Contact us

Privacy Policy of Dawell Lifescience Pvt. Ltd.

Effective Date: 01/01/2022
Last Updated: 10/07/2025

Dawell Lifescience Pvt. Ltd. (“Dawell,” “we,” “us,” or “our”) is committed to protecting the privacy of individuals and complying with applicable data protection laws, including the EU General Data Protection Regulation (GDPR) and India’s Digital Personal Data Protection Act, 2023 (DPDP Act). This Privacy Policy explains how we collect, use, store, and share personal data through our website and integrated digital platforms (collectively, the “Services”). It also outlines the rights available to data subjects (under GDPR) and data principals (under DPDP Act) and how we safeguard personal data. We adhere to the core principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, and accountability in all our data processing activities By using our Services or providing personal information to us, you agree to the practices described in this Privacy Policy. If you do not agree with this Policy, please do not use our Services. For any questions or concerns about this Policy or your personal data, please contact us using the information in Section 1 below.

1. Data Controller Identification

Data Controller: Dawell Lifescience Pvt. Ltd. is the organization determining the purposes and means of processing your personal data. We are a company registered in India.

Registered Address: 1194/27D, Kamala Classic Apartment, Off Ghole Road, Shivaji Nagar, Pune, Maharashtra – 411005, India

We also maintain an office at 5th Floor, Office No. 563, 564, 566, YMCA Tourist Hostel Complex, Gate No. 1, Connaught Place, New Delhi – 110001, India.

Contact Information: If you have any questions, requests, or complaints regarding your personal data or this Privacy Policy, please contact our privacy team at [email protected]. You may also write to us at the postal address above (Attention: Privacy Officer). For EU residents, we will provide an EU representative or Data Protection Officer contact if required by law (please reach out to the email above for details).

2. Types of Data Collected

We collect various categories of personal and technical data through our website, contact forms, demo request forms, and other digital platforms. The types of data we collect include:

  • Personal Identifiers: Information that you provide about yourself, such as your name, email address, phone number, and job title/designation. We may also collect your department and organization or district (especially if you represent a government department or law enforcement agency) when you fill out certain forms or interact with us. For example, our contact and demo request forms ask for your name, email, subject, contact number, and additional detailsdawelllifescience.com. You might voluntarily provide your designation, department, or region in the “Additional Details” field or during subsequent communications.

  • Uploaded Content: If our platform allows you to upload files or documents (for instance, when seeking tender support or submitting queries), we will collect any documents, images, or other files you choose to provide. This could include official letters, tender documents, or any other materials you attach when communicating with us.

  • Communications Data: Information contained in your communications with us. This includes details you provide when contacting us via contact forms, demo request forms, emails, or support queries, as well as through WhatsApp messages if you engage with our WhatsApp chat integration. For example, if you reach out for a product demo or tender support via WhatsApp, we will collect the information you share in those messages (such as your queries and any contact info included in your WhatsApp profile or signature).

  • Technical Data: When you use our website and Services, we automatically collect certain technical information by electronic means:

    • Device and Browser Information: This includes your IP address, browser type and version, device identifiers, operating system, language preferences, and location data (which may be inferred from your IP address or GPS if you permit). This data helps us secure the Services and adapt content to your device.

    • Cookies and Tracking Data: We use cookies and similar tracking technologies (described in Section 5 below) to collect data about your interactions with our site, such as page visits, time spent, referral URLs, and clickstream data. These may include unique identifiers like cookie IDs or advertising IDs. We also integrate third-party analytics tools that collect usage data (e.g., Google Analytics may record how you navigated our site, and the LinkedIn Insight Tag may log that you visited our site after seeing a LinkedIn post or ad).

  • Usage and Analytics Data: Aggregated data about how our Services are used. This includes metrics like the number of visitors, pages viewed, demo requests submitted, or queries received. While this data may derive from personal data (e.g., your interactions), we typically use it in an anonymized or aggregated form for analytics purposes. For instance, we might track how many users from different regions access our site or which pages are most popular, without directly identifying individuals.

  • Publicly Available Data: In some cases, we may collect information about public sector contacts or leads from public sources or third-party platforms. For example, if you fill out a LinkedIn or Facebook lead generation form to request information about our products, we will receive the data you consent to give us via those platforms (such as your name, email, company, and any responses you submit on the form). Similarly, we might obtain your contact details if you publicly shared them in a professional context relevant to our offerings. We treat such information in accordance with this Policy once it is in our possession.

We do not intentionally collect any sensitive personal data (also known as special category data) via our website, such as financial information, health data, or passwords, unless necessary for our Services or required by law. Please refrain from submitting any sensitive personal data in free-text fields. If you do provide sensitive data (for example, images or information that might be considered sensitive under applicable law), we will handle it with special care and only use it for the limited purpose for which you provided it.

3. Purpose of Data Collection

We collect and use personal data for the following purposes, which align with Dawell’s mission of empowering public governance, safety, and justicedawelllifescience.com. Each purpose is pursued only to the extent relevant and necessary for that context:

  • Providing Product Demonstrations (GovTech Demos): To schedule, organize, and deliver government product demonstrations that you request. For example, if you ask for a demo of one of our public safety or forensic solutions (such as SAFE PRO or SoToxa), we use your contact information and any details about your role (e.g. police department, forensic lab, etc.) to arrange the demo, tailor it to your needs, and follow up with you. This may include communicating via email, phone, or WhatsApp to coordinate demo logistics and gather feedback.

  • Tender Support and GR Mapping: To assist with tender support inquiries or Government Resolution (GR) mapping requests. Dawell often engages with public sector tenders and projects. If you approach us for support in preparing a tender (for instance, needing specifications, compliance documents, or mapping our products’ features to government requirements or GRs), we use the information you provide (including uploaded documents and your contact details) to respond and help fulfill those requests. This may involve verifying your identity/organization (for authenticity of the request), providing technical documentation, and guiding you through how our solutions meet specific government standards.

  • ERP Registration and Pilot Planning: If you participate in a pilot program for one of our software platforms or enterprise solutions (for example, an ERP system or other digital platform provided by Dawell for public safety project management), we collect personal data to register you on the platform, set up user accounts, and plan the pilot deployment. This typically involves collecting your name, professional details (designation, department, ID), and contact info, and any preferences or requirements for using the system. We use this data to configure the platform, manage user access rights, and communicate with participants during the pilot. Additionally, for pilot planning with government clients, we may record data about project timelines, training sessions, and feedback, which could include personal data of attendees or officials involved.

  • Service Delivery and Operations: More generally, to deliver our products and services and ensure they function as intended. This includes using data to provide customer support, answer questions or requests you send through the website, and troubleshoot issues. For instance, if you encounter an issue with our website or an integrated platform and contact us, we will use your contact info and any error reports or screenshots you send to resolve the problem.

  • Analytics and Improvement of Website & Services: To analyze site usage and assess the impact of our public programs. We use analytics data and cookies to understand how our website and digital platforms are used, which helps us improve user experience, content, and functionality. For example, we might analyze the traffic drawn by a public safety campaign or how many users request demos after viewing certain educational content. We also evaluate how our outreach (e.g., training sessions, workshops or public safety programs listed on our site) translates into site engagement or inquiries, in order to measure public program impact and improve our offerings. All analytic processing is done in aggregated form or with personal identifiers removed whenever feasible.

  • Marketing and Awareness: With your consent or as permitted by law, we may use your contact details to send informational or marketing communications about our products, services, and events that could interest you (especially if you are a public sector professional focused on law enforcement, forensics, or public health). For example, if you opt-in to our mailing list or request a brochure, we will use your email to send updates like new product launches, case studies, or upcoming training workshops. You can opt out of marketing messages at any time (see Section 8 on your rights).

  • Security and Abuse Prevention: To secure our website, platforms, and users’ data. We monitor technical data (like IP addresses and logs) to detect and prevent fraud, cyberattacks, unauthorized access, or other misuse of our Services. For example, we may use your IP address to determine if multiple failed login attempts originate from a suspicious location and take action. We also maintain audit trails and system logs on our forensic and public safety technology platforms to ensure proper use and to support investigations of any improper access. These logs help preserve the integrity of evidence and the security of sensitive data.

  • Legal Compliance and Enforcement: To comply with legal obligations and regulatory requirements under Indian law, EU law, or other applicable jurisdictions. This includes retaining and disclosing personal data as required by government audits, law enforcement requests, court orders, or applicable statutes. For instance, if a law requires us to keep records of communications related to government tenders for a certain period, we will do so. We may also process personal data to establish or defend our legal rights or to investigate fraud or misconduct. In India, for example, we might need to furnish certain data to statutory agencies or courts in line with public safety regulations, and in the EU we might need to demonstrate GDPR compliance to supervisory authorities if requested.

  • Other Purposes (with Notice): If we intend to process personal data for any purpose that is materially different from the purposes listed above, we will provide you with additional notice at the time of collection or before the new processing begins. In cases where consent is required, we will obtain it prior to using your data for the new purpose.

We ensure that all personal data we collect is used only for the purposes stated at the time of collection or compatible purposes. We do not use your personal data for wholly unrelated purposes without your consent. We also limit the data we collect to what is relevant and necessary for each purpose (data minimization). For example, if you only request a product demo, we will not collect or use your data for marketing unless you separately opt in.

4. Legal Basis for Processing

We process personal data under the following legal bases, as permitted by GDPR and the DPDP Act:

  • Consent: In many cases, we rely on your consent to process your personal data. When you voluntarily submit information through our contact forms, demo requests, or WhatsApp chat, you are deemed to consent to our use of that data to respond to you and fulfill your request. For any optional or additional uses of your data (such as sending you marketing emails or sharing your details with a partner for a follow-up), we will ask for your clear consent. Under GDPR, your consent will be our lawful basis for such processing; under the DPDP Act, we ensure consent is free, specific, informed, and revocable. You have the right to withdraw consent at any time (see Section 8 for how to withdraw consent). For example, if you consent to receive our newsletter or agree to cookies, you can later opt-out and we will cease the related processing.

  • Legitimate Interests: We process certain data as necessary for our legitimate interests, provided such processing is balanced against your rights and interests. Our legitimate interests include: engaging with public sector stakeholders and clients in furtherance of our mission to improve public safety and governancedawelllifescience.com; communicating with you to build professional relationships; securing and improving our Services; and understanding how our products and outreach are performing (analytics). For instance, after you submit a demo request, it is in our legitimate interest to keep a record of your request and perhaps follow up to see if you need further assistance, in order to foster a business relationship. We may also rely on legitimate interest to use minimal cookies for site functionality or to send you product information relevant to your professional role, provided this does not override your data protection rights. Under GDPR, we perform a legitimate interest assessment where appropriate. Under the DPDP Act’s principles, we ensure fairness and transparency, and you can object to processing based on our legitimate interests (see Section 8).

  • Performance of a Contract: When we enter into a contract with you (or your organization), processing of personal data may be necessary to perform that contract or to take pre-contract steps at your request. For example, if your organization purchases a solution from us or enters a pilot agreement, we will process personal data (like user account information, or contact details for training and support) to fulfill our obligations under that agreement. This basis is recognized under GDPR (Art. 6(1)(b)). While India’s DPDP Act does not use the term “contractual necessity” explicitly, such processing would likely fall under reasonable purposes consistent with your engagement with us.

  • Legal Obligation: We will process personal data when needed to comply with a legal obligation to which we are subject. This applies to both EU and Indian legal requirements. For instance, under EU law we must abide by GDPR itself (e.g., retaining evidence of consent or responding to data access requests), and under certain Indian regulations we might have to maintain records for government audits or submit information to regulatory authorities. If the law mandates retention of certain communications or verification of identities (such as under government procurement rules or financial record-keeping laws), we will process and retain the necessary data to comply. Processing under legal obligation is permissible under GDPR (Art. 6(1)(c)), and the DPDP Act likewise allows processing required by applicable laws.

  • Public Interest or Official Functions: In limited cases, we might process data necessary for tasks in the public interest or in exercise of official authority (under GDPR Art. 6(1)(e)). For example, if we are collaborating with a government agency on a public safety program or conducting research to inform public policy (with proper safeguards and, where required, your consent), this basis might apply. Under the DPDP Act, certain reasonable purposes or government-notified purposes may allow processing without consent, such as for public health or emergencies. We will only rely on such a basis when appropriate and with full compliance of the law.

  • Vital Interests: Though unlikely in our context, if processing is necessary to protect someone’s vital interests (life or physical safety), we may do so. For instance, if during a training event a medical emergency occurs and we have to share a participant’s information with medical personnel, we would invoke this basis. GDPR permits this (Art. 6(1)(d)), and the DPDP Act also envisions exemptions for emergencies involving an individual’s life or immediate harm.

Where we rely on consent, you have the right to withdraw that consent at any time, and we will stop the processing that was based on consent. Where we rely on legitimate interests, you have the right to object if you feel your rights outweigh our interests. If you object, we will consider your request and generally cease the contested processing unless we have compelling legitimate grounds or it is needed for legal claims. For legal obligations, public interest, or contractual necessity, your rights to erasure or objection may be limited if the processing is strictly required, but we will inform you of such situations and process your data only to the minimum extent necessary.

5. Cookies and Tracking Technologies

Our website and online Services use cookies and similar tracking technologies to provide functionality, analyze usage, and enhance user experience. When you visit our site, small data files called cookies may be placed on your device. We classify and handle cookies as follows:

  • Essential Cookies: These are necessary for the website to function properly and cannot be switched off in our systems. They include, for example, cookies that remember your preferences or login status, or keep track of your form submissions as you navigate pages. Without these, certain services (like retaining your demo form inputs) may not work. Because they are necessary for site operation, they are used based on our legitimate interest in providing a functioning service, and do not require consent.

  • Analytics and Performance Cookies: We use cookies to understand how visitors engage with our site, which helps us improve content and performance. In particular, we use Google Analytics to collect information about site usage (such as which pages are visited, how long users stay, and how they arrived at our site). Google Analytics may set cookies or use similar identifiers to generate aggregate reports. We have configured Google Analytics in a privacy-friendly manner (for example, by enabling IP anonymization where applicable), but it may still collect your truncated IP address and device information. We also use the LinkedIn Insight Tag, a cookie-based tracking tool provided by LinkedIn, which helps us measure the effectiveness of our LinkedIn content and ads. The LinkedIn Insight Tag can track that you visited our site (if you have a LinkedIn cookie in your browser) and allows us to gather insights such as job role demographics in aggregate. These analytics and tracking cookies will be used only with your consent where required by law (for example, for EU visitors, we will obtain consent via the cookie banner for non-essential cookies). For Indian users, by using the site you consent to analytics cookies, but you can opt-out as described below.

  • Functionality and Preference Cookies: These cookies allow our website to remember choices you make (such as your language or region, if we offer such selection) and provide enhanced features. They may be set by us or by third-party providers whose services we have added to our pages (for example, if we embed a map or a video, that provider might set a cookie to recall your settings). We treat these similar to essential cookies when they are strictly required for a feature you use, or as optional (consent-based) if not strictly necessary.

  • Advertising and Social Media Cookies: We do not host third-party advertisements on our site, but we do integrate with social media and third-party platforms that may set cookies. For instance, when we embed a YouTube video in one of our pages, YouTube/Google may place cookies to track video views and user interactions. Similarly, clicking our social media sharing buttons (Facebook, Twitter, LinkedIn, etc.) may set cookies by those services. If in the future we engage in re-targeting advertising or use a Facebook Pixel or similar advertising cookie, we will update this Policy and seek any necessary consent. Currently, our primary third-party tracking relates to analytics (Google, LinkedIn) as noted above, and any cookies by embedded content from platforms like YouTube.

Cookie Consent and Opt-Out: When you first visit our website, you will see a cookie notice (banner) if required by law. You can choose to accept or decline non-essential cookies. Once you have given consent, you can withdraw it at any time by clearing cookies or using the opt-out mechanisms described here:

  • Browser Settings: Most web browsers allow you to refuse or delete cookies through settings. You can set your browser to block all cookies or to alert you when cookies are being sent. However, note that disabling all cookies may affect site functionality.

  • Google Analytics Opt-Out: Google provides a browser add-on to opt-out of Google Analytics tracking (available at tools.google.com/dlpage/gaoptout). Enabling this add-on will prevent Google Analytics from collecting your data on any site.

  • LinkedIn Opt-Out: To opt out of LinkedIn Insight Tag analytics, you can adjust your LinkedIn account settings to opt out of data collection for ads (see LinkedIn’s Privacy Settings). If you do not have a LinkedIn account, LinkedIn also offers an opt-out cookie for non-members (LinkedIn Opt-Out).

  • Do Not Track: Our website currently does not respond to “Do Not Track” signals due to lack of an industry standard, but we will treat it as a preference to minimize tracking. We honor all opt-out preferences expressed through the methods above.

We do not use cookies to collect personally identifiable information without your knowledge, and we do not allow third parties to place cookies for their own advertising purposes via our site. For more details, you can refer to our separate Cookies Policy (if available on our website) which provides a detailed list of cookies and their lifespans. If you have questions about specific cookies or tracking technologies, feel free to contact us.

6. Third-Party Integrations and Data Sharing with Third Parties

Dawell’s digital platforms are integrated with several third-party services to enable certain features and functionality. When you interact with us through these integrations, your data may be shared with or collected by those third parties under their own privacy policies. We carefully vet our partners and ensure that we have appropriate agreements in place (including Data Processing Addendums where required) to protect your data. Below are key third-party integrations we use and how personal data is involved in each:

  • WhatsApp Business Integration: We offer the convenience of contacting us via WhatsApp for inquiries, demo requests, or support. When you click our WhatsApp chat link or scan a WhatsApp QR code on our site, you will be communicating through WhatsApp’s platform. Data Collected: Your WhatsApp user ID (phone number), profile name, and any information you send in messages (which could include text, documents, or media). How It’s Used: We access these messages to respond to your questions or requests in real time. Third-Party Disclosure: WhatsApp (a service by Meta Platforms) will process the communication as an intermediary – this means WhatsApp itself receives your messages and may have access to metadata (who you contacted, when, etc.) under its own privacy terms. We do not use WhatsApp to send unsolicited messages; you will only receive WhatsApp communications from us if you initiate a chat or opt in to that channel. We advise you not to share highly sensitive personal information via WhatsApp. Any personal data we receive from WhatsApp conversations will be handled by us in line with this Policy (e.g., if you provide your email or phone number for follow-up, we will treat it as contact data collected from you).

  • YouTube Videos and Media Embeds: Our website may contain embedded content, such as YouTube videos showcasing product demos or news coverage, and possibly interactive content from other platforms. Data Collected: If you play an embedded YouTube video on our site, YouTube/Google may collect usage data (e.g., that your IP address watched the video, time stamps, etc.) and associate it with your Google account if you are logged in. We typically use YouTube’s “privacy-enhanced mode” for embeds, which means YouTube will not place tracking cookies until you press play. However, once you interact with the video, YouTube’s own cookies and data collection apply. Third-Party Disclosure: We do not receive personal data from YouTube about your viewing, but aggregate analytics might be available (like view counts). Your interactions with embedded media are governed by the third party’s privacy policy (e.g., Google’s privacy policy for YouTube). Similarly, if we embed maps (Google Maps) or social media feeds, those platforms may collect data under their policies. We include such content to enrich your experience (for example, providing video demonstrations of our forensic tools) but you may choose not to engage with those embeds if you prefer not to share data with those third parties.

  • LinkedIn Lead Forms and Facebook Lead Ads: Dawell occasionally runs informational campaigns or advertisements on platforms like LinkedIn and Facebook targeting professionals in public safety, forensics, or healthcare sectors. These campaigns may use Lead Generation Forms provided by the platform. Data Collected: If you choose to fill out a lead form (e.g., to download a brochure or request a contact), the form will ask for your name, email, and possibly phone number and company/designation. You will have to explicitly submit the form for us to receive your data. How It’s Used: The information from these forms is sent to us by the platform, and we use it to follow up on your request (for example, emailing you the requested brochure or contacting you to schedule a meeting, as per the form’s intent). Third-Party Disclosure: LinkedIn or Facebook act as intermediaries; they collect the data on our behalf and then transfer it to us. They may keep a copy of the submission for a short time (e.g., available for download from their advertising interface) but will use it only in accordance with our agreement with them. We treat data from lead forms as if you provided it directly to us under this Privacy Policy. Please note that when you interact with these platforms, you are also subject to LinkedIn’s or Facebook’s own privacy and cookies policies.

  • Customer Relationship Management (CRM) and ERP Systems: We use third-party cloud software to manage our contacts, client relationships, and enterprise resource planning. This means that personal data you provide (via forms, emails, events, etc.) may be stored and organized in systems such as a CRM database (for example, we might use Salesforce, Zoho, HubSpot, or a similar CRM tool) and an ERP platform (for handling project workflows, inventory for demo equipment, pilot project details, etc.). Data Collected: This is generally the same information you provide to us (contact info, organization, communications logs) plus any relevant updates (e.g., noting that you are interested in Product X, or scheduling follow-up calls). Third-Party Disclosure: The providers of these software tools technically process our data, meaning personal data might reside on their servers. We ensure that any such provider is bound by confidentiality and strong data protection obligations (for example, our contracts with them include GDPR-compliant Data Processing Agreements). These providers are not allowed to access or use your data for any purpose other than storing and managing it for our needs, as per our instructions. We do not authorize them to sell or disclose your data. Current significant processors include our cloud hosting provider for the website (which ensures our site and databases run on secure servers) and our internal productivity tools (for instance, Google Workspace for emails). All such processors are vetted for security and privacy compliance.

  • Analytics Providers: As noted in Section 5, we use Google Analytics and the LinkedIn Insight Tag. These involve sending pseudonymous data about your device and browsing to Google and LinkedIn, respectively. Data Collected: This can include your IP (truncated or full depending on settings), device info, and on-site behavior. Third-Party Disclosure: Google and LinkedIn process this data to provide us with analytics reports. We have configured these services to avoid collecting more data than necessary (for example, we do not send them your name or contact info through these tools). Both providers are considered data processors for us under GDPR (Google has standard contractual clauses and LinkedIn is covered under its EU and India data transfer frameworks). You can opt out as described earlier.

  • Payment or E-commerce Processors: Note: At present, our website does not directly sell products or collect payments. If in future we enable online purchases (for training registrations or product orders), we may integrate with secure payment gateways (like Razorpay, PayPal, or Stripe). In such case, the payment processing would largely be handled by the third-party processor and subject to their privacy/security standards. We would update this Policy to reflect any such changes.

We will update this section if we add new integrations that affect personal data (for example, a new chat bot, support ticketing system, or any plugin that collects user info).

Important: Except as described in this Policy, we do not share your personal data with any third parties for their own marketing or advertising purposes. We do not sell or rent personal information to data brokers or advertisers. Any data sharing is limited to the third parties above (who act on our behalf or in partnership with us), or as described in Section 10 (legal or strategic disclosures).

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, as outlined in this Policy, or as required by applicable laws and legitimate business requirements. Because our activities involve government projects and public safety initiatives, some data may need to be kept for extended periods to comply with government audit requirements or to support long-running projects, while other data can be disposed of sooner. Our retention practices are as follows:

  • Inquiry and Demo Data: If you contact us for a demo, tender support, or general inquiry, we will retain the personal data you provide for as long as it is needed to process and follow up on your request. Typically, if you do not engage in a formal relationship with us, we will keep your information for a limited period (for example, 1–2 years) to be able to reconnect or provide further assistance if you reach out again. We periodically review old inquiries, and personal data that is no longer needed for any business purpose will be deleted or anonymized. If you ask us to delete your information (see Section 8 on your rights), we will do so, unless we have a specific legal obligation or overriding legitimate interest to retain it.

  • Account and Pilot Registration Data: For users who participate in an ERP platform pilot or any program that requires an account, we retain your registration details for the duration of the pilot/program and for an appropriate period thereafter. For example, during a pilot project with a government department, we keep user accounts active until the pilot concludes, then archive the data for some time (e.g., 1 year) in case the project resumes or for analysis of the pilot outcomes. If the pilot transitions into a fully adopted solution, the data becomes production data and will be retained as needed for ongoing service (subject to a separate agreement or policy if applicable). If a pilot ends with no continuation, we will delete or anonymize personal data of participants after the retention period unless legally required to keep it. Any accounts that remain inactive for an extended period (e.g., 12 months) may be deleted in our routine maintenance, unless the law requires longer retention.

  • Business Records and Contracts: If your data is part of our business records (for instance, you are a point of contact on a contract between Dawell and a government agency, or you participated in a project that results in official reports), we will retain that information in accordance with the retention requirements for corporate and legal records. In India, this could mean keeping contract-related personal data for a number of years after the contract ends (often 8 years or more, aligning with the statute of limitations) or as mandated by government contract rules. Similarly, if you corresponded with us in the course of a public procurement or provided input for a government policy impact study, we might need to store that information for accountability and archival purposes.

  • Marketing Data: If you have consented to receive marketing communications (like newsletters or event invites), we will keep your contact information on our marketing list until you unsubscribe or until we determine that the information is no longer accurate or relevant. If we notice emails bouncing or no engagement over a long time, we may remove your data from our list. Even after you unsubscribe, we may retain minimal information (such as your email address) on an opt-out list to ensure we do not accidentally re-add you.

  • Web Analytics Data: Data collected via cookies and analytics tools is typically retained in aggregate form. Google Analytics data is retained for a period we have configured (e.g., 14 months, or as per Google’s policy) after which it is automatically deleted from Google’s systems. We do not personally identify users in our analytics databases. Any usage logs that are stored on our servers (like web server logs, which include IP addresses) are generally kept for a short duration (a few weeks to a few months) for security analysis, after which they are purged or anonymized. We may preserve aggregated reports (with no personal identifiers) for longer to analyze trends.

  • Tender and Project Data: For tender support requests and similar engagements, we may generate or receive documents that contain personal data (e.g., a list of officials attending a demo, or a government tender document listing a point of contact). Such data will be kept as part of our project files. Given the nature of public sector work, these files could be important for historical reference or compliance. We aim to keep tender-related personal data no longer than necessary—for instance, if a tender bid is unsuccessful, we might archive the file for a couple of years then delete it. If successful, the data becomes part of the project record and is kept through the project lifecycle (and some years beyond, as noted for business records).

  • Legal Requirements: Notwithstanding the above, we may retain personal data for a longer period if required to do so for legal compliance or to protect our legal rights. For example, if we are involved in a dispute or investigation, we will preserve relevant data until it is resolved, even if this extends beyond normal retention periods. We also adhere to any data retention mandates under law (for example, financial transaction records need to be kept for a minimum period under tax laws).

  • Data Anonymization: In cases where we want to keep information for statistical or research purposes but do not need it in identifiable form, we will anonymize or pseudonymize the data such that it can no longer be linked to individuals. For example, we might convert a dataset of pilot program participants into an anonymized format to analyze the overall impact, after we no longer need personal identifiers. Once anonymized, the information is no longer considered “personal data” and we may retain it indefinitely without further notice, to help us improve our offerings and insights.

After the applicable retention period ends, we will securely delete, destroy, or irreversibly anonymize the personal data. We have defined processes for records deletion, and we take care to prevent any unauthorized access during storage or disposal. If deletion is not immediately feasible (e.g., the data is stored in backups), we will isolate the data from active use until deletion is possible.

8. User Rights (Data Subject/Data Principal Rights)

We respect the rights of individuals over their personal data. Depending on whether you are subject to GDPR (e.g., an EU resident) or the DPDP Act (an Indian resident), you are entitled to various privacy rights. We extend these rights to all users where feasible, so that you have control over your personal information. These rights include:

  • Right to Access: You have the right to request confirmation of whether we are processing your personal data, and if so, to receive a copy of that data along with relevant information about how we use it. This is known as a Data Access Request. Upon verification of your identity, we will provide you with a summary of the personal data we hold about you, the purposes of processing, the categories of data, and the parties to whom the data has been disclosed (if any), as well as other information required by law. Under GDPR, we will respond within one month (or notify you of any extension); under DPDP Act, we aim to acknowledge and resolve requests promptly as per the forthcoming regulations.

  • Right to Correction/Rectification: If any personal data we have about you is inaccurate or incomplete, you have the right to have it corrected. For example, if you notice we have misspelled your name or recorded an outdated email address, you can ask us to update it. We will correct the information as soon as possible and notify you of the update. In cases where we have shared incorrect data with a third party, we will (where reasonably practicable) inform them of the correction. DPDP Act specifically allows you to request correction and even completion of incomplete data, and we will comply with such requests unless we have a valid reason to maintain the original data (in which case we will inform you of that reason).

  • Right to Deletion/Erasure: You may request that we delete your personal data under certain circumstances. This is sometimes called the “Right to be Forgotten.” We will honor your deletion request if: (a) the data is no longer necessary for the purpose it was collected, (b) you withdraw consent (and no other legal basis for processing applies), (c) you object to processing and we have no overriding legitimate grounds to continue, or (d) the data was unlawfully processed or must be erased for compliance with a legal obligation. Please note that absolute deletion may not be possible if we are required to retain certain data (see Data Retention section) or if an exemption applies (for instance, DPDP Act allows certain refusals for deletion requests such as when retention is necessary for legal purposes). We will inform you of the outcome of your request. If we cannot delete all data (e.g., due to a legal obligation), we will let you know and will endeavor to isolate and secure the data from further use.

  • Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal. This includes, for example, your consent to receive marketing emails or your consent to non-essential cookies. You can withdraw consent by contacting us at [email protected] or by using automated tools we provide (such as an “unsubscribe” link in emails or the cookie settings on our site). Once we receive notification of withdrawal of consent, we will stop processing your data for the purpose you originally consented to, and confirm to you that we have done so. Withdrawing consent will not incur any negative consequences for you – however, note that if the data was necessary to provide a requested service (e.g., an email address for sending a whitepaper), we may not be able to continue that service without the data.

  • Right to Data Portability: For data that you provided to us and which we process by automated means under consent or contract (a scenario applicable mostly to EU/EEA users under GDPR), you have the right to request a portable copy in a structured, commonly used, machine-readable format. For instance, if you gave us certain information and want to transfer it to another company, we can provide you a CSV or similar file containing your basic personal data. If technically feasible, you may also request that we transmit this data directly to another service provider at your direction. We will inform you which data sets are eligible for portability when you make a request (typically it would include things like your profile information and not include any data that we have derived or that contains others’ personal data).

  • Right to Object: In certain cases, you have the right to object to our processing of your personal data. GDPR grants this right especially for processing based on legitimate interests or for direct marketing purposes. For example, you can object if we are using your data for a task in public interest or for our legitimate interests, and you have personal reasons to stop it. If you object to direct marketing, we will stop processing your data for that purpose immediately (this is an absolute right under GDPR – essentially the same as withdrawing consent for marketing, and we respect it for all users). If you object to other processing, we will evaluate whether our legitimate grounds override your rights; if they do not, we will cease the processing in question.

  • Right to Restriction of Processing: You can ask us to limit the processing of your data in certain situations – for instance, while a request for correction or objection is pending resolution, or if you need data preserved for a legal claim. When processing is restricted, we will store your data but not use it until the restriction is lifted (except for the exempted reasons like legal claims or with your consent). We will notify you when we remove a restriction.

  • Right not to be subject to Automated Decision-Making: Dawell does not currently make any decisions about individuals that are purely automated (without human involvement) and that have legal or similarly significant effects. If that changes, and you are subject to an automated decision (for example, an algorithmic screening for event registration approval), you have the right to request human intervention, to express your point of view, and to contest the decision. We will ensure any such processes comply with GDPR Article 22 and relevant DPDP provisions.

  • Right to Grievance Redressal (India specific): Under India’s DPDP Act, as a data principal you have the right to register a grievance with us if you have any concerns or issues with how we handle your personal data. We have designated a Grievance Officer (or equivalent) reachable at [email protected] who will acknowledge and resolve complaints in a timely manner, as per Section 14 of the DPDP Act. If you are not satisfied with our resolution of your grievance, or if we do not respond within the timeframes prescribed by law, you have the right to escalate the complaint to the Data Protection Board of India (DPB). The DPB is an independent body set up by the government to oversee and enforce the DPDP Act, empowered to address complaints and impose penalties. We will provide you with details on how to contact the DPB in our response, or you can find this information on the official website of the Ministry of Electronics and Information Technology (MeitY). We will cooperate fully with the DPB in any investigation.

  • Right to Lodge a Complaint (EU specific): If you are in the European Union or UK, you have the right to lodge a complaint with your country’s supervisory authority (data protection authority) if you believe we have infringed your privacy rights. For example, a user in France can complain to the CNIL, in Germany to their state DPA, in the UK to the ICO, etc. We encourage you to first contact us so we can address your concerns directly, but you are free to reach out to the authority at any time. We will provide contact details for the relevant authority upon request.

To exercise any of your rights, please contact us at [email protected] with your specific request. We may need to verify your identity to ensure we do not disclose or alter data to the wrong person. This verification might involve confirming information we already have on file or asking for identification (only to the extent permitted by law). We will respond to your request within a reasonable timeframe: under GDPR, typically within 30 days; under DPDP, the timelines will be followed as prescribed (we aim for 15 days for simple requests and up to 30 days for complex cases, subject to change if rules stipulate differently).

Please note that these rights are subject to certain limitations. For example, if fulfilling your request would reveal personal data about another person, we might need to redact or seek consent. Some rights may not apply in full under the DPDP Act until relevant rules are notified (but we will strive to honor them in spirit). Regardless, we will provide clear explanations if we cannot fulfill a request in part or in full, and we’ll always try to accommodate your inquiry to the maximum extent possible.

9. Data Security Measures

We take the security of your personal data very seriously. Dawell Lifescience has implemented a range of technical and organizational measures to protect personal data from unauthorized access, alteration, disclosure, or destruction. While no system can be 100% secure, we strive to follow best practices and maintain a high level of security appropriate to the risks. Key security measures in place include:

  • Encryption: Our website is secured with HTTPS encryption (TLS/SSL protocol) to ensure that data transmitted between your browser and our site is encrypted in transit. Similarly, sensitive records in our databases or backups are encrypted at rest wherever feasible. For instance, if we store contact information or credentials in our systems, we employ encryption or hashing to protect that data.

  • Secure Infrastructure: We host our website and cloud services on reputable platforms that are GDPR-compliant and adhere to international security standards (such as ISO 27001 or SOC 2 certification). Our servers are protected by firewalls, intrusion detection systems, and regular security monitoring. We keep software and security patches up-to-date to guard against vulnerabilities.

  • Access Controls: Access to personal data within our organization is restricted on a need-to-know basis. Only authorized Dawell personnel and contractors who require access to fulfill their job duties (for example, a sales engineer contacting you for a demo, or an IT administrator managing the database) are granted access. Each such person is bound by confidentiality obligations. We use role-based access controls, unique user IDs, and strong passwords (with multi-factor authentication where possible) for our internal systems to prevent unauthorized login. Administrative access to critical systems is logged and reviewed.

  • Audit Trails and Logging: We maintain detailed audit logs for our systems and devices, especially our forensic technology platforms and any place where personal data might be handled. These logs record activities like user logins, data entry, modifications, and exports. Audit trails help us detect any unusual or unauthorized activities and provide a forensic record if an incident needs investigation. For example, our SAFE Pro and other forensic tools incorporate secure data storage and tamper-proof recording mechanisms, ensuring that any data captured is traceable and cannot be altered without detection. Similarly, our web servers log key events, which are automatically analyzed for signs of malicious access.

  • Physical Security: Our offices and data centers have physical security controls. Offices have access badges and visitor protocols for entry. For any on-premise servers (if applicable), they are kept in locked rooms with climate control and fire safety systems. However, as we largely use cloud infrastructure, we rely on the physical security of our cloud providers’ data centers, which is generally very robust (24/7 guard patrols, biometric access, etc.).

  • Employee Training and Policies: We train our employees and contractors on data protection and security practices. We have internal policies in place for handling personal data, which include guidelines on using only approved tools, avoiding local storage of sensitive data, reporting security incidents, and maintaining device security. Regular training ensures our team stays updated on phishing risks, safe data handling, and their responsibilities under GDPR and DPDP Act.

  • Third-Party Security: When we engage third-party processors (like our CRM, ERP, or hosting providers), we conduct due diligence to ensure they have adequate security measures. We include strict data protection clauses in contracts, requiring them to safeguard data to standards equivalent to ours. We also limit the data shared with third parties to the minimum necessary (data minimization). For example, if we use an email service to send newsletters, we provide only the email addresses and names required to deliver the message, nothing more.

  • Testing and Audit: We periodically test our systems and processes for security. This can include vulnerability assessments, penetration testing by security experts, and audits of our compliance measures. Any identified issues lead to prompt mitigation steps. We also keep abreast of new threats and adapt our safeguards accordingly. Under GDPR’s accountability principle, we maintain documentation of our security measures and regularly review their effectiveness. Under DPDP Act’s requirements for “reasonable security safeguards,” we adhere to standards and have policies to demonstrate compliance.

  • Data Breach Preparedness: Despite best efforts, security incidents can still occur. We have a Data Breach Response Plan in place. This plan ensures that if we suspect or become aware of a personal data breach, we will immediately take steps to contain and investigate it, and to mitigate any harm. We will also fulfill our legal obligations in such an event: for example, under GDPR we must notify the relevant supervisory authority (and in some cases the affected individuals) within 72 hours of becoming aware of a breach that risks individuals’ rights. Under the DPDP Act, we will notify the Data Protection Board of India and affected users as required by forthcoming rules. Our plan includes communication strategies to ensure timely and transparent disclosure to users if their data’s security is compromised.

We want to emphasize that while we use “state-of-the-art” security measures, no method of transmission or storage is completely foolproof. However, we continuously improve our security posture to meet evolving threats. By using security measures like secure and tamper-proof data storage and transmission, we aim to ensure that your data remains confidential and intact. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel your account has been compromised), please immediately notify us at [email protected] so that we can take appropriate action.

10. Data Sharing and Disclosure

We treat your personal data with care and confidentiality. We do not share, sell, or rent personal data to unrelated third parties for their own use. However, there are certain circumstances where we may disclose or share your data with others, as outlined below, always in accordance with applicable law:

  • Within Dawell and Affiliated Entities: Your information may be shared within our organization, including with Dawell Lifescience team members across different departments (e.g., sales, customer support, technical teams) who need the data to perform their duties. We may also share data with any affiliate, subsidiary, or joint venture partner of Dawell Lifescience (if we have such affiliates in the future), but only for purposes consistent with this Policy. All personnel and affiliates are bound to protect your data as per this Policy and our internal confidentiality rules.

  • Service Providers and Partners: We use trusted third-party service providers to support our operations and service delivery (as described in Section 6). These include IT hosting companies, cloud service providers, CRM/ERP platform providers, analytics services, email service providers, and other vendors. We share data with these service providers only to the extent necessary for them to perform tasks on our behalf – for example, allowing our cloud hosting provider to store our database, or giving our email service your address to send a requested report. Similarly, if we collaborate with a technology partner or principal (e.g., the manufacturer of a device we distribute) on a demo or support request, we might share relevant details with them to get expert assistance for you. In all cases, we require service providers and partners to handle the data securely and use it only for the purposes we specify. They are not allowed to use your data for their own marketing or any other purpose outside our request. We remain accountable for the protection of your data even when it’s processed by a service provider, and we ensure appropriate contracts (such as Data Processing Agreements) are in place.

  • Government or Regulatory Bodies: We may disclose personal data to government agencies, regulatory bodies, law enforcement, or public authorities if required to do so by law or pursuant to their lawful request. Examples include: complying with a summons, court order, or legal process; responding to a verification request during a government tender evaluation; or cooperating with law enforcement investigations (such as providing information in case of fraud, cyber incidents, or public safety emergencies). If a law enforcement or regulatory request is made for your data, we will verify that the request is legitimate and seek to limit the disclosure to what is legally required. Unless prohibited, we may attempt to notify you of such requests.

  • Business Transfers: If Dawell Lifescience undergoes a business transaction such as a merger, acquisition by another company, reorganization, or sale of all or part of its assets, personal data held by Dawell may be transferred to the new owner or partner involved in the transaction. We would ensure that any such transfer is subject to confidentiality and that your personal data remains protected. If the new entity’s plans differ from this Privacy Policy, you would be notified and given a chance to exercise your rights (for instance, to delete your data if you do not wish to continue under the new regime).

  • Dawell Partner Programs: In some cases, we work with channel partners or resellers who help market or distribute our solutions. If you came to us via a partner referral or if it would benefit you to be connected with one of our local partners, we would share your contact information with that partner only with your consent. For example, if a particular state has an authorized Dawell distributor for a product you’re interested in, we might ask if you would like us to pass your info to them for faster service. We will not share your details with such partners unless you agree.

  • Professional Advisers: We may share necessary personal data with our professional advisers (lawyers, accountants, auditors, insurers) on a need-to-know basis. For instance, if a legal issue arises that involves your communications with us, our lawyers might need to review those communications. Or our auditors might review records that incidentally include personal data as part of a compliance audit. These advisers are bound by confidentiality and legal obligations to protect any personal data they access.

  • Aggregate or Anonymized Insights: We may share aggregate, anonymized information publicly or with third parties. For example, we might publish a report that “X number of law enforcement agencies requested demos last quarter” or “We trained N officers across Y districts,” which does not identify individuals. Such information would not include personal data and is not subject to data protection restrictions.

No Unauthorized Disclosure: We do not disclose personal data to third parties except as described above. In particular:

  • We do not sell personal data to data brokers or marketing companies.

  • We do not share your data with third-party advertisers (beyond allowing them to collect it via cookies if you consent, as explained).

  • We do not disclose data about your visits or inquiries to other organizations for their benefit, unless you ask us to (for example, if you want us to introduce you to another tech provider).

If in the future we need to share data in a way not covered by this Policy, we will update the Policy and, if required, obtain your consent or give you a clear opportunity to opt out.

11. International Data Transfers

Dawell Lifescience operates primarily in India, but we also engage with international services and clients (especially in the EU). Personal data we collect may be stored and processed in servers located in India or in other countries where our service providers are based or where we or our partners have a presence. For example, our website hosting or cloud storage might be in the United States or European Economic Area (EEA), and our CRM provider might process data in the US or other jurisdictions. Additionally, if you are located outside India (such as in the EU), your data will naturally be transferred to our servers in India for us to respond to you.

Cross-Border Transfer under DPDP Act (India): The DPDP Act allows personal data to be transferred outside India to most countries, except any that may be specifically restricted by the Indian government. We will ensure compliance with any future rules on international transfers under the DPDP Act. As of now, we may transfer data to countries such as the United States or member states of the EU, which are not prohibited destinations. We commit that any cross-border transfer of personal data from India will be done in accordance with DPDP Act requirements – for instance, only under a valid contract (such as having our processors bound by strict data protection terms) and not to any country that the Government of India declares as disallowed for data transfers. We also take into account whether the receiving country has adequate data protection standards; even though the DPDP Act uses a blacklist approach, we voluntarily align with global best practices to safeguard data abroad.

Cross-Border Transfer under GDPR (EU): For personal data of individuals in the European Union that we transfer out of the EEA (for example, to India or the US), we will ensure that one of the adequacy or safeguard mechanisms under GDPR is in place. Typically, this means:

  • We might rely on the European Commission’s adequacy decision if the destination country is recognized as having adequate data protection (note: India and US are not currently on the EU’s adequacy list, so this may not apply unless those statuses change in the future).

  • In most cases, we use Standard Contractual Clauses (SCCs) approved by the European Commission in our contracts with service providers to cover the transfer. These clauses impose GDPR-level obligations on the recipient to protect the data.

  • We also assess whether additional technical and organizational measures are needed (e.g., encryption in transit and at rest, limiting access) to ensure transferred data is secure.

  • If you would like to see a copy of the relevant transfer safeguards (like SCCs) we have in place, you can contact us for more information.

Other Jurisdictions: For users in other countries (like UK, which has similar GDPR rules, or countries in Asia-Pacific, etc.), we will similarly ensure compliance with local data transfer laws. For UK, we use the UK International Data Transfer Addendum with SCCs as needed.

We understand that data protection regulations are evolving. If any specific requirement arises (for example, if India implements a whitelisted countries system or the EU updates its transfer frameworks), we will adapt accordingly and update this Policy.

Despite different laws, our approach is to provide a high level of protection no matter where your data is. We hold our partners and ourselves to consistent standards. If data is transferred to our servers in India, we protect it under the robust security measures described in Section 9 and honor the commitments of this Policy. If data is stored in the cloud in the US, we ensure the provider has equivalent protections and contractual commitments.

By using our Services or submitting your information to us, you acknowledge that your personal data may be transferred to and processed in countries other than your own. These countries may have different data protection laws, which might not be as comprehensive as those in your jurisdiction – but we will take steps to ensure that a similar level of data protection is afforded to your information as is provided in your home country.

If you have questions about international data transfers or need more specific details about where your data is stored, please contact us using the details in Section 1.

12. Policy Updates and Communication

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we update the Policy, we will revise the “Last Updated” date at the top. For significant changes, we will provide a more prominent notice of the update, such as:

  • Posting a notice on our website’s homepage or news section;

  • Adding a notification within the relevant Services (for example, a banner or pop-up on the site);

  • Or contacting you via email or other means if you have provided us contact information and the changes materially affect your rights or how we use your data.

Versioning: Each update will be assigned a new version or date. We encourage you to review our Privacy Policy periodically to stay informed about how we are protecting your information. If required by applicable law, we will seek your consent for material changes that broaden how we use personal data (for instance, if we later decide to process your data for a new purpose not covered by this Policy, we would get your consent or give you a chance to opt-out).

Previous Versions: For transparency, upon request we can provide prior versions of this Policy. If you are reading this Policy in a situation where multiple versions exist (e.g., you received a copy via email at the time of your interaction), the version currently on our website is the most current and applicable.

Continued Use: By continuing to use our Services after any changes to this Privacy Policy take effect, you are deemed to have accepted the updated terms (to the extent permitted by law). If you do not agree with any update, you should stop using the Services and may request us to delete your data as per Section 8.

We will not reduce your rights under this Privacy Policy without your explicit consent. If any change would involve using your personal data in a way that is materially different from what was disclosed at the time of collection, we will notify you and obtain consent as needed.

Communication of Changes: In addition to website notifications, if you have an ongoing relationship with us (e.g., you’re a registered user of a pilot platform or you have signed up for updates), we may send you direct communication about the Privacy Policy updates. This could be via email or messaging service, briefly explaining what’s changed and linking to the new Policy.

If you have any questions or concerns about this Privacy Policy or any privacy-related matters, please do not hesitate to contact us at [email protected]. We value your privacy and will respond to your inquiries as soon as reasonably possible.

Dawell Lifescience Pvt Ltd

ecne.com

Contact Us

1194/24D, Kamla Classic Apt,

Off. Ghole Road, Shivajinagar,

Pune-411005

+91- 9850647444 [email protected]

Quick Links

  • Solutions
  • Technologies
  • Applications
  • Projects & Impacts
  • Book a Demo

Resources

  • Events
  • Downloads
  • Product Demo Videos
  • Case Studies
  • Blogs

Company

Follow Us

Facebook-f Twitter Youtube Instagram Linkedin