Privacy Policy

This Privacy Policy describes how the organization collects, processes, stores, uses, and protects personal data in accordance with the Digital Personal Data Protection Act, 2023 (DPDPA), India, and other applicable privacy regulations. The organization is committed to maintaining transparency, accountability, and security in the processing of personal data. This policy outlines the rights of individuals and the responsibilities of the organization regarding personal data protection.

This policy applies to: • Customers • Website users • Employees and consultants • Vendors and business partners • Any individual whose personal data is processed by the organization It applies to personal data collected through: • Websites and digital platforms • Business communications • Customer interactions • Service agreements • Operational processes

The organization may collect personal data necessary for legitimate business purposes, which may include: • Name and identification details • Contact information (email, phone number, address) • Business or professional information • Payment and transaction information • Technical information such as IP address or device information • Any other information voluntarily provided by the individual Personal data is collected only to the extent necessary to fulfill specific business purposes.

Personal data may be collected and processed for the following purposes: • Providing products and services • Managing customer relationships • Processing transactions and communications • Compliance with legal and regulatory obligations • Business operations and administration • Improving service delivery and customer experience • Security monitoring and fraud prevention Personal data will not be processed for purposes incompatible with the original purpose of collection unless permitted by law.

Where required by law, personal data will be collected and processed based on the consent of the individual. Individuals have the right to: • Provide or withdraw consent for data processing • Opt out of certain communications • Request clarification regarding the use of their personal data Withdrawal of consent may affect the organization's ability to provide certain services.

The organization follows the principle of data minimization, ensuring that only personal data necessary for specific purposes is collected and processed. Unnecessary or excessive data collection is avoided.

The organization implements appropriate technical and organizational safeguards to protect personal data from unauthorized access, misuse, disclosure, alteration, or destruction. Security measures may include: • Data encryption • Access control systems • Multi-factor authentication • Secure IT infrastructure • Periodic security audits and assessments • Employee training on data protection

Personal data may be shared with authorized parties only when necessary for legitimate purposes, including: • Service providers and vendors • Business partners • Legal and regulatory authorities • Auditors and compliance bodies All such disclosures are subject to appropriate confidentiality and data protection obligations.

Personal data will be retained only for as long as necessary to fulfill the purposes for which it was collected or to comply with applicable legal requirements. Once the retention period expires, personal data will be securely deleted or anonymized.

Under applicable privacy laws, individuals may have the right to: • Access their personal data • Request correction of inaccurate data • Request erasure of personal data • Withdraw consent for processing • Request restriction of data processing Requests related to personal data rights may be submitted through the contact details provided below.

In the event of a data breach involving personal data, the organization will take prompt action to: • Investigate the incident • Contain and mitigate the impact • Notify affected individuals and regulatory authorities where required by law • Implement corrective measures to prevent recurrence

Our websites or services may contain links to third-party websites. The organization is not responsible for the privacy practices or content of such external websites. Users are encouraged to review the privacy policies of those websites before providing personal information.

This Privacy Policy may be updated periodically to reflect changes in legal requirements, business practices, or technological developments. Updated versions will be published on the organization's official website.

For questions, requests, or concerns regarding this Privacy Policy or personal data processing, individuals may contact: Data Protection / Privacy Officer VitalEdge NextGen Advisory Consulting Private Limited 402-403, Sarthik-2, opp. Rajpath Rangoli Road, near Kiran Motors, Ahmedabad, Gujarat 380054 Email: [email protected] Phone: +91 7574893004

While the organization implements reasonable security safeguards to protect personal data, no method of electronic transmission or storage is completely secure. The organization cannot guarantee absolute security of personal information. By interacting with our services, website, or communications, individuals acknowledge and agree to the practices described in this Privacy Policy.