Privacy Policy

Data Protection & Information Security Framework

Last Updated: 09 May 2026 | Effective Date: 09 May 2026 | Version: 1.0 | Jurisdiction: India

KRT Design Studio Private Limited

KRT Design Studio Private Limited ("Studio," "KRT," "we," "us," or "our") respects the privacy and confidentiality of personal information entrusted to us by clients, partners, and website visitors.

This Privacy Policy describes how we collect, use, store, protect, and disclose personal information in accordance with applicable Indian data protection laws, including the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

By engaging our services, accessing our website www.krtdesignstudio.com, or providing personal information to the Studio, you consent to the practices described in this Policy.

Information Collection & Categories

1.1 Information Provided Directly

When you engage our services or contact the Studio, we may collect:

Name, professional title, organization name
Email address, telephone number, mailing address
Business registration details (GST, PAN, CIN if applicable)
Payment and billing information
Project requirements, design briefs, creative preferences
Communication records (emails, messages, meeting notes)

1.2 Information Collected Automatically

When you visit our website, we may automatically collect:

IP address, browser type, device information
Pages visited, time spent, navigation patterns
Referring website, search terms used to find us
Technical data for website optimization

1.3 Sensitive Personal Data

Protected Information

Under Indian law, certain categories are classified as "Sensitive Personal Data or Information" (SPDI). We do not intentionally collect SPDI (such as financial account details, biometric data, or health information) except when necessary for payment processing, in which case it is handled exclusively through secure third-party payment processors.

Legal Authority: IT Act, 2000 | IT Rules, 2011 | Personal Data Protection Bill (pending)

Use of Personal Information

We use collected information for the following purposes:

2.1 Service Delivery & Project Management

Providing design, branding, and creative consultancy services
Project communication, collaboration, and delivery
Understanding client requirements and design preferences
Managing timelines, revisions, and approvals

2.2 Business Operations

Processing payments and managing invoices
Issuing GST-compliant tax documentation
Maintaining accurate financial and business records
Responding to inquiries and providing client support

2.3 Legal & Compliance

Complying with legal obligations (tax, corporate, regulatory)
Protecting intellectual property rights
Enforcing Terms and Conditions
Resolving disputes through appropriate legal channels

2.4 Marketing & Professional Communications

Sending studio updates, portfolio highlights, new service offerings
Sharing industry insights and design perspectives (opt-in basis)
Requesting testimonials or case study participation

You may opt out of marketing communications at any time by contacting us directly.

Information Sharing & Disclosure

3.1 Limited Third-Party Disclosure

We do not sell, rent, or trade personal information. We may share information only with:

Service Providers & Professional Partners

Payment Processors: Secure payment gateways for transaction processing
Hosting & Technology Providers: Website hosting, email services, cloud storage
Production Vendors: Printers, manufacturers (only project-specific details required for production)
Professional Advisors: Legal counsel, accountants, auditors (under confidentiality obligations)

All third parties are contractually required to maintain confidentiality and use information solely for authorized purposes.

3.2 Legal Obligations

We may disclose information when required by law, court order, governmental authority, or to:

Comply with legal processes (tax authorities, regulatory bodies)
Protect Studio rights, property, or safety
Prevent fraud or unauthorized activities
Enforce contractual obligations

3.3 Portfolio & Professional Showcase

Project Visibility

Unless a specific confidentiality agreement is in place, we may display completed work in portfolios, websites, case studies, and professional publications. Project details (client name, industry) may be included unless you request anonymization.

Clients may request 12-month confidentiality for sensitive projects, after which standard portfolio rights apply.

Data Security & Protection Measures

4.1 Technical & Organizational Safeguards

We implement industry-standard security measures to protect personal information:

Secure data transmission (SSL/TLS encryption)
Password-protected systems and access controls
Regular software updates and security patches
Secure cloud storage with reputable providers
Physical security of office premises and equipment
Employee confidentiality training and agreements

4.2 Payment Security

Financial transactions are processed through secure, PCI-DSS compliant payment gateways. We do not store complete credit card or bank account details on our systems.

4.3 Data Breach Protocol

Incident Response

In the unlikely event of a data security incident, we will:

Investigate and contain the breach immediately
Notify affected individuals within a reasonable timeframe
Report to relevant authorities as required by law
Implement corrective measures to prevent recurrence

Data Retention & Deletion

5.1 Retention Periods

We retain personal information for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required by law.

Typical Retention Timelines

Active Client Data: Duration of engagement + 7 years (for tax and legal compliance)
Financial Records: 7 years (as required by Indian tax law)
Project Files: Retained for portfolio and reference purposes unless deletion requested
Marketing Communications: Until opt-out or withdrawal of consent
Website Analytics: 24 months

5.2 Deletion Requests

You may request deletion of your personal information by contacting us at krtdesignstudio@gmail.com. We will comply within 30 days, except where retention is required for:

Ongoing legal obligations (tax, compliance, dispute resolution)
Intellectual property protection and attribution rights
Legitimate business purposes (financial records, audit trails)

Your Privacy Rights

Under applicable Indian law, you have the following rights regarding your personal information:

6.1 Access & Correction

Right to Access: Request a copy of personal information we hold about you
Right to Correction: Request correction of inaccurate or incomplete information

6.2 Withdrawal of Consent

Marketing Opt-Out: Unsubscribe from promotional communications at any time
Service Impact: Withdrawal of consent for service-related data may limit our ability to provide services

6.3 Data Portability

Where technically feasible, you may request your personal information in a commonly used, machine-readable format.

6.4 Complaint & Grievance Redressal

Privacy Concerns

If you have concerns about how we handle your personal information, please contact:

Grievance Officer: KRT Design Studio Private Limited
Email: krtdesignstudio@gmail.com
Response Time: Within 30 days

You also have the right to lodge a complaint with the appropriate regulatory authority in India.

Cookies & Website Analytics

7.1 Use of Cookies

Our website may use cookies and similar tracking technologies to:

Remember your preferences and settings
Analyze website traffic and user behavior
Improve website functionality and user experience
Measure effectiveness of marketing campaigns

7.2 Cookie Categories

Essential Cookies: Required for website functionality
Analytics Cookies: Understand visitor patterns (Google Analytics or similar)
Preference Cookies: Remember your choices and settings

7.3 Managing Cookies

You can control cookies through your browser settings. Disabling certain cookies may affect website functionality. For detailed information, see our Cookie Policy.

Cross-Border Data Transfers

8.1 International Service Providers

Some of our technology service providers (hosting, email, cloud storage) may be located outside India. When we transfer data internationally, we ensure:

Service providers comply with internationally recognized data protection standards
Appropriate contractual safeguards are in place
Data is encrypted during transfer and storage
Compliance with Indian data protection requirements

8.2 International Client Projects

For projects serving clients outside India, we may transfer project-specific information as necessary for service delivery, always maintaining appropriate security measures.

Children's Privacy Protection

Our services are directed to businesses and professionals. We do not knowingly collect personal information from individuals under 18 years of age without parental consent.

If we become aware that we have inadvertently collected information from a minor, we will delete it promptly.

10.

Policy Updates & Modifications

We may update this Privacy Policy periodically to reflect:

Changes in legal or regulatory requirements
Evolution of our business practices
Enhanced privacy protection measures
New technology implementations

Material changes will be communicated through:

Updated "Last Updated" date at the top of this page
Email notification to active clients (for significant changes)
Prominent notice on our website

Continued use of our services after changes constitutes acceptance of the updated Policy.

11.

Contact & Data Protection Inquiries

For questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact:

Privacy Contact

KRT Design Studio Private Limited
Faridabad, Haryana, India 121004

Email: krtdesignstudio@gmail.com
Website: www.krtdesignstudio.com

Response Timeline: We will respond to privacy inquiries within 30 days of receipt.