Privacy Notice

This Privacy Notice outlines Exdion’s approach to privacy and its obligations under applicable privacy laws.

This Privacy Notice applies to all your Personal Data collected and processed by us through this website.

Please note that this Privacy Notice is applicable to all instances where we play the role of a Data Controller of your Personal Data, when we collect and process personal data about you through this website for offering our products or services. There may be instances where we play the role of a Data Processor too, when we process Personal Data on behalf of another organization. In that case, the Privacy Notice of that organization becomes applicable to your Personal Data.

Exdion is committed to keeping your Personal Data private. We process any Personal Data we collect from you in accordance with the applicable laws and regulations mentioned and the provisions of this Privacy Notice. Please read the following carefully to understand our views and practices regarding your Personal Data and how we treat it.

Throughout this document, the terms “we”, “us”, “our”, and “ours” refer to Exdion. The terms “you”, “your”, and “yours” refer to you (as the Data Subject).

What Personal Data Do We Collect & Process?

Categories of Personal Data that we collect, and process are as follows:

1.Usage Information

  • Browser information (type and language);
  • IP address;
  • Open / Click-through tracking URL;
  • Referrer information;
  • Event registrations

2. Personal Information

  • First Name, Last Name
  • Email Address
  • Phone number
  • Job Title
  • IP Address of visitors to the website
  • Region

Where Do We Obtain Your Personal Data From?

Most of the Personal Data we process is provided by you directly to us when you use our products and/or services. This also includes Personal Data collected automatically and in the background when you use our website and applications.

We may also receive Personal Data about you from third parties and publicly available sources of information.

How Do We Use Your Personal Data?

We use your Personal Data for the following purposes:

  • To verify your identity
  • To deliver our products and services
  • To communicate with you regarding existing products and services availed by you, including notifications of any alerts or updates
  • To evaluate, develop and improve our products and services
  • For market and product analysis and market research
  • To send you information about our other products or services which may be of interest to you
  • To handle enquiries and complaints
  • To comply with legal or regulatory requirements
  • To investigate, prevent, or take action regarding illegal activities, suspected fraud, and situations involving potential threats to the safety of any person

You may opt out of receiving promotional communications at any time by following the unsubscribe instructions included in such communications or by contacting us using the details provided in the ‘Contact Us’ section.

Automated Decision-Making and Profiling

Exdion may use data analytics and AI-assisted tools to support operational efficiency, risk assessment, compliance review, and service improvement. However, Exdion does not engage in fully automated decision-making, including profiling, which produces legal or similarly significant effects on individuals, unless such processing is explicitly disclosed and permitted under applicable law.

Employee, Candidate, and Workforce Personal Data

Personal Data of Employees, Candidates, and Contractors

In addition to personal data collected through our website and services, Exdion processes personal data relating to job applicants, employees, former employees, consultants, and contractors as part of our recruitment and employment lifecycle.

Collection of Workforce Personal Data

Personal data of employees and candidates is collected directly from the individual through secure digital platforms, including our Human Resource Management System (ZingHR), where individuals upload information as part of recruitment, onboarding, employment, BGV, Insurance, Biometrics and separation processes.

No physical or hard copies of personal documents are collected or retained by the HR team. Individuals may access and review the personal data they have provided through their respective ZingHR accounts.

Categories of Personal Data Collected

Depending on the nature of the engagement, Exdion may collect and process the following categories of personal data:

  • Personal identification details
  • Contact information
  • Educational and professional background
  • Employment history
  • Background verification information
  • Payroll, statutory, and tax-related information
  • Information required for compliance with applicable employment and labor laws
  • Biometrics data

Purpose of Processing

Personal data relating to employees and candidates is processed strictly for legitimate business purposes, including but not limited to:

  • Recruitment and selection
  • Background verification
  • Managing the employment relationship
  • Payroll processing and benefits administration
  • Compliance with statutory, regulatory, and contractual obligations
  • Workforce administration and internal governance
  • Access control using Biometrics

Lawful Bases of Processing Your Personal Data- Employees and Candidates

Exdion acts as a Data Fiduciary under the Digital Personal Data Protection Act, 2023.

Explicit consent is obtained from employees:

  • At the time of joining the organization, and
  • At the time of separation, clearly outlining the purposes for which personal data is collected, processed, and retained.

Where required, additional consent is sought for continued processing of personal data for lawful and legitimate business purposes. Individuals may withdraw consent in accordance with applicable law, subject to legal or contractual obligations.

Retention of Workforce Personal Data

Personal data is retained only for the duration necessary across the employment lifecycle — including recruitment, onboarding, employment, background verification, and separation — and thereafter only as required under applicable laws and regulations.

Once no longer required, personal data is securely deleted or anonymized.

Data Security

Exdion ensures that all Personal Identifiable Information (PII) relating to employees and candidates is handled with the highest standards of care, confidentiality, and security. Appropriate technical and organizational measures are implemented to protect personal data against unauthorized access, disclosure, alteration, or loss.

Rights of Employees and Candidates

Employees and candidates are provided with rights under applicable data protection laws:

  • Right to access their personal data
  • Right to request correction or updating of inaccurate data
  • Right to request erasure of personal data
  • Right to withdraw consent
  • Right to raise grievances related to personal data processing

Requests may be made by contacting the HR team, and will be addressed within the timelines prescribed under applicable law, including the Digital Personal Data Protection Act, 2023 (DPDP Act).

Lawful Bases of Processing Your Personal Data – General Users

We process your Personal Data by relying on one or more of the following lawful bases:

  • You have explicitly agreed to/consented to us processing your Personal Data for a specific reason
  • The processing is necessary for the performance of the contract we have with you or to take steps to enter a contract with you
  • The processing is necessary for compliance with a legal obligation we have
  • The processing is necessary for the purposes of a legitimate interest pursued by us

Where the processing is based on your consent, you have the right to withdraw your consent at any point in time. Please note that should the withdrawal of consent result in us not being able to continue offering our products and services to you, we reserve the right to withdraw or cease providing our products and services to you upon such withdrawal. You may withdraw consent by contacting us with a written request to the contact details specified below in the ‘Contact Us’

section. Upon receipt of your request to withdraw your consent, the consequences of withdrawal will be communicated to you. Upon your agreement to the same, your request for withdrawal will be processed.

When Do We Share Your Personal Data with Third Parties?

We may use third parties in the provision of our products and services to you. We may share your Personal Data with such third parties. We have appropriate contracts in place with all such third parties. This means that they are not permitted to do anything with your Personal Data which is outside of the scope specified by us. They are committed to hold your Personal Data securely and retain it only for the period specified in our contracts with them.

1. Reasons for sharing your Personal Data with third parties:

We may disclose your Personal Data to third parties only where it is lawful to do so. This includes instances where we or they:

  • need to provide you with products or services
  • have asked you for your consent to share it, and you have agreed
  • have a legitimate business reason for doing so
  • have a legal obligation to do so, for example, to assist with detecting and preventing fraud
  • have a requirement in connection with regulatory reporting, litigation or asserting or defending legal rights and interests

We may also disclose your Personal Data to appropriate authorities if we believe that it is reasonably necessary to comply with a law, regulation, legal process; protect the safety of any person; address fraud, security, or technical issues; or protect our rights or the rights of those who use our products and services.

2. With whom your Personal Data may be shared:

We may disclose your Personal Data to the following third parties:

  • other group companies
  • any sub-contractors, agents or service providers who work for us or provide services or products to us
  • law enforcement authorities, government authorities, courts, dispute resolution bodies, regulators, auditors and any party appointed or requested by applicable regulators to carry out investigations or audits of our activities
  • statutory and regulatory bodies, authorities (including the government) investigating agencies and entities or persons, to whom or before whom it is mandatory to disclose Personal Data as per the applicable law, courts, judicial and quasi-judicial authorities and tribunals, arbitrators and arbitration tribunals

Cross-Border Data Transfer

Personal Data we hold about you may be transferred to other countries outside your residential country for any of the purposes described in this Privacy Notice.

Any personal data that we transfer will be protected in accordance with this Privacy Notice as well as with adequate protections in place in compliance with applicable laws and regulations.

Please note that these countries may have differing (and potentially less stringent) privacy laws and that Personal Data can become subject to the laws and disclosure requirements of such countries, including disclosure to governmental bodies, regulatory agencies and private persons, as a result of applicable governmental or regulatory inquiry, court order or other similar process.

Use of Cookies and Other Tracking Mechanisms

We may use cookies and other tracking mechanisms on our website and other digital properties to collect data about you.

Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information about your actions to the owners of the website.

Most web browsers allow you some control of cookies through browser settings.

Outlined below are the categories of cookies along with a description of what they are used for.

  • Necessary Cookies - These cookies are needed to run our website, to keep it secure and to comply with regulations that apply to us.
  • Functional Cookies – We may use functional cookies on our website. These cookies allow us to remember information you enter or choices you make (such as your username, language, or your region) and provide you with enhanced, more personalised features.
  • Performance Cookies – We may use performance cookies on our website. These cookies collect information about how visitors use our website and services, including which pages visitors go to most often and if they receive error messages from certain pages. They are used to improve how our website functions and performs.
  • Analytics Cookies - We may use analytics cookies on our website. These cookies collect information about how visitors use our website and services, including which pages visitors go to most often.
  • Advertising Cookies – We may use advertising cookies on our website. These cookies help us decide which of our products, services and offers may be relevant for you. We may use this data to tailor the marketing and ads you see on our own and other website and mobile apps, including social media platforms. For instance, you may see our ads on other sites after you have visited our website.

We may also use trackers (such as web beacons, tags, pixels) on our website and other digital properties to collect data about you.

How Do We Secure Your Personal Data?

We are committed to protecting your Personal Data in our custody. We take reasonable steps to ensure appropriate physical, technical and managerial safeguards are in place to protect your Personal Data from unauthorized access, alteration, transmission and deletion. We ensure that the third parties who provide services to us under appropriate contracts take appropriate security measures to protect your Personal Data in line with our policies.

How Long Do We Keep Your Personal Data?

We keep the Personal Data we collect about you for as long as it is required for the purposes set out in this Privacy Notice and for legal or regulatory reasons. We take reasonable steps to delete or permanently de-identify your Personal Data that is no longer needed.

Children’s Privacy

We do not knowingly collect Personal Data from children. If you are a parent or guardian and aware that your child has provided us with Personal Data, please contact us using the details in the ‘Contact Us’ section of this notice.

Links to Other Websites

Our website may contain links to websites of other organizations. This privacy notice does not cover how those organizations process your Personal Data. We encourage you to read the privacy notices on the other websites you visit.

Contact Us

For any further queries and complaints related to privacy, or exercising your rights, you may contact us at:
Contact Email Address: compliance@exdion.com
If you are not satisfied with our response, you may have the right to approach the appropriate data protection authority under applicable law.

Notification of Changes

We regularly review and update our Privacy Notice to ensure it is up-to-date and accurate. Any changes we may make to this Privacy Notice in future will be posted on this page.

Scroll to Top