Privacy Policy

Overview

1. Introduction

At KAZAM EV TECH PRIVATE LIMITED ("Kazam," "we," "us," or "our"), a company incorporated under the laws of India, we are committed to safeguarding the confidentiality and privacy of personal data belonging to our customers, vendors, business partners, website visitors, and other individuals we interact with. Transparency is a core value at Kazam, and leading global standards influence our data protection practices to ensure utmost compliance. We adhere to data protection laws, including the Digital Personal Data Protection Act, 2023 (DPDPA) of India, the General Data Protection Regulation (GDPR) of the European Union, where applicable. With this in consideration, we have implemented robust and secure data processing procedures to ensure compliance and protect your data.

Kazam acts as the Data Controller (or Data Fiduciary under DPDPA) for the processing of your personal data. This Privacy Policy ("Policy") explains how we collect, use, process, store, transfer, and protect personal data when you interact with our website, user portals, mobile applications, EV charging services, or other services (collectively, "Services"). When we refer to our "Website," we mean 'www.kazam.energy' and other sites we own and operate. When we refer to "user portals" and "mobile applications," we mean our EV charging platform,applications and related services. For questions about this Policy or to exercise your data subject rights(Section 7), please contact us at info-security@kazam.in

Note: Our Services are not directed to children under 18 years of age. We do not knowingly collect personal data from children without parental consent. If you believe a child has provided us with data, please contact us immediately.

2. Categories of Personal Data, Purpose, and Legal Basis

We collect and process personal data based on your interaction with our Services. Below, we outline the categories of data, purposes, and legal bases for processing, combining details from Kazam's approach to ensure comprehensive coverage and compliance.

2.1 Website Visitors, User Portals, and Newsletter Recipients

Data Collected: When you visit our Website, user portals, or subscribe to newsletters/book a demo, we process:

• Technical Data: IP address, session logs, access times, and browsing behaviour.
• Cookies and Tracking Technologies: Data on page visits, session duration, and user preferences.
• Newsletter/Demo Data: Name, email address, organization name and subject(s) of interest.

• Purpose and Legal Basis:
  • Keep our services running smoothly and improve your experience by providing key website features and analyzing usage.
  • Personalize content, send updates, and deliver marketing or newsletters only with your clear consent through cookie banners and notices.
  • Manage personal data processing consent, including use of a consent manager when needed.
  • These activities are based on legitimate interests, your consent, and legal compliance under data protection laws.
• Note: To unsubscribe from newsletters, use the link in the email or contact 'communications@kazam.in'

2.2 Customers

Data Collected: When you use our EV charging services, we process:

• Identification Data: Name, email, phone, address, date of birth, and government ID (for KYC).
• Account Data: Username, login details, communication preferences, and profile info.
• Financial Data: Payment details handled by third-party providers.
• Usage Data: Charging habits like date, time, location, cost, wallet use, and transactions.
• Sensitive Data: We don't collect biometric data directly; trusted third parties may for KYC compliance, following their own privacy rules. Kazam does not access or store this data.
• Purpose and Legal Basis:
  • Provide, manage, and personalize your EV charging services, process payments, and handle your account as part of our contract with you.
  • Analyse how you use our services to help us improve and offer better experiences.
  • Comply with legal requirements like KYC and tax reporting to meet regulatory obligations.
  • Use your data for additional features or marketing only with your consent, obtained during account setup or when using certain features.
• These activities are based on fulfilling contracts, legal obligations, and your consent under data protection laws. You can control your consent and preferences anytime.
• Note: Payment information is securely handled only by trusted third-party payment providers(Razorpay and Stripe) who comply with PCI standards. Kazam does not store or access your card details. Your payment data, like card number and billing address, is sent directly to these partners to process your Wallet and EV charging payments, following their strict privacy and security rules.

2.3 Contact Persons at Vendors or Business Partners

Data Collected: When you communicate with us as a contact person for a vendor or business partner, we process:

• Ordinary Personal Data: Name, email address, phone number, position, and company details.
• Purpose and Legal Basis:
  • Fulfill our contract with your organization by providing services and managing agreements.
  • Manage invoicing, communication, and documentation and address service-related questions to support our business relationship.
  • Comply with legal requirements like bookkeeping and tax laws to meet regulatory obligations.
• These actions are based on fulfilling contracts, legitimate business interests, and legal duties under data protection laws.

2.4 Inquiries via Chat Function

Data Collected: When you submit inquiries via our chat function in user portals or mobile applications, we process:

• Technical Data: IP address, geographic location.
• Inquiry Data: Name, phone number, and any personal data included in your inquiry.
• Purpose and Legal Basis:
  • Use your information to provide customer support by answering your questions and improve our services for a better experience.
• We do this based on our legitimate interest to provide service and grow our business under data protection laws.
• Note: We encourage you not to include sensitive personal data (e.g., health, biometric data) in chat inquiries unless strictly necessary and consented to.

2.5 Payment Identity Verification (KYC)

• Kazam does not collect or process Know Your Customer (KYC) or Anti-Money Laundering (AML) data directly. All KYC-related activities—including identity verification, document submission, and risk screening—are conducted by third-party payment aggregators or regulated compliance partners (e.g., Razorpay) to fulfill their own legal obligations under applicable financial laws such as the Prevention of Money Laundering Act, 2002 (India) and relevant RBI guidelines.Kazam merely facilitates access to these services through integrations.
• Purpose and Legal Basis:
  • Third-party providers may collect personal data directly from you, including:
    • Name, address, date of birth, and ID documents
    • Facial images or biometric data (if required)
    • Business information for corporate accounts
  • This data is collected to support secure use of our services and prevent misuse, based on our legitimate interests.Any processing by these providers is handled under their own legal responsibilities and consents, in compliance with GDPR and DPDPA.
• While Kazam does not collect or process this data directly, we ensure that all such third parties:
  • Are engaged through Data Processing Agreements (DPAs) or equivalent legal instruments
  • Adhere to strict data protection and cybersecurity standards
  • Comply with applicable Indian (DPDPA) and international (e.g., GDPR) obligations
• For questions regarding your KYC information, please refer to the respective provider's privacy policy or contact info-security@kazam.in for assistance in routing your query.

3. Recipients of Your Personal Data

• We do not sell or rent personal data. We may disclose or transfer personal data to:
  • Trusted Service Providers: Third-party companies like cloud hosts(AWS), payment processors (Razorpay and Stripe), KYC/AML vendors, and technology partners(MongoDB, GitHub) who help us run our services. They process your data only as we instruct and follow strict privacy rules under GDPR and DPDPA.
  • Business Partners: Affiliates or partners such as fleet operators or government agencies who help deliver services or run joint campaigns, under agreements that protect your data.
  • Social Media Providers: Used for analyzing and improving marketing efforts, as explained in Section 6 in our policy.
  • Legal Authorities: When required by law or government requests.
  • Advisers or Third Parties: For legal matters or disputes, only when necessary and lawful.
  • Business Transfers: If our company merges, is acquired, or sells assets, your data may be transferred with protections to keep it secure and compliant.
• We ensure third-party processing aligns with vendor management practices, including:
  • Vendors must agree to follow strict data protection rules, including GDPR and DPDPA, and implement strong security measures.
  • We only share the minimum amount of data needed for the purpose.
  • We regularly review and audit vendors to make sure they keep your data safe and meet our security standards.

4. Transfer of Personal Data to Third Countries

• For data transfers outside India or the EEA, we ensure compliance with applicable data protection laws by implementing the following safeguards:
  • GDPR: Standard Contractual Clauses (SCCs), adequacy decisions, or other safeguards to ensure an adequate level of protection.
  • DPDPA: Transfers occur only to jurisdictions approved by the Indian government, subject to periodic review.

5. Storage of Your Personal Data

• We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy or as required under applicable laws and regulations, including the Digital Personal Data Protection Act, 2023 ("DPDPA"), the General Data Protection Regulation ("GDPR"), the Prevention of Money Laundering Act, 2002 ("PMLA"), the Indian Income Tax Act, 1961, and the Companies Act, 2013.
• We apply category-based retention schedules as follows:

5.1 Website Visitors, Mobile App Users, and Newsletter Recipients

• Newsletter Data: Retained until you withdraw consent or unsubscribe via the provided link.
• Cookie & Tracking Data: Retention varies depending on the type and purpose of the cookie typically ranging from 6 to 24 months.
• Social Media Data: Deleted when the associated content is removed, or when you withdraw your interaction (e.g., unlike, unshare, or delete posts).

5.2 Customers (EV Charging Platform & App Users)

• General Retention: Personal data is retained for 3 years following the termination of the contractual relationship, unless a longer retention is required for compliance or legal documentation.
• Sensitive or High-Risk Data (e.g., KYC/AML data): Retained for a minimum of 5 years from the date of last transaction or account closure, in accordance with financial regulations and anti-money laundering laws.
• Financial and Billing Data: Data related to invoices, payments, and transaction logs is retained for 8 years from the end of the relevant financial year, as per Indian tax and accounting regulations.

5.3 Vendor and Business Partner Contacts

• Retained for the duration of the business relationship, plus 3 years after termination, or until it is no longer necessary for establishing, exercising, or defending a legal claim.

5.4 Chat Inquiries (Support or Sales)

• Potential Customers: Inquiries are retained for 3 years after resolution, unless needed for legal documentation (e.g., dispute handling).
• Existing Customers: Retained for 3 years following termination of the contractual relationship, unless documentation purposes justify longer storage.

5.5 KYC/AML Compliance Data

• Personal data collected for Know Your Customer (KYC) and Anti-Money Laundering (AML) compliance is retained for a minimum of 5 years from the date of collection or closure of the account, or as otherwise required by law.
• This includes identity documents, risk assessments, facial recognition data (if applicable), and compliance records.

5.6 Financial Records

• Records related to invoicing, billing, accounting, and other financial operations are retained for 8 years from the end of the financial year, in accordance with applicable Indian tax and corporate laws.

5.7 Legal Claims and Dispute Resolution

Data necessary for establishing, exercising, or defending legal claims may be retained for longer durations, consistent with the Indian Limitation Act, 1963 or applicable dispute resolution laws, typically up to 3 years or more depending on the nature of the claim.

Note: We apply appropriate technical and organizational measures to protect your personal data, including encryption, access controls, anonymization where possible, and regular security audits, in line with Article 32 GDPR.

6. Social Media Interactions

Our Services may incorporate plug-ins or embedded content from social networking platforms such as Facebook, Instagram, and LinkedIn ("Social Media Platforms"). These features allow you to interact with content, share pages, or access Kazam's official social media profiles directly through our Website, user portals, or mobile applications.

6.1 Data Collection and Roles

When you use our Website or services with social media features:

• Your browser connects directly to the social media platform's servers.
• The platform may collect information like your IP address, browser details, and how you interact with the site, even if you're not logged in or don't have an account.
• Social media features, like a "like" button, are shown on the page through this connection.
• We only receive anonymous, combined data about interactions from these platforms to help us understand our audience and improve our marketing and services.

6.2 Joint Controllership

In accordance with GDPR Article 26, Kazam and the respective Social Media Platforms are considered joint data controllers for the personal data collected and processed through visits to our official social media pages (e.g., Kazam's LinkedIn or Instagram profile).

• This joint controllership applies only to data processed for statistical and audience measurement purposes on the platform.
• You may exercise your data subject rights under the GDPR with either Kazam or the relevant Social Media Platform. However, the Social Media Platform typically retains primary responsibility for handling such requests (e.g., access, deletion, rectification), as detailed in their privacy notices.
• For direct access to platform-specific privacy practices and user controls, please consult the following:
  • Facebook: www.facebook.com/policy
  • Instagram: help.instagram.com/519522125107875
  • LinkedIn: www.linkedin.com/legal/privacy-policy

6.3 Your Choices and Consent

The processing of your personal data by Social Media Platforms through cookies or tracking technologies on our Website or apps is subject to your prior consent, as required under the GDPR and DPDPA. You can manage your preferences via:

• Our Cookie Consent Tool
• Your browser settings, or your account settings on the respective platform.
• We do not control the scope or nature of the data collected by the Social Media Platforms, nor how they use it beyond the aggregated statistics we receive. For this reason, we encourage you to review the privacy settings of any Social Media Platform you use.

Section 7: Your Rights

As a data subject, you have specific rights under the General Data Protection Regulation (GDPR), the Digital Personal Data Protection Act, 2023 (DPDPA – India), and other applicable data protection laws. These rights are designed to provide transparency, control, and accountability in how your personal data is used.

7.1 Overview of Your Rights

Unless otherwise limited by applicable law or regulatory exceptions, you may exercise the following rights:

• Right of Access: You have the right to request confirmation of our processing of your personal data and access to related information.
• Right to Rectification: You may request the correction of inaccurate personal data or the completion of incomplete data.
• Right to Erasure ("Right to be Forgotten"): You can request the deletion of your personal data if it's no longer necessary or you've withdrawn consent.
• Right to Restrict Processing: You can request a temporary or permanent data processing restriction under specific circumstances.
• Right to Object: You have the right to object to processing based on legitimate interests or direct marketing purposes.
• Right to Data Portability: You can access your personal data in a structured, machine-readable format and have the right to transmit it to another controller if technically feasible.
• Right to Withdraw Consent: You can withdraw consent for processing based on your consent, which doesn't affect the lawfulness of prior processing based on your consent before withdrawal.

7.2 How to Exercise Your Rights

To exercise any of the rights listed above, please contact info-security@kazam.in . Please include sufficient detail to verify your identity and identify the data you are referencing. If your request relates to KYC records or legally retained financial data, additional verification steps may be required.

7.3 Response Timelines

We are committed to responding promptly under the applicable law:

• GDPR: Within 1 month (extendable by 2 months for complex requests).
• DPDPA: Within 1 month from the date of the grievance.

7.4 Right to Lodge a Complaint

If you are dissatisfied with how we handle your personal data, you have the right to file a complaint with the relevant supervisory authority:

• GDPR: Contact your local EU/EEA data protection authority.
• DPDPA: Submit a complaint to the Data Protection Board of India after attempting internal resolution.
• However, we hope that you contact us first so we may attempt to resolve your concern quickly and efficiently.

Section 8: Know Your Customer (KYC) and Payment Verification

Kazam works with regulated third-party providers like Razorpay and Stripe to handle user identity verification and payment compliance, following laws like KYC and AML regulations. These checks are done entirely by the third parties as part of their legal duties under laws such as the Prevention of Money Laundering Act, 2002 (India), and other financial rules.

Information Collected for KYC/AML Compliance:

These third-party providers may request the following categories of personal data directly from users to complete onboarding or payment verification:

• Identification Data: Full legal name, date of birth, nationality, government-issued ID (e.g., Aadhaar, driver's license), facial images for biometric verification (if required)
• Contact Data: Address, email, and mobile number
• Business Details (for corporate customers): Company registration, UBOs, directors, and incorporation documents
• Transaction and Economic Profile: Source of funds/wealth, anticipated transaction volumes, and credit lines
• Risk Assessment and Screening Data: PEP status, sanctions list checks, adverse media checks, and jurisdictional risk scores
• Ongoing Monitoring: Unusual transaction patterns, internal risk scoring, or compliance audit records

• Role of Kazam
  • Kazam does not directly perform KYC/AML checks nor collect or store any KYC documents or sensitive payment data. We only provide the technical connection to these providers and make sure proper contracts, security, and privacy measures are in place.
  • For any questions or concerns regarding the use of your KYC/AML data, please refer to the privacy policy of the relevant third-party provider or contact us at info-security@kazam.in, and we will assist in routing your request appropriately.

Section 9: Grievance Redressal and Contact Information

If you have questions, concerns, or wish to exercise your rights under applicable data protection laws (including the GDPR and DPDPA), we encourage you to contact us directly. We are committed to ensuring transparency, accountability, and timely resolution of privacy-related matters.

9.1 Contact Us

You may reach out to our support teams using the following contact details:

• Email: info-security@kazam.in (For GDPR queries) | support@kazam.in (For generic queries)
• Grievance Officer: Mr. Abdul Kaleem Salam | Email: abdul.kaleem@kazam.in | Ph. No: +919958943092
• Data Protection Officer: Mr. Jai Kishore | Email: info-security@kazam.in
• Please provide sufficient details in your correspondence so that we may verify your identity and respond appropriately to your inquiry or request.

9.2 Response Timelines

We are committed to responding within the legally mandated timeframes:

• DPDPA: Grievances will be acknowledged and resolved within one month of receipt.
• GDPR: Requests will be processed within one month, with a possible extension of up to two additional months for complex cases.

If your inquiry relates to sensitive data, KYC/AML compliance, or complex verification, additional steps may be required to validate your identity or assess legal limitations on the request.

9.3 Escalation to Supervisory Authorities

If you are dissatisfied with our response or believe your personal data is being processed in violation of applicable data protection laws, you have the right to complain with the relevant supervisory authority:

• Under the GDPR: You may contact the supervisory authority in the European Union (EU) member state of your habitual residence, place of work, or the place of the alleged infringement.
• Under the DPDPA (India):After exhausting our internal grievance redressal mechanism, you may escalate your concern to the Data Protection Board of India.

Section 10: Third-Party Links and External Services

Our Services may include links to third-party websites, platforms, tools, or applications ("Third-Party Services") that are not owned, operated, or controlled by Kazam. These Third-Party Services are provided solely for your convenience or to enable integrations (e.g., maps, payment gateways, social media redirection). Once you leave our environment—such as our website, mobile application, or user portal—this Privacy Policy no longer governs the collection, use, or processing of your personal data by those third parties.

We do not control and are not responsible for the privacy practices, security safeguards, or content of any Third-Party Services, including:

• How they collect, store, process, or share your personal data
• Whether they place cookies or trackers on your device
• Whether they transfer your data internationally or to unaffiliated advertisers

We strongly encourage you to review the privacy policies and cookie notices of any third-party website or service you visit before providing personal data or interacting with their content. Your use of Third-Party Services is subject to their own terms and conditions and privacy practices, not Kazam's.

Section 11: Amendments to This Policy

Kazam reserves the right to update this Privacy Policy periodically to reflect:

• Changes in our data practices
• Updates to legal or regulatory requirements
• Technological advancements

If we make changes to this Privacy Policy, we will notify you through our website.

Section 12: Cookies and Tracking Technologies

We use cookies and similar technologies (e.g., pixels, SDKs, local storage) to:

• Improve user experience and functionality
• Analyse usage patterns and performance
• Deliver personalised content and targeted advertising

12.1 Types of Cookies

• Essential Cookies: Enable website/app functionality (e.g., authentication, navigation).
• Performance Cookies: Help us understand how users interact with our Services.
• Marketing Cookies: Track your behaviour for personalised ads, only with your consent.
• Functional Cookies: Remember your preferences and enhance site features.

12.2 Consent Management

Our cookie practices comply with GDPR, DPDPA, and applicable consent frameworks, including:

• A Privacy-compliant cookie banner
• Compatibility with browser-level cookie controls

Disclaimer

This Privacy Policy has been prepared with professional legal input to align with applicable data protection laws, including the DPDPA, GDPR and recognized industry standards. It is intended as a general compliance framework and does not constitute legal advice.

We recommend consulting licensed legal counsel to tailor this Policy to your specific business operations, regulatory environment, and jurisdictional requirements.

Our Payment Partner's Terms and Conditions

Learn more about our partner's payment policies and agreements.