Privacy Policy.
Maxicom Global India Pvt. Ltd. ("Maxicom", "we", "us") respects your privacy. This policy explains what personal data we collect when you visit maxicomglobal.com/in or engage our services, how we use it, who we share it with, and the rights the India Personal Data Protection Act 2012 (DPDPA 2023) gives you. It applies to all website visitors, prospective customers, current customers, and anyone who corresponds with us by email, phone or WhatsApp.
What personal data we collect.
From website visitors — your browser sends an IP address, user-agent string, referring URL and timestamp on every page request. We log this for security and traffic analysis only; we do not link it to a name or email unless you choose to identify yourself.
From prospective customers — when you fill the /quote/, /sell-to-us/, /service-request/ or /buy-from-us/ forms, you provide: name, company name, role, email, phone, country, asset list (if applicable), and any free-text notes you write. The asset list itself may contain serial numbers, make/model and disposition preferences but no personal data of your end-users.
From customers under contract — we additionally collect billing details, signed Statement of Work, NDA where applicable, site-access contact information, photo evidence of pickup / destruction (which may incidentally include faces of our operators or yours), and the contents of email correspondence. We do not ingest your end-customers' personal data; data-bearing media are sanitised, not read.
From newsletter subscribers — only the email address you submit and the timestamp of subscription.
How we use your personal data.
We use the data above for: responding to your enquiry, issuing quotes, executing service contracts, billing and settlement, maintaining the audit trail the DPDPA 2023 / RBI IT-Risk Management framework ecosystem expects from a vendor handling retired enterprise IT, answering your follow-up questions, sending the occasional newsletter (only if you opted in), and meeting our legal obligations under India law (tax, accounting, anti-money-laundering).
We rely on the DPDPA 2023's consent basis for newsletter and marketing communications, the contractual necessity basis for service execution, and the legitimate interests basis (Schedule 1 Part 3) for follow-up on quotes you've requested and security/anti-fraud monitoring of our website.
Who we share your data with — and what we never do.
- ♦ Sub-contractors strictly bound by written DPAs — secure-transport partner, NIST-grade destruction operator (when work is sub-contracted), accredited e-waste recycler.
- ♦ Banking partners — for INR settlement processing only.
- ♦ Auditors — when you request our SOC-style attestation as part of your vendor DDQ; we share only what's needed to evidence the engagement.
- ♦ Legal authorities — when required by India law, court order, or regulator notice (DPDPA 2023 Section 26B, MAS notice production).
- ♦ We DO NOT sell personal data to third parties.
- ♦ We DO NOT share asset-list contents or serial numbers with anyone outside the engagement chain.
- ♦ We DO NOT cross-pollinate enquirer data between customers.
- ♦ We DO NOT use customer logos or names in marketing without explicit written permission.
How long we keep it.
Quote enquiries that don't convert — 24 months from last contact, then deleted. Reason: same enquirer often returns 6-18 months later for the same asset class.
Customer engagement records — 7 years from contract close, per India tax and accounting retention requirements.
Per-job evidence packs (Certificate of Destruction, photo evidence) — 7 years, supporting your audit-defensibility window. We can extend on request.
Newsletter subscriber list — until you unsubscribe (one-click link in every email) or 36 months of inactivity, whichever is sooner.
Server access logs — 90 days, then aggregated.
What you can ask us to do.
The DPDPA 2023 gives you specific rights over personal data we hold about you. Exercise any of these by emailing dpo@maxicomglobal.com (Data Protection Officer). We respond within 30 days; for complex requests we may extend by a further 30 days with notice.
- Access · Request a copy of personal data we hold about you. Free for the first request per year.
- Correction · Tell us a record is wrong. We correct within 14 days unless we have reason to dispute.
- Withdraw consent · Stop the newsletter, opt out of marketing follow-up. Effective immediately on receipt.
- Erasure (where applicable) · Where consent was the legal basis (eg newsletter), we delete on request. Records under contractual / statutory retention stay until that period expires.
- Object to direct marketing · We honour any opt-out signal — soft-opt-out, hard-opt-out, complaint to Data Protection Board of India. We don't dispute.
Cookies and analytics.
This website uses minimal cookies. Strictly necessary cookies maintain your form session (so a 4-step RFQ doesn't lose state). We do not load Google Analytics, Meta Pixel, or any third-party tracking by default. If we add analytics in the future, we'll request explicit consent through a banner and update this page first.
See the separate Cookie Policy for the full list.
Security and breach notification.
We hold personal data on encrypted servers, behind access controls, with no unencrypted exports. Asset-list submissions are TLS 1.3 in flight and AES-256 at rest. Access is restricted to staff with a need-to-know.
If a notifiable data breach occurs (DPDPA 2023 Part VIA), we notify the affected individuals and the Data Protection Board of India within 72 hours of confirmation, as required by the DPDPA 2023 Mandatory Data Breach Notification regime in force since February 2021.
Cross-border transfers.
Our infrastructure is hosted in India. Limited operational data may transit through our UAE or Indian operating entities (Maxicom UAE, Maxicom India) under intra-group data-transfer arrangements that meet the DPDPA 2023's Section 26 transfer limitation. Customers can request that their data be processed India-side only.
How to reach the Data Protection Officer.
Our Data Protection Officer can be reached at: dpo@maxicomglobal.com · [Address TBD], Mumbai, Maharashtra [PIN TBD] · +91 22 2222 2222.
If you're not satisfied with our response, you may complain to the Personal Data Protection Commission (PDPC) India at www.pdpc.gov.sg.
Maxicom India — frequently asked
Is Maxicom the DPDPA 2023-registered?
There is no DPDPA 2023 registry of companies; the DPDPA 2023 applies automatically to every India organisation handling personal data. We are DPDPA 2023-compliant by operating practice, with a Data Protection Officer at dpo@maxicomglobal.com as required under DPDPA 2023 Section 11(3).
Where is my asset-list data stored?
India-side, on encrypted infrastructure. We do not export asset-list contents from India unless your engagement is explicitly cross-border (eg India domestic + cross-border SAARC) and only then with your written consent.
Can I request that you delete my enquiry?
Yes. Email dpo@maxicomglobal.com referencing the original enquiry and we'll delete within 14 days, retaining only what statutory retention requires (eg invoices for 7 years if a contract executed).