Privacy Policy

1. Introduction & Scope

MOVTEK Private Limited ('MOVTEK', 'we', 'our', 'us') is a freight forwarding and logistics solutions company incorporated under the Companies Act, 2013, with its registered office in New Delhi, India. We facilitate the movement of cargo and goods for individuals, businesses, importers, exporters, and trade partners across India and worldwide through both our digital platform (website, online portal, mobile application) and physical operations (offices, warehouses, ground agents, customs desks).

This Privacy Policy ('Policy') governs how MOVTEK collects, uses, stores, shares, transfers, and protects Personal Data and Sensitive Personal Data or Information ('SPDI') of:

Customers and shippers (individuals and businesses)

Consignees and receivers of freight

Employees, contractors, and agency staff

Vendors, agents, subcontractors, and logistics partners

Visitors to our website and digital platforms

Any individual whose data we process in connection with our services

This Policy applies to all data processing activities conducted by MOVTEK whether in India or internationally, including data transferred across borders in the ordinary course of freight forwarding business.

2. Definitions

For the purposes of this Policy, the following definitions apply:

'Personal Data' means any information that relates to a natural person who can be directly or indirectly identified from such information, including name, address, email, phone number, identification documents, and financial data.

'Sensitive Personal Data or Information (SPDI)' includes passwords, financial information, health data, biometrics, and any other category notified under applicable law.

'Digital Personal Data Protection Act, 2023 (DPDPA)' refers to the Indian legislation governing the processing of digital personal data.

'Data Principal' means the individual to whom the personal data relates.

'Data Fiduciary' means MOVTEK, which determines the purpose and means of processing personal data.

'Third Party' means any entity other than MOVTEK and the Data Principal.

'Freight Forwarding' means the coordination and shipment of goods from the shipper to a final point of destination using a single or multiple carriers via air, sea, rail, or road.

'Platform' refers to the MOVTEK website, web portal, and any mobile application operated by MOVTEK.

3. Data We Collect

MOVTEK collects data through multiple channels — our digital platform, physical documentation, telephone interactions, email correspondence, agent networks, customs filings, and partner integrations. The categories of data we collect include:

3.1 Identity & Contact Information

Full name, title, date of birth

Postal address, billing address, delivery address

Email address, telephone number, WhatsApp number

Government-issued identification: PAN, Aadhaar, Passport, GST Number, IEC (Import Export Code)

3.2 Shipment & Cargo Information

Nature, description, quantity, weight, and value of goods

Origin, transit, and destination country/port details

Bill of Lading, Airway Bill, or consignment details

Harmonized System (HS) codes, customs declarations and tariff classifications

Incoterms and freight terms

Special handling instructions (hazardous materials, temperature-controlled goods)

Shipper and consignee details as appearing on trade documents

3.3 Financial & Payment Data

Bank account details (for wire transfers, refunds)

Credit/debit card information (processed via PCI-DSS compliant gateways)

GST registration, TAN, TDS certificates

Invoice, credit note, payment history

Foreign exchange transactions (where applicable under FEMA)

3.4 Customs & Regulatory Data

Import/Export licence numbers

ICEGATE credentials and filing references (India Customs Electronic Gateway)

Country of origin certificates, fumigation certificates, certificates of conformity

Dual-use goods documentation and sanctioned party screening records

DGFT (Directorate General of Foreign Trade) registration details

3.5 Digital & Technical Data

IP address, browser type, device identifier

Cookies and session data (see Section 13 – Cookie Policy)

Login credentials (hashed passwords), two-factor authentication logs

Tracking portal usage data, shipment queries, API access logs

Communications sent through our digital platform

3.6 Operational & Location Data

GPS data of shipments or vehicles where tracking is enabled

Warehouse entry/exit logs

CCTV footage at MOVTEK premises (physical operations)

Port and customs handling records

3.7 Third-Party Provided Data

In the course of freight forwarding, we may receive data about consignees, shippers, or cargo from our customers, overseas agents, customs brokers, airlines, shipping lines, and port authorities.

4. Legal Basis for Processing

MOVTEK processes personal data under the following legal bases:

Contractual Necessity: Processing required to perform freight forwarding services, issue invoices, coordinate shipments, and communicate with shippers and consignees.

Legal Obligation: Processing required to comply with Indian Customs Act, FEMA, GST laws, Prevention of Money Laundering Act (PMLA), export control regulations, Carriage by Air Act, and applicable international trade regulations.

Legitimate Interests: Processing for fraud prevention, security, business analytics, improving services, and maintaining accurate cargo records.

Consent: Where processing is not covered by other bases (e.g., marketing communications, optional digital features), we seek explicit consent from the Data Principal.

Vital Interests: In exceptional circumstances where data processing is necessary to protect life, health, or safety during cargo emergencies or hazardous material incidents.

5. Purposes of Data Processing

MOVTEK uses your personal data for the following specific purposes:

Core Freight & Logistics Operations

Booking, planning, executing, tracking, and completing freight shipments

Preparing Bills of Lading, Airway Bills, Certificates of Origin, and other trade documents

Customs clearance, import/export filings, duty drawback claims

Coordinating with carriers, co-loaders, CHAs (Customs House Agents), and port authorities

Providing real-time shipment tracking via our digital platform

Digital Platform Services

User account creation, authentication, and access management

Enabling online booking, rate enquiries, and document uploads

Sending automated shipment status notifications via email and SMS

Processing payments and generating GST-compliant invoices

Customer support via live chat, email, or ticketing system

Regulatory Compliance

Compliance with Indian Customs regulations and ICEGATE filings

Anti-money laundering (AML) and Know Your Customer (KYC) checks

Sanctioned parties screening against Indian, US (OFAC), EU, UN, and UK sanctions lists

Export control compliance under India's Foreign Trade Policy

GSTN reporting and reconciliation

Business Operations & Improvement

Generating management information, business analytics, and performance reports

Credit assessment and risk management

Fraud detection and cybersecurity monitoring

Training, quality assurance, and dispute resolution

Marketing communications to existing and prospective clients (with consent)

6. Cross-Border Data Transfers

Freight forwarding is inherently a cross-border activity. In the ordinary course of business, MOVTEK transfers personal data internationally to:

Overseas freight agents and partner network members (IATA, FIATA, WCA, or equivalent networks)

Foreign customs and port authorities where legally required

International shipping lines and airlines

Consignees, shippers, or their representatives in destination countries

Cloud service providers or IT infrastructure with data centres outside India

All international data transfers are conducted in compliance with the Digital Personal Data Protection Act, 2023 and applicable cross-border transfer provisions. Transfers are made:

Under contractual safeguards including Standard Contractual Clauses (SCCs) or equivalent instruments

To countries that provide an adequate level of data protection as notified by the Government of India

Where required by law or treaty obligations in the recipient country (e.g., customs declarations, air cargo security programs, AMS/ENS/ACI filings)

MOVTEK will inform Data Principals where their data is transferred to high-risk jurisdictions and provide appropriate safeguards.

7. Data Sharing & Disclosure

We do not sell personal data. We share personal data only as described below:

7.1 Service Partners & Sub-Processors

Shipping lines, airlines, road transporters, rail freight operators

Customs House Agents (CHAs) and customs brokers

Warehousing and distribution centre operators

Port authorities and inland container depots (ICDs)

Technology vendors providing CRM, ERP, TMS, or accounting systems

Payment gateway providers (subject to PCI-DSS standards)

7.2 Government & Regulatory Bodies

Indian Customs (Central Board of Indirect Taxes and Customs – CBIC)

DGFT, Ministry of Commerce and Industry

GST Network (GSTN)

Directorate of Revenue Intelligence (DRI) and enforcement agencies (when legally required)

Foreign customs authorities (as mandated by advance cargo declaration laws: AMS/USA, ACI/Canada, ENS/EU, ACAS/UK, AFR/Japan, etc.)

Financial Intelligence Unit – India (FIU-IND) under PMLA obligations

7.3 Professional Advisors

Legal counsel, auditors, and accountants bound by professional confidentiality obligations

7.4 Corporate Transactions

In the event of a merger, acquisition, restructuring, or sale of assets, personal data may be transferred to the successor entity subject to equivalent privacy protections.

7.5 With Consent

We share data with other third parties only with your explicit prior consent.

8. Data Retention

MOVTEK retains personal data for as long as necessary to fulfil the purposes described in this Policy, and in compliance with applicable statutory retention requirements:

Customs & Trade Documents: Minimum 5 years as required under the Customs Act, 1962 and related rules

GST Records & Financial Data: Minimum 6 years as required under the GST Act, 2017 and Income Tax Act, 1961

PMLA / KYC Records: Minimum 5 years after end of customer relationship

Contractual Records: Duration of contract plus 6 years (limitation period under Indian law)

Platform & Digital Data: 3 years from last active use, unless longer retention is legally required

Marketing Consent Records: Until consent is withdrawn plus 1 year

CCTV Footage (Physical Premises): 30 to 90 days unless required for investigations

Upon expiry of applicable retention periods, data is securely deleted or anonymised in accordance with our Data Disposal Policy.

9. Data Security

MOVTEK implements industry-standard technical, administrative, and physical safeguards to protect your personal data against unauthorized access, loss, misuse, or alteration. These measures include:

Technical Safeguards

End-to-end TLS/SSL encryption for all data transmitted over our digital platform

AES-256 encryption for data stored at rest in databases and cloud storage

Multi-factor authentication (MFA) for platform access by users and staff

Role-based access controls (RBAC) limiting data access to authorised personnel only

Intrusion detection systems, firewalls, and anti-malware infrastructure

Regular penetration testing and vulnerability assessments

Administrative Safeguards

Data privacy training for all staff handling personal data

Non-disclosure agreements with employees, agents, and vendors

Data Processing Agreements (DPAs) with all third-party processors

Incident response procedures including breach notification protocols

Physical Safeguards

Access-controlled premises for offices and warehouses

Secured physical document storage with restricted access

Secure disposal of physical documents containing personal data

In the event of a personal data breach that is likely to result in a risk to the rights or freedoms of individuals, MOVTEK will notify the affected Data Principals and the appropriate regulatory authority (Data Protection Board of India or equivalent) within the timeframes mandated by applicable law.

10. Your Rights as a Data Principal

Under the Digital Personal Data Protection Act, 2023 and applicable Indian data protection law, you have the following rights in respect of your personal data held by MOVTEK:

Right to Access: Request confirmation of whether MOVTEK processes your personal data and obtain a copy of it.

Right to Correction: Request rectification of inaccurate or incomplete personal data.

Right to Erasure: Request deletion of your personal data, subject to legal obligations that require retention.

Right to Grievance Redressal: Lodge a grievance with MOVTEK's designated Grievance Officer (see Section 15).

Right to Withdraw Consent: Withdraw consent for processing at any time, without affecting lawfulness of prior processing.

Right to Nomination: Nominate another individual to exercise data rights in the event of incapacity or death.

To exercise your rights, submit a written request to support@movtek.com with your full name, a description of your request, and proof of identity. MOVTEK will respond within 30 days of receiving a complete request. Where requests are complex or numerous, we may extend this period by a further 30 days with prior notice.

Note: Certain rights may be limited where processing is required for compliance with legal obligations, enforcement of lawful claims, or national security and law enforcement purposes.

11. Children's Privacy

Our services are not directed to individuals below the age of 18 years. We do not knowingly collect personal data from minors. Where MOVTEK discovers that personal data of a minor has been collected without verified parental consent, we will promptly delete such data. If you believe we have inadvertently collected data relating to a minor, please contact us at support@movtek.com immediately.

12. Third-Party Links & Integrations

Our digital platform may contain links to third-party websites, carrier tracking portals (e.g., shipping line tracking, airline cargo tracking), customs portals (ICEGATE, DGFT e-portal), and payment gateways. These third-party services are governed by their own privacy policies, and MOVTEK is not responsible for their data practices. We recommend reviewing the privacy policy of any third-party service before providing personal data.

13. Cookie Policy

When you visit the MOVTEK website or digital platform, we use cookies and similar tracking technologies. The types of cookies we use are:

Strictly Necessary Cookies: Essential for platform functionality, login sessions, and security. These cannot be disabled.

Functional Cookies: Store your preferences (language, region, unit of measure) to improve your experience.

Analytics Cookies: Collect anonymised data about how users interact with our platform (e.g., Google Analytics). Help us improve performance and usability.

Marketing Cookies: Used (with consent) to deliver relevant advertisements on our platform or third-party networks.

You may manage cookie preferences via our Cookie Consent Manager available on the platform, or through your browser settings. Disabling certain cookies may affect platform functionality. For more information, refer to our detailed Cookie Policy available on our website.

14. Marketing Communications

MOVTEK may send you promotional communications about our services, offers, regulatory updates, and industry insights. We will only send marketing communications:

Where you are an existing client and we are communicating about related services (legitimate interest basis, subject to your right to opt-out), or

Where you have given explicit consent to receive such communications.

You may opt out of marketing communications at any time by:

Clicking the 'Unsubscribe' link in any marketing email

Sending an email to support@movtek.com with the subject line 'Opt-Out'

Updating your communication preferences in your platform account settings

Opting out of marketing communications does not affect essential service-related communications (e.g., shipment status, invoices, customs alerts).

15. Grievance Officer & Contact Details

In accordance with the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023, MOVTEK has designated a Grievance Officer to address data privacy concerns:

If you are not satisfied with our response, you may escalate your grievance to the Data Protection Board of India (once constituted and operational under the DPDPA, 2023) or any other applicable regulatory authority.

16. Compliance with International Regulations

Given the international nature of freight forwarding, MOVTEK acknowledges and, where applicable, complies with or accommodates the requirements of the following international frameworks when processing data of non-Indian Data Principals:

General Data Protection Regulation (GDPR) – European Union & UK: Where we process data of EU/UK residents, we adhere to GDPR standards including lawful basis, data minimisation, purpose limitation, and rights of data subjects.

US Customs-Trade Partnership Against Terrorism (C-TPAT) and Transportation Security Administration (TSA) requirements for air cargo security.

Advance Manifest Regulations: AMS (USA), ACI (Canada), ENS (EU Import Control System), ACAS (UK), AFR (Japan) – cargo data submitted to foreign customs as legally required.

IATA Cargo 2000 and e-AWB standards for electronic air waybill data.

FIATA Model Rules and standard trading conditions applicable to international freight.

International Maritime Organization (IMO) regulations including SOLAS verified gross mass (VGM) requirements.

US OFAC, EU Consolidated Sanctions List, UN Security Council Sanctions – screened against for all transactions.

Where a conflict arises between Indian law and international obligations, MOVTEK will comply with Indian law while endeavouring to meet the highest applicable standard of data protection.

17. Automated Decision-Making

MOVTEK may use automated tools for the following purposes in the freight forwarding context:

Sanctions and denied parties screening (automated matching against global watchlists)

Fraud and risk scoring for new customer onboarding

Dynamic freight rate calculation algorithms on our digital platform

Automated shipment routing and carrier selection suggestions

Where automated decisions have significant legal or similar effects on individuals, MOVTEK will provide a mechanism to request human review of such decisions. To request a review, contact support@movtek.com.

18. Updates to This Policy

MOVTEK reserves the right to update this Privacy Policy periodically to reflect changes in our operations, legal obligations, or regulatory environment. Changes will be:

Posted on our website at www.movtek.com/privacy-policy with the updated effective date

Notified to registered users via email for material changes

Effective 30 days after publication for existing users and immediately for new users unless otherwise stated

We encourage you to review this Policy regularly. Continued use of our platform or services after the effective date of any update constitutes acceptance of the revised Policy.

19. Governing Law & Jurisdiction

This Privacy Policy is governed by the laws of the Republic of India. The primary legislation applicable includes:

Information Technology Act, 2000 and Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011

Digital Personal Data Protection Act, 2023 (DPDPA) and rules thereunder

Customs Act, 1962

Foreign Exchange Management Act (FEMA), 1999

Prevention of Money Laundering Act (PMLA), 2002

Indian Contract Act, 1872

Any disputes arising out of or in relation to this Privacy Policy shall be subject to the exclusive jurisdiction of competent courts in New Delhi, India.

For any privacy-related queries, contact us at support@movtek.com

MOVTEK Private Limited | New Delhi, India | www.movtek.com