Privacy Policy / Digital Personal Data Protection Compliance

TAMA Systems India Private Limited

76-77, WrkPod, K.R Puram, Nava India Road, Avarampalayam

Coimbatore, Tamil Nadu 641006, India

India

Authorized Representative: Manoj Nagaraj (Whole Time Director)

Email: info@tama.systems

Phone: +91 95009 48686

Imprint: Legal Notice

This privacy policy explains how TAMA Systems India Private Limited ("TAMA India") collects, uses, stores and protects personal data in accordance with the Digital Personal Data Protection Act, 2023 (DPDPA), the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and relevant RBI/SEBI guidance where applicable.

The policy applies to all personal data processed by TAMA India in connection with engineering services, SaaS platforms, consulting engagements, hiring, events, and the use of this website. It covers data processed on behalf of European partners under contract as well as data originating from India.

Categories of personal data

• Identity information (name, company, designation, government ID provided voluntarily)
• Contact information (email, phone number, mailing address, instant messaging handles)
• Professional attributes (skills, CV details, certifications, employment history)
• Telemetry and interaction data (IP address, device identifiers, cookies, access logs)
• Compliance documents and agreements exchanged with clients or partners

Data principals

• Customers, prospects and procurement contacts
• Employees, contractors and job applicants
• Website visitors, webinar attendees and community members
• Vendors, advisors and ecosystem partners

Purposes of processing

• Provision of software development, testing, automation and consulting services
• Contract management, invoicing, compliance reports and dispute resolution
• Customer support, product updates, webinars and marketing communications (with consent)
• Hiring, background verification and HR life‑cycle management
• Platform security, fraud prevention, audit trails and statutory reporting

We process personal data under the lawful grounds listed in the DPDPA (consent or certain legitimate uses) and the IT Act, 2000. For European data subjects we also respect GDPR principles via contractual clauses with our German partner.

Consent is captured digitally with notice, purpose specification and withdrawal options. In many cases we rely on legitimate uses such as fulfilling contracts, responding to employment applications, complying with law or safeguarding information security.

DPDPA Legitimate Uses

IT Act & SPDI rules

Security is managed through layered technical and organizational controls overseen by our Indo-German leadership. Controls are reviewed quarterly and audited annually.

Key measures

• Zero-trust network segmentation, VPN requirements and multi-factor authentication for internal tools
• Encryption in transit (TLS 1.2+) and encryption at rest using cloud-native KMS
• Least-privilege IAM, just-in-time access provisioning and automated revocation on off-boarding
• Continuous monitoring of servers, code repositories and collaboration tools with alerting and logging
• Cyber incident response playbooks aligned with CERT-In and customer contracts

Personal data is shared only with service providers who support our delivery commitments (cloud hosting, payroll, legal, background verification) and who sign data processing agreements mirroring DPDP requirements.

Common recipients

• Cloud infrastructure providers (AWS, Azure) located in India or the EU
• Background verification and payroll partners based in India
• Independent auditors, legal counsel or tax advisors bound by confidentiality
• German partner TAMA Systemtechnik GmbH for joint programs with explicit customer instructions

We use strictly necessary cookies for session security and analytics cookies (Matomo or privacy-friendly equivalents) to improve the site. Marketing pixels are loaded only after explicit consent.

Cookie categories

The website and customer portals run on cloud infrastructure with data residency in India by default. Dedicated EU hosting is available for joint Indo-German engagements.

• Timestamp and requested URL
• IP address or proxy identifier
• Browser/user agent & device details
• Response status codes and error traces

Log retention purposes

• Detection of intrusion attempts and fraud
• Capacity planning and performance analysis
• Audit evidence for compliance requirements

We occasionally send newsletters or event invitations to business contacts who have opted in.

Digital marketing is limited to B2B outreach and account-based campaigns. We avoid intrusive tracking and do not sell data.

Purposes

• Measure campaign effectiveness
• Deliver localized content to prospects
• Retarget visitors who explicitly accepted marketing cookies

We manage official pages on LinkedIn, GitHub and YouTube to engage with engineering communities.

Personal data is retained only for the duration necessary to satisfy the purpose or legal obligations.

• Customer and vendor contracts: 8 years (Companies Act & tax records)
• Recruitment records: 3 years from last interaction unless hired
• Support tickets and audit logs: 3 years or as mandated by customer contracts

• Statutory limitation periods
• Regulator or court directions
• Demonstrating compliance with customer contracts

We may update this policy to reflect legal developments or enhancements to our services. The latest version with effective date will always be available on this page.

Subject to the DPDPA and other laws, you have the following rights. We respond within statutory timelines and may require identity verification.