• +91 7400433711
  • contact@extramile.in
Facebook Instagram Linkedin Youtube

Privacy Policy

1. Introduction
Extramile Engagement Pvt. Ltd. (hereinafter referred to as the “Company”, “we”, “us”, or “our”) is committed to respecting and protecting your privacy and personal data in accordance with the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“IT Rules”), as well as applicable sector-specific guidelines, regulations, and global best practices. This Privacy Policy (“Policy”) sets forth the principles and procedures adopted by the Company in connection with the collection, storage, processing, usage, sharing, transfer, and protection of your Personal Information and Sensitive Personal Data or Information (“SPDI”), and describes your rights and choices regarding your data. This Policy applies to all individuals who access, browse, register, use, or transact on our website(s), mobile application(s), electronic platform(s), or any other service offered by us (collectively, the “Platform”), and governs your relationship with the Company regarding data privacy.
2. Definitions
For the purpose of this Policy and as per applicable Indian law:
  1. “Personal Information” means any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person. This may include, but is not limited to:
  • Name
  • Date of birth
  • Postal address
  • Contact number(s)
  • Email address
  • Photograph
  • Cookie identifiers, device IDs, or IP address
  1. “Sensitive Personal Data or Information” (SPDI), as defined under Rule 3 of the IT Rules, includes, but is not limited to:
  • Password(s)
  • Financial information (such as bank account, credit card, debit card, or other payment instrument details)
  • Physical, physiological, and mental health condition(s) or medical records/history
  • Biometric information
  • Sexual orientation
  • Any detail relating to the above as provided to a body corporate for providing a service
  • Any information received under a lawful contract or agreement
  1. “Processing” means any operation or set of operations which is performed on Personal Information or SPDI, including but not limited to collection, recording, storage, alteration, retrieval, consultation, use, disclosure, transmission, dissemination, erasure, or destruction.
  2. “Data Subject”, “User”, “You”, or “Your” refers to any natural person whose data is collected and processed by the Company.
3. Collection of Information 3.1. Information Collected
We may collect and process the following categories of data:
  • Information You Provide Directly:
    • Registration data (such as name, DOB, gender, contact details, address, username, and password)
    • Profile information
    • Content you submit voluntarily (photos, documents, feedback, communications)
    • Payment and transaction information
    • Any information provided while availing services, contacting support, participating in research, or communicating with us
  • Information Collected Automatically:
    • Technical details such as IP address, device and browser type, operating system, time zone settings
    • Usage information (log data, Platform navigation, page views, clickstreams)
    • Device identifiers and mobile network information
    • Cookies, beacons, and similar technologies in accordance with our [Cookie Policy]
    • Location data (if permitted or necessary for a feature, with explicit consent)
  • Information from Third Parties:
    • Data obtained from public sources or third party partners, affiliates, or service providers, subject to prior consent where necessary
    • Information shared by you on affiliated social media/messaging platforms, when you use integrated features subject to such platforms’ privacy settings
3.2. Legal Basis for Processing
We only collect and process your Personal Information and SPDI with your lawful, free, specific, and informed consent, and/or as necessary:
  • For the performance of a contract, or pre-contractual obligations
  • To comply with legal obligations
  • For legitimate business interests, provided such interests do not override your fundamental rights and freedoms
  • For purposes expressly permitted by Indian law
4. Purposes of Collection and Use
Your data may be collected, used, and processed for one or more of the following purposes:
  • To allow access to, register, and maintain your account on the Platform
  • To authenticate and verify your identity and prevent fraud
  • To enable, process, and complete transactions and provide services/products requested by you
  • To personalize and improve your experience, including, but not limited to, offering recommendations, features, or relevant content
  • To communicate important notices, alerts, service updates, administrative messages, and marketing/promotional materials (subject to your marketing preferences)
  • To enable customer support, handle grievances, and resolve disputes
  • To comply with applicable laws, orders, and mandatory regulatory requirements (including those of RBI, SEBI, IRDAI, statutory audits, tax authorities, and law enforcement)
  • For internal business operations, audits, data analysis, research, and platform/security enhancement
  • For possible strategic transactions (e.g., merger, acquisition, or sale), strictly in accordance with applicable law and upon ensuring continued protection of your data
  • Any other purpose that you expressly consent to, or as otherwise permitted under applicable law
5. Consent, Withdrawal, and Choice 5.1. Providing Consent We do not collect or process SPDI unless you provide explicit consent via affirmative action (such as ticking a consent box, submitting a written declaration, or as part of digital/physical forms) and are informed of the:
  • Information being collected
  • Purpose of collection and use
  • Intended recipients or categories of recipients
  • Name and address of the agency collecting and retaining information
5.2. Right to Withdraw Consent
You may, at any time, withdraw your consent for the processing of SPDI by contacting our Grievance Officer (see Section 13), with effect for future processing. Withdrawal will not affect the lawfulness of processing conducted prior to withdrawal, nor prevent the Company from retaining data where required by law.
5.3. Consequences of Withholding or Withdrawing Consent
If you choose not to provide, or later withdraw, your consent to collect and process SPDI, certain services/features may become unavailable to you. We may be required to retain certain data for statutory reasons, or for the defense of legal claims.
6. Disclosure of Information 6.1. General Prohibition/Exceptions
We do not sell, rent, or lease your Personal Information/SPDI to unaffiliated third parties for their marketing purposes. We may disclose or transfer your data in the following exceptional situations, subject to contractual safeguards and as permitted by law:
  • With your prior, free, and informed consent
  • To government agencies, regulatory bodies, courts or other authorities in connection with investigations, legal proceedings, regulatory actions, or to comply with any lawful request/court orders
  • To our auditors, consultants, professional advisors, and agents bound by confidentiality obligations
  • To third party service providers, sub-contractors, and business partners engaged by us for data processing, hosting, payment gateway, analytics, communications, KYC verification, or other necessary services, under strict data protection, confidentiality, and security requirements
  • In the event of merger, acquisition, restructuring, sale of business, or transfer of assets, subject to acquirer’s continued compliance with this Policy
  • For safeguarding our rights, property, and safety, or that of our users, employees, or the public, and to detect, prevent, or otherwise address fraud, security, or technical issues
6.2. Cross-border Data Transfers
If the operation of the Platform or engagement of third parties requires transfer of your data outside of India, such transfers shall be conducted in accordance with prevailing Indian law, ensuring that the foreign jurisdiction provides an equivalent level of data protection as mandated by the IT Rules or any sectoral regulations. We take measures such as contractual clauses, Standard Contractual Clauses, and other legally valid mechanisms to ensure continued data protection.
7. Data Security
We implement appropriate security practices and procedures, in compliance with Rule 8 of the IT Rules and globally recognized standards, including but not limited to:
  • ISO 27001-certified information security management systems for critical information assets
  • End-to-end encryption of sensitive data in transit and at rest
  • Secure servers, firewalls, and intrusion detection systems
  • Role-based access controls (RBAC) ensuring only authorized personnel access data strictly on a “need-to-know” basis
  • Multi-factor authentication (MFA) for system access by administrators and relevant personnel
  • Logging and monitoring of data access, along with regular vulnerability assessments and penetration testing conducted by qualified external security experts
  • Prompt detection, investigation, containment, and notification protocols for potential data breaches, including user and authority communication in accordance with applicable law
  • Training and sensitization of employees regarding privacy, confidentiality, and security
No system can be fully secure; we cannot guarantee absolute security. In the event of any breach compromising your SPDI, we will notify you promptly, along with the relevant authorities, as required under applicable law.
8. Data Retention
We will retain your Personal Information and SPDI for as long as is necessary for the fulfillment of identified lawful purposes, and no longer than is required for the purposes for which it was collected or as required/allowed under applicable law, regulation, or court order. Upon expiry of retention periods or once the data is no longer required, your data will be deleted, de-identified, or anonymized, as technically and legally permissible.
9. Data Accuracy and User Obligations
We take reasonable steps to ensure that data collected is accurate, complete, and up-to-date based on the information provided by you. It is your responsibility to ensure you provide accurate, current, and complete data, and to update it as necessary.
10. Your Rights
As a data subject, you have the following rights under applicable law:
  • Right of Access: Request a copy of the Personal Information/SPDI held about you, including details about processing activities, recipients, and categories of data
  • Right of Correction/Rectification: Request correction, updating, or amendment of inaccurate or incomplete data
  • Right to Withdraw Consent: Withdraw consent for processing of SPDI (with prospective effect only)
  • Right to Deletion/Erasure: Request deletion or anonymization of your Personal Information/SPDI, subject to legal, regulatory, or contractual retention requirements
  • Right to Object/Restrict: Object to, or request restriction of, processing of data in certain circumstances
  • Right to Know Third Party Disclosures: Obtain information about third parties, domestic or overseas, to whom your information has been disclosed
All such requests may be addressed to our Grievance Officer (see Section 13). We will endeavor to respond within the timelines specified by law, and not later than 30 days from receipt of a complete request, subject to any legal exceptions or requirements.
11. Use of Cookies & Analytics
Our Platform uses cookies, pixel tags, web beacons, and similar technology to improve user experience, personalize content, measure Platform effectiveness, and support security. By using the Platform, you consent to such technology as described in our separate [Cookie Policy]. You can manage your cookie preferences via browser or app settings; disabling certain cookies may affect Platform functionality.
12. Children’s Privacy
Our services are not directed toward or intentionally collected from children under 18 years of age. If you believe that data of a minor has been collected inadvertently, please contact our Grievance Officer so appropriate steps can be taken for deletion/remediation.
13. Grievance Officer & Contact Details
In compliance with Rule 5(9) of the IT Rules, the Company has designated the following Grievance Officer for all data privacy matters: Name: Mihir Kulkarni Designation: Grievance Officer Email: webmaster@extramile.in Phone: 7400433711 Postal Address: Extramile Engagement Pvt. Ltd., 712, BAJAJ NIWAS, LINKING ROAD, KHAR WEST, Mumbai Suburban, Maharashtra, 400052 The Grievance Officer will acknowledge complaints, concerns, or requests within 36 hours and endeavor to resolve them within one month (30 days) of receipt, unless an extended timeline is permitted under law. If you remain unsatisfied, you may have additional legal rights or remedies as per applicable law.
14. Amendments, Updates & Notifications
The Company reserves the right to revise, amend, or modify this Privacy Policy at any time, for any reason, without advance notice, to the extent permitted by law. Changes shall become effective from the “Last Updated” date. Substantial changes will be notified to users via the Platform (e.g., website/app banner, prominent link, or email/SMS, where available). Continued use of the Platform post such changes signifies your acceptance.
15. Governing Law & Jurisdiction
This Policy and any dispute arising from the use of the Platform shall be governed by and construed in accordance with the laws of India. Subject to applicable law, courts at Mumbai shall have exclusive jurisdiction over disputes relating hereto.
16. Severability
If any provision of this Policy is found to be invalid, unlawful, or unenforceable, the remaining provisions shall remain in full force and effect.
17. Contact Us
For clarifications, concerns, or to exercise any rights set forth above, please contact the Grievance Officer as specified in Section 13.

Let’s Build A More Engaged
Workplace Together

Whether you have questions about our solutions, want to learn how we can help your business grow, or simply wish to start a conversation — our team is here for you

Employee engagement is not about reaching a monthly target, it is about the journey. And the happy faces on the way!

Facebook Instagram Linkedin Youtube
Quick Links
Contact Us
  • 40th Floor | Sunshine Tower | Senapati Bapat Marg, Lower Parel | Mumbai 400 013
  • +91 7400433711
  • contact@extramile.in
©2025 extramile.in | All rights reserved