Notofire Private Limited (“Notofire”, “we”, “us”, “our”) is committed to protecting the privacy, confidentiality, and security of personal and business information entrusted to us by customers, partners, employees, vendors, and website users. This Privacy Policy is framed in line with applicable cyber and data protection requirements in India, including the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 (DPDP Act), as applicable.

1. Scope and Applicability

This Privacy Policy applies to: - Our website, applications, and digital platforms - Business communications and contractual engagements - Product sales, project execution, and after-sales services - Employees, consultants, and contractual staff

By accessing our systems, website, or services, you consent to the collection and processing of information as described in this Policy.

2. Information We Collect
We may collect the following categories of information:
2.1 Personal Information

• Name, designation, company name​.

• Contact details (email address, phone number, postal address).

• Identification details provided for statutory or contractual compliance.

2.2 Sensitive Personal Data / Digital Personal Data
Where applicable and permitted by law: - Financial and billing information - Login credentials for authorized portals - Any data classified as personal data under the DPDP Act, 2023​
2.3 Technical and Usage Information

• IP address, browser type, device information

• Website usage data, cookies, and access logs

• System interaction logs for cybersecurity and audit purposes.
   

​ 3. Purpose of Data Collection
Information is collected and processed for legitimate business purposes, including: - Sales, marketing, and customer relationship management - Contract execution, order processing, and project delivery - Compliance with legal, regulatory, and statutory obligations - Product development, quality assurance, and technical support - Cybersecurity monitoring, fraud prevention, and system integrity

4. Lawful Basis for Processing
Notofire processes data based on one or more of the following lawful grounds: - Consent of the data principal - Performance of a contract - Compliance with legal obligations - Legitimate business interests, including safety and security

5. Data Sharing and Disclosure
We do not sell or trade personal data. Data may be shared only on a need-to-know basis with: - Authorized employees and internal departments - Government authorities or regulatory bodies, when required by law - Trusted vendors, OEMs, auditors, and service providers under confidentiality obligations - Certification bodies and testing agencies (e.g., UL, FM, RDSO) where required for compliance

6. Data Retention

Personal and business data is retained only for as long as necessary to: - Fulfil the purpose for which it was collected - Meet statutory, regulatory, and contractual requirements - Resolve disputes and enforce legal rights

Thereafter, data is securely deleted or anonymized.

7. Data Security Practices
Notofire implements reasonable security practices and procedures including: - Access control and role-based authorization - Secure IT infrastructure and network security controls - Encryption and secure storage where applicable - Periodic cybersecurity risk assessments and audits - Employee awareness and confidentiality obligations

8. Rights of Data Principals
Subject to applicable law, individuals have the right to: - Access their personal data - Request correction or updating of inaccurate data - Withdraw consent where processing is based on consent - Request deletion of personal data, subject to legal obligations - Raise grievances related to data protection

9. Cookies and Tracking Technologies

Our website may use cookies and similar technologies to: - Enhance user experience - Analyze website traffic and performance - Improve security and functionality

Users may control cookie preferences through browser settings.

10. Cross-Border Data Transfer
Where data is transferred outside India for legitimate business purposes, Notofire ensures that such transfers comply with applicable Indian data protection laws and maintain adequate security safeguards.

11. Third-Party Links
Our website or communications may contain links to third-party websites. Notofire is not responsible for the privacy practices or content of such external sites.

12. Policy Updates
Notofire reserves the right to update this Privacy Policy periodically to reflect changes in legal, regulatory, or business requirements. Updated versions will be published on our official platforms.

13. Grievance Redressal and Contact Information

In accordance with applicable cyber laws, grievances or queries related to privacy may be addressed to:

Grievance Officer / Data Protection Contact
Notofire Private Limited
Email: info@notofire.com

14. Governing Law
This Privacy Policy shall be governed by and construed in accordance with the laws of India, and courts of competent jurisdiction in India shall have exclusive jurisdiction.

15. Alignment with ISO/IEC 27001:2022

This Privacy Policy is aligned with Notofire’s Information Security Management System (ISMS) established in accordance with ISO/IEC 27001:2022. Personal and sensitive data protection controls are implemented in line with the following ISO 27001 control domains, as applicable: - A.5 – Organisational Controls (information security policies, roles, responsibilities) - A.6 – People Controls (confidentiality obligations, awareness, and training) - A.7 – Physical Controls (secure premises, access restrictions) - A.8 – Technological Controls (access control, encryption, logging, malware protection, network security)

Privacy and data protection risks are addressed through risk assessment, risk treatment plans, and continual improvement as part of the ISMS.

16. Alignment with Information Security & Cyber Security Policy

This Privacy Policy shall be read in conjunction with Notofire’s: - Information Security Policy - Cyber Security Policy - Access Control Policy - Incident Management and Breach Response Procedure

In case of any conflict, the more stringent control requirement shall prevail. All employees, contractors, and third parties are required to comply with these policies as a condition of access to Notofire information assets.

17. Data Breach and Incident Management
Notofire maintains a documented Information Security Incident Management Procedure in line with ISO/IEC 27001 and applicable cyber laws. In the event of a personal data breach: - Incidents are identified, recorded, assessed, and contained promptly - Impact on personal data confidentiality, integrity, and availability is evaluated - Mandatory notifications to authorities and affected data principals are carried out as per DPDP Act and IT Act requirements - Corrective and preventive actions are implemented.

18. DPDP Act, 2023 – Compliance Statement

In accordance with the Digital Personal Data Protection Act, 2023: - Notofire acts as a Data Fiduciary for personal data collected during business operations - Personal data is processed only for clear, lawful, and specified purposes - Reasonable security safeguards are implemented to prevent personal data breaches - Consent is obtained where required and may be withdrawn by the Data Principal - Data Principals’ rights are supported through documented procedures

Where Notofire processes personal data on behalf of customers or partners, it acts as a Data Processor and processes such data strictly as per contractual instructions.

19. Vendor, OEM, and Third-Party Compliance

All vendors, OEMs, consultants, and service providers handling personal or sensitive data on behalf of Notofire shall: - Comply with this Privacy Policy and applicable data protection laws - Implement security controls equivalent to ISO/IEC 27001 requirements - Execute confidentiality and data protection clauses as part of contractual agreements

Periodic reviews and audits may be conducted to ensure continued compliance.
20. Audit, Review, and Continual Improvement

This Privacy Policy is: - Reviewed periodically as part of internal ISMS and cyber security audits - Subject to management review - Updated based on regulatory changes, risk assessments, and audit findings

Continual improvement is driven through corrective actions, preventive actions, and security performance monitoring.