GDPR Compliance Policy

PMech CONSULTANT PVT. LTD.

1. Introduction

PMECH Consultant Pvt. Ltd. (“PMECH,” “we,” “our,” or “us”) respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you visit www.pmecheng.com, interact with our services, or engage with us as a client, vendor, or partner.

2. Who We Are:

PMECH Consultant Pvt. Ltd. provides engineering, procurement, and construction management (EPCM) services globally across Oil & Gas, Tank Terminals, Refineries, Chemicals, Power, Water Treatment, and related industries.

Our registered offices:

• Mumbai: A-401/3, BSEL Tech Park, Sector 30A, Opp. Vashi Railway Station, Navi Mumbai, Maharashtra - 400 705, India.

• Pune: BA - Gateway, 1620, Baner Rd, Sakal Nagar, Aundh, Pune, Maharashtra - 411007, India.

• Contact: info@pmecheng.com

3. Scope of This Policy

This Privacy Policy applies to:

• Visitors to our website

• Clients and business partners

• Vendors, subcontractors, and consultants

• Job applicants and employees (in part, via HR policies)

It complies with:

• EU General Data Protection Regulation (GDPR)

• UK GDPR

• Indian IT Act & DPDP Act (2023)

• Other applicable global data privacy laws

4. Data We Collect:

We may collect the following categories of personal data

• Contact Information: Name, email, phone, company name, job title

• Business Information: Client contracts, project details, vendor data

• Technical Data: IP address, device type, browser type, cookies, analytics identifiers

• Recruitment Data: CVs, qualifications, employment history

• Financial Data: Bank/payment information for vendors and partners

We do not intentionally collect sensitive personal data (religion, race, health data) unless legally required.

5. How We Collect Data

• Directly from you (forms, emails, calls, contracts)

• Automatically via website cookies & analytics (Google Analytics, server logs)

• From third parties (industry partners, recruitment platforms, LinkedIn, EPC databases)

6. How We Use Your Data

We use your data only for legitimate business purposes:

• To provide engineering consultancy & project services

• To respond to inquiries, proposals, and requests

• To manage client/vendor contracts and payments

• To improve website functionality & user experience

• To conduct marketing & business development (with consent)

• To comply with legal, regulatory, and contractual obligations

7. Legal Basis for Processing (GDPR)

• Contractual necessity (project delivery, vendor management)

• Legal compliance (audits, government reporting, QHSE)

• Legitimate interests : (business development, fraud prevention)

• Consent (marketing communications, cookies)

8. Cookies & Tracking:

Our website uses cookies and similar technologies

• Essential Cookies site functionality

• Analytics Cookies anonymous usage statistics (Google Analytics)

• Marketing Cookies remarketing, LinkedIn Ads, Google Ads (only with consent)

You can manage cookie preferences anytime via your browser or our cookie banner.

9. Data Sharing & Transfers:

We may share data with:

• Project partners, EPC contractors, subcontractors (as required)

• Third-party service providers (cloud hosting, IT, marketing, HR tools)

• Regulatory authorities (if legally required)

Data may be transferred internationally, including outside the EEA/UK. Where this occurs, we ensure appropriate safeguards (e.g., EU Standard Contractual Clauses).

10. Data Retention:

We retain personal data only as long as necessary:

• Project data: for the duration of the contract + 7 years

• Recruitment data: up to 2 years (unless consent to keep longer)

• Marketing data: until consent is withdrawn

• Legal/financial records: as per statutory retention laws

11. Your GDPR Rights:

If you are based in the EU/UK, you have the following rights:

• Right to access your data

• Right to rectification of incorrect/incomplete data

• Right to erasure (“right to be forgotten”)

• Right to restrict processing

• Right to data portability

• Right to object to marketing/automated decisions

• Right to withdraw consent anytime

To exercise these rights, contact dpo@pmecheng.com

12. Data Security:

We use technical and organizational safeguards, including:

• Encrypted communications (SSL/TLS)

• Role-based access to project data

• Secure servers and firewalls

• Regular audits, QHSE-compliant documentation

• Employee confidentiality agreements

13. Third-Party Links:

Our website may contain links to partner websites, EPC databases, or industry portals. PMECH is not responsible for their privacy practices.

14. Children’s Privacy

Our services are B2B and not directed at children under 16. We do not knowingly collect children’s data.

15. Changes to This Policy

We may update this Policy to reflect legal, technical, or business changes. Updates will be posted on this page with a revised “last updated” date.

16. Contact Information

For questions, concerns, or GDPR rights requests:

• Data Protection Officer (DPO):it@pmecheng.com

• PMECH Consultant Pvt. Ltd.

• Address: Mumbai / Pune, India.