Comprehensive Cookie & Digital Tracking Policy

This Policy defines QCG’s principles and governance framework for the lawful, transparent, and ethical use of cookies and comparable digital identifiers (“cookies”) across all web domains, portals, and digital interfaces operated by QCG.

Its purpose is to:

• establish clear accountability for data captured through automated technologies;

• align QCG’s online operations with Indian and global privacy laws; and

• ensure informed user consent and defensible audit trails for regulators, clients, and investors.

QCG’s digital tracking practices comply with and are interpreted in accordance with:

• Digital Personal Data Protection Act, 2023 (India);

• Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011**;

• General Data Protection Regulation (EU 2016/679) (GDPR);

• ePrivacy Directive (2002/58/EC) and amendments; and

• ISO 27001 and ISO 27701 information-security controls.

Where conflict arises, the standard affording greater privacy protection prevails.

“Cookies” include any digital identifiers (HTTP cookies, local storage objects, beacons, pixels, SDK trackers, or similar scripts) that store or access information on a user’s device to enable website operation, analytics, or personalization.

QCG’s use of cookies is guided by the following five principles:

1. Lawfulness & Fairness – No cookie is deployed without a legitimate, documented purpose.

2. Transparency – All categories, purposes, and durations are publicly disclosed herein.

3. Data Minimization – Only essential data (aggregated / non-personal where possible) is processed.

4. Security & Integrity – Encrypted transmission + controlled access.

5. Accountability – Audit logs maintained by QCG’s Data Protection Officer (DPO).

Category Purpose Examples Retention Legal Basis

Strictly Necessary Enable core site navigation, session persistence, load balancing, and security authentication. Session ID, CSRF token Session only Legitimate Interest

Functional Store user preferences (language, region, consent status). Preference cookie 6 months Consent

Analytics / Performance Measure traffic and behavior for continuous improvement. Google Analytics (anonymous IP), LinkedIn Insights 13 months Consent

Security / Fraud Detection Identify abuse, unauthorized access, and cyber threats. Firewall token, reCAPTCHA Session only Legitimate Interest

Compliance / Consent Management Record user choices regarding cookie usage. CookieConsentStatus 12 months Legal Obligation

QCG does not deploy marketing or behavioral-profiling cookies without a separate, explicit opt-in.

Cookies support QCG in:

• delivering secure and reliable website functionality;

• understanding aggregated user interaction metrics;

• improving content relevance and navigation experience;

• safeguarding digital assets against fraudulent or malicious activities; and

• maintaining statistical records required for audit and regulatory reporting.

On first access, users are shown a granular consent banner distinguishing essential and non-essential cookies.

Consent is recorded and timestamped for evidentiary purposes.

Users may review or withdraw consent at any time through the “Cookie Settings” link in the footer or by clearing browser cookies.

Withdrawal of consent does not affect the lawfulness of prior processing.

Certain services used by QCG (e.g., analytics, video hosting, form integration) may deploy third-party cookies. All third parties are screened for:

• data-processing agreements (DPAs) under DPDP and GDPR;

• encryption and access-control certifications; and

• cross-border transfer compliance via Standard Contractual Clauses (SCCs).

A current register of third-party processors is maintained by the QCG DPO and is available upon written request.

All cookie-related data is processed within QCG’s controlled IT environment or certified cloud vendors with the following controls:

• TLS 1.3 encryption in transit;

• AES-256 encryption at rest;

• daily log review and threat detection;

• annual vulnerability assessments; and

• ISO 27001 certified security management processes.

Cookie data is retained only for its specified purpose and duration. After expiry or withdrawal of consent, data is automatically purged from servers and browser storage through standard deletion scripts.

QCG does not knowingly use cookies to collect data from individuals under 18 years of age. All digital content is intended for business and professional audiences only.

Users are encouraged to:

• review this Policy periodically;

• configure browser settings to manage cookies per preference; and

• notify QCG of any suspected misuse at legal@quarkconsultant.com.

This Policy is approved by QCG’s Governance Committee and reviewed annually by the Data Protection Officer in consultation with Legal and IT Risk teams. Version control records are maintained for five years.

Violations of this Policy by employees, vendors, or partners may lead to disciplinary action including termination of contract, legal remedy, or regulatory reporting under the DPDP Act and IT Rules. All breach notifications will follow the QCG Incident Response Procedure.

Data Protection Officer (DPO)

Quark Consulting Group (QCG)

legal@quarkconsultant.com 

New Delhi – 110001, India

Complaints or requests will be acknowledged within 72 hours and resolved within 30 working days in accordance with Section 13 of the DPDP Act.

QCG reserves the right to amend this Policy to reflect technological or regulatory changes. The revised version will carry a new effective date and supersede all previous editions. Historic versions will be retained for audit for a minimum of three years.

This Policy shall be governed by the laws of India, including the Digital Personal Data Protection Act 2023, the Information Technology Act 2000, and the Arbitration & Conciliation Act 1996.

All disputes arising hereunder shall be subject to the exclusive jurisdiction of the competent courts at New Delhi, India.

QCG does not collect personally identifiable information through cookies unless explicitly provided by the user. Use of this website constitutes informed consent to lawful cookie deployment under this Policy. This document forms an integral part of QCG’s Privacy Policy and Terms & Conditions.