This Privacy Policy ("Policy") is published in accordance with the Information Technology Act, 2000 and other applicable laws in India. It governs the manner in which Sociotech Systems Private Limited collects, uses, maintains, and discloses information collected from users of our website.
Preamble and Legal Framework
This Policy is published under:
- The Information Technology Act, 2000 (21 of 2000) ("IT Act") and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules");
- The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021;
- The Indian Contract Act, 1872;
- Applicable provisions of the Companies Act, 2013; and
- Any other applicable laws, rules, regulations, guidelines, and judicial precedents governing data protection and privacy in the Republic of India.
- Other relevant Indian data protection laws
SOCIOTECH SYSTEMS PRIVATE LIMITED
("Company," "we," "us," or "our"), a company incorporated under the Companies Act, 2013, having its registered office at Unit No.1012, 10th Floor, Manjeera trinity corporate, Kukatpally, Hyderabad, Tirumalagiri, Telangana, India, 500072, operates the website www.sociotechsystems.com ("Website") and provides information technology services and consulting ("Services").
- "Sensitive Personal Data or Information" (SPDI) shall have the meaning ascribed under Rule 3 of the SPDI Rules and includes:
- Password;
- Financial information such as bank account, credit card, debit card, or other payment instrument details;
- Physical, physiological, and mental health condition;
- Sexual orientation;
- Medical records and history;
- Biometric information;
- Any detail relating to the above as provided to the Company for providing services; and
- Any information received under the above categories by the Company for processing, stored,
- Personal Information: " means any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with the Company, is capable of identifying such person.
- User: means any natural or legal person who accesses the Website or avails the Services.
- Data Controller:means the Company in its capacity as the entity determining the purposes and means of processing Personal Information.
- Data Processor:means any person who processes Personal Information on behalf of the Company.
Information Collection
Information Provided Directly:
- Contact information (name, email address, phone number, postal address).
- Company details (company name, designation, industry sector).
- Financial information for billing purposes.
- Professional information relevant to Services.
- Communication preferences.
- Any other information voluntarily provided.
Information Collected Automatically:
- IP address and device identifiers.
- Browser type and version.
- Operating system.
- Referring URLs.
- Pages visited and time spent.
- Click-stream data.
- Location data (subject to additional consent).
- Cookies and similar tracking technologies (governed by our Cookie Policy).
Information from Third Parties:
- Professional networking platforms.
- Business information databases.
- Credit reference agencies (for due diligence).
- Public sources in compliance with applicable law.
Purpose of Collection and Use
Personal Information is collected and processed for the following lawful purposes:
- Provision and improvement of Services.
- Contract performance and management.
- Billing, invoicing, and payment processing.
- Customer support and relationship management.
- Legal compliance and regulatory reporting.
- Prevention of fraud, security breaches, and other unlawful activities.
- Internal record-keeping and audit requirements.
- Marketing communications (subject to separate consent).
- Statistical analysis and business intelligence.
- Exercise or defense of legal claims.
SPDI shall be used strictly for the purpose for which it was collected and in accordance with the SPDI Rules.
Data Security Measures
The Company implements reasonable security practices and procedures as mandated under Section 43A of the IT Act and Rule 8 of the SPDI Rules, including:
- ISO 27001 compliant information security management systems
- Encryption of data in transit and at rest
- Access controls and authentication mechanisms
- Regular security audits and vulnerability assessments
- Incident response and breach notification procedures
- Employee training on data protection
- Physical security measures for data centers and offices.
Not with standing the above, the Company shall not be liable for any loss or damage sustained by reason of disclosure of Personal Information due to:
- Force majeure events.
- Acts or omissions not attributable to the Company's negligence.
- Unauthorized access despite reasonable security measures.
Disclosure and Sharing
1 Personal Information may be disclosed to:
- Employees and authorized personnel on a need-to-know basis.
- Group companies and affiliates bound by confidentiality.
- Service providers and sub-contractors under written agreements.
- Professional advisors (legal,financial, audit).
- Government authorities as required under law.
- Courts, tribunals, or arbitrators for legal proceedings.
- Potential acquirers in case of merger, acquisition, or asset sale.
- Any other party with User's explicit consent.
Any third-party recipient shall be contractually bound to:
- Maintain confidentiality
- Implement adequate security measures
- Process data only for specified purposes
- Comply with applicable data protection laws.
Cross-Border Data Transfers
Personal Information may be transferred outside India for:
- Performance of lawful contracts with Users.
- Provision of Services requiring international collaboration.
- Storage on cloud infrastructure.
Such transfers shall ensure:
Recipient maintains same level of data protection.
Transfer is necessary for contract performance.
User has consented to the transfer.
Compliance with Rule 7 of SPDI Rules.
Data Retention
Personal Information shall be retained for:
- Duration necessary to fulfill stated purposes.
- Period required under applicable laws (including Companies Act,2013 and Income Tax Act,1961).
- Duration of any legal proceedings.
- As per internal data retention policies.
Upon expiry of retention period, Personal Information shall be:
- Permanently deleted.
- Anonymized beyond identification.
User Rights
Under applicable law, Users have the right to:
- Access Personal Information held by the Company.
- Correct or update inaccurate information.
- Withdraw consent (subject to legal obligations).
- Object to certain processing activities.
- Data portability where technically feasible.
- Lodge complaints with supervisory authorities.
Requests shall be addressed within thirty (30) days or as mandated by law.
Cookies and Tracking
The Website uses cookies and similar tracking technologies to enhance user experience and analyze usage patterns. By continuing to use our Website, you consent to our use of cookies. Users may manage cookie preferences through browser settings; however, disabling certain cookies may impact Website functionality. For detailed information about the types of
cookies we use and their purposes, please refer to our Cookie Policy.
Third-Party Links
The Website may contain links to third-party websites. The Company bears no responsibility for privacy practices of such third parties and Users are advised to review respective privacy policies.
Amendments
The Company reserves the right to amend this Policy at any time. Material changes shall be notified through:
- Website notification.
- Email to registered Users.
- Any other appropriate means.
Continued use after notification constitutes acceptance of amended Policy
Severability
If any provision of this Policy is held invalid or unenforceable, the remaining provisions shall continue in full force and effect.
Governing Law and Jurisdiction
This Policy shall be governed by the laws of India.
Any disputes shall be subject to the exclusive jurisdiction of courts in [Insert City],India.