Privacy Policy - Vertex IT & Systems

1. Definitions & Interpretation

In this Privacy Policy, unless the context otherwise requires:

"We," "Us," "Our," "Company" means Vertex IT & Systems, including all subsidiaries, affiliates, partners, and authorized representatives
"You," "User," "Visitor" means any individual accessing or using our Website or Services
"Website" means all web pages, subdomains, and digital properties operated by Vertex IT & Systems
"Services" means all products, services, consultations, and offerings provided by Vertex IT & Systems
"Personal Data" means any information relating to an identified or identifiable natural person
"Processing" means any operation performed on personal data, including collection, storage, use, disclosure, or deletion
"Third Parties" means external entities including service providers, partners, affiliates, and vendors
"GDPR" means General Data Protection Regulation (EU) 2016/679
"CCPA" means California Consumer Privacy Act of 2018
"DPDP Act" means Digital Personal Data Protection Act, 2023 (India)
"Applicable Law" means all applicable data protection and privacy laws, regulations, and guidelines

Headings are for convenience only and do not affect interpretation. References to singular include plural and vice versa.

2. Scope, Acceptance & Jurisdiction

2.1 Binding Agreement

This Privacy Policy constitutes a legally binding electronic contract between You and Vertex IT & Systems. By accessing, browsing, or using this Website, You:

Acknowledge that You have read, understood, and agree to be bound by this Privacy Policy in its entirety
Represent that You are at least 18 years of age or have obtained parental/guardian consent
Consent to the collection, processing, storage, and transfer of Your personal data as described herein
Waive any rights that may conflict with this Policy to the maximum extent permitted by law
Agree that electronic signatures and records have the same legal effect as handwritten signatures

2.2 Mandatory Acceptance

⚠️ IMPORTANT: Use of this Website is conditional upon Your acceptance of this Privacy Policy. If You do not agree to these terms, You must immediately cease using the Website and Services. There are no exceptions to this requirement.

2.3 Governing Law & Jurisdiction

This Privacy Policy shall be governed by and construed in accordance with:

The laws of India, including but not limited to the Information Technology Act, 2000 and DPDP Act, 2023
International data protection regulations including GDPR and CCPA where applicable
The exclusive jurisdiction of courts in Chennai, Tamil Nadu, India

By using this Website, You irrevocably submit to the exclusive jurisdiction of these courts and waive any objection to venue.

2.4 Scope of Application

This Privacy Policy applies to:

All interactions with our Website, applications, and digital platforms
Information collected through emails, phone calls, chat, and other communications
Data collected at events, conferences, and in-person interactions
Information obtained from third-party sources and public records
All past, present, and future data processing activities

3. Information We Collect

3.1 Personal Information You Provide

We collect personal information that You voluntarily provide to us, including but not limited to:

3.1.1 Identity & Contact Information

Full name, title, designation, and professional affiliations
Email addresses (personal and professional)
Phone numbers (mobile, landline, WhatsApp, alternate numbers)
Postal addresses (residential, business, billing, shipping)
Date of birth, age, gender, and nationality
Government-issued identification numbers (PAN, Aadhaar, Passport, Driving License, Voter ID)
Photographs, profile pictures, and video recordings
Social media handles and usernames

3.1.2 Professional & Business Information

Company name, business address, and corporate identification numbers
Job title, role, department, and reporting structure
Work email, direct phone, and extension numbers
LinkedIn profile and professional network connections
Industry sector, company size, and annual revenue
Business requirements, project specifications, and technical needs

3.1.3 Financial & Payment Information

Credit/debit card details (number, expiry, CVV, cardholder name)
Bank account information (account number, IFSC code, branch details)
Payment gateway information (PayPal, Stripe, Razorpay accounts)
Billing addresses and tax identification numbers (GST, VAT)
Transaction history, invoice records, and payment receipts
Credit history and financial standing (where applicable)

3.1.4 Account & Authentication Data

Username, password, and security questions/answers
Two-factor authentication credentials and backup codes
Biometric data (fingerprints, facial recognition) if enabled
Login history, session tokens, and authentication logs
Account preferences, settings, and customizations

3.1.5 Communications & Interactions

Email correspondence, attachments, and email metadata
Phone call recordings, voicemails, and call transcripts
Chat messages, support tickets, and inquiry forms
Feedback, reviews, testimonials, and survey responses
Comments, posts, and user-generated content
Video conference recordings and virtual meeting data

3.2 Automatically Collected Information

3.2.1 Device & Technical Information

IP address (IPv4 and IPv6), MAC address, and device identifiers (IMEI, Android ID, IDFA)
Browser type, version, language, and user agent string
Operating system, version, and device specifications
Screen resolution, color depth, and pixel density
Installed plugins, extensions, and software versions
Network information (ISP, connection type, bandwidth)
Mobile carrier, SIM card details, and roaming status

3.2.2 Usage & Behavioral Data

Pages visited, URLs accessed, and referral sources
Time spent on each page, scroll depth, and exit pages
Click patterns, mouse movements, and hover activities
Search queries, filters applied, and navigation paths
Form interactions, field entries, and abandoned forms
Downloads, file access, and content consumption
Error messages, crashes, and performance metrics
Timestamps of all activities and session duration

3.2.3 Location Data

GPS coordinates (latitude/longitude) from mobile devices
IP-based geolocation (country, region, city)
Wi-Fi access points and Bluetooth beacon data
Cell tower triangulation data
Time zone information and locale settings

3.2.4 Cookies & Tracking Technologies

We use various tracking technologies including:

Essential Cookies: Required for website functionality, authentication, and security
Functional Cookies: Remember preferences, language selection, and user settings
Analytics Cookies: Google Analytics, Hotjar, Mixpanel for usage analysis and heatmaps
Marketing Cookies: Facebook Pixel, Google Ads, LinkedIn Insight Tag for targeted advertising
Web Beacons: Track email opens, pixel tracking in newsletters
Local Storage: HTML5 storage, IndexedDB, and session storage
Flash Cookies: LSOs (Local Shared Objects)
ETags & Cache Data: Browser cache tracking
Fingerprinting: Device and browser fingerprinting techniques

3.3 Information from Third-Party Sources

We may obtain information about You from external sources:

Social Media Platforms: Facebook, LinkedIn, Twitter, Instagram (profile data, connections, posts, likes)
Data Brokers & Aggregators: Commercially available databases and consumer profiles
Business Partners & Affiliates: Referral information, joint marketing data
Public Records: Government databases, court records, property registries
Analytics Providers: Third-party analytics and attribution services
Payment Processors: Transaction verification and fraud detection data
Background Check Services: Employment verification, credit history (with consent)
Marketing Lists: Purchased or rented contact lists for B2B marketing

3.4 Sensitive Personal Information

⚠️ SENSITIVE DATA: In certain circumstances, we may collect sensitive personal information including:

Biometric identifiers (fingerprints, facial recognition, voice patterns)
Health information (if relevant to services provided)
Financial data including credit scores and account balances
Background check results and criminal records (where legally permitted)
Racial or ethnic origin, religious beliefs (only where legally required or with explicit consent)

We will only process sensitive information where we have a legal basis and appropriate safeguards in place.

3.5 Information About Others

If You provide us with personal information about other individuals (e.g., emergency contacts, referrals, team members), You represent and warrant that:

You have obtained their explicit consent to share their information
You have informed them about this Privacy Policy
You are authorized to provide such information on their behalf
You will indemnify us against any claims arising from unauthorized disclosure

4. How We Use Your Information

We process Your personal data for the following purposes, which may be combined or used jointly:

4.1 Service Provision & Delivery

Providing IT services, software development, cloud solutions, and cybersecurity services
Creating, managing, and maintaining Your user accounts
Processing transactions, orders, subscriptions, and service requests
Delivering products, services, and digital downloads
Providing customer support, technical assistance, and troubleshooting
Sending service-related communications, updates, and notifications
Authenticating users and preventing unauthorized access

4.2 Business Operations & Administration

Internal record-keeping, accounting, and financial reporting
Invoicing, billing, payment processing, and debt collection
Contract management and vendor relationships
Employee management and payroll (for business clients)
Business planning, forecasting, and strategic development
Mergers, acquisitions, divestitures, and corporate restructuring

4.3 Marketing, Advertising & Communications

Sending promotional emails, newsletters, and marketing materials
Displaying targeted advertisements based on Your interests and behavior
Retargeting campaigns across websites and social media platforms
Conducting market research, surveys, and customer feedback programs
Organizing webinars, events, conferences, and promotional activities
Creating customer personas and market segmentation
Remarketing to past visitors and abandoned cart recovery

You may opt-out of marketing communications, but transactional and service-related messages will continue.

4.4 Analytics, Research & Improvement

Analyzing website usage, user behavior, and traffic patterns
Conducting A/B testing, usability studies, and UX research
Improving our products, services, and user experience
Developing new features, functionalities, and service offerings
Generating business intelligence and performance metrics
Benchmarking against industry standards
Creating anonymized and aggregated datasets for research

4.5 Personalization & Customization

Personalizing website content, recommendations, and user experience
Remembering Your preferences, settings, and language choices
Providing location-based services and localized content
Tailoring communications based on Your interests and history
Creating custom dashboards and reporting tools

4.6 Security, Fraud Prevention & Legal Compliance

Detecting, preventing, and investigating fraud, abuse, and security incidents
Monitoring for suspicious activities and unauthorized access attempts
Implementing access controls, authentication, and encryption
Conducting security audits, penetration testing, and vulnerability assessments
Complying with legal obligations, regulations, and government requests
Responding to subpoenas, court orders, and law enforcement requests
Enforcing our Terms of Service, policies, and user agreements
Protecting our rights, property, and intellectual property
Defending against legal claims and litigation
Conducting internal investigations and audits

4.7 AI & Machine Learning

Training artificial intelligence and machine learning models
Automated decision-making for credit assessment, risk evaluation, and eligibility
Natural language processing for chatbots and customer service automation
Predictive analytics for customer behavior and churn prevention
Image and video recognition for content moderation
Recommendation engines and personalization algorithms

4.8 Third-Party Sharing

We may share Your information with third parties for:

Cloud hosting and infrastructure services (AWS, Azure, Google Cloud)
Payment processing and financial services
Email service providers and marketing automation platforms
Analytics and advertising networks
Customer relationship management (CRM) systems
Background check and verification services
Legal, accounting, and professional advisors
Business partners for joint marketing initiatives
Subsidiaries, affiliates, and parent companies
Potential or actual buyers in case of business sale or merger

4.9 Other Purposes

Any purpose disclosed at the time of collection
With Your explicit consent for specific uses
For legitimate business purposes not otherwise listed
As required or permitted by applicable law

📌 IMPORTANT: We reserve the right to use Your personal data for any lawful purpose consistent with this Privacy Policy and applicable law. We may combine data from multiple sources to create comprehensive user profiles.

5. Legal Basis for Processing

We process Your personal data based on the following legal grounds:

5.1 Consent

Where You have provided explicit, informed, and freely given consent for specific processing activities. You may withdraw consent at any time, but this will not affect the lawfulness of processing based on consent before its withdrawal.

5.2 Contract Performance

Processing necessary for:

Entering into a contract with You
Performing our contractual obligations
Taking steps at Your request before entering into a contract

5.3 Legal Obligation

Compliance with legal requirements including:

Tax regulations and financial reporting
Anti-money laundering (AML) and know-your-customer (KYC) requirements
Data retention laws and regulatory obligations
Court orders, subpoenas, and government requests
Industry-specific regulations (IT Act, DPDP Act, etc.)

5.4 Legitimate Interests

Processing necessary for our legitimate business interests, including:

Direct marketing and business development
Fraud prevention and security
Network and information security
Internal administration and business operations
Analytics and performance optimization
Protecting our legal rights and interests

We balance these interests against Your rights and freedoms. You may object to processing based on legitimate interests.

5.5 Vital Interests

Where processing is necessary to protect Your vital interests or those of another person (e.g., medical emergencies).

5.6 Public Interest

Where processing is necessary for tasks carried out in the public interest or in the exercise of official authority.

6. Data Sharing & Disclosure

6.1 Internal Sharing

Your information may be shared within our corporate family:

Vertex IT & Systems and all subsidiaries
Parent companies and affiliated entities
Employees, contractors, and authorized personnel (on need-to-know basis)

6.2 Service Providers & Processors

We share data with third-party service providers who process data on our behalf:

Category	Examples	Purpose
Cloud Infrastructure	AWS, Microsoft Azure, Google Cloud, DigitalOcean	Data hosting, storage, and processing
Payment Processors	Stripe, PayPal, Razorpay, Square	Transaction processing and payment gateway services
Analytics Services	Google Analytics, Hotjar, Mixpanel, Amplitude	Website analytics, heatmaps, user behavior tracking
Marketing Platforms	Mailchimp, HubSpot, Salesforce, SendGrid	Email marketing, CRM, marketing automation
Advertising Networks	Google Ads, Facebook Ads, LinkedIn Ads	Targeted advertising and retargeting campaigns
Communication Tools	Twilio, Zoom, Slack, Microsoft Teams	SMS, voice calls, video conferencing, team collaboration
Customer Support	Zendesk, Intercom, Freshdesk	Help desk, ticketing, live chat support
Security Services	Cloudflare, Sucuri, Imperva	DDoS protection, firewall, threat detection

These service providers are contractually obligated to protect Your data, but we cannot guarantee their compliance. You acknowledge that we are not liable for their actions or data breaches.

6.3 Business Partners & Affiliates

Joint marketing partners for co-branded initiatives
Resellers, distributors, and channel partners
Technology partners and integration providers
Referral partners and affiliate marketers

6.4 Legal & Regulatory Authorities

We may disclose Your information to:

Law enforcement agencies, police, and investigative authorities
Courts, tribunals, and judicial bodies
Tax authorities and revenue departments
Regulatory bodies and compliance authorities
Government agencies (under RTI, FOIA, or similar requests)
Fraud prevention agencies and credit bureaus

6.5 Business Transfers

In the event of:

Merger, acquisition, or consolidation
Sale of all or part of our business or assets
Bankruptcy, insolvency, or receivership proceedings
Corporate restructuring or reorganization

Your personal data may be transferred to the acquiring entity or successor organization. You acknowledge and consent to such transfers, and the acquirer will have the right to continue using Your data under this Privacy Policy or a similar policy.

6.6 Public Disclosure

Certain information may be publicly disclosed:

User-generated content (comments, reviews, testimonials) posted publicly
Information You choose to share on social media or public forums
Business information listed in directories or public registries
Anonymized and aggregated data used in reports and publications

6.7 Emergency Situations

We may disclose Your information without consent in emergencies involving:

Threats to life, health, or safety
Prevention or detection of crimes
National security or public interest
Protection of our rights and property

⚠️ DISCLAIMER: While we require third parties to protect Your data through contractual agreements, we cannot control their data practices. We disclaim all liability for unauthorized access, misuse, or data breaches by third-party service providers, partners, or other entities with whom we share Your information.

7. International Data Transfers

7.1 Cross-Border Transfers

Your personal data may be transferred to, stored in, and processed in countries outside India, including but not limited to:

United States of America
European Union member states
United Kingdom
Singapore
Australia
Canada
Other countries where our service providers, partners, or cloud infrastructure are located

7.2 Different Data Protection Standards

⚠️ IMPORTANT NOTICE: These countries may have data protection laws that differ from Indian laws and may provide less protection for Your personal data. By using our Website and Services, You explicitly consent to Your personal data being transferred to and processed in these jurisdictions.

7.3 Transfer Safeguards

Where required by law, we implement safeguards for international transfers:

Standard Contractual Clauses (SCCs): EU-approved model contracts with data recipients
Adequacy Decisions: Transfers to countries recognized as providing adequate protection
Binding Corporate Rules: Internal privacy rules for group companies
Privacy Shield (where applicable): EU-US and Swiss-US Privacy Shield frameworks
Your Explicit Consent: Which You provide by accepting this Privacy Policy

7.4 Data Localization Exceptions

While some jurisdictions require data to be stored locally, we may be exempt from such requirements or may transfer data abroad for:

Cloud backup and disaster recovery
Global analytics and business intelligence
International customer support operations
Compliance with foreign legal obligations
Business continuity and operational resilience

7.5 Your Acknowledgment

By using our Services, You acknowledge and agree that:

International data transfers are necessary for providing our Services
You have been informed about potential risks of transferring data abroad
You consent to all such transfers as described in this Policy
You waive any rights to object to such transfers where legally permissible

8. Data Retention & Storage

8.1 Retention Periods

We retain Your personal data for as long as necessary to fulfill the purposes described in this Privacy Policy, including:

Data Type	Retention Period	Justification
Account Information	Duration of account + 7 years	Contract performance, legal compliance, tax requirements
Transaction Records	7-10 years	Accounting, tax, audit, legal obligations
Communication Records	3-7 years	Customer service, dispute resolution, legal defense
Marketing Consent	Until opt-out + 3 years	Compliance with opt-out requests, legal defense
Website Analytics	26 months (Google Analytics default)	Service improvement, trend analysis
CCTV/Security Footage	30-90 days	Security, incident investigation
Legal Documents	10+ years or indefinitely	Legal obligations, statute of limitations
Backup Data	May persist beyond active deletion	Disaster recovery, business continuity

8.2 Extended Retention

We may retain data beyond the standard periods where:

Required by law, regulation, or legal hold
Necessary for ongoing legal proceedings or investigations
Needed to establish, exercise, or defend legal claims
Required for compliance with tax, audit, or accounting obligations
Stored in backup systems (data may persist in backups for extended periods)
Anonymized or aggregated for research and analytics (indefinitely)

8.3 Backup & Archival Storage

📌 CRITICAL NOTICE: Even after You delete Your account or request data deletion, Your information may continue to exist in our backup systems, archives, and disaster recovery systems for extended periods. Complete and immediate deletion is technically infeasible. Backup data is retained for business continuity purposes and may be exempt from deletion requests.

8.4 Deletion Procedures

When data is scheduled for deletion, we employ the following methods:

Soft deletion (data marked as deleted but physically retained)
Hard deletion (permanent removal from active databases)
Anonymization (removing identifying information)
Aggregation (combining with other data for statistical purposes)

Note: Data in backups may remain intact until the backup itself is overwritten or expires according to our backup retention schedule.

8.5 Storage Locations

Your data is stored in:

Production databases (primary data centers in India, US, EU)
Cloud storage systems (AWS S3, Azure Blob Storage, Google Cloud Storage)
Content delivery networks (CDNs) with global edge locations
Backup facilities (geographically distributed backup servers)
Archival systems (long-term cold storage)
Third-party service provider systems (as per Section 6)

9. Your Rights & How to Exercise Them

9.1 Your Privacy Rights

Subject to applicable laws and the limitations described below, You may have the following rights:

9.1.1 Right to Access

Request access to Your personal data and receive:

Confirmation of whether we process Your data
Copies of Your personal data (first copy free, subsequent copies may incur fees)
Information about processing purposes, categories, and recipients
Details on retention periods and data sources

Limitations: We may deny access if it would adversely affect others' rights, reveal trade secrets, or violate legal restrictions.

9.1.2 Right to Rectification/Correction

Request correction of inaccurate or incomplete personal data.

Limitations: We may require verification of the accuracy of corrections. Historical records may be retained for audit purposes even after correction.

9.1.3 Right to Deletion/Erasure ("Right to be Forgotten")

Request deletion of Your personal data.

Limitations & Exceptions: We may refuse or delay deletion if data is required for:

Compliance with legal obligations (tax, accounting, regulatory requirements)
Establishment, exercise, or defense of legal claims
Freedom of expression and information rights
Public health or scientific research purposes
Archival purposes in the public interest
Contractual obligations or ongoing service provision
Backup and disaster recovery systems (see Section 8.3)

9.1.4 Right to Data Portability

Receive Your personal data in a structured, commonly used, machine-readable format (e.g., CSV, JSON).

Limitations:

Limited to data You provided to us
Only applies to automated processing based on consent or contract
Complex requests may incur fees and extended processing times
We are not required to provide data in Your preferred format

9.1.5 Right to Object

Object to processing based on legitimate interests, direct marketing, or profiling.

Marketing Opt-Out: You can opt-out of marketing communications, but we may continue sending:

Transactional emails (order confirmations, receipts, invoices)
Service announcements and updates
Security alerts and account notifications
Legal notices and policy changes

9.1.6 Right to Restrict Processing

Request restriction of processing under specific circumstances (e.g., during accuracy disputes).

Limitations: Restriction may affect service delivery and functionality.

9.1.7 Right to Withdraw Consent

Withdraw previously given consent for specific processing activities.

Note: Withdrawal does not affect the lawfulness of processing prior to withdrawal. We may continue processing based on other legal grounds.

9.1.8 Right to Lodge a Complaint

File a complaint with supervisory authorities:

India: Data Protection Board (under DPDP Act)
EU: Your local Data Protection Authority
California: California Attorney General's Office

9.2 How to Exercise Your Rights

To exercise any of these rights:

Send a written request to: privacy@vertexitsystems.com
Include: Your full name, contact information, and specific request details
Provide proof of identity (government ID, account verification)
Allow up to 30 days for standard requests, 90 days for complex requests

9.3 Identity Verification

To protect Your privacy and prevent fraud, we will verify Your identity before processing requests. This may require:

Government-issued photo ID (passport, driver's license, Aadhaar)
Account authentication (login credentials, security questions)
Email verification from registered email address
Phone verification via OTP
Notarized declarations for sensitive requests

9.4 Fees & Charges

First access request per year: Free
Additional requests: ₹500 - ₹5,000 (depending on complexity)
Data portability (extensive datasets): ₹1,000 - ₹10,000
Expedited processing: Additional 50% fee

We reserve the right to charge reasonable fees for manifestly unfounded, excessive, or repetitive requests.

9.5 Response Timelines

Acknowledgment: Within 7 days
Standard requests: Within 30 days
Complex requests: Up to 90 days (with notification of extension)
Urgent requests (data breaches): Within 72-96 hours

9.6 Refusal of Requests

We may refuse to comply with requests that are:

Manifestly unfounded or excessive
Technically infeasible or unreasonably burdensome
Likely to adversely affect others' rights and freedoms
Legally restricted or prohibited
Related to confidential business information or trade secrets

If we refuse a request, we will provide written reasons and information about complaint mechanisms.

⚠️ IMPORTANT: Exercising Your rights may impact service delivery. For example, account deletion will terminate Your access to services, and data restriction may limit functionality. We are not liable for service disruptions resulting from Your exercise of privacy rights.

18. Disclaimers & Limitations of Liability

18.1 No Warranties

⚠️ CRITICAL LEGAL DISCLAIMER:

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW:

OUR WEBSITE AND SERVICES ARE PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTIES OF ANY KIND
WE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT, AND TITLE
WE DO NOT WARRANT THAT OUR SERVICES WILL BE UNINTERRUPTED, ERROR-FREE, OR SECURE
WE DO NOT GUARANTEE THE ACCURACY, COMPLETENESS, OR RELIABILITY OF ANY CONTENT
WE MAKE NO WARRANTIES REGARDING DATA SECURITY OR PROTECTION AGAINST UNAUTHORIZED ACCESS

18.2 Limitation of Liability

IN NO EVENT SHALL VERTEX IT & SYSTEMS, ITS DIRECTORS, OFFICERS, EMPLOYEES, AFFILIATES, OR SERVICE PROVIDERS BE LIABLE FOR:

ANY INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES
LOSS OF PROFITS, REVENUE, DATA, OR BUSINESS OPPORTUNITIES
PERSONAL INJURY OR PROPERTY DAMAGE
DATA BREACHES, UNAUTHORIZED ACCESS, OR CYBERATTACKS
THIRD-PARTY ACTIONS OR DATA PRACTICES
LOSS OR CORRUPTION OF DATA
SERVICE INTERRUPTIONS OR DOWNTIME
ERRORS, BUGS, OR VULNERABILITIES IN OUR SYSTEMS

18.3 Maximum Liability Cap

OUR TOTAL AGGREGATE LIABILITY TO YOU FOR ALL CLAIMS ARISING OUT OF OR RELATED TO THIS PRIVACY POLICY OR YOUR USE OF OUR SERVICES SHALL NOT EXCEED:

The amount You paid us in the 12 months prior to the claim; OR
₹10,000 (Ten Thousand Indian Rupees); OR
$100 USD (One Hundred US Dollars)

WHICHEVER IS LESS.

18.4 Exceptions

Some jurisdictions do not allow exclusion of certain warranties or limitation of liability for incidental or consequential damages. In such jurisdictions, our liability is limited to the maximum extent permitted by law.

18.5 Time Limitation for Claims

ANY CLAIM OR CAUSE OF ACTION ARISING OUT OF OR RELATED TO THIS PRIVACY POLICY MUST BE FILED WITHIN ONE (1) YEAR AFTER THE CLAIM OR CAUSE OF ACTION AROSE, OR IT SHALL BE PERMANENTLY BARRED.

18.6 Force Majeure

We are not liable for any failure or delay in performance due to circumstances beyond our reasonable control, including:

Natural disasters, acts of God, epidemics, pandemics
War, terrorism, civil unrest, government actions
Internet failures, telecommunication outages, power failures
Cyberattacks, hacking, DDoS attacks beyond our control
Labor disputes, strikes, supplier failures

19. Indemnification

YOU AGREE TO INDEMNIFY, DEFEND, AND HOLD HARMLESS VERTEX IT & SYSTEMS, ITS AFFILIATES, OFFICERS, DIRECTORS, EMPLOYEES, AGENTS, AND SERVICE PROVIDERS FROM AND AGAINST ANY AND ALL CLAIMS, LIABILITIES, DAMAGES, LOSSES, COSTS, EXPENSES, OR FEES (INCLUDING REASONABLE ATTORNEYS' FEES) ARISING FROM:

Your use or misuse of our Website and Services
Your violation of this Privacy Policy or any applicable laws
Your violation of any third-party rights, including intellectual property or privacy rights
Any false, inaccurate, or misleading information You provide
Your unauthorized disclosure of confidential information
Any disputes between You and other users
Any negligent or willful misconduct on Your part

This indemnification obligation survives termination of Your use of our Services.

20. Dispute Resolution & Arbitration

20.1 Mandatory Arbitration

YOU AND VERTEX IT & SYSTEMS AGREE THAT ANY DISPUTE, CLAIM, OR CONTROVERSY ARISING OUT OF OR RELATING TO THIS PRIVACY POLICY SHALL BE RESOLVED BY BINDING ARBITRATION, RATHER THAN IN COURT.

20.2 Arbitration Rules

Governing Rules: Indian Arbitration and Conciliation Act, 1996
Seat of Arbitration: Chennai, Tamil Nadu, India
Language: English
Number of Arbitrators: One (1) arbitrator mutually agreed upon
Arbitration Costs: Each party bears their own costs unless award specifies otherwise

20.3 Class Action Waiver

YOU WAIVE ANY RIGHT TO PARTICIPATE IN A CLASS ACTION LAWSUIT OR CLASS-WIDE ARBITRATION. All disputes must be brought individually. You cannot bring claims as a plaintiff or class member in any class, consolidated, or representative action.

20.4 Exceptions to Arbitration

Notwithstanding the above, either party may seek injunctive relief or specific performance in courts of competent jurisdiction for:

Intellectual property infringement
Confidentiality breaches
Urgent interim relief pending arbitration

20.5 Judicial Forum

If arbitration is deemed unenforceable, You agree that any litigation shall be filed exclusively in the courts of Chennai, Tamil Nadu, India, and You irrevocably consent to the personal jurisdiction of such courts.

22. Governing Law

This Privacy Policy and all related matters shall be governed by and construed in accordance with:

Indian Law: Information Technology Act, 2000; Digital Personal Data Protection Act, 2023; Indian Contract Act, 1872; Consumer Protection Act, 2019
International Regulations (where applicable): GDPR (EU), CCPA (California), PIPEDA (Canada), Privacy Act 1988 (Australia)

In the event of conflict between laws, Indian law shall prevail to the extent permitted.

23. Contact Information & Data Protection Officer

For all privacy-related inquiries, requests, and complaints:

Vertex IT & Systems
Attention: Data Protection Officer (DPO)

Email: privacy@vertexitsystems.com
Phone: +91 9087681000
Address: [Your Complete Business Address]
Chennai, Tamil Nadu, India

Response Times:

Acknowledgment: Within 7 business days
Standard requests: Within 30 days
Complex requests: Up to 90 days (with notification)
Urgent data breach notifications: Within 72 hours

Escalation: If You are not satisfied with our response, You may escalate to:
Chief Privacy Officer: cpo@vertexitsystems.com

25. Your Consent & Acknowledgment

BY USING THIS WEBSITE OR SERVICES, CLICKING "ACCEPT," OR CONTINUING TO BROWSE, YOU EXPLICITLY ACKNOWLEDGE AND AGREE THAT:

You have carefully read, understood, and agree to be legally bound by this entire Privacy Policy
You are at least 18 years of age (or have obtained parental/guardian consent)
You consent to the collection, processing, use, storage, disclosure, and international transfer of Your personal data as described herein
You understand that Your data may be transferred to countries with different data protection standards
You acknowledge all disclaimers, limitations of liability, and waivers contained in this Policy
You agree to mandatory arbitration and waive Your right to jury trial and class actions
You accept that this Policy may change without prior notice, and continued use constitutes acceptance
You have had the opportunity to seek independent legal advice regarding this Policy
You voluntarily enter into this agreement without duress or undue influence
This constitutes Your electronic signature and has the same legal effect as a handwritten signature

📜 LEGAL CERTIFICATION:

This Privacy Policy was prepared with attention to applicable data protection laws including GDPR, CCPA, and DPDP Act 2023. However, we make no representation that this Policy complies with all laws in all jurisdictions. It is Your responsibility to ensure Your use of our Services complies with local laws.

Document Reference: VERTEX-PP-v2.0-20260204
Last Reviewed: February 4, 2026
Next Review: February 4, 2027 (or as needed)

Acceptance Declaration

I HAVE READ AND UNDERSTOOD THIS PRIVACY POLICY IN ITS ENTIRETY AND AGREE TO BE LEGALLY BOUND BY ALL ITS TERMS, CONDITIONS, DISCLAIMERS, LIMITATIONS, AND WAIVERS.