Privacy Policy

1. Who We Are

Infomaze One is a trading name of Infomaze Elite Pvt. Ltd., a company incorporated in India with its registered office at #286-A Hebbal Industrial Area, Mysore 570018, Karnataka, India.

For the purposes of applicable data protection legislation — including the UK General Data Protection Regulation (UK GDPR), the EU General Data Protection Regulation (EU GDPR), and India's Digital Personal Data Protection Act 2023 — Infomaze Elite Pvt. Ltd. is the data controller for personal data collected through this website and in connection with our services.

If you have any questions about this Privacy Policy or how we handle your personal data, please contact us at sales@infomazeone.com.

2. What Personal Data We Collect

We collect personal data in the following ways:

Information you provide directly

• Name, job title and company name when you contact us, request an audit or submit an enquiry
• Work email address and phone number for communication purposes
• Business details including industry, country and operational challenges when requesting an AI Audit
• Payment information when you engage our services (processed by third-party payment processors — we do not store card data)

Information collected automatically

• IP address and approximate geographic location
• Browser type, operating system and device information
• Pages visited, time spent on pages, referral source and navigation patterns
• Cookies and similar tracking technologies (see Section 8)

Information from client engagements

When you engage our Operations-as-a-Service platform, we may process personal data contained in the business documents and records you share with us (for example, vendor names and contact details in invoices, employee names in HR records, patient identifiers in healthcare documents). We process this data as a data processor acting on your instructions. You remain the data controller for this data and are responsible for ensuring you have the appropriate legal basis to share it with us.

3. How We Use Your Personal Data

We use the personal data we collect for the following purposes:

• Providing our services — to deliver the AI Operations Audit and the ongoing Operations-as-a-Service engagements you have contracted with us
• Communication — to respond to your enquiries, send service updates and deliver reports and documentation related to your engagement
• Marketing — to send you relevant information about our services, case studies and industry insights, where you have given consent or we have a legitimate interest
• Analytics and improvement — to understand how our website is used and improve it, using anonymised or aggregated data where possible
• Legal and compliance — to comply with applicable laws, respond to legal requests and enforce our agreements
• Security — to protect our systems, services and users from fraud, abuse and security threats

4. Legal Basis for Processing (UK & EU GDPR)

Where UK GDPR or EU GDPR applies, we rely on the following legal bases:

• Contract — processing necessary to perform our services under a contract with you or to take steps at your request prior to entering a contract
• Legitimate interests — for analytics, security, fraud prevention, and direct marketing to business contacts where our interests are not overridden by your rights
• Consent — for marketing communications and non-essential cookies, where we have obtained your explicit consent
• Legal obligation — where processing is required to comply with a legal requirement applicable to us

5. Sharing Your Personal Data

We do not sell, rent or trade your personal data. We may share it in the following circumstances:

• Service providers — third-party vendors who assist us in operating our platform (including cloud hosting, analytics, email delivery and CRM software). These parties process data only on our instructions and under data processing agreements.
• Group companies — within the Infomaze ecosystem (Infomaze Elite Pvt. Ltd. and related entities) where necessary to provide services
• Professional advisers — lawyers, accountants and auditors bound by confidentiality obligations
• Legal requirements — if required to do so by law, court order or regulatory authority
• Business transfers — in connection with any merger, acquisition or sale of business assets, subject to appropriate confidentiality obligations

We require all third parties to respect the security of your personal data and to treat it in accordance with the law.

6. Data Retention

We retain personal data for as long as necessary for the purposes set out in this policy, unless a longer retention period is required by law.

• Enquiry and prospect data — up to 3 years from last contact, unless you opt out of marketing earlier
• Client engagement data — for the duration of the engagement plus 7 years, to comply with tax, accounting and legal obligations
• Website analytics data — up to 26 months in anonymised or aggregated form
• Legal claims data — for the applicable limitation period under the relevant jurisdiction

When data is no longer required, it is securely deleted or anonymised in accordance with our ISO 27001-certified data management procedures.

7. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access — request a copy of the personal data we hold about you
• Rectification — request correction of inaccurate or incomplete data
• Erasure — request deletion of your data where there is no longer a legitimate reason to process it
• Restriction — request that we limit how we use your data while a complaint or concern is resolved
• Portability — receive a copy of your data in a structured, machine-readable format
• Objection — object to processing based on legitimate interests or for direct marketing purposes
• Withdrawal of consent — where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, please contact us at sales@infomazeone.com. We will respond within 30 days. If you are unhappy with how we handle your request, you have the right to lodge a complaint with your relevant supervisory authority (in the UK, the Information Commissioner's Office at ico.org.uk).

8. Cookies

Our website uses cookies and similar tracking technologies. Cookies are small text files stored on your device when you visit our website.

Types of cookies we use

• Strictly necessary cookies — required for the website to function and cannot be disabled
• Analytics cookies — help us understand how visitors interact with our website (we use Google Analytics with IP anonymisation enabled)
• Marketing cookies — used to show you relevant advertising on other websites (only set with your consent)

You can control cookies through your browser settings or our cookie preference centre. Disabling non-essential cookies will not affect the core functionality of our website. For more information, see our Cookie Policy.

9. Security

Infomaze Elite Pvt. Ltd. is ISO/IEC 27001:2022 certified for information security management. We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure or destruction.

These measures include encrypted data transmission (TLS), role-based access controls, regular security assessments and staff training on data protection. All client data handling agreements include a signed NDA before any data is processed.

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within the legally required timeframe.

10. International Data Transfers

As an Indian company serving global clients, data you provide may be transferred to, stored and processed in India. India has its own data protection framework (the Digital Personal Data Protection Act 2023). We ensure appropriate safeguards are in place for all international transfers, including:

• Standard Contractual Clauses (SCCs) for transfers from the UK and EU to India
• Data Processing Agreements with all sub-processors
• ISO 27001 certification covering all data processing operations

11. Children's Privacy

Infomaze One is a business-to-business service and is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected such data, please contact us immediately at sales@infomazeone.com.

12. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. We will notify you of material changes by updating the "Last updated" date at the top of this page. For significant changes, we may provide additional notice by email (if you are a client or subscriber) or a prominent notice on our website. We encourage you to review this policy periodically.

13. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact our data protection team:

This policy was last reviewed and updated in May 2025. It applies to all users of https://infomazeone.com and clients of Infomaze One.