" />
← Back to home

Privacy Policy

Working draft pending legal review — first published 07 July 2026

This Privacy Policy explains how Gheun Tak Private Limited ("Gheun Tak", "we", "us", or "our") handles personal data collected through the website gheun-tak.com (the "Site"). It applies only to the Site. Each brand operated by Gheun Tak — including Nati — publishes its own privacy notice scoped to that brand's operations.

1. Data controller

For the purposes of India's Digital Personal Data Protection Act, 2023 ("DPDP Act"), Gheun Tak Private Limited is the Data Fiduciary. For visitors in the European Economic Area (EEA) and the United Kingdom, Gheun Tak Private Limited is the data controller under the General Data Protection Regulation (Regulation (EU) 2016/679, "GDPR") and the UK GDPR.

2. What data we collect

The Site is a brochure site and does not require you to create an account. We collect only the following categories of personal data:

a. Data you provide voluntarily. If you send us an email using the addresses shown on the Site (such as info@gheun-tak.com, founders@gheun-tak.com or careers@gheun-tak.com), we receive your email address, your name if you provide it, and the contents of your message.

b. Data collected automatically. When you visit the Site, our hosting provider records standard server-log data including your Internet Protocol (IP) address, the pages you request, the referring page, the date and time of the request, and general information about your browser and device. This data is used to operate and secure the Site.

c. Cookies and similar technologies. The Site uses a small number of cookies. Details are in our separate Cookie Policy.

3. Purposes and lawful bases

We process personal data for the following purposes:

To respond to your enquiries. When you write to us, we use your contact details and message to reply. Our lawful basis under the GDPR is our legitimate interest in operating the business (Article 6(1)(f)); under the DPDP Act, we rely on your consent, evidenced by your act of writing to us for a specified purpose.

To operate, secure and improve the Site. We use server logs and aggregated analytics to monitor availability, investigate errors, and prevent misuse. Our lawful basis under the GDPR is our legitimate interest (Article 6(1)(f)); under the DPDP Act, this is a legitimate use as permitted by law.

To comply with legal obligations. We may process personal data as required by applicable law, including responding to lawful requests from public authorities.

4. Sharing and disclosure

We do not sell personal data. We share personal data only with:

Service providers who process personal data on our behalf under written contracts — including our website host, email provider, and analytics provider (where applicable). These processors are permitted to use personal data only to provide services to us.

Legal and regulatory authorities where disclosure is required by law or to protect our legal rights.

Professional advisers such as lawyers, auditors, and accountants under duties of confidentiality.

5. International transfers

Our hosting and email providers may be located outside India, the EEA, or the United Kingdom. Where personal data is transferred internationally, we rely on the safeguards those providers offer under applicable data-transfer frameworks, including Standard Contractual Clauses under GDPR and equivalent mechanisms.

6. Retention

We keep personal data only as long as necessary for the purposes described above. Email correspondence is retained for as long as the underlying relationship is active and thereafter for a reasonable period consistent with our legal and tax obligations. Server logs are retained for a limited period for security and diagnostic purposes.

7. Your rights

Depending on the law that applies to you, you have the right to:

• request access to the personal data we hold about you;
• request correction or completion of that data;
• request erasure of that data;
• withdraw any consent you have given;
• nominate another individual to exercise your rights in the event of your death or incapacity (DPDP Act, Section 14);
• lodge a complaint with a supervisory authority — the Data Protection Board of India, your national data protection authority in the EEA, or the Information Commissioner's Office in the United Kingdom.

To exercise any of these rights, contact our Grievance Officer at privacy@gheun-tak.com. See our separate Grievance Officer notice for details.

8. Security

We take reasonable technical and organisational measures to protect personal data against loss, misuse, unauthorised access, disclosure, and alteration. No system is perfectly secure; if you believe your interaction with us is no longer secure, please contact us immediately.

9. Children

The Site is not directed at children. We do not knowingly collect personal data from a child (as defined under applicable law). If you believe a child has provided us with personal data, please contact our Grievance Officer and we will delete it.

10. Changes to this policy

We may update this policy from time to time. Substantive changes will be reflected in the date shown at the top of this page.

11. Contact

General enquiries: info@gheun-tak.com
Privacy and grievance enquiries: privacy@gheun-tak.com