privacy policy

1. who we are

arkavix (the "firm," "we," "us") refers to ARKAVIX TECHNOLOGIES LLP, an engineering services practice registered in India and headquartered at No. 1190/1, 4th Floor, HSR Layout, Sector 3, 22nd Cross Road, Bengaluru – 560102. This policy explains how we collect, use, store, and share personal data in the course of operating our website (https://arkavix.com), corresponding with prospective clients and candidates, and delivering client engagements. It applies to data we process as a data controller or data fiduciary; where we process data on behalf of a client, the client's own privacy policy governs.

2. what we collect

We collect the minimum personal data necessary to run our business. Specifically:

• Contact form submissions: the name, email address, selected service interest, and free-text message you submit via the contact form on this site.
• Candidate applications: the name, email address, professional background, and any attachments you send when applying for an open role.
• Client engagement data: for active client engagements, we process the personal data necessary to deliver the engagement as defined in the governing services agreement and data processing addendum.
• Website analytics: we do not run third-party analytics on this site. Aggregated request logs (IP address, user agent, timestamp) are retained by our hosting provider for operational purposes for up to thirty days.

3. why we collect it

We process personal data under India's Digital Personal Data Protection Act, 2023 (the "DPDP Act") and — where applicable to clients or candidates located in the European Economic Area — the EU General Data Protection Regulation (GDPR). The lawful bases we rely on are:

• Legitimate uses / legitimate interests — for responding to inbound inquiries, evaluating candidate applications, and maintaining operational logs.
• Contract performance — for data processed as part of a client engagement under a signed agreement.
• Consent — where you explicitly opt in to receive communications from us.
• Legal obligation — for data we are required to retain under Indian tax, accounting, employment, or regulatory law.

4. how long we keep it

Contact form submissions are retained for twenty-four months from the date of submission, after which they are deleted. Candidate applications are retained for twelve months unless the applicant requests earlier deletion. Client engagement data is retained in accordance with the governing agreement, typically for the duration of the engagement plus six years for legal and audit purposes. Operational logs are retained for thirty days.

5. who we share it with

We do not sell personal data. We share personal data only with the following categories of recipients:

• Infrastructure providers — cloud hosting, email delivery, and secure storage providers under contracted data processing agreements.
• Professional advisors — our legal, tax, and audit advisors, bound by professional confidentiality.
• Clients — when you apply for a role or submit an inquiry directly related to a named client engagement, we may share the relevant data with that client under the governing agreement.
• Authorities — where required by law, court order, or regulatory request.

Our infrastructure providers are located in India or other jurisdictions with appropriate safeguards. Where we transfer personal data across borders, we rely on contractual safeguards with each provider and — for transfers involving data originating in the EEA — Standard Contractual Clauses approved by the European Commission.

6. your rights

Under the DPDP Act and, where applicable, GDPR, you have the following rights with respect to your personal data:

• the right to access the personal data we hold about you;
• the right to correct or update inaccurate personal data;
• the right to request erasure of your personal data, subject to our legal retention obligations;
• the right to withdraw consent, where consent was the legal basis for processing;
• the right to nominate a person to exercise your rights in the event of your incapacity or death (under the DPDP Act);
• the right to request portability of your personal data in a machine-readable format (where GDPR applies);
• the right to grievance redressal — and, if unsatisfied, to lodge a complaint with the Data Protection Board of India or, where GDPR applies, your local supervisory authority.

To exercise any of these rights, email us at hello@arkavix.com. We respond to every request within thirty days, typically much faster.

7. security

We take technical and organisational measures appropriate to the risk of the processing. In practice: all data in transit is encrypted with current TLS versions; data at rest is encrypted at the infrastructure layer; access to personal data inside the firm is restricted to the people who need it, authenticated via single-sign-on with mandatory multi-factor authentication, and logged. For client engagement data, we additionally implement the controls specified in the governing data processing agreement.

8. cookies

This website does not use tracking or analytics cookies. We use a small number of strictly-necessary cookies for session handling on internal tooling, none of which are present on the public site. See our cookie policy for details.

9. changes

We update this policy when our practices change. Material changes will be announced on this page with an updated "last updated" date. If the change affects you as an existing correspondent, client, or candidate, we will notify you directly.

10. contact

Questions about this policy or about our data practices can be sent to hello@arkavix.com.