This Privacy Policy explains how EVAR Connect Pvt. Ltd. collects, uses, stores, shares, and protects personal data in connection with the Evar Service. It applies to (i) Exhibitors who register with us, and (ii) Visitors whose contact information is captured by Exhibitors through the Service.
1. Who We Are & Our Role
EVAR Connect Pvt. Ltd. is the 'Data Fiduciary' in respect of (a) the personal data of Exhibitors who register on Evar, and (b) the visitor personal data that flows into the Evar platform via Exhibitor scans, as further detailed below. The Exhibitor is, in respect of visitor data held independently by them, a separate Data Fiduciary.
2. Personal Data We Collect
2.1 Directly from Exhibitors
- Full name of the registered representative
- Mobile number (used for OTP-based login over SMS / WhatsApp)
- Email address
- Business name, GSTIN (optional), business category, designation
- Profile photo (optional)
- Device information: device model, operating system, app version, IP address, advertising / device identifiers
- App usage data: screens visited, features used, login timestamps, crash logs, diagnostic data
2.2 Captured by Exhibitors at Events
When an Exhibitor scans a visitor's paper business card or enters visitor details, we receive and process, on the Exhibitor's behalf and in our own right, the visitor data printed on the card or entered manually. This typically includes:
- Visitor name, designation, organisation name
- Visitor business email, business phone numbers, business address
- Logo, brand mark, or other content printed on the card
- Time, date, and event context of the scan (event name, booth identifier, geo-stamp if enabled by the Exhibitor)
We do not, in Phase 1, capture visitor facial biometrics, government identity documents, financial data, health data, or other special-category personal data.
2.3 Automatically
- Cookies and similar technologies (in our web companion, if any), for session management and analytics
- Aggregated network and infrastructure logs
3. Purpose & Lawful Basis
We process personal data for the following purposes, on the lawful basis set out alongside (DPDP Act):
| # | Purpose | Lawful Basis |
|---|---|---|
| a | Operating the Service: account creation, OTP authentication, lead capture, dashboard, export, notifications | Consent / Legitimate use as per DPDP §7 |
| b | Customer support, troubleshooting, fraud prevention, account security | Legitimate use |
| c | Service improvement: usage analytics, A/B testing, bug-fixing | Legitimate use |
| d | Training and refinement of artificial intelligence and machine-learning models that power Evar and other products operated within the EVAR Connect group of companies | Consent (you agree to this by accepting these Terms) |
| e | Marketing and product communication to Exhibitors (only to registered mobile/email, with right to opt-out) | Consent |
| f | Legal, regulatory, audit, or law-enforcement requirements | Legal obligation |
For visitor personal data captured by Exhibitors: the lawful basis is the visitor's voluntary, in-person handover of their card with a reasonable B2B follow-up expectation, combined with our legitimate-use exemption under DPDP §7 for processing within a clear business-to-business context.
4. How We Use Captured Visitor Data
4.1 Visitor data captured via Evar is made available to the Exhibitor who scanned it, as a lead record in that Exhibitor's account.
4.2 EVAR Connect additionally uses visitor data, in our own right, for: (a) operating and securing the Service, (b) producing de-identified statistical insights and benchmarks, (c) improving OCR accuracy, lead-quality scoring, and similar algorithmic features, and (d) training and refining our internal artificial-intelligence and machine-learning systems within the EVAR Connect group. AI training is performed using technical safeguards (access controls, pseudonymisation where feasible) and is not used to publicly identify individual visitors.
4.3 No external sale. EVAR Connect does not sell Exhibitor personal data or visitor personal data to any third-party in a manner that identifies an individual person or a specific business. Aggregated, de-identified statistical outputs may be published.
5. Sharing & Disclosure
We share personal data only in these circumstances:
(a) With the scanning Exhibitor: captured visitor lead records are accessible to the Exhibitor who legitimately scanned them.
(b) Within the EVAR Connect group: with affiliates and group companies of EVAR Connect for the purposes set out in clause 3.
(c) Service providers (Data Processors): with vetted cloud-hosting, communications, analytics, OCR, customer-support, payment-gateway (where applicable in future), and security vendors, bound by written agreements that limit their use of the data to providing services to us.
(d) Legal, regulatory, and safety: to comply with applicable law, court orders, regulatory directions, or to protect the rights, property, or safety of EVAR Connect, our users, or the public.
(e) Business transfers: in connection with a merger, acquisition, restructuring, or sale of assets, subject to the acquirer being bound by terms no less protective than this Policy.
(f) With consent: any other sharing requires your explicit consent.
6. Data Retention
6.1 Exhibitor account data: retained for as long as the account is active, and for up to twenty-four (24) months thereafter for legal, regulatory, audit, and accounting purposes, unless a longer period is required by law.
6.2 Visitor lead data inside an Exhibitor's account: retained for as long as the Exhibitor maintains the lead in their account, subject to clause 6.3.
6.3 Aggregated, de-identified analytics and AI-training datasets may be retained indefinitely as they cannot be re-associated with any identifiable individual.
6.4 Crash, security, and audit logs: retained for up to thirty-six (36) months.
7. Your Rights Under the DPDP Act
Subject to verification of your identity, you have the right to:
- Right to information: about what personal data we hold about you and how we process it.
- Right of access: to obtain a summary of personal data we hold about you.
- Right to correction & erasure: to seek correction of inaccurate data or erasure of data no longer required for the purposes for which it was collected.
- Right to grievance redressal: to raise a grievance with our Grievance Officer (see clause 11).
- Right to nominate: to nominate another individual to exercise these rights in the event of your death or incapacity.
- Right to withdraw consent: to withdraw consent at any time, with effect prospective only. Withdrawal of consent may limit the functionality of the Service available to you.
To exercise any right, write to privacy@evar.co.in from your registered email or registered mobile number. We will respond within the timelines prescribed by the DPDP Act.
8. Visitors' Rights
If you are a visitor whose personal data has been captured by an Exhibitor through Evar and you wish to exercise any of the above rights in respect of data held by EVAR Connect, please write to privacy@evar.co.in with sufficient identifying information (name, mobile, email, approximate event and date of scan) so we can locate your record. We will (a) action the request on the data we hold and (b) where the data is also held independently by the scanning Exhibitor, forward your request to them as their separate obligation under the DPDP Act.
9. Security
We protect personal data using commercially reasonable administrative, technical, and physical safeguards, including transport-layer encryption, encryption-at-rest where appropriate, role-based access controls, principle-of-least-privilege, audit logging, monitoring, and security testing. In the event of a personal-data breach, we will notify the Data Protection Board of India and affected Data Principals as required by the DPDP Act.
10. Children's Data
The Service is intended for use by adults aged eighteen (18) years or above for B2B purposes. We do not knowingly collect personal data of minors. If we become aware that we have inadvertently collected data of a minor, we will delete it.
11. Grievance Officer
In accordance with Section 8(9) of the DPDP Act and Rule 3(2)(b) of the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021:
Grievance Officer: Mr. Nitin Singhal
Designation: Chief Technology Officer, EVAR Connect Pvt. Ltd.
Email: nitinsinghal@evar.co.in (also reachable at grievance@evar.co.in)
Phone: +91 80030 06242
Address: EVAR Connect Pvt. Ltd., A-116, Saraswati Nagar, Sidharth Nagar, Malviya Nagar, Jaipur - 302017, Rajasthan, India.
Acknowledgement window: within 24 hours of receipt.
Resolution window: within 15 (fifteen) days of receipt, or such timeline as is prescribed by law.
12. Cross-Border Transfers
Personal data is primarily stored and processed within India. Where any of our service providers operate from outside India, we ensure that the transfer complies with the DPDP Act and any restrictions notified by the Central Government from time to time.
13. Cookies
Our web companion (if any) uses essential cookies for session management. We may also use analytics cookies with your consent. You can manage cookies through your browser settings.
14. Changes to this Privacy Policy
We may update this Privacy Policy. Material changes will be notified through the App, by SMS/WhatsApp, or by email. The 'Effective Date' at the top reflects the latest version.
15. Contact
For any privacy-related questions, write to:
privacy@evar.co.in
EVAR Connect Pvt. Ltd., A-116, Saraswati Nagar, Sidharth Nagar, Malviya Nagar, Jaipur - 302017, Rajasthan, India.
By tapping 'I Agree' / 'Sign Up' / continuing to use Evar after completing OTP verification, you confirm that you have read and accepted these Terms of Service and this Privacy Policy.
India built it. The world runs on it.