Controller / Contact

Krimatix Pvt Ltd (hereinafter “Krimatix”, “we”, “us” or “our”) is the data controller for personal data collected via this website (https://www.krimatix.com/) unless otherwise stated.

General contact: info@krimatix.com | Phone: +91-9963603937

Data Protection / Privacy contact (DPO): privacy@krimatix.com

Scope and Legal Compliance

This Privacy Policy (“Policy”) explains how Krimatix collects, uses, discloses, transfers, and protects personal data collected from visitors, prospects, clients, and other users of the website, and describes individuals’ rights and choices. The Policy is intended to reflect and align with major global privacy frameworks, including India’s Digital Personal Data Protection Act (DPDPA), the EU General Data Protection Regulation (GDPR), California’s CCPA/CPRA, Brazil’s LGPD, and applicable GCC/ UAE data protection requirements. It also addresses cross-border transfers and related safeguards.

Categories of Personal Data We Collect

We may collect and process the following categories of personal data, where necessary for the purposes set out below:

• Identity & profile: name, title, employer, job title, professional qualifications, business contact details.
• Contact: email, postal address, telephone number, support correspondence.
• Commercial & transactional: invoicing details, payment/transaction records (where applicable), contractual records.
• Technical & usage: IP address, device identifiers, browser and device type, operating system, pages visited, referral URL, timestamps, cookies and analytics data.
• Communications & marketing: marketing preferences, opt-in consent status, correspondence records.
• Sensitive or special categories: we do not normally collect “special categories” of data (e.g., health, caste, religion, political opinions) through the website. If such data is submitted (e.g., via job applications), we will only process it where we have a lawful basis and appropriate safeguards.

Sources of Personal Data

• Data subjects directly (forms, chat, email, event registrations);
• Corporate clients and service providers (onboarding, procurement);
• Publicly available sources (business directories, LinkedIn where legally permitted);
• Third-party service providers and analytics vendors (cookies, analytics); and
• Where permitted by law, from authorized representatives or lawful agents.

Purposes of Processing & Legal Bases (where applicable)

We process personal data for legitimate business purposes, including:

• Provision of services, onboarding and contract performance (contractual necessity).
• Customer support and relationship management (contract or legitimate interest).
• Marketing and business development (consent where required; legitimate interest for B2B communications balanced against user rights).
• Website functionality, analytics and improvement (legitimate interest; consent for non-essential cookies).
• Fraud prevention, security and compliance (legal obligation and legitimate interest).
• Recruitment and HR processing (consent and/or contractual/ legal basis depending on role).

For EU data subjects, the specific lawful bases include consent, performance of a contract, compliance with a legal obligation, vital interests (rare), public interest (rare), and legitimate interests (when balanced appropriately). For California residents, additional consumer rights and opt-out mechanisms apply (see Section 10). For Brazil, India and GCC jurisdictions, relevant local legal grounds and requirements will be applied consistent with their laws.

Cookies, Tracking and Similar Technologies

We use cookies and similar technologies to operate the site, measure and improve performance, and for marketing. When cookies are not strictly necessary, we will obtain consent where required by law. You can manage or withdraw cookie consent via the cookie banner or your browser settings; note this may affect website functionality.

Disclosure and Recipients of Personal Data

We may disclose personal data to:

• Service providers/processors (hosting, analytics, CRM, payment processors, email providers) under contract containing data protection clauses;
• Professional advisors (legal, auditors) where necessary;
• Affiliates and group companies under intra-group agreements and safeguards;
• Law enforcement, regulators or courts where required by law or to protect rights; and
• Potential acquirers or advisors in the event of a corporate transaction (subject to confidentiality and legal safeguards).

All third parties are required to process data on our instructions and to implement appropriate security and confidentiality safeguards.