interest;
(f) Vital Interest: Processing is necessary to protect vital interests of any person.

4.3 Processing Without Consent

Certain processing activities do not require explicit consent:

(a) Processing necessary for contract performance;
(b) Processing required by law or court order;
(c) Processing for legitimate business interests (balanced against your privacy rights);
(d) Processing for anonymized analytics and statistical purposes;
(e) Emergency processing to protect life, health, or safety.

5. DATA SHARING AND DISCLOSURE

5.1 Parties with Whom We Share Data

We may share your personal data with:

(a) Service Providers and Partners:
- Payment processors and financial institutions
- Logistics and delivery partners
- Email service providers
- Customer relationship management platforms
- Analytics service providers
- Cloud hosting providers
- Website hosting and maintenance providers

(b) Government and Legal Authorities:
- Law enforcement agencies (with legal process)
- Regulatory bodies and compliance authorities
- Tax authorities and revenue departments
- Courts and judicial bodies
- Government departments (when legally required)

(c) Business Partners:
- Affiliates and subsidiary companies
- Strategic partners
- Co-marketing partners
- Suppliers and vendors

(d) Consent-Based Sharing:
- Third parties explicitly authorized by you
- Social media platforms (when you authorize integration)
- Marketing partners (when you consent)

5.2 Data Sharing Agreements

All third parties who receive your personal data are bound by:

(a) Written data processing agreements;
(b) Confidentiality obligations;
(c) Data security requirements;
(d) Restrictions on data use;
(e) Data protection compliance requirements.

5.3 Non-Disclosure

We do not:

(a) Sell your personal data to third parties;
(b) Share data for commercial purposes without explicit consent;
(c) Disclose data to data brokers or aggregators;
(d) Use data for purposes incompatible with stated purposes without re-consent;
(e) Share sensitive personal data without explicit, informed consent.

5.4 International Data Transfer

If personal data is transferred outside India:

(a) Transfer is only to countries with adequate data protection;
(b) Transfer complies with GDPR requirements for EU data;
(c) Standard contractual clauses or adequacy decisions are implemented;
(d) Additional safeguards protect your data;
(e) You will be notified of international transfers.

6. DATA SECURITY AND PROTECTION

6.1 Security Measures

We implement comprehensive technical and organizational measures to protect your personal data:

(a) Technical Security:
- SSL/TLS encryption for data in transit
- AES-256 encryption for data at rest
- Secure payment gateway (PCI DSS compliant)
- Web application firewalls
- Intrusion detection systems
- Regular security patching and updates

(b) Access Control:
- Role-based access control
- Principle of least privilege
- Multi-factor authentication for sensitive systems
- Access logs and monitoring
- Employee authentication protocols

(c) Organizational Measures:
- Employee training on data protection
- Confidentiality agreements with employees
- Background verification for staff
- Segregation of sensitive data
- Regular security audits
- Third-party security assessments

(d) Physical Security:
- Secured server facilities
- Access control systems
- Surveillance and monitoring
- Backup and disaster recovery procedures

6.2 Data Breach Response

In the event of a data breach:

(a) We shall notify affected Data Principals without undue delay;
(b) Notification shall include details of the breach and remedial actions;
(c) We shall comply with breach notification timelines (typically 72 hours);
(d) We shall cooperate with regulatory authorities;
(e) We shall implement corrective measures to prevent recurrence.

6.3 Limitations

While we implement robust security measures, no system is completely secure. We cannot guarantee absolute security. Your transmission of data is at your own risk.

7. YOUR PRIVACY RIGHTS

7.1 Rights under DPDPA

You have the following rights regarding your personal data:

(a) Right to Access:
- You have the right to obtain confirmation of whether your data is processed
- You can request access to your personal data
- We shall provide a copy within 30 days of request
- Access is provided free of charge

(b) Right to Correction:
- You can request correction of inaccurate or incomplete data
- We shall correct data without undue delay
- Corrections shall be communicated to recipients

(c) Right to Erasure:
- You can request deletion of your personal data in certain circumstances
- Deletion is subject to legal and contractual obligations
- We shall delete data unless retention is required by law

(d) Right to Restrict Processing:
- You can restrict processing of your data in certain circumstances
- We shall suspend processing upon request
- Data shall not be used except with your consent (except storage)

(e) Right to Data Portability:
- You can request a copy of your data in structured format
- We shall provide data in a machine-readable format
- You can transmit data to another service provider

(f) Right to Withdraw Consent:
- You can withdraw consent for processing at any time
- Withdrawal does not affect prior processing legality
- We shall cease processing upon withdrawal

(g) Right to Lodge Complaints:
- You can lodge complaints with the Data Protection Board of India
- You have the right to pursue legal remedies
- You can file complaints with regulatory authorities

7.2 Exercising Your Rights

To exercise any of these rights:

(a) Submit a written request to privacy@fizitoenvirotech.com;
(b) Include "Data Subject Right Request" in the subject line;
(c) Provide sufficient identification information;
(d) Specify which right you are exercising;
(e) Include supporting documentation if applicable;
(f) We shall respond within 30 days (extendable to 60 days if necessary).

7.3 GDPR Rights (for EU Residents)

EU residents have additional rights under GDPR:

(a) Enhanced consent requirements;
(b) Right to object to processing;
(c) Right to automated decision-making rights;
(d) Data Protection Officer contact rights;
(e) Right to lodge complaints with EU Data Protection Authorities;
(f) Enhanced deletion and rectification rights.

8. DATA RETENTION AND DELETION

8.1 Retention Periods

We retain your personal data for periods necessary to fulfill the stated purposes:

(a) Account Information: Retained for the duration of the account and 6 months after closure;
(b) Order and Transaction Data: Retained for 7 years (for GST and tax compliance);
(c) Communication Records: Retained for 3 years;
(d) Marketing Data: Retained as long as you remain subscribed; deleted upon unsubscription;
(e) Website Analytics: Retained for 2 years;
(f) Customer Support Records: Retained for 3 years;
(g) Security and Fraud Data: Retained for 2-3 years;
(h) Legal Holds: Retained as long as litigation or regulatory matters are pending;
(i) Payment Records: Retained for 7 years (statutory requirement).

8.2 Deletion Upon Request

We shall delete your personal data upon request unless:

(a) Deletion is prohibited by law;
(b) Retention is necessary for legal compliance;
(c) Outstanding contractual obligations exist;
(d) Data is necessary for security or fraud prevention;
(e) Data has already been anonymized;
(f) Ongoing litigation or disputes exist.

8.3 Anonymization

Data that cannot be deleted shall be anonymized, meaning it can no longer be linked to you.

9. COOKIES AND TRACKING TECHNOLOGIES

9.1 Cookies

Cookies are small text files stored on your device. We use:

(a) Essential Cookies: Necessary for website functionality;
(b) Preference Cookies: Remember your choices and settings;
(c) Analytics Cookies: Track website usage and performance;
(d) Marketing Cookies: Track marketing effectiveness and personalize ads.

9.2 Cookie Management

(a) You can control cookies through browser settings;
(b) Most browsers allow you to refuse cookies or warn you when cookies are sent;
(c) Disabling certain cookies may limit website functionality;
(d) We provide a cookie consent banner upon first visit;
(e) You can withdraw cookie consent at any time.

9.3 Third-Party Cookies

Third-party service providers (Google Analytics, social media platforms) may place cookies on your device. Review their privacy policies for details.

9.4 Tracking Technologies Beyond Cookies

We may also use:

(a) Web beacons and pixels;
(b) Local storage and similar technologies;
(c) Device fingerprinting;
(d) Cross-device tracking;
(e) Similar tracking mechanisms.

10. MARKETING COMMUNICATIONS

10.1 Opt-In and Opt-Out

(a) We send marketing communications only with explicit consent;
(b) You can opt-in by checking relevant boxes during registration;
(c) Every marketing email contains an unsubscribe link;
(d) You can unsubscribe anytime by clicking the unsubscribe link;
(e) You can manage preferences in your account settings.

10.2 Marketing Channels

We may send communications via:

(a) Email newsletters and promotions;
(b) SMS messages (with consent);
(c) Push notifications (if you have enabled them);
(d) Social media messages;
(e) In-app notifications.

10.3 Personalized Marketing

(a) We use your data to personalize marketing based on preferences and behavior;
(b) You can disable personalization in privacy settings;
(c) Opting out of personalization does not remove ads but makes them less relevant.

10.4 Do Not Track Signals

If you send a "Do Not Track" signal, we shall honor it to the extent permitted by law.

11. THIRD-PARTY LINKS AND EXTERNAL CONTENT

11.1 Third-Party Websites

The Website may contain links to third-party websites, apps, and services. We are not responsible for their privacy practices. You should review their privacy policies independently.

11.2 Social Media

If you link your account to social media platforms, those platforms may collect data. Review their privacy policies.

11.3 External Content Integration

External content (videos, forms, widgets) may involve third-party data collection. Review relevant privacy policies.

12. CALIFORNIA CONSUMER PRIVACY ACT (CCPA) - FOR CALIFORNIA RESIDENTS

12.1 CCPA Disclosure

If you are a California resident, you have rights under CCPA:

(a) Right to Know: Request what personal information is collected, used, and shared;
(b) Right to Delete: Request deletion of collected personal information;
(c) Right to Opt-Out: Opt-out of sale or sharing of personal information;
(d) Right to Correct: Request correction of inaccurate personal information;
(e) Right to Limit: Limit use and disclosure to necessary purposes;
(f) Right to Non-Discrimination: We will not discriminate against you for exercising CCPA rights.

12.2 Submitting CCPA Requests

Submit requests to privacy@fizitoenvirotech.com with "CCPA Request" in the subject line.

13. CHILD SAFETY

13.1 Age Restrictions

Our Website and Services are not intended for individuals under 18 years of age. We do not knowingly collect data from minors.

13.2 Parental Involvement

If a child's data is collected, we shall:

(a) Obtain verifiable parental consent;
(b) Limit collection to necessary information;
(c) Delete data upon parental request;
(d) Comply with COPPA (Children's Online Privacy Protection Act) if applicable.

13.3 Reporting Concerns

If you believe we have collected data about a minor, contact us immediately at privacy@fizitoenvirotech.com.

14. PRIVACY POLICY UPDATES

15. CONTACT INFORMATION FOR PRIVACY MATTERS

14.1 Changes to This Policy

We may update this Privacy Policy periodically to:

(a) Reflect changes in data practices;
(b) Comply with new legal requirements;
(c) Improve clarity and transparency;
(d) Address new security or privacy concerns.

14.2 Notification of Changes

(a) Significant changes shall be communicated via email;
(b) A notice shall be posted on the Website;
(c) Updated policies are effective immediately upon posting;
(d) Continued use of the Website constitutes acceptance;
(e) If you object to changes, discontinue use of the Website.

14.3 Policy Version Control

This Privacy Policy is effective from November 25, 2025. Previous versions are available upon request.

15.1 Data Protection Officer (DPO)

While we do not currently have a formal DPO appointment, for all privacy-related matters, contact:

Privacy Inquiry Contact:

Fizito Envirotech Pvt. Ltd.

Email: privacy@fizitoenvirotech.com

Website: www.fizitoenvirotech.com

Registered Office: Shop 156, First Floor, Vision 9 Mall, Pimple Saudagar, Pune, Pimpri-Chinchwad, Maharashtra 411027.
Office No. 408, 4th Floor, Kohinoor B Zone Building, Beside Vijay Sales, Opposite City One Mall, Old Mumbai–Pune Highway, Chinchwad, Pune 411018.

15.2 Response Timeline

We shall respond to privacy inquiries within 7-14 business days. Complex requests may require additional time (up to 30 days).

15.3 Escalation

If you are unsatisfied with our response, you may escalate to:

(a) Data Protection Board of India (once established under DPDPA);
(b) National Consumer Disputes Redressal Commission (for consumer complaints);
(c) Relevant State Data Protection Authority (if established);
(d) Regulatory authorities having jurisdiction.

16. GDPR-SPECIFIC PROVISIONS (FOR EU RESIDENTS)

16.1 Legal Basis for Processing (GDPR)

We process personal data of EU residents based on:

(a) Consent (Article 6.1.a);
(b) Contract performance (Article 6.1.b);
(c) Legal obligation (Article 6.1.c);
(d) Vital interests (Article 6.1.d);
(e) Public task (Article 6.1.e);
(f) Legitimate interests (Article 6.1.f).

16.2 Data Subject Rights (GDPR)

EU residents have rights to:

(a) Access, rectification, and erasure;
(b) Restrict processing;
(c) Data portability;
(d) Object to processing;
(e) Rights related to automated decision-making;
(f) Lodge complaints with supervisory authorities.

16.3 International Data Transfer

Transfers to India are conducted under appropriate safeguards:

(a) Standard contractual clauses (if adequacy decision lacking);
(b) Binding corporate rules;
(c) Supplementary measures ensuring adequate protection;
(d) EU adequacy decisions (where applicable).

16.4 Data Protection Authorities

EU residents can lodge complaints with their national data protection authority:

(a) Information available at https://edpb.eu/;
(b) Each EU member state has a supervisory authority;
(c) You have the right to lodge complaints without prejudice to other remedies.

17. INDIA-SPECIFIC PROVISIONS (DPDPA)

18. DISCLAIMER AND LIMITATION

17.1 Legal Framework

This policy complies with India's Digital Personal Data Protection Act, 2023, and the Information Technology Act, 2000.

17.2 Reasonable Security

We implement reasonable security practices as per IT Rules, 2011, including encryption, firewalls, and access controls.

17.3 GST Compliance

Personal data required for GST compliance is processed in accordance with GST Act, 2017.

17.4 Breach Notification

Data breaches shall be reported to affected persons and authorities without undue delay.

17.5 Right to Information

You have the right to information about data processing under the Right to Information Act, 2005, where applicable.

18.1 No Absolute Guarantee

While we implement robust security measures, no system is completely secure. We cannot guarantee absolute protection against:

(a) Unauthorized access;
(b) Data breaches;
(c) Cyber attacks;
(d) Malicious software;
(e) Third-party vulnerabilities.

18.2 Your Responsibility

You are responsible for:

(a) Maintaining confidentiality of passwords;
(b) Reporting unauthorized access;
(c) Using secure networks;
(d) Keeping personal information updated;
(e) Being cautious with personal data shared online.

19. GOVERNING LAW

This Privacy Policy is governed by the laws of India, specifically:

(a) Digital Personal Data Protection Act, 2023;
(b) Information Technology Act, 2000;
(c) Consumer Protection Act, 2019;
(d) For EU residents: GDPR (EU Regulation 2016/679);
(e) All other applicable privacy and data protection laws.

Disputes shall be resolved through arbitration or courts of competent jurisdiction in Pune, Maharashtra, India.

20. ACKNOWLEDGMENT AND CONSENT

By accessing or using the Website and Services, you:

(a) Acknowledge that you have read and understood this Privacy Policy;
(b) Consent to the collection and processing of your personal data as described;
(c) Agree to be bound by this policy;
(d) Confirm that the information you provide is accurate and lawful;
(e) Agree that you have the authority to provide information on behalf of any organization you represent.

This Privacy Policy was last updated on November 25, 2025. We encourage you to review it periodically for updates. For questions or concerns regarding this policy, please contact us using the information provided above.

Your privacy is important to us. We are committed to transparent, lawful, and ethical handling of your personal data.

Fizito Envirotech Pvt. Ltd.

Website: www.fizitoenvirotech.com
Email: privacy@fizitoenvirotech.com