Privacy Policy

Our Commitment to Your Privacy

Asset Online Private Limited (AOPL) is committed to protecting your personal data and respecting your privacy. This Privacy Policy explains clearly what data we collect, why we collect it, how we use it, and what rights you have over it — in accordance with the Digital Personal Data Protection Act, 2023 (DPDP Act), the DPDP Rules, 2025, and the Information Technology Act, 2000. Please read this Policy carefully before providing us with any personal data.

1Introduction & Scope

1.1 This Privacy Policy ("Policy") applies to all personal data collected, processed, stored, or transferred by Asset Online Private Limited (AOPL) through or in connection with the website https://aopl.tech ("Website"), including all sub-domains and digital properties operated by AOPL.

1.2 This Policy applies to all visitors, enquirers, prospective clients, business partners, and other individuals ("Data Principals" under the DPDP Act, referred to herein as "you" or "your") who interact with the Website or provide personal data to AOPL.

1.3 This Policy does not apply to: (a) personal data of AOPL's employees, which is governed by separate HR and employment policies; (b) data processed under separately executed service agreements between AOPL and its clients, which are governed by the data processing terms in those agreements.

1.4 This Policy must be read in conjunction with our Terms & Conditions, which are incorporated herein by reference.

Legal Framework

This Policy is drafted in compliance with: (i) The Digital Personal Data Protection Act, 2023 (No. 22 of 2023); (ii) The Digital Personal Data Protection Rules, 2025 (notified November 13, 2025); (iii) The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011; and (iv) Section 43A and Section 72A of the Information Technology Act, 2000. Full compliance with the DPDP Rules phased obligations is being progressively implemented, with full compliance targeted by May 2027 as per the statutory calendar.

2Identity of the Data Fiduciary

Under the DPDP Act, 2023, the entity that determines the purpose and means of processing your personal data is termed the "Data Fiduciary." For all personal data collected through or in connection with the Website, the Data Fiduciary is:

Legal Name	Asset Online Private Limited
Trading Name / Abbreviation	AOPL
Corporate Identity Number	U72200KA2013PTC071635
Incorporation	Incorporated under the Companies Act, 2013, Republic of India
Registered Office	355, Balaji Arcade, 5th Main, HSR Layout, Sector 6, Bengaluru, Karnataka 560102, INDIA
Website	https://aopl.tech
Privacy Contact Email	legal@aopl.tech

3Definitions

For the purposes of this Policy, the following terms have the meanings given below (terms not defined here carry the meanings given in the DPDP Act, 2023):

"Personal Data" means any data by which or in relation to which a natural person (Data Principal) is identifiable, as defined under Section 2(t) of the DPDP Act, 2023.
"Sensitive Personal Data or Information (SPDI)" means categories of personal data specified under Rule 3 of the IT (SPDI) Rules, 2011, including passwords, financial information, health data, biometric data, and sexual orientation.
"Data Fiduciary" means the entity that alone or in conjunction with others determines the purpose and means of processing personal data — in this context, AOPL.
"Data Principal" means the natural person whose personal data is being processed — in this context, you.
"Data Processor" means any third party that processes personal data on behalf of AOPL in accordance with AOPL's instructions.
"Processing" means any operation performed on personal data, including collection, recording, storage, alteration, retrieval, use, sharing, disclosure, erasure, or destruction.
"Consent" means a free, specific, informed, unconditional, and unambiguous indication of the Data Principal's wishes by a clear affirmative action, as defined under Section 6 of the DPDP Act, 2023.
"Data Protection Board" means the Data Protection Board of India established under Section 18 of the DPDP Act, 2023.
"Cookie" means a small text file placed on your device by the Website to enable certain features and analytics.
"DPDP Act" means the Digital Personal Data Protection Act, 2023.

4Personal Data We Collect

4.1 AOPL collects only the personal data that is necessary, proportionate, and adequate for the purposes described in this Policy. We collect the following categories of personal data:

4.1.1 Identification & Contact Data

Full name and professional title / designation
Name of employing organisation or company
Business email address
Business telephone / mobile number
Business mailing address and city/state/country

4.1.2 Enquiry & Business Interaction Data

Nature of your organisation's technology requirements
Industry sector and approximate organisation size
Details of the enquiry or project requirement you submit through forms
Records of correspondence and communications with AOPL

4.1.3 Technical & Device Data

IP address (collected automatically)
Browser type, version, and language settings
Operating system and device type
Referring URL and pages visited on the Website
Date and time of Website access
Session duration and interaction patterns

4.1.4 Marketing Preference Data

Whether you have opted in to receive marketing communications, product updates, or event invitations from AOPL
Records of consent given and withdrawn

4.1.5 Sensitive Personal Data or Information (SPDI)

AOPL Does Not Intentionally Collect SPDI

AOPL does not, as a matter of policy, collect Sensitive Personal Data or Information (SPDI) as defined under Rule 3 of the IT (SPDI) Rules, 2011, through the Website. This includes passwords, financial information, health data, biometric data, sexual orientation, or similar sensitive categories. If you inadvertently submit SPDI through any form or communication, please notify us at legal@aopl.tech and we will take steps to delete it.

5How We Collect Personal Data

5.1 Directly from you when you:

Submit a contact, enquiry, or assessment request form on the Website;
Download resources such as white papers, case studies, or brochures;
Subscribe to marketing emails or event notifications;
Register for or attend a webinar, event, or demonstration hosted by AOPL;
Email or call AOPL in response to information on the Website.

5.2 Automatically when you access and browse the Website, through:

Server logs and web analytics tools (including Google Analytics);
Cookies, web beacons, pixels, and similar tracking technologies (see Section 8);
Heatmaps and session recording tools (where implemented).

5.3 From third parties, including:

Publicly available professional directories or LinkedIn when you interact with AOPL's business development team;
Business referrals from partners and associates.

5.4 All data collection from you through the Website is entirely voluntary. You are not legally obligated to provide personal data. However, if you choose not to provide certain information, AOPL may be unable to respond to your enquiry or provide you with the requested information or Services.

6Legal Basis for Processing

Under the DPDP Act, 2023, AOPL processes your personal data on the following legal bases:

6.1 Consent (Section 6, DPDP Act)

For marketing communications, newsletters, and promotional content, AOPL relies on your freely given, specific, informed, unconditional, and unambiguous consent. You may withdraw consent at any time (see Section 14). Withdrawal of consent does not affect the lawfulness of processing prior to withdrawal.

6.2 Legitimate Uses (Section 7, DPDP Act)

AOPL may also process personal data on the basis of legitimate uses, which includes:

Processing necessary for the performance of a function of the State or any instrumentality of the State;
Processing necessary for compliance with any law or legal order;
Processing for the purpose of employment-related functions (for staff data — not applicable here);
Processing necessary to respond to a medical emergency (not applicable to this Website);
Processing data that is manifestly made available by the Data Principal.

6.3 Contract Performance

Where you have requested a quote, proposal, or assessment from AOPL, processing your business contact details is necessary to respond to and fulfil your request.

6.4 Legal Obligation

Certain processing is required to comply with applicable Indian laws, including tax, accounting, corporate governance, and law enforcement obligations.

Services Cannot Be Conditioned on Unrelated Consent

In accordance with Section 6(4) of the DPDP Act, AOPL does not make access to the Website or its information resources conditional on your consent to receive marketing communications or to process personal data for purposes unrelated to your enquiry. Consent for marketing is always optional and separate.

7Purposes of Processing

7.1 AOPL processes your personal data for the following specific purposes:

Responding to enquiries: To acknowledge and respond to your contact form submissions, requests for information, or requests for proposals;
Providing information: To send you information about AOPL's products, services, solutions, case studies, and industry insights that you have requested;
Assessment and proposals: To prepare and deliver infrastructure assessments, technology proposals, or consultations you have requested;
Marketing (consent-based): To send you newsletters, event invitations, product updates, and promotional content, where you have provided consent;
Website analytics: To understand how visitors use the Website and to improve its performance, content, and user experience;
Security: To detect, prevent, and investigate fraudulent, illegal, or unauthorised activity on or through the Website;
Legal compliance: To meet AOPL's obligations under applicable law, including tax, regulatory, and corporate reporting requirements;
Dispute resolution: To enforce AOPL's rights, defend legal claims, and protect AOPL's interests in legal proceedings.

7.2 AOPL shall not process your personal data for any purpose that is incompatible with the purposes described above without first providing you with a fresh notice and, where required, obtaining your consent.

8Cookies & Tracking Technologies

8.1 The Website uses cookies and similar technologies to enhance your browsing experience and to gather analytical data. A cookie is a small text file stored on your device by your browser.

Categories of Cookies Used

Strictly Necessary Cookies: Essential for the operation of the Website, including session management and security. These cookies cannot be disabled without affecting core Website functionality. No consent is required for these cookies.
Analytics Cookies: Used to understand how visitors interact with the Website (e.g., pages visited, time spent). AOPL uses Google Analytics (Google LLC) for this purpose. Data collected is aggregated and pseudonymised where possible.
Marketing / Targeting Cookies: Used to serve relevant advertisements or measure campaign effectiveness (e.g., LinkedIn Insight Tag). These cookies are only set with your prior consent.
Preference Cookies: Used to remember your preferences and settings across sessions.

Your Cookie Choices

8.2 When you first visit the Website, a cookie consent banner will be displayed. You may accept all cookies, accept only necessary cookies, or customise your preferences. You may also control cookies through your browser settings, noting that disabling certain cookies may affect Website functionality.

8.3 Analytics cookies are active for a maximum period of 26 months from date of placement. Marketing cookies are placed for periods specified by the respective third-party providers.

8.4 For comprehensive information on the cookies used, their duration, and the third-party providers involved, please refer to our Cookie Declaration, accessible via the cookie consent management tool on the Website.

10International Transfers

10.1 Certain third-party service providers engaged by AOPL (such as Google Analytics, cloud infrastructure providers, and CRM platforms) may process personal data outside the territory of India.

10.2 Any transfer of personal data outside India by AOPL shall be in compliance with Section 16 of the DPDP Act, 2023, and shall be made only to countries permitted under the Central Government's notification under the DPDP Rules, 2025 ("whitelist countries"), or subject to appropriate contractual safeguards.

10.3 Where personal data is transferred to third-party service providers operating outside India, AOPL ensures such transfers are subject to contractual obligations requiring the recipient to maintain standards of data protection substantially equivalent to those required under the DPDP Act, 2023.

DPDP Rules 2025 — Cross-Border Transfer

The Government of India is in the process of notifying the list of countries to which personal data may be transferred ("whitelist"). Until such notification is issued, AOPL will implement standard contractual clauses and other appropriate safeguards for any transfer of personal data outside India. This Policy will be updated once the whitelist is notified.

11Data Retention

11.1 AOPL retains personal data only for as long as is necessary to fulfil the purposes for which it was collected, or as required or permitted by applicable law. The following specific retention periods apply:

Category of Data	Retention Period	Basis
Contact form / enquiry data	3 years	Business record; potential engagement
Pre-contractual negotiation data	3 years	Legal obligation / limitation period
Executed contract records	8 years	Indian law (Companies Act; Limitation Act)
Tax and financial records	8 years	Income Tax Act, GST Act obligations
Website analytics data	26 months	Google Analytics default; AOPL policy
Marketing consent records	Until consent is withdrawn + 1 year (for audit)	DPDP Act consent accountability
Grievance / complaint records	7 years	DPDP Rules 2025; Limitation Act

11.2 Upon expiry of the applicable retention period, personal data shall be securely deleted, anonymised, or irreversibly destroyed in accordance with AOPL's data disposal procedures, unless further retention is required by applicable law.

12Security Safeguards

12.1 AOPL implements technical, administrative, and organisational security measures reasonably appropriate to the nature of the personal data processed and the risks involved, in accordance with Section 8(5) of the DPDP Act, 2023 and Rule 5(9) of the IT (SPDI) Rules, 2011. These measures include:

Encryption: TLS/HTTPS encryption for all data transmitted between your browser and the Website; AES-256 encryption for data at rest where applicable;
Access Controls: Role-based access controls limiting access to personal data to authorised personnel on a need-to-know basis;
Password policies: Mandatory strong passwords and multi-factor authentication for systems holding personal data;
Pseudonymisation: Where feasible, personal identifiers are separated from analytical and operational data;
Security audits: Periodic technical security assessments and vulnerability scans of the Website and associated infrastructure;
Vendor due diligence: Data Processors are assessed for security compliance before engagement and are contractually required to maintain appropriate security standards;
Incident response: AOPL maintains an internal data breach response procedure.

12.2 Notwithstanding the above, no internet-based transmission or electronic storage system can be guaranteed to be 100% secure. While AOPL takes all reasonable precautions, it cannot guarantee absolute security of data transmitted to the Website.

13Your Rights as Data Principal

13.1 As a Data Principal under the DPDP Act, 2023, you have the following rights in respect of your personal data processed by AOPL:

Right to Information (Section 11)You have the right to obtain confirmation of whether AOPL processes your personal data, access a summary of such data, the identities of Data Processors engaged, and information about your rights.

Right to Correction & Completion (Section 12)You may request correction of inaccurate or incomplete personal data held by AOPL, ensuring records are updated to reflect true and complete information.

Right to Erasure (Section 12)You may request deletion of your personal data where it is no longer necessary for the purposes for which it was collected, subject to AOPL's legal obligations to retain certain records.

Right to Grievance Redressal (Section 13)You have the right to have any grievance in respect of AOPL's processing of your data addressed by our Grievance Officer within 30 days, and to escalate unresolved grievances to the Data Protection Board of India.

Right to Nominate (Section 14)You may nominate a person who shall, in the event of your death or incapacity, exercise your data protection rights under the DPDP Act on your behalf.

Right to Withdraw Consent (Section 6(4))Where processing is based on consent, you may withdraw it at any time, with effect going forward. Withdrawal does not affect the lawfulness of processing prior to withdrawal. See Section 14.

13.2 How to exercise your rights: To exercise any of the above rights, please submit a written request to the Grievance Officer at the contact details in Section 18. AOPL will respond within 30 days of receipt of your request. AOPL may request verification of your identity before processing your request to prevent fraudulent access.

13.3 Where a request for erasure conflicts with AOPL's statutory obligation to retain records (e.g., tax, corporate, or legal records), AOPL will retain the minimum data necessary for compliance and inform you accordingly.

14Withdrawal of Consent

14.1 Where AOPL processes your personal data based on your consent (e.g., for marketing communications), you have the right to withdraw that consent at any time by:

Clicking the "Unsubscribe" link in any marketing email received from AOPL;
Emailing AOPL at legal@aopl.tech with the subject line "Withdraw Marketing Consent";
Writing to the Grievance Officer at the address in Section 18.

14.2 Upon receipt of a valid withdrawal request, AOPL shall cease processing your personal data for marketing purposes within a reasonable period and in any event within 30 days.

14.3 Withdrawal of consent does not affect: (a) the lawfulness of any processing based on consent before the withdrawal; or (b) processing carried out on another legal basis (such as contractual necessity or legal obligation).

14.4 The ease of withdrawing consent shall be at least as easy as the process of giving consent, as required under Section 6(4) of the DPDP Act, 2023.

15Children's Privacy

15.1 The Website is directed exclusively at business professionals and is not intended for use by persons under the age of 18 years ("children" under Section 9 of the DPDP Act, 2023).

15.2 AOPL does not knowingly collect, process, or store personal data of children without verifiable parental consent. If AOPL becomes aware that personal data of a child has been collected without verifiable parental or guardian consent, it will take immediate steps to delete such data.

15.3 AOPL does not undertake behavioural monitoring or targeted advertising in respect of children, in compliance with Section 9(3) of the DPDP Act, 2023.

15.4 If you believe that AOPL has inadvertently collected personal data of a child, please notify the Grievance Officer immediately at the contact details in Section 18.

16Data Breach Notification

16.1 In the event of a personal data breach that poses a risk to the rights and interests of Data Principals, AOPL will:

Promptly notify the Data Protection Board of India in accordance with Section 8(6) of the DPDP Act and the DPDP Rules, with a preliminary report within 72 hours of becoming aware of the breach;
Notify all affected Data Principals without undue delay, providing details of the nature of the breach, the categories of data affected, likely consequences, and mitigation measures taken;
Maintain an internal record of the breach, its cause, its consequences, and the remedial action taken.

16.2 Notification to you will be provided through the email address you have provided to AOPL, or through a prominent notice on the Website where individual notification is not reasonably practicable.

17Changes to This Privacy Policy

17.1 AOPL reserves the right to update or revise this Privacy Policy at any time to reflect changes in our data practices, the introduction of new Services, or amendments to applicable Indian law.

17.2 Any revisions will be posted on this page with an updated "Last Updated" date. For material changes that significantly affect your rights or our processing of your personal data, AOPL will:

Display a prominent notice on the Website homepage for not less than 7 (seven) days; and/or
Send a notification to the email address you have provided, where you have an active relationship with AOPL.

17.3 Your continued use of the Website after the effective date of any revised Policy constitutes your acknowledgment of the changes. If you do not accept the revised Policy, please discontinue use of the Website and request deletion of your data by contacting the Grievance Officer.

17.4 We recommend reviewing this Policy periodically to stay informed of how AOPL protects your data.

18Grievance Officer

Mandatory Appointment under IT Act 2000, SPDI Rules 2011 & DPDP Rules 2025

In compliance with Rule 5(9) of the IT (Reasonable Security Practices) Rules, 2011, and the DPDP Rules, 2025, AOPL has designated a Grievance Officer to address all data privacy concerns, complaints, and rights requests from Data Principals. The Grievance Officer is a resident of India as required by law.

Name	M. Priya
Designation	Chief Compliance Officer
Company	Asset Online Private Limited
Email	legal@aopl.tech
Postal Address	Asset Online Private Limited, 355, Balaji Arcade, 5th Main, HSR Layout, Sector 6, Bengaluru, Karnataka 560102, INDIA
Working Hours	Monday to Friday, 9:00 AM to 6:00 PM IST (excluding public holidays)
Acknowledgment	Within 72 hours of receipt
Resolution	Within 30 (thirty) days of receipt, or such shorter period as prescribed

If you are not satisfied with the resolution provided by the Grievance Officer within the prescribed period, you have the right to escalate your complaint to the Data Protection Board of India once operational, as provided under Section 13(3) of the DPDP Act, 2023.

19Contact & Supervisory Authority

General Privacy Enquiries

For general enquiries about this Privacy Policy or AOPL's data practices (other than formal grievances), contact:

Email	legal@aopl.tech
Website	https://aopl.tech
Address	Asset Online Private Limited, 355, Balaji Arcade, 5th Main, HSR Layout, Sector 6, Bengaluru, Karnataka 560102, INDIA

Supervisory Authority

If you believe AOPL has not adequately addressed your data protection concerns, you may lodge a complaint with India's data protection supervisory authority:

Data Protection Board of India — once fully operational (currently being constituted under the DPDP Act, 2023)
Ministry of Electronics and Information Technology (MeitY), Government of India, for interim matters
For IT Act matters: the Adjudicating Officer appointed under Section 46 of the IT Act, 2000

Read Together With Terms & Conditions

This Privacy Policy forms part of the legal framework governing your use of aopl.tech and should be read in conjunction with the Terms & Conditions.