QTC Infotech is a brand under which technology services are delivered to clients across India and abroad. This Privacy Policy explains what personal data we collect when you use our website qtcinfotech.com or engage our services, why we collect it, how we protect it, and what rights you have over it.

This document is published under the Digital Personal Data Protection Act, 2023 (“DPDPA”), the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”). It also addresses requirements under the Consumer Protection (E-Commerce) Rules, 2020 and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021.

1. Who we are

The QTC Infotech brand is operated by two associated entities, which collectively act as Data Fiduciaries under DPDPA:

• QTC Merchants (OPC) Private Limited (CIN: U74999HR2016OPC065744, GSTIN: 06AAACQ4431A2Z2) — handles reseller, hosting and Android application work. Incorporated under the Companies Act 2013 on 12 September 2016.
• QTC Technologies (sole proprietorship of Ms. Nancy Bindal) — handles website design, web development and digital marketing services.

Registered Office of QTC Merchants (OPC) Private Limited: H. No. 1311, Urban Estate, Jind, Haryana — 126102, India.
Principal Place of Business (both entities): 2nd Floor, SCO-23, District Shopping Centre, Urban Estate, Jind, Haryana — 126102, India.

2. What personal data we collect

We collect only the data we genuinely need to deliver our services and run our business. Specifically:

• Identifiers you give us: name, email address, phone number, company name, designation, and the city or country you operate in — collected through our contact forms, quote requests, newsletter sign-ups, careers form, and chat tools.
• Project information: brief, requirements, content, images, login or access credentials you choose to share with us so we can deliver the engagement.
• Billing details: billing address, GSTIN (if your business is registered) and bank or UPI transaction reference numbers for invoicing.
• Technical data: IP address, device type, browser, operating system, pages viewed, time spent, and similar diagnostic data captured automatically via our website logs, Google Analytics, and reCAPTCHA.
• Cookies and similar technologies: see our separate Cookie Policy for the full list and your choices.

We do NOT collect sensitive personal data such as biometric information, financial card details, sexual orientation, religious beliefs, health records or government-issued IDs through this website. If a future engagement ever requires any sensitive data (for example, KYC for a regulated client), it will be collected separately under a specific written consent.

3. Why we collect it (purpose limitation)

We process your personal data only for these specific, lawful purposes:

• To respond to your enquiry, quote request or job application.
• To deliver the services you engaged us for, including project management, support and invoicing.
• To send you transactional emails (project updates, invoices, OTPs).
• To send you marketing emails or newsletters — only if you opted in, and with an unsubscribe link in every message.
• To analyse website performance and improve user experience.
• To comply with our legal obligations (tax records, statutory filings, court orders).

We do not use your personal data for any purpose beyond these without first obtaining your fresh, specific consent.

4. Legal basis for processing

Under DPDPA 2023 Section 6, we process your personal data on the basis of your free, specific, informed, unconditional and unambiguous consent, given through a clear affirmative action (such as ticking a consent box, sending us an enquiry, or accepting our quote). For certain limited situations, we may process data under the “legitimate uses” basis recognised by DPDPA Section 7.

5. Your rights as a Data Principal

Under DPDPA 2023 you have the following rights. We will action a verified request within 30 days of receipt:

• Right to information (Sec 11) — ask us what personal data of yours we hold and how it is being used.
• Right to correction and erasure (Sec 12) — ask us to correct, complete, update or delete your personal data.
• Right to grievance redressal (Sec 13) — escalate any concern to our Grievance Officer (see Section 10).
• Right to nominate (Sec 14) — nominate another person to exercise these rights on your behalf in the event of your death or incapacity.
• Right to withdraw consent — you may withdraw your consent at any time by emailing the Grievance Officer; withdrawal does not affect lawful processing done before withdrawal.

To exercise any right, email grievance@qtcinfotech.com from the email address associated with your account, or write to the postal address in Section 10. We may ask you to verify your identity before actioning the request.

6. How long we keep your data (retention)

We keep personal data only as long as necessary for the purpose for which it was collected, or as required by Indian law:

• Enquiry or quote requests: 24 months from last contact, then deleted.
• Active client project data: for the duration of the engagement, plus 8 years thereafter as required by Indian tax and company law (Companies Act 2013, Income Tax Act and CGST Act records-retention rules).
• Career applications: 12 months, after which CV or resume data is deleted unless you ask us to keep it for future openings.
• Website analytics: 26 months (Google Analytics default).
• Cookies: see the Cookie Policy for the lifetime of each cookie.

7. How we keep your data secure

We implement reasonable security practices and procedures consistent with the SPDI Rules 2011 and ISO 27001 baseline controls: TLS 1.2+ encryption on all data in transit; access to personal data restricted to authorised QTC team members on a need-to-know basis; password-protected and firewall-protected database servers; regular security patches; internal confidentiality agreements; quarterly review of data handling practices.

If a personal data breach occurs that is likely to result in risk to your rights, we will notify the Data Protection Board of India and affected Data Principals as required by DPDPA Section 8(6).

8. Sharing your data

We do not sell, rent or trade your personal data. We share it only with:

• Trusted service providers (Data Processors) who help us run the business — payment gateways (Razorpay, Stripe), email tools (Google Workspace), WhatsApp Business API provider (Watipro), web analytics (Google Analytics), CDN and hosting providers. Each is under a contractual obligation to handle your data only for our instructed purposes.
• Statutory authorities — only when required by law, valid court order, or to prevent fraud or cyber-incidents.
• The other QTC entity — if your service spans both reseller (Merchants OPC) and design (Technologies) work, your data may be shared between the two QTC entities listed in Section 1 to deliver the combined service.

9. Transfers of data outside India

Some of our service providers (such as Google Analytics, Google Workspace and Meta’s ad platforms) process data on servers outside India, primarily in the United States and the European Union. As permitted by DPDPA Section 16, we transfer personal data only to countries that are not restricted by the Central Government and use providers who follow recognised security standards (SOC 2, ISO 27001).

10. Grievance Officer and Data Protection contact

Any concern, complaint, or rights request relating to personal data should be sent to:

Mr. Ankur Bindal
Grievance Officer & Data Protection point-of-contact for QTC Infotech
Email: grievance@qtcinfotech.com
Phone / WhatsApp: +91 89018 90357
2nd Floor, SCO-23, District Shopping Centre, Urban Estate, Jind, Haryana — 126102, India (Principal Place of Business)

We acknowledge every grievance within 24 working hours and resolve it within 30 days, as required by DPDPA Sec 13 and IT Intermediary Rules 2021.

11. Children’s data

Our services are intended for businesses and adult users. We do not knowingly collect personal data from children under 18. If you believe a child has shared personal data with us, please notify the Grievance Officer and we will delete it.

12. Cookies and tracking

We use cookies and similar technologies as described in our separate Cookie Policy. You can manage your cookie preferences using the cookie banner shown on first visit, or anytime via the “Cookie Preferences” link in the footer.

13. Third-party links

Our website may link to third-party websites (for example, our portfolio links to client sites). We are not responsible for the privacy practices of those sites.

14. Changes to this Policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top reflects the most recent change. Material changes will be highlighted via a notice on our homepage or by email for active clients.

15. Languages

This Policy is published in English. A Hindi-language version will be made available shortly under DPDPA Rules 2025. In case of any inconsistency between the English and Hindi versions, the English version shall prevail for legal interpretation.