Privacy Policy

1. Introduction

Mercury Ev-Tech ("we," "us," "our"), an Indian company headquartered in Vadodara, Gujarat, is committed to protecting the privacy of individuals who interact with our services, products, or platforms. This Privacy Policy outlines how we collect, use, disclose, and safeguard personal and non-personal data in compliance with Indian laws, including the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act (DPDPA) 2023 (once effective).

2. Scope

This policy applies to all interactions with MercuryEVTech, including but not limited to:

• Use of our websites, mobile applications, APIs, and software.
• Engagement with our electric vehicle (EV) products, charging networks, or customer support.
• Participation in surveys, marketing activities, or events.
• IoT devices, telematics, or connected services (where applicable).

3. Information We Collect

a. Personal Data:

• Identifiers: Name, email, phone number, mailing address, government ID (e.g., for warranty claims).
• Professional Details: Job title, organization, business contact information.
• Transactional Data: Payment details (credit card, UPI), purchase history, warranty registrations.
• Technical Data: IP address, device ID, browser type, geolocation (e.g., for charging station locators), diagnostic logs from EVs.
• User Preferences: Charging schedules, driving patterns (if collected).

b. Non-Personal Data:

• Aggregated usage statistics (e.g., app feature usage, anonymized vehicle performance data).
• Cookies and tracking data (see Section 8).

c. Sensitive Data:

• Passwords, financial account details, biometric data (e.g., fingerprint access to apps).
  Note: Sensitive data is collected only with explicit consent and stored using advanced encryption.

4. Purpose of Data Collection

We process data to:

• Fulfill orders, provide services (e.g., EV maintenance, charging network access), and manage user accounts.
• Improve products (e.g., analyze vehicle performance data), services, and user experience.
• Send promotional communications (opt-out available via email or account settings).
• Comply with legal obligations (e.g., tax records, product recalls) and prevent fraud.
• Enable features like remote diagnostics, over-the-air software updates, or personalized charging recommendations.

5. Data Sharing and Disclosure

We may share data with:

• Service Providers: Payment gateways (e.g., Razorpay), cloud storage providers, and IT partners bound by confidentiality agreements.
• Legal Authorities: To comply with court orders, law enforcement requests, or regulatory requirements.
• Business Transfers: In mergers, acquisitions, or asset sales, with prior notice to users.
• With Consent: For partnerships (e.g., third-party charging networks) disclosed at the time of collection.

International Transfers:
Data is primarily stored in India. If transferred globally (e.g., to cloud servers in the EU/US), we use safeguards like Standard Contractual Clauses (SCCs) or adequacy decisions under DPDPA.

6. Data Security

• Technical Safeguards: AES-256 encryption, firewalls, multi-factor authentication, and regular penetration testing.
• Organizational Measures: Restricted access to data, employee training on cybersecurity, and annual audits.
• Breach Notification: In the event of a data breach affecting user rights, we will notify users and CERT-In within 72 hours as per Indian law.

7. Data Retention

• Retained only as long as necessary (e.g., transaction data for 7 years per tax laws) or until consent is withdrawn.
• Anonymized data may be retained indefinitely for analytics.

8. Cookies and Tracking Technologies

• Types of Cookies:
  • Necessary: Session cookies for app functionality.
  • Analytics: Google Analytics to track website traffic (opt-out via browser settings).
  • Advertising: Retargeting cookies (manage preferences via our Cookie Consent Banner).
• Third-Party Tools: Social media plugins (e.g., Facebook, Twitter) governed by their policies.

9. User Rights

Under Indian law, you may:

• Access/Correct Data: Request a copy of your data or update inaccuracies.
• Withdraw Consent: For processing (excluding legal/compliance needs).
• Delete Data: Request erasure where no legal obligation exists.
• Portability: Receive data in a machine-readable format (e.g., CSV).
• Grievance Redressal: Escalate unresolved issues to the Data Protection Board of India (once DPDPA is enforced).

To exercise rights, contact us at privacy@mercuryevtech.com with verification steps (e.g., government ID). We respond within 30 days.

10. Third-Party Links

Our services may link to external sites (e.g., charging station partners). We advise reviewing their privacy policies separately.

11. Children's Privacy

We do not knowingly collect data from individuals under 18. Parents/guardians may contact us to remove inadvertently collected data.

12. Updates to this Policy

Changes will be posted on our website with a revised effective date. Material changes (e.g., new data uses) will trigger direct notifications.

13. Grievance Officer

14. Contact Us

For questions, complaints, or consent withdrawal: