This Privacy Policy explains how Atreya Innovations Private Limited (“Atreya”, “we”, “us”, “our”) collects, uses, stores, and protects personal data, including the use of cookies and consent mechanisms, when users in the European Union and Germany access or use the Naditarangini platform (“Services”).

This Policy complies with:

• Regulation (EU) 2016/679 (GDPR)
• German Telecommunications-Telemedia Data Protection Act (TTDSG)
• German Federal Data Protection Act (BDSG)
• EU ePrivacy Directive
• EU Digital Services Act (DSA)

1. Data Controller

Controller:
Atreya Innovations Private Limited
Office No. 301, 3rd Floor, City Centre, Hinjawadi Phase I, Pune 411057, India
Email: info@atreyainnovations.com, dpo@atreyainnovations.com

For users in the EU, Atreya acts as a non-EU data controller.

2. Consent & Lawful Processing

We process personal data only where a lawful basis exists under Article 6 GDPR.

Where required, particularly for:

• cookies and tracking technologies, and
• health-related wellness data,

we rely on your freely given, informed, explicit consent in accordance with Articles 6(1)(a), 7, and 9 GDPR.

You may withdraw consent at any time via Cookie Settings, account settings, or by contacting us.

3. Categories of Personal Data

3.1 Identification & Account Data

• Name
• Email address
• Phone number
• Country of residence
• Login credentials (hashed)

3.2 Health & Wellness Data (Special Category)

Processed only with explicit consent:

• Pulse and lifestyle inputs
• Wellness assessments and reports
• Images voluntarily provided for wellness analysis

These data are used solely for general wellness insights and not for medical diagnosis.

3.3 Technical & Usage Data

• IP address (anonymised where possible)
• Device and browser information
• Log files and interaction data

4. Purposes & Legal Bases

Purpose	Legal Basis
Service delivery & account management	Art. 6(1)(b) GDPR
Wellness insights	Art. 6(1)(b), Art. 9(2)(a) GDPR
Security & fraud prevention	Art. 6(1)(f) GDPR
Analytics (optional)	Art. 6(1)(a) GDPR
Functional preferences	Art. 6(1)(a) GDPR
Legal compliance	Art. 6(1)(c) GDPR

5. Cookies & Similar Technologies

5.1 What Are Cookies?

Cookies are small text files stored on your device to ensure functionality, security, and user experience.

5.2 Types of Cookies We Use

1. Strictly Necessary Cookies (Always Active)

Purpose: Enable core functions such as security, authentication, and network management.

Legal basis:
Article 6(1)(f) GDPR (legitimate interest)
Section 25(2) TTDSG

These cookies cannot be disabled.

1. Analytics & Performance Cookies (Optional)

Purpose: Understand how users interact with the Services to improve performance.

Data processed: Anonymised usage data.

Legal basis:
Article 6(1)(a) GDPR (consent)
Section 25(1) TTDSG

Used only after you give consent.

1. Functional Cookies (Optional)

Purpose: Remember preferences such as language or region.

Legal basis:
Article 6(1)(a) GDPR (consent)

1. Marketing Cookies (Optional)

Purpose: Measure effectiveness of our communications.

We do not use third-party advertising or tracking cookies.

Legal basis:
Article 6(1)(a) GDPR (consent)

6. Cookie Consent Management

On your first visit, a cookie banner allows you to:

• Accept all cookies
• Reject non-essential cookies
• Manage preferences granularly

Consent is not pre-selected and can be withdrawn at any time via Cookie Settings.

7. Data Sharing & Processors

We do not sell personal data.

Data may be shared with:

• IT and cloud service providers
• Analytics providers (only with consent)
• Payment processors
• Authorities where legally required

All processors are bound by GDPR-compliant agreements.

8. International Data Transfers

Personal data may be processed outside the EU, including India.

Transfers are protected by:

• Standard Contractual Clauses (SCCs)
• Encryption and access controls

9. Data Retention

Data is retained only as long as necessary for stated purposes or legal obligations.

Cookie lifetimes do not exceed 12 months unless renewed by consent.

10. Your Rights

You have the right to:

• Access, rectify, or erase your data
• Restrict or object to processing
• Data portability
• Withdraw consent at any time

Requests may be sent to info@atreyainnovations.com.

11. Automated Processing & AI

The Services use AI-assisted analytics for wellness insights.

No automated decision produces legal or similarly significant effects.

12. Data Security

We apply appropriate technical and organisational measures including encryption, access controls, and audits.

13. Updates

We may update this Policy to reflect legal or operational changes.

Material updates will be communicated through the Services.

14. Supervisory Authority

EU users may lodge complaints with their local data protection authority.

For Germany: Federal Commissioner for Data Protection and Freedom of Information (BfDI)

15. Data Protection Officer (DPO)

In accordance with Article 37 of the General Data Protection Regulation (GDPR), Atreya Innovations Private Limited has appointed a Data Protection Officer (DPO).

Data Protection Officer (DPO):
Name: [To be appointed / External DPO Service]
Email: dpo@atreyainnovations.com (also for general info: info@atreyainnovations.com)
Phone: +91 77740 40185
Address: Office No. 301, 3rd Floor, City Centre, Hinjawadi Phase – 1, Pune, India – 411057

The DPO is responsible for overseeing the data protection strategy, ensuring GDPR compliance, handling data subject requests, and serving as the primary contact point for supervisory authorities.

You may contact the DPO for:

• Exercising your data protection rights
• Questions about this Privacy Policy
• Concerns regarding data processing or security

Grievance Redressal Mechanism

Email: info@atreyainnovations.com

Atreya Innovations Private Limited, India