When you visit our website, webflexrr.com, or communicate with us via email, WhatsApp, or any other platform, we collect and process information about you. This Privacy Policy outlines how we handle, store, and use your data securely and responsibly. We encourage you to review this policy regularly, as it may be updated periodically.

When Does This Privacy Policy Apply?

This Privacy Policy applies to all personal data collected, used, stored, or otherwise processed by WebFlexrr Labs in connection with its business activities. This includes, but is not limited to:

• Website Interactions: When individuals visit or interact with any of our websites, including through browsing, submitting contact forms, subscribing to newsletters, or downloading resources.
• Communication Channels: When users engage with us via email, phone, WhatsApp, chatbots, direct messaging platforms (such as LinkedIn or Instagram), or any other form of communication where identifiable information is exchanged.
• Customer and Client Engagements: When we collect personal data during the provision of services to our clients, including onboarding, project management, support, feedback collection, and performance analytics.
• Marketing and Advertising Efforts: When personal information is collected for lead generation, promotional campaigns, surveys, or event registrations, whether through online or offline channels.
• Internal Operations and Third-Party Tools: When data is processed internally to improve service quality or through trusted third-party service providers integrated into our workflow (e.g., CRM tools, analytics platforms, or cloud service providers).

This policy governs how we handle personal information in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR), where applicable, and other relevant privacy regulations based on jurisdiction.

Who Uses Your Data?

WebFlexrr Labs, co-owned by Tejodeep Mitra Roy & Pritam Majumder, is responsible for processing your data.

• Business Address: 126, Subhash Nagar Bylane, Dum Dum Cantonment, West Bengal Kol-700065
• Contact Email: info@webflexrr.com

Whose Data Do We Use?

At WebFlexrr Labs, we collect and process personal data from the following categories of individuals, each of whom interacts with us in different contexts:

• Website Visitors: Individuals who access and navigate our websites, landing pages, or other digital properties. This may include IP addresses, browser types, device information, pages visited, referral sources, and time spent on site. Data may also be collected through cookies or similar tracking technologies for analytics, personalization, and performance monitoring.
• Prospects and Leads: Individuals or representatives of businesses who have shown interest in our services or solutions. This includes data gathered through lead forms, contact requests, email subscriptions, social media engagements, event registrations, or through third-party lead generation platforms. We may collect names, email addresses, job titles, company names, phone numbers, and areas of interest.
• Clients and Collaborators: Existing customers, client-side stakeholders, consultants, subcontractors, freelancers, and other professional partners who engage with WebFlexrr Labs in the delivery of services or joint ventures. Personal and professional data collected in this category may include contractual details, business identifiers, contact information, feedback, project-specific communications, and payment-related information.
• Business Contacts: Individuals we interact with in the course of doing business, including suppliers, service providers, advisors, investors, media professionals, and potential partners. We may process contact and professional information for communication, negotiation, due diligence, or compliance purposes.

We handle all personal data with the utmost care and following applicable privacy laws and our internal data protection policies.

How Do We Get Your Data?

At WebFlexrr Labs, we collect personal data through multiple direct and indirect touchpoints, primarily when you voluntarily interact with us. The most common ways we obtain your data include:

• Forms Submitted on Our Websites or Landing Pages: When you complete contact forms, service inquiries, demo requests, quotation requests, or feedback surveys on our websites or marketing landing pages. These forms typically ask for information such as your name, email address, company name, phone number, business requirements, and service interests.
• Direct Communication via Digital Channels: When you contact us through messaging platforms such as WhatsApp, social media direct messages (e.g., LinkedIn, Instagram), or live chat features integrated into our website. During these interactions, we may collect your contact details, business affiliation, and any other relevant information you choose to share.
• Email Correspondence: When you send us an email, we capture the information you provide, including your name, email address, the content of your message, and any attachments. This also applies when you respond to our marketing campaigns or reach out to our support or sales teams.
• Phone Calls or Voice Messages: When you speak with our team over the phone or leave a voicemail, we may collect and securely store the information discussed or shared, including your name, company details, and the nature of your inquiry or request.
• Newsletter and Service Subscriptions: When you subscribe to our newsletters, updates, or digital services, you provide personal details that allow us to manage your subscription preferences, tailor content, and keep you informed about new offerings, insights, or relevant industry updates.

Additionally, in some cases, we may enrich or verify the data you provide using trusted third-party tools or public sources, always in compliance with relevant data protection laws.

What Data Do We Use?

At WebFlexrr Labs, we collect and process a variety of personal and professional data, depending on the nature of your interaction with us. This information helps us provide services, maintain communication, and improve user experiences. The data we may collect includes, but is not limited to:

• Full Name: Used to personalize communication, maintain accurate records, and ensure proper identification in our systems.
• Email Address: Utilized for communication, including responding to inquiries, sending service updates, transactional messages, newsletters, or marketing materials (where permitted by law).
• Phone Number: Used for direct communication regarding service discussions, support, onboarding, consultation calls, follow-ups, or urgent updates.
• IP Address (where applicable): Automatically collected during website visits to help us understand user behavior, protect against fraudulent activity, and maintain system security. This may also assist in location-based customization or analytics.
• Company Details (if applicable): Includes company name, website, size, industry, and position/title of the individual. This data helps us better tailor our offerings to business needs, conduct due diligence, and manage client accounts effectively.
• Professional Information: Such as job title, role, business preferences, and project requirements, typically collected during client engagement, onboarding, or consultations.
• Communication History and Voluntarily Shared Information: Any information you provide during communication with us, through forms, calls, messages, or emails, such as project briefs, requirements, preferences, feedback, or documents. This also includes inquiries about services, budgets, or any other details relevant to our collaboration.
• Technical and Usage Data (via our digital platforms): Includes browser type, device identifiers, access times, visited pages, and referring URLs. This data helps us analyze performance, enhance user experience, and ensure platform compatibility.

All personal data is collected and processed in accordance with our legal obligations and internal data privacy protocols, and we only retain it for as long as necessary to fulfill the purpose for which it was collected.

What Do We Use Your Data For?

At WebFlexrr Labs, we are committed to processing your personal data responsibly, lawfully, and transparently. We only use the information we collect for legitimate business purposes, in line with applicable data protection regulations. The key purposes for which we use your personal data include:

• To Deliver Our Services and Fulfill Contracts: We use your data to provide the services you have requested, entered into an agreement for, or expressed interest in. This includes project scoping, onboarding, service delivery, technical support, performance tracking, and post-service communication.
• To Respond to Inquiries, Requests, or Support Needs: Whether you reach out to us via email, contact forms, chat, social media, or phone, we use your data to respond accurately and promptly to your questions, service requests, or business inquiries.
• For Internal Record-Keeping and Administrative Management: We maintain internal records for billing, auditing, project tracking, and communication logs. This ensures transparency, efficient workflow management, and accountability in our day-to-day operations.
• To Comply with Legal, Regulatory, and Contractual Obligations: Your data may be used to meet requirements imposed by applicable laws, tax authorities, regulatory bodies, or contractual commitments. This includes fraud prevention, compliance audits, and dispute resolution.
• With Your Consent – For Marketing and Promotional Communications: If you have opted in, we may use your data to send newsletters, product updates, service announcements, invitations to events or webinars, industry insights, or tailored promotional offers. You can withdraw your consent at any time via the unsubscribe link or by contacting us directly.
• To Improve User Experience and Service Quality (where applicable): Aggregated or anonymized data may be used to analyze user behavior, improve website performance, enhance customer service, and optimize our digital marketing strategies.

We ensure that all data usage aligns with the original purpose for which it was collected, and we never sell or misuse your personal data.

How Long Do We Store Your Data?

At WebFlexrr Labs, we retain personal data only for as long as necessary to fulfill the purposes for which it was collected, or as required to comply with legal, contractual, and regulatory obligations. The duration of data retention depends on the type of data, the context in which it was collected, and any applicable legal requirements. Specifically:

• To Meet Legal and Regulatory Obligations: Certain types of data — particularly those related to financial transactions, contracts, and tax records — are retained for a legally mandated period (e.g., up to 7 years) to comply with applicable tax, accounting, and audit requirements.
• To Fulfill Service and Contractual Commitments: We retain data for the duration of our business relationship with you, including the time needed to deliver services, provide support, address inquiries, and manage project documentation. This includes post-service follow-ups, account management, and warranty or maintenance-related communication.
• For Internal Business Purposes: We may store certain non-sensitive data for a longer period to maintain historical records, track performance, improve services, analyze trends, or enforce our terms of service, provided it does not infringe on your privacy rights.
• Until You Request Deletion (Where Permissible): If you request the deletion of your personal data, and there is no overriding legal, contractual, or regulatory obligation to retain it, we will securely erase or anonymize your data in accordance with applicable data protection laws (such as the GDPR or local data retention rules).

We regularly review the data we hold, and where retention is no longer necessary, we either delete it or anonymize it so it can no longer be linked to any individual.

Who Do We Share Your Data With?

At WebFlexrr Labs, we respect your privacy and are committed to safeguarding your personal data. While we do not sell your personal information, there are instances where we may need to share it with trusted third parties. Such sharing is always done with appropriate safeguards in place, and only for legitimate business, operational, or legal reasons. Specifically, we may share your data under the following circumstances:

• With Your Explicit Consent: We may share your data with third parties when you have given us clear, informed consent to do so. This could include referrals to partner services, participation in joint events or promotions, or the publication of testimonials or case studies.
• For Operational and Service Delivery Purposes: We may share data with third-party service providers who help us operate efficiently and deliver high-quality services. These include:
  • Customer Relationship Management (CRM) platforms for managing communications and client information.
  • Cloud storage providers for secure file management and backup.
  • Project management and collaboration tools to facilitate client engagement and service execution.
  • Communication platforms (e.g., email service providers, chat services, appointment schedulers) are used to streamline interactions. All such service providers are carefully selected and contractually obligated to handle your data securely and in compliance with data protection laws.
• To Fulfill Legal and Regulatory Requirements: We may disclose your personal information if required to do so by law, regulation, legal process, or government request. This includes cooperating with law enforcement, regulatory authorities, or protecting our legal rights, preventing fraud, or ensuring compliance with our contractual or legal responsibilities.
• In Emergency or Risk Scenarios: In rare and urgent situations, such as a threat to life, public safety, or cybersecurity breach, your information may be shared with the appropriate authorities or emergency services as required.
• With Business Partners (Under Confidentiality Agreements): Where relevant to joint service delivery, cross-promotional activities, or business collaborations, your data may be shared with partners under strict non-disclosure agreements (NDAs) to ensure your information remains protected.

All third parties with whom we share your data are subject to confidentiality and data processing agreements, ensuring they use your information solely for the intended purpose and apply adequate security measures in line with applicable laws such as the General Data Protection Regulation (GDPR) or other relevant local legislation.

How Safe Is Your Data With Us?

At WebFlexrr Labs, the security and protection of your personal data are of the utmost importance. We implement a combination of organizational and technical safeguards to ensure that your data remains safe from unauthorized access, loss, or misuse. Our data protection measures adhere to industry best practices and comply with applicable data privacy regulations.

Here are the key safeguards we put in place:

1. Data Encryption:

We use advanced encryption techniques to protect your data both when it is stored ("at rest") and while it is being transmitted across networks ("in transit"). This ensures that your personal and sensitive information is encrypted using industry-standard protocols, such as TLS (Transport Layer Security) for online communications and AES (Advanced Encryption Standard) for data storage. Encryption makes it significantly more difficult for unauthorized parties to intercept or access your data.

2. Access Control:

We have implemented strict access control policies to ensure that only authorized personnel can access sensitive data. This includes:

• Role-based access control (RBAC) means that individuals can only access the data necessary for their job role.
• Multi-factor authentication (MFA) adds an additional layer of security for accessing internal systems, reducing the risk of unauthorized access.
• Audit logs and activity monitoring to track who accesses data and when, helping us detect any unauthorized access or irregular activity.

3. Secure Backups:

We maintain regular, secure backups of your data to ensure its availability in the event of an incident (such as a server failure, cyberattack, or other disruptions). These backups are:

• Stored in secure, geographically redundant locations.
• Encrypted to prevent unauthorized access.
• Tested periodically to ensure that they can be restored quickly and effectively in the event of data loss or system failure.

4. Staff Training on Privacy and Security:

We recognize that data security is not only about technology, but also about people. As such, we regularly train our staff on:

• Data privacy principles to ensure they understand how to handle personal data in compliance with privacy laws.
• Security best practices, including how to identify phishing attempts, prevent social engineering attacks, and follow safe data handling procedures.
• Incident response protocols, so that our team is prepared to respond swiftly and effectively to any potential data breaches or security incidents.

5. Regular Security Audits and Vulnerability Assessments:

To ensure that our security measures remain effective, we conduct regular security audits and vulnerability assessments. These are performed by internal teams and, when necessary, by independent third-party experts. This proactive approach helps us identify and address potential security gaps before they can be exploited.

6. Secure Third-Party Services:

Where we rely on third-party service providers (e.g., cloud hosting, CRM platforms, payment processors), we ensure that they meet our high security standards and comply with data protection regulations. We enter into contractual agreements with these third parties to ensure they apply robust security measures and handle your data securely.

By implementing these technical and organizational safeguards, we aim to provide you with the highest level of protection for your data. While no system can be 100% secure, we continually review and enhance our security practices to stay ahead of potential risks.

What Are Your Rights?

As a data subject, you have certain rights regarding the personal data we collect and process. We respect and uphold these rights, in compliance with applicable data protection laws, including the General Data Protection Regulation (GDPR) and other relevant privacy regulations. Below are the key rights you have over your personal data:

1. Right to Access (Right to be Informed):

You have the right to request a copy of the personal data we hold about you. This includes details about:

• The types of data we collect.
• The purposes for which we are using your data.
• The recipients of your data, if any.
• The retention period (or the criteria used to determine the retention period).

To exercise your right to access, simply submit a request to us, and we will provide you with the information within the required timeframe, usually within 30 days.

2. Right to Correct (Right to Rectification):

If you believe that any of the personal data we hold about you is inaccurate or incomplete, you have the right to correct it. We encourage you to keep your information updated, and we will promptly make the necessary changes to ensure the accuracy of your data.

You can request to update or amend your information by contacting us directly, and we will process your request as soon as possible.

3. Right to Object (Right to Opt-Out of Direct Marketing):

You have the right to object to the processing of your personal data for specific purposes, including direct marketing. If you no longer wish to receive marketing communications, such as promotional emails or newsletters, you can opt out at any time by:

• Clicking the unsubscribe link in any marketing email we send.
• Contact us directly at info@webflexrr.com to request that we stop sending you marketing communications.

We will honor your request and ensure that you are not contacted for marketing purposes thereafter.

4. Right to Restrict Processing (Right to Restriction of Processing):

In certain situations, you may request to restrict the processing of your personal data, meaning we can temporarily store it, but not use it in specific ways. This right applies when:

• You contest the accuracy of your data (for a period that allows us to verify its accuracy).
• You have objected to the processing, and we are assessing whether our legitimate interests override your rights.
• The processing is unlawful, but you prefer that we restrict the use of your data instead of deleting it.

If you request a restriction on processing, we will inform you before lifting the restriction once the conditions are met.

5. Right to Data Portability (Right to Transfer Data):

You have the right to transfer your personal data from one service provider to another. This applies when:

• Your data is processed based on your consent or contract.
• The processing is carried out by automated means.

If you wish to transfer your data, we will provide it to you in a commonly used, machine-readable format, allowing you to easily transfer it to another service provider or system.

6. Right to Erase (Right to be Forgotten):

In certain circumstances, you have the right to request the deletion of your personal data. This right applies when:

• Your data is no longer necessary for the purposes for which it was collected.
• You withdraw your consent (where processing is based on consent) and no other legal basis for processing exists.
• You object to the processing, and there are no overriding legitimate grounds for continuing the processing.
• Your data has been processed unlawfully.
• There is a legal obligation for us to erase your data.

Please note that there may be instances where we are required to retain certain data due to legal or regulatory obligations (e.g., tax or financial records), and in such cases, we will inform you of the retention period or reason for refusal.

Exercising Your Rights:

If you wish to exercise any of the rights outlined above, please contact us via email at info@webflexrr.com. We will respond to your request in a timely manner, typically within 30 days, unless we need additional time due to the complexity of your request.

Governing Laws & Regulations

At WebFlexrr Labs, we are committed to ensuring that the collection, processing, and storage of your personal data comply with the Indian legal framework governing data protection. This Privacy Policy is designed to adhere to the Information Technology Act, 2000 (IT Act) and its associated Rules as well as other relevant laws and regulations in India that govern the privacy and security of personal data.

1. Information Technology Act, 2000 (IT Act):

The Information Technology Act, 2000, is the primary law in India that governs the collection, storage, and processing of personal data. The Act focuses on securing electronic transactions and addressing issues such as cybercrimes, electronic contracts, and data protection. Under this Act, personal data is defined, and legal measures for the protection of this data are outlined.

The key provisions that govern the protection of personal data under the IT Act and its associated Rules are:

• Reasonable Security Practices and Procedures: As per Section 43A of the IT Act, we are required to implement reasonable security practices and procedures to protect your sensitive personal data from unauthorized access, misuse, and loss. We ensure that appropriate security safeguards are in place to protect the confidentiality, integrity, and availability of your data.
• Sensitive Personal Data or Information (SPDI): The Sensitive Personal Data or Information Rules, introduced under the IT Act, specify the type of information that must be handled with extra care (e.g., passwords, financial information, biometric data, health-related information). We ensure that any sensitive personal data is handled with the highest level of security and only collected for specific purposes, with your explicit consent.
• Data Retention and Erasure: We adhere to the requirements of the IT Act regarding the retention of personal data. Personal data will not be retained longer than necessary for the purposes it was collected, and we will securely erase or anonymize your data when it is no longer required or upon your request, subject to legal or regulatory obligations.

2. Data Protection under Indian Law:

In addition to the IT Act, India is in the process of enhancing its data protection laws, with significant developments on the horizon. The Personal Data Protection Bill, 2019 (PDPB) is currently being reviewed by the Indian government and is expected to become a key legal framework for data protection in India. While the bill is under consideration, we are actively working to align our data practices with its proposed provisions, including:

• Data Subject Rights: We respect and uphold the rights of individuals to access, correct, delete, and restrict the use of their personal data.
• Consent: We obtain explicit consent from individuals before collecting or processing sensitive personal data.
• Cross-border Data Transfers: We ensure that data transferred outside India complies with the requirements for adequate safeguards under the PDPB and other relevant legal frameworks.

3. Privacy Guidelines and Security Standards:

To further ensure compliance with the IT Act, we follow guidelines issued by the Ministry of Electronics and Information Technology (MeitY) and other regulatory bodies. These guidelines provide specific security measures for protecting personal data, including:

• Data Encryption: All sensitive data is encrypted both in transit and at rest to prevent unauthorized access.
• Regular Audits and Security Assessments: We conduct regular security assessments and audits to ensure that our data processing systems remain secure and compliant with applicable laws.
• Third-Party Data Processors: When engaging third-party service providers, we ensure that they comply with reasonable security practices and follow the data protection norms stipulated by Indian law.

4. Cross-border Data Transfers:

If personal data is transferred outside of India, we ensure that such transfers are conducted in compliance with applicable Indian laws, such as the Data Localization requirements under the PDPB, and implement appropriate safeguards like Standard Contractual Clauses (SCCs) or Binding Corporate Rules (BCRs) to ensure that personal data is protected when transferred internationally.

5. Compliance with Local and International Standards:

While the IT Act and associated rules form the foundation of our data protection practices, we also align with international data protection standards (such as ISO/IEC 27001) to ensure that our practices meet global best practices for data security and privacy.

6. Updates to Legal Compliance:

We are committed to keeping our practices aligned with evolving laws and regulations in India. As the Indian legal landscape for data protection continues to develop, including the finalization of the Personal Data Protection Bill, we will continue to update our data protection practices to ensure compliance with new requirements.

By adhering to the Information Technology Act, 2000, its associated Rules, and other applicable regulations, we ensure that your personal data is protected and handled in a lawful, transparent, and secure manner.

At WebFlexrr Labs, we use cookies to provide a personalized and enhanced user experience. Cookies are small text files stored on your device when you visit our website. They help us improve functionality, monitor user behavior, and deliver targeted advertisements.

Types of Cookies We Use:

1. Functional Cookies:
   • These cookies are necessary for core site features such as session management and remembering user preferences.
   • Examples: Login sessions, user preferences.
2. Analytics Cookies:
   • These cookies allow us to analyze visitor activity to improve our website's design and functionality.
   • Examples: Google Analytics, Meta Pixel tracking user interactions.
3. Marketing Cookies:
   • We use these cookies for advertising and retargeting based on your interactions with our site.
   • Examples: Personalized ads and social media integration.

How You Can Manage Cookies:

You can control the cookie settings via your browser to accept, reject, or delete cookies. If you choose to reject cookies, certain features of our website may not function optimally.

Data of Minors

At WebFlexrr Labs, we take the privacy and protection of children’s data seriously. Our services are not intended for individuals under the age of 16 without appropriate parental consent. Additionally, individuals under the age of 18 are considered minors and require parental or guardian consent to use our services.

If you are a minor, please ensure that you have the explicit consent of a parent or legal guardian before providing us with any personal data. If we learn that we have inadvertently collected personal information from a minor without the necessary consent, we will take steps to delete that information.

Have Questions or Concerns?

We’re committed to transparency and protecting your privacy. If you have any questions, concerns, or requests regarding this Privacy Policy, how your data is handled, or if you wish to exercise any of your rights under applicable data protection laws, we encourage you to get in touch.

You can reach our Data Protection Officer or privacy support team by emailing us at info@webflexrr.com. We strive to respond to all inquiries within a reasonable timeframe and in accordance with applicable legal requirements.

WebFlexrr Labs Co-Founders: Tejodeep Mitra Roy & Pritam Majumder Website: www.webflexrr.com

Email: info@webflexrr.com