Privacy Policy

Last Updated – 27th May, 2026
Version No. – 1.0

1. Who We Are

Adani Ports and Special Economic Zone Limited ("APSEZ", "we", "our") acts as the Data Fiduciary for personal data processed through our websites and digital interfaces. References to “APSEZ” in this policy include APSEZ’s subsidiaries, affiliates, and joint ventures with which you interact or have a business relationship.
This policy explains what we collect, why we use your personal data, who we share it with, how long we keep it, and the choices and rights available to you under the Digital Personal Data Protection Act, 2023 (DPDPA) and the Digital Personal Data Protection Rules, 2025.

2. Data Privacy Disclaimer

The scope of this policy is limited to the services provided by us within the territory of India and applies to users who request these services within the Indian territory.
This policy is issued in accordance with the Digital Personal Data Protection Act, 2023 and applies to personal data processed in connection with services offered within India.

3. Personal Data we Collect on this Website

When you interact with us, we collect different types of information from you based on the type of interaction.
“Personal Data” means any data about an individual who is identifiable by or in relation to such data.
“Processing”, “Processed”, “Process” in relation to personal data, means a wholly or partly automated operation or set of operations performed on digital personal data, and includes operations such as collection, recording, organization, structuring, storage, adaptation, retrieval, use, alignment, or combination, indexing, sharing, disclosure by transmission, dissemination or otherwise making available, restriction, erasure, or destruction.

Where personal data is lawfully available in the public domain, we process such data in accordance with applicable law and this policy.
We endeavor to collect only such information that is reasonably necessary to perform our services for you, or to respond to your enquiries.

We collect only the minimum data necessary for the purposes described below. This may include:

Information you submit in web forms:

• Contact us page: Name, mobile number, email address, and the content of your message/enquiry.
• Grievance Redressal Page: Name, Email ID, Mobile number, and address.
• Career page: Name, Email ID, mobile number, date of birth, & resume.
• Expression of Interest Form: In the supplier registration form, contact person’s details are collected, including name, email ID, role/designation, and mobile number.

Indirect collection of information

When you interact with our website, certain information may be collected indirectly. This may include technical and usage data such as IP address, browser type, device identifiers, operating system, date and time of access, pages visited, and referring URLs. This information does not identify you personally and is used to improve the functionality, security, and user experience of our site.

4. Why We Collect and Use Your Data

We collect, process, and disclose your personal data only for specific and limited purposes. The purposes of data collection, including but not limited to, are listed below.
We may also process personal data to comply with legal obligations, respond to lawful requests, ensure information security, prevent fraud, and protect our legal rights.

4.1. Contact Us

We use this information to:

• Respond to and manage your enquiry (e.g., provide information, route to the right business team, and follow up).
• Support business conversations, such as bid/process discussions initiated through your enquiry.
• Maintain records of communications to improve our customer service and ensure continuity across interactions.

4.2. Grievance Redressal

We use this information to:

• Register, investigate, and resolve your grievance, and keep you updated on the outcome.
• Comply with our grievance redressal obligations and record-keeping requirements under our privacy framework.

4.3. Careers

We use this information to:

• Assess your suitability for roles, verify eligibility, and communicate with you through the hiring process (screening, interviews, feedback).
• Meet legal/statutory requirements associated with recruitment and employment record management.

4.4. Customer/Supplier Registration

We use this information to:

• Create and manage your organization’s account with us (customer or supplier) and set up the designated contact person for operational communications.
• Onboard and verify suppliers, conduct due diligence checks, and enable procurement collaboration (e.g., via our SAP Ariba supplier environment).
• Send transactional notices (e.g., registration status, document requests), and coordinate commercial activities tied to your role/designation.

5. Legal Basis / Grounds for Processing

We process personal data based on your consent or for legitimate uses as permitted under Section 7 of the Digital Personal Data Protection Act, 2023.
If we intend to use your personal data for any purpose other than the one for which it was originally collected, we will obtain your fresh consent before proceeding, unless such processing is otherwise permitted by applicable law.

6. Who We Share Data With

• APSEZ’s subsidiaries, affiliates, and joint ventures;
• Service providers acting on our instructions (e.g., hosting, security, analytics, customer support) under written contracts and safeguards; and
• Regulators, courts or government authorities where required by law or to protect rights, safety and security.

All service providers are contractually obligated to process personal data only on our instructions and implement appropriate technical and organizational safeguards.

7. International Data Transfers

We may transfer personal data outside India where necessary, in accordance with the Digital Personal Data Protection Act, 2023, the rules made thereunder, and any Government notifications specifying restricted countries. Such transfers are undertaken subject to appropriate contractual and technical safeguards. Details of key data processors and hosting locations may be made available upon request.

8. How Long We Keep Your Data

We retain personal data only for as long as necessary for the purposes described in this policy, based on the nature of the data, the purpose of processing, legal or regulatory requirements, and applicable limitation periods, as per the retention period defined by APSEZ and applicable laws or regulations.

9. How We Protect Your Data

We will take appropriate technical and organizational security measures to protect your personal data in accordance with India’s DPDP Act, 2023 & rules made thereunder.
In the event of a personal data breach, we will take appropriate remedial measures and notify the Data Protection Board of India and affected Data Principals, where required under applicable law.

10. Data Breach Notification

In the event of a personal data breach, we shall, in accordance with the Digital Personal Data Protection Act, 2023 and the rules made thereunder, notify the affected Data Principals and the Data Protection Board of India immediately after becoming aware of the breach. Such notification shall, to the extent required under applicable law, include details of the nature and extent of the breach, the personal data affected, and the timing and location of its occurrence.

11. Safeguarding the Privacy of Children

We do not knowingly collect or solicit personal data from minors. Our services are not designed for any person who is under 18 years of age, and we do not knowingly permit such persons to register for products and/ or services or share information through any of the web forms without verifiable consent from minors’ parents or lawful guardians. Further, we do not undertake tracking or behavioural monitoring of children or targeted advertising directed at children.

If you believe that a child under 18 years may have provided us with their personal data, please contact us using the contact details provided in paragraph 12.

12. Your Rights Under the DPDPA

We respect your right to access and control your personal data and will respond to requests to exercise your rights under applicable law.
We will acknowledge rights requests within a reasonable time and endeavour to resolve them within timelines prescribed under applicable law.
Please note that applicable law may require retention of personal data despite requests for erasure due to legitimate business, regulatory, or statutory obligations.

You have the following rights:

• Right to access information about your personal data: At any point, you can contact us for a summary of your personal data we hold about you, the processing activities undertaken with respect to such personal data, the identities of all those persons with whom your personal data has been shared by us along with the description of the personal data so shared, and any other information related to your personal data and its processing.
• Right to correction: If your personal data is incomplete, inaccurate, misleading, or out of date, you can inform us about the same and your personal data will be corrected, completed or updated, as the case may be.
• Right to erasure: If you believe that we should discontinue the use of your personal data, you have the option to request the deletion of your personal data, unless retention is necessary for compliance with any law for the time being in force.
• Right of grievance redressal: We are committed to protecting your personal data collected by us. However, in case of any act or omission regarding the performance of our obligation in relation to your personal data or in the exercise of your rights under applicable law, we encourage you to contact us using the contact details provided in paragraph 12.
• Right to nominate: In the event of death or incapacity to exercise these rights, you can nominate any other individual to exercise such rights.
• Right to withdraw your consent to process your personal data: You can withdraw/revoke your consent at any time, to the processing of your personal data for which consent was sought earlier. The withdrawal of consent previously granted for the processing of personal data does not affect the lawfulness of the processing until the withdrawal. However, opting out will result in cessation of the respective services.

You may exercise the above rights by using the Email: dpo.apsez@adani.com. Please ensure that the personal data provided to us remains accurate and up to date and inform us of any changes.
If your concern remains unresolved, you may escalate the matter to the Data Protection Board of India in accordance with the DPDP Act and Rules.

13. Contact and Grievance Redressal

You may contact us on any aspect of this policy or for any discrepancies/grievances with respect to your Personal Data, by writing to our Data Protection Officer (responsible for addressing grievances under the DPDP Act) at:

Data Protection Officer
Email: dpo.apsez@adani.com
Address: Adani Corporate House
Shantigram, Near Vaishnodevi Circle, S G Highway, Ahmedabad-382421, Gujarat, India.

14. Updates to this Policy

We may update this policy to reflect changes in our processing or legal requirements. We will post the updated version here and, where appropriate, notify you.
The “Last Updated” date at the top of this policy indicates when it was last revised.