🔒 GDPR & CCPA Compliant
Effective Date: March 15, 2026 | Last Updated: March 15, 2026 | Version: 2.0
This Privacy Policy explains how WynITSoul collects, uses, discloses, and protects information about you when you access our website or use our managed IT, cybersecurity, cloud, and technology support services.
1. Who We Are
WynITSoul (“Company,” “we,” “us,” or “our”) is an enterprise IT solutions provider offering Managed IT Services, Cybersecurity, Network & Security Services, Cloud Solutions, NOC/SOC Operations, Risk & Compliance, and related professional technology services. We are headquartered at Chandigarh – 160062, India.
For privacy matters, you may contact our Privacy Officer at: [email protected]
2. Scope of This Policy
This Policy applies to:
- Visitors to wynitsoul.com and all sub-domains
- Prospective clients who submit enquiries, request quotes, or engage in pre-sales communication
- Clients and authorised users who access client portals, ticketing systems, monitoring dashboards, or any WynITSoul service platform
- Job applicants and vendors who interact with us
- Third parties whose personal data is processed as part of delivering our services (subject to applicable Data Processing Agreements)
3. Information We Collect
3.1 Information You Provide Directly
- Identity Data: Full name, job title, company name
- Contact Data: Business email address, telephone number, postal address
- Account Credentials: Username, hashed passwords, multi-factor authentication data
- Transaction & Billing Data: Invoice details, payment method metadata (we do not store full card numbers), purchase history
- Communications Data: Support tickets, email correspondence, chat transcripts, call recordings (where applicable and disclosed)
- Technical Information Submitted: Network diagrams, system inventories, IP ranges, and configuration data provided during onboarding or service delivery
3.2 Information Collected Automatically
- Usage Data: Pages visited, time on site, referring URLs, exit pages, click-path
- Device & Technical Data: IP address, browser type, operating system, screen resolution, time zone
- Cookie & Tracking Data: Session identifiers, preference cookies, analytics identifiers (see our Cookie Policy)
- Log Data: Server access logs, error logs, security event logs
3.3 Information From Third Parties
- Business contact information from LinkedIn, industry directories, or referral partners
- Credit and financial reference data from authorised agencies (for enterprise contract evaluation)
- Threat intelligence data as part of delivering cybersecurity services
4. How We Use Your Information
| Purpose | Lawful Basis (GDPR) |
|---|---|
| Providing, maintaining and improving our services | Contract performance |
| Account management and client portal access | Contract performance |
| Processing enquiries, quotes, and proposals | Legitimate interests / pre-contract steps |
| Billing, invoicing, and payment processing | Contract performance / Legal obligation |
| Security monitoring, incident response, and threat detection | Legitimate interests / Legal obligation |
| Compliance with regulatory and legal obligations (GST, accounting, etc.) | Legal obligation |
| Marketing communications (existing clients and opted-in prospects) | Legitimate interests / Consent |
| Service performance analytics and capacity planning | Legitimate interests |
| Fraud prevention and information security | Legitimate interests / Legal obligation |
| Recruitment and vendor management | Legitimate interests / Contract |
5. Data Sharing and Disclosure
We do not sell your personal data. We may share data with:
5.1 Service Providers and Sub-Processors
Third-party vendors who provide infrastructure, hosting, payment processing, analytics, email delivery, and customer support tools — all bound by Data Processing Agreements (DPAs) with equivalent protection standards.
5.2 Technology Partners
Where service delivery involves vendor-specific tools (Microsoft 365, AWS, Cisco, SentinelOne, etc.), limited technical data may be shared to provision and support those services as authorised by the client.
5.3 Legal and Regulatory Disclosure
We may disclose information where required by law, court order, regulatory authority, or to defend against legal claims, or where necessary to protect the vital interests of any person.
5.4 Business Transfers
In the event of a merger, acquisition, or asset sale, personal data may transfer to the successor entity, subject to equivalent privacy protections.
5.5 Professional Advisors
Lawyers, auditors, and insurers, where necessary for our legitimate business operations.
6. Data Security
As a cybersecurity services provider, we apply enterprise-grade security controls to our own information assets, including:
- AES-256 encryption for data at rest; TLS 1.3 for data in transit
- Role-based access control (RBAC) with least-privilege principles
- Multi-factor authentication on all internal systems
- 24×7 security monitoring and SIEM-backed alerting
- Regular vulnerability assessments and penetration testing
- ISO-aligned incident response procedures
- Employee security awareness training
- Annual third-party security audits
No method of transmission or storage is 100% secure. We commit to prompt notification of any material data breach affecting your personal data in accordance with applicable law.
7. Data Retention
We retain personal data only for as long as necessary for the purposes described in this Policy, legal obligations, or legitimate business needs:
| Data Category | Retention Period |
|---|---|
| Client service and account records | 7 years after contract end (statutory accounting requirements) |
| Support tickets and correspondence | 5 years |
| Security event logs | 12 months minimum (may be longer per client agreement) |
| Marketing enquiries (non-converted) | 2 years or until withdrawal of consent |
| Job applications (unsuccessful) | 12 months |
| Website analytics data | 26 months (anonymised) |
| Billing and financial records | 7 years (GST/legal requirement) |
8. International Data Transfers
Our primary operations are in India. Where we transfer personal data internationally (e.g., for cloud services hosted globally), we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs), adequacy decisions, or equivalent mechanisms as required by applicable law, including the EU GDPR.
9. Your Rights
Depending on your location and applicable law, you may have the following rights:
- Right of Access: Obtain a copy of the personal data we hold about you
- Right to Rectification: Correct inaccurate or incomplete data
- Right to Erasure (“Right to be Forgotten”): Request deletion of your data where no overriding legitimate grounds exist
- Right to Restriction: Restrict processing of your data in certain circumstances
- Right to Data Portability: Receive your data in a structured, machine-readable format
- Right to Object: Object to processing based on legitimate interests or for direct marketing
- Right to Withdraw Consent: Where processing is consent-based, withdraw at any time without affecting prior processing
- Rights Regarding Automated Decision-Making: We do not use fully automated decision-making that produces significant legal effects on individuals
To exercise your rights, contact us at [email protected]. We will respond within 30 days (extendable by a further 60 days for complex requests). You also have the right to lodge a complaint with the competent supervisory authority in your jurisdiction.
10. Cookies and Tracking Technologies
We use cookies and similar technologies to operate our website, analyse usage, and remember your preferences. Please see our dedicated Cookie Policy for full details, including how to manage your preferences.
11. Children’s Privacy
Our services are directed exclusively at business professionals and enterprises. We do not knowingly collect personal data from individuals under 18 years of age. If you believe we have inadvertently collected such data, please contact us immediately for deletion.
12. Third-Party Links
Our website may contain links to third-party websites. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies before providing any personal information.
13. Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices, services, or legal requirements. Material changes will be notified via email (for registered clients) or a prominent notice on our website at least 30 days prior to taking effect. Continued use of our services after the effective date constitutes acceptance.
14. Contact Us
For any privacy-related enquiries, data subject requests, or concerns:
- Privacy Officer: [email protected]
- Legal / Compliance: [email protected]
- General Enquiries: [email protected]
- Address: WynITSoul, Chandigarh – 160062, India