Quantamist Pvt Ltd — Privacy Policy

Overview

Quantamist Pvt Ltd ("Quantamist," "we," "us," or "our") is committed to protecting your privacy. This Policy explains what personal data we collect, how we use and protect it, and your rights — in compliance with India's Digital Personal Data Protection (DPDP) Act 2023 and, where applicable, the GDPR and other applicable frameworks.

Given that data governance and DPDP compliance are among Quantamist's core service offerings, we hold ourselves to the standards we advise our clients on.

1. Data Fiduciary and Data Processor

For personal data collected through our website and business development activities, Quantamist acts as a Data Fiduciary under the DPDP Act 2023 — we determine the purpose and means of processing.

When we process personal data on behalf of a client pursuant to a service engagement, Quantamist acts as a Data Processor. That processing is governed by the relevant client agreement and is not covered by this Policy.

2. What We Collect

Information you give us directly

• Contact details: name, email address, phone number, job title, and organisation name — submitted via our website, enquiry forms, or in the course of an engagement.
• Communication content: messages, queries, and documents you send us by email or through our website.
• Business information: sector, company size, and service interests provided when exploring or entering a service engagement.

Information collected automatically

• Technical data: IP address, browser type, device type, operating system, and referring URL.
• Usage data: pages visited, time on page, links clicked, and navigation patterns on our website.

Information from third parties

• Publicly available professional profile information from sources such as LinkedIn, in the context of business development.
• Referral information provided by existing clients or partners.

We do not intentionally collect sensitive personal data through our website. Where sensitive data is necessary for a specific engagement, it is handled under a dedicated data processing agreement.

3. How We Use It

We use personal data to:

• Respond to your enquiries and provide information about our services.
• Prepare, negotiate, and execute service proposals and agreements.
• Deliver contracted services across our six service pillars and expansion verticals.
• Send operational communications, invoices, and service updates relevant to an active engagement.
• Send thought leadership, event invitations, and marketing communications where you have consented or where there is a legitimate interest in the context of an existing business relationship. You can opt out at any time.
• Maintain records required for tax, regulatory, and audit purposes under Indian law.
• Improve our website using aggregated, anonymised analytics.
• Comply with legal obligations and respond to lawful requests from competent authorities.

4. Legal Basis for Processing

You may withdraw consent at any time. This does not affect the lawfulness of any processing carried out before withdrawal.

5. Who We Share It With

Quantamist does not sell personal data. We may share it with:

• Service providers — cloud infrastructure providers (AWS, Azure, GCP), CRM and communication platforms, and professional advisors, all bound by confidentiality and data processing obligations.
• Regulatory and government authorities — where required by law, court order, or a competent authority. We will notify you in advance where legally permissible.
• Professional advisors — lawyers, accountants, and auditors acting under strict confidentiality obligations.
• Business transferees — in the event of a merger, acquisition, or business sale, subject to the acquirer assuming equivalent data protection obligations.
• With your explicit consent — where you have requested that we share your information with a specific third party.

All third-party processors are bound by data processing agreements consistent with DPDP Act requirements.

6. How Long We Keep It

After the applicable period, data is securely deleted or irreversibly anonymised. You may request earlier deletion in accordance with Section 8.

7. Security

We apply technical and organisational controls proportionate to the sensitivity of the data, consistent with the standards we advise our clients to adopt. These include:

• Encryption of data in transit (TLS 1.2 or higher) and at rest.
• Role-based access controls and multi-factor authentication for internal systems.
• Regular security assessments and vulnerability management.
• Vendor security reviews for all material third-party processors.
• Incident response procedures aligned with DPDP Act breach notification requirements.

In the event of a personal data breach that creates a risk of harm, we will notify affected individuals and, where required, the Data Protection Board of India within the timeframes mandated by law.

8. Your Rights

Under the DPDP Act 2023, you have the following rights as a Data Principal:

• Right to access — obtain a summary of the personal data we hold about you and how it has been processed.
• Right to correction — request that inaccurate or incomplete data be corrected.
• Right to erasure — request deletion of data that is no longer necessary for its original purpose, subject to any overriding legal obligation.
• Right to withdraw consent — withdraw consent at any time without affecting the lawfulness of prior processing.
• Right to grievance redressal — raise a complaint with our Grievance Officer and, if unresolved, escalate to the Data Protection Board of India.
• Right of nomination — nominate another individual to exercise your rights in the event of your death or incapacity.

To exercise any of these rights, contact us at support@quantamist.co. We will respond within 30 days. We may request identity verification and may decline requests that are manifestly unfounded, repetitive, or would require us to breach a legal obligation.

9. Cookies

Our website uses three categories of cookies:

• Strictly necessary — required for the website to function. These cannot be disabled.
• Analytics — used to understand how visitors interact with our website. These are only deployed with your consent.
• Preference — used to remember your settings. These are only deployed with your consent.

You can manage preferences through the cookie banner on first visit or through your browser settings. We do not use cookies for targeted advertising or cross-site behavioural tracking.

10. International Data Transfers

Personal data may be transferred to, processed, or stored outside India, including in AWS, Azure, and GCP regions in the US, EU, and Asia-Pacific. All such transfers are conducted in accordance with conditions prescribed under the DPDP Act 2023. Where GDPR applies, transfers are protected by Standard Contractual Clauses (SCCs) or applicable adequacy decisions.

11. Children

Our services are directed solely to businesses and professionals. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently received data from a minor, contact us immediately and we will delete it promptly.

12. Changes to This Policy

We may update this Policy to reflect changes in our practices, services, or applicable law. Material changes will be notified by updating this page with a revised date and, where appropriate, by direct notice to active clients. Continued use of our website or services after the effective date of any revision constitutes acceptance.

13. Contact and Grievance Redressal

For questions, data requests, or complaints:

Grievance Officer / Data Protection Contact
Quantamist Pvt Ltd
Email: support@quantamist.co
Phone: +91 99000 21990

We will acknowledge your request within 72 hours and resolve it within 30 days. If you are not satisfied with our response, you may escalate to the Data Protection Board of India once constituted under the DPDP Act 2023, or to the supervisory authority in your jurisdiction where GDPR or equivalent law applies.