1. Introduction

Quadrasystems.net India Private Limited (“Quadra,” “we,” “us,” or “our”), a company incorporated under the laws of India, recognizes the importance of safeguarding personal data in accordance with the Digital Personal Data Protection Act, 2023 (DPDP Act) and other applicable regulations. This Privacy Policy (“Policy”) establishes the framework for the collection, processing, storage, and disclosure of personal data through our digital platforms, including websites, applications, and cloud-based services. By accessing or using Quadra’s services, you (“Data Principal” or “user”) acknowledge that you have read, understood, and consented to the practices described herein.

2. Definitions

For the purposes of this Policy:

• Personal Data refers to any information that relates to a natural person who is identifiable by or in connection with such data.
• Data Fiduciary denotes Quadra, which determines the purpose and means of processing personal data.
• Data Principal signifies the individual to whom the personal data pertains.
• Consent constitutes a clear, specific, and freely given affirmation by the Data Principal, allowing the processing of their personal data.

3. Scope and Nature of Data Collection

Quadra collects and processes personal data strictly for lawful purposes connected to its business operations. The categories of data include:

3.1 Business Engagement Data

In the course of providing AI and cloud solutions, Quadra may collect professional details such as names, organizational affiliations, email addresses, telephone numbers, and project-specific information. This data is obtained directly from clients during contractual engagements, service delivery, or communication exchanges.

3.2 Technical and Operational Data

Our digital platforms may automatically collect technical information, including but not limited to IP addresses, device identifiers, browser types, and cookies. Such data is utilized to enhance platform functionality, analyze usage patterns, and ensure robust cybersecurity measures. Cookies, where employed, are solely used for session management and service optimization.

3.3 Exclusion of Sensitive Data

Quadra explicitly refrains from collecting or processing sensitive personal data, such as biometric information, financial credentials, health records, or religious beliefs, unless mandated by law.

4. Legal Basis and Purpose of Processing

Quadra processes personal data under the following lawful grounds:

• Contractual Obligations: To fulfill service agreements, deliver technical support, and manage client engagements.
• Legitimate Business Interests: To improve service quality, prevent fraudulent activities, and maintain platform security.
• Legal Compliance: To adhere to statutory requirements under Indian law, including tax regulations, audit mandates, and responses to lawful governmental requests.

5. Third-Party Data Sharing

Quadra may engage third-party service providers, including cloud hosting platforms and IT infrastructure partners, to facilitate operational efficiency. Such entities are contractually obligated to comply with data protection standards equivalent to those outlined in this Policy and the DPDP Act. Disclosure of personal data to regulatory authorities or law enforcement agencies will occur only when legally compelled under provisions of the Information Technology Act, 2000, or the DPDP Act.

6. Data Security Measures

Quadra employs a multi-layered security framework to protect personal data against unauthorized access, alteration, or destruction. Technical safeguards include advanced encryption protocols for data in transit and at rest, intrusion detection systems, and role-based access controls. Organizational measures encompass regular staff training, annual audits aligned with ISO 27001 and ISO 9001 certifications, and adherence to incident response protocols mandating notification to India’s Data Protection Board within 72 hours of a breach.

7. Rights of Data Principals

Under the DPDP Act, Data Principals retain the following rights:

• Right to Access and Correction: Individuals may request access to their personal data and seek rectification of inaccuracies by submitting a written request to privacy@quadrasystems.net. Quadra will respond to such requests within 30 calendar days.
• Right to Erasure: Upon fulfillment of the processing purpose or withdrawal of consent, Data Principals may demand deletion of their personal data, subject to Quadra’s legal obligations.
• Right to Grievance Redressal: Concerns regarding data processing may be escalated to Quadra’s designated Grievance Officer, appointed in compliance with India’s IT Rules, 2021.

8. Data Retention and Disposal

Personal data is retained only for the duration necessary to achieve the purposes outlined in this Policy, including contractual obligations, legal compliance, or dispute resolution. Post-retention, data is securely anonymized or irreversibly destroyed using industry-standard methods.

9. Cross-Border Data Transfers

As of the effective date of this Policy, Quadra does not transfer personal data outside the territorial jurisdiction of India. In the event of future cross-border data transfers, Quadra will update this Policy and implement safeguards prescribed under the DPDP Act, including contractual clauses or adequacy decisions.

10. Children’s Privacy

Quadra’s services are not directed toward individuals under the age of 18. In the event that personal data of a minor is inadvertently collected, Quadra will promptly initiate deletion protocols upon verification.

11. Amendments to This Policy

Quadra reserves the right to modify this Policy to reflect changes in legal, operational, or technological landscapes. Material revisions will be communicated to users through email notifications or prominent website announcements at least 30 days prior to implementation. Continued use of Quadra’s services following such updates constitutes acceptance of the revised terms.

12. Contact Information

For inquiries, data requests, or grievances related to this Policy, contact: