Privacy Policy

Effective date: June 2026

Agratas Energy Storage Solutions Private Limited, Agratas Limited and Agratas LLC (collectively “Agratas”, “we”, “us”, “our”) respect your privacy. This Privacy Notice explains how we collect, use, disclose, transfer and protect personal data when you visit agratas.com or use other Agratas websites, online platforms, applications, forms and related services (collectively, the “Platform”).

This Privacy Notice is written for a global audience. Where the law applicable to you (based on your place of residence) provides stronger or differing protections (for example: India DPDPA, EU GDPR, UK GDPR, California CCPA/CPRA, China PIPL, South Korea PIPA), we will apply that law to the extent it applies and where required.

For individuals located in jurisdictions that do not have specific privacy laws listed in this Privacy Notice or where local laws do not impose explicit data protection obligations, Agratas will still process personal data in accordance with the core privacy principles outlined in this Privacy Notice. This includes our commitments to:

  • Collect and process only the personal data necessary for lawful, fair and transparent purposes;
  • Provide clear information about how personal data is used;
  • Implement appropriate technical and organizational safeguards to protect personal data;
  • Respect individual rights relating to access, correction, deletion, and objection (where applicable); and
  • Ensure that any sharing or transfer of personal data is conducted responsibly and securely.

In such jurisdictions, Agratas will voluntarily apply the highest standard of protection that is reasonable and commercially practicable, guided by internationally recognized privacy principles, including fairness, purpose limitation, data minimization, security, transparency, access rights, and accountability.

Scope

This Privacy Notice applies to individuals who visit the Website, submit forms (enquiry, careers, contact), apply for roles, or otherwise interact with public Agratas digital services. It does not apply to employee HR records (which are covered by a separate Employee Privacy Notice). For the data collected and processed by third-party websites, please read those third parties’ privacy notices.

Definitions

Term

Definition

Data Subject/Data Principal / Consumer

A living individual to whom Personal Data relates. This includes “Data Subject” (GDPR/UK GDPR), “Data Principal” (DPDPA India), and “Consumer” (CCPA/CPRA California). In this Privacy Notice, the unified term Data Subject is used to represent all.

EEA (European Economic Area)

The region comprising EU Member States plus Iceland, Liechtenstein, and Norway where the GDPR applies. The UK is treated separately under UK GDPR.

Personal Data / Personal Information / PII

Any information that identifies or can reasonably identify an individual, directly or indirectly. Includes identifiers such as name, ID numbers, location data, online identifiers, device IDs, behavioural data, or any characteristics linked to a person. Aligns with GDPR, DPDPA, CPRA, PIPL, and PIPA.

Controller/Data Fiduciary / Business

An entity that determines the purpose and means of processing Personal Data. Equivalent terms include “Controller” (GDPR/UK GDPR), “Data Fiduciary” (DPDPA), and “Business” (CCPA/CPRA). In this project, the unified term Controller is used.

Processor/Data Processor/Service Provider / Contractor

Any entity that processes Personal Data on behalf of a Controller according to documented instructions. Includes “Processor” (GDPR), “Data Processor” (DPDPA), “Service Provider/Contractor” (CCPA/CPRA). Unified term: Processor.

Processing

Any operation performed on Personal Data manually or automatically, including collection, recording, organizing, structuring, storing, adapting, altering, retrieving, consulting, using, sharing, transmitting, disseminating, aligning, combining, restricting, deleting, anonymizing, or destroying Personal Data. This aligns with GDPR, DPDPA, CPRA, PIPL, and PIPA definitions.

Profiling

Automated or semi‑automated processing of Personal Data to analyze or predict an individual’s behaviour, preferences, interests, performance, health, financial situation, reliability, movements, or characteristics. Covered under GDPR automated decision‑making rules, CPRA’s profiling/inference rules, and PIPL’s individual profiling requirements.

Retention/Data Retention

The principle that Personal Data must only be kept for as long as necessary to fulfil the purpose for which it was collected or as required by law. After expiry, the data must be archived, anonymized, or securely deleted in accordance with a legally compliant retention schedule.

Transfer/ Cross‑Border Transfer

Any movement, disclosure, remote access, or storage of Personal Data across organizational or geographic borders, including intra‑group transfers. This includes transfers regulated under GDPR/UK GDPR (international transfers), DPDPA (restricted countries), PIPL (security assessment/Standard Contracts), CPRA.

Data protection principles

We are committed to complying with data protection principles to ensure the responsible handling of your data. This means your data will be processed in accordance with the following key principles:

  • Lawfulness, Fairness, and Transparency – Your data will be collected and processed in a lawful, fair, and transparent manner.
  • Purpose Limitation – Your data will only be used for specified, explicit, and legitimate purposes.
  • Data Minimisation – Only the data necessary for the intended purpose will be collected and processed.
  • Accuracy – We will take reasonable steps to ensure your data is accurate and up to date.
  • Storage Limitation – Your data will not be kept longer than necessary and will be securely disposed of when no longer needed.
  • Integrity and Confidentiality (Security) – Appropriate security measures will be in place to protect your data from unauthorized access, loss, or damage.
  • Accountability – We will take responsibility for ensuring compliance with these principles and demonstrating our commitment to data protection.

The types of Personal Data we collect

Agratas collects different categories of personal data depending on how you interact with our Website.

 

Category

Specific Data Fields

When Collected

Purpose of Processing

Legal Basis (Varies by Jurisdiction)

Identity Data

Name, title, organisation

When submitting enquiries, forms, visitor management

Responding to queries, communication, safety & security

Consent / Legitimate Interest

Contact Data

Email, phone number, address

Enquiry forms, contact forms, visitor management

Providing information, follow-ups, safety & security

Consent / Legitimate Interest

Recruitment Data

CV, work history, qualifications, right-to-work documents

Job applications via website

Recruitment processing

Consent (EU/UK), Separate consent (China), Legitimate Interest (India)

Preference Data

Service preferences, sectors of interest

Preference centre or form

Personalisation, updates

Consent

Images & CCTV Footage

CCTV, drones, body-cams, webcams

When visiting Agratas sites

Security, safety, incident response

Legitimate Interest / Legal Obligation

Sensitive Personal Data 

Government IDs, health info (e.g., disability accommodations)

Job applications, special requests;

Compliance with law, accommodation

Explicit Consent (EU/China/Korea); Allowed purpose (India)

Visitor Identity Data

Name, National ID, Passport, Aadhaar, mobile number, email address

Upon arrival at Agratas premises for business visits, meetings, demos or discussions

Site access management, security, visitor log maintenance

Legitimate interests (UK GDPR); Legitimate use (DPDPA); Legitimate interests (PIPA)

On-site Contractor & Vendor Data

National ID, Passport, Aadhaar, work permit, driving licence, bank account details, PF details, ESIC, WC policy, insurance details

Prior to or upon commencement of on-site work including equipment installation, fabrication, calibration, maintenance and environmental monitoring

Statutory labour compliance, contractor management, insurance verification, regulatory record-keeping

Legal obligation (DPDPA, Contract Labour Act, EPF Act, ESIC Act, IR Code); Legitimate interests for insurance and access verification (UK GDPR, PIPA)

Children’s Data

Name, age, guardian details

Only If services involve minors

Verification, registration

Verified Parental Consent

Note: The list of personal data categories provided above is non-exhaustive and is intended only to give an overall indication of the types of data we may process.

 

We will also collect and hold non-personal data we collect about you from other sources. This could include:

 

Category

Examples

How is it Collected

Purpose

Technical Data

IP address, browser type, OS, device type, timezone

Through web servers & analytics tools

Website optimisation, security

Usage Data

Clickstream, pages viewed, session duration, navigation patterns

Cookies, pixels, log files

Analytics, user experience improvement

Location Data

Approximate geo-location (via IP)

Analytics tools

Localization, fraud detection

Cookies & Tracking Data

Session cookies, preference cookies, analytics cookies

Through cookie banners & trackers

Functionality, analytics, marketing (consent where required)

Automated Decision-Making Indicators

Automated screening results for high-volume job applications

Recruitment software

To efficiently shortlist applications

How we collect your personal data

Source of Collection

How Data is Obtained

Examples

Directly from You

When you submit forms, upload documents, send emails

Enquiry forms, CV submission

Automatically from Devices

Via cookies, device metadata, log files

IP address, browser type, analytics data

From Communications

When you email or message us

Email content, attachments

From Website Interactions

Through browsing, clicking, navigating

Heatmaps, clickstream analysis

From Security Systems

When you enter Agratas premises

CCTV, access-control logs, visitor management system

From Third Parties

Reference checks, background verification (for recruitment)

Recruiters, BGV agencies

Why We Process Your Personal Data (Purpose and Legal Basis)

We process your personal data only for lawful purposes and in accordance with applicable data protection laws, including the DPDPA (India), GDPR/UK GDPR (EU/UK), CPRA (California), PIPL (China), and PIPA (South Korea). The purposes for which we process your data, along with the lawful bases permitted under these laws, are described below.

a.       Purposes of Processing

We process personal data for the following purposes:

Purpose of Processing

Description of Activity

Legal Basis (Jurisdiction-Specific)

Service Delivery & Website Functionality

Providing access to the Website, managing your interactions, enabling features, maintaining security

Contractual necessity (GDPR/UK GDPR); Legitimate use (DPDPA); Legitimate interests (CPRA, PIPA)

Responding to Enquiries & Requests

Responding to queries, support requests, or communication sent to us

Legitimate interests (GDPR/UK GDPR); Consent (DPDPA); Business purpose (CPRA)

Recruitment & Candidate Evaluation

Processing job applications, verifying documents, assessing suitability, conducting background checks

Consent (DPDPA, PIPL); Contractual necessity (GDPR/UK GDPR); Legitimate interest (CPRA)

Legal & Regulatory Compliance

Complying with laws, court orders, regulatory directions, tax/record-keeping obligations, preventing fraud

Legal obligation (GDPR/UK GDPR, PIPL, PIPA); legitimate uses (DPDPA); Required business purpose (CPRA)

Marketing & Communication

Sending updates, newsletters, offers (only where legally permitted)

Consent (GDPR/UK GDPR, PIPL, DPDPA); Right to opt-out (CPRA); Consent/notice (PIPA)

Security, Fraud Detection & Incident Response

Detecting suspicious activity, preventing cyber threats, ensuring network integrity

Legitimate interests (GDPR/UK GDPR); Security exception (CPRA); Legal obligation (PIPL/PIPA/DPDPA);

Improvement of Website & Analytics

Understanding Website usage, improving performance, diagnostics, internal audits

Legitimate interests (GDPR/UK GDPR); Consent for analytics cookies (GDPR/UK GDPR/PIPL/PIPA); Opt-out rights (CPRA)

Protecting Vital Interests

Emergency situations requiring processing to protect life or physical safety

Vital interests (GDPR/UK GDPR); Emergencies (DPDPA, PIPL, PIPA, CPRA)

Business Operations & Record Keeping

Internal reporting, governance, audits, dispute resolution

Legitimate interests (GDPR/UK GDPR); Legal obligation (PIPL, PIPA); Business purpose (CPRA); Legitimate use (DPDPA)

 

b.        Processing Based on Consent

Where we rely on consent (e.g., marketing communications, optional cookies, certain recruitment-related data, or processing of sensitive data where applicable), you may withdraw your consent at any time by contacting us at dpo@agratas.com. Withdrawal will not affect the lawfulness of processing conducted before the withdrawal.

 

c.       Special Circumstances

We may process personal data without consent where required:

·       to comply with legal obligations under applicable jurisdictions

·       to protect our rights or respond to law enforcement requests

·       to ensure network and information security

·       to protect the vital interests of any individual during emergencies

These grounds are used strictly in accordance with applicable laws and only where necessary.

 

Why might we share your personal information with third parties?

For the purposes set out in the ‘The purpose for which we collect your Personal Data’ section above, subject to your consent, we may share your personal information with our third-party providers:

These may include for example:

  • Those we engage to host and maintain the website and IT systems.
  • During our recruitment process, Agratas may engage with third-party service providers and partners to facilitate various aspects of our hiring procedures.
  • Analytics and search engine service providers that assist us in the improvement and optimisation of this website.
  • Legal advisers
  • Those who assist us with or partner with us in marketing campaigns.
  • Our clients.
  • Our suppliers and sub-contractors, the suppliers and subcontractors of our clients where required.
  • Other companies in the Agratas group.

 

Additionally, we will disclose your personal information to the relevant third party:

  • If we sell or buy any business or assets, in which case we will disclose your personal data to the prospective seller or buyer of such business or assets.
  • To third parties when it is necessary for the establishment, exercise, or defence of legal claims.
  • If we are acquired by a third party, in which case personal data held by it about its customers will be one of the transferred assets.
  • If we choose to exercise a legal power to do so.
  • If we are under a duty to disclose or share your personal data to comply with any legal obligation, or to enforce or apply contractual terms or other agreements; or to protect the rights, property, or safety of ourselves our customers, our regulator, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and prevention of money laundering and credit risk reduction.

All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions.

Use of Automated CV Screening Tool

  • As part of our recruitment process, Agratas uses an automated CV screening tool to assist in evaluating job applications. This section explains how this tool operates and what it means for you as an applicant.

  • When you submit a job application through our website, your CV and application details are first stored in our applicant tracking system (SuccessFactors). Your CV is then processed through an automated screening tool, which scores your application against the Job Description for the role you have applied for. This score is used to assist our recruitment team in the shortlisting process. This process constitutes profiling as defined under applicable data protection law, as it involves the automated evaluation of personal data to assess your suitability for the role.

  • Your CV will receive a score based on how it matches the requirements of the Job Description for the role applied for. [A member of our recruitment team reviews all scored applications before any shortlisting decision is made.] No candidate is shortlisted or rejected solely on the basis of the automated score without human review.

  • The CV screening tool is hosted on Agratas infrastructure at our Bangalore office. Your CV data does not leave Agratas systems at any point during this process.
  • We process your CV data through this tool on the basis of [legitimate interests (UK GDPR) / consent (DPDPA)] in connection with our recruitment activities. [Where we rely on legitimate interests, Agratas has a legitimate interest in efficiently and consistently assessing candidates against role requirements. This interest is balanced against your right to meaningful human review of your application, which is preserved as described below.]

  • If your application is successful, your CV and application data will be retained for the duration of your employment plus 3 years. If your application is unsuccessful, your CV and application data will be retained for a maximum duration of 12 months.

  • In connection with the automated processing described in this section, you have the following rights:
    • To request that a member of our recruitment team personally reviews your application without reliance on the automated score;
    • To express your point of view regarding any automated assessment of your application; and
    • To contest any decision made in connection with your application where you believe the automated assessment has not accurately reflected your suitability for the role.
To exercise any of the rights described above, please contact us

Use of Survey Tool

  • As part of our recruitment process, Agratas may invite you to participate in a voluntary feedback survey following your interview. This survey is designed to help us improve our recruitment process and candidate experience.

  • Participation in the survey is entirely voluntary and has no bearing on your application or its outcome. You may decline to participate without consequence.

  • Survey responses are collected and processed through an internal Agratas tool. Your data does not leave Agratas infrastructure at any point during this process.

  • We process your survey responses on the basis of your consent. You may withdraw your consent at any time by contacting us at dpo@agratas.com, though withdrawal will not affect the lawfulness of processing carried out before withdrawal.

  • Survey responses are not retained in identifiable form and are not stored beyond initial processing.

Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.

We have put in place reasonable procedures to deal with any suspected data security breach, however, please note that we cannot ensure or warrant the security of any information you transmit to Agratas or guarantee that your personal data may not be accessed, disclosed, altered, or destroyed by a breach of any of our security measures and safeguards. In the event of any actual or suspected security incident, including data breach, we will take all measures required to be undertaken under applicable laws and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.

You hereby agree to, so long as you access and/or use Agratas’ website or platform (directly or indirectly), to take adequate physical, managerial, and technical safeguards, at your end, to preserve the integrity and security of your data which shall include and not be limited to your personal data.

International Transfers

Agratas may transfer your personal data to a jurisdiction different from the one in which you reside, in accordance with applicable dataprotection laws. Agratas will ensure that any international transfer of your personal data is conducted through appropriate and lawful transfer mechanisms and will not transfer personal data to any country that is restricted or prohibited under applicable regulations. Where personal data is transferred within our group entities across jurisdictions, we take reasonable steps to ensure that such transfers are protected and comply with applicable data protection requirements.

Third party links

Our websites may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites, are not responsible for their privacy statements or their security practices or their content. When you leave our website, we encourage you to read the privacy notice of every website you visit.

How long will you use my information for?

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we believe there is a prospect of litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider your consent to this Privacy Notice or its withdrawal thereof, the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

Your rights in connection with personal information

To ensure clarity across jurisdictions, the following describes each right in simple terms:

  1. Right to Be Informed: You have the right to receive clear information about how we collect, use, share, store, and protect your personal data. This Privacy Notice fulfils that obligation.

  2. Right of Access: You may request a copy or summary of the personal data we hold about you, along with information on how and why it is processed.

  3. Right to Correction (Rectification): You may ask us to correct or update any inaccurate, incomplete, or outdated personal data.

  4. Right to Erasure / Deletion: You may request that we delete your personal data where it is no longer necessary, where you withdraw consent, or where deletion is required by law. (Deletion may not apply when we are legally required to retain data.)

  5. Right to Withdraw Consent: Where processing is based on consent (e.g., marketing), you may withdraw consent at any time. Withdrawal does not affect the lawfulness of prior processing.

  6. Right to Restrict Processing: In certain cases (e.g., dispute on accuracy), you may request that we temporarily restrict the use of your personal data.

  7. Right to Data Portability: You may request that we provide your personal data in a structured, commonly used, machine-readable format, or that we transfer it to another organization.

  8. Right to Object: You may object to certain types of processing, such as processing based on legitimate interests or direct marketing.

  9. Rights Related to Automated Decision-Making: You have the right to request human intervention, express your viewpoint, or contest decisions that are made solely through automated means and have legal or significant effects on you.

  10. Right to Explanation (China – PIPL): You may request an explanation about how your personal information is being processed, especially when automated decision-making is involved.

  11. Right to Limit Use of Sensitive Personal Information (California): You may direct us to limit the use of your sensitive personal information to purposes allowed strictly under CPRA.

  12. Right to Opt-Out of Sale or Sharing of Personal Information (California): You may request that we stop selling or sharing your personal information for cross-context behavioural advertising. Agratas does not sell personal data, but this right is provided where required.

  13. Right to Be Notified of Third-Country Transfers (Korea – PIPA): You may request to be informed when your data is transferred outside South Korea and to whom.

  14. Right to Nominate (India – DPDPA): You may designate another individual to exercise your rights in the event of your death or incapacity.

  15. Right to Grievance Redressal (India – DPDPA): You may raise a complaint with our Grievance Officer and escalate to the Data Protection Board of India if unsatisfied.

You have rights depending on your jurisdiction. Agratas honours the strictest applicable rights.

 

Country

Rights available

India

  • Right to access information
  • Right to correction and erasure
  • Right to grievance redressal
  • Right to nominate another person

UK/EU

  • Right to be informed
  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restrict processing
  • Right to data portability
  • Right to object
  • Rights relating to automated decision-making

California

  • Right to know
  • Right to delete
  • Right to correct
  • Right to opt-out of sale or sharing
  • Right to limit use of sensitive personal information

China

  • Right to access, copy, correct, delete
  • Right to withdraw consent
  • Right to explanation
  • Rights related to automated decision making

South Korea

  • Right to access
  • Right to correction/deletion
  • Right to suspend processing
  • Right to be notified of transfers

To exercise any of the rights described above, please complete and submit our Data Subject Request Form, available at Data Subject Request Form – Fill out form. Upon submission, you will receive an acknowledgment. Alternatively, you may exercise your rights by contacting our Data Protection Office (DPO) at dpo@agratas.com.

We will respond to your request within 30 days of receipt, or within such shorter period as required under applicable law.

Response Timelines

We will respond to your request within thirty (30) days, or within any shorter period required under applicable law. Where the law permits an extension for complex or high‑volume requests, Agratas may extend the response period as allowed, and we will notify you of the extension and the reasons for it.

When We May Decline a Request

  • We may decline a request only where permitted by law, such as:
  • When disclosure affects the rights of others
  • When data must be retained for legal, regulatory, or contractual purposes
  • When identity cannot be verified
  • When the request is manifestly unfounded, excessive, or repetitive

We will always provide a clear explanation if we decline your request.

To raise a request, complete a DPO request on our contact us form.

Grievance Redressal

We take your concerns seriously and are committed to resolving any issues relating to the processing of your personal data in a fair, transparent, and timely manner.

 

a.      How to Raise a Concern with Agratas

If you have any questions, concerns, or complaints about how we handle your personal data, you may contact our Grievance Redressal Officer / Data Protection Office (“DPO”) using the details below. We encourage you to approach us first so that we may work to resolve the issue promptly.

 

Email: dpo@agratas.com

 

We will acknowledge your complaint and aim to provide a resolution within the timelines prescribed under the applicable law of your jurisdiction.

 

b.      Escalation to Supervisory Authorities

If you are not satisfied with Agratas’ response, you have the right to escalate your complaint to the relevant data protection authority based on your place of residence. Below is a summary of the applicable authorities in each jurisdiction where Agratas’ Website users commonly reside:

 

Jurisdiction

Supervisory Authority

Purpose

Contact / Link

India

Data Protection Board of India (DPB)

Handles grievances relating to violations of the Digital Personal Data Protection Act, 2023

To be updated once the Government of India notifies the official DPB portal

<TBU post establishment of the board>

United Kingdom

Information Commissioner’s Office (ICO)

Supervises compliance with UK GDPR and investigates complaints

https://ico.org.uk/make-a-complaint/

European Union (if applicable)

National Supervisory Authority of the Member State where you reside

Monitors GDPR compliance and resolves cross-border matters

List of all EU DPAs: https://edpb.europa.eu/about-edpb/board/members_en

California, USA

California Privacy Protection Agency (CPPA)

Enforces CCPA/CPRA and handles consumer privacy complaints

https://cppa.ca.gov/complaints/

China

Cyberspace Administration of China (CAC)

Supervises PIPL compliance, cross-border transfers, and personal information rights

https://www.cac.gov.cn/

South Korea

Personal Information Protection Commission (PIPC)

Enforces PIPA, handles privacy complaints and investigations

https://www.pipc.go.kr/eng/

 

Order of Escalation and Suggested Approach

 

To ensure smooth resolution, we recommend the following sequence:

  1. Contact Agratas (DPO/Grievance Officer) first.
    Most issues can be resolved directly and promptly.

  2. Escalate to the relevant supervisory authority only if:
  • You are unsatisfied with Agratas’ response;
  • You believe your rights under the applicable law have been infringed; or
  • The issue involves cross-border concerns that require regulatory intervention.

 

3.  For multi-jurisdictional concerns, we will assist in identifying the appropriate authority.

 No Retaliation Commitment

Agratas guarantees that raising a complaint or exercising your legal rights will never result in:

  • denial of service,
  • adverse treatment,
  • reduced quality of service, or
  • discriminatory behaviour.
Complete a DPO request on our contact us form

Your Consent

Where Agratas relies on your consent as the lawful basis for processing your personal data, we will present you with a clear, specific, and unbundled consent request. By providing your consent through an affirmative action (such as selecting “I Agree,” ticking a checkbox, signing a form, or submitting a consent option), you acknowledge that you have been informed of the purpose of processing, the type of data collected, your rights, and your ability to withdraw consent at any time.

Contact Us

To ask questions about this Privacy Notice and our privacy practices, or if you need to update, change, or remove your personal data, or exercise any other rights, including contacting the Data Protection Office to address any discrepancies or grievances relating to the processing of your personal data, please reach out to us. If you are unhappy with our handling of your personal data, you also have the right to lodge a complaint with the relevant data protection authority. 

To raise a request, complete a DPO request on our contact us form.

Alternatively, write to us:

India Address: Agratas Energy Solutions Private Limited, Army & Navy Building, 148 M G Road, Opposite Kala Ghoda Fort, Mumbai, Maharashtra, India, 400001.  

UK Address: 18 Grosvenor Place, London, United Kingdom, SW1X 7HS. 

USA Address: 1209 Orange Street, Wilmington, New Castle County, Delaware 19801. (A copy to be sent to the Indian Address if anything is being sent to the USA Address as the DPO is based out of India.

Changes to this Notice

This Privacy Notice will be reviewed on an annual basis and updated as required. Whenever significant changes are made, we will aim to issue a notification with a link to the new updated version.

Privacy