AavishkarIT Comprehensive Privacy Policy

Last Updated: March 31, 2024

1. Introduction and Overview

AavishkarIT ("we," "us," or "our") is a leading technology solutions provider specializing in innovative digital transformation services. We operate the website www.aavishkarit.com (the "Site") and related mobile applications (the "Apps"), collectively referred to as the "Services." As the data controller, we are responsible for determining how and why your personal data is processed in compliance with global privacy regulations including the General Data Protection Regulation (GDPR) for EU/UK residents, the California Consumer Privacy Act (CCPA/CPRA) for US residents, Singapore's Personal Data Protection Act (PDPA), India's Information Technology Act, 2000, and Brazil's General Data Protection Law (LGPD).

This Privacy Policy serves as a comprehensive guide to our data practices, detailing what personal data we collect, how we process it, who we share it with, your rights regarding your data, and the security measures we implement to protect your information. By accessing or using our Services, you acknowledge that you have read, understood, and agreed to all provisions outlined in this Privacy Policy. Should you disagree with any aspect of this policy, you must immediately discontinue use of our Services. For minors under the age of 13 (or 16 in certain jurisdictions), we require verifiable parental consent before collecting or processing any personal data.

2. Scope and Application

This Privacy Policy applies to all personal data collected through our digital platforms including the AavishkarIT website and all subdomains, our suite of mobile applications available on iOS and Android platforms, and any web-based portals we operate. The policy governs our business activities including sales and customer onboarding processes, marketing campaigns and advertising initiatives, recruitment and human resources operations, and vendor/supplier relationships. We collect various types of data including information provided directly by users, data obtained from third-party sources, and information gathered automatically through cookies and tracking technologies.

The policy does not apply to third-party websites linked from our Services, data processed by our customers through our products (which is governed by separate agreements), or publicly available information not obtained through our Services. While our Services are accessible globally, this policy specifically addresses compliance requirements for the European Union/European Economic Area (EU/EEA), United Kingdom (UK), United States (including California-specific provisions), India, and all other jurisdictions where we conduct business operations.

3. Information We Collect

We collect personal data through several methods to provide and improve our Services. When you create an account with AavishkarIT, we collect your full legal name, email address, contact number, professional title (for business accounts), company/organization name, and a securely hashed password. For financial transactions, we process billing addresses, payment details through PCI-DSS compliant providers like Stripe and Razorpay, transaction histories, and tax identification numbers where applicable. User submissions may include support tickets, forum posts, survey responses, and job application materials containing resumes and cover letters.

Our systems automatically collect technical information including IP addresses, device identifiers (such as IMEI and MAC addresses), browser type and version, operating system details, and screen resolution capabilities. Usage data encompasses pages visited, time spent on each page, clickstream patterns, search queries leading to our Site, and detailed feature usage statistics. We employ several types of cookies including essential cookies for core functionality like session maintenance (expiring when you close your browser), performance cookies such as Google Analytics with 2-year durations, functional cookies for preference storage lasting 1 year, and targeting cookies including Facebook Pixel for advertising purposes with 90-day lifespans.

We also obtain information from third-party sources. Social media integrations provide profile information, friends/connections lists (when permissions are granted), and engagement metrics. Business partners share lead generation data, event attendee lists, and integration partner details. From public sources, we may collect professional networking information from platforms like LinkedIn, business directory listings, and government registry data for compliance purposes.

4. Purposes and Legal Bases for Processing

We process personal data under several legal bases as defined by global privacy regulations. For contractual necessity under GDPR Article 6(1)(b), we process data to create and maintain user accounts, process transactions and deliver services, provide customer support, and notify users about service changes. Our legitimate interests under GDPR Article 6(1)(f) include service improvement and development through data analysis, fraud prevention and security monitoring, network and information security maintenance, and direct marketing communications where permitted by law.

To comply with legal obligations under GDPR Article 6(1)(c), we process data for tax reporting, responding to lawful government requests, and maintaining required business records. For activities requiring explicit user permission, we obtain consent under GDPR Article 6(1)(a) before sending marketing communications, using non-essential cookies, or processing sensitive categories of personal data. We conduct thorough legitimate interest assessments to ensure our processing activities don't override individual privacy rights.

5. Data Sharing and Disclosure

We share personal data with carefully vetted recipients under strict contractual obligations. Internally, this includes technical support staff requiring access to troubleshoot issues, sales and marketing personnel for customer relationship management, product development teams for service improvements, and executive management for business analytics. Our service providers operate under binding data processing agreements and include cloud hosting providers like AWS and Google Cloud for data storage, payment processors such as Stripe and Razorpay for transaction handling, analytics services including Google Analytics and Hotjar for usage analysis, marketing platforms like Mailchimp and HubSpot for campaign management, and customer support systems including Zendesk and Freshdesk for issue resolution.

We disclose information when legally required to tax authorities, law enforcement agencies (following proper legal process), and data protection authorities. In business transfer scenarios such as mergers, acquisitions, asset sales, or bankruptcy proceedings, user data may be transferred as part of the business assets. We implement strict data minimization principles, ensuring third parties only receive the specific information necessary to perform their contracted services, with anonymization techniques applied where feasible.

6. International Data Transfers

For cross-border data transfers, we implement robust transfer mechanisms in compliance with global regulations. EU/UK data transfers utilize Standard Contractual Clauses (SCCs) and the EU-US Data Privacy Framework certification where applicable. Other regions employ Binding Corporate Rules (BCRs) for intra-company transfers and local compliance measures such as India's Digital Personal Data Protection Act (DPDPA) requirements. We conduct comprehensive Transfer Impact Assessments evaluating recipient countries' data protection laws, third-party security measures, and potential risks to data subjects, documenting all findings and mitigation strategies.

Where data localization laws apply (such as India's RBI guidelines for payment data), we implement in-country storage solutions and processing infrastructure. All international data transfers undergo rigorous review by our Data Protection Officer and legal team to ensure compliance with applicable regulations, with additional safeguards like encryption and access controls implemented for high-risk transfers.

7. Data Subject Rights

We respect and facilitate all data subject rights under applicable privacy laws. Users may request access to their personal data to obtain a comprehensive copy of what we process. The right to rectification allows correction of inaccurate or incomplete information. Under certain conditions, users may request erasure of their personal data from our systems. The right to restriction permits limiting how we process data during dispute resolution or accuracy verification periods.

Data portability rights entitle users to receive their data in structured, commonly used, and machine-readable formats for transfer to another service provider. Users may object to specific processing activities, particularly direct marketing or automated decision-making. Region-specific rights include California residents' ability to opt-out of personal data sales and targeted advertising under CCPA/CPRA.

To exercise these rights, users may submit requests via email to privacy@aavishkarit.com or through our dedicated Data Subject Access Request (DSAR) portal. We implement a rigorous verification process including two-factor authentication and ID documentation review to prevent unauthorized access. GDPR requests are fulfilled within 30 calendar days, while CCPA requests allow for 45 days with one permissible extension. If dissatisfied with our response, users may appeal through an internal review by our Data Protection Officer or by filing a complaint with their local supervisory authority.

8. Data Retention Schedule

We retain personal data only as long as necessary for defined purposes, following strict retention policies. Account data is maintained for 5 years post-account termination to comply with contractual and business record requirements. Financial records including transaction data are retained for 7 years to satisfy tax and accounting regulations. Marketing data persists for 3 years from last engagement unless consent is withdrawn earlier. Website logs and security data are maintained for 1 year to support investigations and threat analysis. Unsuccessful job applicant data is retained for 2 years for talent pipeline management unless candidates request earlier deletion.

Our deletion processes employ cryptographic shredding for digital data, physical destruction for storage media, and comprehensive purging protocols for cloud storage systems. We conduct quarterly audits to identify and remove obsolete data, documenting all destruction activities for compliance verification. Special retention provisions apply for legal holds during litigation or investigations.

9. Security Measures

We implement multi-layered security controls to protect personal data. Technical safeguards include TLS 1.3 encryption for all data in transit and AES-256 encryption for data at rest. Access controls feature role-based permissions, mandatory multi-factor authentication, and privileged access management with just-in-time elevation. Network security employs next-generation firewalls, intrusion detection/prevention systems, and DDoS mitigation solutions.

Organizational measures include annual privacy training for all employees with quarterly phishing simulations, documented incident response plans tested biannually, and business continuity protocols ensuring data availability. Physical security at our data centers includes biometric access controls, 24/7 surveillance monitoring, and environmental protections against fire/flood. We conduct regular penetration testing and vulnerability assessments, maintaining ISO 27001 certification for our information security management system.

10. Children's Privacy

Our Services are not designed for children under 13 (or 16 in the EU without parental consent). For age-sensitive services, we implement robust age verification including credit card validation, government ID checks, and notarized parental consent forms. If we discover accidental collection of child data, we immediately delete the information, notify parents/guardians when possible, and terminate associated accounts. We maintain strict "age gates" preventing underage users from accessing inappropriate services and provide specialized parental controls where applicable.

11. Third-Party Links

Our Services may contain links to external websites including business partners, industry resources, and social media platforms. We explicitly disclaim responsibility for third-party privacy practices and encourage users to review their policies before sharing information. When integrating third-party services, we conduct privacy impact assessments and limit data sharing to the minimum necessary for functionality.

12. Policy Updates

We reserve the right to modify this Privacy Policy as needed, with material changes communicated through email alerts to registered users and prominent site banners for 30 days. All historical versions remain archived at /privacy-policy-archive for reference. Continued use of Services after changes constitutes acceptance of the revised policy.

13. Contact Information

For privacy inquiries, please contact:

- General: info@aavishkarit.com

- Phone: +91 8368785127

- Postal: AavishkarIT Privacy Office, 702, New Patel Nagar, Karsan road, Orai, jalaun, Uttar pradesh 285001.