Privacy Policy

1. Introduction

Trivio Global Private Limited ("Trivio Global," "we," "us," or "our") is a company incorporated under the Companies Act, 2013 of India, with its registered office at Plot 77, Road No. 7, Kolan Shiva Reddy Nagar, Hyderabad, Kuntloor, Telangana 501505, India.

This Privacy Policy ("Policy") describes how we collect, use, store, disclose, and protect information obtained through our website www.trivioglobal.com (the "Website"), our applications, and any related services (collectively, the "Services").

This Policy is published in compliance with the Information Technology Act, 2000 ("IT Act"), the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), the Digital Personal Data Protection Act, 2023 ("DPDPA"), and the General Data Protection Regulation (EU) 2016/679 ("GDPR") to the extent applicable.

By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Policy. If you do not agree with any part of this Policy, please do not use our Services.

2. Information We Collect

We may collect and process the following categories of information when you interact with our Services:

2.1 Personal Data Provided by You

• Identity Information: Full name, job title, company or organisation name.
• Contact Information: Email address, telephone number, postal address.
• Account Information: Username, password, and other credentials if you create an account.
• Communication Data: Messages, feedback, and any other information you provide when contacting us via forms, email, or support channels.
• Financial Information: Billing address, payment card details, and transaction history (processed via secure third-party payment processors).

2.2 Information Collected Automatically

• Usage Data: Pages visited, time spent on pages, click-stream data, referral URLs, and navigation paths.
• Device Information: IP address, browser type and version, operating system, device identifiers, screen resolution, and language preferences.
• Location Data: Approximate geographic location derived from your IP address.
• Cookies & Tracking Technologies: Data collected through cookies, web beacons, pixels, and similar technologies. Please see Section 10 (Cookies) for details.

2.3 Information from Third Parties

We may receive information about you from third-party sources such as business partners, analytics providers, advertising networks, and publicly available databases, which we may combine with other information we collect about you.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide, operate, maintain, and improve our Services, including processing transactions and fulfilling contractual obligations.
• Communication: To respond to your inquiries, send service-related notices, updates, promotional communications (with your consent), and administrative messages.
• Personalisation: To personalise your experience and deliver content, features, and recommendations relevant to your interests.
• Analytics & Improvement: To analyse usage trends, monitor the effectiveness of our Services, conduct research, and improve our Website and offerings.
• Security: To detect, prevent, and address fraud, security vulnerabilities, and technical issues.
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.
• Recruitment: To process job applications submitted through our careers section.

4. Legal Basis for Processing

We process your personal data on one or more of the following legal bases, as applicable under the DPDPA and GDPR:

• Consent: Where you have provided clear, informed, and unambiguous consent for specific processing activities (e.g., marketing communications, cookie consent). You may withdraw consent at any time without affecting the lawfulness of processing performed prior to withdrawal.
• Contractual Necessity: Where processing is necessary for the performance of a contract to which you are a party, or to take pre-contractual steps at your request (e.g., providing our Services, processing payments).
• Legitimate Interests: Where processing is necessary for our legitimate business interests, such as fraud prevention, network and information security, business development, and service improvement, provided such interests are not overridden by your rights and freedoms.
• Legal Obligation: Where processing is necessary to comply with a legal or regulatory obligation to which we are subject under Indian or other applicable laws.

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data to any third party for their marketing purposes. We may share your information only in the following circumstances:

• Service Providers: With trusted third-party vendors and service providers who perform services on our behalf, including web hosting, cloud infrastructure, data analytics, payment processing, email delivery, and customer support. These providers are contractually obligated to protect your data and use it only for the purposes for which it was disclosed.
• Business Transfers: In connection with, or during negotiations of, any merger, acquisition, sale of assets, financing, or transfer of all or a portion of our business, your data may be transferred as part of such transaction.
• Legal Requirements: Where required by law, regulation, legal process, or governmental request, or where we believe in good faith that disclosure is necessary to protect our rights, your safety or the safety of others, investigate fraud, or respond to a government request.
• With Your Consent: Where you have provided explicit consent for sharing your information with identified third parties.

6. Data Retention

We retain your personal data only for as long as is reasonably necessary to fulfil the purposes for which it was collected, including to satisfy any legal, regulatory, accounting, or reporting requirements.

To determine the appropriate retention period, we consider the amount, nature, and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure, the purposes for which we process the data, whether we can achieve those purposes through other means, and applicable legal, regulatory, tax, accounting, or other requirements.

Upon expiry of the applicable retention period, or upon your valid request for deletion (subject to applicable law), we will securely delete or anonymise your personal data. Where anonymisation is used, the anonymised data may be retained indefinitely for research and analytical purposes.

7. Your Rights

Depending on your location and applicable laws (including the DPDPA and GDPR), you may have the following rights regarding your personal data:

• Right to Access: You have the right to obtain confirmation as to whether your personal data is being processed and, if so, to access that data along with a summary of the processing activities.
• Right to Correction: You have the right to request correction or completion of inaccurate or incomplete personal data.
• Right to Erasure: You have the right to request the deletion of your personal data where it is no longer necessary for the purpose for which it was collected, or where you have withdrawn consent, subject to applicable legal obligations.
• Right to Data Portability: Where technically feasible, you have the right to receive your personal data in a structured, commonly used, and machine-readable format.
• Right to Withdraw Consent: Where processing is based on consent, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal.
• Right to Restrict Processing: You may request that we restrict the processing of your personal data in certain circumstances.
• Right to Object: You may object to the processing of your personal data where processing is based on our legitimate interests.
• Right to Nominate: Under the DPDPA, you have the right to nominate another individual to exercise your rights in the event of your death or incapacity.
• Right to Grievance Redressal: You have the right to lodge a complaint with our Grievance Officer (see Section 13) or with the Data Protection Board of India or the relevant supervisory authority in your jurisdiction.

To exercise any of these rights, please contact us at info@trivioglobal.com. We will respond to your request within the time frame prescribed by applicable law (typically within 30 days).

8. Data Security

We implement reasonable security practices and procedures as required under the IT Act and SPDI Rules, including but not limited to security standards that are commensurate with the information assets being protected, consistent with internationally recognised standards such as ISO/IEC 27001.

Our security measures include:

• Encryption of personal data in transit (TLS/SSL) and at rest using industry-standard encryption algorithms.
• Role-based access controls and multi-factor authentication for systems containing personal data.
• Regular security assessments, vulnerability scanning, and penetration testing.
• Secure software development lifecycle practices, including code reviews and security testing.
• Employee training and awareness programmes on data protection and information security.
• Incident response procedures for prompt detection, containment, and notification of data breaches.

While we strive to use commercially acceptable means to protect your personal data, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security but are committed to promptly notifying affected individuals and relevant authorities in the event of a data breach as required by applicable law.

9. International Data Transfers

Your personal data may be processed and stored in India, the United States of America, and other countries where our service providers operate. These countries may have data protection laws that are different from the laws of your country of residence.

Where we transfer personal data outside of India, we ensure that such transfers are made in accordance with applicable law, including the DPDPA and any notifications issued by the Central Government of India regarding permissible jurisdictions for data transfers. Where required, we implement appropriate safeguards, including:

• Standard Contractual Clauses (SCCs) approved by the European Commission for transfers originating from the European Economic Area.
• Data processing agreements with service providers that include obligations to protect the confidentiality, integrity, and availability of personal data.
• Compliance with any adequacy decisions or transfer mechanisms prescribed under the DPDPA and its rules.

By using our Services, you acknowledge and consent to the transfer of your data to jurisdictions outside your country of residence, subject to the safeguards described above.

10. Cookies and Tracking Technologies

Our Website uses cookies and similar tracking technologies to enhance your browsing experience, analyse site traffic, and understand user behaviour. Cookies are small text files placed on your device that help us recognise your browser and capture certain information.

We use the following types of cookies:

• Strictly Necessary Cookies: Essential for the operation of our Website. These cookies enable basic functions like page navigation and access to secure areas.
• Analytics Cookies: Help us understand how visitors interact with our Website by collecting and reporting information anonymously.
• Functional Cookies: Allow us to remember choices you make (such as language or region) and provide enhanced, personalised features.
• Marketing Cookies: Used to track visitors across websites to enable the display of relevant advertisements.

You can manage your cookie preferences through your browser settings or through our cookie consent mechanism. For detailed information about the cookies we use and how to manage them, please refer to our Cookie Policy.

11. Children's Privacy

Our Services are not directed at individuals under the age of 18 years. We do not knowingly collect personal data from children under 18. In accordance with the DPDPA, we recognise children as individuals below the age of 18, and any processing of children's personal data requires verifiable consent from a parent or lawful guardian.

If we become aware that we have inadvertently collected personal data from a child without appropriate parental or guardian consent, we will take immediate steps to delete such data from our records. If you believe that we may have collected information from a child, please contact us at info@trivioglobal.com.

12. Changes to This Policy

We reserve the right to update or modify this Privacy Policy at any time to reflect changes in our practices, legal requirements, or business operations. When we make material changes to this Policy, we will:

• Update the "Last Updated" date at the top of this page.
• Post a prominent notice on our Website notifying you of the changes.
• Where required by applicable law, send you a direct notification (e.g., via email) about significant changes.

We encourage you to review this Policy periodically to stay informed about how we are protecting your information. Your continued use of our Services after any modifications to this Policy constitutes your acceptance of the revised Policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data processing practices, please contact us:

Grievance Officer

In accordance with the Information Technology Act, 2000 and the rules made thereunder, and the Digital Personal Data Protection Act, 2023, the details of the Grievance Officer are as follows:

14. Governing Law and Jurisdiction

This Privacy Policy shall be governed by and construed in accordance with the laws of India, including but not limited to the Information Technology Act, 2000, the SPDI Rules, 2011, and the Digital Personal Data Protection Act, 2023.

Any disputes arising out of or in connection with this Policy shall be subject to the exclusive jurisdiction of the courts located in Hyderabad, Telangana, India.

For users located in the European Economic Area, nothing in this clause shall limit your right to bring proceedings in the courts of your country of habitual residence or to lodge a complaint with your local supervisory authority under the GDPR.