Privacy Policy - Chakra Group

Privacy Policy for Chakra group

This Privacy Policy (“Policy”) discloses how Chakra Group, located in Hyderabad, Telangana, India (“Company”, “we”, “us”, or “our”), collects, uses, discloses, and protects personal data of users (“you”, “your”) visiting our Website Chakra Group (“Website”). This Policy complies with the Digital Personal Data Protection Act, 2023 (“DPDP Act”), Information Technology Act, 2000 (“IT Act”), Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”), and Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021. Effective: January 07, 2026.

Information We Collect

We collect personal data you voluntarily provide, such as name, email, phone number, and address during registrations, inquiries, or forms. Automatically collected data includes IP address, browser type, device info, cookies, and usage analytics via tools like Google Analytics. Sensitive personal data (e.g., financial details, health info) under SPDI Rules is collected only when necessary and with explicit consent. No biometric or sexual orientation data is routinely gathered.

How We Use Your Information

Personal data is processed for legitimate purposes: providing services, responding to queries, sending updates (with opt-out), improving Website functionality, analytics, and legal compliance. Purposes are limited to data minimization principles under DPDP Act; no unrelated use without fresh consent. Marketing emails comply with opt-in requirements.

Legal Basis and Consent

Processing relies on explicit, informed consent (verifiable and withdrawable), necessary for contract performance, legal obligations, or legitimate interests like site security. Consent notices are clear, in English or regional languages, with one-click withdrawal options as per DPDP Rules 2025. Children under 18 require verifiable parental consent.

Sharing and Disclosure

Data is not sold. Shared only with service providers (e.g., hosting, analytics) under strict agreements, affiliates, or as required by law (e.g., court orders under IT Act Section 69). Cross-border transfers (if any) use safeguards like standard clauses, avoiding blacklisted countries. No sharing with government except lawful demands.

Data Security and Storage

Robust measures include encryption (in transit/at rest), access controls, firewalls, and regular audits per SPDI Rule 8. Data is retained only as needed (e.g., 2 years post-inquiry) or per law, then securely deleted. Breaches triggering notification occur within 72 hours to Data Protection Board and affected users.

Your Rights as Data Principal

Under DPDP Act, exercise rights to access, correct, erase (“right to be forgotten”), nominate heirs, or grievance via simple requests. We respond within 7-30 days. Withdraw consent anytime without affecting prior lawful processing; automated tools aid this.

Cookies and Tracking

Cookies enable functionality, analytics, and ads. Manage via browser settings or our consent banner. Third-party cookies (e.g., Google) follow their policies; opt-out available.

Grievance Redressal

Contact our Grievance Officer: [Name], Email: [grievance@yourcompany.com], Phone: [+91-XXXXXXXXXX]. Resolve complaints within 15-30 days per IT Rules. Escalate to Data Protection Board if unsatisfied. Details published as required.

Updates to Policy

Changes posted here with date; continued use implies consent. Review periodically. Governing law: Indian, jurisdiction Hyderabad courts