This Privacy Policy governs the manner in which Spine Technologies (India) Private Limited (Company, we or us) collects, receives, possesses, stores, deals or handle information collected from the Users. For the purpose of this Privacy Policy, wherever the context so requires, “you”, “your” or “User” shall mean any person who accesses or uses our website https://spinetechnologies.com/ and mobile application through mobile or any other similar device, owned, operated and offered by us (Website), including customers, employees, consultants and vendors of the Company.
By accessing or using the Website, you consent to the collection, use, storage and processing of your personal information in accordance with this Privacy Policy and applicable laws. If you do not agree with the terms of this Privacy Policy, you are requested not to access or use the Website. Continued access or use of the Website following any modification to this Privacy Policy shall constitute your acceptance of such revised Privacy Policy.
You are hereby advised to read this Privacy Policy carefully and fully understand the nature and purpose of gathering and/or collecting personal and other information and the usage, disclosure and sharing of such information. We will not use or share your information with anyone except as described in this Privacy Policy.
Personal Information
We may collect personal information from Users in a variety of ways, including, but not limited to, when Users visit our site, register on the Website, fill out a form, respond to a survey, provide information in connection with onboarding, contractual or commercial engagements or otherwise interact with the Company in connection with other activities, services, features or resources provided by us.
Such personal information may include, as applicable, name, email address, mailing address, phone number, purchase and transaction information, login credentials, preference regarding products and services and other contact details. We may also collect demographic information such as information about your computer, mobile, tablet, device, hardware, software, platform, media, internet service provider, Internet Protocol (IP) address and connection, information about online activity such as feature usage and click paths, such other data that you may provide in surveys or online profiles and other similar information. In addition, we may automatically collect information relating to the user’s interaction with the Website, including Uniform Resource Locator (URL) clickstream data to, through and from the Website (including date and time), pages viewed or searched, page response times, download errors, duration of visits to specific pages, page interaction information (such as scrolling, clicks and mouse-overs), and methods used to navigate away from the Website.
Users may, however, visit our Website anonymously. We will collect personal information only where such information is voluntarily provided by the User or where it is automatically collected for the purpose of operating and improving the Website. Users may refuse to provide personal information, however, such refusal may restrict access to certain Website related activities.
Sensitive Personal information
The Company does not collect, receive and process any Sensitive Personal Data or Information (SPDI) as defined under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, except from its employees and vendors.
SPDI collected by the Company may include financial information such as bank account details or other payment instrument details, biometric information, password and such other information as may be notified as SPDI under applicable law.
Such SPDI if collected is strictly for legitimate and lawful purposes, including payroll processing, reimbursement of expenses, vendor payments and other contractual obligations and as required by the applicable law.
Customer Data
Each client independently enters, controls and maintains its own data, including personal data, within the software provided by the Company (Customer Data). All Customer Data remains the exclusive property of the respective client.
The Company does not, in the ordinary course of business, access, view, monitor or use Customer Data. Customer Data is maintained in systems that are password-protected, and access is restricted strictly to identified personnel and on a need-to-know basis.
Any access of Customer Data by identified personnel, is controlled, logged and undertaken only for limited purposes such as system maintenance, troubleshooting or support. For the purpose of research and development, if the Customer Data is required to be shared or used, such information is sanitised to remove personal identifiers and sensitive elements.
Why We Collect and Use Your Personal Information
In addition to the purposes specified elsewhere in this Privacy Policy, we may collect and use personal information of the Users for the following purposes:
- To provide products and services: to provide you with products and services you request and for the purpose of undertaking our business.
- To run and operate our Website: to enable access to the Website and to ensure that content is displayed correctly.
- To improve customer service: information you provide helps us respond to your customer service requests and support needs more efficiently.
- To personalize user experience: we may use information in an aggregated and anonymised manner to understand how our Users, as a group, use the services and resources provided on our Website.
- To improve our Website: feedback provided by the Users may be used to improve the products and services offered by the Company and to improve functionality, analyzing performance, fixing errors, and improving the usability and effectiveness of the Website.
- To conduct promotions, contests, surveys or other Website features: to administer such activities and to provide the Users with information they agreed to receive about topics we think will be of interest to them.
- To send periodic emails: we may use the email address to respond to inquiries, questions, and/or other requests initiated by UsersWeb Browser Cookies
Our Website may use “cookies” to enhance User experience. User’s web browser places cookies on their hard drive for record-keeping purposes and sometimes to track information about you. You may choose to set your web browser to refuse cookies, or to alert you when cookies are being sent. If you do so, note that some parts of the Website may not function properly.
How We Protect Your Information
We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our Website. We follow industry best practices to prevent the loss, misuse or alteration of your personal information, including when storing or transmitting all your personal information. By agreeing to this Privacy Policy and using the Website, you acknowledge that the transmission of information over the internet is inherently insecure, and we cannot guarantee the security of data sent over the internet. Not withstanding anything contained in this Privacy Policy or elsewhere, we shall not be held responsible for any loss, damage or misuse of your personal information.
Sharing Your Personal Information
We do not disclose personal information of the Users to any third party. We may share generic aggregated demographic information not linked to any personal information regarding the Users with our business partners, trusted affiliates and advertisers for the purposes outlined above. We may use third party service providers to help us operate our business and the Website or administer activities on our behalf, such as sending out newsletters or surveys. We may share your information with these third parties for those limited purposes provided that you have given us your consent. By engaging with the Website in any manner, you hereby also consent to the Company sharing information with such third party service providers engaged by the Company and the Company business partners in this regard and to the transfer and/or storage of user information and data across borders in accordance with applicable laws.
We reserve the right to use or disclose personal information and any other information we collect from the Users as specified in this Privacy Policy (i) to any successor of our business, including as a result of any merger, acquisition, asset sale or similar transaction, (ii) to any corporate affiliate of ours whose privacy practices are substantially similar to ours, (iii) to any law enforcement, judicial authority, governmental or regulatory authority, to the extent required by law or legal process, or (iv) if in our reasonable discretion, such use or disclosure is necessary to enforce or protect our legal rights.
Not withstanding anything contained in this Privacy Policy, we may release your personal information when we believe such release is appropriate to comply with applicable law, enforce the Website’s policies or Terms & Conditions, or for protecting our or others’ rights, property and/or for ensuring safety.
By using the Website, you hereby grant your consent to the Company to share / disclose your personal information with the governmental authorities, quasi-governmental authorities, judicial authorities and quasi-judicial authorities, in accordance with applicable laws of India.
Database Back-Up and Retention of Information
All personal information collected by the Company is stored on company-managed production servers. Such servers are protected by appropriate technical and organisational security measures, including firewall protections, password-restricted access and role-based access controls, and access is strictly limited to authorised personnel on a need-to-know basis. While the Company implements reasonable security practices and procedures to safeguard personal information, Users acknowledge that transmission of information over the internet is not completely secure and that no system can guarantee absolute security.
The Company maintains its production databases on secure, company-managed servers and operates a controlled process for creating and accessing database backups to support internal purposes such as debugging, testing, and analysis. All database backup requests must be initiated exclusively through the Company’s CRM system as a formal task or ticket by authorized internal personnel or support staff with approved access rights; direct database access or manual backup requests outside of this process are not permitted. Once a request is approved, the application and database servers, securely connected to the CRM system execute the backup automatically using predefined scripts with restricted privileges and without manual intervention.
As part of this process, the Company automatically generates a sanitized copy of the database designed to adhere to data minimization principles and to avoid unnecessary exposure of personal or sensitive information. The sanitization process includes masking or removal of personally identifiable information, masking of sensitive business and financial data, and preventing the exposure of credentials, secrets, or confidential client identifiers. Only data strictly required for the specified operational purpose (such as debugging, testing, or analysis) is retained in the sanitized copy, and production-grade sensitive data is never shared in raw form.
The sanitized database is then compressed into an encrypted ZIP archive that is stored solely on the originating server and is not transmitted via email, chat tools, or external storage services. A secure, access-controlled download link to this archive is automatically attached to the corresponding CRM task and is only accessible to authorized users associated with that task. All access to such archives, as well as all backup-related actions, are logged, traceable, and auditable through CRM activity logs, contributing to accountability and security oversight. No direct database credentials are shared in connection with this process, and support staff cannot obtain backups without a valid CRM task or bypass the sanitization controls.
The Company applies strict time-bound retention to sanitized database backups, ensuring they are retained only for as long as operationally necessary. The encrypted ZIP file remains available for a maximum of forty-eight (48) hours, after which it is automatically deleted from the server without reliance on any manual deletion step.
Electronic Newsletters
If User decides to opt-in to our mailing list, they will receive emails that may include company news, updates, related product or service information, etc.
Third Party Websites
Users may find advertising or other content on our Website that link to the sites and services of our partners, suppliers, advertisers, sponsors, licensors and other third parties. We do not control the content or links that appear on these sites and are not responsible for the practices employed by websites linked to or from our Website. In addition, these sites or services, including their content and links, may be constantly changing. These sites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website, including websites which have a link to our Website, is subject to that website’s own terms and policies.
Non-Compliance
In the event of non-compliance with applicable laws, rules and regulations, this Privacy Policy or any other terms governing access to or use of the Website or the Company’s computer resources, the Company reserves the right to suspend or terminate the user’s access or usage rights, or to remove or disable access to any non-compliant information, or to take such other appropriate action as may be required.
The Company shall not be responsible for the authenticity, accuracy or completeness of any personal information provided by the Users as per this Privacy Policy to the Company or to any person acting on behalf of the Company.
Changes To This Privacy Policy
We have the discretion to update this Privacy Policy at any time. When we do, we will post a notification on the main page of our Website. We encourage Users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect. You acknowledge and agree that it is your responsibility to review this Privacy Policy periodically and become aware of modifications. These changes are effective immediately, after they are posted on the main page of our Website.
Updating Your Information and Opting Out
If any of the information that you have provided to us changes, for example, if you change your e-mail address or name or if you wish to cancel your registration, please let us know the correct details by writing to us at info@spinetechnologies.com to update or change your preferences, along with deleting your account and all personal information from our Website.
Your Privacy Rights
You have many rights regarding your personal information. These rights include the following:
- You have the right to rectification if you believe that the Company has stored wrong or incomplete information about you.
- You have the right to be forgotten or the right to erasure where you shall have the right to tell the Company to permanently erase your personal information from the records of the Company.
- You have the right to withdraw consent. You may wish to withdraw your consent and restrict ability of the Company to process your personal information, by sending email on info@spinetechnologies.com.
- The withdrawal of consent does not affect the lawfulness of the processing based on consent before its withdrawal.
Consent Law
- By using the Website, you consent to the terms of this Privacy Policy and to our use and management of personal information for the purposes and in the manner given above.
- Your visit and any dispute over privacy are subject to this Privacy Policy. This Privacy Policy shall be governed by and construed in accordance with the laws of the Republic of India. Any disputes arising out of or related to your use of the Website shall be submitted to confidential arbitration in accordance with the provisions of the Arbitration and Conciliation Act, 1996, as amended from time to time. The seat and venue of arbitration shall be Mumbai, Maharashtra, India, and the arbitration proceedings shall be conducted in the English language. Notwithstanding the foregoing, the Company shall be entitled to seek interim, injunctive, or other equitable relief before any competent court in Maharashtra, and you irrevocably submit to the exclusive jurisdiction of such courts for such purposes. Contacting Us and Complaints.
If you have any questions about this Privacy Policy, the practices of this Website, or your dealings with the Website or if you wish to exercise any of your rights, please contact us: or write us at: info@spinetechnologies.com
In case of any discrepancies or grievances in relation to the collection, storage, use, disclosure and transfer of your personal information under this Privacy Policy or any terms of the Company’s Terms & Conditions, please contact our Data Protection Officer / Grievance Officer in accordance with the Information Technology Act 2000 and rules made thereunder respectively as applicable. In case of grievances, you can contact:
Name: Jignesh Panchal
E-mail: grievance@spinetechnologies.com