Privacy Policy

Who We Are

The data controller responsible for your personal information is:

• Company: Amatrons Technologies Pvt Ltd
• Registered Address: B-1, Sector 64, Noida, Uttar Pradesh, India – 201301
• Email: business@amatrons.com
• Website: amatrons.com
• Contact Person: Parimal Roy, Founder & Director

For EU and UK residents, Amatrons Technologies Pvt Ltd acts as the Data Controller under the GDPR and UK GDPR respectively. For UAE residents, we act as the data processor/controller under UAE Federal Decree-Law No. 45 of 2021.

Information We Collect

Information You Provide Directly

When you contact us, fill in a form, or sign an NDA on our website, we collect:

• Full name, job title, and company name
• Email address and phone number
• Company address and country of residence
• Project details and service requirements you share with us
• Digital signature data (when signing an NDA)
• Any other information you voluntarily provide in forms or communications

Information Collected Automatically

When you visit our website, we automatically collect certain technical information:

• IP address and approximate geographic location
• Browser type, version, and operating system
• Pages visited, time spent, and navigation paths
• Referring website or source
• Device type (desktop, tablet, mobile)
• Date and time of your visit

Information from Third Parties

We may receive information about you from third-party sources such as LinkedIn, referral partners, or other professional networks when you engage with our content or are referred to us by an existing client.

How We Use Your Information

We use the personal information we collect for the following purposes:

• To respond to your enquiries — when you contact us via our forms, email, or WhatsApp
• To provide our services — website design, app development, AI automation, and related services
• To execute NDAs — processing and storing signed non-disclosure agreements
• To send you project-related communications — quotes, proposals, project updates, and invoices
• To improve our website — analysing usage patterns to enhance user experience
• To comply with legal obligations — tax records, contractual obligations, and regulatory requirements
• To protect our legitimate business interests — fraud prevention and security
• To send marketing communications — only with your explicit consent, and you may opt out at any time

We do not sell your personal data to third parties. We do not use your data for automated decision-making or profiling.

Legal Basis for Processing

For residents of the European Union and United Kingdom, we process your personal data under the following legal bases as defined in Article 6 of the GDPR:

• Contract performance (Art. 6(1)(b)): Processing necessary to provide services you have requested or to take steps at your request prior to entering a contract
• Legitimate interests (Art. 6(1)(f)): Responding to enquiries, improving our services, and fraud prevention
• Legal obligation (Art. 6(1)(c)): Compliance with tax, accounting, and regulatory requirements
• Consent (Art. 6(1)(a)): For marketing communications — you may withdraw consent at any time by emailing business@amatrons.com

For California residents, we process data as a "business" under the California Consumer Privacy Act (CCPA). We collect the categories of personal information described in Section 2 for the business purposes described in Section 3. We do not "sell" personal information as defined by the CCPA.

For UAE residents, we process personal data in accordance with UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection, based on contractual necessity, legitimate business interests, and your consent where required.

For Indian residents, we process personal data in accordance with the Digital Personal Data Protection Act 2023 (DPDP Act) and the Information Technology Act 2000, based on consent and legitimate uses as defined under applicable law.

How We Share Your Information

We do not sell, rent, or trade your personal information. We may share your data only in the following limited circumstances:

Service Providers

We use the following trusted third-party service providers who may process your data on our behalf:

• Brevo (Sendinblue) — email delivery service for transactional emails. Data processed in the EU. Privacy policy at brevo.com.
• Hostinger — web hosting provider. Servers may be located in various regions. Privacy policy at hostinger.com.
• Google Analytics — website analytics (anonymised). Data processed in the US. You may opt out via browser settings.
• WhatsApp (Meta) — if you contact us via WhatsApp, your data is processed by Meta under their privacy policy.

All service providers are contractually required to process your data only as instructed by us and to maintain appropriate security measures.

Legal Requirements

We may disclose your information if required by law, court order, or governmental authority, or to protect our legal rights, prevent fraud, or ensure the safety of our staff and clients.

Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity, subject to the same privacy protections described in this policy.

Cookies & Tracking Technologies

Our website uses cookies and similar tracking technologies. A cookie is a small text file placed on your device when you visit our website.

Types of Cookies We Use

• Essential cookies: Required for the website to function correctly. Cannot be disabled.
• Analytics cookies: Help us understand how visitors interact with our website (e.g. Google Analytics). These are anonymised.
• Preference cookies: Remember your settings and preferences for future visits.

For a complete list of cookies we use, please see our separate Cookie Policy.

Data Retention

We retain your personal information only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law:

• Enquiry and contact form data: 3 years from last contact, unless a business relationship is established
• Client project data: 7 years from project completion (required for tax and legal compliance)
• Signed NDA records: 7 years from the date of signing (legal records retention requirement)
• Invoice and financial records: 7 years (required under Indian Companies Act and international equivalents)
• Marketing communications: Until you withdraw consent or opt out
• Website analytics data: 26 months (Google Analytics default)

When your data is no longer required, we securely delete or anonymise it in accordance with applicable data protection laws.

Your Rights

Depending on your location, you have specific rights regarding your personal data. We will respond to all legitimate requests within 30 days.

International Data Transfers

Amatrons Technologies Pvt Ltd is based in India. When we process data from EU, UK, UAE, or US residents, an international data transfer occurs. We ensure all such transfers are protected by appropriate safeguards:

• EU/UK transfers: We rely on Standard Contractual Clauses (SCCs) approved by the European Commission, or the UK International Data Transfer Agreement (IDTA), as appropriate
• US transfers: We comply with applicable US privacy frameworks and maintain appropriate data processing agreements with US-based service providers
• UAE transfers: Transfers comply with UAE Federal Law requirements and are protected by contractual safeguards

Our email service provider, Brevo, processes data within the EU under GDPR-compliant standard contractual clauses. Our web hosting provider, Hostinger, maintains data centres across multiple regions.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. These measures include:

• SSL/TLS encryption for all data transmitted to and from our website (HTTPS)
• Access controls limiting who within Amatrons can access personal data
• Regular security assessments of our website and systems
• Secure storage of NDA records with restricted access
• Brevo's EU-compliant infrastructure for email communications

While we take all reasonable precautions, no method of electronic transmission or storage is 100% secure. If you believe your data has been compromised, please contact us immediately at business@amatrons.com.

In the event of a data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within the timeframes required by applicable law (72 hours under GDPR).

Children's Privacy

Our services are directed exclusively at business professionals and are not intended for individuals under the age of 18. We do not knowingly collect personal data from children under 18. If we become aware that we have inadvertently collected data from a minor, we will delete it immediately. If you believe we have collected data from a child, please contact us at business@amatrons.com.

Third-Party Links

Our website may contain links to third-party websites, including client case studies, tools we recommend, and social media platforms. This Privacy Policy applies only to our website. We have no control over and accept no responsibility for the privacy practices of any third-party websites. We encourage you to review the privacy policy of any site you visit via a link from our website.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, applicable law, or regulatory requirements. When we make material changes, we will:

• Update the "Last Updated" date at the top of this page
• Notify active clients by email of significant changes
• Where required by law, seek fresh consent for any new processing activities

We encourage you to review this policy periodically. Your continued use of our website after any changes constitutes acceptance of the updated policy.

Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please contact us: