Data Protection
How we safeguard your personal and project data.
Last Updated: May 20, 2026 | Effective Date: May 20, 2026
1. Our Approach to Data Protection
Raddy Pvt Ltd handles sensitive information as part of our business — client contact details, project specifications, site locations, financial information, and architectural designs. We take the responsibility of protecting this information seriously.
This page explains the specific measures we have in place to protect your data. It supplements our Privacy Policy, which covers what data we collect and why.
2. Legal Framework
Our data protection practices are guided by:
- The Digital Personal Data Protection Act, 2023 (DPDPA): India's primary data protection legislation. We are preparing for full compliance as the rules are notified and come into effect.
- Information Technology Act, 2000: Including the IT (Reasonable Security Practices and Procedures) Rules, 2011, which currently govern data protection for Indian companies.
- Contractual obligations: Many of our clients (particularly government bodies and large corporations) have specific data protection requirements in their contracts, which we comply with.
3. Data We Protect
The types of data we handle and protect include:
- Personal data: Names, phone numbers, email addresses of clients and contacts
- Financial data: Payment records, bank details, invoices
- Project data: Site locations, architectural drawings, structural designs, specifications
- Communication records: Emails, meeting notes, phone call records
- Employee data: Personal and employment information of our staff
4. Security Measures — Digital
For data stored or transmitted electronically:
- Encryption: Our website uses TLS 1.3 encryption. Sensitive files shared with clients are password-protected or sent via secure links.
- Access control: Staff access to client data is role-based. A site engineer can see project specifications but not financial records. An accountant can see payment data but not architectural drawings.
- Authentication: All internal systems require individual login credentials. Shared passwords are not permitted.
- Backups: Critical data is backed up daily to a secure off-site location. Backups are encrypted and tested quarterly for recoverability.
- Software updates: Our systems are kept up to date with security patches. We use reputable, commercially supported software.
- Email security: We use email filtering to protect against phishing and malware. Staff are trained to identify suspicious emails.
5. Security Measures — Physical
For data in physical form (printed documents, site plans, contracts):
- Stored in locked filing cabinets in our office
- Access restricted to authorized personnel
- Sensitive documents are shredded when no longer needed
- Visitor access to our office is logged and supervised
6. Staff Training
All employees who handle personal or sensitive data receive training on:
- What constitutes personal data and why it needs protection
- How to handle data securely (both digital and physical)
- How to recognize and report potential security incidents
- Their obligations under our data protection policies
This training is provided during onboarding and refreshed annually.
7. Incident Response
Despite our precautions, security incidents can occur. If we experience a data breach:
- We will contain the breach immediately upon discovery
- We will assess what data was affected and the potential impact
- If the breach poses a risk to your rights, we will notify you within 72 hours with details of what happened, what data was affected, and what steps we are taking
- We will report to relevant authorities as required by law
- We will take corrective action to prevent recurrence
8. Data Retention and Disposal
We do not keep data longer than necessary. When data reaches the end of its retention period (see our Privacy Policy for specific timeframes):
- Digital data is permanently deleted from all systems including backups (within the next backup cycle)
- Physical documents are cross-cut shredded
- We maintain a log of data disposal for audit purposes
9. Your Rights
Under Indian data protection law, you have the right to:
- Know: What personal data we hold about you and how we use it
- Correct: Request correction of inaccurate data
- Erase: Request deletion of your data (subject to legal retention requirements)
- Grievance: Raise a complaint if you believe your data has been mishandled
To exercise these rights, email info@raddy.site with the subject "Data Protection Request." We will verify your identity and respond within 30 days.
10. Third-Party Data Processors
We use a limited number of third-party services that process data on our behalf:
- Web hosting provider (for our website)
- Email service provider (for business communications)
- Cloud storage (for project file backup)
- Accounting software (for financial records)
All third-party processors are selected based on their security practices and are bound by data processing agreements that require them to protect your data to the same standard we do.
11. Contact
For data protection concerns, questions, or to exercise your rights:
Raddy Pvt Ltd — Data Protection
Olympia Tech Park, SIDCO Industrial Estate, Guindy
Chennai, Tamil Nadu - 600032
Email: info@raddy.site
Phone: +91 78 2250 2000