Privacy Policy

1. Information We Collect

1.1 Personal Information You Provide

Personal information that is provided to us on a voluntary basis is collected when you:

• Register on our website or create an account
• Request information about our web development, mobile app development, AI/ML solutions, or other technology services
• Fill out contact forms, quote request forms, or project enquiry forms
• Subscribe to our newsletter, blog updates, or marketing communications
• Participate in surveys, feedback forms, contests, or promotional activities
• Contact us through email, phone, live chat, or support tickets
• Apply for employment opportunities or submit CVs through our Careers page
• Enter into service agreements or contracts with us
• Attend our events, webinars, or training sessions

1.2 Types of Personal Information Collected

The personal information that may be collected includes:

• Identity Information: Full name, date of birth, gender, photographs
• Contact Information: Email address, phone number, mobile number, postal address, city, state, country, PIN code
• Professional Information: Company name, job title, department, business address, work email, industry sector
• Financial Information: Bank account details, payment card information, billing address, GST number, tax identification number (for business transactions)
• Project Information: Project requirements, technical specifications, business objectives, budget ranges, timelines, preferences
• Employment Information: CV, educational qualifications, work experience, references, professional certifications, portfolio samples
• Communication Information: Content of emails, messages, support tickets, feedback, reviews, testimonials
• Account Information: Username, password (encrypted), security questions, login credentials
• Preferences: Communication preferences, notification settings, language preferences, accessibility needs

1.3 Sensitive Personal Data or Information (SPDI)

As per SPDI Rules 2011, the following sensitive personal data may be collected with your explicit consent:

• Passwords and financial information (bank account, credit/debit card, other payment instrument details)
• Physical, physiological, and mental health condition (if provided for specific services)
• Sexual orientation (only if provided on a voluntary basis and relevant)
• Medical records and history (for healthcare-related projects)
• Biometric information (if used for authentication in specific applications)

SPDI is collected only when necessary for service delivery and with your informed consent. Heightened security measures are implemented to protect SPDI.

1.4 Information Collected Automatically

When you visit our website, certain technical and usage information is collected on an automatic basis:

• Device Information: IP address, device type, operating system, browser type and version, screen resolution, device identifiers
• Usage Data: Pages visited, time spent on pages, links clicked, referring URLs, exit pages, date and time stamps
• Location Data: General geographic location based on IP address (country, state, city)
• Technical Data: Browser plugins, time zone settings, language preferences, cookie data
• Analytics Data: User behaviour patterns, navigation paths, session duration, bounce rates

1.5 Information from Third-Party Sources

Information about you may be received from third-party sources:

• Business partners and affiliates who refer clients to us
• Social media platforms (LinkedIn, Facebook, Twitter) if you interact with our pages or use social login
• Marketing and analytics service providers
• Public sources such as company websites and professional directories
• Payment processors and financial institutions (for transaction processing)

2. How We Use Your Information

The collected information is used for legitimate business purposes including:

2.1 Service Delivery and Contract Performance

• Providing Services: Our web development, mobile app development, AI/ML solutions, cloud services, and other technology solutions are delivered, maintained, and improved as contracted
• Project Management: Projects are managed, milestones tracked, deliverables coordinated, and progress updates communicated
• Technical Support: Customer support is provided, issues are troubleshooted, enquiries are responded to, and technical problems are resolved
• Account Management: Your account is created and managed, users are authenticated, and access is provided to client portals or dashboards
• Contract Fulfilment: Contractual obligations are fulfilled, payments are processed, invoices are generated, and business records are maintained

2.2 Communication and Customer Relationship

• Responding to Enquiries: Your questions, requests for information, quotes, proposals, and consultation requests are responded to
• Project Communication: Project updates, milestone notifications, testing requests, and deployment information are sent
• Administrative Communications: Important notices about account changes, policy updates, service interruptions, or security alerts are sent
• Customer Satisfaction: Feedback is requested, surveys are conducted, and service quality is improved based on your input

2.3 Marketing and Business Development (With Consent)

• Marketing Communications: Newsletters, blog updates, case studies, white papers, and promotional materials about our services are sent (opt-out available at any time)
• Event Invitations: Invitations to webinars, workshops, conferences, or company events are sent
• New Service Announcements: Information about new services, features, technologies, or special offers is provided
• Personalised Marketing: Marketing messages are tailored based on your interests, industry, and previous interactions

2.4 Business Operations and Analytics

• Website Analytics: Website usage is analysed, user behaviour is understood, trends are identified, and user experience is optimised
• Service Improvement: Our services are improved, new features are developed, and service delivery is enhanced based on usage patterns
• Business Intelligence: Market research, competitive analysis, and business planning are conducted
• Performance Monitoring: Service performance, uptime, response times, and system health are monitored and analysed

2.5 Legal Compliance and Protection

• Legal Obligations: Applicable laws, regulations, legal processes, and government requests are complied with
• Fraud Prevention: Fraudulent activities, security breaches, and unauthorised access are detected, prevented, and investigated
• Rights Protection: Our Terms & Conditions are enforced, intellectual property is protected, and defence is made against legal claims
• Security: Security and integrity of our systems, networks, and services are maintained
• Audit and Compliance: Internal audits, quality assurance, and compliance reviews are conducted

2.6 Employment and Recruitment

• Job applications are processed, candidates are evaluated, interviews are conducted, and hiring decisions are made
• Qualifications are verified, references are checked, and background checks are conducted (with consent)
• Recruitment records are maintained and communication with applicants occurs

3. Legal Basis for Processing Personal Information

Your personal information is processed based on the following legal grounds under Indian law:

3.1 Consent

Explicit, informed, and freely given consent has been provided by you for specific processing purposes, including:

• Collection and processing of Sensitive Personal Data or Information (SPDI)
• Marketing communications and promotional emails
• Cookies and tracking technologies (see our Cookie Policy)
• Sharing information with third-party service providers
• International data transfers

Consent can be withdrawn at any time by contacting us at info@breeur.com. Withdrawal does not affect the lawfulness of processing based on consent before withdrawal.

3.2 Contract Performance

Processing is necessary to:

• Enter into and perform contractual obligations with you
• Provide services that have been requested or purchased by you
• Process payments and fulfil orders
• Manage ongoing service delivery and support

3.3 Legal Obligation

Processing is required to comply with:

• Information Technology Act, 2000 and rules thereunder
• Income Tax Act, 1961 (record keeping, TDS compliance)
• Goods and Services Tax Act, 2017 (GST invoicing and records)
• Companies Act, 2013 (corporate compliance)
• Court orders, legal processes, and government requests
• Other applicable Indian laws and regulations

3.4 Legitimate Business Interests

Processing is necessary for our legitimate business interests, provided such interests are not overridden by your rights and freedoms:

• Our services and user experience are improved and optimised
• Business analytics and market research are conducted
• Fraud, security threats, and abuse are detected and prevented
• Business records and operational efficiency are maintained
• Legal rights are enforced and defence is made against claims

3.5 Vital Interests

Processing may be necessary to protect vital interests of you or another person in situations involving:

• Medical emergencies or health crises
• Safety and security threats
• Prevention of harm or danger

4. Disclosure and Sharing of Your Information

Your personal information may be disclosed or shared with third parties in the following circumstances:

4.1 Service Providers and Business Partners

Third-party service providers are engaged to perform services on our behalf. Access to your information may be given to:

• Cloud Infrastructure Providers: AWS (Amazon Web Services), Microsoft Azure, Google Cloud Platform for hosting and data storage
• Payment Processors: Razorpay, PayU, Instamojo, PayPal, Stripe for processing payments and transactions
• Email Service Providers: SendGrid, Mailchimp, Zoho Mail for sending emails and newsletters
• Analytics Services: Google Analytics, Hotjar, Mixpanel for website analytics and user behaviour tracking
• Customer Relationship Management (CRM): Salesforce, HubSpot, Zoho CRM for managing client relationships
• Communication Tools: Slack, Microsoft Teams, Zoom for project collaboration and meetings
• Marketing Platforms: Google Ads, Facebook Ads, LinkedIn Ads for digital marketing campaigns
• IT Service Providers: Server management, security monitoring, backup services, technical support

All service providers are contractually obligated to maintain confidentiality, use data only for specified purposes, and implement appropriate security measures.

4.2 Business Transfers and Corporate Transactions

In connection with corporate transactions, your information may be transferred to:

• Acquirers, successors, or assignees in case of merger, acquisition, or sale of assets
• Potential buyers during due diligence (under confidentiality agreements)
• Bankruptcy trustees or receivers in insolvency proceedings

Notification of any such transfer will be provided via email or prominent notice on our website.

4.3 Legal and Regulatory Authorities

Information may be disclosed when required or permitted by law to:

• Government authorities, law enforcement agencies, regulators, courts, tribunals
• Tax authorities (Income Tax Department, GST authorities) for tax compliance
• Court orders, subpoenas, warrants, legal processes are complied with
• Government requests for information are responded to
• Information Technology Act, 2000 and Cyber Law provisions are complied with

4.4 Protection of Rights and Safety

Information may be disclosed to:

• Enforce our Terms & Conditions and other agreements
• Protect our rights, property, safety, and that of our clients, employees, or the public
• Detect, prevent, or investigate fraud, security breaches, or illegal activities
• Defend against legal claims or litigation

4.5 With Your Consent

Information may be shared with third parties when explicit consent has been given by you for specific purposes, such as:

• Sharing project details with subcontractors or partners (with your approval)
• Publishing testimonials, case studies, or success stories (with your permission)
• Participating in co-marketing initiatives with partners

5. Cookies and Tracking Technologies

Cookies, web beacons, pixels, and similar tracking technologies are used to enhance your experience on our website. These technologies help us understand usage patterns, personalise content, and improve services.

5.1 Types of Cookies We Use

• Essential Cookies: Strictly necessary for website functionality, security, authentication, and basic features. These cannot be disabled as the website would not function properly without them
• Performance/Analytics Cookies: Information about how visitors use our website (pages visited, time spent, errors encountered) is collected using Google Analytics, Hotjar, and similar tools. Website performance and user experience are improved through this
• Functional Cookies: Your preferences, settings, and choices (language, region, display preferences) are remembered to provide personalised experience
• Marketing/Advertising Cookies: Your activity across websites is tracked to deliver targeted advertising and measure campaign effectiveness. Google Ads, Facebook Pixel, LinkedIn Insight Tag are used
• Social Media Cookies: Sharing content on social networks (Facebook, Twitter, LinkedIn) is enabled and embedded social media content is displayed

5.2 Managing Cookie Preferences

Control over cookies can be exercised through:

• Browser Settings: Most browsers allow you to refuse cookies, delete cookies, or receive notification before cookies are stored. Your browser's help section should be referred to for instructions
• Cookie Consent Banner: Our cookie consent tool on the website can be used to accept, reject, or customise cookie preferences
• Opt-Out Tools: Industry opt-out tools like Network Advertising Initiative (NAI) or Digital Advertising Alliance (DAA) can be used
• Google Analytics Opt-Out: Google Analytics Opt-out Browser Add-on can be installed

Note: Disabling certain cookies may affect website functionality and limit your ability to access some features.

5.3 Third-Party Cookies

Cookies may be placed on your device by third-party service providers:

• Google Analytics (website analytics)
• Google Ads (advertising)
• Facebook Pixel (advertising and analytics)
• LinkedIn Insight Tag (advertising)
• Hotjar (user behaviour analytics)

These third parties have their own privacy policies governing cookie usage. Their policies should be reviewed.

For comprehensive information on our cookie practices, our Cookie Policy should be referred to.

6. Data Security Measures

Appropriate technical, organisational, and physical security measures are implemented to protect your personal information against unauthorised access, disclosure, alteration, destruction, loss, or misuse in accordance with IT Act 2000 and SPDI Rules 2011:

6.1 Technical Security Measures

• Encryption: Data in transit is protected using SSL/TLS encryption (HTTPS). Data at rest is encrypted using AES-256 or equivalent standards
• Access Controls: Role-based access control (RBAC) and principle of least privilege are implemented. Multi-factor authentication (MFA) is used for sensitive systems
• Firewalls and Intrusion Detection: Network firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS) are deployed
• Secure Infrastructure: Secure cloud infrastructure (AWS, Azure, Google Cloud) with industry-standard security certifications (ISO 27001, SOC 2) is used
• Regular Security Updates: Security patches, software updates, and system upgrades are applied on a timely basis
• Vulnerability Scanning: Regular vulnerability assessments and penetration testing are conducted
• Secure Development: Secure coding practices, code reviews, and security testing (SAST, DAST) are followed

6.2 Organisational Security Measures

• Employee Training: Data protection and security awareness training is provided to all employees
• Confidentiality Agreements: Employees and contractors are bound by confidentiality and non-disclosure agreements
• Security Policies: Comprehensive information security policies, procedures, and guidelines are implemented
• Incident Response: Data breach incident response plan and procedures are maintained
• Background Checks: Background verification is conducted for employees with access to sensitive data
• Access Logging: Access to personal data is logged and monitored. Regular audits are conducted

6.3 Physical Security Measures

• Secure office premises with access control systems and CCTV surveillance
• Secure data centres with physical access controls and environmental monitoring
• Secure disposal of physical documents containing personal information (shredding)
• Device security policies (encryption, password protection, remote wipe capabilities)

6.4 Data Breach Notification

In the event of a data breach that may affect your personal information:

• You will be notified without delay as required under applicable law
• Information about the nature of the breach, data affected, and steps taken will be provided
• Recommendations for steps you can take to protect yourself will be provided
• Authorities will be notified as required by Information Technology Act, 2000 and SPDI Rules 2011

7. Data Retention

Your personal information is retained for as long as necessary to fulfil the purposes outlined in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce agreements.

7.1 Retention Periods

• Active Client Data: Retained for the duration of the service relationship plus applicable warranty period and for business records
• Inactive Accounts: Retained for 3-5 years after last activity, then deleted or anonymised unless legal obligation requires retention
• Financial Records: Retained for 7 years as required by Income Tax Act, 1961 and Companies Act, 2013
• Employment Records: Retained for duration of employment plus 3-7 years as per labour laws
• Marketing Data: Retained until consent is withdrawn or for 3 years of inactivity, whichever is earlier
• Website Analytics: Retained for 26 months (Google Analytics default) or as configured
• Legal/Compliance Records: Retained as required by applicable laws, court orders, or ongoing legal matters

7.2 Deletion and Anonymisation

When personal information is no longer needed:

• Data is securely deleted or destroyed using appropriate methods
• Alternatively, data is anonymised so it can no longer identify you
• Backups are deleted or overwritten within standard backup retention cycles
• Exceptions exist where retention is required by law or legitimate business purposes

7.3 Your Right to Request Deletion

You may request deletion of your personal information by contacting us at info@breeur.com. Requests will be honoured subject to legal retention requirements and legitimate business needs.

8. Your Rights and Choices

Under Indian law, particularly the IT Act 2000 and SPDI Rules 2011, you have certain rights regarding your personal information:

8.1 Right to Access

You have the right to:

• Request confirmation of whether personal information about you is processed by us
• Obtain access to your personal information held by us
• Request a copy of your personal information in a commonly used format

8.2 Right to Correction

You have the right to:

• Request correction of inaccurate or incomplete personal information
• Update your account information and profile details
• Have outdated information updated or rectified

8.3 Right to Withdrawal of Consent

You have the right to:

• Withdraw consent for processing of your personal information at any time
• Opt-out of marketing communications by clicking "unsubscribe" in emails or contacting us
• Withdraw consent for specific processing activities (noting this may affect service delivery)

8.4 Right to Review and Update

You have the right to:

• Review your personal information through your account dashboard
• Update and modify your information as needed
• Manage your communication preferences and settings

8.5 Right to Data Portability

You have the right to:

• Request your personal information in a structured, commonly used format
• Transfer your data to another service provider where technically feasible

8.6 Right to Lodge Complaints

You have the right to:

• Lodge complaints with our Grievance Officer (see Section 13)
• Approach appropriate authorities if your concerns are not addressed
• Seek remedies under Information Technology Act, 2000

8.7 Exercising Your Rights

To exercise any of these rights:

• Email us at info@breeur.com with subject "Data Rights Request"
• Provide sufficient details to verify your identity and locate your information
• Responses will be provided within 30 days of receiving valid requests
• No fees are charged for valid requests (excessive or repetitive requests may incur fees)

9. Third-Party Links and Services

Our website may contain links to third-party websites, applications, or services that are not owned or controlled by us. Examples include:

• Client websites and portfolios
• Partner websites and technology platforms
• Social media platforms (LinkedIn, Facebook, Twitter)
• Third-party tools and resources
• Payment gateway provider websites

9.1 Our Responsibility

We are not responsible for the privacy practices, content, or security of third-party websites or services. When you access third-party sites:

• You leave our website and this Privacy Policy no longer applies
• The privacy policies and terms of those third parties govern your interactions
• Their privacy policies should be reviewed before providing any personal information
• We do not endorse or make representations about third-party sites

9.2 Social Media Plugins

Social media plugins (Facebook, Twitter, LinkedIn share buttons) are embedded on our website:

• These plugins may collect information about your visit even if you don't click them
• Social media platforms have their own privacy policies
• Your interactions with these plugins are governed by the respective platform's policies

10. Children's Privacy

Our services are not directed to children under the age of 18 years. Personal information from children under 18 is not knowingly collected without parental consent.

10.1 No Collection from Children

• Our website and services are designed for adults and business users
• Children should not provide personal information without parental supervision
• If you are under 18, you should not use our services or provide information without parental consent

10.2 Parental Rights

If you are a parent or guardian and believe your child has provided personal information to us:

• Contact us at info@breeur.com immediately
• The information will be deleted from our systems upon verification
• Steps will be taken to prevent further collection

11. International Data Transfers

Your personal information may be transferred to and processed in countries outside India where our service providers, partners, or infrastructure are located. These countries may have different data protection laws than India.

11.1 Safeguards for International Transfers

When data is transferred internationally, appropriate safeguards are implemented:

• Contractual Protections: Standard contractual clauses and data processing agreements with service providers are used
• Security Measures: Equivalent or higher security standards are maintained as required under Indian law
• Service Provider Selection: Reputable service providers with strong data protection practices (AWS, Google Cloud, Microsoft Azure) are selected
• Compliance: Recipients are contractually obligated to comply with applicable data protection requirements

11.2 Your Consent

By using our services, consent is provided for the transfer of your information outside India as described in this policy. Consent can be withdrawn at any time, noting this may affect our ability to provide services.

12. Changes to This Privacy Policy

This Privacy Policy may be updated from time to time to reflect changes in our practices, technologies, legal requirements, or business operations.

12.1 Notification of Changes

When this policy is updated:

• The "Last Updated" date at the top of this policy will be revised
• Notification will be provided by posting the updated policy on our website
• For material changes, notification will be sent via email to active clients
• Prominent notice may be displayed on our website for significant changes

12.2 Your Acceptance

• Continued use of our services after changes constitute acceptance of the updated policy
• This page should be reviewed periodically for updates
• If disagreement exists with changes, use of services should be discontinued and your account closed

12.3 Previous Versions

Previous versions of this Privacy Policy are available upon request by contacting info@breeur.com.

13. Grievance Redressal Mechanism

In accordance with the Information Technology Act, 2000 and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, a Grievance Officer has been appointed to address your concerns regarding data protection and privacy.

13.1 Filing a Complaint

To file a grievance or complaint regarding data protection or privacy:

• Send an email to grievance@breeur.com with subject "Privacy Grievance"
• Provide detailed information about your concern, including your contact details
• Include any relevant documentation or evidence
• Your identity will be verified to prevent fraudulent complaints

13.2 Escalation

If your grievance is not resolved satisfactorily:

• You may escalate to senior management at info@breeur.com
• You may file complaints with appropriate authorities under Information Technology Act, 2000
• Legal remedies available under Indian law may be pursued

14. Governing Law and Jurisdiction

14.1 Governing Law

This Privacy Policy is governed by and construed in accordance with:

• The Information Technology Act, 2000 and Rules made thereunder
• The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
• The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021
• Other applicable laws of India

14.2 Jurisdiction

Any disputes arising from this Privacy Policy or data protection matters shall be subject to:

• Exclusive jurisdiction of the courts of Mumbai, Maharashtra, India
• Both parties submit to the jurisdiction of Mumbai courts
• Venue objections or claims of inconvenient forum are waived

15. Contact Us