Your PrivacyMatters to Us

Legal Entity: Ark Services

Registered Office:Thakur market Anora Kalan, Lucknow, Uttar Pradesh - 226028, India

Email: arkservice06@gmail.com

Phone: +91 9219802377

This policy applies to all personal data collected through our website (arkservices.in), mobile applications (if any), and any services we provide.

By using our services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

If you do not agree with this policy, please do not use our services.

For the purposes of data protection laws, Ark Services is the Data Fiduciary (under DPDPA) and Data Controller (under GDPR) for personal data we collect and process.

We are responsible for ensuring your personal data is processed lawfully, fairly, and transparently.

Consent: We obtain your explicit, informed, and freely given consent before processing your personal data for specified purposes.

Legitimate Business Purpose: Processing necessary for fulfilling our contractual obligations and legitimate business interests.

Compliance with Law: Processing required to comply with legal obligations under Indian law.

Consent: Where you have given explicit consent for specific purposes.

Contract: Processing necessary for performing a contract with you.

Legitimate Interests: Processing necessary for our legitimate business interests, provided your rights do not override these interests.

Legal Obligation: Processing required to comply with our legal obligations.

Contact Information: Name, email address, phone number, company name, designation

Business Information: Project requirements, budget information, business objectives, technical specifications

Communication Data: Messages, inquiries, feedback, and correspondence you send us

Account Information: Username, password (encrypted), profile information (if you create an account)

Payment Information: Billing address, GST details (payment card information is processed by third-party payment processors and not stored by us)

Marketing Preferences: Newsletter subscriptions, communication preferences

Technical Data: IP address, browser type and version, operating system, device information, screen resolution

Usage Data: Pages visited, time spent on pages, navigation paths, click patterns, session duration, bounce rates

Location Data: Approximate location based on IP address (city/state level, not precise geolocation)

Cookie Data: Cookie identifiers, preferences, and consent records

Analytics Data: User behavior patterns, feature usage, conversion data

Error Logs: Technical errors, crash reports for debugging purposes

Social Media Data: If you connect via LinkedIn, Facebook, or other platforms, we receive basic profile information as per their privacy policies (name, email, profile picture)

Business Contact Data: Publicly available business information from professional networking sites

Client-Authorized Data: During project execution, we may access third-party platforms and APIs you authorize (with explicit consent for each integration)

Referral Information: If someone refers you to us, we may receive your name and contact details

Contact forms include checkboxes requiring affirmative action to consent to data processing

Clear notice is provided about what data is collected and how it will be used

Consent is obtained separately for marketing communications

You can submit forms only after providing consent

Cookie consent banner appears on first visit requiring explicit consent

Granular controls allow you to accept/reject different cookie categories

Essential cookies only are used until consent is provided for analytics/marketing cookies

Consent choices are stored and can be modified anytime via cookie preference center

Written contracts include data processing clauses

Project-specific consent for accessing client systems or data

Consent recorded with timestamp and IP address for audit purposes

You can withdraw consent at any time by emailing arkservice06@gmail.com or using unsubscribe links

Withdrawal does not affect the lawfulness of processing before withdrawal

We will cease processing within 24-48 hours of withdrawal request

Some services may become unavailable if consent is withdrawn

Purpose: Provide requested services, project execution, client support

Legal Basis: Contract performance, legitimate business interest

Data Used: Contact information, business requirements, project data

Retention: Duration of contract + 3 years for warranty and legal claims

Purpose: Respond to inquiries, provide updates, technical assistance

Legal Basis: Contract performance, consent, legitimate interest

Data Used: Contact information, communication history, support tickets

Retention: 2 years from last interaction for reference and quality improvement

Purpose: Process payments, generate invoices, maintain financial records

Legal Basis: Contract performance, legal obligation (tax compliance)

Data Used: Billing information, GST details, payment records

Retention: 7 years (as required by Income Tax Act, 1961)

Purpose: Understand user behavior, improve website functionality, optimize user experience

Legal Basis: Consent (for analytics cookies), legitimate interest

Data Used: Usage data, technical data, analytics information

Retention: 26 months (Google Analytics retention period), aggregated data indefinitely

Purpose: Send newsletters, service updates, promotional offers, case studies

Legal Basis: Explicit consent

Data Used: Email address, name, communication preferences

Retention: Until consent is withdrawn or user requests deletion

Purpose: Comply with legal obligations, protect our rights, prevent fraud

Legal Basis: Legal obligation, legitimate interest

Data Used: All relevant data as required by law

Retention: As required by applicable law

Contact Form Submissions: 2 years - For follow-up, service improvement, and potential business relationships

Active Client Data: Duration of engagement + 3 years - For contract obligations, warranty support, legal claims, and reference

Inactive Client Data: 3 years after project completion - For portfolio references, case studies (anonymized), and dispute resolution

Financial Records: 7 years - Required by Income Tax Act, 1961, and Companies Act, 2013

Marketing Consent: Until withdrawal - Maintained only as long as user consent remains active

Analytics Data: 26 months - Google Analytics default retention, then aggregated/anonymized

Legal Documentation: 7 years or as required by law - For regulatory compliance

Security Logs: 90 days - For security monitoring and incident response

Upon retention period expiry or deletion request, data is securely erased using industry-standard methods

Backups are purged within 90 days of deletion from primary systems

Anonymized or aggregated data may be retained indefinitely for statistical purposes

Some data may be retained longer if required by legal holds or ongoing investigations

Primary Storage: All personal data of Indian users is primarily stored on servers located in India

Data Centers: We use ISO 27001 certified data centers in Mumbai and Bangalore

Backup Locations: Encrypted backups maintained in Indian data centers

Cross-Border Transfers: Only to approved countries with adequate data protection (see International Transfers section)

Encryption in Transit: TLS 1.3 encryption for all data transmission

Encryption at Rest: AES-256 encryption for stored data and backups

Access Controls: Role-based access control (RBAC) with multi-factor authentication

Network Security: Firewall protection, intrusion detection systems, DDoS protection

Secure Development: Regular security code reviews, vulnerability scanning, penetration testing

Password Security: Bcrypt hashing with salt, minimum password complexity requirements

Security Certifications: ISO 27001:2013 Information Security Management System (planned/in progress)

Employee Training: Mandatory data protection and security awareness training

Access Restriction: Personal data accessible only to authorized personnel on need-to-know basis

Confidentiality Agreements: All employees and contractors sign NDAs

Vendor Management: Third-party security assessments and data processing agreements

Regular Audits: Quarterly internal security audits, annual external audits

Security Monitoring: 24/7 monitoring for suspicious activities

Incident Response Plan: Documented procedures for breach detection, containment, and recovery

Backup & Recovery: Daily backups with tested disaster recovery procedures

Business Continuity: Redundant systems ensuring 99.9% uptime SLA

Detection: Continuous monitoring systems alert security team of potential breaches

Assessment: Within 24 hours, assess scope, severity, and affected data

Containment: Immediate action to stop unauthorized access and prevent further breach

Investigation: Forensic analysis to determine cause and extent of breach

Remediation: Implement corrective measures to prevent recurrence

DPDPA Compliance: Notify Data Protection Board of India as soon as reasonably possible

GDPR Compliance: If EU data subjects affected, notify relevant supervisory authority within 72 hours

Information Provided: Nature of breach, categories of data affected, approximate number of individuals, consequences, and remedial measures

High-Risk Breaches: Direct notification to affected individuals without undue delay

Notification Method: Email to registered email address, prominent website notice

Information Provided: Nature of breach, data involved, potential consequences, steps taken, recommended actions

Support: Dedicated support channel established for affected users

United States: For cloud hosting services (AWS US East, Google Cloud US) - covered by Standard Contractual Clauses

European Union: For some European clients and GDPR-compliant processing

Singapore: For backup and disaster recovery services

We do not transfer data to countries deemed inadequate by Indian or EU authorities unless with explicit consent and approved transfer mechanisms

Standard Contractual Clauses (SCCs): EU-approved SCCs with all processors outside India/EU

Adequacy Decisions: We transfer to countries recognized as providing adequate protection

Binding Corporate Rules: For intra-group transfers (if applicable)

Data Processing Agreements: Contractual obligations requiring equivalent protection

Encryption: All international transfers encrypted in transit and at rest

You can request information about specific safeguards applied to your data

You can object to international transfers if not adequately protected

You can request that data be processed only in India (may limit service availability)

Contact our Data Protection Officer for transfer-related inquiries

Primary Provider: [Specify - e.g., Amazon Web Services (AWS) / Google Cloud Platform]

Purpose: Website hosting, database management, server infrastructure

Location: India (primary), with backup in Singapore

Safeguards: ISO 27001, SOC 2 Type II certified, Data Processing Agreement, encryption

Google Analytics: Website analytics, user behavior analysis - IP anonymization enabled

Google Tag Manager: Tag and tracking code management

Hotjar / Similar: Heatmaps and user experience analytics (if used)

All analytics cookies require explicit consent before activation

Email Service Provider: [Specify - e.g., SendGrid, Amazon SES] for transactional and marketing emails

CRM System: [Specify - e.g., HubSpot, Zoho CRM] for customer relationship management

Communication Tools: [Specify - Slack, Microsoft Teams] for internal and client communication

All providers have executed DPAs with equivalent data protection commitments

Payment Gateway: [Specify - Razorpay, PayU, Stripe] - PCI DSS Level 1 certified

We do NOT store credit/debit card information on our servers

Payment data processed directly by PCI DSS compliant processors

We receive only transaction confirmations, not payment credentials

Security Monitoring: Cloudflare for DDoS protection and CDN

Error Tracking: [Specify - Sentry, LogRocket] for application error monitoring

Backup Services: Automated encrypted backups with secure providers

GitHub / GitLab: Code repository (no customer data stored)

Project Management: [Specify - Jira, Asana, Trello] for project tracking

Cloud Storage: Google Drive / Dropbox for document collaboration with encryption

Strictly Necessary Cookies (Always Active): Essential for website functionality, security, and session management. Cannot be disabled. Example: Authentication cookies, security tokens.

Performance & Analytics Cookies (Requires Consent): Help us understand how visitors interact with our website. Example: Google Analytics, page view tracking. Duration: Up to 26 months.

Functional Cookies (Requires Consent): Remember your preferences and settings. Example: Language preference, cookie consent choices. Duration: Up to 12 months.

Marketing & Advertising Cookies (Requires Consent): Track your browsing across websites to show relevant ads. Example: Facebook Pixel, LinkedIn Insight Tag. Duration: Up to 12 months.

First Visit: Cookie consent banner appears requiring explicit consent before non-essential cookies are set

Granular Control: You can accept all, reject all, or customize by category

Consent Storage: Your preferences are stored for 12 months

Update Preferences: Access cookie preference center anytime from website footer

Withdrawal: Withdraw consent anytime; cookies will be deleted within 48 hours

Google Analytics: __ga, __gid - Analytics and performance tracking

Facebook Pixel: _fbp - Conversion tracking and remarketing (if used)

LinkedIn Insight: li_at - B2B marketing and analytics (if used)

These cookies are subject to third-party privacy policies. We do not control these cookies.

Browser Settings: Configure your browser to block or delete cookies (may affect functionality)

Google Analytics Opt-out: Install Google Analytics Opt-out Browser Add-on

Do Not Track: We respect DNT browser signals where technically feasible

Mobile Devices: Adjust privacy settings in device settings

Web Beacons: Small graphics used in emails to track opens (can be disabled by disabling images)

Local Storage: Browser storage for preferences (not used for tracking)

Session Storage: Temporary storage cleared when browser closes

We do NOT currently use automated decision-making that produces legal or similarly significant effects

We do NOT use AI or algorithms to make decisions about service provision, pricing, or eligibility

Any analytics or profiling is for internal business intelligence only and does not affect your rights

If we implement automated decision-making in the future, we will:

Provide explicit notice and obtain separate consent

Explain the logic, significance, and consequences

Offer the right to human review of automated decisions

Update this privacy policy with detailed information

Request a copy of personal data we hold about you

Information about processing purposes, categories, recipients, and retention periods

First copy provided free; reasonable fee for additional copies

Response within 30 days of verified request

Request correction of inaccurate or incomplete personal data

Update your information to ensure accuracy

We will notify third parties of corrections where necessary

Correction completed within 15 days

Request deletion of your personal data ("Right to be Forgotten")

We will delete unless retention is required by law or legitimate purposes

Backups will be purged within 90 days

Anonymized data may be retained for statistical purposes

Deletion completed within 30 days (excluding legal retention)

Receive your personal data in structured, commonly-used, machine-readable format (CSV, JSON)

Transmit your data to another service provider

Available for data processed based on consent or contract

Provided free of charge

Withdraw consent for data processing at any time

Does not affect lawfulness of processing before withdrawal

May affect service availability

Effective within 24-48 hours

Object to processing based on legitimate interests

Object to direct marketing at any time (we will stop immediately)

Object to automated decision-making and profiling

Request restriction of processing in certain circumstances

Data stored but not processed while resolving disputes

Applies during accuracy verification or legality assessment

Nominate another individual to exercise rights on your behalf in case of death or incapacity

Nomination must be in writing and registered with us

Contact our Grievance Officer to register nomination

Email: Send request to arkservice06@gmail.com with subject "Data Privacy Request"

Include: Full name, email address, phone number, specific right you wish to exercise

Online Form: Use our dedicated Data Subject Request form at arkservices.in/privacy-request (if available)

Written Request: Mail to our registered office address

We must verify your identity before processing requests

Required: Government-issued ID proof (Aadhaar, PAN, Passport, Driver's License)

Additional verification may be requested for sensitive requests

Verification typically completed within 5 business days

Acknowledgment: Within 3 business days of receiving request

Response: Within 30 days of verified request

Extension: Up to 60 days for complex requests (with notification)

Status Updates: Provided every 15 days for ongoing requests

We do not charge fees for most data subject requests

Reasonable fees may apply for: manifestly unfounded or excessive requests, additional copies beyond the first free copy

Fees will be disclosed before processing

If we cannot fulfill your request, we will explain reasons

You have the right to lodge a complaint with the Data Protection Board of India

You can appeal our decision through our Grievance Redressal mechanism

Email: Send detailed complaint to arkservice06@gmail.com with subject "Grievance"

Include: Your name, contact details, nature of grievance, supporting documents

Phone: Call +91 9219802377 during working hours

Written: Mail to our registered office address

Acknowledgment: Within 24 hours of receiving grievance

Investigation: Thorough investigation of complaint

Resolution: Within 15 days of acknowledgment (may be extended to 30 days for complex cases)

Communication: Regular updates every 7 days

Escalation: If unresolved, escalate to senior management

You have the right to lodge a complaint with the Data Protection Board of India

Website: [Data Protection Board website - to be notified]

For EU residents: Contact your local Data Protection Authority

Legal remedies available as per applicable laws

Monitoring compliance with DPDPA and other data protection laws

Advising on data protection impact assessments

Cooperating with Data Protection Board of India

Acting as contact point for data subjects and authorities

Our services are not intended for individuals under 18 years of age

We do not knowingly collect personal data from minors without verifiable parental consent

If you are under 18, do not use our services or provide any personal information

If services are provided to minors (under 18), we obtain verifiable parental consent

Parents can review, correct, or delete their child's information

Parents can revoke consent at any time

Consent verification: Email confirmation, signed consent form, phone verification

If we learn we have collected data from a minor without consent, we will delete it immediately

Parents can contact us at arkservice06@gmail.com to request deletion

Deletion completed within 7 days of notification

Email Newsletters: Industry insights, service updates, company news

Promotional Offers: Special discounts, new service announcements

Case Studies & Resources: Educational content, whitepapers, webinars

Frequency: Maximum 2-4 emails per month

Explicit consent obtained through checkbox on forms

Double opt-in for email newsletters (confirmation email sent)

Clear information about communication types and frequency

Separate consent for different communication types

Every marketing email contains clear unsubscribe link

One-click unsubscribe process (no login required)

Processed within 24-48 hours

Confirmation email sent after unsubscribe

Transactional emails (receipts, service updates) continue unless account deleted

Email arkservice06@gmail.com with "Unsubscribe" in subject

Call +91 9219802377

Update preferences in your account settings (if applicable)

Minor Changes: Updated policy posted on website with "Last Updated" date changed

Material Changes: Email notification to registered users + prominent website banner for 30 days

Significant Changes: Additional consent may be requested if new processing purposes introduced

New purposes for data processing

Sharing data with new categories of third parties

Transferring data to additional countries

Changes to data retention periods

Significant changes to your rights

Review updated policy before continued use

Contact us with questions about changes

Withdraw consent if you disagree with changes

Request deletion of your data

Previous versions archived and available upon request

Contact arkservice06@gmail.comfor historical policy versions

Digital Personal Data Protection Act, 2023 (DPDPA)

Information Technology Act, 2000 and Rules

Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011

Indian Contract Act, 1872

Other applicable laws of India

Courts of Lucknow, Uttar Pradesh, India shall have exclusive jurisdiction

Any disputes arising from this policy shall be subject to Lucknow jurisdiction

For EU data subjects: GDPR provisions and EU member state laws also apply

Good Faith Negotiation: First attempt resolution through direct communication

Grievance Mechanism: Use our grievance redressal process

Regulatory Complaint: File with Data Protection Board of India if unresolved

Legal Action: As a last resort, through competent courts

Email: arkservice06@gmail.com

Phone: +91 9219802377

Address: thakur market Anorakalan, Lucknow, Uttar Pradesh - 226028, India

Website: www.arkservices.in

Response Time: 2-3 business days for general inquiries