Geographical Applicability

This Policy applies to the processing of Personal Data:

• Within the territory of India, in accordance with the Digital Personal Data Protection Act, 2023 ("DPDP Act");
• Outside India, where such processing relates to the offering of services to individuals or monitoring of behaviour through the Website, in accordance with the applicable global data protection laws, including the General Data Protection Regulation ("GDPR"), where applicable.

Third Party Websites and External Links

The Website may contain links to third-party websites, services, or applications that are not owned or controlled by Larsen & Toubro Vyoma.

This Policy applies solely to the Personal Data collected and processed by Vyoma through the Website. It does not apply to third-party platforms or services. Vyoma is not responsible for the privacy practices, content, or policies of such third-party websites.

Users are advised to review the privacy policies of such third-party websites before providing any Personal Data or interacting with them.

Data Fiduciary Role

This Policy applies solely to Personal Data processed by Vyoma in its capacity as a Data Fiduciary. Where Vyoma may process Personal Data on behalf of its customers in the capacity of a Data Processor (for example, in connection with data center, cloud or managed services), such processing is governed by the applicable contractual arrangements, including data processing agreements executed with such customers, and is outside the scope of this Policy.

Limitation of Applicability

This Policy does not apply to:

• Personal Data processed in offline contexts or through channels not related to the Website;
• Personal Data processed by Vyoma on behalf of its customers as part of its infrastructure, cloud, or managed service offerings; and
• Processing activities governed by separate privacy notices or contractual agreements.

Personal Data Provided Directly by You

We collect Personal Data that you voluntarily provide when you interact with us through the Website, including when you submit enquiries or communicate with us.

• First Name and Last Name;
• Email address;
• Phone number;
• Organization / company name;
• Designation or job title;
• Location (city, country);
• Enquiry type or subject of request;
• Message or content of the communication; and
• Any additional information you choose to provide in correspondence or submissions.

Technical and Usage Data (Automatically Collected)

When you access or use the Website, certain technical information is automatically collected through your device, browser, or system. ("Technical and Usage Data")

This may include:

• Internet Protocol (IP) address;
• Device type (mobile, desktop, tablet);
• Browser type and version;
• Operating system;
• Date and time of access;
• Pages visited and navigation paths within the Website;
• Session duration and time spent on pages;
• Referring source (eg, organic search, paid campaigns, social media, direct access); and
• Approximate geographical location (derived from IP address).

Analytics and Tracking Data

We use analytics and performance monitoring tools to better understand how users interact with the Website and to improve its functionality and performance.

Currently, this includes:

• Google Analytics (GA4) - used to analyse usage patterns, user journeys, and Website performance; and
• Google Search Console - used for monitoring Website visibility and performance in search engines.

Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information about your interactions with the Website.

This may include:

• Session related information;
• User preferences and settings;
• Website usage analytics; and
• Performance and diagnostic information.

Communication and Interaction Data

We may collect and retain records of communications when you interact with us through the Website, including:

• Emails and correspondence;
• Customer support queries;
• Feedback, complaints, or requests; and
• Records of interactions submitted via online forms.

Data Collected from Third-Party Sources

In limited cases, we may receive limited Personal Data from third-party sources, such as:

• Business partners or service providers;
• Publicly available professional platforms (e.g., business directories); and
• Analytics providers.

Security and Infrastructure Data

To maintain the security and integrity of our Website and supporting infrastructure, we may collect certain Technical and Usage Data, including:

• Network activity logs;
• System access and usage logs; and
• Security monitoring and threat detection data.

Sensitive Personal Data

Vyoma does not intentionally collect sensitive Personal Data through the Website (such as financial information, health data, biometric data, or government-issued identification numbers), unless specifically required and permitted under the applicable law.

Users are advised not to submit sensitive Personal Data through the Website unless expressly requested.

Responding to Enquiries and Requests

We process Personal Data submitted through contact forms or communication channels to:

• Respond to your queries, requests, or feedback;
• Provide information about our services, offerings, and solutions; and
• Communicate with you regarding your enquiries.

Providing Website Functionality and User Experience

We process Technical and Usage Data to:

• Enable and maintain the operation of the Website;
• Ensure content is presented effectively across devices and platforms; and
• Improve navigation, usability, and performance.

Website Analytics and Improvement

We process technical and usage data through analytics tools (such as Google Analytics and performance monitoring tools) to:

• Understand how uses interact with the Website;
• Analyse traffic patterns and user behaviour;
• Monitor Website performance and trends; and
• Improve Website content, structure, and overall user experience.

Security, Monitoring, and Fraud Prevention

We process personal and Technical Data to:

• Detect, prevent, and investigate unauthorized access, misuse or potential security threats;
• Monitor the integrity and security of the Website and underlying systems; and
• Ensure the security and integrity of our systems and services.

Compliance with Legal and Regulatory Obligations

We may process Personal Data to:

• Comply with the applicable laws, regulations, and regulatory requirements;
• Respond to lawful requests from governmental or regulatory authorities; and
• Exercise or defend legal claims.

Business Communication and Marketing

Where permitted under the applicable law subject to user preferences, we may process Personal Data to:

• Share updates regarding our services, offerings, or industry insights; and
• Inform you about events, offerings, or industry insights.

Retargeting and Advertising (Where Applicable)

We may use analytics and advertising platforms (such as Google Ads or LinkedIn) to run retargeting or remarketing campaigns, subject to the applicable consent requirements.

This may involve tracking Website interactions to deliver relevant content or advertisements. Such processing is carried out only where permitted under the applicable law and, where required, on the basis of user consent.

Managing Business Relationships

We may process Personal Data to:

• Maintain and manage interactions with prospective customers, partners, or stakeholders; and
• Facilitate business engagement and relationship management.

Consent

We process Personal Data based on your consent where you voluntarily provide such data through the Website, including:

• Submission of contact or enquiry forms; and
• Acceptance of cookies and tracking technologies (where applicable).

Legitimate Uses under the Applicable Law

We may process certain Personal Data without explicit consent where such processing is necessary for legitimate uses as permitted under the applicable law, including:

• Ensuring the security and integrity of the Website and systems;
• Detecting and preventing fraud, unauthorized access, or misuse;
• Maintaining and improving Website functionality and performance; and
• Responding to user-initiated communications or requests.

Performance of Pre-Contractual or Contractual Measures

We may process Personal Data where necessary to:

• Respond to enquiries relating to our services;
• Facilitate potential business engagements; and
• Provide information requested by users prior to entering into a business relationship.

Compliance with Legal Obligations

We may process Personal Data where necessary to:

• Comply with the applicable legal or regulatory requirements;
• Respond to lawful requests from government or regulatory authorities; and
• Exercise or defend legal claims.

Types of Cookies Used

We use the following categories of cookies on our Website:

• Functional cookies - used to remember user interactions such as form submissions and prevent repeated prompts; and
• Media/embedded content cookies - set by third-party services (such as YouTube) to enable video playback and store user preferences.

Use of Cookies

• Remember user interactions with forms and Website features;
• Enable playback of embedded media (e.g., YouTube videos);
• Understand how users interact with the Website (once analytics tools are implemented);
• Deliver relevant content or advertisements (once marketing tools are implemented);
• Maintain the security and proper functioning of the Website; and

Consent and Control

Where required under the applicable law, cookies (other than those necessary for Website functionality) will be deployed only with your consent.

Analytics and marketing cookies are not currently active and will be implemented in the future. When implemented, such cookies will be deployed only after obtaining your consent through the cookie consent mechanism available on the Website.

You may manage your cookie preferences through:

• The cookie banner displayed on the Website; and
• Your browser settings, which allow you to block or delete cookies.

Third-Party Cookies

Some cookies used on the Website are set by third-party providers (such as Google/YouTube). These third parties may process data in accordance with their own privacy policies, and Vyoma does not control their processing practices.

Future Use of Tracking Technologies

Larsen and Toubro Vyoma may implement additional tracking technologies, including advertising or retargeting tools, to enhance Website functionality or deliver relevant content, subject to the applicable legal requirements.

Details of such technologies will be updated in this Policy and/or the Cookie Policy once implemented.

Further Information

For detailed information on the cookies used on the Website, including specific cookie names, duration, and purposes, please refer to our Cookie Policy.

Group Companies and Internal Functions

Personal Data may be shared with Larsen & Toubro Limited, its group companies, and internal corporate functions (including corporate IT teams) for purposes such as Website administration, system maintenance, security monitoring, and internal business operations.

Service Providers and Vendors

We may share Personal Data with third-party service providers who support the operation of the Website and our business functions, including:

• Analytics providers such as Google Analytics (GA4);
• Website performance and monitoring tools such as Google Search Console;
• Website hosting and infrastructure providers supporting the Website environment; and
• Other technology or service providers engaged for Website functionality and support.

Advertising and Marketing Platforms (Where Applicable)

Where applicable and subject to user consent, Personal Data may be shared with advertising and marketing platforms (such as Google Ads or LinkedIn) for the purpose of running campaigns, including retargeting or remarketing activities.

Such processing is carried out in accordance with the applicable legal requirements and only where permitted.

Legal and Regulatory Authorities

We may disclose Personal Data where required to:

• Comply with the applicable laws, regulations, or legal processes;
• Respond to lawful requests from government authorities; and
• Protect our legal rights, property, or safety, or that of others.

Business Transfers

In the event of a merger, acquisition, restructuring, or sale of assets or sale of business unit, Personal Data may be transferred as part of such transaction, subject to appropriate safeguards.

Professional Advisors

Personal Data is shared only on a need-to-know basis and subject to appropriate contractual, technical, and organizational safeguards to ensure its protection in accordance with the applicable data protection laws.

We may share Personal Data with professional advisors such as legal, financial, or audit consultants only where necessary for compliance, risk management, or business purposes.

Vyoma does not sell Personal Data collected through the Website to third parties.

Security Limitations

While we take responsible and appropriate measures to protect Personal Data, no method of transmission over the internet or method of electronic storage is completely secure. Users are encouraged to exercise appropriate caution when sharing information online.

Exercising Your Rights

You may exercise your rights by contacting us using the details provided in the Contact Information section of this Policy.

We will respond to your request in accordance with the applicable legal requirements.

Certain rights may be subject to limitations or conditions under the applicable laws. Vyoma may retain certain information where required to comply with legal obligations or for legitimate business purposes.

Grievance Redressal

In accordance with the requirements of the DPDP Act, Vyoma has appointed a Data Protection Officer to address concerns relating to the processing of Personal Data.

Data Protection Officer: Deepak Varatharajan

Email: dpo@larsentoubro.com