Privacy Policy - Top Hawks

01Introduction

Overview

Tophawks Technologies Private Limited ("Tophawks," "we," "us," or "our") operates the website https://www.tophawks.com (the "Platform"). This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you visit our Platform or use our services.

We are committed to protecting your privacy in accordance with the Information Technology Act, 2000, the Digital Personal Data Protection Act, 2023 (DPDP Act) of India, and, where applicable, the General Data Protection Regulation (GDPR) of the European Union.

Please read this policy carefully. If you disagree with its terms, please discontinue use of the Platform.

Plain Language SummaryWe collect only what we need, use it only for stated purposes, protect it with industry-standard security, and never sell it to anyone.

02Data Types

Data We Collect

We may collect the following categories of personal data:

Category	Examples	Purpose
Identity Data	Name, username, profile photo	Account creation & identification
Contact Data	Email address, phone number	Communication, support, notifications
Technical Data	IP address, browser type, device ID, OS	Security, analytics, performance
Usage Data	Pages visited, clicks, session duration	Platform improvement, personalization
Transaction Data	Purchase history, payment method type	Order fulfilment, billing (no full card data stored)
Communications Data	Messages sent via contact forms, support tickets	Customer support, legal compliance
Marketing Data	Preferences, survey responses, opt-in status	Targeted communications (with consent)
Location Data	Country, city (derived from IP)	Geo-relevant content, fraud prevention

Sensitive DataWe do not intentionally collect sensitive personal data (race, religion, health, biometric data). If you voluntarily share such data, you consent to its processing solely for the purpose stated at the time of collection.

03Collection Methods

How We Collect Your Data

We collect data through the following means:

→Direct interactions — when you register an account, complete a form, subscribe to a newsletter, make a purchase, or contact us.

→Automated technologies — cookies, web beacons, log files, and similar tracking technologies when you browse the Platform.

→Third-party sources — analytics providers (e.g., Google Analytics), advertising networks, payment processors, and social media platforms (only if you connect your account).

→Public sources — publicly available information to verify identity or enrich our records in limited circumstances.

04Data Use

How We Use Your Data

We use personal data collected from you for the following purposes, each resting on a lawful basis:

Purpose	Lawful Basis
Provide, operate, and maintain the Platform	Contract performance
Process transactions and send related notices	Contract performance
Manage your account and authenticate access	Contract performance
Respond to inquiries, provide customer support	Contract / Legitimate interest
Send administrative, security, or legal notices	Legal obligation
Send marketing communications (with opt-out)	Consent
Analyse usage patterns to improve services	Legitimate interest
Detect, prevent, and address fraud or security issues	Legitimate interest / Legal obligation
Comply with applicable laws and legal processes	Legal obligation
Enforce our Terms of Use and policies	Legitimate interest

No Automated Decision-MakingWe do not make solely automated decisions that produce legal or similarly significant effects about you, unless required by law and with appropriate safeguards.

05Disclosure

Sharing Your Data

We do not sell your personal data. We may share it only in the following limited circumstances:

iService Providers — trusted vendors who assist us in operating the Platform (hosting, payment processing, email delivery, analytics) under strict data processing agreements.

iBusiness Transfers — in the event of a merger, acquisition, or sale of all or a portion of our assets, your data may be transferred with appropriate notice.

iLegal Compliance — when required by law, regulation, court order, or governmental authority, or to protect the rights, property, or safety of Tophawks, our users, or the public.

iWith Your Consent — for any other purpose with your explicit consent.

All third-party service providers are contractually obligated to protect your data and may only use it for specified purposes.

06Tracking

Cookies & Tracking Technologies

We use cookies and similar technologies to enhance your experience, analyse traffic, and serve relevant content. The cookies we use fall into these categories:

Cookie Type	Purpose	Duration
Strictly Necessary	Authentication, security, session management	Session
Functional	Remembering preferences, language, region	1 year
Analytics	Usage data (Google Analytics, Hotjar)	Up to 2 years
Marketing	Interest-based advertising, retargeting	Up to 1 year

You can manage or disable non-essential cookies at any time via our Cookie Preferences Centre or through your browser settings. Disabling certain cookies may affect Platform functionality.

Do Not TrackOur Platform currently does not respond to browser Do Not Track (DNT) signals. You may opt out of analytics tracking via our Cookie Centre.

07Retention

Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including satisfying any legal, accounting, or reporting requirements.

✓Account data — retained for the duration of your account, plus up to 3 years after closure for legal compliance.

✓Transaction records — retained for 7 years in accordance with Indian financial regulations.

✓Marketing data — retained until you withdraw consent or opt out.

✓Support communications — retained for 2 years from resolution of the request.

✓Analytics data — aggregated and anonymised after 26 months.

Upon expiration of the retention period, we securely delete or anonymise your personal data.

08Protection

Security of Your Data

We implement appropriate technical and organisational security measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. These measures include:

🔐TLS/SSL encryption for all data transmitted between your browser and our servers.

🔐AES-256 encryption for sensitive data at rest.

🔐Role-based access controls limiting employee access to personal data on a need-to-know basis.

🔐Regular security audits, vulnerability assessments, and penetration testing.

🔐Multi-factor authentication for internal system access.

No Absolute GuaranteeWhile we strive to protect your data, no method of transmission or storage is 100% secure. If you suspect a security breach affecting your account, please notify us immediately at security@tophawks.com.

09Rights

Your Privacy Rights

Subject to applicable law, you have the following rights regarding your personal data. Submit requests to privacy@tophawks.com. We will respond within 30 days.

👁️

Right to Access

Request a copy of the personal data we hold about you.

✏️

Right to Rectification

Request correction of inaccurate or incomplete data.

🗑️

Right to Erasure

Request deletion of your data (subject to legal retention obligations).

⏸️

Right to Restrict

Request restriction of processing in certain circumstances.

📦

Data Portability

Receive your data in a structured, machine-readable format.

🚫

Right to Object

Object to processing based on legitimate interests or for direct marketing.

↩️

Withdraw Consent

Withdraw consent at any time without affecting prior processing.

📋

Lodge a Complaint

Complain to the Data Protection Board of India or your local supervisory authority.

Identity VerificationTo protect your privacy, we will verify your identity before processing any data rights request. We may request a government-issued ID or other proof of identity.

10Minors

Children's Privacy

The Platform is not directed at individuals under the age of 18 years. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data without parental consent, please contact us at privacy@tophawks.com and we will take steps to delete such data promptly.

In accordance with the DPDP Act, 2023, we obtain verifiable parental consent before processing data of children where we become aware of a user's minor status.

11Transfers

International Data Transfers

Tophawks is based in India. If you access the Platform from outside India, your data may be transferred to, stored, and processed in India or other countries where our service providers operate.

When transferring data internationally, we ensure appropriate safeguards are in place, including:

✓Standard Contractual Clauses (SCCs) approved by relevant authorities.

✓Adequacy decisions where the destination country is recognised as providing adequate protection.

✓Binding Corporate Rules (BCRs) where applicable within corporate groups.

By using the Platform, you consent to the transfer of your data to India and other jurisdictions as described in this policy.

12External Links

Third-Party Links & Services

The Platform may contain links to third-party websites, plugins, or services. Clicking on these links may allow third parties to collect or share data about you. We do not control these third-party platforms and are not responsible for their privacy practices.

We encourage you to review the privacy policy of every website you visit. This Privacy Policy applies solely to data collected by Tophawks through the Platform.

13India — DPDP

Digital Personal Data Protection Act, 2023 (India)

As an Indian entity, Tophawks complies fully with the Digital Personal Data Protection Act, 2023 (DPDP Act). Under this Act, you have specific rights as a "Data Principal," and we act as the "Data Fiduciary."

✓We obtain free, specific, informed, and unambiguous consent before processing your personal data, except where processing is permitted on other lawful grounds.

✓We provide a clear notice at the time of data collection describing what data is collected and for what purpose.

✓We honour your right to nominate a person to exercise your rights in the event of your death or incapacity.

✓We do not transfer personal data outside India except to countries notified by the Central Government as permissible transfer destinations.

To exercise your rights under the DPDP Act, contact our Data Protection Officer at dpo@tophawks.com.

14EU/UK — GDPR

GDPR Notice (EU & UK Users)

If you are located in the European Economic Area (EEA) or the United Kingdom, you have additional rights under the General Data Protection Regulation (GDPR) or the UK GDPR respectively.

Our lawful bases for processing are: Contract Performance (Art. 6(1)(b)), Legitimate Interests (Art. 6(1)(f)), Legal Obligation (Art. 6(1)(c)), and Consent (Art. 6(1)(a)) for marketing.

iYou have the right to lodge a complaint with your national Data Protection Authority (DPA).

iWhere we rely on legitimate interests, you may object and we will cease processing unless we demonstrate compelling grounds.

iWe do not carry out cross-border transfers to countries without adequate protection without appropriate safeguards (SCCs).

EU RepresentativeIf required by applicable law, Tophawks will appoint an EU/UK representative. For GDPR inquiries, contact gdpr@tophawks.com.

15Updates

Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

→Update the "Last Updated" date at the top of this page.

→Post a prominent notice on the Platform for at least 30 days before changes take effect.

→Send an email notification to registered users where required by law.

Your continued use of the Platform after the effective date of any revised policy constitutes your acceptance of the changes. We encourage you to review this page periodically.

16Contact

Contact & Data Protection Officer

For privacy-related questions, concerns, or to exercise your rights, please contact us:

Role	Contact
Privacy Team	privacy@tophawks.com
Data Protection Officer (DPO)	dpo@tophawks.com
Security Incidents	security@tophawks.com
GDPR Inquiries	gdpr@tophawks.com
Registered Address	Tophawks Technologies Private Limited, New Delhi, India
Website	www.tophawks.com

Privacy request or concern?

We aim to respond within 30 days. For urgent matters, mark your subject line [PRIVACY URGENT].

✉ Contact Privacy Team