Privacy Policy

Introduction & Scope

This Privacy Policy governs the collection, processing, storage, and protection of personal and business data by Imperial Tech Innovations ("Company", "we", "our", or "us"), a technology brand of Imperial Healthcare Systems Pvt Ltd (CIN: U62099HR2025PTC137921), registered in Gurugram, Haryana, India.

By accessing our website, engaging our SaaS platforms, or availing our IT solution services, you acknowledge that you have read, understood, and consent to the practices described in this Policy.

This Policy applies to:

• Website visitors and prospective clients
• Existing clients and users of our SaaS platforms
• Individuals interacting with us through any communication channel
• Parties submitting data in connection with refund or compliance processes

Information We Collect

a. Identity & Contact Data

• Full name, corporate email address, phone number
• Company name, professional designation, and location

b. Business & Project Data

• Technical requirements, project scope, timelines, and budgets
• Proprietary business workflows shared for service delivery

c. Technical & Usage Data

• IP address, browser type, device identifiers
• Pages visited, session duration, and platform usage analytics

d. Financial & Transaction Data

• Billing details processed via secure, certified third-party payment processors and payment gateways
• We do not store raw card numbers or sensitive payment credentials

e. Communication Data

• Emails, messages, call logs, and support interactions (where permitted by law)

f. Refund & Compliance Data

Where applicable, we may collect government-issued identification documents, self-attested identity verification records, and bank account details submitted for authentication and lawful refund processing.

Legal Basis for Processing

We process personal data under the following lawful bases, in accordance with applicable law including the Digital Personal Data Protection Act, 2023 (India) and relevant international frameworks:

• Contractual Necessity — to deliver services as defined in the Statement of Work (SOW)
• Legitimate Business Interests — for platform security, fraud prevention, and service improvement
• Legal & Regulatory Obligation — for taxation, audit, and anti-money laundering (AML) compliance
• Explicit Consent — where required under applicable data protection law

Use of Information

Data collected is used exclusively to:

• Deliver SaaS products and IT services as contractually agreed
• Manage billing, contracts, client accounts, and operations
• Enhance platform performance and user experience
• Communicate service updates, project milestones, and proposals
• Ensure security, fraud prevention, and regulatory compliance
• Process and verify refund requests in accordance with our Payment & Refund Policy

Data Sharing & Disclosure

We do not sell, rent, or trade personal data to any third party for commercial gain.

Data may be shared with:

• Trusted service providers (hosting, analytics, payment processors) bound by confidentiality obligations
• Business partners strictly to the extent required for service delivery
• Legal and regulatory authorities where required by applicable law
• Successors or acquirers in the event of a merger, acquisition, or corporate restructuring

International Data Transfers

As a dual-jurisdiction organisation operating in India and the United States, data may be processed across borders. All cross-border transfers are conducted with appropriate contractual and technical safeguards to ensure lawful and secure handling of personal data in accordance with applicable law.

Data Retention

• For the duration of the client relationship and active engagement
• Up to five (5) years post-engagement for legal, audit, and compliance purposes
• For extended periods where required by applicable law or regulatory obligation

Upon expiry of the retention period, data is securely archived or permanently deleted in accordance with our internal data governance protocols.

Data Security

We implement enterprise-grade security controls including:

• AES-256 encryption for data at rest; SSL/TLS for data in transit
• Role-based access restrictions and multi-factor authentication
• Periodic security audits, vulnerability assessments, and penetration testing
• Controlled processing environments with restricted external access

While we apply rigorous security standards, no system guarantees absolute protection. We commit to responding promptly and transparently in the event of any security incident.

Cookies, Tracking & User Consent

By accessing, browsing, or continuing to use this website, you acknowledge and consent to the use of cookies and similar tracking technologies by Imperial Tech Innovations for the purposes outlined below.

Cookies are used exclusively to:

• Enable core website functionality and platform performance
• Analyse user behaviour, traffic patterns, and usage analytics
• Enhance user experience and optimise service delivery

Explicit Affirmation:

• Cookies are not used for unsolicited marketing, behavioural advertising, or third-party profiling without explicit user consent
• Personal data collected via cookies is used strictly for operational, analytical, and security purposes

Users retain full control over cookie preferences and may disable or restrict tracking technologies through browser settings. Disabling certain cookies may impact the functionality of the website.

User Rights

Subject to applicable law, users and data subjects have the right to:

• Access, correct, or request deletion of their personal data
• Restrict or object to specific processing activities
• Withdraw consent at any time, without affecting the lawfulness of prior processing
• Request data portability in a structured, machine-readable format

All rights requests may be directed to: info@imperialtechinnovations.com

Grievance Officer (DPDP Act 2023 — India)

In accordance with the Digital Personal Data Protection Act, 2023, the designated Grievance Officer for India-based data subjects is reachable at info@imperialtechinnovations.com. Grievances will be acknowledged within 48 hours and resolved within 30 days.

Data Breach Response

In the event of a personal data breach, we will:

• Immediately investigate and contain the incident
• Notify affected users and relevant authorities within timelines required by applicable law
• Document the nature, scope, and remediation actions taken
• Implement preventive controls to mitigate recurrence

Children's Data

Our services are directed exclusively at businesses and professionals. We do not knowingly collect personal data from individuals under the age of 18. If we become aware that data has been collected from a minor, it will be deleted promptly.

Policy Updates & Contact

We reserve the right to update this Privacy Policy periodically. Material changes will be communicated via website notice. Continued use of our services following any update constitutes acceptance of the revised Policy.