Privacy Notice

Our Commitment to Protecting Your Personal Data

At Ashok Leyland, we value your trust and are committed to protect your privacy. In line with India's Digital Personal Data Protection (DPDP) Act, 2023, we will handle your information fairly and safely. We collect your data and ensure that personal data is processed in a lawful and responsible manner with appropriate technical and organisational safeguards in place.
This Privacy Notice outlines the types of personal data we collect, the purpose for which we process, and how we keep it secure when you use our services both online (apps/websites) and in person at our facilities.

Scope

This Notice applies to:

• Personal data collected on paper form that is subsequently digitized. paperform to be written together
• Personal data collected and/or processed outside India digitally for the purpose of offering goods or services to individuals in India
• Personal data collected on paperform that is subsequently digitized.

This Notice is effective from February 11, 2026. It governs the processing of your personal data from this date onwards, in accordance with the requirement of Digital Personal Data Protection Act, 2023.

Purpose and Lawful Basis for Processing Personal Data

Ashok Leyland collects and processes your personal data either:

• With your explicit consent, or
• Under legitimate uses permitted by Section 7 of the DPDP Act

How we collect your information:

We collect data through your direct interactions with the Ashok Leyland ecosystem, including:

• Our Digital Tools: Websites, mobile apps, and online service platforms.
• Our Network: Authorized dealers, service centers, mechanics, and business partners.
• In-Person: When you visit our physical offices or manufacturing locations.

When we collect it:

We process your information during key moments, such as when you:

• Enquire, purchase a vehicle or book a service.
• Enroll in a warranty, AMC (Annual Maintenance Contract), or loyalty program.
• Apply for vehicle insurance or related financial services.
• Request technical support, customer assistance, or after-sales care.
• Apply for career job portal, onboard any program run by Ashok Leyland
• Enroll and onboard Ashok Leyland network for Sales, Service, Parts or Vendors

Personal Data collected via Ashok Leyland

Under the Digital Personal Data Protection Act, 2023 (“DPDP Act”), personal data refers to any data about an individual who is identifiable by or in relation to such data. When you interact with Ashok Leyland’s websites, applications, or services, we may collect personal data that can identify, contact, or locate you. This includes information such as your name, age, gender, address, phone number, email ID, IP address, location data, and device-related information.

Personal data is collected at various touchpoints, including when:

• you register on our websites or applications,
• access or use services made available through our platforms,
• or contact us for product information, service-related queries,
• our customer support.

Ashok Leyland acts as a Data Fiduciary where personal data is directly requested and collected through its platforms. In instances where you voluntarily choose to share personal data with third parties such as authorised business partners through our platforms They are Individually responsible for ensuring compliance with applicable data protection laws, including obtaining valid consent from the concerned Data Principals.

In addition, not all personal data processed by Ashok Leyland is collected directly from you. In certain cases, we may receive personal data from authorised business partners or service providers as part of service delivery or for operational requirements. Ashok Leyland ensures that all such personal data is processed lawfully, securely, and in accordance with the DPDP Act.

The sections below provide an overview of the categories of personal data processed, the related business activities and purposes, and the applicable lawful grounds. Personal data may be collected directly from individuals or through authorised partners, digital platforms, applications, and service providers engaged by Ashok Leyland, in compliance with the DPDP Act, 2023.

Personal Data collected and processed by third parties

As a Data Fiduciary under the Digital Personal Data Protection Act, 2023, Ashok Leyland engages authorised third parties (“Data Processors”) who process personal data strictly on our instructions. These partners are contractually obligated to maintain confidentiality, implement appropriate security controls, and process personal data only for the specific purposes defined by Ashok Leyland.

We may share your personal data with different categories of processors to support our operations. Your personal data may be shared strictly for the purposes described in this Privacy Notice and not for any other purpose.

Your Rights as a Data Principal

As a Data Principal, you have the following rights in relation to your personal data processed by Ashok Leyland:

1. Right to Access Information

You may request a summary of the personal data processed by Ashok Leyland, including the categories of data, the purpose of processing, and details of third parties with whom the data has been shared. If required a copy of your personal data may be provided in electronic form, subject to applicable legal requirements and exceptions under the DPDP Act.

2. Right to Correction and Erasure

You have the right to request correction of inaccurate or incomplete personal data and to request erasure of personal data that is no longer required for the purpose for which it was collected, unless retention is required under applicable law.

3. Grievance Redressal

You may raise grievances relating to the processing of your personal data or the exercise of your rights under the DPDP Act. Ashok Leyland has established a grievance redressal mechanism to address such concerns in a timely manner, in accordance with applicable law.

4. Right to Nominate

You have the right to nominate an individual to exercise your rights on your behalf in the event of death or incapacity, in accordance with the DPDP Act.

Ashok Leyland will respond to data rights requests in accordance with the timelines prescribed under the DPDP Act, 2023.

For security purposes, identity verification may be required before processing any request. For security purposes, identity verification may be required before processing any request, however where a request is refused, the reasons shall be explained for such refusal.

For any queries or to exercise your rights, you may contact Ashok Leyland’s Data Protection Officer at [email protected].

Retention and Deletion

We ensure that your Personal Data is accurate, up to date, and retained only for as long as necessary to fulfil the purposes for which it was collected, including providing access to and use of the website. In certain circumstances Personal Data may be retained as required to comply with applicable laws, regulations, legal obligations, resolve disputes, enforce agreements, or to establish, exercise, or defend legal claims.

Retention periods may vary depending on the nature of the Personal Data and the purpose of processing, and are determined in accordance with applicable statutory requirements, organisational retention policies, and limitation periods.

Once the relevant purpose has been fulfilled and the applicable retention period has expired, the Personal Data is securely deleted or anonymised in a systematic manner. Even after deletion from active systems, certain data may be retained in backup or archival systems for audit, legal, tax, or regulatory purposes, as permitted under applicable law.

Data Transfer Outside India

Ashok Leyland Limited ensures secure and compliant transfer of personal data beyond Indian borders in accordance with the Digital Personal Data Protection Act 2023. We implement robust safeguards through:

• Adherence to transfer regulations specified by the Data Protection Board of India
• Compliance with governmental restrictions on data flows to notified countries.
• Implementation of prescribed contractual safeguards for permitted international transfers.
• Regular monitoring of cross-border data protection requirements

We maintain transparency in our international data processing activities and undertake transfers only to countries approved by the Central Government. For specific inquiries about our cross-border data practices, please contact our Data Protection Officer at [email protected].

Changes to this Privacy Notice

This Privacy Notice is subject to modification in response to changes in our privacy practices or upon notification from governmental authorities from time to time. In the event of any amendments, the revised notice will be published on this website. If Should there be is significant changes affecting the processing of your personal data, we will notify you via email or through any other available appropriate communication channels.

Link to other Websites

Our websites may include features like buttons or tools that link to services provided by third party companies. We encourage you to review the privacy policies of these external sites, as they may have their own privacy notices in place. Please note that we cannot be held responsible for the privacy practices of these Third party sites.

How to Exercise Your Rights

You may exercise these rights by contacting our Data Protection Officer through the following Channels: