Privacy Policy & Data Protection Notice
Last updated: May 2026
This Privacy Policy & Data Protection Notice explains how UTC Digital Technologies Private Limited, operating under the brand name Digi2L (“Digi2L”, “we”, “us”, or “our”), collects, uses, stores, shares, retains, and protects personal data when you access or use digi2l.co.in or any associated Digi2L website, service, feature, tool, program, or platform, collectively referred to as the “Platform”.
Digi2L acts as a Data Fiduciary in respect of the personal data processed through the Platform, in accordance with the Digital Personal Data Protection Act, 2023, the rules made thereunder, and other applicable laws.
Please read this Privacy Policy carefully. By using the Platform, you acknowledge that you have read and understood this Privacy Policy. Where required under applicable law, we will seek your consent before collecting or using your personal data for specific purposes.
1. Definitions
For the purposes of this Privacy Policy:
- Personal Data means any data about an individual who is identifiable by or in relation to such data.
- Data Principal means the individual to whom the Personal Data relates.
- Processing means any operation performed on Personal Data, including collection, recording, organisation, storage, use, sharing, disclosure, retrieval, deletion, or any other handling of Personal Data.
- Platform means the Digi2L website, services, tools, features, programs, partner-enabled flows, and related digital interfaces.
2. Personal Data We Collect
We collect Personal Data only to the extent reasonably necessary for providing and improving our services, processing transactions, fulfilling legal obligations, preventing fraud, and resolving disputes.
The categories of Personal Data we may collect include:
| Category | Examples | Purpose |
|---|---|---|
| Identity details | Name, age/date of birth where required, gender where voluntarily provided | Account creation, user verification, communication |
| Contact details | Email address, mobile number, pickup address, PIN code | Pickup coordination, order updates, support |
| Product details | Appliance category, brand, model, age, condition, photos, videos, documents uploaded during Self-QC | Valuation, quality check, pickup verification, audit trail, dispute handling |
| Payment and financial details | UPI ID, bank account number, IFSC code, payout details, PAN where required | Payout settlement, tax compliance, fraud prevention |
| Device and usage data | IP address, browser type, device type, user agent, session information, cookies, page-view events | Platform security, fraud prevention, service improvement, analytics |
| Communication data | Emails, WhatsApp messages, SMS, call notes, support interactions | Customer support, grievance handling, dispute resolution |
| Transaction data | Order number, transaction status, pickup details, payout status, voucher details, Assured Buyback registration details | Service fulfilment, audit, accounting, legal compliance |
We do not intentionally collect Aadhaar numbers, biometric data, health data, caste, religion, sexual orientation, or similar information as part of the standard consumer flow.
Where Digi2L processes data relating to partners, resellers, recyclers, logistics providers, business users, or other commercial counterparties, such processing may be subject to separate partner terms, onboarding documents, agreements, or privacy notices.
3. How We Use Personal Data
We use Personal Data for the following purposes:
- creating, verifying, and managing your Digi2L account;
- providing appliance valuation, Self-QC review, Field-QC, pickup coordination, buyback, exchange, Smart Sell, Smart Buy, Assured Buyback, voucher, payout, and related services;
- communicating order updates, pickup confirmations, valuation updates, payout information, refund status, grievance updates, and service-related messages through email, phone, SMS, WhatsApp, or other permitted channels;
- processing payouts, refunds, invoices, vouchers, online credits, and payment-related activities;
- detecting, preventing, and investigating fraud, abuse, suspicious transactions, false declarations, misuse of vouchers, payment issues, and unlawful activity;
- complying with applicable laws, regulatory requirements, tax obligations, accounting requirements, court orders, lawful government requests, and internal compliance processes;
- improving Platform functionality, service quality, pricing accuracy, partner allocation, customer experience, and operational efficiency;
- maintaining audit trails, transaction records, quality-check records, and dispute-resolution records; and
- sending service-related communications and, where you have consented or where otherwise permitted by law, promotional or marketing communications.
We will not use your Personal Data for a materially different purpose without providing appropriate notice or obtaining consent where required under applicable law.
4. Consent and Withdrawal
Where consent is required under applicable law, Digi2L will seek your consent through a clear affirmative action, such as a checkbox, confirmation screen, OTP-based confirmation, or another appropriate method.
You may withdraw consent at any time by writing to data.protection@digi2l.co.in or through any other method made available on the Platform.
Withdrawal of consent will not affect the lawfulness of processing carried out before such withdrawal. However, withdrawal may affect Digi2L’s ability to provide certain services where the relevant Personal Data is necessary for that service, transaction, payout, pickup, verification, legal compliance, or dispute resolution.
5. Sharing of Personal Data
Digi2L may share Personal Data with third parties only where necessary for providing services, fulfilling transactions, complying with law, preventing fraud, resolving disputes, or operating the Platform.
Such third parties may include:
- logistics and pickup partners;
- field verification and quality-check teams;
- resellers, recyclers, refurbishes, brand partners, retail partners, and buyback partners;
- payment gateways, banks, UPI/NEFT service providers, voucher issuers, and financial service providers;
- cloud hosting, database, CDN, email, SMS, WhatsApp, analytics, and technology service providers;
- professional advisers, auditors, consultants, insurers, and legal representatives;
- group companies, affiliates, successors, or acquirers in connection with business restructuring, merger, acquisition, transfer, or sale of assets; and
- government authorities, courts, regulators, law enforcement agencies, or other persons where disclosure is required or permitted by law.
Where required, Digi2L enters into appropriate contractual arrangements with service providers to ensure that Personal Data is processed only for authorised purposes and with appropriate security safeguards.
Digi2L does not sell your Personal Data to advertisers or data brokers.
6. Cross-Border Transfers
Some of our technology, cloud, hosting, communication, or service providers may process or store Personal Data outside India.
Where Personal Data is transferred outside India, Digi2L will take reasonable steps to ensure that such transfer is carried out in accordance with applicable law, contractual safeguards, and any restrictions or requirements notified by the Government of India from time to time.
7. Retention of Personal Data
Digi2L retains Personal Data only for as long as reasonably necessary for the purposes for which it was collected, including service fulfilment, legal compliance, accounting, audit, fraud prevention, dispute resolution, and enforcement of legal rights.
Indicative retention periods are:
| Data Type | Retention Period |
|---|---|
| Account profile and contact details | For the active account period and up to 3 years after deactivation, unless a longer retention period is required for legal, regulatory, audit, fraud prevention, dispute resolution, or legitimate business purposes. |
| Order, transaction, payout, refund, tax, and invoice records | Up to 8 years, or longer where required under applicable tax, accounting, regulatory, or legal requirements. |
| Self-QC photos, videos, and verification records | Up to 3 years from transaction completion, unless longer retention is necessary for disputes, fraud prevention, warranty claims, audit, or legal compliance. |
| Customer support and communication records | Up to 2 years from closure of the query, or longer where required for legal, audit, quality, fraud, or dispute purposes. |
| Server logs and security logs | Up to 180 days, unless longer retention is required for security monitoring, fraud investigation, legal compliance, or incident response. |
| Partner/business-user KYC records | As required under applicable law, onboarding terms, contractual obligations, and internal compliance policies. |
We may retain data for a longer period where required by applicable law, regulatory directions, court orders, tax/accounting obligations, fraud prevention, security, audit, or dispute resolution purposes. Where retention is no longer necessary, we will delete, anonymise, or aggregate the data in accordance with applicable law.
8. Security Safeguards
Digi2L implements reasonable security practices and safeguards designed to protect Personal Data against unauthorised access, disclosure, alteration, loss, misuse, or destruction.
These safeguards may include encryption in transit, access controls, authentication controls, role-based access, internal access logging, secure storage, vulnerability assessments, security reviews, and other technical and organisational measures appropriate to the nature of the Personal Data processed.
However, no digital platform, transmission method, or storage system can be guaranteed to be completely secure. You are responsible for keeping your login credentials, OTPs, devices, and account access secure.
9. Personal Data Breach
In the event of a Personal Data breach, Digi2L will take reasonable steps to assess, contain, investigate, and remediate the breach.
Where required under applicable law, Digi2L will notify the Data Protection Board of India and affected Data Principals in the manner and timeline prescribed under applicable law.
10. Children
The Platform is not intended for use by children below 18 years of age.
Digi2L does not knowingly collect or process Personal Data of children. If we become aware that Personal Data of a child has been collected without appropriate consent, we will take reasonable steps to delete such data, unless retention is required under applicable law.
11. Your Rights
Subject to applicable law, you may have the right to:
- access information about the Personal Data processed by Digi2L;
- request correction, completion, updating, or erasure of your Personal Data;
- withdraw consent where processing is based on consent;
- raise a grievance regarding processing of your Personal Data;
- nominate another individual to exercise your rights in the event of death or incapacity, where applicable under law; and
- approach the Data Protection Board of India or other appropriate authority where applicable.
To exercise your rights, you may write to data.protection@digi2l.co.in.
We may verify your identity before acting on a request. Digi2L may decline or limit a request where permitted by applicable law, including where retention is necessary for legal compliance, transaction records, fraud prevention, dispute resolution, or enforcement of legal rights.
12. Cookies and Similar Technologies
Digi2L uses cookies and similar technologies to operate the Platform, maintain sessions, improve performance, understand usage, prevent fraud, and provide a better user experience.
Some cookies are essential for the functioning of the Platform. Other cookies, such as analytics or marketing cookies, may be used subject to applicable consent requirements.
Further details are available in Digi2L’s Cookie Policy.
13. Marketing Communications
Where permitted by law or where you have provided consent, Digi2L may send you promotional communications, offers, service updates, partner offers, or marketing messages.
You may opt out of promotional communications by following the unsubscribe or opt-out instructions provided in the communication, or by writing to help@digi2l.co.in.
Even if you opt out of promotional communications, Digi2L may continue to send you service-related, transaction-related, legal, security, or account-related communications.
14. Changes to this Privacy Policy
Digi2L may update this Privacy Policy from time to time.
When we make material changes, we may update the “Last updated” date, publish a notice on the Platform, notify users through appropriate channels, or seek fresh consent where required under applicable law.
Your continued use of the Platform after the updated Privacy Policy becomes effective will be governed by the updated Privacy Policy.
15. Grievances
For any complaint or concern relating to the processing of your Personal Data, you may contact:
- Grievance Officer
- Name: Mr. Serajul Mohammad
- Designation: Grievance Officer
- Email: grievance@digi2l.co.in
- Phone: +91 (022)-65511123
- Address: Tech Web Centre, Link Road, Oshiwara, Mumbai, Maharashtra - 400102, India
Digi2L will acknowledge and resolve grievances in accordance with its Grievance Redressal Policy and applicable law.
For data-protection specific queries, you may also write to:
- Data Protection Contact
- Name: Data Protection Team
- Email: data.protection@digi2l.co.in
- Phone: +91 (022)-65511123
16. Contact and Legal Entity
Digi2L is operated by UTC Digital Technologies Private Limited, a company incorporated under the Companies Act, 2013, having CIN U72900MH2022PTC374507 and GSTIN 27AADCU0037B2ZV.
- Registered Office: Tech Web Centre, Link Road, Oshiwara, Mumbai, Maharashtra - 400102, India
- General Enquiries: help@digi2l.co.in
- Phone: +91 (022)-65511123