XperiServ

Personal Data Protection Policy

XperiServ > Personal Data Protection Policy

Personal Data Protection Policy

Company: Xperiserv Technologies

Effective Date: December 12, 2025

Overview

This Personal Data Protection Policy describes how Xperiserv Technologies (“we,” “our,” or “us”) collects, processes, stores, and protects personal data of our users and clients globally.

We are committed to upholding privacy standards under:

  • India: Digital Personal Data Protection Act, 2023 (DPDPA 2023)

  • European Union: General Data Protection Regulation (GDPR – Regulation (EU) 2016/679)

  • United States: Applicable federal and state-level privacy principles (e.g., CCPA, CPRA)

This policy ensures transparency, lawful data processing, and user control across all jurisdictions where we operate.

1. What We Collect

We collect only the data necessary to provide and improve our services. This may include:

  • Personal Identification Data: Name, email address, phone number, and account details.

  • Technical and Usage Data: IP address, device information, browser type, and usage logs.

  • Communication Data: Customer support messages, feedback, and service inquiries.

  • Payment Data: Processed securely through third-party payment partners (we do not store card or banking details).

2. Purpose of Data Collection

We use personal data for the following purposes:

  • To provide and manage our digital services.

  • To communicate updates, invoices, or service notices.

  • To enhance website and platform security.

  • To comply with legal obligations under applicable laws.

  • To improve our products and user experience.

3. Legal Basis for Processing

For India (DPDPA 2023):

  • Data is processed based on explicit user consent or other lawful purposes disclosed at the time of collection.

  • Users have full rights to access, correct, and erase their personal data.

For the European Union (GDPR):

We process data under one or more of the following lawful bases:

  • Consent: When you explicitly agree to data processing.

  • Contractual Necessity: To provide the services you request.

  • Legal Obligation: To comply with EU or member state law.

  • Legitimate Interest: For security, fraud prevention, or service improvement, provided it does not override your rights.

For the United States (CCPA/CPRA and Other Laws):

  • We comply with U.S. privacy standards ensuring transparency, user control, and data minimization.

  • California residents may request details on data categories collected, opt-out of data sharing, and request deletion under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).

4. User / Data Subject Rights

India (DPDPA 2023):

  • Right to access, correction, erasure, and grievance redressal.

  • Right to nominate another person to exercise your rights.

European Union (GDPR):

  • Right to access and portability.

  • Right to rectification and erasure (“Right to be Forgotten”).

  • Right to restrict or object to processing.

  • Right to withdraw consent at any time.

  • Right to lodge a complaint with your national data protection authority.

United States:

  • Right to know what data is collected.

  • Right to request deletion.

  • Right to opt-out of data sharing or sale (where applicable).

  • Right to non-discrimination for exercising privacy rights.

5. Security of Data

We implement multiple layers of protection to safeguard user data:

  • SSL/TLS encryption for data transfer.

  • Secure cloud infrastructure and firewalls.

  • Access control and staff confidentiality agreements.

  • Periodic vulnerability testing and audits.

  • Breach notification procedures in compliance with global laws.

All third-party vendors and partners (including payment processors like Razorpay, Paytm, PhonePe, and Easebuzz) maintain PCI DSS and equivalent data protection certifications.

6. Data Retention

We retain personal data only as long as required to:

  • Fulfill the purpose for which it was collected,

  • Comply with legal or regulatory obligations,

  • Resolve disputes or enforce agreements.

Once data is no longer needed, it is securely deleted or anonymized.

7. Cross-Border Data Transfers

  • India: Transfers allowed only to countries approved by the Government of India.

  • EU/EEA: Transfers outside the EEA are made under Standard Contractual Clauses (SCCs) or other approved safeguards.

  • United States: Data transfers comply with applicable frameworks and contractual guarantees ensuring equivalent protection.

8. Children’s Privacy

We do not knowingly collect data from children under the age defined by applicable laws (e.g., under 18 in India or under 16 in the EU) without verified parental consent.

9. Sharing of Data

We may share data only when necessary:

  • With trusted vendors and partners under strict data protection agreements.

  • For payment processing, fraud prevention, or cloud hosting.

  • With government or law enforcement agencies when required by law.
    We do not sell personal data to any third party.

10. Grievance and Contact

If you have questions, complaints, or requests regarding your data rights:

Grievance Officer (India):
Name: (As published on our website)
Email: developer.support@xperiserv.in (or the address listed on our website)
Address: (Company registered office)

EU Representative:
For EU data subjects, please contact us via the same email with the subject “GDPR Request”.

US Clients:
For U.S. users, please email us at developer.support@xperiserv.in with the subject “US Privacy Request”.

We will respond to all verified requests within the timeframe required by applicable law.

11. Legal Jurisdiction

Any dispute, claim, or legal proceeding arising out of or relating to this Privacy and Data Protection Policy shall be:

  • Governed by the laws of India, including the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000, and applicable rules and regulations.

  • Subject to the exclusive jurisdiction of the competent courts of Cuttack, Odisha, India, where Xperiserv Technologies is registered and operates its principal business.

In the event of an international dispute involving EU or US clients, parties shall first attempt to resolve the issue through good-faith negotiation. If unresolved, the matter will be handled under Indian jurisdiction unless otherwise required by mandatory foreign law.

12. Policy Updates

We may update this policy to reflect new legal or operational requirements.
The latest version will always be published on our official website, with the date of the last update clearly mentioned.

© 2025 Xperiserv Technologies. All rights reserved.
For privacy-related queries or legal concerns, contact our grievance officer via details available on our official website.