Welcome to Eicher Group Foundation’s consumer privacy policy.
1. Important Information and Who We Are
Purpose
This privacy policy aims to give you information on how we collect and process your personal data.
The website [www.royalenfield.com] is not intended for children and we do not knowingly collect data relating to children.
It is important that you read this privacy policy together with any other privacy policy or fair processing policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of how and why we are using your data. This privacy policy supplements other notices and privacy policies and is not intended to override them.
Controller
The website www.royalenfield.com is owned and run by Eicher Motors Limited which is the parent company of Eicher Group Foundation. Eicher Motors Limited’s privacy policy can be found at https://www.royalenfield.com/in/en/legal/privacy-policy/.
Contact Details of Grievance Officer
If you would like to exercise any of your legal rights or have any questions about this privacy policy or our privacy practices, please contact us at:
Name: Mr. Ayush Bisht
Email: ayush@royalenfield.com
Address: Plot No. 96, Near Jharsa Chowk, Sector 32, Gurugram- 122001, Haryana
Changes to the privacy policy and your duty to inform us of changes
We keep our privacy policy under regular review. Historic versions can be obtained by contacting us.
It is important that the personal data we hold about you is accurate and current. Please keep us informed if your personal data changes during your relationship with us.
Third Party Links
This website may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and are not responsible for their privacy statements. When you leave our website, we encourage you to read the privacy policy of every website you visit.
2. The Data We Collect About You
Personal data, or personal information, means any information about a living individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data).
We may collect, use, store and transfer different kinds of personal data about you which we have grouped together as follows:
• Identity Data includes first name, maiden name, last name, title, date of birth and gender.
• Contact Data includes postal or delivery address, email address, telephone number, mobile number, social media account details and social media handles.
• Technical Data includes internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, operating system and platform, and other technology on the devices you use to access this website.
• CCTV Data includes footage of individual captured on CCTV who visit our, or our event premises.
We do not routinely collect any Special Categories of Personal Data about you (this includes details about your race or ethnicity, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health, and genetic and biometric data). It is possible for us to collect, use or store some Special Categories of Personal Data which you have volunteered in an email, during a telephone call or in a form submitted to us as part of managing and responding to your requests, queries and complaints about products and services accessed through our event(s)
3. Purpose of Collection and Processing
Your personal data will only be collected, used, disclosed, transferred and processed to the extent necessary for the following purposes:
We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are, where appropriate.
Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.
| Purpose/Activity | Type of Data | Lawful Basis for Processing Including Basis of Legitimate Interest |
|---|---|---|
| (a) Identity (b) Contact |
|
| To use data analytics to improve our website, products/services, marketing, customer relationships and experiences. | (a) Identity (b) Contact | Necessary for our legitimate interests to define customer types, keep our website updated and relevant, and develop our marketing strategy. |
| To update you on future initiatives of EGF and its projects, future editions of Journeying Across the Himalayas Festival. | (a) Identity (b) Contact | Necessary for our legitimate interests (future updates, promotions, collaboration, volunteering and participation in social initiatives). |
| To enforce or protect our contractual or other legal rights, or to bring or defend legal proceedings. | (a) Identity (b) Contact | To enforce or protect our contractual or other legal rights or to bring or defend legal proceedings. |
| To record CCTV footage. | (a) CCTV Data | Necessary for our legitimate interests in ensuring physical security and recording evidence to assist in dispute management. |
| To share data with other companies in the Eicher Group. | All categories of personal data. | Necessary for our and their legitimate interests in centralising functions to improve efficiency and allow supervision and administration of operations. |
4. Disclosure or Transfer to Third Parties
We will keep your Personal Data with strict confidentiality and will not disclose or transfer it to any third parties unless we have the express consent from you, or specific instructions from competent officials.
For the above purposes, we may disclose or transfer your personal data to third parties including:
• Group companies and affiliated companies
• Authorised business partners, agencies, service providers or vendors
We require all third parties to respect the security of your personal data and to treat it in accordance with the applicable law.
5. Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
6. Data Retention
How long will you use my personal data for?
We will only retain your personal data for as long as reasonably necessary to fulfil the purposes consented by you, for fulfilment of our contractual obligations, or required by law, including for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements, which in all cases be limited to a maximum of 10 years, unless the consent is withdrawn. We may retain your personal data for a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you.
Following the withdrawal of your consent and or your request to opt-out, we will cease using your personal data, unless to the extent we have a prevailing legitimate interest, and/or a right or an obligation to process your personal data without your consent.
In some circumstances we will anonymise your personal data (so that it can no longer be associated with you) for research or statistical purposes, in which case we may use this information indefinitely without further notice to you.
7. Your Legal Rights
Under certain circumstances, you have following rights under data protection laws in relation to your personal data:
• Request access to your personal data.
• Request correction of your personal data.
• Request erasure of your personal data.
• Object to processing of your personal data.
• Right to withdraw consent.
If you wish to exercise any of the rights set out above, please contact us using the details set out in Clause 1 above.
What we may need from you
We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response.
Time limit to respond
We try to respond to all legitimate requests within one month. Occasionally it could take us longer than a month if your request is particularly complex or you have made a number of requests. In this case, we will notify you and keep you updated.
