Privacy Policy

This Privacy Policy (“Policy”) explains how Quark Consulting Group (QCG) collects, uses, discloses, processes, and protects personal and professional information.

The Policy applies to:

• All clients, visitors, vendors, employees, and business associates;

• All websites, forms, digital services, and consulting engagements operated by QCG; and

• All data collected through digital, contractual, or professional interactions.

QCG adheres to the highest standards of confidentiality, integrity, and accountability, and operates under the governance-first philosophy that underpins all its advisory work.

This Policy is governed by and compliant with:

• Digital Personal Data Protection Act, 2023 (India)

• Information Technology Act, 2000 and Rules, 2011

• Companies Act, 2013 (India)

• General Data Protection Regulation (EU GDPR) – for international clients

• ISO 27001: Information Security Management System standards

Wherever applicable, the stricter of the above laws shall prevail.

QCG collects only such information as is necessary, lawful, and relevant to the execution of services.

Data collected may include:

(a) Personal Identifiers

Name, title, designation, contact information, postal address, email ID, and phone number.

(b) Professional & Business Data

Company name, registration details, tax identification, employment information, and business domain.

(c) Engagement Data

Information exchanged during projects, reports, proposals, legal documents, or compliance submissions.

(d) Technical Data

IP address, browser type, device identifiers, system logs, and cookies.

(e) Sensitive Personal Data (if applicable)

Data voluntarily provided under NDA for compliance, HR, audit, or legal purposes.

Such data is collected only with explicit consent.

QCG processes data for the following lawful purposes:

1. To provide consulting, governance, compliance, and audit services.

2. To verify client identity, project legitimacy, and regulatory status.

3. To issue proposals, contracts, invoices, and statutory communications.

4. To improve service quality, analytics, and digital experience.

5. To comply with statutory reporting obligations under Indian law.

6. To communicate insights, publications, or service updates (only with consent).

QCG shall not use personal data for any secondary purpose without explicit prior consent.

By interacting with QCG, submitting information, or engaging services, you consent to:

• QCG’s lawful collection and processing of your information;

• Secure storage of data within India and/or internationally (as required);

• Controlled use solely for engagement-related purposes.

Clients may withdraw consent at any time, subject to legal or contractual obligations.

QCG retains data only for as long as:

• The engagement remains active; or

• Legally required under Indian law (e.g., Companies Act, Income Tax, or DPDP Act); or

• Necessary for audit, defense, or compliance documentation.

Upon expiry or client request, data is securely archived, anonymized, or permanently deleted using certified data erasure methods.

QCG implements multi-layered data protection protocols, including:

• AES-256 encryption and SSL-secured servers;

• Restricted access on a role and project basis;

• Multi-factor authentication (MFA) for internal systems;

• Confidentiality and non-disclosure obligations for all personnel;

• Periodic third-party IT audits and compliance assessments;

• Incident response framework under ISO 27001 guidelines.

Despite robust safeguards, no system is infallible; QCG disclaims liability for breaches beyond its reasonable control.

QCG does not sell, lease, or trade any personal data.

Limited disclosure may occur to:

• Government or regulatory authorities (when legally compelled);

• External counsel, accountants, or IT vendors under confidentiality agreements;

• Partner consultants working under QCG’s direct supervision; or

• Authorized platforms (e.g., secure cloud or CRM tools).

Every third-party engagement is governed by written agreements ensuring equivalent data protection standards.

In cross-border engagements, data may be processed or stored on secure servers outside India.

Such transfers are conducted in accordance with:

• DPDP Act, 2023 (India)

• GDPR data transfer mechanisms (Standard Contractual Clauses)

All data transferred internationally is encrypted, access-controlled, and monitored through secure cloud environments.

Under applicable privacy laws, individuals have the right to:

1. Access their data held by QCG

2. Request correction, update, or deletion

3. Withdraw consent for processing

4. Restrict or object to specific uses

5. Request data portability (if applicable)

All such requests can be sent to legal@quarkconsultant.com.

QCG will respond within 30 working days, as required under Indian and international standards.

QCG uses minimal, privacy-safe tracking tools for operational analytics, such as:

• Session cookies for navigation;

• Google Analytics (anonymized IP tracking);

• Security logging tools for cyber protection.

Users may disable cookies in their browser without affecting site access.

QCG’s services are directed exclusively to professionals and legal entities.

We do not knowingly collect or store information from individuals under 18 years of age.

QCG may disclose data:

• To comply with lawful requests, court orders, or regulatory mandates;

• To prevent fraud, misconduct, or security incidents;

• To enforce our Terms & Conditions or contractual rights.

Such disclosures shall be narrowly tailored and legally justified.

Name: Data Protection Officer

Entity: Quark Consulting Group (QCG)

Email: legal@quarkconsultant.com

Address: New Delhi – 110001, India

The DPO oversees implementation, redressal, and compliance with this Policy under the DPDP Act and IT Act.

QCG reserves the right to revise this Policy periodically.

Updates shall be posted on our website with a new effective date.

All material changes will be notified through our official communication channels.

To the fullest extent permitted by law, QCG shall not be liable for:

• Loss, corruption, or unauthorized access beyond reasonable security control;

• Errors or omissions caused by third-party platforms;

• Consequential damages arising from data use.

QCG’s total liability shall be limited to the value of services rendered under the engagement in question.

This Policy and all disputes hereunder shall be governed by the laws of India, specifically:

• Digital Personal Data Protection Act, 2023

• Information Technology Act, 2000

• Arbitration and Conciliation Act, 1996

The exclusive jurisdiction shall rest with the courts of New Delhi, India, irrespective of the user’s location or nationality.

For international clients, arbitration may be conducted under SIAC or UNCITRAL rules, seated in New Delhi.

QCG provides consulting and governance services on a professional basis.

All information collected is used strictly for lawful business purposes and is not shared, monetized, or exploited in any manner inconsistent with this Policy.

By using our website or services, you acknowledge that you have read, understood, and agreed to the terms of this Privacy Policy.