We respect your privacy and are committed to protecting the personal data you share with us.
On This Page
SRC Data Infotech Private Limited ("SRC Data Infotech", "we", "our", or "us") is a software and IT services company registered in Bhubaneswar, Odisha, India. We operate the website at www.srcdatainfotech.com (the "Site") and related digital properties.
This Privacy Policy explains what personal data we collect when you visit the Site, engage our services, or communicate with us; why we collect it; how we use, store, and protect it; with whom we may share it; and the rights you hold over your information.
By accessing the Site or submitting your information to us, you acknowledge that you have read and understood this policy. If you do not agree, please refrain from using the Site.
This policy is governed by the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 (DPDP Act), as applicable.
| Data Type | When Collected | Examples |
|---|---|---|
| Contact details | Contact form, email, phone | Name, email address, phone number |
| Business information | Enquiry / project brief | Company name, designation, industry, budget range |
| Project / service details | Consultation, proposal request | Project description, technology preferences, timelines |
| Correspondence content | Email, calls, meetings | Messages, meeting notes, attachments |
| Account credentials | Client portal registration | Username, hashed password |
When you visit the Site, our servers and analytics tools automatically record:
We do not intentionally collect Sensitive Personal Data or Information (SPDI) as defined under the IT Rules 2011 (e.g., financial credentials, health data, biometric data) through the Site. If such data is incidentally shared, it will be handled with heightened security controls and deleted promptly unless operationally necessary with your explicit consent.
We use the personal data we collect for the following purposes:
Responding to enquiries
Processing contact form submissions, emails, and consultation requests and delivering your requested quote or proposal.
Delivering contracted services
Executing software development, cloud, analytics, or other IT services as agreed in a signed Statement of Work or contract.
Billing & invoicing
Generating invoices, processing payments, and maintaining financial records as required by Indian tax laws.
Service & project communication
Sending project updates, milestone notifications, support tickets, and release notes related to your engagement.
Marketing communications
Sending newsletters, case studies, and product announcements — only with your explicit prior consent. Unsubscribe is available in every email.
Site analytics & improvement
Understanding how visitors use the Site, identifying performance issues, and improving content and user experience.
Security & fraud prevention
Detecting, investigating, and preventing malicious activity, abuse, or unauthorised access to our systems.
Legal & regulatory compliance
Fulfilling our obligations under Indian law including the IT Act, DPDP Act, GST Act, and applicable sector regulations.
Under the DPDP Act 2023, we process your personal data on the following lawful bases:
| Processing Activity | Legal Basis |
|---|---|
| Responding to your enquiry | Consent (Art. 4 DPDP Act) |
| Delivering contracted services | Contract performance |
| Sending project communications | Contract performance / Legitimate interest |
| Marketing newsletters | Explicit consent (opt-in) |
| Analytics & site improvement | Legitimate interest (privacy-preserving) |
| Security & fraud prevention | Legitimate interest / Legal obligation |
| Financial record keeping | Legal obligation (GST Act, Companies Act) |
We retain personal data only as long as necessary for the purpose for which it was collected, or as required by law.
| Data Category | Retention Period |
|---|---|
| Website enquiry / contact form submissions | 2 years from last interaction, then anonymised |
| Client project records & contracts | 7 years after project completion (Companies Act 2013) |
| Financial & invoicing records | 8 years (GST Act requirement) |
| Marketing consent records | Until withdrawal of consent + 3 years |
| Server / application logs | 90 days rolling |
| Backup archives | 180 days, then securely deleted |
Upon expiry of the applicable retention period, personal data is securely deleted or irreversibly anonymised using NIST SP 800-88 guidelines.
We implement a layered security programme aligned with ISO/IEC 27001:2022 and the IT (Reasonable Security Practices) Rules, 2011:
Encryption
TLS 1.3 for all data in transit; AES-256 for data at rest on Azure infrastructure.
Access Controls
Role-based access control (RBAC), multi-factor authentication (MFA), and principle of least privilege.
Security Audits
Annual third-party penetration tests and quarterly vulnerability assessments.
Monitoring
24/7 SIEM-based monitoring with automated anomaly detection and incident alerting.
Employee Training
Mandatory security awareness training for all staff with annual refreshers.
Incident Response
Documented incident response plan; affected users notified within 72 hours of a confirmed breach.
While we implement industry-standard safeguards, no method of transmission over the internet is 100% secure. We encourage you to use strong passwords and to contact us immediately at info@srcdatainfotech.com if you suspect unauthorised access to your account.
Under the DPDP Act 2023 and applicable Indian law, you have the following rights regarding your personal data. To exercise any of these rights, email us at info@srcdatainfotech.com. We will respond within 30 calendar days.
Right to Access
Request a copy of all personal data we hold about you, including details of how it is being used and with whom it has been shared.
Right to Correction
Request correction of any inaccurate, incomplete, or outdated personal data without undue delay.
Right to Erasure
Request deletion of your personal data where it is no longer necessary for the purpose it was collected, or where you withdraw consent.
Right to Restrict Processing
Ask us to suspend processing of your data in certain circumstances — for example, while a correction request is being assessed.
Right to Data Portability
Receive your personal data in a structured, commonly used, machine-readable format (JSON / CSV) to transfer to another provider.
Right to Object
Object to processing based on legitimate interest, including direct marketing. We will stop unless we demonstrate compelling grounds.
Right to Withdraw Consent
Withdraw any previously given consent at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
Right to Lodge a Complaint
File a complaint with the Data Protection Board of India if you believe we have mishandled your data. We encourage you to contact us first.
We may need to verify your identity before processing a rights request. Requests relating to data held under a contractual obligation may be subject to legal retention requirements that override erasure requests.
Our services and Site are directed exclusively to businesses and professionals. We do not knowingly collect, use, or store personal data from individuals under the age of 18 years.
If we become aware that a minor has submitted personal data to us, we will delete it promptly. If you believe a minor's data has been submitted, contact us immediately at info@srcdatainfotech.com.
The Site may contain links to external websites, social media platforms (LinkedIn, Twitter/X, GitHub), or partner portals that are not operated by us. This Privacy Policy does not apply to those third-party sites.
We encourage you to review the privacy policies of any external site you visit. We have no control over and accept no responsibility for their content, privacy practices, or data handling.
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes, we will:
Your continued use of the Site after any update constitutes acceptance of the revised policy. We recommend revisiting this page periodically.
For any questions, concerns, or requests regarding this Privacy Policy or the handling of your personal data, please contact:
Data Protection Officer
info@srcdatainfotech.comWe aim to acknowledge all privacy requests within 5 business days and resolve them within 30 calendar days as mandated by the DPDP Act 2023. Complex requests may take up to 60 days — we will inform you if this is the case.