Ampinity (“Ampinity”, “we”, “us”, “our”) respects your privacy and is committed to protecting your personal data. This policy applies to https://www.ampinity.in (the “Website”), our enquiry and contact forms, and other services that link to it (together, the “Services”).
Please read this policy together with our Cookie Policy, Terms of Service and Disclaimer. By using the Website you acknowledge the practices described here. Where we act as a data controller, we decide why and how your personal data is processed; where we process data on behalf of a business customer under a separate agreement, we act as a processor and that customer’s privacy notice governs.
1. Who We Are & Scope
The data controller for personal data collected through the Website is AMPINITY CAPITAL & ASSETS PRIVATE LIMITED (CIN U70200DL2026PTC464773), with its registered/operating address at 400-A, 4th Floor, F/12 Ajit Singh House, Yusuf Sarai Complex, Green Park, South West Delhi, New Delhi, Delhi 110016, India.
This policy covers personal data we collect when you browse the Website, submit an enquiry or partnership/pilot request, apply for a role, request investor information, or otherwise correspond with us. It does not cover third-party websites we link to, or the separate commercial agreements (for example, our as-a-Service contracts) which carry their own data-protection terms.
2. Key Definitions
- Personal data — any information relating to an identified or identifiable individual (called “personal information” under CCPA/CPRA).
- Processing — any operation performed on personal data — collection, use, storage, disclosure, erasure and so on.
- Controller — the party that determines the purposes and means of processing (a “business” under CCPA/CPRA).
- Processor / Sub-processor — a party that processes personal data on a controller’s behalf (a “service provider” under CCPA/CPRA).
- Special category / sensitive data — data such as health, biometrics, racial or ethnic origin, or precise geolocation that attracts heightened protection.
- Data subject / Consumer — the individual to whom personal data relates.
3. Personal Data We Collect & How
We collect the categories of personal data below. We aim to collect only what we need for the purposes described in section 4, and we do not seek to collect special-category/sensitive data through the Website unless you volunteer it (for example, in a free-text message).
3.1 Categories of data
- Identity & contact data — name, job title, organisation, email address, telephone number, and postal/business address — typically provided through our Contact, Partnership, Pilot, Careers, Investor or Defence enquiry forms.
- Enquiry & correspondence content — the message, request, sector of interest, documents or other information you choose to include when you contact us.
- Professional & recruitment data — CV/résumé, work history, qualifications and any details you submit when applying for a role or expressing interest in careers.
- Business & transaction data — where we enter into a commercial relationship, the contact and account details needed to administer it (detailed commercial data is governed by the relevant contract).
- Technical & usage data — IP address, device and browser type, operating system, referring URLs, pages viewed, and interactions — collected through server logs and, where you consent, analytics.
- Cookie & similar-technology data — identifiers and preferences stored on your device; see our Cookie Policy.
- Marketing & communication preferences — your choices about receiving communications from us.
3.2 Methods of collection
- Directly from you — when you complete a form, email us, apply for a role, or otherwise communicate with us.
- Automatically — through cookies, similar technologies and server logs as you interact with the Website (see the Cookie Policy).
- From third parties & public sources — for example business partners, referrals, professional networks (such as LinkedIn), publicly available registers, and analytics or hosting providers acting on our behalf.
Where we obtain personal data from third parties or public sources, we will — within a reasonable period and at the latest when we first contact you — inform you of the categories of data and their source, unless an exemption applies or you already have that information.
Where certain data is marked as required (for example, mandatory form fields, or data we need to respond to you, assess an application or perform a contract), not providing it may mean we cannot respond, progress your application or provide the relevant service. Providing any other information is optional.
4. Purposes & Legal Bases for Processing
Under the GDPR/UK GDPR we rely on one or more lawful bases for each purpose, summarised below. Where we rely on consent, you may withdraw it at any time. Where we rely on legitimate interests, we have balanced those interests against your rights and you may object (see section 9).
| Purpose | Data used | Legal basis |
|---|---|---|
| Respond to enquiries and provide information you request | Identity, contact, enquiry content | Legitimate interests; or steps prior to entering a contract |
| Negotiate, enter into and administer contracts / pilots | Identity, contact, business data | Performance of a contract; legitimate interests |
| Process and assess job applications | Identity, professional & recruitment data | Steps prior to a contract; legitimate interests; consent where required |
| Send marketing communications (where applicable) | Identity, contact, preferences | Consent (or legitimate interests for existing B2B contacts, subject to opt-out and ePrivacy rules) |
| Operate, secure and improve the Website and analytics | Technical, usage, cookie data | Consent (non-essential cookies); legitimate interests (security, core operation) |
| Prevent fraud, abuse and ensure security | Technical, usage data | Legitimate interests; legal obligation |
| Comply with legal, tax and regulatory obligations | Relevant categories as required | Legal obligation |
| Establish, exercise or defend legal claims | Relevant categories as required | Legitimate interests |
5. Cookies & Similar Technologies
We use a strictly necessary session cookie to operate core features such as form security (CSRF protection), and we store a small functional preference on your device (for example, your “3D / motion” setting). Non-essential cookies — such as analytics or targeting — are only set with your consent, consistent with the ePrivacy Directive.
Full details of each cookie, its purpose and duration, and how to manage or withdraw consent, are in our Cookie Policy.
6. Data Sharing, Recipients & Sub-processors
We do not sell your personal data. We share it only as needed for the purposes above, with the categories of recipient below, under appropriate contracts (including data-processing agreements with our processors).
- Service providers & sub-processors — hosting and infrastructure, email and CRM, analytics, security, communications and IT-support providers who process data on our instructions. A current list of key sub-processors is available on request at privacy@ampinity.in.
- Group and affiliated entities — companies within the Ampinity group and our operating sectors, where needed to respond to you and run the integrated system, subject to this policy.
- Professional advisers — lawyers, auditors, insurers and consultants, bound by confidentiality.
- Authorities & legal requirements — regulators, courts, law-enforcement and government bodies where required by law or to protect rights, safety and property.
- Business transfers — an acquirer or successor in the event of a merger, financing, reorganisation or sale of assets, subject to confidentiality and this policy.
7. International Data Transfers & Safeguards
We are headquartered in India and may process personal data in India and in other countries where we or our service providers operate. Where we transfer personal data across borders — including from the EEA, the UK or other regulated regions — we put appropriate safeguards in place.
- Adequacy — transfers to countries recognised as providing an adequate level of protection.
- Standard Contractual Clauses (SCCs) — the European Commission’s SCCs for transfers from the EEA, with a transfer-impact assessment where appropriate.
- UK transfers — the UK International Data Transfer Agreement (IDTA) or the UK Addendum to the EU SCCs.
- Other measures — additional technical and organisational measures (such as encryption and access controls) where needed to protect the data.
8. Data Retention
We keep personal data only for as long as necessary for the purposes for which it was collected, including to satisfy legal, accounting, tax or reporting requirements, and to resolve disputes. The periods below are indicative defaults and should be confirmed against your operational and statutory requirements.
| Type of data | Indicative retention period |
|---|---|
| Website enquiries / contact-form data (no relationship formed) | Up to [12–24] months from last contact, then deleted or anonymised |
| Prospective customer / partnership / pilot enquiries | Duration of discussions plus up to [24] months |
| Recruitment / job-application data (unsuccessful) | Up to [6–12] months, then deleted (longer only with consent for a talent pool) |
| Contract & business records | Term of the contract plus the applicable statutory limitation period |
| Accounting, tax & statutory records | As required by Indian and other applicable law (commonly [8] years) |
| Server logs & security data | Typically [30–180] days, unless needed for an investigation |
| Marketing data | Until you unsubscribe/withdraw consent, then suppressed for compliance |
9. Your Privacy Rights
Depending on where you live and which law applies, you have some or all of the rights below. We will respond within the timeframes required by the applicable law and will not discriminate against you for exercising your rights.
9.1 EEA / UK (GDPR & UK GDPR)
- Access — obtain confirmation of, and a copy of, the personal data we hold about you.
- Rectification — correct inaccurate or incomplete data.
- Erasure — have your data deleted in certain circumstances (“right to be forgotten”).
- Restriction — limit how we process your data in certain circumstances.
- Portability — receive certain data in a structured, commonly used, machine-readable format, and have it transmitted to another controller.
- Objection — object to processing based on legitimate interests, and to direct marketing at any time.
- Automated decisions — not be subject to solely automated decisions with legal or similarly significant effects (see section 12).
- Withdraw consent — withdraw consent at any time, without affecting prior lawful processing.
- Complain — lodge a complaint with your supervisory authority (e.g. the UK ICO, or your EU Member-State authority).
9.2 California (CCPA / CPRA)
- Know / access — the categories and specific pieces of personal information collected, the sources, purposes, and recipients.
- Delete — request deletion of your personal information, subject to exceptions.
- Correct — request correction of inaccurate personal information.
- Opt out — opt out of any “sale” or “sharing” of personal information (we do not sell or share it as those terms are defined).
- Limit sensitive PI — limit the use and disclosure of sensitive personal information.
- Non-discrimination & agents — exercise your rights free from discrimination, and through an authorised agent.
- Opt-out preference signals — we aim to honour recognised opt-out signals such as Global Privacy Control (GPC) where required by law. If we enable targeting/advertising cookies that involve “sharing” for cross-context behavioural advertising, you may opt out via our cookie consent tool (see the Cookie Policy).
- Notice at collection & retention — the categories of personal information we collect, the purposes, and the retention periods are set out in sections 3, 4 and 8; we retain each category only as long as reasonably necessary.
9.3 Canada (PIPEDA)
- Access & accuracy — access the personal information we hold and challenge its accuracy and completeness.
- Withdraw consent — withdraw consent, subject to legal or contractual restrictions and reasonable notice.
- Complain — complain to the Office of the Privacy Commissioner of Canada (OPC).
9.4 India (DPDP Act 2023)
- Access & correction — obtain a summary of your data and its processing, and seek correction, completion, updating or erasure.
- Grievance redressal — raise grievances with our Grievance Officer (section 15) before approaching the Data Protection Board.
- Nomination — nominate another individual to exercise your rights in the event of death or incapacity.
9.5 How to exercise your rights
Email privacy@ampinity.in or write to us at the address in section 15. We may need to verify your identity before acting on a request, and we will tell you if an exception or legal exemption applies. There is normally no fee, though we may charge a reasonable fee or refuse for manifestly unfounded or excessive requests, as permitted by law.
10. Children’s Privacy
The Website is intended for a business audience and is not directed to children. We do not knowingly collect personal data from children below the age of consent under applicable law (for example, under 16 in much of the EEA, under 13 in the United States under COPPA, and as defined for children under India’s DPDP Act). If you believe a child has provided us personal data, contact privacy@ampinity.in and we will delete it.
11. Security Measures
We maintain appropriate technical and organisational measures designed to protect personal data against unauthorised or unlawful processing, accidental loss, destruction or damage. No method of transmission or storage is completely secure, so we cannot guarantee absolute security.
- Encryption of data in transit (HTTPS/TLS) and security headers on the Website.
- Access controls, authentication and the principle of least privilege.
- Rate-limiting, CSRF protection and input validation on forms.
- Network and application hardening, logging and monitoring.
- Contractual data-protection obligations on our processors.
- Breach-response procedures, including notification to regulators and affected individuals where required by law.
12. Automated Decision-Making & Profiling
We do not use your personal data to make solely automated decisions that produce legal or similarly significant effects about you through the Website. If this changes, we will update this policy and, where required, obtain your consent or provide a lawful basis and meaningful information about the logic involved.
13. Third-Party Links
The Website may link to third-party sites and services (for example, our social-media profiles on LinkedIn, Facebook and Instagram). We are not responsible for the privacy practices or content of those sites. Please review their privacy notices before providing personal data.
14. Changes to This Policy
We may update this Privacy Policy from time to time. The “effective / last updated” date at the top shows when it last changed. Material changes will be notified by posting the updated policy here and, where appropriate, by additional notice. Your continued use of the Website after changes take effect constitutes acceptance of the updated policy.
15. Contact, Data Protection Officer & Complaints
For any privacy question, or to exercise your rights, contact us:
- Controller — AMPINITY CAPITAL & ASSETS PRIVATE LIMITED (CIN U70200DL2026PTC464773).
- Privacy contact — all privacy queries and rights requests: privacy@ampinity.in.
- Data Protection Officer (GDPR Art. 37) — Nikhil Eratt, nikhilep@ampinity.in.
- Grievance Officer (India — DPDP Act & IT Rules 2021) — Nikhil Bohra, nikhil@ampinity.in — for both data-protection and content/intermediary grievances; we aim to acknowledge within 24 hours and resolve within the statutory timeframe.
- Post — 400-A, 4th Floor, F/12 Ajit Singh House, Yusuf Sarai Complex, Green Park, South West Delhi, New Delhi, Delhi 110016, India.
- General enquiries — contact@ampinity.in.
- EU / UK representative — Nikhil Bohra, nikhil@ampinity.in — our representative for EEA/UK individuals under GDPR Art. 27 / UK GDPR.