Privacy Policy

Last Updated – 28^th May, 2026
Version No. – 1.0

1. Who We Are

Mundra Ports and SEZ Limited ("we", "our"), which is a wholly subsidiary company of Adani Ports and Special Economic Zone Limited (APSEZ), act as the Data Fiduciary for personal data processed through our websites and digital interfaces.
Where personal data is processed jointly with or on behalf of APSEZ, APSEZ may act as a joint Data Fiduciary or as a Data Processor, as applicable.
References to “APSEZ” in this policy include APSEZ’s subsidiaries, affiliates, and joint ventures with which you interact or have a business relationship. Unless otherwise stated, references to “we”, “us” or “our” in this policy refer to Mundra Ports and SEZ Limited.
This policy explains what we collect, why we use your personal data, who we share it with, how long we keep it, and the choices and rights available to you under the Digital Personal Data Protection Act, 2023 (DPDPA) and the Digital Personal Data Protection Rules, 2025.

2. Data Privacy Disclaimer

The scope of this policy is limited to the services provided by us within the territory of India and applies to users who request these services within the Indian territory.
This policy is issued in accordance with the Digital Personal Data Protection Act, 2023 and applies to personal data processed in connection with services offered within India.

3. Personal Data we Collect on this Website

When you interact with us, we collect different types of information from you based on the type of interaction.
“Personal Data” means any data about an individual who is identifiable by or in relation to such data.
“Processing”, “Processed”, “Process” in relation to personal data, means a wholly or partly automated operation or set of operations performed on digital personal data, and includes operations such as collection, recording, organization, structuring, storage, adaptation, retrieval, use, alignment, or combination, indexing, sharing, disclosure by transmission, dissemination or otherwise making available, restriction, erasure, or destruction.

Where personal data is lawfully available in the public domain, such personal data will be processed in accordance with applicable law and this policy.
We endeavor to collect only such information that is reasonably necessary to perform our services for you, or to respond to your enquiries.

We collect only the minimum data necessary for the purposes described below. This may include:

Information you submit through communication channels:

• Contact / Enquiry / Feedback: Name, mobile number, email address, and the content of your message/enquiry when you contact us through available communication channels or forms (if provided).
• PIS (Project Information Sheet): Personal data submitted through the PIS- Microsoft form accessible via the website, which may include personal details of the contact person such as name, mobile number, email id and project related information.

Information shared through direct communication:

• Email communication: When you contact us via the official email address provided on the website, we may collect your Name, Email address, and any personal information contained in your message or attachments.
• Telephonic communication: When you contact us via phone numbers provided on the website, we may collect your phone number and any information you voluntarily share during the conversation.

Information related to forms and applications:

• SEZ (Special Economic Zone) Forms and Applications: The website provides downloadable statutory forms (such as Form A, A1, B, C series). When you chose to submit these forms through offline or external channels, we may collect personal data of individuals such as promoters, applicant, and authorized representatives, including name, contact details, address, and supporting identity or financial information as required under applicable laws and regulations. Certain forms may also contain details of government officials in their official capacity and other details as required under applicable regulations.
• Indirect collection of information: When you interact with our website, certain information may be collected indirectly. This may include technical and usage data such as IP address, browser type, device identifiers, operating system, date and time of access, pages visited, and referring URLs.
  This information does not directly identify you and is used to enhance the functionality, security, and user experience of our site.

4. Why We Collect and Use Your Data

We collect, process, and disclose your personal data only for specific and limited purposes. The purposes of data collection, including but not limited to, are listed below.
We may also process personal data to comply with legal obligations, respond to lawful requests, prevent fraud, ensure information security, and protect legal rights.

4.1. Contact / Enquiry / Feedback

We use this information to:

• Respond to and manage your enquiry (e.g., provide information, route to the right business team, and follow up).
• Maintain records of communications to improve our customer service and ensure continuity across interactions.

4.2. PIS (Project Information Sheet)

We use this information to:

• Review, assess, and respond to project-related inquiries or submissions.
• Communicate with the relevant contact person regarding the project.

4.3. Email Communication

We use this information to:

• Communicate with you, address your concerns and respond to requests.
• Maintain records of correspondence for follow-ups and reference.

4.4. Telephonic Communication

We use this information to:

• Respond to business-related enquiries and provide relevant information or assistance.

4.5. SEZ (Special Economic Zone) Forms and Applications

We use this information to:

• Process application for setting up, modifying or operating within the Special Economic Zones.
• Verify the identity and credentials of promoters, applicants and authorized representatives.
• Maintain official records and documentation for regulatory, audit and compliance purposes.

5. Legal Basis / Grounds for Processing

We process personal data based on your consent or for legitimate uses as permitted under Section 7 of the Digital Personal Data Protection Act, 2023.
If we intend to use your personal data for any purpose other than the one for which it was originally collected, we will obtain your fresh consent before proceeding, unless such processing is otherwise permitted under applicable law.

6. Who We Share Data With

• APSEZ’s subsidiaries, affiliates, and joint ventures;
• Service providers acting on our instructions (e.g., hosting, security, analytics, customer support) under written contracts and safeguards; and
• Regulators, courts or government authorities where required by law or to protect rights, safety and security.

All service providers are contractually bound to process personal data only on our instructions and to implement appropriate technical and organizational safeguards.

7. International Data Transfers

We may transfer personal data outside India where necessary, in accordance with the Digital Personal Data Protection Act, 2023, the rules made thereunder, and any Government notifications specifying restricted countries. Such transfers are undertaken subject to appropriate contractual and technical safeguards. Details of key data processors and hosting locations may be made available upon request.

8. How Long We Keep Your Data

We retain personal data only for as long as necessary for the purposes described in this policy, taking into account the nature of the data, the purpose of processing, applicable legal or regulatory requirements, and limitation periods, as per the retention period defined by APSEZ and applicable laws or regulations.

9. How We Protect Your Data

We will take appropriate technical and organizational security measures to protect your personal data in accordance with India’s DPDP Act, 2023 and rules made thereunder.
In the event of a personal data breach, we will take prompt remedial actions and notify the Data Protection Board of India and affected Data Principals, where required under applicable law.

10. Data Breach Notification

In the event of a personal data breach, we shall, in accordance with the Digital Personal Data Protection Act, 2023 and the rules made thereunder, notify the affected Data Principals and the Data Protection Board of India immediately after becoming aware of the breach. Such notification shall, to the extent required under applicable law, include details of the nature and extent of the breach, the personal data affected, and the timing and location of its occurrence.

11. Safeguarding the Privacy of Children

We do not knowingly collect or solicit personal data from minors. Our services are not designed for individuals under 18 years of age, and we do not knowingly permit such persons to submit personal data without verifiable consent of parents or lawful guardians. Further, we do not undertake tracking, behavioural monitoring, or targeted advertising directed at children.

If you believe that a child under 18 years may have provided us with personal data, please contact us using the contact details provided in paragraph 12.

12. Your Rights Under the DPDPA

We respect your right to access and control your personal data and will respond to requests to exercise your rights under applicable law.
We will acknowledge rights requests within a reasonable time and endeavour to resolve them within timelines prescribed under applicable law.
Please note that applicable law may require retention of personal data despite requests for erasure due to legitimate business, regulatory, or statutory obligations.

You have the following rights:

• Right to access information about your personal data
• Right to correction
• Right to erasure
• Right of grievance redressal
• Right to nominate
• Right to withdraw your consent to process your personal data

You may exercise the above rights by using the Email: dpo.apsez@adani.com. Please ensure that the personal data provided to us remains accurate and up to date and inform us of any changes.
If your grievance remains unresolved, you may escalate the matter to the Data Protection Board of India in accordance with the DPDP Act, 2023 and Rules, 2025.

13. Contact and Grievance Redressal

You may contact us on any aspect of this policy or for any discrepancies or grievances relating to your personal data by contacting our Data Protection Officer (responsible for grievances under the DPDP Act) at:

Data Protection Officer
Email: dpo.apsez@adani.com
Address: Adani Corporate House
Shantigram, Near Vaishnodevi Circle, S G Highway, Ahmedabad-382421, Gujarat, India.

14. Updates to this Policy

We may update this policy to reflect changes in processing activities or legal requirements. We will publish the updated version on our website and notify users where required.
The “Last Updated” date at the top of this policy indicates when it was last revised.