PRIVACY POLICY

Last Updated: March 5, 2025

1. INTRODUCTION

ESSWAY CYBER SECURITY SOLUTIONS PRIVATE LIMITED ("ESSWAY," "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy outlines our practices regarding the collection, use, disclosure, and protection of your information when you use our website, products, and services.

As a cybersecurity company operating primarily in India with expanding operations in Bangladesh, the Middle East (including Dubai, Abu Dhabi, Qatar, Saudi Arabia, and Iraq), and connections to the United States through our partnership with Way11 Cybersecurity, we comply with applicable data protection laws across these jurisdictions.

2. INFORMATION WE COLLECT

2.1 Personal Information

We may collect the following types of personal information:

  • Contact information (name, email address, phone number, company name, job title)
  • Account credentials for our services
  • Payment information
  • Communication preferences
  • Technical information about your devices and systems (for service delivery purposes)
  • Professional qualifications and certifications (for service customization)
  • Business relationship information

2.2 Technical Information

When you visit our website or use our services, we may automatically collect:

  • IP address and device information
  • Browser type and settings
  • Operating system information
  • Website usage data
  • Cookies and similar tracking technologies
  • Log files and service usage statistics
  • Network traffic information (as relevant to our security services)

2.3 Operational Technology (OT) Environment Data

When providing OT cybersecurity services, we may collect:

  • Network architecture information
  • System configurations
  • Security logs and alerts
  • Vulnerability assessment data
  • Asset inventory information
  • Control system specifications and performance data
  • Industrial protocol information

3. HOW WE USE YOUR INFORMATION

We use your information for the following purposes:

  • Providing and maintaining our cybersecurity services
  • Processing transactions and managing your account
  • Communicating with you about our services, updates, and security alerts
  • Improving our website and services
  • Conducting vulnerability assessments and security audits
  • Responding to incidents and providing technical support
  • Complying with legal obligations
  • Enhancing and developing our service offerings
  • Training our AI systems to identify new security threats (using anonymized data)
  • Analyzing industry trends and developing threat intelligence

4. DATA SHARING AND DISCLOSURE

We may share your information with:

  • Our affiliated companies (Esskay and Way11)
  • Service providers and technology partners who assist in delivering our services
  • Legal authorities when required by law or to protect our rights
  • Business partners with your consent
  • In connection with a business transaction (merger, acquisition, or sale)

We do not sell your personal information to third parties.

4.1 Third-Party Service Providers

We may engage the following types of third-party service providers who may access certain personal information to perform services on our behalf:

  • Cloud infrastructure providers
  • Security tool vendors
  • Analytics providers
  • Customer relationship management systems
  • Payment processors

All third-party providers are contractually obligated to use the information only for the purposes of providing services to us and in accordance with our instructions.

5. INTERNATIONAL DATA TRANSFERS

As a global company, your information may be transferred to and processed in countries outside of your country of residence, including India, the United States, and countries in the Middle East. We implement appropriate safeguards to protect your information during these transfers, including standard contractual clauses and other legally approved mechanisms.

For transfers to the United States from India and other countries, we implement additional measures to ensure an adequate level of protection in accordance with applicable law.

6. DATA SECURITY

We implement industry-standard technical, administrative, and physical security measures to protect your information, including:

  • Encryption of sensitive data
  • Access controls and authentication measures
  • Regular security assessments
  • Staff training on data protection
  • Incident response procedures
  • Network monitoring and intrusion detection systems
  • Regular penetration testing of our own systems
  • Secure development practices

6.1 Security Incident Response

In the event of a security breach affecting your personal information, we will:

  • Notify affected individuals in accordance with applicable law
  • Investigate the incident thoroughly
  • Take appropriate measures to mitigate harm
  • Implement corrective actions to prevent similar incidents

7. YOUR RIGHTS AND CHOICES

Depending on your location, you may have certain rights regarding your personal information, including:

  • Access to your personal information
  • Correction of inaccurate information
  • Deletion of your personal information
  • Restriction of processing
  • Data portability
  • Withdrawal of consent
  • Objection to processing

To exercise these rights, please contact us using the information provided in the "Contact Us" section.

7.1 Response Timeline

We will respond to your requests regarding your personal information within 30 days. In certain circumstances, we may extend this period if necessary, taking into account the complexity and number of requests.

8. DATA RETENTION

We retain your personal information for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. The criteria used to determine our retention periods include:

  • The duration of our business relationship with you
  • Legal obligations to retain data for certain periods
  • Relevant statutes of limitations
  • Ongoing or potential disputes
  • Industry best practices for security and compliance

9. CHILDREN'S PRIVACY

Our services are not directed to children under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us immediately.

10. COOKIES AND TRACKING TECHNOLOGIES

Our website uses cookies and similar technologies to enhance your experience, analyze usage, and assist in our marketing efforts. You can control cookies through your browser settings and other tools.

10.1 Types of Cookies We Use

  • Essential Cookies: Required for basic website functionality
  • Functional Cookies: Remember your preferences
  • Analytics Cookies: Help us understand how visitors interact with our website
  • Marketing Cookies: Used to deliver relevant advertisements

10.2 Cookie Management

You can manage your cookie preferences by:

  • Adjusting your browser settings
  • Using our cookie consent tool on our website
  • Contacting us directly

11. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes by posting the updated policy on our website with a revised "Last Updated" date.

For significant changes to this Privacy Policy, we will make reasonable efforts to notify you directly, such as through email if we have your contact information.

12. COMPLIANCE WITH SPECIFIC REGULATIONS

12.1 India's Data Protection Laws

We comply with applicable Indian laws, including the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

We are also preparing for compliance with India's Digital Personal Data Protection Act, 2023, which establishes comprehensive data protection requirements for organizations processing personal data in India.

12.2 International Compliance

We monitor and comply with applicable international data protection regulations in the regions where we operate, including but not limited to GDPR requirements for EU-related operations.

12.3 Industry-Specific Compliance

As a cybersecurity service provider, we maintain compliance with industry standards and frameworks including:

  • ISO 27001 Information Security Management
  • NIST Cybersecurity Framework

13. CONTACT US

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

ESSWAY CYBER SECURITY SOLUTIONS PRIVATE LIMITED

Email: privacy@essway.io

Address: 505 Platinum Square, Vashi, Navi Mumbai - 400705, Maharashtra, India

Phone: +91 22 4123 4567

For data protection inquiries specifically, you can contact our Data Protection Officer at dpo@essway.io.

14. DISPUTE RESOLUTION

If you have a complaint or dispute regarding our handling of your personal information, please contact us first at privacy@essway.io. We will work diligently to resolve your concerns.

If you are not satisfied with our response, you may have the right to lodge a complaint with the relevant data protection authority in your jurisdiction.

For disputes in India, legal proceedings shall be subject to the jurisdiction of the courts in Mumbai, Maharashtra, India.