BNB Security & Automation Solutions – Privacy Policy
Effective Date: 22 May 2025
Last Updated: 22 May 2025
BNB Security & Automation Solutions Pvt Ltd ("BNB", "we", "us", or "our") respects your privacy and is committed to protecting personal data that we process when you visit www.bnbinfosys.com and any related sub domains (collectively, the "Site"). This Privacy Policy explains how we collect, use, disclose, secure and store your information and describes your rights under applicable laws, including:
- The Digital Personal Data Protection Act, 2023 (India).
- Information Technology Act, 2000 & the Reasonable Security Practices and Procedures & Sensitive Personal Data or Information Rules, 2011 ("SPDI Rules").
- Indian Computer Emergency Response Team (CERT In) Directions, 2022 (incident reporting & log retention).
- EU General Data Protection Regulation (EU) 2016/679 ("GDPR"), where applicable to data subjects located in the EEA/UK.
1. Scope
This Policy applies to personal data processed through the Site in the course of BNB's marketing, corporate communications and customer engagement activities. It does not cover employee, vendor or on site physical security data.
2. Definitions
- "Personal Data" (DPDP Act) / "Personal Information" (SPDI Rules) / "Personal Data" (GDPR) – any information that relates to an identified or identifiable individual.
- "Processing" – any operation performed on personal data including collection, storage, use, disclosure, transfer or deletion.
- "Data Principal" / "Data Subject" – the individual to whom the personal data relates.
- "Data Fiduciary" (DPDP Act) / "Controller" (GDPR) – BNB, determining the purposes and means of processing.
3. What Data We Collect
| Category | Examples | Source |
|---|---|---|
| Contact Data | Name, email, phone, organisation, job title | Directly from you via "Let’s Connect" forms, event registrations |
| Device & Usage Data | IP address, browser type, OS, referring URLs, pages visited, session duration | Automated via cookies & similar technologies |
| Marketing Preferences | Opt in/opt out selections for newsletters & events | Directly from you |
| Feedback | Testimonials, survey responses | Directly from you |
Sensitive personal data (e.g., Aadhaar, financial or health data) is not intentionally collected through the Site.
4. Lawful Basis & Purpose of Processing
| Purpose | Lawful Basis (DPDP §4, GDPR Art 6) |
|---|---|
| Respond to enquiries, schedule demos | Consent / Pre contractual steps |
| Send newsletters & event invites | Consent (opt in) |
| Improve Site performance & cybersecurity monitoring | Legitimate interests in operating our business & security compliance (SPDI Rule 8, CERT In Directions) |
| Statutory compliance, legal claims | Legal obligation / Legitimate interests |
5. Cookies & Tracking Technologies
We use first party and third party cookies (analytics & performance) to understand visitor engagement. You can manage cookies via your browser settings or the on site banner.
6. Data Sharing & Disclosure
We do not sell or rent personal data. We may share data:
- With authorised BNB personnel on a need to know basis.
- With trusted service providers (web hosting, email delivery, analytics) under confidentiality agreements.
- To comply with lawful requests, court orders, or to assert legal rights.
- In connection with a corporate transaction (merger, acquisition) with appropriate safeguards.
7. International Transfers
Where data is transferred outside India or the EEA, we implement appropriate safeguards (e.g., Standard Contractual Clauses, DPDP Act §16 obligations).
8. Data Security
BNB maintains ISO 27001 aligned technical & organisational measures, including encryption in transit, role based access control, 90 day log retention, periodic vulnerability assessments, and an incident response playbook consistent with CERT In 6 hour notification timelines.
9. Data Retention
Personal data is retained for the shorter of: (a) 24 months from last interaction, or (b) as required to fulfil the purpose or comply with legal obligations. Web server logs are retained for 180 days (CERT In Directions §4). Longer retention may apply where claims are anticipated.
10. Your Rights
Depending on jurisdiction, you may have rights to:
- Access and obtain a copy of your data;
- Correct inaccurate or incomplete data;
- Delete or request erasure;
- Withdraw consent at any time;
- Data portability (GDPR, DPDP);
- Object to processing for direct marketing;
- Lodge a complaint with the Data Protection Board of India or an EU supervisory authority.
You may exercise these rights by contacting us (see §12). We will respond within 30 days.
11. Children’s Privacy
The Site is not directed at children under 18. We do not knowingly collect personal data from minors. If we learn we have done so, we will delete it promptly.
12. Grievance & Data Protection Officer
Grievance Officer / DPO
Name:
Email:
Address: BNB Security & Automation Solutions (P) Ltd
No 1829, “BNB ENCLAVE”, Railway Parallel Road, ‘C Block’,
Sahakarnagar, Bengaluru – 560092.
13. Changes to This Policy
We may update this Policy from time to time. Material changes will be notified on the Site or via email where required. Continued use of the Site after the revision date constitutes acceptance.
14. Contact Us
For questions about this Policy or our privacy practices, contact us at privacy@bnbinfosys.com or the postal address above.