Privacy Notice

1. Who we are

This site (terrakairecycling.com) is operated by Terrakai Recycling Private Limited, an e-waste recycling venture of the Salasar Balaji Group, incorporating in Mumbai, Maharashtra, India. For data-protection purposes, the Data Fiduciary (controller) is Terrakai Recycling Private Limited.

Designated contact Abhishek Chaudhry, Director — compliance@terrakairecycling.com

2. What we collect

We collect only the personal data described below, only for the purposes stated, and we minimise what we keep.

• — Contact-form submissions — name, company, email, and the message you write. You provide these voluntarily when contacting us through the form on /contact or /portal.
• — Email correspondence — when you write to hello@terrakairecycling.com, compliance@terrakairecycling.com, or integrity@terrakairecycling.com, we retain the message and your email address.
• — Analytics signals — if you accept analytics consent, Google Analytics 4 records page-view events, approximate location (IP-derived, city-level), browser type, and pages visited. We do not collect advertising identifiers and we have not enabled Google Signals. No analytics fires until you grant consent; the choice is yours and can be changed from the “Manage cookies” link in the footer.
• — Server logs — our hosting provider (Cloudflare) records request metadata (IP address, user-agent, timestamp, URL) for security and abuse prevention. We do not aggregate or analyse these logs for marketing.
• — Anti-bot signals — the hCaptcha widget on our forms collects mouse, scroll, and browser-environment signals to distinguish humans from bots. We never see this raw data; we receive only a pass/fail token.

3. Why we collect it (lawful basis)

• — Respond to enquiries — contact-form and email data are processed on the basis of your voluntary submission (consent under DPDP Act 2023; legitimate interest for business correspondence under GDPR Art 6(1)(f)).
• — Understand site usage — analytics are processed on your explicit consent only.
• — Security and abuse prevention — server logs and anti-bot signals are processed on legitimate interest in keeping the site available and free of abuse.

We do not sell, rent, or share personal data for marketing or advertising.

4. Who processes data on our behalf

We use a small set of external service providers (Data Processors under the DPDP Act) to operate this site. Each is bound by its standard terms and processes data only as instructed by us.

5. Cross-border transfers

Some of the processors above are based outside India. Under §16 of the DPDP Act, personal data may be transferred to any country except those the Central Government restricts by notification. As of the date of this notice, no country has been so restricted. We will update this notice and our arrangements if the position changes.

6. Cookies and similar technologies

We use no advertising or profiling cookies. The only non-essential tracker we operate is Google Analytics 4, which fires only after you grant consent through the banner on first visit. Essential cookies set by hCaptcha (anti-bot) and Cloudflare (security) are exempt from consent under standard interpretation. You can revisit and change your analytics choice any time from the “Manage cookies” link in the footer.

7. How long we keep data

• — Contact-form submissions and email correspondence — for the duration of the business relationship plus a reasonable tail (typically up to 3 years).
• — Server logs — up to 1 year (to satisfy DPDP Rule 6 and CERT-In Directions 2022 log-retention requirements).
• — Analytics — aggregated, with default GA4 user-and-event retention (14 months).

8. Your rights

Under the DPDP Act 2023 (India) and, where applicable, the EU GDPR, you have the right to:

• —Access the personal data we hold about you
• —Request correction or completion of inaccurate data
• —Request erasure of your data
• —Withdraw consent (where consent is the basis), as easily as you gave it
• —Nominate another individual to exercise your rights on your behalf
• —Have a grievance addressed (DPDP Rule 14 — we respond within 90 days)
• —Complain to the Data Protection Board of India (or, for EU residents, your local supervisory authority)

9. How to exercise your rights / file a grievance

Write to our designated contact:

Abhishek Chaudhry, Director, Terrakai Recycling Private Limited
compliance@terrakairecycling.com

Please describe what you’d like (access, correction, erasure, withdrawal of consent, etc.) and any details that help us identify your data. We acknowledge receipt promptly and respond within the grievance ceiling set by DPDP Rule 14 (a maximum of 90 days), faster where the request allows.

10. Children

This site is intended for business audiences (procurement, compliance, CSR, and recycling counterparties). It is not directed at children under 18. We do not knowingly collect personal data from a child. If you believe a child has submitted personal data, write to the contact above and we will erase it.

11. Security

We apply reasonable security safeguards consistent with DPDP Rule 6: transport encryption (HTTPS), access controls on our inbox and workspaces, and a documented incident-response procedure. If a personal-data breach affects you, we will intimate you and the Data Protection Board in accordance with Rule 7 once that phase of the DPDP Act is in force.

12. Updates to this notice

We may update this notice as our practices, our processor list, or applicable law evolves. Material changes will be announced on this page with a revised “last updated” date.