Advance Therm

FLOQORE - PRIVACY POLICY AND CONSENT FRAMEWORK

This Privacy Policy and Consent Framework applies to the FloQore system, together with any associated IoT devices, websites, dashboards, mobile interfaces, dealer interfaces, support channels, and related services made available through or in connection with such system and operated by Advance Therm Systems Private Limited, a company incorporated under the laws of India, having its registered office at (hereinafter referred to as the “Company”, “we”, “our”, or “us”).

This Privacy Policy and Consent Framework explains how the Company collects, uses, processes, stores, discloses, shares, and protects personal data when individuals access, install, use, interact with, or receive services in relation to FloQore and related services (collectively referred to as the “Platform”). By accessing, installing, activating, using, or otherwise interacting with the Platform, you acknowledge that you have read and understood this Privacy Policy and Consent Framework.

1. Introduction & Privacy Commitment

The Company recognises the importance of protecting personal data and respecting user privacy.
The Platform is an IoT-enabled system intended to facilitate device operation, monitoring, diagnostics, servicing, maintenance coordination, system optimisation, and related support functions by using AI/ML techniques wherever applicable and necessary.
This Privacy Policy and Consent Framework sets out: (i) the categories of personal data that may be collected through the Platform; (ii) the purposes for which such personal data is collected and processed; (iii) the manner in which such personal data may be used, disclosed, or shared; (iv) the duration for which such personal data may be retained; (v) the rights available to Users in relation to their personal data; and (vi) the safeguards implemented by the Company to protect such personal data.
By accessing, installing, activating, using, or otherwise interacting with the Platform, you: (i) confirm that you have read and understood this Privacy Policy and Consent Framework; (ii) acknowledge that this Privacy Policy and Consent Framework governs the Company’s collection and processing of personal data in connection with the Platform; (iii) provide your free, specific, informed, unconditional, and unambiguous consent, through clear affirmative action, to the collection, processing, storage, use, disclosure, and sharing of your personal data in accordance with this Privacy Policy and Consent Framework and applicable law; and (iv) agree that such processing may include processing that is reasonably necessary for installation, device connectivity, diagnostics, after-sales support, maintenance coordination, analytics, service improvement, and lawful business operations relating to the Platform.
If you do not agree with this Privacy Policy and Consent Framework, you must discontinue access to and use of the Platform.

2. DATA FIDUCIARY STATUS

The Company acts as a “Data Fiduciary” in relation to personal data collected through the Platform and determines the purpose and means of processing such personal data.
In its capacity as a Data Fiduciary, the Company undertakes to:  (i) process personal data only for lawful and specified purposes;  (ii) collect only such personal data as is necessary for such purposes;  (iii) implement reasonable security safeguards to protect personal data against unauthorised access, disclosure, alteration, misuse, or destruction; and  (iv) respect and facilitate the rights available to Data Principals under applicable law.
Any distributor, dealer, OEM, installer, service partner, system integrator, vendor, contractor, cloud service provider, analytics provider, or other authorised recipient who is given access to personal data by or through the Company shall process such personal data only on behalf of, or strictly in accordance with the instructions of, the Company and applicable law.
No distributor, dealer, OEM, installer, service partner, or other authorised recipient shall be entitled, merely by reason of such access, to independently determine the purpose of processing, claim ownership over personal data, use such personal data for its own unrelated commercial purposes, or disclose such personal data except as expressly authorised by the Company or required by law.
Without prejudice to the Company’s status as Data Fiduciary, any distributor, dealer, OEM, installer, service partner, or authorised recipient who accesses personal data shall be responsible for maintaining appropriate confidentiality, access controls, and reasonable security safeguards in relation to such personal data while in its possession or control and for using such personal data only for the limited purpose for which it has been shared.

3. APPLICABLE LEGAL FRAMEWORK

This Privacy Policy and Consent Framework is published in accordance with, and is intended to demonstrate compliance with, applicable laws of India governing the collection, processing, storage, sharing, and protection of digital personal data, including:  (i) the Digital Personal Data Protection Act, 2023 and applicable rules, to the extent notified and brought into force;  (ii) the Information Technology Act, 2000;  (iii) the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, to the extent applicable;  (iv) applicable directions, advisories, and reporting requirements issued by the Indian Computer Emergency Response Team (“CERT-In”); and  (v) other applicable data protection, cybersecurity, and digital systems laws, rules, and regulations in force in India.
In the event the Platform is made available or used outside India, the processing of personal data may also be subject to additional legal or regulatory requirements, and the Company may implement such supplementary measures as may be required.

4. CONSENT NOTICE AND BASIS OF PROCESSING

The Company endeavours to provide, prior to, or at the time of, collection of personal data, the Company shall provide a notice, whether through the Platform, website, installation form, digital interface, or other effective means, specifying:  (i) the categories of personal data proposed to be collected;  (ii) the purposes for which such personal data is proposed to be processed;  (iii) the rights available to the User; and  (iv) the manner in which consent may be withdrawn.
By registering, submitting information, installing the Platform, activating a FloQore device, availing support, or otherwise using the Platform, you provide your consent to the collection and processing of your personal data for the purposes described in this Privacy Policy and Consent Framework.
Where required or considered appropriate by the Company, separate or additional consent may be obtained for specific categories of processing, including without limitation: (i) location or installation-based services beyond what is necessary for core service delivery; (ii) promotional or marketing communications; (iii) testimonials, case studies, reviews, or feedback usage linked to identifiable individuals; and (iv) any processing that is not reasonably incidental to installation, support, or operation of the Platform.
You may withdraw your consent at any time by using the mechanisms made available through the Platform, by contacting the Company, or by contacting the designated Grievance Officer.
Withdrawal of consent shall not affect the lawfulness of processing carried out prior to such withdrawal.
Withdrawal of consent may result in limitation, suspension, or discontinuation of certain services or functionalities that depend on such personal data, including remote monitoring, troubleshooting, diagnostics, maintenance alerts, warranty support coordination, or other connected services.

5. INFORMATION WE COLLECT

In order to provide, operate, maintain, support, and improve the Platform, the Company may collect and process the categories of personal data described in this Clause 5.

Personal Information

Personal information may include: (i) name; (ii) mobile number; (iii) email address; (iv) address; (v) installation site address; (vi) city, state, and pin code; (vii) customer type or customer category; (viii) details of the dealer, distributor, installer, or service partner linked to the User; and (ix) any other information voluntarily provided by the User in the course of purchase, installation, registration, support, or service interactions.

Installation and Service Information

The Company may collect information relating to installation, commissioning, and servicing of FloQore systems, including: (i) installation date; (ii) installation location details; (iii) device serial number or unit identifier; (iv) installer details; (v) service history; (vi) maintenance logs; (vii) warranty-related information; (viii) replacement or repair history; and (ix) complaint, support, or escalation records.

Device, Technical, and Connectivity Data

When the Platform is activated or used, the Company may automatically collect certain technical and device-related information, including: (i) device identifiers; (ii) hardware identifiers; (iii) firmware version; (iv) software version; (v) IP address; (vi) network status; (vii) device connectivity information; (viii) timestamps; (ix) configuration data; (x) logs relating to system activity; and (xi) diagnostic and performance data.

Operational, Usage, and Telemetry Data

Given the connected and diagnostics-oriented nature of the Platform, the Company may collect operational and telemetry data generated by use of the FloQore system, including: (i) temperature readings; (ii) usage cycles; (iii) operating status; (iv) alerts and error codes; (v) device health indicators; (vi) system performance parameters; (vii) service reminder triggers; (viii) maintenance-related signals; and (ix) other machine-generated data reasonably required for monitoring, diagnostics, servicing, and system optimisation.

Communication and Support Data

The Company may collect information contained in communications with Users, distributors, dealers, installers, service partners, or OEM representatives, including: (i) call records or call notes; (ii) emails; (iii) messages; (iv) support requests; (v) photographs or videos voluntarily shared for troubleshooting; and (vi) records of complaints, feedback, and service responses.

Website and Interface Data

Where the User accesses a website, dashboard, or digital interface associated with the Platform, the Company may collect: (i) browser type; (ii) operating system; (iii) device type; (iv) IP address; (v) referral URLs; (vi) access times; (vii) clickstream data; and (viii) website usage analytics.

Derived, Analytical, and Inferred Data

The Company may generate derived data, inferred data, or analytical outputs from personal data and machine-generated data, including: (i) performance insights; (ii) usage patterns; (iii) predictive maintenance indicators; (iv) efficiency trends; (v) service optimisation outputs; and (vi) aggregated analytics useful for improving the Platform, support processes, distribution models, and customer experience.

6. INFORMATION WE DO NOT COLLECT OR DO NOT INTEND TO COLLECT

Except where expressly required for a specific functionality and expressly provided by the User, the Company does not intend to collect: (i) financial account credentials; (ii) payment card numbers or banking passwords; (iii) passwords used by the User for third-party accounts; (iv) files or content stored on a User’s device unrelated to the Platform; (v) precise live GPS tracking data of the User as a matter of routine; or (vi) personal communications unrelated to the Platform.
The Company does not intentionally collect personal data that is unrelated to the operation, servicing, support, improvement, administration, or lawful business use of the Platform.

7. PURPOSE OF PROCESSING PERSONAL DATA

The Company processes personal data only for lawful and legitimate purposes connected with the Platform. Processing shall be limited to the purposes expressly set out in this Policy or otherwise specifically communicated to and consented to by the User.
Such purposes include: (i) registering Users, devices, or installations; (ii) activating, configuring, operating, and administering the Platform; (iii) enabling remote monitoring, diagnostics, performance review, maintenance support, and troubleshooting; (iv) providing alerts, reminders, updates, and service communications; (v) coordinating with distributors, dealers, OEMs, installers, service partners, or technicians in relation to installation, maintenance, servicing, warranty support, replacement, and customer support; (vi) verifying installations, device history, warranty eligibility, service eligibility, and support entitlements; (vii) detecting malfunctions, misuse, irregular operation, or abnormal performance; (viii) improving system design, algorithms, diagnostics capability, product reliability, service quality, and customer experience; (ix) conducting internal analytics, trend analysis, usage analysis, quality control, testing, research, and development; (x) developing anonymised or aggregated insights, models, benchmarks, and reports; (xi) administering subscriptions, renewals, entitlements, commercial support features, and related business operations; (xii) responding to complaints, legal notices, claims, audits, regulatory enquiries, or law enforcement requests; (xiii) enforcing contractual terms, warranty conditions, service conditions, and lawful business policies; and (xiv) complying with legal, regulatory, cybersecurity, and reporting obligations.
The Company may also process personal data for such other purposes as are either: (i) expressly disclosed to and consented to by the User; or (ii) otherwise permitted or required under applicable law.

8. ANONYMISED, AGGREGATED, AND NON-PERSONAL DATA

The Company may anonymise, aggregate, de-identify, combine, or otherwise process data collected through the Platform so that it no longer identifies an individual.
The Company may use such anonymised, aggregated, or non-personal data for purposes: (i) analytical and statistical analysis; (ii) service and system improvement; (iii) research and development; (iv) product enhancement; (v) reliability and performance benchmarking; (vi) commercial insights; (vii) business intelligence; (viii) creation of reports, dashboards, and metrics; and (ix) other lawful business purposes.
To the extent data has been irreversibly anonymised or aggregated such that it no longer identifies an individual/ constitutes personal data, such data may be used, processed, shared, or commercialised by the Company without further consent.
The User acknowledges and agrees that the Company shall have the right to analyse, use, exploit, and derive value from anonymised, aggregated, and non-personal data generated through the Platform, provided that such use does not identify an individual.

9. DATA SHARING AND DISCLOSURE

The Company does not sell, rent, or commercially trade personal data as a standalone commodity.
The Company may share or disclose personal data only to the extent reasonably necessary for the purposes set out in this Privacy Policy and Consent Framework.
The Company may share personal data with distributors, dealers, installers, service partners, OEMs, technicians, and authorised channel partners for purposes including: (i) installation; (ii) commissioning; (iii) servicing; (iv) support coordination; (v) maintenance visits; (vi) warranty verification or handling; (vii) replacement or repair management; (viii) customer assistance relating to the Platform and; (ix) with third parties where the Platform is provided under co-branded or white-label arrangements
The Company may share personal data with third-party service providers and vendors engaged to support the operation of the Platform, including providers of: (i) cloud hosting; (ii) data storage; (iii) device connectivity; (iv) software infrastructure; (v) analytics; (vi) communication services; (vii) customer support tools; (viii) cybersecurity and monitoring services; and (ix) technical maintenance and support infrastructure.
Any recipient of personal data under this Clause 9 shall be required, whether by contract, platform controls, policy, or other binding arrangements, to: (i) use such personal data only for the limited authorised purpose; (ii) maintain confidentiality; (iii) implement reasonable security safeguards; (iv) not disclose such personal data further except as authorised by the Company or required by law; and (v) not use such personal data for unrelated profiling, resale, independent exploitation, or competing analytics.
The Company may disclose personal data where required by law or where reasonably necessary to: (i) comply with legal obligations; (ii) respond to lawful requests by courts, regulatory authorities, government agencies, or law enforcement authorities; (iii) investigate suspected fraud, misuse, service abuse, or cyber incidents; (iv) protect the rights, property, safety, or security of the Company, its Users, its personnel, or third parties; or (v) establish, exercise, or defend legal claims.9.7 The Company shall not be responsible for any unauthorised use, disclosure, or misuse of personal data by any third party, distributor, dealer, OEM, or service partner acting outside the scope of the Company’s instructions or in breach of applicable law or contractual obligations.

10. DATA RETENTION

The Company retains personal data only for as long as is necessary to fulfil the purposes described in this Privacy Policy and Consent Framework, unless a longer retention period is required or permitted by law.
In determining the appropriate retention period, the Company may consider: (i) the nature of the personal data; (ii) the purpose for which it was collected; (iii) whether such purpose continues to exist; (iv) operational requirements relating to product history, support, diagnostics, warranty, and service continuity; (v) cybersecurity and audit requirements; and (vi) legal, regulatory, accounting, contractual, or dispute-related requirements.
Personal data may continue to be retained for a reasonable period after deactivation of services, expiry of warranty, closure of support requests, or withdrawal of consent to the extent necessary for compliance, record-keeping, fraud prevention, cybersecurity, evidentiary preservation, audit, or defence of legal claims.
Upon expiry of the applicable retention period, personal data may be deleted, anonymised, aggregated, archived, or irreversibly de-identified, in accordance with the Company’s internal processes and applicable law.s

11. DATA SECURITY

The Company implements reasonable technical and organisational safeguards designed to protect personal data from unauthorised access, loss, misuse, alteration, destruction, or disclosure.
Such safeguards may include: (i) encryption or protected transmission of data where appropriate; (ii) access control mechanisms; (iii) role-based permissions; (iv) restricted access for authorised personnel; (v) secure hosting or cloud infrastructure; (vi) monitoring and logging systems; (vii) backup and recovery systems; (viii) periodic review of access and security posture; and (ix) such other safeguards as the Company may consider appropriate having regard to the nature of the Platform and applicable legal requirements.
Access to personal data is limited to personnel, contractors, channel partners, or service providers who require such access for an authorised purpose and who are subject to appropriate confidentiality and access restrictions. 11.4 While the Company adopts reasonable safeguards, no method of transmission over the internet, cloud environment, or electronic storage system can be guaranteed to be absolutely secure, and the Company does not warrant absolute security.While reasonable security safeguards are implemented, the Company does not guarantee that the Platform will be free from security breaches, unauthorised access, or cyber threats.

12. DATA BREACH AND CYBERSECURITY RESPONSE

In the event of a personal data breach, cyber incident, unauthorised access event, or security compromise affecting the Platform or personal data, the Company may take such steps as it considers appropriate to investigate, contain, mitigate, remediate, and document the incident.
Where required under applicable law, the Company may notify affected Users and competent authorities of such breach or incident.
The Company may also coordinate with relevant service providers, distributors, dealers, OEMs, or authorised partners as reasonably necessary for incident investigation, containment, response, and restoration of service.

13. CROSS-BORDER DATA TRANSFERS

Personal data may be stored, processed, backed up, or accessed on infrastructure located in India or such other jurisdiction as may be lawfully permitted.
Where personal data is transferred outside India, such transfer shall be carried out in accordance with applicable Indian law and subject to such safeguards, contractual protections, and restrictions as the Company may consider appropriate.
The Company may engage service providers or infrastructure partners located outside India, provided that such engagement is consistent with applicable law and the Company’s internal security and data protection standards.

14. Transfer of Device and Change of User

The Platform is associated with a specific device and may be used by the person in possession or control of such device from time to time.
In the event of sale, transfer, lease, assignment, or change in possession of the device on which the Platform is installed, the existing User shall ensure that: (a) access to the Platform is removed or deactivated; and (b) all relevant account credentials, permissions, and control rights are transferred or disabled, as applicable.
The new user or person in control of the device shall, prior to or upon activation or continued use of the Platform, be required to review and provide consent to this Privacy Policy and Consent Framework in accordance with applicable law.
The Company shall not be responsible for any unauthorised access, use, or continued linkage of personal data arising from failure of the existing User or any third party to properly transfer, deactivate, or reconfigure the device or associated accounts.
The Company reserves the right to require re-registration, re-authentication, or fresh consent in the event of change in device ownership, control, or user identity.

15. RIGHTS OF USERS

Subject to applicable law and verification of identity, Users may have the right to: (i) obtain information regarding personal data processed by the Company; (ii) seek correction, completion, or updating of inaccurate or incomplete personal data; (iii) seek erasure of personal data, subject to Clause 15.5 below; (iv) withdraw consent previously provided; (v) nominate another individual; and (vi) seek grievance redressal.
Requests relating to exercise of rights may be submitted through the mechanisms made available by the Company or by contacting the Company or the designated Grievance Officer.
The Company may require reasonable information to verify identity before acting on such request.
The Company may decline, defer, or limit action on a request to the extent permitted under applicable law.

Erasure/ Deletion of Personal Data

Subject to applicable law, Users may request deletion or erasure of personal data.
Upon receipt of a valid request and subject to verification, the Company shall take reasonable steps to delete or anonymise personal data, unless retention is required or permitted under applicable law.
Notwithstanding the foregoing, the Company may retain personal data for: (i) legal or regulatory compliance; (ii) audit, accounting, or record-keeping; (iii) fraud prevention or security; (iv) legal claims; and (v) backup, archival, or recovery systems.
The User acknowledges that deletion may not be immediate and may be subject to technical or system-related constraints.
The Company shall not be responsible for deletion of data held independently by third parties outside its control.

16. WITHDRAWAL OF CONSENT

Users may withdraw consent for processing of personal data at any time by contacting the Company, using available digital mechanisms, or contacting the Grievance Officer.
Upon withdrawal of consent, the Company shall cease, and shall cause its authorised processors and recipients to cease, processing of personal data to the extent required by applicable law, unless continued processing is required or authorised by law.
Withdrawal of consent may result in limitation, suspension, or discontinuation of some or all functionalities of the Platform to the extent such functionalities depend on the personal data for which consent has been withdrawn.
The consequences of withdrawal of consent, including inability to continue connected services, remote support, diagnostics, alerts, or coordinated servicing, shall be borne to the extent applicable by the User.

17. CHILDREN’S PRIVACY

The Platform is not intended for use by children and is designed for product owners, purchasers, occupiers, administrators, dealers, distributors, installers, OEMs, and service personnel who are competent to enter into lawful arrangements and provide valid consent.
The Company does not knowingly collect personal data from children in relation to the Platform.
If the Company becomes aware that personal data of a child has been collected without appropriate authorisation or lawful basis, the Company may take reasonable steps to delete such data or otherwise address the matter in accordance with applicable law.

18. GRIEVANCE REDRESSAL

Users who have concerns, complaints, requests, or grievances relating to the processing of personal data may contact the designated Grievance Officer.
The details of the Grievance Officer are as follows: 
Name: [•]  Designation: Grievance Officer 
Entity: Advance Therm Systems Private Limited 
Email: [•] 
Address: [•]
The Company shall endeavour to acknowledge and address grievances within such time as may be required under applicable law or, where no specific period is prescribed, within a reasonable period.
If a User is dissatisfied with the Company’s response, such User may seek such further remedy as may be available under applicable law.

19. Limitation of Liability

To the extent permitted under applicable law, the Company shall not be liable for any indirect, incidental, consequential, special, or punitive damages, including loss of profit, loss of data, or business interruption, arising out of or in connection with the access to or use of the Platform.
The Company’s liability, if any, shall be subject to the limitations (including any monetary caps) set out in the applicable Terms of Use governing the Platform, in addition to applicable law.

20. User Responsibility and Indemnity

The User shall be responsible for ensuring that any information provided by them is accurate, complete, and not misleading, and that their use of the Platform is in compliance with applicable law.
To the extent permitted under applicable law, the User agrees to indemnify and hold harmless the Company from and against any claims, losses, damages, or liabilities arising out of or in connection with: (i) any breach of this Privacy Policy by the User; (ii) provision of inaccurate, misleading, or unauthorised information; or (iii) misuse of the Platform or violation of applicable law by the User.

21. Governing Law and Jurisdiction

This Privacy Policy and Consent Framework shall be governed by and construed in accordance with the laws of India.
Subject to applicable law, the courts at Pune, Maharashtra shall have exclusive jurisdiction in relation to any disputes arising out of or in connection with this Privacy Policy and Consent Framework.

22. CHANGES TO THIS PRIVACY POLICY AND CONSENT FRAMEWORK

The Company may update or modify this Privacy Policy and Consent Framework from time to time to reflect changes in law, operations, technology, product features, support structure, security requirements, or business practices.
Where material changes are made, the Company may notify Users through appropriate means, including publication on the website, display on the Platform, email communication, dealer communication, installer communication, in-product notice, or other effective means.
The revised version shall indicate the updated “Last Updated” date appearing at the beginning of this document.
Continued access to or use of the Platform after publication or communication of an updated version shall constitute acknowledgement of the revised version to the extent permitted under applicable law.

23. CONTACT

Users who have questions, requests, or concerns relating to this Privacy Policy and Consent Framework or the processing of personal data may contact the Company using the details below:
Email: [●] 
Website: https://advancetherm.in/ 
Company: Advance Therm Systems Private Limited 
Registered Office: [●]
The Company may request reasonable identity verification information before responding to privacy-related requests in order to protect personal data and prevent unauthorised access.

24. CONSENT DECLARATION

By proceeding with installation, activation, registration, use, or continued use of the Platform, the User expressly consents to the collection, processing, storage, use, disclosure, and sharing of personal data by the Company for the purposes set out in this Privacy Policy and Consent Framework.
Without prejudice to the generality of Clause 24.1, the User acknowledges and agrees that: (i) certain personal data and machine-generated data are necessary for operation of the Platform and provision of connected services; (ii) the Company may use personal data and machine-generated data for diagnostics, service coordination, maintenance support, product improvement, analytics, and lawful business operations; (iii) limited personal data may be shared with authorised distributors, dealers, OEMs, installers, technicians, service partners, vendors, and other third parties strictly on a need-to-know and purpose-specific basis for installation, support, service delivery, troubleshooting, warranty handling, and related purposes; and (iv) anonymised, aggregated, and non-personal data may be used by the Company for analytics, benchmarking, research, product development, commercial insights, and improvement of the Platform, provided that such use does not identify an individual.
Where consent is collected through a checkbox, digital form, in-product flow, installation acknowledgement, QR-based activation, dealer-assisted onboarding, or similar mechanism, such action shall constitute clear affirmative action for the purposes of applicable law.