Agratas Logo DarkAgratas Logo Light
HOMEABOUT USIMPACTINNOVATIONCAREERSNEWSCONTACT

Privacy Policy

Effective date: July 2025

What is the purpose of this document?

Agratas (defined below) respects your privacy and is committed to protecting your personal data. This Privacy Notice informs you about how we use and look after your personal data, including any data you may provide through this website, or when you request information about other products or services. This notice also informs you about your privacy rights and how the law protects you. This notice does not apply to information that you provide to, or that is collected by, any third-party or through third-party sites you access or use in connection with Agratas services. Please read this Privacy Notice carefully prior to accessing any material, information or availing any services from Agratas.

Agratas Energy Storage Solutions Private Limited (Agratas Limited’s parent company), Agratas Limited and Agratas LLC (each referred to in this document as “Agratas”, “we” or “us”) are each a “controller” in relation to personal data when they “process” your personal data, for example when they collect, use, share or store it. This means that when each of these companies is the controller of your personal data it is responsible for deciding how it holds and uses personal information about you, which is information which relates to you where you are identified or identifiable. We are committed to protecting and responsibly handling your information and have produced this Notice to provide you with information regarding Agratas practices when handling your information and to explain how we collect, use, share and keep your information secure.

The contact details of each of these companies is included at the end of this Privacy Notice.  

Scope

This notice applies to all Agratas website visitors, operating units, wholly owned subsidiaries worldwide, employees, contractors and third parties processing personal data. It covers personal data processed both within India (DPDPA), the UK (UK GDPR) and USA (CPRA). 

In-Scope Data Privacy Laws based on where Agratas operates and where you reside:

  • If you reside in India, then DPDPA-2023 will be applicable to you:  The Digital Personal Data Protection Act, 2023 (also known as DPDP Act or DPDPA-2023) is an act of the Parliament of India to provide for the processing of digital personal data in a manner that recognises both the right of individuals to protect their personal data and the need to process such personal data for lawful purposes
  • If you reside in the United Kingdom, then UK GDPR will be applicable to you: The UK GDPR refers to the General Data Protection Regulation as it applies in the United Kingdom. The regulation became effective in the UK in May 2018, when it was aligned with the EU GDPR (General Data Protection Regulation (EU) 2016/679), which was enacted across the European Union. Following the UK's exit from the European Union, the UK GDPR was introduced on the 1st of January 2021, reflecting the UK's status outside of the EU, while maintaining the core principles, rights, and obligations for processing personal data. This regulation sits alongside the Data Protection Act 2018.
  • If you reside in the state of California, USA, then CPRA will be applicable to you: The California Privacy Rights Act of 2020 (CPRA), also known as Proposition 24, is a California ballot proposition that was approved by a majority of voters after appearing on the ballot for the general election on November 3, 2020. This proposition expands California's consumer privacy law and builds upon the California Consumer Privacy Act (CCPA) of 2018, which established a foundation for consumer privacy regulations.  

Data privacy laws other than the ones mentioned above are applicable based on where you reside. 

Definitions

  • Data Subject: The individual to whom the personal data relates. 

  • EEA: European Economic Area 

  • Personal Data: Any data about an individual who is directly or indirectly identifiable. 

  • Controller: The organization determining the purpose and means of processing personal data. 

  • Processor: The organization that processes personal data on behalf of the Data Controller. 

  • Processing: Any operation or set of operations which is performed on Personal Data using any electronic means, including Processing and other means. This process includes collection, storage, recording, organization, adaptation, alteration, circulation, modification, retrieval, exchange, sharing, use, or classification or disclosure of Personal Data by transmission, dissemination or distribution, or otherwise making it available, or aligning, combining, restricting, blocking, erasing or destroying Personal Data or creating models therefor. 

  • Profiling: Any form of Automated Processing of Personal Data consisting of the use of Personal Data to evaluate certain personal aspects relating to a Data Subject, to analyse or predict aspects concerning that Data Subject’s performance [at work], economic situation, health, personal preferences, interests, behaviour, location, movements, or reliability. 

  • Retention: Within the information life cycle, the concept that organizations should retain personal information only as long as necessary to fulfil the stated purpose. 

  • Transfer: The movement of personal data from one organization to another. 

Data protection principles

We are committed to complying with data protection principles to ensure the responsible handling of your data. This means your data will be processed in accordance with the following key principles: 

  • Lawfulness, Fairness, and Transparency – Your data will be collected and processed in a lawful, fair, and transparent manner. 

  • Purpose Limitation – Your data will only be used for specified, explicit, and legitimate purposes. 

  • Data Minimisation – Only the data necessary for the intended purpose will be collected and processed. 

  • Accuracy – We will take reasonable steps to ensure your data is accurate and up to date. 

  • Storage Limitation – Your data will not be kept longer than necessary and will be securely disposed of when no longer needed. 

  • Integrity and Confidentiality (Security) – Appropriate security measures will be in place to protect your data from unauthorized access, loss, or damage. 

  • Accountability – We will take responsibility for ensuring compliance with these principles and demonstrating our commitment to data protection. 

The kinds of Personal Data we collect

The personal data collected will include the following: 

  • Personal Identification information: name, title.  

  • Contact details:  address, telephone number, mobile telephone number, email address.  

  • Recruitment related information: job title, company, CV, proof of right to work, educational background, professional qualifications, skills and employment application.  

  • Preferences: We collect what Agratas services you are interested in and the sectors that you wish to be updated on through our preference centre.  

  • Images and video footage: Images and footage are collected from our use of CCTV and similar technologies at our offices and/ or sites. Footage may also be collected via drones, body worn cameras, headcams, and webcams when you visit one of our sites. In some instances, this will include audio footage.  

  • Any other type of personal data, with your prior consent. 

We also do not voluntarily or actively collect, use, or disclose personal data of minors according to the minimum age equivalent in the relevant jurisdiction, without the prior consent of the parents or legal guardians of the minor. If we learn that we have collected the personal data of a minor, without first receiving a verifiable parental consent, we will take steps to delete the information in a manner consistent with applicable data protection laws, as soon as possible. 

Non-personal information

We will also collect and hold non-personal data we collect about you from other sources. This could include: 

  • Technical information, including the Internet protocol (IP) address used to connect your computer to the Internet, your login information, browser type and version, time zone setting, browser plug-in types and versions, operating system, and platform; 

  • Information about your visit, including the full Uniform Resource Locators (URL) clickstream to, through and from our site (including date and time); products you viewed or searched for; page response times, download errors, length of visits to certain pages, page interaction information (such as scrolling, clicks, and mouse-overs), and methods used to browse away from the page and any phone number used to call our customer service number. usage details, geo-location data, IP addresses and other data collected through cookies and other tracking technologies. 

  • Automated decision-making 

If you apply with a role with us we will, as part of our recruitment process, carry out some automated decision making (including profiling) using your information. This activity enables us to effectively identify candidates.  

  1. who do not meet set criteria critical for a specific role?  

  1. where there is extremely high volume of applications which require an immediate response. The consequences of automated decision making within the recruitment process is that you will not be able to continue to the next stage of the selection process. 

How we collect your personal data

We may obtain information from you directly. Information you send to us may be stored and processed by Agratas. This will include any emails or other electronic messages, and any documents, photos or other files stored on or processed through our systems or devices. Please be aware that by entering information onto these systems you are sharing that information with Agratas.  

We may collect information throughout our relationship with you. This may include information about location, employees, projects, working hours and other relevant information. If you do not provide personal data that we request, it may mean that we are unable to provide you with the services and/or perform all our obligations under our agreement with you.  

We retain this information as necessary to resolve disputes, provide customer support, respond to queries, and inquires, and troubleshoot problems and improve the services we provide you. If you send us correspondence, such as emails or letters, or if other users or third parties send us correspondence about your activities on Agratas website or platform, we may collect and retain such information into a file specific to you for responding to your request and addressing concerns in relation to your use of Agratas website or platform. 

The purposes for which we collect your personal data

Most of the personal data we process is for one of the following reasons: 

  • To fulfil a contract we have with you, or 

  • If we have a legal duty to use your data for a particular reason, or 

  • When we get your consent to use it.  

We use the personal data provided by you for our general business use as provided below: 

  • To communicate with you about job or career opportunities about which you have inquired. 

  • Assessing your suitability for employment. 

  • Communicating with you about the recruitment process. 

  • Resolving any query related to your employment or recruitment. 

  • Verifying information provided by you. 

  • Carrying out referral/background checks. 

  • Complying with legal or regulatory requirements. 

  • Improving our recruitment process. 

  • To ensure that our site and our services function in an effective manner for you. 

  • To investigate potential breaches, or to protect the rights, property, or safety of Agratas and the users of our website. 

  • Legal obligations: We may be required to use and retain personal data/information for legal and compliance reasons, such as the prevention, detection, or investigation of a crime; loss prevention; or fraud. We may also use personal data/information to meet our internal and external audit requirements, information security purposes, and as we otherwise believe to be necessary or appropriate; under applicable law, which may include laws outside your country of residence. 

  • To respond to requests from courts, law enforcement agencies, regulatory agencies, and other public and government authorities, which may include such authorities outside your country of residence. 

  • To enforce and inform about our terms and condition. 

  • For any other purpose after obtaining your explicit consent at the time of collection. 

  • We take consent before processing your personal data for recruitment purpose. 

  • We process your post recruitment data for legitimate purposes including but not limited to:

    • for fulfilling any obligation under any law for the time being in force in India/European Union on any person to disclose any information to the State or any of its instrumentalities, subject to such processing being in accordance with the provisions regarding disclosure of such information in any other law for the time being in force.

    • for the purposes of employment or those related to safeguarding the employer from loss or liability, such as prevention of corporate espionage, maintenance of confidentiality of trade secrets, intellectual property, classified information or provision of any service or benefit sought by a Data Subject. 

    • Processing is necessary to protect someone’s life or vital interests. This typically applies in emergency situations where data needs to be processed to save a life.

    • Processing is necessary for performing a task carried out in the public interest or in the exercise of official authority vested in the controller. This often relates to government functions or services.

In rare instances, we may need to process your data to protect your vital interests or those of another person, such as in cases of emergency.

We ensure that we have a valid legal basis for processing your data and that your rights are protected throughout our processing activities. If you have any questions about the legal grounds on which we process your data, you may reach out to us using the information provided below in the Contact Us section of this Policy. 

Why might we share your personal information with third parties?

For the purposes set out in the ‘The purpose for which we collect your Personal Data’ section above, subject to your consent, we may share your personal information with our third-party providers: 

These may include for example: 

  • those we engage to host and maintain the website and IT systems. 

  • during our recruitment process, Agratas may engage with third-party service providers and partners to facilitate various aspects of our hiring procedures.  

  • analytics and search engine service providers that assist us in the improvement and optimisation of this website. 

  • legal advisers. 

  • those who assist us with or partner with us in marketing campaigns. 

  • our clients. 

  • our suppliers and sub-contractors, the suppliers and subcontractors of our clients where required. 

  • other companies in the Agratas group. 

Additionally, we will disclose your personal information to the relevant third party: 

  • To third parties when it is necessary for the establishment, exercise, or defence of legal claims.  

  • If we choose to exercise a legal power to do so.  

  • If we are under a duty to disclose or share your personal data to comply with any legal obligation, or to enforce or apply contractual terms or other agreements; or to protect the rights, property, or safety of ourselves our customers, our regulator, or others. This includes exchanging information with other companies and organisations for the purposes of fraud protection and prevention of money laundering and credit risk reduction. 

All our third-party service providers and other entities in the group are required to take appropriate security measures to protect your personal information in line with our policies. We do not allow our third-party service providers to use your personal data for their own purposes. We only permit them to process your personal data for specified purposes and in accordance with our instructions. 

Data security

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered, or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality.  

We have put in place reasonable procedures to deal with any suspected data security breach, however, please note that we cannot ensure or warrant the security of any information you transmit to Agratas or guarantee that your personal data may not be accessed, disclosed, altered, or destroyed by a breach of any of our security measures and safeguards. In the event of any actual or suspected security incident, including data breach, we will take all measures required to be undertaken under applicable laws and will notify you and any applicable regulator of a suspected breach where we are legally required to do so.  

You hereby agree to, so long as you access and/or use Agratas’ website or platform (directly or indirectly), to take adequate physical, managerial, and technical safeguards, at your end, to preserve the integrity and security of your data which shall include and not be limited to your personal data. 

International Transfers

Agratas may transfer your personal data to a jurisdiction different from the one in which you reside, in accordance with applicable laws (especially for recruitment). Agratas will ensure that any international transfer of your personal data is conducted through appropriate legal mechanisms and will not be made to any restricted country.  

Third party links

Our websites may include links to third-party websites, plug-ins, and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites, are not responsible for their privacy statements or their security practices or their content. When you leave our website, we encourage you to read the privacy notice of every website you visit. 

How long will you use my information for?

We will only retain your personal data for as long as reasonably necessary to fulfil the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements. We may retain your personal data for a longer period in the event of a complaint or if we believe there is a prospect of litigation in respect to our relationship with you.  

To determine the appropriate retention period for personal data, we consider your consent to this Privacy Notice or its withdrawal thereof, the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements. 

Your rights in connection with personal information

The following are the rights of Data Subjects:  

Right to be informed: the right to be informed about the collection and use of your personal data. This includes information about the purposes for processing your data, the retention periods for that data, and who it will be shared with.   

Right to access: the right to request copies of the Personal Data we hold about you at any time, or that we modify, update, or delete such data. This access includes access to information about the processing, such as purpose, categories of data and recipients, duration of the processing, data subjects’ rights and appropriate safeguards in case of third country transfers.  

Right to rectification: the right to have your Personal Data rectified if it is inaccurate or incomplete. Depending upon the nature of the request, you may be able to update certain sets of personal data on your own. 

Right to erase: the right to request that we delete or remove your Personal Data from our systems. (Requests will be rejected if it contradicts with the Data Retention Policy at Agratas) 

Right to withdraw consent: the right to withdraw previously given consent to process your Personal Data. 

Right to complain to supervisory authorities: If the data subject wish to make a complaint or are unhappy with the way we process your personal data, you have the right to complain to the appropriate supervisory authority of your jurisdiction. However, we would suggest to first utilize our grievance redressal mechanism or write to the Data Protection Officer before reaching out to the supervisory authorities. 

If you reside in India, you have certain additional rights. The same has been listed below: 

Right to nominate another person: the right to nominate any individual to act on your behalf in case of your death or incapacity to exercise applicable rights. 

Right to Grievance Redressalthe right to recourse to a mechanism to address any grievances relating to data processing. 

If you reside in UK/EEA region you have certain additional rights. The same have been listed below: 

Right to restrict our use of your Personal Data: the right to limit the way in which we can use or process your Personal Data. 

Right to data portability: the right to request that we move, copy, or transfer your Personal Data to another data controller in a machine-readable format. 

Right to object: the right to object to our use or processing of your Personal Data including where we use it for our legitimate interests. 

Rights in relation to automated decision making and profiling. 

If you reside in the US region you have certain additional rights. The same have been listed below: 

Right to opt-out of sale or sharing of personal data: the right to opt-out or object to the sharing of personal data, if it is being shared to any third party. 

If you want to exercise any right mentioned herein above, you may contact us and we will endeavour to address all your requests at the earliest. 

To raise a request, complete a DPO request on our contact us form.

Grievance Redressal

If you have any concerns or grievances about our use of your personal data you may make a complaint to our grievance redressal officer whose contact details have been provided below:  

Complete a DPO request on our contact us form

Alternatively, write to us:

Address: Agratas Energy Solutions Private Limited, Army & Navy Building, 148 M G Road, Opposite Kala Ghoda Fort, Mumbai, Maharashtra, India, 400001  

If you are unhappy with our handling of your personal data, you have the right to lodge a complaint with the Data Protection Board of India in the manner prescribed under applicable Indian laws.  

Similarly, if you are based in the United Kingdom, you can raise a complaint with the UK Information Commissioner's Office (ICO) under the UK GDPR. 

For individuals covered under the California Privacy Rights Act (CPRA), complaints can be submitted to the California Privacy Protection Agency (CPPA) in accordance with applicable regulations. 

Your Consent

If you are a data subject under the mentioned data privacy laws, you agree that by continuing to access the website you have read, understood, and agree to our Terms of Use and Privacy Notice. Further, you also undertake that you have understood our data processing practices and hereby provide your free, specific, informed, unconditional and unambiguous consent to the same. 

Contact Us

To ask questions about this Privacy Notice and our privacy practices, or if you need to update, change, or remove your personal data, or exercise any other rights, including contacting the Data Protection Officer to address any discrepancies or grievances relating to the processing of your personal data, please reach out to us. If you are unhappy with our handling of your personal data, you also have the right to lodge a complaint with the relevant data protection authority.  

To raise a request, complete a DPO request on our contact us form.

Alternatively, write to us:

India Address: Agratas Energy Solutions Private Limited, Army & Navy Building, 148 M G Road, Opposite Kala Ghoda Fort, Mumbai, Maharashtra, India, 400001.  

UK Address: 18 Grosvenor Place, London, United Kingdom, SW1X 7HS. 

USA Address: 1209 Orange Street, Wilmington, New Castle County, Delaware 19801. (A copy to be sent to the Indian Address if anything is being sent to the USA Address as the DPO is based out of India.

Changes to this Notice

This Privacy Notice will be reviewed on an annual basis and updated as required. Whenever significant changes are made, we will aim to issue a notification with a link to the new updated version.