Privacy Policy

Introduction

Sree Enterprises ("we," "us," or "our") operates the website at www.sreeaerotech.com (the "Website"). We are an ISO 9001:2015 certified supplier of aerospace-grade metals, alloys, aircraft spares, brazing materials, and safety and rescue equipment serving aviation, defence, marine, and industrial customers.

This Privacy Policy explains how we collect, use, disclose, retain, and safeguard personal data when you browse the Website, submit an inquiry through our contact form, communicate with us by email or telephone, or otherwise interact with us online.

This Policy is designed to align with the Digital Personal Data Protection Act, 2023 ("DPDP Act") of India and applicable information technology and privacy regulations. Where visitors access the Website from other jurisdictions, we apply reasonable and appropriate safeguards consistent with the nature of our business-to-business operations.

Data Fiduciary and Contact Details

For the purposes of the DPDP Act, Sree Enterprises acts as the Data Fiduciary with respect to personal data processed through this Website and related business communications.

Sree Enterprises

Sree Enterprises, 401, Plot No. 11, Sri Harsha Meadows, MIG 2 APHB Colony, Chintal, Balanagar, Hyderabad – 500037, Telangana, India

Email: info@sreeenterpriseshyd.com

Phone: +91 (0) 40-23081904

For privacy-related requests, please contact us using the details above with the subject line "Privacy Request." We will respond within timelines required under applicable law.

Scope of This Policy

This Policy applies to personal data collected through:

Our Website and its contact and inquiry forms;
Email, telephone, fax, and other communications initiated via the Website;
Analytics and technical data generated when you visit the Website.

This Policy does not apply to personal data collected offline in the ordinary course of negotiated supply contracts, employment relationships, or third-party websites linked from our Website. Those interactions may be governed by separate agreements or policies.

Our Website is intended for business and professional users. We do not knowingly target children or individuals under 18 years of age.

Personal Data We Collect

Depending on how you interact with us, we may collect the following categories of personal data:

4.1 Information You Provide Directly

When you submit our contact form or communicate with us, we may collect:

Identity and contact details: full name, business email address, telephone number, and organization name;
Inquiry details: subject line, message content, product or service interests, and any technical or procurement information you choose to include;
Consent records: confirmation that you agree to be contacted regarding your inquiry and acknowledgment of this Privacy Policy.

4.2 Automatically Collected Technical Data

When you visit the Website, we and our analytics providers may automatically collect:

IP address, browser type and version, device type, and operating system;
Pages viewed, referring/exit URLs, session duration, and general geographic location (city/region level);
Date and time of access and interaction events.

4.3 Cookies and Similar Technologies

We use cookies and similar technologies as described in Section 8. We do not intentionally collect sensitive personal data such as biometric identifiers, financial account numbers, or government-issued identification numbers through the Website contact form.

How We Collect Personal Data

We collect personal data through:

Direct submission: when you complete and submit the contact form on our Website;
Voluntary communication: when you email us, call us, or otherwise reach out using details published on the Website;
Automated technologies: through server logs, cookies, and analytics tools that operate when you browse the Website;
Business referrals: where a prospective customer or partner provides your professional contact details in connection with a legitimate business inquiry, subject to applicable consent requirements.

Legal Basis and Purpose of Processing

We process personal data only where we have a lawful basis, including:

Consent: where you submit the contact form and affirmatively agree to be contacted and acknowledge this Policy;
Legitimate uses / legitimate interests: to respond to inquiries, operate and secure the Website, understand aggregate usage patterns, and pursue our lawful business interests in a manner that does not override your rights;
Legal obligation: where processing is necessary to comply with applicable laws, regulatory requests, or lawful orders.

We use personal data for the following specific purposes:

Responding to product, technical, procurement, and partnership inquiries;
Providing quotations, documentation, and follow-up communications related to your request;
Operating, maintaining, troubleshooting, and improving the Website;
Monitoring Website security, preventing fraud, abuse, and unauthorized access;
Enforcing our Terms of Service and protecting our legal rights;
Complying with export control, defence procurement, and other regulatory obligations applicable to our industry.

We do not use contact form data for unrelated direct marketing without your separate, explicit consent. We do not sell personal data.

How We Use and Share Personal Data

Access to personal data is limited to authorized personnel and service providers who require it to perform their duties. We may share personal data with:

Email service providers: We use Resend, Inc. to deliver transactional emails including inquiry confirmations and internal notifications. Message content and recipient details are transmitted to Resend for this purpose.
Analytics providers: We use Google Analytics 4 (Google LLC) to understand aggregated Website traffic and usage. Google may process technical data and set cookies as described in Section 8.
Website hosting and infrastructure providers: who store and deliver Website content and process server logs necessary for operation and security.
Professional advisers: such as legal, audit, or compliance consultants, under confidentiality obligations, where reasonably necessary.
Regulatory and law enforcement authorities: where required by applicable law, court order, or to protect rights, safety, and security.

We require third-party processors to handle personal data only on our instructions and in accordance with appropriate contractual and security safeguards.

Cookies and Analytics

Cookies are small text files placed on your device when you visit a website. We use the following categories of cookies and similar technologies:

Strictly necessary cookies: required for basic Website functionality and security. These cannot be disabled without impairing core features.
Analytics cookies: used by Google Analytics 4 to collect aggregated statistics about page views, traffic sources, and user interactions. Google's privacy practices are described at policies.google.com/privacy. You may opt out of Google Analytics by installing the Google Analytics Opt-out Browser Add-on or adjusting your browser cookie settings.

Most browsers allow you to refuse or delete cookies. Disabling cookies may affect certain Website features or your experience.

Data Retention

We retain personal data only for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required or permitted by law.

Contact inquiries: typically retained for up to three (3) years from the date of last meaningful communication, unless a longer period is needed for active commercial discussions, contractual obligations, or dispute resolution.
Server and security logs: retained for a limited period appropriate for security monitoring and incident investigation, generally not exceeding twelve (12) months unless extended for a specific investigation.
Analytics data: retained according to Google Analytics configuration and our internal data minimization practices.

When personal data is no longer required, we take reasonable steps to delete, anonymize, or securely archive it.

Data Security

We implement appropriate technical and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, loss, or destruction. These measures include:

HTTPS encryption for data transmitted through the Website;
Access controls limiting personal data to authorized personnel on a need-to-know basis;
Rate limiting and validation on contact form submissions to reduce abuse;
Use of reputable third-party service providers with industry-standard security practices.

No method of transmission over the Internet or electronic storage is completely secure. While we strive to protect your personal data, we cannot guarantee absolute security.

Cross-Border Data Transfers

Sree Enterprises is based in India. Some of our service providers, including Google LLC and Resend, Inc., may process personal data on servers located outside India, including in the United States and other jurisdictions.

Where personal data is transferred outside India, we take reasonable steps to ensure that recipients provide a level of protection consistent with applicable law, including through contractual safeguards and selection of reputable processors.

By using the Website and submitting personal data, you acknowledge that such transfers may occur for the purposes described in this Policy.

Your Rights

Subject to applicable law, including the DPDP Act, you may have the following rights regarding your personal data:

Right to access: request information about the personal data we hold about you and how it is processed;
Right to correction: request correction of inaccurate or incomplete personal data;
Right to erasure: request deletion of personal data where retention is no longer necessary or lawful;
Right to withdraw consent: where processing is based on consent, withdraw consent at any time without affecting the lawfulness of processing before withdrawal;
Right to grievance redressal: raise a complaint with us regarding our processing of your personal data;
Right to nominate: where applicable under the DPDP Act, nominate another individual to exercise your rights in the event of death or incapacity.

To exercise any of these rights, contact us at info@sreeenterpriseshyd.com with sufficient information to verify your identity and describe your request. We will respond within the timeframe required by applicable law.

If you are not satisfied with our response, you may have the right to lodge a complaint with the Data Protection Board of India or other competent authority once fully constituted and applicable to your matter.

Children's Privacy

The Website and our services are directed at business and professional users. We do not knowingly collect personal data from individuals under 18 years of age. If you believe we have inadvertently collected personal data from a minor, please contact us promptly and we will take steps to delete such information.

Third-Party Websites

The Website may contain links to third-party websites, including OEM partners, certification bodies, and service providers. We are not responsible for the privacy practices or content of those websites. We encourage you to review the privacy policies of any third-party sites you visit.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. The "Last Updated" date at the top of this page indicates when the Policy was most recently revised.

Material changes will be posted on this page. Where required by law, we will provide additional notice or seek renewed consent. Your continued use of the Website after the effective date of an updated Policy constitutes acknowledgment of the revised terms, to the extent permitted by law.

Contact Us

For questions, concerns, or requests relating to this Privacy Policy or our handling of personal data, please contact:

Privacy & Data Protection — Sree Enterprises