Privacy & Data Protection

Privacy Policy

PALSANIA WEB TECHNOLOGY PRIVATE LIMITED is committed to protecting your privacy and ensuring the security of your personal information.

Effective Date: March 30, 2026 Global Compliance

1Introduction

PALSANIA WEB TECHNOLOGY PRIVATE LIMITED respects your privacy and is committed to protecting it through this Privacy Policy. This policy explains how we collect, use, disclose, and safeguard your information when you use our services, websites, and applications.

We are dedicated to maintaining the highest standards of data protection and privacy in compliance with applicable laws and regulations, including GDPR, CCPA, and other international privacy frameworks.

2Information We Collect

Personal Information

We may collect personally identifiable information such as:

  • Name
  • Email address
  • Phone number
  • Company name
  • Billing and payment details
  • Professional credentials and certifications

Non-Personal Information

We automatically collect certain information including:

  • Browser type and version
  • IP address
  • Device information (OS, screen resolution)
  • Usage data and analytics
  • Website navigation patterns
  • Geographic location data

Cookies and Tracking Technologies

We use cookies, web beacons, and similar technologies to enhance user experience, analyze website traffic, and provide personalized content. You can control cookie preferences through your browser settings.

3How We Use Your Information

Service Delivery

  • • Provide and maintain our IT services
  • • Process transactions and payments
  • • Deliver project updates and support
  • • Manage client relationships

Business Operations

  • • Improve our website and offerings
  • • Conduct analytics and research
  • • Ensure security and prevent fraud
  • • Comply with legal obligations

Communication

We use your information to communicate with you about our services, including support responses, service updates, marketing communications (with consent), and important security notifications.

4Sharing Your Information

Authorized Sharing

We may share your information with:

  • Service Providers: Cloud hosting, payment processors, and IT infrastructure providers
  • Business Partners: Technology partners and subcontractors for project delivery
  • Legal Authorities: When required by law or to protect our rights
  • Business Transfers: In case of merger, acquisition, or asset sale

Important Notice

We do not sell personal data to third parties for marketing purposes. Any data sharing is limited to the purposes described above and conducted in accordance with applicable privacy laws.

5Data Security

Enterprise-Grade Security Measures

We implement comprehensive technical and organizational measures to protect your data from unauthorized access, alteration, disclosure, or destruction. Our security framework includes:

AES-256 encryption at rest and in transit
Multi-factor authentication (MFA)
Regular security audits and penetration testing
Role-based access controls (RBAC)
24/7 security monitoring
Incident response procedures

6Data Retention

We retain personal information only as long as necessary for the purposes outlined in this Privacy Policy, or as required by applicable laws and regulations. Our retention periods are determined based on:

  • The nature of the information and its sensitivity
  • The potential risk of harm from unauthorized use or disclosure
  • Legal, regulatory, tax, and accounting requirements
  • Our legitimate business needs

When information is no longer needed, we securely delete or anonymize it in accordance with our data retention schedule and legal requirements.

7Your Rights

Access & Control

  • Access: Request a copy of your personal data
  • Correction: Request correction of inaccurate data
  • Deletion: Request deletion of your personal data
  • Portability: Request transfer of your data

Additional Rights

  • Withdraw Consent: Withdraw consent for processing
  • Object: Object to processing in certain circumstances
  • Restrict: Request restriction of processing
  • Lodge Complaint: File complaints with supervisory authorities

To exercise these rights: Contact our Data Protection Officer using the information provided in the Contact Us section. We will respond to your request within 30 days or as required by applicable law.

9International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws than your jurisdiction.

When we transfer personal data internationally, we ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by relevant authorities
  • Adequacy decisions by competent data protection authorities
  • Binding Corporate Rules for intra-group transfers
  • Certification schemes and codes of conduct

10Children's Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately so we can remove the information.

11GDPR Compliance

EU General Data Protection Regulation

For users located in the European Union, we comply with the GDPR requirements. Our GDPR compliance includes:

  • Lawful basis for processing personal data
  • Data Protection Impact Assessments (DPIA) for high-risk processing
  • Data Protection Officers and representatives in EU member states
  • Records of processing activities
  • Breach notification procedures within 72 hours

Data Subject Rights Under GDPR

EU residents have additional rights including the right to data portability, the right to object to automated decision-making, and the right to lodge complaints with supervisory authorities.

12Cloud Services & Data Processing Agreement

Cloud Infrastructure Providers

We utilize industry-leading cloud service providers to ensure high availability, scalability, and security:

AWS
Amazon Web Services
Azure
Microsoft Azure
GCP
Google Cloud Platform

Data Processing Agreement (DPA)

We offer comprehensive Data Processing Agreements that outline:

  • Scope and purpose of data processing
  • Technical and organizational security measures
  • Subprocessor obligations and notifications
  • Data subject rights and assistance
  • Incident notification and response procedures
  • Return or deletion of personal data
  • Audit rights and cooperation with regulators

Contact us to request a DPA for your organization.

13Incident Response Procedures

Security Incident Response

In the event of a security incident involving personal data, we follow a structured incident response process:

Immediate Response (0-24 hours)

  • • Incident detection and assessment
  • • Containment of the breach
  • • Notification of internal security team
  • • Initial impact analysis

Follow-up Actions (24-72 hours)

  • • Forensic investigation
  • • Regulatory notifications
  • • Affected user communications
  • • Remediation and recovery

Breach Notification

We will notify affected individuals and relevant authorities within 72 hours of becoming aware of a breach, as required by applicable data protection laws. Notifications will include details about the breach and steps taken to mitigate harm.

14Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the "Effective Date" at the top of this policy
  • Post the updated policy on this page
  • Send email notifications to registered users (where applicable)
  • Provide prominent notice of significant changes

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.