Privacy Policy
Compliant with Digital Personal Data Protection Rules, 2025
Garuda Aerospace relies on the trust of its customers, partners, employees, and website users to conduct its business responsibly. This Privacy Policy governs the manner in which Garuda Aerospace Ltd. collects, uses, stores, protects personal data, maintains and discloses information collected from users ("Users" / "Data Principals") of the www.garudaaerospace.com website.
This privacy policy applies to the Site and all products and services offered by Garuda Aerospace, including in connection with the website www.garudaaerospace.com and any related digital platforms or services operated by the Company. This Privacy Notice may be updated from time to time. Users are encouraged to review this section time and again to remain informed about how their personal data is protected.
1. DEFINITIONS
1.1 "Company", "us", "our", and "we" refers to Garuda Aerospace.
1.2 "User", "You", "Your" refers to a person accessing or using the Platform.
1.3 "Services" hereinafter referred to as any product, website feature, drone–based technology, software, or digital service offered by the Company.
1.4 "User Content" means any and all information and content that a user submits to, or uses with, the Site.
1.5 "Site" means the website www.garudaaerospace.com and all related online services operated by Garuda Aerospace.
1.6 "Data Fiduciary" refers to Garuda Aerospace, which determines the purposes and means of processing.
1.7 "Data Principal" refers to the individual to whom personal data relates, as defined under the Digital Personal Data Protection Act, 2023.
1.8 "Personal Data" means any data about an identifiable individual.
1.9 "Processing" means the entire life-cycle of personal data: collection, storage, use, sharing, retention, and deletion.
1.10 "Consent" means a free, specific, clear, informed indication given by the User to process personal data for a lawful purpose.
1.11 "Child" means a person below 18 years of age.
2. CONSENT-BASED DATA PROCESSING
2.1 We process personal data only after we have obtained valid consent from the Data Principal or where processing is permitted or required under applicable Indian law.
2.2 Consent is obtained in clear and simple language and is limited to the specific purpose for which the data is collected.
2.3 Where consent is withdrawn, we will stop processing the personal data unless continued retention is required to comply with legal obligations or to establish, exercise, or defend legal claims.
3. WHAT INFORMATION IS COLLECTED ABOUT YOU?
3.1 We may collect personal identification information from Users, including, but not limited to, when Users visit our site, register on the site, place an order, respond to a survey, fill out a form, and in connection with other activities, services, features or resources we make available on our Site.
3.2 The personal data collected may include your name, email address, phone number, payment-related details, account credentials, and any other information you voluntarily provide in connection with your interaction with us. Users may, however, visit our Site anonymously.
3.3 We may collect information about how you interact with our website and services. This may include device information, browser type, IP address, access times, and usage patterns. This information helps us understand how our services are used and allows us to improve for your convenience.
3.4 Personal data may also be collected indirectly when you interact with third-party service providers or platforms that work with us.
3.5 However, we will collect personal identification information from Users only if they voluntarily submit such information to us. Users can always refuse to supply personally identification information, except that it may prevent them from engaging in certain Site-related activities.
4. HOW WE USE YOUR INFORMATION?
4.1 The Company collects and processes personal data only for lawful purposes that are directly connected to the services and functions offered through its website and business operations.
4.2 Where a user has expressly provided consent, personal data may be used to communicate updates about services, including emails that may contain Garuda Aerospace news, updates, related products or any other communications that the user has agreed to receive. Such communications are limited to the purpose for which consent was given, and users may withdraw their consent at any time using the same method by which consent was originally provided.
4.3 Data collected for internal administrative purposes, including record keeping, audit and website analytics, is not used for any unrelated purpose without obtaining fresh and specific consent, unless such use is required or permitted under applicable law.
4.4 The Company may also retain and use the data for internal research, statistical analysis, in accordance with applicable Indian laws.
4.5 Garuda Aerospace does not sell personal data. Personal data is shared with third-party service providers only to the extent necessary to deliver services on behalf of the Company, and such processing is carried out in a manner that ensures confidentiality and compliance with the Digital Personal Data Protection Act, 2023 and the Digital Personal Data Protection Rules, 2025.
5. WORKING WITH THIRD PARTIES
5.1 We engage third-party service providers to support our operations, including payment processing, cloud hosting, technical support, and communication services.
5.2 These third parties process personal data only on our instructions and solely for the purposes for which the data is shared.
6. KEEPING YOUR INFORMATION SECURE
6.1 We take appropriate measures to protect personal data against unauthorised access, loss or misuse.
6.2 These measures include encryption, secure servers, monitoring systems, and internal policies that govern data handling.
6.3 Where personal data is processed by third-party service providers acting on our behalf, we ensure that they are subject to contractual obligations requiring the same levels of data protection and security as observed by us.
6.4 However, while we take reasonable steps to safeguard personal data, transmission of information over the internet to third parties is not completely secure, and users share information at their own risk.
7. HOW LONG DO WE KEEP YOUR INFORMATION?
7.1 Personal data is retained only for as long as necessary to fulfil the purpose for which it was collected and to comply with applicable laws. Once the purpose of retention has been fulfilled, personal data is securely deleted.
7.2 Without prejudice to the above, personal data may be retained for a period of up to three years from the date of the last interaction made by the Data Principal to the Company Site. Upon the expiry of this period, the personal data shall be permanently deleted.
7.3 As required under the Digital Personal Data Protection Rules, 2025, we provide advance notice (before 48 hours) to Data Principals before deletion. Processing logs and related records are retained for the minimum period mandated by law.
7.4 Processing logs and related records are retained for a minimum period of one year, as mandated under the Digital Personal Data Protection Rules, 2025, unless a longer retention period is required by law.
8. PROCESSING DATA OF CHILDREN AND PERSONS WITH DISABILITIES
8.1 We do not process the personal data of children without obtaining verifiable consent from a parent or lawful guardian. Such consent is obtained through verification of identity and age through government-issued identity credentials, virtual tokens, or digital identity services such as DigiLocker or any other authorised identity verification mechanism duly recognised under the Digital Personal Data Protection Rules, 2025.
8.2 Where personal data relates to a person with disability falling under the Rights of Persons with Disabilities (RPwD) Act, 2016, who has a lawful guardian under the act herein, the Company processes such personal data only after verifying the legal authority of the guardian through mechanisms recognised under the Digital Personal Data Protection Rules, 2025.
9. CROSS-BORDER TRANSFERS
9.1 Personal data may be transferred outside India only in accordance with conditions notified by the Central Government under applicable law.
9.2 Where such transfers take place, we ensure that appropriate safeguards are implemented and that transfers of such data cease immediately if a destination becomes restricted.
10. YOUR RIGHTS AS A USER
10.1 As a Data Principal, you have the right to access your personal data, request correction of inaccurate data, request deletion of personal data, withdraw consent, obtain a summary of processing activities, and file grievances regarding data processing.
10.2 To enable the exercise of these rights, Garuda Aerospace prominently publishes on its website the details of the means by which a Data Principal may submit a request for the exercise of such rights.
10.3 The Company maintains a grievance redressal Cell and shall respond to grievances of the Data Principals within a reasonable period not exceeding ninety (90) days.
10.4 You may also nominate another individual to exercise these rights on your behalf.
10.5 Such requests are processed after reasonable identity verification, and grievances are resolved within the timelines prescribed under law.
11. IN CASE OF BREACH OF PERSONAL DATA
11.1 In the event of any personal data breach, the Company shall, upon becoming aware of such breach, take all reasonable steps to mitigate the impact of the breach.
11.2 Where the breach is likely to cause harm to a Data Principal, the Company shall notify the affected Data Principals without undue delay, in clear and plain language, describing the nature of the breach, the personal data affected, the possible consequences, and the remedial measures taken or proposed to be taken by Garuda Aerospace.
12. WEB BROWSER COOKIES
12.1 The Site may use cookies to support core website functionality, enhance user experience, and maintain basic usage records.
12.2 Users may choose to manage or disable cookies through their browser settings.
12.3 Please note that disabling cookies may affect the availability or functionality of certain features of the Site.
13. HOW TO CONTACT US
If you have any questions about this Privacy Notice, wish to exercise your rights, or would like to raise a grievance, you may contact our designated Grievance Officer at:
Garuda Aerospace Limited
Third Floor, Agni Business Centre
24/46 K.B. Dasan Road
Seetammal Colony, Alwarpet
Chennai – 600018, Tamil Nadu, India
Grievance officer email: shyamkumar@garudaaerospace.com
14. CHANGES TO THE PRIVACY POLICY
14.1 Garuda Aerospace Ltd. reserves the right to update this privacy policy at any time. When changes are made, we will notify users by posting a notification on the main page of our Site, revising the updated date at the bottom of this page, and sending an email.
14.2 We encourage Users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect. You acknowledge and agree that it is your responsibility to review this privacy policy periodically and become aware of any modifications.
15. YOUR ACCEPTANCE OF OUR PRIVACY POLICY
By using this Site, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our Site. Your continued use of the Site following the posting of changes to this policy will be deemed your acceptance of those changes.