Privacy Policy

Introduction

Welcome to Nawgati Tech Private Limited.

Nawgati Tech Private Limited (“us”, “we”, “our”, or “Data Fiduciary”) operates https://www.nawgati.com, https://www.aaveg.app, https://aaveg.nawgati.com, https://fleet.nawgati.com, the Aaveg mobile application,  and the Nawgati mobile application (hereinafter referred to as “Service” or “the Service”).

Our Privacy Policy governs your visit to https://www.nawgati.com and the Nawgati mobile application and explains how we collect, safeguard and disclose information that results from your use of our Service.

This Privacy Policy is published in accordance with Digital Personal Data Protection Act 2023 (“DPDP Act”); Rule 3(1) of the Information Technology (Intermediaries Guidelines) Rules, 2011; and Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”) which requires publishing of the Privacy policy for collection, use, storage and transfer of Personal Data and Sensitive Personal Data or Information.

We will collect the following personal data from you for the purposes as listed in paragraph 3 (Type(s) of Data Collected). Processing is done based on your consent and/or for performance of contract, compliance with law, or legitimate purposes. You may contact our Grievance Officer/ team at team@nawgati.com for any query or to exercise your rights. Retention period only for as long as is necessary for the purposes set out in this Privacy Policy. By clicking “Accept”, you consent to processing for the stated purposes.

We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy. By accessing the Website and using it and by providing your Personal Data through other media, you indicate that you understand the terms and expressly consent to the Privacy Policy for the use of this Service. If you disagree with the terms of this Privacy Policy, please do not use this Service.

Your continued use of this Service shall confirm that you have provided your unconditional consent and confirm to the terms of this Privacy Policy as regards collecting, maintaining, using, processing and disclosing your personal and other information in accordance with this Privacy Policy.

Unless otherwise defined in this Privacy Policy, the terms used in this Privacy Policy have the same meanings as in our Terms and Conditions.

Our Terms and Conditions (“Terms”) govern all use of our Service and together with the Privacy Policy constitute your agreement with us (“Agreement”).

Definitions

“Service” means the website and Nawgati mobile application operated by us.

“Personal Data” means any data about an individual who is identifiable by or in relation to such data, either directly or in combination with other data, as defined under the DPDP Act.

“Usage Data” is data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

“Cookies” are small files stored on your device (computer or mobile device).

“Data Processors” means any natural or legal person who processes Personal Data on behalf of the Data Fiduciary. We may use the Services of various Service Providers in order to process your Personal Data more effectively, based on our documented instructions and subject to appropriate contractual safeguards.

“Data Subject” is any living individual who is the subject of Personal Data.

“Data Principal” has the meaning given under the DPDP Act and refers to the individual to whom the Personal Data relates.

“The User” is the individual using our Service. The User corresponds to the Data Subject, who is the subject of Personal Data.

Information Collection and Use

We collect personal data and other information only to the extent reasonably necessary to achieve the legitimate purposes described in this Privacy Policy or as otherwise notified to you at the time of collection. Processing will be limited to the minimum data required for the stated purpose (data minimization) and will be carried out on lawful bases permitted under the DPDP Act (for example, your consent, performance of a contract, legal obligation or other permitted basis).

We collect several different types of information for various purposes to provide and improve our Service to you.

Type(s) of Data Collected

Personal Data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally-identifiable information may include, but is not limited to:

(i) Email address,
(ii) First name and last name,
(iii) Phone number,
(iv) Address, State, Province, ZIP/Postal code, City,
(v) Cookies and Usage Data.

We may use your Personal Data to contact you with newsletters, marketing or promotional materials and other information that may be of interest to you. You may opt out of receiving any or all of these communications from us by following the unsubscribe link or by emailing team@nawgati.com.

Account Creation/ Registration

While accessing the Service, the User of the Service may be required to create an account. The personal information that may be sought while creating an account shall include information outlined in the above paragraph, and any other items of ‘personal data’ and/ or ‘sensitive personal data or information’ as defined under the DPDP Act and SDPI Rules, respectively, and any other details provided during registration. We engage various partners to provide different services like loyalty programmes, and anyone who creates an account on the Service may be automatically enrolled in such programs.

Usage Data

We may also collect information that your browser sends whenever you visit our Service or when you access the Service by or through a mobile device (“Usage Data”).

This Usage Data may include information such as your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When you access Service with a mobile device, this Usage Data may include information such as the type of mobile device you use, your mobile device's unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.

Location Data

We may use and store information about your location if you give us permission to do so (“Location Data”). We use this data to provide features of our Service, to improve and customize our Service.

You can enable or disable location services when you use our Service at any time by way of your device settings. Disabling location services may affect the availability of certain features of the Service.

Tracking Cookies Data

We use Cookies and similar tracking technologies to track the activity of our Service, and we hold certain information.

Cookies are files with a small amount of data, which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Other tracking technologies are also used, such as beacons, tags and scripts to collect and track information and to improve and analyze our Service.

You can instruct your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if you do not accept Cookies, you may not be able to use some portions of our Service.

Examples of Cookies we use:

Session Cookies: We use Session Cookies to operate our Service.

Preference Cookies: We use Preference Cookies to remember your preferences and various settings.

Security Cookies: We use Security Cookies for security purposes.

Advertising Cookies: Advertising Cookies are used to serve you with advertisements that may be relevant to you and your interests. You may opt out of certain interest-based advertising using the mechanisms described in paragraph 12.1 below.

Other Data

While using our Service, we may also collect the following information: sex, age, date of birth, place of birth, passport details, citizenship, registration at the place of residence and actual address, telephone number (work, mobile), details of documents on education, qualification, professional training, employment agreements, non-disclosure agreements, information on bonuses and compensation, information on marital status, family members, social security (or other taxpayer identification) number, office location and other data.

The User hereby represents and confirms that the information provided by you for procuring/ accessing our Service is authentic, correct, current and updated. In this regard, neither we nor the Service Providers shall be responsible for the authenticity of the information that the User may provide. The User shall be personally liable and indemnify us for the breach of any provision.

Use of Data

1. We use the collected data for various purposes:
   (a) to provide and maintain our Service;
   (b) to notify you about changes to our Service;
   (c) to allow you to participate in interactive features of our Service when you choose to do so;
   (d) to provide customer support;
   (e) to gather analysis or valuable information so that we can improve our Service;
   (f) to monitor the usage of our Service;
   (g) to detect, prevent and address technical issues;
   (h) to fulfil any other purpose for which you provide it;
   (i) to carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection;
   (j) to provide you with notices about your account and/or subscription, including expiration and renewal notices, email instructions, etc.;
   (k) to provide you with news, special offers and general information about other goods, services and events which we offer that are similar to those that you have already purchased or enquired about, unless you have opted not to receive such information;
   (l) in any other way we may describe when you provide the information;
2. for any other purpose with your consent.

Consent and Withdrawal of Consent

Where we rely on your consent to process your Personal Data, you may withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal. You can withdraw consent by adjusting your account or device settings (where available), using the unsubscribe link in marketing communications, or by contacting us at team@nawgati.com with a clear request to withdraw consent. Upon withdrawal of consent, we will, within a reasonable time and subject to applicable law, cease processing your Personal Data for the purposes for which consent was withdrawn, except where further retention or processing is required under law and policy or for the establishment, exercise or defence of legal claims.

Retention of Data

We will retain your Personal Data only for as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of our Service, or we are legally obligated to retain this data for longer time periods. We will periodically review the Personal Data we hold and either delete or anonymize it when it is no longer needed for any lawful purpose, subject to any mandatory retention obligations under applicable law and policy.

Transfer of Data

Your information, including Personal Data, may be transferred to - and maintained on - computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those of your jurisdiction.

If you are located outside India and choose to provide information to us, please note that we transfer the data, including Personal Data, to India and process it there.

Your consent to this Privacy Policy, followed by your submission of such information, represents your agreement to that transfer.

We will take all the steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy, and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place, including the security of your data and other personal information.

Any transfer of Personal Data outside India will be undertaken in compliance with the DPDP Act and Rules, including any restrictions or approvals required by the Central Government. Prior to any transfer, we will:

(a) inform Data Principals in the consent notice;
(b) execute contractual safeguards (DPA / standard clauses);
(c) ensure the recipient provides comparable levels of protection or has an authorized transfer mechanism in place.

Confidential Information

We aspire to take care of all the information provided to us by our Users, which may be termed confidential. Such confidential information, which is not required to be disclosed while procuring the Service, is specifically excluded from the definition of personal information and shall not be collected/ used. The confidential information of the User shall not be disclosed or shared by us, our employees, agents or any third-party contractors, including the experts, either orally or in writing, except for the following circumstances:

1. If we believe that there is a significant / real / imminent threat or risk to the User’s health, safety or life or to the health, safety or life of any other person or the public.
2. If such confidential information must be shared in accordance with the law inclusive of any investigation, Court summons, judicial proceedings, etc.
3. To protect and defend the rights or property of the Service.

Disclosure of Data

We may disclose personal information that we collect, or you provide:

Disclosure for Law Enforcement: Under certain circumstances, we may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities.

Business Transaction: If we or our subsidiaries are involved in a merger, acquisition or asset sale, your Personal Data may be transferred.

Compliance with Law and Fraud Protection: We may use and disclose your personal information, and you authorize us to do so, under the following circumstances:

1. To comply with applicable laws, regulations, legal processes, or governmental requests;
2. To investigate, prevent, or take action regarding illegal activities, suspected fraud, or potential threats to physical safety;
3. To support credit fraud protection and risk reduction efforts;
4. To enforce our agreements with you.

Other cases where we may disclose your information also:

1. to our subsidiaries and affiliates;
2. to contractors, Service Providers, and other third parties we use to support our business;
3. to fulfil the purpose for which you provide it;
4. for the purpose of including your company’s logo on our website;
5. for any other purpose disclosed by us when you provide the information;
6. with your consent in any other cases;
7. if we believe disclosure is necessary or appropriate to protect the rights, property, or safety of the Data Fiduciary, our customers, or others.

Security of Data

The security of your data is important to us, but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

We implement reasonable technical and organizational measures designed to protect your Personal Data against unauthorized access, alteration, disclosure or destruction, in accordance with the DPDP Act and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

Significant Data Fiduciary Compliance

If we are notified as a Significant Data Fiduciary (“SDF”) by the Central Government under the Digital Personal Data Protection Act, 2023, we will implement all additional compliance requirements applicable to SDFs.

Service Providers

We may employ third-party companies and individuals to facilitate our Service (“Service Providers”), who shall provide service on our behalf, perform Service-related services or assist us in analyzing how our Service is used.

These third parties have access to your Personal Data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

This Privacy Policy does not apply to other websites. Thus, we are advising you to consult the respective Privacy Policies of these third-party ad servers for more detailed information. It may include their practices and instructions about how to opt out of certain options.

You can choose to disable Cookies through your individual browser options. To know more detailed information about cookie management with specific web browsers, it can be found on the browsers’ respective websites.

Analytics: We may use third-party Service Providers to monitor and analyze the use of our Service.

All Service Providers processing Personal Data on our behalf will execute a written Data Processing Agreement (“DPA”).

Google Analytics

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network.

For more information on the privacy practices of Google, please visit the Google Privacy Terms web page.

We also encourage you to review Google's policy for safeguarding your data.

CI/CD tools

We may use third-party Service Providers to automate the development process of our Service.

GitHub

GitHub is provided by GitHub, Inc.

GitHub is a development platform to host and review code, manage projects, and build software.

For more information on what data GitHub collects for what purpose and how the protection of the data is ensured, please visit the GitHub Privacy Policy page.

Advertising: We may use third-party Service Providers to show advertisements to you and to help, support and maintain our Service.

Google AdSense DoubleClick Cookie

Google, as a third-party vendor, uses Cookies to serve ads on our Service. Google's use of the DoubleClick cookie enables it and its partners to serve ads to our Users based on their visit to our Service or other websites on the Internet.

You may opt out of the use of the Double Click Cookie for interest-based advertising by visiting the Google Ads Settings web page.

Behavioural Remarketing: We use remarketing services to advertise on third-party websites to you after you visit our Service. Our Service and our third-party vendors use Cookies to inform, optimize and serve ads based on your past visits to our Service.

Google Ads (AdWords)

Google Ads (AdWords) remarketing service is provided by Google Inc.

You can opt out of Google Analytics for Display Advertising and customize the Google Display Network ads by visiting the Google Ads Settings page: http://www.google.com/settings/ads

Google also recommends installing the Google Analytics Opt-out Browser Add-on - https://tools.google.com/dlpage/gaoptout - for your web browser. Google Analytics Opt-out Browser Add-on provides visitors with the ability to prevent their data from being collected and used by Google Analytics.

For more information on the privacy practices of Google, please visit the Google Privacy Terms web page.

Facebook

Facebook Remarketing Service is provided by Facebook Inc.

You can learn more about interest-based advertising from Facebook by visiting this page.

To opt out of Facebook's interest-based ads, follow these instructions from Facebook.

Facebook adheres to the Self-Regulatory Principles for Online Behavioural Advertising established by the Digital Advertising Alliance. You can also opt out of Facebook and other participating companies through the Digital Advertising Alliance in the USA, the Digital Advertising Alliance of Canada in Canada or the European Interactive Digital Advertising Alliance in Europe, or opt out using your mobile device settings.

For more information on the privacy practices of Facebook, please visit Facebook's Data Policy.

Payments

We may provide paid products and/or services within the Service. In that case, we use third-party services for payment processing (e.g. payment processors).

We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.

Payment Processors

Apple Store In-App Payments

Their Privacy Policy can be viewed here.

Google Play In-App Payments

Their Privacy Policy can be viewed at:

1. Google Privacy Policy
2. Google Payments Privacy Notice

Links to Other Sites

Our Service may contain links to other sites that are not operated by us. If you click a third-party link, you will be directed to that third-party's site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

Children's Privacy

Another part of our priority is adding protection for children while using the internet. We encourage parents and guardians to observe, participate in, and/ or monitor and guide their online activity.

Our Service is not intended for individuals under 18 years unless verifiable parental consent has been obtained. We do not knowingly process personal data of children without verifiable parental consent. For parental consent, we require a minimum: parent/guardian’s name, email, phone and a verification step (one of: payment card authorization of a token charge, government ID check, or other verifiable method). We do not engage in behavioural tracking or targeted advertising directed at children.

We do not knowingly collect personally identifiable information from Children without such consent. If you become aware that a Child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from Children without verification of parental consent, we take steps to remove that information from our servers.

We do not engage in behavioural monitoring or targeted advertising directed at Children, in accordance with the DPDP Act and other applicable laws.

Personal Data Protection and Privacy Laws in India

We comply with the provisions of the Information Technology Act, 2000, and the rules made thereunder, including the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 and the Information Technology (Intermediaries Guidelines) Rules, 2011. We also adhere to the principles set forth in the Digital Personal Data Protection Act, 2023.

We respect your privacy and value your trust. We are committed to safeguarding your Personal Data and ensuring that it is processed fairly and transparently. We will only collect and use your Personal Data for the purposes stated in this Privacy Policy and in accordance with the applicable laws.

Data Principals may exercise rights (access, correction, erasure, withdraw consent, nomination, grievance) by emailing team@nawgati.com or using the in-app rights portal (where available). Requests must include name, account identifier and a description. We will:

(a) acknowledge receipt;
(b) verify identity using reasonable measures;
(c) comply or refuse with reasons.

Where a request is manifestly unfounded or excessive, we may charge a reasonable fee and will notify you. If we refuse, we will provide reasons and appeal steps.

We will respect your rights as a Data Principal under the applicable laws and policy. Subject to verification and as under applicable law and policy, you may have the right to (i) access your Personal Data, (ii) request correction or completion of inaccurate or incomplete data, (iii) request erasure of Personal Data when the purpose has been achieved or consent has been withdrawn and no other legal basis applies, (iv) register a grievance, and (v) nominate another person to exercise your rights in the event of your death or incapacity, in accordance with the DPDP Act.

We will respond to your requests within the prescribed time limit under the applicable laws.

Grievance Officer

In accordance with the DPDP Act and applicable IT rules, we have appointed a Grievance Officer to address any questions, concerns or grievances relating to this Privacy Policy or to the processing of your Personal Data. The contact details of the Grievance Officer/ team are:

Email: team@nawgati.com

Address: 1007-1008, Gulshan One29, Sec. 129, Noida, UP, India

You may raise any privacy request or complaint to the Grievance Officer. We will acknowledge receipt within seven calendar days and aim to resolve the matter within 90 (ninety) calendar days. If you are not satisfied, you may escalate to the Data Protection Board in accordance with the DPDP Act.

Changes to this Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the “effective date” at the top of this Privacy Policy.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact Us

If you have any questions about this Privacy Policy, please contact us:

By email: team@nawgati.com.