Global Privacy & Data Protection Policy

1. Introduction & Corporate Commitment

Drevon Group ("we," "our," or "us") is deeply committed to protecting the privacy and security of your personal data. As a diversified global enterprise operating across industrial metals, applied intelligence, real estate, premium handcrafted goods, and global commerce, we interact with a broad spectrum of clients, partners, and users globally. This Privacy Policy outlines our practices regarding the collection, use, processing, and protection of your personal information.

This document is strictly aligned with international and domestic data protection frameworks, including the General Data Protection Regulation (GDPR) of the European Union, the Digital Personal Data Protection Act, 2023 (DPDPA) of India, and the Information Technology Act, 2000 (including SPDI Rules).

2. The Data We Collect

We may collect, use, store, and transfer different kinds of personal data about you, which we have grouped together as follows:

• Identity Data: First name, last name, username, title, date of birth, and gender.
• Contact Data: Corporate billing address, delivery address, email address, and telephone numbers.
• Financial & Transaction Data: Bank account details, payment card details, and details about payments to and from you regarding our products and services (e.g., high-purity nickel wire transactions, real estate deposits).
• Technical & Usage Data: Internet protocol (IP) address, your login data, browser type and version, time zone setting and location, operating system, and information about how you use our website.
• Compliance & KYC Data: Identification documents necessary for verifying international trade compliance, anti-money laundering (AML) checks, and corporate due diligence.

3. Legal Basis for Processing (GDPR & DPDPA)

Under the GDPR and the Indian DPDPA, we must have a lawful basis to process your personal data. We rely on the following bases:

• Performance of a Contract: Processing your data where it is necessary for the performance of a contract to which you are a party (e.g., executing an agricultural land purchase or a software development agreement).
• Legitimate Interests: Processing is necessary for our legitimate corporate interests, provided that your fundamental rights do not override those interests.
• Legal Obligation: Processing is necessary for compliance with legal and regulatory obligations, tax reporting, and corporate governance.
• Verifiable Consent: Where you have provided explicit, clear, and affirmative consent for specific processing activities (e.g., marketing communications), which can be withdrawn at any time.

4. Data Sharing & Third-Party Disclosures

We may share your personal data with internal subsidiaries within the Drevon Group and highly vetted external third parties strictly for business execution:

• Service Providers: Acting as processors who provide IT, system administration, cloud hosting, and secure data vaulting services.
• Professional Advisers: Including lawyers, bankers, auditors, and insurers providing consultancy, banking, legal, insurance, and accounting services.
• Government & Regulators: Authorities acting as processors or joint controllers based in India, the UAE, the EU, and other jurisdictions who require reporting of processing activities in certain circumstances.

We require all third parties to respect the security of your personal data and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal data for their own purposes.

5. International Cross-Border Data Transfers

As a global entity with secured assets in jurisdictions such as Dubai (UAE) and operations in India and Europe, we frequently transfer data internationally. Whenever we transfer your personal data across borders, we ensure a similar degree of protection is afforded to it by ensuring implementation of Standard Contractual Clauses (SCCs) and adherence to the cross-border data transfer regulations stipulated in the DPDPA and GDPR.

6. Data Security Protocols

We have put in place robust, ultra-premium security measures to prevent your personal data from being accidentally lost, used, accessed in an unauthorized way, altered, or disclosed. This includes end-to-end encryption, multi-factor authentication for our internal databases, and restricted access limited only to employees, agents, and contractors who have a strict business "need to know." They will only process your personal data on our instructions, and they are subject to a strict duty of confidentiality.

7. Data Retention

We will only retain your personal data for as long as reasonably necessary to fulfill the purposes we collected it for, including for the purposes of satisfying any legal, regulatory, tax, accounting, or reporting requirements. In the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you, we may retain your data for a longer period.

8. Your Legal Rights (Data Principal Rights)

Under both the GDPR and the DPDPA, you possess significant rights regarding your personal data, including:

• Right to Access: Request access to your personal data and receive a copy of the data we hold about you.
• Right to Correction: Request correction of incomplete or inaccurate data.
• Right to Erasure (Right to be Forgotten): Request deletion of your data where there is no good reason for us continuing to process it.
• Right to Object/Restrict Processing: Object to processing based on legitimate interests or request the suspension of processing.
• Right to Data Portability: Request the transfer of your data to you or a third party in a structured, machine-readable format.
• Right to Grievance Redressal: The right to readily available means of registering grievances with our appointed Data Protection Officer (DPO).

9. Contact Our Data Protection Officer

If you have any questions about this privacy policy or our privacy practices, please contact our Data Privacy Team at:
Email: aradhya@drevongroup.com
Phone: +91 9513094545