Privacy Policy

Introduction

A. This Privacy Policy issued by Maruti Suzuki India Limited (“MSIL”) (“Policy”) establishes the framework for collection, use, processing, sharing, and protection of Personal Information and Sensitive Personal Information obtained from Data Subjects when they visit MSIL’s digital platforms and/or when they use MSIL’s products and services. This Policy is based on the legal and ethical principle that valid, free, informed, and specific consent must be obtained from Data Subjects prior to Data collection. This Policy does not apply to the practices of entities that MSIL does not own, control or manage.
B. This Policy is formulated in accordance with applicable laws, including the Information Technology Act, 2000, and rules framed thereunder.
This Policy is formulated in accordance with applicable laws, including the Information Technology Act, 2000, and rules framed thereunder.

Definitions

1. “Data” means a representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalized manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network, and may be in any form (including computer printouts magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer,  and includes Personal Information and Sensitive Personal Information.

2.“Data Subject(s)” means an identified or identifiable natural person and includes employees, prospective employees, staff members, customers, contractors, agent and individual users of the computer resources and/or digital platforms of MSIL.

3.“Disclosure” means the release, transfer, provision of access to, or divulging of information in any manner (verbally or in writing) by MSIL to persons who are not MSIL employees, affiliates or to any other person or entity outside of MSIL.

4.“Information” means Personal Information and /or Sensitive Personal Information as the case maybe.

5.“Personal Information” means any Information that relates to a natural person/ Data Subject, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person.

6. “Sensitive Personal Information” in relation to a Data Subject means such Personal Information which consists of information relating to:

•       Password;

•       Financial Information such as Bank account or credit card or debit card or other payment instrument details;

•       Physical, physiological and mental health condition;

•       Sexual orientation;

•       Medical records and history;

•       Biometric Information;

•       Any detail relating to the above clauses as provided to MSIL for providing service; and

•       Any of the Information received under above clauses by MSIL for processing, stored or processed under lawful contract or otherwise

provided that any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal information.

Purpose

The purpose of this Policy is to ensure that Information of a Data Subject is adequately protected, processed lawfully and used only for clearly defined purposes consented to by such Data Subject.

Applicability

This Policy applies to all Data Subjects who provide their Information to MSIL and all its direct predecessor and/or successor organizations or entites.

Data collection method(s)

MSIL collects Information through lawful means, including but not limited to forms, digital platforms, emails, logs, website interactions, physical documents, and business engagements.

MSIL may collect Information when Data Subjects:

•   Access or interact with MSIL and/or its digital platforms;

•   Register for an MSIL account;

•   Avail services or promotions from MSIL; or

•   Interact through MSIL’s authorized business partners.

Such Information may include name, email address, date of birth, gender, occupation, industry, and personal interests.

Data Collection for Digital Lending

Information collected in connection with digital lending will be limited to what is strictly necessary for facilitating the lending process and will be shared only with RBI-regulated lending partners, based on explicit and informed consent of the Data Subject.

MSIL does not undertake any lending activity on its own.  Any loan, credit facility, or financial product offered through the website or digital platform is provided exclusively by RBI-regulated entities such as banks or Non-Banking Financial Companies (NBFCs).  MSIL acts solely as a facilitator and does not carry out credit appraisal, underwriting, approval, or disbursement of loans.

MSIL does not store customer bank login credentials, card details, OTPs, or financial authentication Information related to lending.

Information provided by legal entities including customers

During the course of business relations including but not limited to while enquiring about MSIL’s products and services, legal entities including customers acknowledge that they shall often be required to provide Information to MSIL about themselves including their legal status, contact details, phone numbers, email ID, bank account details, PAN, bank/wire transfer details.

Suppliers, Employee and Contract Workers and Others

In order to ensure that MSIL has adequate resources to conduct its business, MSIL may often need to acquire supplies and obtain services through additional contract  labour. To properly pay for these supplies and services, MSIL is required to collect financial information such as banking details and home contact information of contract labour from service providers.

Additionally, the collection of contact information will permit MSIL to maintain a list of suppliers to fill vacancies or to perform similar tasks in the future as such opportunities arise. MSIL also obtains Information from its employees and also the prospective employees who are willing to work with it.

General Public

In order to ensure a high quality of staffing as vacancies arise, MSIL will solicit applications from qualified individuals. Although not requested by MSIL, candidates will often supply Information such as birth dates, citizenship, educational background and other information. In order to ensure the safety and security of its staff and of visitors to its facility, MSIL utilizes Closed-Circuit Cameras in its premises. The Information obtained from these cameras is recorded and is used for security, monitoring, and other related purposes.

Information provided by customers about others

In providing Information about other individuals (such as someone in whose name one is registering the car/other products of MSIL), one represents that one has notified them of the purposes for which the Information will be used, the recipients of the Information, and how they can access and correct their Information, and that one has obtained their consent. MSIL processes Information about its employees etc., its clients and suppliers, customers, contract workers and other individuals, including former employees, for a number of business purposes, including, but not limited to:

•   Scheduling

•   Recruitment

•   Personnel management

•   Payroll and accounting

•   Business and market development

•   Building and managing external relationships

•   Research and development

•   Technology infrastructure

•   Other purposes required by law or regulation

Sources used

MSIL primarily collects Information directly by requesting that one completes forms or questionnaires, and also in connection with provision of services at one’s request. MSIL may also collect Information regarding Data Subject’s internet protocol address, browser type, domain name, and access time.  MSIL may also collect Data and Information through various sources such as emails, logs, website visiting and hard copy and other sources.

With respect to certain electronic records, MSIL may act as an ‘intermediary’ as defined under the Information Technology Act, 2000 and on behalf of another person receive, store or transmit that electronic record or provide any service with respect to that record on its digital platforms.  MSIL does not initiate, modify, or control such electronic record and shall not be liable for third-party content, except as required under applicable law.

Use of Information

None of the Data or Information, collected shall be used for any other purpose than the purposes outlined in this Policy.

MSIL may with prior consent of Data Subjects share such Information with third parties strictly for legitimate business purposes and/or to respond to subpoenas, court orders, or legal process.

Data retention

Information shall be retained only for the period necessary for the purposes for which it is collected or as required under applicable law and MSIL’s internal data retention policy.

Access, correction, and withdrawal of consent  Data Subjects may:

•   Access, review, and correct their Information;

•   Withdraw consent or request deletion of their Information, subject to legal and regulatory obligations

by following the Grievance Redressal Mechanism as provided in this Policy.

Confidentiality

MSIL treats all Information as confidential and implements reasonable security practices and procedures to safeguard Information against unauthorized access, Disclosure, alteration, or destruction.

In case of order or direction by any competent court/regulatory authority or legal requirements by any relevant governmental agency (“Governmental Authority”) , MSIL may be required to provide Information to such Governmental Authority provided that such legal authorities are legally obligated to protect any Information from public Disclosure, except where Disclosure is otherwise required by law or a court of competent jurisdiction. Information will be kept private as far as permitted by law.

Security

The security of Information is important to MSIL. MSIL provides a framework to establish processes and procedures to protect Information against security threats, whether accidental or deliberate, external or internal, to ensure confidentiality, integrity and availability of data, and minimize the impact of security incidents. MSIL implements appropriate and reasonable security measures as prescribed under applicable laws to protect Data.

Data Subject Declaration

•   The Data Subject, exercising free power of choice, hereby gives consent in relation to use and processing of Information, which has been provided by them to MSIL.

•   The Data Subject acknowledge to have read and understood this Policy.

•   The Data Subject acknowledge that they have been advised about the risks associated with Data.

•   The Data Subject acknowledge that they are aware of the fact that they can withdraw their consent to MSIL for processing of their Information at any time without giving any reason.

•   The Data Subject acknowledge that they hereby give permission to MSIL to process the Data obtained from them as a result of their visiting of the digital platforms of MSIL, during course of products and/or service obtained by them from MSIL, by filling the form for a job vacancy at MSIL, or during the course of any business transaction with MSIL.

Grievance Redressal Mechanism

MSIL has appointed a Grievance Officer and Data Protection Officer in compliance with the applicable laws including Information Technology Act, 2000. Any grievance of a Data Subject shall be acknowledged and resolved within the timelines prescribed under the applicable laws.

Grievance and Data Protection Officer: Sanjeev Kumar Singh

Email: dpo@maruti.co.in

Changes to this Policy

Maruti may modify and edit this Policy from time to time.

Consent & Acknowledgement

By accessing or using this digital platform, Data Subject confirms that they have read and understood this Policy, are above 18 years of age, and provide voluntary consent for lawful processing of their Information by MSIL and/or any person authorized by MSIL.