Aerele → Privacy Policy

Privacy Policy

Last updated: March 12, 2025

1. Who We Are

Aerele Technologies Pvt Ltd ("Aerele", "we", "us", "our") is a software development company registered in India, based in Tiruppur, Tamil Nadu. We provide software development services, including custom application development, system integration, technical support, and data processing services.

Data Controller / Data Fiduciary: Aerele Technologies Pvt Ltd
Email: privacy@aerele.in
Address: Tiruppur, Tamil Nadu, India

2. Scope

This Privacy Policy applies to all personal data processed by Aerele, whether we act as a data controller (when we determine the purposes and means of processing, e.g., our website visitors, our direct clients) or as a data processor / sub-processor (when we process data on behalf of our clients or their customers).

This policy is designed to comply with:

  • The General Data Protection Regulation (GDPR) – EU Regulation 2016/679
  • The Digital Personal Data Protection Act, 2023 (DPDPA) – India
  • Other applicable data protection laws in jurisdictions where our clients operate

3. Personal Data We Collect

3.1 As a Data Controller (our website, direct relationships)

When you visit our website or engage with us directly, we may collect:

  • Contact information: Name, email address, phone number – when you contact us via email, phone, or contact forms
  • Communication data: Content of emails, messages, and other correspondence
  • Website usage data: IP address, browser type, pages visited, referring URL – collected via standard server logs

We do not use cookies for tracking or analytics. We do not use third-party analytics services.

3.2 As a Data Processor / Sub-Processor

When processing data on behalf of our clients, we may access personal data as necessary to perform our contracted services (e.g., technical support, software development, system maintenance). The categories and types of personal data processed are determined by our clients (the data controllers). We process this data strictly in accordance with our clients' instructions and applicable Data Processing Agreements.

4. Legal Basis for Processing (GDPR)

We process personal data based on the following legal grounds:

  • Contractual necessity (Art. 6(1)(b)) – to perform our obligations under client contracts and service agreements
  • Legitimate interest (Art. 6(1)(f)) – to operate our website, respond to inquiries, and improve our services
  • Consent (Art. 6(1)(a)) – where explicitly provided
  • Legal obligation (Art. 6(1)(c)) – to comply with applicable laws and regulations

5. Purpose of Processing (DPDPA)

Under India's Digital Personal Data Protection Act, 2023, we process personal data for the following lawful purposes:

  • Performance of contracts with our clients and service recipients
  • Providing technical support, software development, and related services
  • Responding to inquiries and communications
  • Compliance with legal obligations
  • Any purpose for which consent has been obtained from the Data Principal

6. Data Sharing and Sub-Processors

We do not sell personal data. We may share personal data with:

  • Our clients – as part of our service delivery, in accordance with our agreements
  • Infrastructure providers – cloud hosting, email services, and other essential infrastructure used to deliver our services
  • Legal authorities – when required by law, court order, or regulatory requirement

All third parties with whom we share data are bound by appropriate contractual obligations regarding data protection and confidentiality.

7. International Data Transfers

Aerele is based in India. When we process data originating from the European Economic Area (EEA), United Kingdom, or other jurisdictions with data transfer restrictions, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with appropriate transfer mechanisms
  • Technical and organizational security measures

8. Data Security

We implement appropriate technical and organizational measures to protect personal data, including:

  • Access controls – data access limited to authorized personnel on a need-to-know basis
  • Encryption – data encrypted in transit (TLS/SSL) and at rest where applicable
  • Secure development practices – code review, access management, secure deployment pipelines
  • Confidentiality obligations – all team members are bound by confidentiality agreements
  • Incident response – procedures for detecting, reporting, and responding to data breaches

9. Data Retention

As a Data Controller: We retain personal data only as long as necessary for the purposes for which it was collected, or as required by law. Contact and communication data is retained for the duration of our business relationship plus a reasonable period thereafter for legal and operational purposes.

As a Data Processor: We retain data processed on behalf of clients in accordance with the client's instructions and our Data Processing Agreement. Upon termination of services, we delete or return all personal data as directed by the client.

10. Your Rights

Under GDPR (EEA residents)

You have the right to:

  • Access – request a copy of your personal data
  • Rectification – request correction of inaccurate data
  • Erasure – request deletion of your data ("right to be forgotten")
  • Restriction – request restriction of processing
  • Data portability – receive your data in a structured, machine-readable format
  • Object – object to processing based on legitimate interest
  • Withdraw consent – where processing is based on consent

You also have the right to lodge a complaint with a supervisory authority in your jurisdiction.

Under DPDPA (Indian residents)

As a Data Principal, you have the right to:

  • Access information about your personal data being processed
  • Correction and erasure of your personal data
  • Grievance redressal
  • Nominate another person to exercise your rights

11. Data Breach Notification

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of individuals, we will:

  • Notify the relevant data controller (our client) without undue delay, and in any event within 48 hours of becoming aware of the breach
  • Provide all necessary information for the controller to fulfill their notification obligations to supervisory authorities and affected individuals
  • Cooperate fully with the controller in investigating and remediating the breach

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be reflected in the "Last updated" date at the top of this page. We encourage you to review this policy periodically.

13. Contact Us

For any questions, requests, or concerns regarding this Privacy Policy or our data processing practices:

Aerele Technologies Pvt Ltd
Email: privacy@aerele.in
General: hello@aerele.in
Phone: +91 77908 44832
Address: Tiruppur, Tamil Nadu, India