privacy policy

This Privacy Policy explains how ByteWEB Digital, a vertical of ByteWEB IT Solutions Pvt. Ltd. (“ByteWEB Digital,” “we,” “us,” or “our”), collects, uses, discloses, and protects information when you visit our website www.bytewebdigital.com, engage us as a client, apply for a role with us, or otherwise interact with our services.

We take privacy seriously and have written this policy in plain English. If you want the short version: we only collect what we need, we don’t sell your data, and you can ask us to delete it at any time.

This policy applies to all individuals whose personal data we process, including prospective clients, active clients, website visitors, job applicants, newsletter subscribers, and third-party professionals interacting with us in a business capacity.

2.1 Information you provide directly

• Contact & business details submitted through our contact forms, estimate requests, and lead forms — typically name, company, role, email, phone, website, country, and your marketing goals or budget range.
• Job application data submitted through our careers page — full name, email, phone, city, current role, experience, résumé (PDF, DOC, or DOCX), LinkedIn or portfolio links, and any cover note you choose to share.
• Service engagement data provided during onboarding — e.g., access credentials for your own advertising, analytics, or CMS accounts (scoped and shared under separate engagement terms).
• Communications — emails, chat messages, call recordings (only when you have been notified), and meeting notes generated while working with you.

2.2 Information collected automatically

• Usage data — pages viewed, referring URL, time on page, approximate location (derived from IP), browser and device type, screen size, and similar technical details.
• Cookies & similar technologies — see section 5 below.

2.3 Information from third parties

We may receive information about you from: (a) advertising and analytics platforms (e.g., Google, Meta, LinkedIn) when you interact with our campaigns; (b) public professional profiles (e.g., LinkedIn) to the extent you make them public; and (c) referrals from existing clients or partners.

2.4 Sensitive personal data

We do not intentionally collect sensitive personal data such as financial account details beyond invoice-level data, health information, religion, political views, or biometric data. If you share such information voluntarily (for example, in a cover note on a job application), we will treat it with heightened care and delete it when no longer required.

We use the information we collect to:

• respond to enquiries, prepare estimates, and carry out pre-contract conversations;
• deliver the digital marketing services you have engaged us for;
• manage our client relationship — billing, support, account reviews, performance reporting;
• evaluate job applications and communicate with you about opportunities at ByteWEB Digital;
• send you newsletters and occasional product updates if you subscribed (you can unsubscribe at any time via the link in every email);
• improve our website, services, and marketing through aggregated analytics and testing;
• prevent fraud, enforce our Terms of Service, and comply with legal obligations.

We do not sell your personal information. We do not use it for any purpose that would meaningfully surprise you.

Under India’s Digital Personal Data Protection Act, 2023 (DPDPA), the Information Technology Act, 2000 and the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and — where you are located in the European Economic Area — the General Data Protection Regulation (EU) 2016/679 (GDPR), we rely on the following legal bases:

• Consent — when you submit a form, subscribe to our newsletter, or apply for a role. You may withdraw consent at any time by emailing [email protected].
• Contract — to perform a contract we have with you or to take steps at your request before entering into one.
• Legitimate interests — to operate, secure, and improve our services, provided those interests are not overridden by your rights and freedoms.
• Legal obligation — where we must retain or disclose information to comply with applicable law.

We use cookies and similar technologies on our website for a few specific reasons:

• Strictly necessary cookies — required for the site to function (e.g., load-balancing, CSRF protection). These cannot be disabled.
• Analytics cookies — set by services like Google Analytics 4 to help us understand aggregated, anonymised usage patterns (page popularity, device mix, drop-off points).
• Marketing cookies — used sparingly to measure the effectiveness of our advertising and to show you relevant content when you visit other sites (e.g., Google Ads, Meta Pixel, LinkedIn Insight Tag).

Most browsers let you control cookies through settings. Blocking or deleting cookies may affect some site features. We honour Global Privacy Control (GPC) signals where your jurisdiction recognises them.

We only share personal data with trusted third parties on a need-to-know basis. These fall into four categories:

1. Service providers who process data on our behalf under written agreements — for example, cloud hosting providers, email delivery platforms, CRM systems, analytics tools, payment processors, and professional advisers. They are contractually required to use your data only for the purposes we specify and to maintain appropriate security.
2. Advertising and marketing platforms — when we run campaigns on your behalf (as a client) or measure the performance of our own campaigns, we work with platforms like Google, Meta, LinkedIn, Amazon, and similar. These platforms act as independent or joint controllers for data collected through their own technologies.
3. Business transfers — if ByteWEB Digital or the ByteWEB group undergoes a merger, acquisition, restructure, or sale of assets, personal data may be transferred as part of that transaction, subject to continued protection under this policy or equivalent terms.
4. Legal & regulatory disclosures — where we are required to do so by law, court order, or competent regulator, or where we believe in good faith that disclosure is necessary to protect rights, safety, or property.

We do not sell personal data, and we do not disclose it to third parties for their own independent direct-marketing purposes.

We keep personal data only as long as we need it for the purposes described in this policy, or for longer if required by law. Indicatively:

• Enquiry and lead data — up to 24 months from your last interaction, unless you ask us to delete it sooner.
• Client engagement records — for the duration of the engagement plus 7 years, as required by Indian tax and company law.
• Job applications — up to 12 months after the role is filled or withdrawn, unless you give consent to remain in our talent pool longer.
• Newsletter subscriptions — until you unsubscribe, after which we retain a suppression record to honour your opt-out.
• Website analytics — in anonymised or aggregated form, typically up to 26 months.

When the retention period ends, we securely delete or irreversibly anonymise the data.

We use reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorised access, loss, misuse, alteration, or destruction. These include:

• encryption in transit (HTTPS) and at rest for sensitive data;
• role-based access control and least-privilege principles;
• multi-factor authentication for internal systems and client account access;
• regular security reviews and dependency updates;
• written data-processing agreements with every service provider handling personal data on our behalf.

No method of transmission or storage is 100% secure. If we become aware of a personal data breach that is likely to result in a risk to your rights, we will notify you and the relevant Data Protection Board / Supervisory Authority in accordance with applicable law.

Depending on where you live, you may have the right to:

• access the personal information we hold about you;
• correct or update information that is inaccurate or incomplete;
• erase your personal information, subject to lawful retention obligations;
• restrict or object to certain processing activities, including direct marketing;
• port your data to another service provider in a commonly used, machine-readable format;
• withdraw consent where we rely on consent as the legal basis;
• nominate another person to exercise your rights under the DPDPA in the event of your death or incapacity.

To exercise any of these rights, email [email protected]. We will respond within the timelines prescribed by law (generally 30 days under the DPDPA and GDPR). We may need to verify your identity before acting on a request.

You also have the right to lodge a complaint with the Data Protection Board of India under the DPDPA, or with your local supervisory authority if you are in the EEA or UK. That said, we’d prefer the chance to resolve any concern directly first — write to us.

ByteWEB Digital operates from India, and some of our service providers are located in the United States, the European Union, and other jurisdictions. Where personal data is transferred outside its country of origin, we use lawful transfer mechanisms — for example, (a) contractual clauses that impose data-protection obligations on the recipient equivalent to those required under the DPDPA or GDPR, or (b) transfers to countries recognised as providing an adequate level of protection.

If you would like more information about a specific transfer, contact us at [email protected].

Our website and blog articles occasionally link to third-party sites or embed third-party content (e.g., videos, embedded reports). We do not control those sites or services, and this Privacy Policy does not apply to them. We encourage you to read their own privacy notices before sharing any information.

Our services are directed to businesses and working professionals. We do not knowingly collect personal information from children under the age of 18. If you believe a child has provided us with personal information, please contact us and we will delete it promptly.

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or service offerings. When we make material changes, we will update the last updated date at the top of this page and, where appropriate, notify you by email or through a prominent notice on our website. We encourage you to review this page periodically.

If you have questions, concerns, or requests about this policy or your data, you can reach us at:

• Email: [email protected]
• Registered office: ByteWEB IT Solutions Pvt. Ltd., Vadodara, Gujarat, India.

In accordance with the Information Technology Act, 2000 and the Rules made thereunder, the name and contact details of our Grievance Officer (who also serves as our Data Protection Officer for the purposes of the DPDPA where applicable) are:

Grievance & Data Protection Officer
Email: [email protected]
We aim to acknowledge grievances within 48 hours and resolve them within the statutory 15-day window.