Privacy Policy

Protecting Your Data with Industry-Leading Security Standards

Back to Home
Effective Date: April 20, 2026

Vantrix Global ("we," "our," or "us") is committed to protecting the privacy and security of your personal and business information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you engage with our BPO and IT outsourcing services.

This policy complies with:

  • Information Technology Act, 2000 and amendments
  • Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
  • Digital Personal Data Protection Act, 2023 (DPDP Act)
  • GDPR (for EU clients)
  • CCPA (for California clients)
  • ISO 27001:2013 Information Security Management Standards
Your Trust Matters: By engaging our services, you entrust us with sensitive business information. We take this responsibility seriously and implement industry-leading security measures to protect your data.

1. Information We Collect

1.1 Client Business Information

When you engage our BPO/KPO services, we may collect:

  • Company Details: Business name, registration number, GST/tax identification, address
  • Contact Information: Names, email addresses, phone numbers of authorized representatives
  • Financial Information: Invoicing details, payment information, banking details (encrypted)
  • Operational Data: Process documentation, workflow requirements, performance metrics

1.2 End-Customer Data (Processed on Your Behalf)

Depending on the services we provide, we may process:

  • Customer Support: Names, contact details, support tickets, communication history
  • Finance & Accounting: Invoice data, payment records, accounting information
  • HR Services: Employee records, recruitment data, payroll information
  • Order Processing: Customer orders, shipping addresses, transaction details
  • Telemarketing: Lead information, call records, sales pipeline data

1.3 Sensitive Personal Data or Information (SPDI)

Under Indian law, the following is classified as SPDI and receives enhanced protection:

  • Passwords and financial information
  • Physical, physiological and mental health condition
  • Sexual orientation
  • Medical records and history
  • Biometric information

Note: We only process SPDI when explicitly required for service delivery and with your written consent.

1.4 Automatically Collected Information

  • Website Analytics: IP address, browser type, device information, pages visited
  • Cookies: Session cookies, preference cookies (see Cookie Policy)
  • System Logs: Access times, API usage, system performance metrics

2. How We Use Your Information

2.1 Service Delivery

  • Execute contracted BPO/KPO services (customer support, finance, HR, etc.)
  • Process transactions, orders, and communications on your behalf
  • Maintain service quality and meet agreed SLAs
  • Provide reporting, analytics, and performance dashboards

2.2 Business Operations

  • Communicate about service delivery, updates, and maintenance
  • Process payments and maintain financial records
  • Respond to inquiries and provide customer support
  • Comply with legal and regulatory obligations

2.3 Service Improvement

  • Analyze aggregate data to improve service quality
  • Develop new features and capabilities
  • Train AI/ML models (only on anonymized data with consent)
  • Conduct quality assurance and performance monitoring

2.4 Legal Basis (DPDP Act 2023)

We process data based on:

  • Contract Performance: Necessary to deliver contracted services
  • Consent: Explicit consent for specific processing activities
  • Legal Obligation: Compliance with Indian and international laws
  • Legitimate Interests: Improving services, preventing fraud

3. Data Retention

Data Type Retention Period Legal Basis
Client Contract Data 7 years post-contract Companies Act, 2013
Financial Records 7 years Income Tax Act, 1961
Employee/HR Data 3 years post-employment Labour Laws
Customer Support Logs 2 years Business Operations
Call Recordings 90 days (unless required) Quality Assurance
Website Analytics 13 months Business Intelligence

Secure Deletion: After retention periods expire, data is securely deleted using industry-standard methods including data wiping, degaussing, and physical destruction of storage media.

4. Data Security Measures

4.1 Technical Security

  • Encryption: AES-256 encryption at rest, TLS 1.3 in transit
  • Access Control: Role-based access control (RBAC), multi-factor authentication (MFA)
  • Network Security: Firewalls, intrusion detection systems (IDS), DDoS protection
  • Data Segregation: Client data isolated in separate logical environments
  • Backup & Recovery: Daily encrypted backups, 99.9% recovery guarantee
  • Vulnerability Management: Regular security audits, penetration testing, patch management

4.2 Physical Security

  • ISO 27001 certified data centers in India
  • 24/7 security surveillance and access control
  • Biometric access to server rooms
  • Redundant power supply and climate control

4.3 Organizational Security

  • Background verification for all employees
  • Mandatory confidentiality and NDA agreements
  • Regular security awareness training
  • Incident response and breach notification procedures
  • Annual third-party security audits

5. Data Sharing and Disclosure

5.1 Third-Party Service Providers

We may share data with trusted third parties who assist in service delivery:

  • Cloud Infrastructure: AWS, Google Cloud (Indian regions only)
  • Payment Processors: For invoicing and payment processing
  • Communication Tools: Email, CRM, project management platforms

Data Processing Agreements (DPA): All third parties sign DPAs ensuring equivalent data protection.

5.2 Legal Requirements

We may disclose information when required by:

  • Court orders, warrants, or legal processes
  • Government authorities under IT Act, 2000
  • Law enforcement for investigation purposes
  • Protection of rights, property, or safety

5.3 Business Transfers

In the event of merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity with equivalent protection guarantees.

We Never: Sell, rent, or trade your data to third parties for marketing purposes.

6. Your Rights Under DPDP Act 2023

6.1 Access Rights

  • Request a copy of your personal data we hold
  • Receive information about processing activities
  • Obtain data in portable format (CSV, JSON)

6.2 Correction Rights

  • Request correction of inaccurate data
  • Update outdated information
  • Complete incomplete data

6.3 Erasure Rights ("Right to be Forgotten")

  • Request deletion of data (subject to legal retention requirements)
  • Withdraw consent for specific processing
  • Object to processing for direct marketing

6.4 Grievance Redressal

Under Section 32 of DPDP Act 2023, you can raise concerns with our Data Protection Officer (DPO):

Data Protection Officer

Name: DPO, Vantrix Global
Address: Vantrix Global, Udaipur, Rajasthan 313001, India
Response: Within 30 days of receiving your request

7. Cross-Border Data Transfer

If your business requires data processing outside India:

  • We obtain explicit written consent
  • Ensure destination country has adequate data protection (adequacy decision)
  • Implement Standard Contractual Clauses (SCCs)
  • Maintain data localization copies within India

Data Localization: Critical personal data is stored within Indian jurisdiction as per DPDP Act requirements.

8. Children's Privacy

Our services are B2B (business-to-business) and not directed at individuals under 18. We do not knowingly collect data from minors. If processing employee data includes minors (e.g., HR services), we obtain verifiable parental consent.

9. Cookies and Tracking Technologies

9.1 Cookie Types

Cookie Type Purpose Duration
Essential Website functionality, security Session
Analytics Usage statistics, performance 13 months
Functional User preferences, language 12 months
Marketing Ad targeting (opt-in only) 6 months

9.2 Managing Cookies

You can control cookies through:

  • Browser settings (Chrome, Firefox, Safari, Edge)
  • Our cookie consent banner
  • Opt-out tools: NAI Opt-Out

10. Data Breach Notification

In the unlikely event of a data breach:

  • Client Notification: Within 72 hours of discovery
  • Authority Notification: Report to Data Protection Board of India (DPBI)
  • Affected Individuals: Direct notification if high risk
  • Remedial Actions: Immediate containment, forensic investigation, preventive measures

11. Changes to Privacy Policy

We may update this policy to reflect:

  • Changes in legal requirements
  • New service offerings
  • Enhanced security measures
  • Industry best practices

Notification: Material changes will be communicated via email 30 days before implementation. Continued use constitutes acceptance.

12. Contact Information

Vantrix Global

Address: Udaipur, Rajasthan 313001, India
GSTIN: [To be added upon registration]

For Privacy Concerns: Email info@vantrixglobal.com with subject "Privacy Request"

For Data Subject Requests: Use our online form or write to the address above

13. Governing Law

This Privacy Policy is governed by:

  • Jurisdiction: Courts of Udaipur, Rajasthan, India
  • Applicable Law: Indian Information Technology Act, 2000 and DPDP Act, 2023
  • Dispute Resolution: Arbitration under Arbitration and Conciliation Act, 1996

Certification & Compliance: Vantrix Global is committed to obtaining ISO 27001:2013, ISO 27701:2019 (Privacy), and SOC 2 Type II certifications. We undergo regular third-party audits to ensure compliance.

Vantrix Global — Trusted BPO & IT Outsourcing Partner

Udaipur, Rajasthan 313001, India | info@vantrixglobal.com

Home Privacy Policy Terms of Service NDA & Security

© 2026 Vantrix Global. All rights reserved.