Data Protection

1. PRIVACY POLICY

Thank you for visiting ParcelX. Your personal data will not be disclosed to third parties without your explicit consent, except when required by law. If your data is shared with entities outside your country, including the European Union, we ensure compliance with applicable data protection regulations such as the General Data Protection Regulation (GDPR) and the Digital Personal Data Protection Act (DPDP), 2023.

1.1 Which personal data do we collect?

Types of data that we collect for specified purposes are:

• Your name
• Email ID
• Company name

1.2 Purpose and manner of personal data collection and use

ParcelX collects and processes personal data in accordance with the provisions of the Digital Personal Data Protection Act, 2023 (India) and other applicable regulations, including those in the European Union.

Your personal data are processed only on the basis of your approval – a free and express consent to process your personal data for the purposes related to the use of the Content available through ParcelX. Your consent for the collection and processing of your personal data for a given purpose shall be requested when completing the appropriate form published on the web pages of ParcelX.

Your personal data shall be used in order to provide content, reply to queries concerning the content and inform you about the existing and new content, materials, functionalities, services and other offers that may interest you, and in order to improve the quality of the content and ParcelX.

Data collected through quizzes and questionnaires are confidential and may be used only for our own purposes.

All collected data are electronically stored, and appropriate measures and procedures are applied in order to prevent unauthorized access, maintain the level of personal data protection and use the data collected online in a correct manner.

Even though we take all appropriate measures to ensure against unauthorized disclosure of your personal data, we cannot guarantee that some of the collected personal data shall never be disclosed in a manner that is not in accordance with these General Terms and Conditions. Accidental disclosure may be, for example, a consequence of false misrepresentation when accessing websites that contain such data, with the purpose of correcting possible errors in the data. We shall not be liable, to the fullest extent permitted by law, for any damage caused to users or third parties relating to accidental disclosure of personal data.

1.3 Collection and processing of personal data by other users or third parties

ParcelX’s website contains Interactive Content and may contain Links to third party websites, through which other users or third parties may gain authorized or unauthorized access to your personal data. These General Terms and Conditions do not apply to the collection, processing or use of personal data that you communicate to other users and/or third parties. It is in your best interest to acquaint yourself with the rules of personal data protection, and the protection of privacy applied by other users and/or third parties. Since we cannot control the data you provide when accessing or using the Interactive Content, Links or third party websites, or in other circumstances in which you communicate your personal data to other users and/or third parties, we shall not be liable for any damage caused to you, other users and/or third parties, arising from the fact that you communicated your personal data, in relation to the use of ParcelX’s website.

1.4 Modification and deletion of personal data

You are legally entitled to request modification or deletion of your personal data, or deletion from the registered user’s database at any time. Modification or deletion of data shall be effectuated on the basis of an appropriate notice addressed to the contact identified on the website of ParcelX.

1.5 Cookies

We reserve the right to use cookies.

A cookie is a group of data serving as your anonymous individual identifier that is sent to your browser by websites. Cookies are sent when you access a website, they are stored in your computer and they serve to record information about your subsequent online visits. Therefore, after a cookie has been stored on your computer during your first access to a website, every time you return to the website it will look for its cookie in order to read the stored data.

Since a cookie is an anonymous individual identifier, it does not contain or send any personal information to the website that stored it on your computer, but only enables faster and more efficient activation of information, data and settings previously communicated during access and use of the website.

Your browser is set in such a way that each website can only access its own previously sent cookies, but not the cookies of other websites.

The Options or Settings menu of your browser allows you to select an appropriate option for receiving cookies, even to disable them completely. However, disabling cookies completely will reduce the efficiency of some content available on some websites.

2. WEBSITE DATA PRIVACY DISCLAIMER

At Exyte Solutions Private Limited, we’re committed to protecting and respecting your privacy.

This policy explains when and why we collect personal information about you, how we use it, the conditions under which we may disclose it to others, how we keep it safe and secure and your rights and choices in relation to your information.

Any questions regarding this policy and our privacy practices should be sent by email to support@parcelx.in

Exyte Solutions Private Limited (“us”, “we”, or “our”) operates the website (the “Service”). This page informs you of our policies regarding the collection, use, and disclosure of personal data when you use our Service and the choices you have associated with that data. We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy. Unless otherwise defined in this Privacy Policy, terms used in this Privacy Policy have the same meanings as in our Terms and Conditions.

Information Collection And Use

We collect several different types of information for various purposes to provide and improve our Service to you.

Types of Data Collected

Personal Data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information may include, but is not limited to:

• Email address
• Phone number
• First name and last name
• Cookies and Usage Data

Usage Data

We may also collect information that your browser sends whenever you visit our Service or when you access the Service by or through a mobile device (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data. When you access the Service by or through a mobile device, this Usage Data may include information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.

Tracking & Cookies Data

Like many other websites, this website uses cookies. ‘Cookies’ are small pieces of information sent by an organisation to your computer and stored on your hard drive to allow that website to recognize you when you visit. This helps us to deliver a better more personalized service when you browse our website and improve our services.

It is possible to switch off cookies by setting your browser preferences. Turning cookies off may result in a loss of functionality when using our website.

Use of Data

Exyte Solutions Private Limited uses the collected data for various purposes:

- To provide and maintain the Service

- To notify you about changes to our Service

- To allow you to participate in interactive features of our Service when you choose to do so

- To provide customer care and support

- To provide analysis or valuable information so that we can improve the Service

- To monitor the usage of the Service

- To detect, prevent and address technical issues

Transfer of Data

Your information, including Personal Data, may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from your jurisdiction. If you are located outside India and choose to provide information to us, please note that we transfer the data, including Personal Data, to India and process it there. Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer. **Exyte Solutions Private Limited** will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Privacy Policy and no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

Disclosure of Data

Legal Requirements

Exyte Solutions Private Limited may disclose your Personal Data in the good faith belief that such action is necessary to:

- To comply with a legal obligation

- To protect and defend the rights or property of Exyte Solutions Private Limited

- To prevent or investigate possible wrongdoing in connection with the Service

- To protect the personal safety of users of the Service or the public

- To protect against legal liability

Your Rights

You have certain rights over the personal information that we hold about you. Here is a summary of the rights that we think apply:

Right of access

You have a right to request access to the personal data that we hold about you. You also have the right to request a copy of the information we hold about you, and we will provide you with this unless legal exceptions apply.

Right to have your inaccurate personal information corrected

You have the right to have inaccurate or incomplete information we hold about you corrected. The accuracy of your information is important to us so we’re working on ways to make it easier for you to review and correct the information that we hold about you. In the meantime, if you change email address, or if you believe any of the other information we hold is inaccurate or out of date, please contact us by sending a mail to support@parcelx.in

Right to restrict use

You have a right to ask us to restrict the processing of some or all your personal information if there is a disagreement about its accuracy or we’re not lawfully allowed to use it.

Right of erasure

You may ask us to delete some or all your personal information and in certain cases, and subject to certain exceptions; we will do so as far as we are required to. In many cases, we will anonymize that information, rather than delete it.

Right for your personal information to be portable

If we are processing your personal information (1) based on your consent, or in order to enter into or carry out a contract with you, and (2) the processing is being done by automated means, you may ask us to provide it to you or another service provider in a machine-readable format.

Right to object

You have the right to object to processing where we are using your personal information (1) based on legitimate interests, (2) for direct marketing or (3) for statistical/research purposes.

If you want to exercise any of the above rights, please email us at support@parcelx.in . We may be required to ask for further information and/or evidence of identity. We will endeavors to respond fully to all requests within one month of receipt of your request, however if we are unable to do so we will contact you with reasons for the delay.

Please note that exceptions apply to a number of these rights, and not all rights will be applicable in all circumstances. For more details we recommend you consult the guidance published by the Information Commissioner’s Office.

Security of Data

When you give us personal information, we take steps to ensure that appropriate technical and organisational controls are in place to protect it.

Any sensitive information is encrypted and protected. When you are on a secure page, a lock icon will appear besides the website address.

Non-sensitive details (your email address etc.) are transmitted normally over the Internet, and this can never be guaranteed to be 100% secure. As a result, while we strive to protect your personal information, we cannot guarantee the security of any information you transmit to us, and you do so at your own risk. Once we receive your information, we make our best effort to ensure its security on our systems. Where we have given (or where you have chosen) a password which enables you to access certain parts of our website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Analytics

We do not use third-party Service Providers to monitor and analyze the use of our Service. We use in-house tools to monitor and track user progress and behaviour.

Links to Other Sites

Our Service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any third party sites or services.

Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page. We will let you know via email and/or a prominent notice on our Service, prior to the change becoming effective and update the “effective date” at the top of this Privacy Policy. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Secure Storage of Personal Identity Data

We prioritize the security and privacy of Personal Identity (PI) data by implementing robust protection measures at every stage. All PI data is securely stored at rest using advanced encryption protocols, ensuring that sensitive information remains protected from unauthorized access.

Additionally, we utilize root-level encryption to further enhance data integrity and security. This approach ensures that data is safeguarded at the foundational level, preventing tampering and unauthorized modifications. Our security framework adheres to industry-leading standards and compliance regulations, including AES-256 encryption, multi-factor authentication (MFA), and zero-trust architecture to provide an extra layer of defense against cyber threats.

We are committed to maintaining the highest level of security, ensuring that your data remains private, encrypted, and accessible only to authorized entities.

Controlled Access to Sensitive Data

We strictly control access to sensitive data by allowing only authorized roles and designated APIs to interact with it. This ensures that personal identity information is accessed only by verified systems and personnel for essential operations, such as processing orders, fulfilling requests, generating shipping labels, and ensuring seamless delivery. Our access management policies follow principle of least privilege (PoLP), meaning that each role or API is granted only the minimum permissions necessary to perform its specific function. Additionally, all access is monitored, logged, and encrypted, providing an extra layer of security to protect sensitive customer data.

Security Breach Response Policy

1. Purpose

This policy outlines the procedures to be followed in the event of a security breach to ensure a swift response, minimize damage, and protect sensitive data.

2. Scope

This policy applies to all employees, contractors, third-party vendors, and systems handling sensitive data within the organization.

3. Incident Identification & Reporting

• Any employee or system detecting a potential security breach must report it immediately to the IT security team.
• Suspicious activity, unauthorized access, data leaks, or system anomalies should be logged and escalated.
• Affected systems should be isolated to prevent further damage.

4. Incident Containment

• Identify and isolate the affected systems to prevent the spread of the breach.
• Disable compromised accounts or revoke access if necessary.
• Apply temporary security patches if applicable.

5. Investigation & Impact Assessment

• Conduct a thorough investigation to determine the cause, entry point, and impact of the breach.
• Identify compromised data and assess risks to customers, employees, and business operations.
• Document all findings and preserve evidence for forensic analysis.

6. Notification & Communication

• Notify affected individuals, customers, and regulatory bodies as required by law.
• Provide clear instructions on mitigation steps users should take (e.g., password changes, identity monitoring).
• Issue a public statement if the breach affects a significant number of individuals.

7. Remediation & Recovery

• Implement fixes to address vulnerabilities exploited during the breach.
• Restore affected systems and data from secure backups.
• Strengthen security measures to prevent recurrence.

8. Post-Incident Review & Improvement

• Conduct a post-mortem analysis to identify weaknesses in security policies and incident response procedures.
• Update security protocols, implement additional safeguards, and provide employee training to prevent future incidents.
• Audit access controls and ensure compliance with updated security measures.

9. Legal & Compliance Considerations

• Ensure compliance with data protection laws such as GDPR, CCPA, and industry-specific regulations.
• Maintain records of security incidents for legal and auditing purposes.

10. Continuous Monitoring & Training

• Regularly test and update security policies to keep pace with evolving threats.
• Conduct security awareness training for employees and stakeholders.
• Deploy security monitoring tools to detect and respond to threats proactively.

By adhering to this policy, we aim to minimize security risks, protect sensitive data, and ensure a prompt, effective response in case of a breach.