1. Overview
Trivarga ("Trivarga", "we", "our", "us") is committed to protecting the privacy and security of your personal data. This Privacy Policy describes what personal data we collect from visitors to our website at trivarga.in ("Site") and from clients engaging our services, how we use it, and the choices available to you.
This policy is aligned with the Digital Personal Data Protection Act, 2023 (DPDPA) of India and, where applicable, the General Data Protection Regulation (GDPR). By using our Site or engaging our services, you acknowledge that you have read and understood this policy.
Data Fiduciary: Trivarga, Indore, Madhya Pradesh, India.
2. Data we collect
2.1 Data you provide directly
- Contact form submissions: Name, email address, phone number, company name, the nature of your enquiry, and any message content you submit.
- Job applications: Name, contact details, professional background, CV or résumé, and any supporting materials you provide.
- Client onboarding: Business details, billing address, GST registration number, authorised signatory details, and project-related communications.
- Email correspondence: Any personal data contained in emails you send to our team.
2.2 Data collected automatically
- Usage data: Pages visited, time spent, referring URL, and navigation patterns collected through anonymised analytics.
- Device and technical data: Browser type, operating system, screen resolution, and approximate geographic region (country/state level) derived from your IP address.
- Log data: Web server logs including IP addresses, access times, and HTTP status codes for security and performance monitoring. Logs are retained for 90 days.
2.3 Data we do not collect
We do not collect sensitive personal data as defined under the DPDPA (such as financial data, health data, caste or religious affiliation, sexual orientation, or biometric data) through our website. If you share such information unsolicited, we will delete it.
3. How we use your data
We use personal data only for the purposes described at the time of collection:
- Responding to enquiries: To reply to contact form submissions, answer questions, and provide requested information.
- Service delivery: To manage client engagements, deliver agreed services, and maintain our contractual relationship.
- Recruitment: To evaluate job applications and contact candidates about relevant roles.
- Site improvement: To understand how the Site is used and improve its structure, content, and performance. We use anonymised aggregate data only for this purpose.
- Legal and compliance: To meet our legal obligations, including tax and audit requirements, and to enforce our contractual rights.
- Security: To detect and prevent fraud, abuse, and unauthorised access to our systems.
We do not use your data for automated decision-making that produces legal or similarly significant effects without human review.
4. Legal basis for processing
Under the DPDPA and GDPR, our processing of personal data relies on the following bases:
- Consent: When you submit a contact form, you provide explicit consent for us to process your data to respond to your enquiry. You may withdraw consent at any time.
- Contract: Processing necessary to perform our contractual obligations to clients.
- Legitimate interests: For security monitoring, fraud prevention, and improving our services — where these interests do not override your rights.
- Legal obligation: Where processing is required to comply with applicable Indian law, including tax, corporate, and labour regulations.
5. Sharing your data
We do not sell, rent, or trade your personal data. We share data only in the following limited circumstances:
- Service providers (Data Processors): Carefully selected third parties who process data on our behalf under written agreements — including cloud infrastructure providers (AWS, GCP), email service providers, and project management tools. These parties are contractually prohibited from using your data for their own purposes.
- Legal requirements: When required by law, court order, or government authority with appropriate jurisdiction.
- Business transfers: In the event of a merger, acquisition, or sale of assets, personal data may transfer to the successor entity. We will notify affected individuals before any transfer and provide opt-out options where legally required.
- With your consent: For any other purpose, only with your explicit prior consent.
6. Data retention
We retain personal data for as long as necessary for the stated purpose and in accordance with applicable law:
- Enquiry data (non-clients): 12 months from your last contact, after which it is permanently deleted.
- Client data: Duration of the engagement plus 7 years for financial and contractual records (as required by the Companies Act, 2013 and GST regulations).
- Job applications: 6 months if unsuccessful; for successful candidates, retained as employee records per applicable labour law.
- Website analytics: Aggregated and anonymised after 90 days.
- Server logs: 90 days.
7. Security measures
We implement technical and organisational measures appropriate to the risk, including:
- TLS 1.2+ encryption for all data in transit
- AES-256 encryption for sensitive data at rest
- Access controls and least-privilege principles for internal systems
- Regular security patching and vulnerability assessments
- Multi-factor authentication on critical administrative systems
- Employee training on data handling and privacy obligations
No transmission over the internet or electronic storage is 100% secure. If you believe your data has been compromised, please contact us immediately at privacy@trivarga.in.
In the event of a personal data breach that poses a risk to your rights, we will notify the Data Protection Board of India within 72 hours and affected individuals without undue delay, as required under DPDPA.
8. Your rights
Under the DPDPA 2023 and applicable law, you have the following rights regarding your personal data:
- Right to access: Request a summary of the personal data we hold about you and how it is being processed.
- Right to correction: Request correction of inaccurate or incomplete personal data.
- Right to erasure: Request deletion of your personal data where there is no legitimate reason for us to continue processing it.
- Right to withdraw consent: Where processing is based on consent, withdraw it at any time. Withdrawal does not affect lawfulness of prior processing.
- Right to grievance redressal: Raise a grievance with our Data Protection Officer and receive a response within 30 days.
- Right to nominate: Nominate another person to exercise your rights on your behalf in the event of your death or incapacity.
To exercise any of these rights, email privacy@trivarga.in with subject "Data Subject Request". We will respond within 30 days. If you are unsatisfied, you may lodge a complaint with the Data Protection Board of India once established under the DPDPA.
9. Cookies and tracking
Our Site uses cookies and similar technologies. We use:
- Strictly necessary cookies: Required for the Site to function. These cannot be disabled.
- Analytics cookies: Anonymised data to understand Site usage. You may opt out via your browser settings.
We do not use third-party advertising cookies or cross-site tracking cookies. You can control cookies through your browser settings. Note that disabling certain cookies may affect Site functionality. We do not currently respond to browser "Do Not Track" signals, but we do not track you across third-party sites.
10. Third-party links
Our Site may contain links to third-party websites, social media platforms, and partner sites. Clicking these links will take you away from our Site. We are not responsible for the privacy practices of third parties and encourage you to review their privacy policies before providing any personal data.
11. Children's privacy
Our Site and services are not directed at children under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have collected data from a child, we will delete it promptly. If you believe a minor has submitted personal data to us, please contact us at privacy@trivarga.in.
12. International data transfers
Our primary operations and data storage are in India. Some of our service providers (cloud infrastructure, SaaS tools) may process data outside India. Where data is transferred internationally, we ensure appropriate safeguards are in place, including standard contractual clauses or binding corporate rules, consistent with the DPDPA's cross-border transfer provisions once notified by the Government of India.
13. Changes to this policy
We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or for other operational reasons. Material changes will be announced on this page with an updated "Last updated" date. For significant changes affecting how we use existing data, we will provide additional notice by email (where we hold your contact details). Your continued use of the Site after changes are posted constitutes acceptance of the updated policy.