SVS Unitech Private Limited

LIFTIN Privacy Policy

Internal Employee Management Application privacy terms for authorised use across the mobile app and web admin panel.

Internal Use Only

Company

SVS Unitech Private Limited

Application

LIFTIN - Internal Employee Management System

Platforms

Mobile App (iOS & Android) | Web Admin Panel

Jurisdiction

Chennai, Tamil Nadu, India

Effective Date

May 2025

Governing Law

DPDP Act, 2023; Information Technology Act, 2000

This Privacy Policy is a legally binding document governing the collection, use, storage, and disclosure of personal data by SVS Unitech Private Limited through the LIFTIN application, in compliance with the Digital Personal Data Protection Act, 2023 and the Information Technology Act, 2000.

Section 1

Introduction

1.1

SVS UNITECH PRIVATE LIMITED ('the Company', 'we', 'us', or 'our'), a company incorporated under the laws of India and having its registered office in Chennai, Tamil Nadu, is committed to protecting the privacy and personal data of its employees in accordance with applicable Indian law.

1.2

This Privacy Policy ('Policy') governs the collection, processing, storage, sharing, and disposal of personal data by the Company through its proprietary Internal Employee Management Application, LIFTIN ('the Application'), accessible via a Mobile Application (iOS and Android) for employees and managers, and a Web Admin Panel reserved exclusively for the Executive Director.

1.3

This Policy is issued in compliance with the Digital Personal Data Protection Act, 2023 ('DPDP Act') and the Information Technology Act, 2000 ('IT Act'), and constitutes the Company's formal notice to all Data Principals (employees) regarding the manner in which their digital personal data is processed.

Section 2

Scope of This Policy

2.1

This Policy applies to:

  • All current employees, contractors, and authorised personnel of SVS UNITECH PRIVATE LIMITED who access or use the LIFTIN Application.
  • All personal data collected through the mobile application (iOS and Android) and the Web Admin Panel.
  • All data processing activities carried out by the Company as a Data Fiduciary under the DPDP Act.
2.2

This Policy does not apply to third-party websites, applications, or services that may be linked to or from the Application. The Company is not responsible for the privacy practices of such third parties.

Section 3

Categories of Personal Data Collected

3.1

Basic Personal Data

The Company collects the following categories of personal data through the LIFTIN Application, strictly to the extent necessary for the purposes described in this Policy:

  • Full name
  • Gender
  • Official email address
  • Mobile phone number
  • Profile photograph
3.2

Identity and Employment Data

  • Employee identification number
  • Date of birth
  • Job role, designation, and department
  • Reporting manager details
  • Date of joining and employment status
3.3

Sensitive Personal Data

The following data is classified as Sensitive Personal Data under the IT Act and as special category data under the DPDP Act. It is collected only where strictly necessary and is subject to heightened security and access controls.

  • Aadhaar number for identity verification and statutory compliance.
  • Permanent Account Number (PAN) for payroll and tax compliance.
  • Salary, compensation, and remuneration details.
3.4

Attendance, Location, Payroll, Expense, Sales, Device, and Technical Data

  • Clock-in and clock-out timestamps, including selfie photographs captured at the time of attendance marking for biometric verification.
  • GPS coordinates recorded at the time of clock-in and clock-out, and background location data collected approximately every fifteen (15) minutes during active working hours only.
  • Monthly salary details and digital payslips.
  • Expense claims submitted by employees and supporting receipt documents, including images or PDFs.
  • Sales performance figures displayed for internal visibility, sourced from backend or admin systems and not tracked in real time by the Application.
  • Company-assigned device information, device issue reports, and associated photographs.
  • Device identifier, push notification tokens, and Application usage logs for operational monitoring.

Section 4

Purpose of Data Collection and Processing

4.1

Attendance and Workforce Management

To record, verify, and manage employee attendance, including biometric attendance verification via selfie photographs, and to maintain accurate workforce records.

4.2

Payroll Processing and Statutory Compliance

To calculate and disburse salaries, generate payslips, fulfill tax obligations, and ensure compliance with applicable labour and taxation laws, including those requiring Aadhaar and PAN information.

4.3

Expense and Reimbursement Management

To process employee expense claims, verify supporting documentation, and facilitate timely reimbursements in accordance with Company policy.

4.4

Operational Monitoring

To monitor employee locations during active work shifts for the purposes of workforce coordination, safety management, and operational oversight.

4.5

Internal Communication and Team Coordination

To facilitate communication between team members, managers, and the administration through the employee directory and announcement features of the Application, and to enable managers to oversee day-to-day team operations efficiently.

4.6

Performance Visibility and Device Management

To display aggregated sales and performance data to relevant personnel for internal review and business management, and to track Company-assigned devices, manage issue reports, and maintain records of asset allocation.

Section 5

GPS and Location Monitoring

5.1

In accordance with Section 7 of the DPDP Act and applicable data minimisation principles, the following specific disclosures are made regarding location tracking.

5.2

The LIFTIN Application collects GPS location data under the following conditions:

  • Location is recorded at the time of clock-in and clock-out to verify attendance at work locations.
  • Background location data is collected approximately every fifteen (15) minutes during the employee's active work shift only.
  • Location tracking ceases automatically upon logout from the Application or the end of the active shift.
  • No location data is collected outside working hours under any circumstances.
5.3

Employees are informed of location permissions at the time of Application installation and are required to grant explicit permission through their device's operating system. The granting of such permission constitutes consent to the location tracking practices described herein, subject to the limitations stated.

Section 6

Camera and Image Usage

6.1

The Application requires access to the device camera for the following specific purposes only:

  • Attendance selfie verification: a photograph is captured to confirm the identity of the employee at the time of clocking in or out.
  • Expense receipt documentation: images of receipts are captured and uploaded in support of expense claims.
  • Device issue reporting: photographs of defective or damaged devices are captured and submitted with issue reports.
6.2

All images captured through the Application are transmitted securely and stored in encrypted cloud storage. Images are accessible only to authorised personnel and are retained in accordance with the data retention provisions set out in Section 13 of this Policy.

Section 7

Employee Directory (My Team)

7.1

The Application includes an internal employee directory ('My Team') that displays the following information for members within the same team or reporting hierarchy:

  • Full name and employee identification number.
  • Official email address.
  • Mobile phone number for WhatsApp communication.
  • Profile photograph.
7.2

This information is visible exclusively to members of the relevant team and is intended solely for internal communication and coordination. It shall not be extracted, shared externally, or used for any purpose other than legitimate work-related communication.

Section 8

Employee Data Visibility

8.1

The Application may display certain additional employee information to relevant team members for operational and team-building purposes, including:

  • Employee birthdays, limited to month and day where applicable.
  • Leave status, including present, on leave, or similar availability states.
8.2

Such information is displayed only to team members within the same reporting group and is used solely for internal awareness. The Company ensures that the extent of data shared in this manner is limited to what is reasonably necessary for team coordination.

Section 9

Announcements and Internal Communications

9.1

The Application features an announcements module through which the Company administration may post company news, updates, and video content for employee awareness.

9.2

Employee reactions to announcements, including acknowledgements or responses, may be recorded solely for internal communication purposes and to gauge employee engagement with Company communications. This data is not shared externally and is accessible only to authorised administrators.

Section 10

Sales Performance Data

10.1

The Application displays sales performance data for the purpose of internal visibility and business review. The following conditions apply:

  • Sales data displayed within the Application is sourced from backend administrative systems and is not tracked in real time by the Application itself.
  • Sales figures are visible to relevant employees and managers in accordance with their access levels.
  • This data is used solely for internal performance review and management decision-making.

Section 11

Records and Historical Data

11.1

The Application maintains historical records of employee activities for audit, compliance, and dispute resolution purposes. The categories of records maintained include:

  • Attendance records, including daily clock-in and clock-out logs.
  • Leave applications, approvals, and balances.
  • Compensatory-off records.
  • Attendance regularisation requests and outcomes.
  • Expense claims and supporting documents.
  • Device issue reports.
  • Payroll and payslip records.
11.2

These records are maintained in accordance with applicable labour laws, tax regulations, and internal Company policies. Access to such records is restricted to authorised personnel with a legitimate need.

Section 12

Data Storage and Security Measures

12.1

The Company implements appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, loss, or destruction, in accordance with Section 8(4) of the DPDP Act and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

12.2

Storage Infrastructure

  • Personal data is stored on secure, privately managed cloud infrastructure, comprising both structured databases and cloud-based object storage for documents and images.
  • All storage systems are hosted within compliant and secure data centre environments.
12.3

Security Measures

  • Encryption of data in transit using industry-standard protocols (TLS/HTTPS).
  • Encryption of sensitive data at rest.
  • Role-based access control (RBAC) ensuring that data is accessible only to authorised personnel.
  • Regular review and monitoring of access logs and system activity.
  • Multi-factor authentication for administrative access where applicable.
12.4
Note: No method of transmission over the Internet or electronic storage is entirely secure. The Company shall take all reasonable precautions but cannot guarantee absolute security of data.

Section 13

Data Retention Policy

13.1

Personal data collected through the LIFTIN Application is retained only for as long as is necessary to fulfil the purposes for which it was collected, or as required by applicable law.

13.2
  • Operational data, including attendance, payroll, and expense records, is retained for the duration of employment and for such additional period as may be required under applicable labour, tax, and statutory laws.
  • Sensitive personal data, including Aadhaar and PAN, is retained only for the period required for compliance with statutory obligations.
  • Location and attendance photographs are retained for the minimum period necessary for operational verification and audit purposes.
  • Upon cessation of employment or upon expiry of the applicable retention period, personal data will be securely deleted or anonymised in a manner that prevents identification of the individual.

Section 14

Data Sharing and Disclosure

14.1

The Company does not sell, trade, rent, or otherwise transfer personal data to third parties for commercial purposes. Personal data may be shared or disclosed in the following limited circumstances:

  • Internal sharing: with authorised Company personnel, including managers, HR, payroll teams, and the Executive Director, on a need-to-know basis for legitimate operational purposes.
  • Legal disclosure: with competent courts, regulatory authorities, law enforcement agencies, or other governmental bodies where required by applicable law, court order, or legal process.
  • Service providers: with third-party service providers engaged by the Company to support the Application's technical infrastructure, subject to appropriate data processing agreements ensuring compliance with applicable data protection laws.
14.2

In all instances of data sharing, the Company ensures that the recipient is bound by appropriate confidentiality and data protection obligations.

Section 15

Rights of Data Principals

15.1

Right of Access

Employees have the right to request confirmation as to whether their personal data is being processed and to obtain a summary of the personal data held by the Company.

15.2

Right to Correction and Erasure

Employees have the right to request correction of inaccurate or incomplete personal data, and, where applicable and legally permissible, the erasure of personal data no longer required for the purposes for which it was collected.

15.3

Right to Withdraw Consent

Employees may withdraw consent previously given for the processing of their personal data. However, withdrawal of consent may affect the Company's ability to fulfil employment obligations and may have consequences under the terms of employment. Withdrawal of consent does not affect the lawfulness of processing carried out prior to such withdrawal.

15.4

Right to Grievance Redressal

Employees have the right to raise grievances with the Company's designated Grievance Officer regarding any aspect of data processing. Details are provided in Section 21 of this Policy.

15.5

Right to Nominate

In accordance with the DPDP Act, employees may nominate another individual to exercise rights on their behalf in the event of death or incapacity.

15.6

To exercise any of the above rights, employees are requested to submit a written request to the Grievance Officer at the contact details provided in Section 21.

Section 17

Prohibited Use of Data

17.1

All employees who access the LIFTIN Application are strictly prohibited from engaging in the following activities, which constitute a violation of this Policy and applicable law:

  • Extracting, copying, or exporting personal data of fellow employees from the Application for any unauthorised purpose.
  • Sharing employee information obtained through the Application with any unauthorised internal or external party.
  • Attempting to access data beyond the scope of the employee's authorised access level.
  • Using employee information for personal, commercial, or any purpose other than the legitimate work-related purposes for which the Application is intended.
17.2

Violation of the above obligations may result in disciplinary action, including termination of employment, and may expose the individual to civil and criminal liability under the DPDP Act, the IT Act, and other applicable laws.

Section 18

Data Breach Notification

18.1

In the event of a personal data breach that is likely to result in a risk to the rights and freedoms of affected employees, the Company shall:

  • Take immediate steps to contain and remediate the breach upon detection.
  • Notify the Data Protection Board of India as required under Section 8(6) of the DPDP Act, within the prescribed timelines.
  • Inform affected employees of the nature of the breach, the data affected, and the remedial measures taken, where such notification is required by law or where the Company deems it necessary to protect the interests of the affected individuals.
18.2

The Company maintains an internal incident response procedure to ensure prompt and effective management of data security incidents.

Section 19

Changes to This Privacy Policy

19.1

The Company reserves the right to amend, update, or revise this Privacy Policy from time to time to reflect changes in applicable law, Company practices, or technological developments.

19.2

In the event of material changes to this Policy, affected employees will be notified through the Application or via official Company communication channels. Continued use of the Application following notification of changes shall constitute acceptance of the revised Policy.

19.3

Employees are encouraged to review this Policy periodically. The most current version of this Policy shall be available within the Application.

Section 20

Governing Law and Jurisdiction

20.1

This Privacy Policy is governed by, and shall be construed in accordance with, the laws of the Republic of India. The following legislation, as amended from time to time, applies:

  • Digital Personal Data Protection Act, 2023.
  • Information Technology Act, 2000.
  • Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.
  • All other applicable laws and regulations of India.
20.2

Any disputes arising out of or in connection with this Policy that cannot be resolved through the grievance mechanism shall be subject to the exclusive jurisdiction of the competent courts situated in Chennai, Tamil Nadu, India.

Section 21

Contact Details and Grievance Officer

21.1

In accordance with Section 13 of the DPDP Act and Rule 5 of the IT (Intermediaries Guidelines and Digital Media Ethics Code) Rules, 2021, the Company has designated the following Grievance Officer for the purpose of receiving and resolving complaints relating to personal data:

Grievance Officer
Designated Data Protection Officer
Organisation
SVS UNITECH PRIVATE LIMITED
Email Address
support@svsunitechelevators.com
Jurisdiction
Chennai, Tamil Nadu, India
Response Time
Within 30 (thirty) days of receipt of complaint
21.2

Employees are encouraged to first attempt resolution of any data-related concerns through the internal grievance mechanism before approaching the Data Protection Board of India.

Section 22

Acceptance of This Policy

22.1

By accessing, installing, or using the LIFTIN Application, you acknowledge that:

  • You have read and understood this Privacy Policy in its entirety.
  • You consent to the collection, processing, and use of your personal data as described herein.
  • You agree to comply with your obligations as a Data Principal, including the prohibited activities described in Section 17.
  • You understand your rights as a Data Principal and the procedure for exercising such rights.
22.2

If you do not agree with any provision of this Privacy Policy, you must immediately discontinue use of the LIFTIN Application and notify the Grievance Officer. Continued use of the Application constitutes unconditional acceptance of this Policy.

22.3

This Privacy Policy was issued by SVS UNITECH PRIVATE LIMITED, Chennai, Tamil Nadu, India. Effective Date: May 2025. Document Version: 1.0.