Privacy
Policy.

Paths (operating as Paths Office) is a research-led architecture and interior design studio based in Greater Noida, India. We operate the website at https://pathsoffice.com.

For the purposes of this policy, we are the Data Controller — the entity that determines how and why your personal data is processed.

Registered Address: Ace Platinum, Zeta 1, Greater Noida, Uttar Pradesh, India

Contact Email: hello@pathsoffice.com

Contact Phone: +91 95687 11520

We collect information in the following ways:

2.1 Information You Provide Directly

• Full name and email address when you submit our contact form
• Phone number, if provided voluntarily
• Project details, requirements, or messages you send us
• Any documents, images, or attachments you share with us

2.2 Information Collected Automatically

• IP address and approximate geographic location
• Browser type, version, and operating system
• Pages visited, time spent on each page, and navigation paths
• Referral source (how you arrived at our website)
• Device type (desktop, mobile, tablet)
• Cookie identifiers (see our Cookie Policy for details)

2.3 Information from Third Parties

• If you contact us via Instagram, LinkedIn, or WhatsApp, we may receive your public profile information
• Analytics providers may share aggregated data about website traffic

We use your personal information for the following purposes:

• To respond to your enquiries and communicate about potential projects
• To provide architectural, interior design, and related professional services
• To send project updates, proposals, or documentation related to an active engagement
• To improve our website, services, and user experience based on usage patterns
• To comply with legal obligations, including maintaining records for taxation and regulatory purposes
• To protect our rights, property, or safety, and that of our clients and the public
• To send occasional service-related communications (we do not send unsolicited marketing)

We do not sell, rent, or trade your personal information to any third party for marketing purposes.

Under India's Digital Personal Data Protection Act, 2023 (DPDPA) and the GDPR (for users in the European Economic Area), we process your personal data on the following legal grounds:

• Consent — when you voluntarily submit your information through our contact form or communications channels
• Legitimate Interests — for website analytics, fraud prevention, and improving our services, where such interests are not overridden by your rights
• Contractual Necessity — when processing is required to fulfil a professional services agreement with you
• Legal Obligation — when we are required to retain records for tax, regulatory, or legal compliance purposes

We do not sell your personal data. We may share it only in the following limited circumstances:

5.1 Service Providers

We engage trusted third-party service providers who assist us in operating our business. These parties are contractually bound to protect your data and may only use it for the specific services they provide to us:

• Website hosting and infrastructure providers
• Email delivery services (for contact form responses)
• Analytics platforms (e.g. Google Analytics — anonymised and aggregated)
• Cloud storage providers for project documentation

5.2 Professional Collaborators

With your knowledge, we may share relevant project details with structural engineers, consultants, contractors, or other professionals involved in delivering your project. We will not share your personal contact information with them without your consent.

5.3 Legal Requirements

We may disclose your information if required to do so by law, court order, or government authority, or if we believe disclosure is necessary to protect the rights, property, or safety of Paths Office, our clients, or others.

5.4 Business Transfer

In the event of a merger, acquisition, or sale of all or part of our business, your data may be transferred as part of that transaction. We will notify you via email or a prominent notice on our website prior to any such transfer.

We retain your personal data only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

• Enquiry data (no project commenced): retained for up to 12 months, then deleted
• Active project data: retained throughout the duration of the project and for 7 years after completion, as required by Indian tax and professional regulations
• Website analytics data: retained for up to 26 months in anonymised/aggregated form
• Email correspondence: retained for up to 7 years for legal and dispute resolution purposes

When your data is no longer required, we securely delete or anonymise it so that it can no longer be associated with you.

We implement appropriate technical and organisational measures to protect your personal information against unauthorised access, alteration, disclosure, or destruction. These measures include:

• SSL/TLS encryption for all data transmitted through our website
• Access controls limiting data access to authorised personnel only
• Regular security reviews of our systems and practices
• Secure storage of physical documents containing personal information
• Use of reputable, security-certified cloud and hosting providers

While we take every reasonable precaution, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to maintaining industry-standard safeguards. In the event of a data breach that is likely to result in a risk to your rights, we will notify you and the relevant authorities as required by applicable law.

Depending on your location, you may have the following rights regarding your personal data:

Under India's DPDPA 2023

• Right to Access — request a summary of personal data we hold about you and the purposes for which it is being processed
• Right to Correction — request correction of inaccurate or incomplete personal data
• Right to Erasure — request deletion of your personal data where it is no longer necessary for the purpose for which it was collected
• Right to Grievance Redressal — lodge a complaint with us or with the Data Protection Board of India
• Right to Nominate — nominate another individual to exercise rights on your behalf in the event of your death or incapacity

Under GDPR (EU/EEA Users)

• Right to Access — obtain a copy of the personal data we hold about you
• Right to Rectification — have inaccurate data corrected
• Right to Erasure ("Right to be Forgotten") — request deletion under certain conditions
• Right to Restrict Processing — ask us to limit how we use your data
• Right to Data Portability — receive your data in a structured, machine-readable format
• Right to Object — object to processing based on legitimate interests or for direct marketing
• Rights related to automated decision-making — we do not engage in automated profiling or decisions with legal effect

To exercise any of these rights, please contact us at hello@pathsoffice.com. We will respond within 30 days. We may need to verify your identity before processing your request.

Our website and services are not directed at children under the age of 18. We do not knowingly collect personal information from minors. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately at hello@pathsoffice.com and we will take prompt steps to delete such information.

Our website may contain links to third-party websites, including our social media profiles on Instagram and LinkedIn. Once you leave our website, this Privacy Policy no longer applies. We are not responsible for the privacy practices of third-party sites and encourage you to review their respective privacy policies before providing any personal information.

Our primary operations are based in India. If you are accessing our website from outside India, please note that your information may be transferred to and processed in India, where data protection laws may differ from those in your country.

Where we use third-party service providers who process data outside India (e.g. cloud hosting or analytics providers), we ensure such transfers are made with appropriate safeguards in place, including standard contractual clauses or equivalent data protection agreements.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify you by email or through a notice on our website.

Your continued use of our website after any changes constitutes your acceptance of the updated policy. We encourage you to review this page periodically.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact our Data Privacy point of contact: