Privacy Policy

Version 1.0 Created dated 01 May 2024

Quality Labs is committed to protecting and respecting your privacy. Quality Labs provides information security, cybersecurity, data privacy and third-party risk management services for companies, organization and institutions. This policy outlines how we collect, use, maintain, disclose, and otherwise process personal information collected from our clients and website visitors (“Users”, “You”). This policy only applies to the information collected through Quality Labs website.

 

Data Processor Under DPDPA

Quality Labs is a service provider for its clients. We provide our clients with cyber security, data privacy and information security consulting and compliance audits. We act in the capacity of “Data Processor” for the personal information or other information provided by you through the website forms.

 

Consent

We request all the users to read the privacy policy and terms of use of the Quality Labs website before providing us with any personal information. By visiting, browsing, accessing, and/or using the website’s services (or searching for any of the website’s page), you hereby consent and agree to our privacy policy as set forth in this document. You acknowledge that your information was accurate, true, and lawful and does not violate any laws. Quality Labs will not be held liable for the veracity, sincerity, misrepresentation, fraud, negligence, etc., of the information provided, nor will the company be held accountable for verifying any information collected from you.

 

What Personal Information Do We Collect?

We collect personal information and other information you provide when you connect with us through website. We may collect your name, company name, contact information business email, IP address, web address, and any other information you would like to provide. We do not collect or store any financial information through the website. You can choose not to provide us with your personal information. However, this may hamper all or part of the services.

 

Information we collect automatically

Cookies – We use information obtain through technical means in order to monitor and analyse the use of our website. Quality Labs uses first party cookies. A cookie is text file placed on your device by a web page server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you and can only be read by the Quality Labs domain that issues the cookie.

The data collected may include information about your website visits, traffic data, how you interact with our website, and your IP address.

How do we use your information?

We value your privacy. We use your personal data in a manner that is consistent with the policies.

Quality Labs may use your personal information where it is provided to avail of our services, to provide services, and to improve our website, services, features, and content. We may also use your personal data to manage your use of our website, to understand your requirements and interest in helping us personalize your experience to navigate the website.

We may also use your contact data to fulfil your customer support request. We may also use your contact data to contact you to provide you with further information and offers, including newsletters, marketing, or promotional offers from us.

We adhere to this and do not use the data for other secondary purposes. The data collected from websites may be used for business development, user experience enhancement, statistics and data analytics.

We do not sell, share, trade, rent, or otherwise disclose information to third parties. We do not disclose the information without the explicit permission of the client, except if required by law.

Without your explicit consent, we do not capture, use, or disclose sensitive personal information such as race, religion, or political ideologies.

We also use the information we procured through technical means (such as through the use of cookies) for the purposes mentioned above, including but not limited to monitoring the use of our website, for the website’s administration, enhancing our website’s functionality and user-friendliness, to derive useful data and information concerning the interests, characteristics, and website use behaviour.

 

Legal Basis

Quality Labs processes your personal information in compliance DPDPA. Personal information is used to perform the services requested and fulfil the contractual and legal obligations with clients and for our legitimate and business interests. We may also rely on your consent for processing specific data.

Information collected from children

The website is for the general audience, and we do not knowingly collect information about children or render services to children under the age of eighteen (18) years. If you are under the age of 18, you shall not use or submit information to the website.

 

Data Retention and Disposal

We retain your personal data for as long as necessary to fulfil the purposes outlined in this Policy, considering factors such as:

  • According to service agreement.
  • Applicable legal or regulatory requirements for data retention.
  • Statute of limitations for potential legal claims.

After the retention period expires, we will securely delete your personal data.

International Data Transfers

We do not transfer any data outside of India.

Obligation of Data Fiduciary

The entity determining the purpose and means of processing, (data fiduciary), must: (i) make reasonable efforts to ensure the accuracy and completeness of data, (ii) build reasonable security safeguards to prevent a data breach, (iii) inform the Data Protection Board of India and affected persons in the event of a breach, and (iv) erase personal data as soon as the purpose has been met and retention is not necessary for legal purposes (storage limitation).  In case of government entities, storage limitation and the right of the data principal to erasure will not apply.

Data Processor: means any person who processes personal data on behalf of a Data Fiduciary.

Disclosure of Information

Under certain circumstances, we may be required to disclose your personal information in response to valid requests made by public authorities, based on our legitimate interest or legal obligation. In certain circumstances, we may be required to disclose personal information without your permission.

These circumstances may include, but are not limited to, the following:

  1. To comply with legal or regulatory requirements;
  2. In case of national security.
  3. Legitimate interest or legal obligation.

 

Rights and Duties of Data Principal Under DPDP Act

An individual whose data is being processed (data principal), will have the right to: (i) obtain information about processing, (ii) seek correction and erasure of personal data, (iii) nominate another person to exercise rights in the event of death or incapacity, and (iv) grievance redressal.

Data principals will have certain duties.  They must not: (i) register a false or frivolous complaint, and (ii) furnish any false particulars or impersonate another person in specified cases.  Violation of duties will be punishable with a penalty of up to Rs 10,000.

Right to Access Information

Section 11 of DPDP Act provides Data Principals to request specific details about their personal data processing, including:

  1. A summary of all personal data being processed and related processing activities.
  2. The identity of data processors and Data Fiduciaries with whom personal data was shared.
  3. Any other prescribed information related to personal data processing.

However, if data is shared with another authorized data fiduciary for cyber incident prevention or prosecution, certain rights may not be enforceable.

Right to Correction and Erasure of Personal Data

Section 12 of DPDP Act mandates Data Fiduciaries to take specific actions upon receiving requests from Data Principals, including:

  1. Correcting misleading or inaccurate personal data.
  2. Updating personal data.
  3. Completing incomplete data.
  4. Erasing personal data (unless mandated by law).

 

Right to Grievance Redressal

Section 13 of DPDP Act provides Data Principals with accessible grievance redressal mechanisms through Data Fiduciaries or consent managers, ensuring prompt responses within prescribed timeframes. Before seeking higher authorities, Data Principals must exhaust this redressal opportunity, promoting effective dispute resolution.

If dissatisfied with the redressal mechanism, Data Principals can turn to the Data Protection Board. Data Fiduciaries can also appeal Board decisions to the Telecom Dispute Settlement and Appellate Tribunal (TDSAT) within 60 days, promoting accountability and resolution.

Right to Nominate

Section 14 of DPDP Act allows Data Principals to nominate individuals to exercise their rights in case of death or incapacity. Rules specifying the nomination process will be notified.

Duties of Data Principals

The Digital Personal Data Protection Act also outlines duties that Data Principals must follow, setting them apart from other international data privacy laws.

Duties of Data Principals

Section 15 of DPDP Act defines five essential duties for Data Principals:

  1. No impersonation while providing personal data.
  2. No suppression of material information when submitting personal data for unique identifiers, documents, addresses, or identity proof.
  3. No registration of false or frivolous complaints; the Board may issue warnings or impose costs for false complaints.
  4. Providing authentic and verifiable information when exercising the right to correction or erasure.
  5. Complying with all provisions of existing laws when exercising Data Principal rights.

 

Contact Us

If you have any queries, requests, or complaints about the privacy policy or our privacy practices, please get in touch with us at email – msood@qualitylabs.in.

Updates

We reserve the right to update the policy. If required, this policy and privacy practices are subject to periodic reviews and subsequent modifications.