1. Introduction
C-Quel Management Services Private Limited (“C-Quel”, “we”, “us”, or “our”) is committed to
protecting the privacy and personal data of visitors to our website www.cquel.com (the “Website”).
This Privacy Policy explains how we collect, use, store, disclose, and protect information, including
personal data, when you visit or interact with the Website.
This Privacy Policy is published in compliance with the Information Technology Act, 2000 (“IT Act”),
the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal
Data or Information) Rules, 2011 (“SPDI Rules”), and the Digital Personal Data Protection Act, 2023
(“DPDP Act”), as applicable, and any rules or regulations notified thereunder from time to time.

2. Data Fiduciary Information
For the purposes of the DPDP Act, C-Quel is the Data Fiduciary responsible for processing your
personal data. You may contact our designated officer for any data protection related queries:
Designated Officer: Riddhiman Sarkar | Chief Legal Officer
Email: rs@cquel.com

3. Information We Collect
We may collect the following categories of information when you visit or interact with the Website:
3.1 Information You Provide Voluntarily
When you fill out a contact form, submit an enquiry, request a demo, or otherwise communicate with
us through the Website, you may provide us with personal data such as your name, email address,
phone number, company name, designation, and details of your enquiry.
3.2 Information Collected Automatically
When you access the Website, we may automatically collect certain technical information, including
your IP address, browser type and version, operating system, device information, pages viewed, time
and date of visit, referring URL, and other standard web log information. This information is collected
through cookies and similar tracking technologies.
3.3 Cookies and Tracking Technologies
The Website uses cookies and similar technologies to enhance your browsing experience, analyse
website traffic, and understand user preferences. You may manage your cookie preferences through
your browser settings. Please note that disabling cookies may affect the functionality of certain parts
of the Website.

4. Purpose and Legal Basis for Processing
We process the information collected for the following purposes:

To respond to your enquiries and provide information about our services;
• To improve and optimise the Website’s functionality, content, and user experience;
• To analyse Website usage and traffic patterns;
• To comply with applicable legal obligations and regulatory requirements;
• To protect our rights, property, or safety, and that of our users or the public;
• For any other lawful purpose as specified under the DPDP Act.
Under the DPDP Act, we process your personal data based on your consent (where required), for the
performance of a legitimate use as specified under the Act, or for compliance with applicable law.

5. Consent
Where required under the DPDP Act, we will obtain your free, specific, informed, unconditional, and
unambiguous consent before processing your personal data. You may withdraw your consent at any
time by contacting us at the details provided in Section 2. Upon withdrawal of consent, we will cease
processing your personal data for the purposes for which consent was given, subject to applicable
legal requirements for data retention.

6. Disclosure of Information
We do not sell, rent, or trade your personal data. We may share your information with:
• Authorised employees and internal teams who require access to perform their duties;
• Third-party service providers engaged by us for website hosting, analytics, IT support, or
other operational services, subject to appropriate contractual safeguards;
• Government authorities, regulatory bodies, or law enforcement agencies, when required by
law or in response to a lawful request;
• Professional advisors, including lawyers and auditors, as necessary for the conduct of our
business.

7. Data Retention
We retain personal data only for as long as is necessary to fulfil the purposes for which it was collected,
or as required under applicable law. Once the retention period expires or the purpose for processing
is no longer served, the personal data shall be securely deleted or anonymised in accordance with
applicable law, including the provisions of the DPDP Act.

8. Rights of Data Principals
Under the DPDP Act, you have the following rights as a Data Principal:
• Right to Access: You have the right to obtain a summary of the personal data being
processed and the processing activities undertaken;
• Right to Correction and Erasure: You have the right to request correction of inaccurate or
incomplete personal data and erasure of personal data that is no longer necessary for the
purpose for which it was collected;

Right to Grievance Redressal: You have the right to have your grievances addressed by us
in a timely manner;
• Right to Nominate: You have the right to nominate any individual to exercise your rights in
the event of your death or incapacity.
To exercise any of these rights, please contact us at the details provided in Section 2.

9. Security Measures
We implement reasonable security practices and procedures, as mandated under the IT Act and SPDI
Rules, to protect the personal data we collect from unauthorised access, use, disclosure, alteration,
or destruction. These measures include, but are not limited to, encryption, access controls, firewalls,
and regular security assessments. However, no method of transmission over the internet or electronic
storage is completely secure, and we cannot guarantee absolute security.

10. Cross-Border Data Transfers
We do not, as a general practice, transfer personal data outside India. In the event such transfer
becomes necessary, it shall be carried out in compliance with the provisions of the DPDP Act and any
conditions or restrictions notified by the Central Government in this regard.

11. Children’s Privacy
The Website is not intended for use by individuals below the age of eighteen (18) years. We do not
knowingly collect personal data from children. If we become aware that we have inadvertently collected
personal data from a child, we will take steps to delete such data promptly.

12. Changes to This Privacy Policy
We reserve the right to update or modify this Privacy Policy at any time. Any changes will be posted
on this page with an updated “Last Updated” date. We encourage you to review this Privacy Policy
periodically.

13. Grievance Redressal
If you have any grievances, complaints, or concerns regarding the processing of your personal data
or this Privacy Policy, you may contact:
Grievance Officer: Riddhiman Sarkar | Chief Legal Officer
Email: rs@cquel.com
We will endeavour to acknowledge your grievance within 48 hours and resolve it within thirty (30) days
of receipt.