1 Introduction
EnterWeb IT Firm ("Company," "we," "us," or "our") is an MSME registered IT consulting firm headquartered in Greater Noida, Uttar Pradesh, India. We operate the enterweb.in website and provide enterprise IT services including network infrastructure, cloud solutions, cybersecurity, ILL/SIP connectivity, and procurement services.
This Privacy Policy explains how we collect, use, disclose, and protect personal information provided in connection with our website and services. By using our website or engaging our services, you agree to the practices described in this policy.
Note: This policy is effective as of March 2026 and complies with India's Information Technology Act 2000, the Digital Personal Data Protection Act 2023 (DPDP Act), and international standards including GDPR, ISO 27001, and SOC 2.
2 Information We Collect
We collect information in the following ways:
2.1 Information You Provide Directly
- Contact Form: First name, last name, email address, phone number, company name, and message content.
- Quote Request Form: All contact details plus company size, service interests, project timeline, estimated budget, number of users/devices, and detailed project requirements.
- Direct Communications: Email correspondence, phone conversations, and WhatsApp messages when you contact us.
2.2 Information Collected Automatically
- Usage Data: IP address, browser type and version, operating system, referring URL, pages visited, and session duration via server logs.
- Cookies: Session cookies (strictly necessary for functionality) and analytics cookies (only with your explicit consent via the cookie banner).
- Device Data: Screen resolution, device type, and browser language for optimizing your website experience.
We do not collect: Payment card data (all payments handled by third-party payment processors), sensitive personal information such as biometric or health data, or personal data of children under 18 years of age.
3 How We Use Your Information
We use collected information strictly for the following purposes:
- Service Delivery: To respond to enquiries, provide requested quotes, deliver contracted IT services, and communicate project updates and support.
- Business Operations: To process invoices, maintain client accounts, and manage our service delivery pipeline.
- Website Improvement: To understand how visitors use our website, identify issues, and improve user experience.
- Legal Compliance: To comply with Indian IT laws, tax regulations, GST requirements, and court orders when legally required.
- Security: To detect and prevent fraud, abuse, and unauthorized access to our systems.
- Communications: To send service-related notifications, project updates, and support information. We do not send marketing emails without your explicit consent.
⚖️ Legal Basis for Processing (GDPR / DPDP Act)
Contract Performance: Processing necessary to deliver services you have requested or contracted.
Legitimate Interests: Website analytics, fraud prevention, and service improvement — balanced against your rights.
Consent: Marketing communications and non-essential cookies — only where you have explicitly opted in.
Legal Obligation: Retaining financial records as required by Indian GST/Income Tax regulations.
4 Data Security
We implement industry-leading security measures to protect your personal information from unauthorized access, disclosure, alteration, or destruction:
- Encryption in Transit: All website traffic protected with TLS 1.2/1.3 (HTTPS). Form data encrypted end-to-end during submission.
- Secure Email Delivery: Contact and quote forms delivered via SMTP with encrypted secure tokens — no plain-text credentials stored in website code.
- Access Controls: Personal data accessible only to authorized EnterWeb personnel on a strict need-to-know basis.
- Hosting Security: Website hosted on Hostinger with enterprise-grade firewall protection, DDoS mitigation, and regular security patching.
- No Third-Party Data Storage: Form submissions are delivered directly to our secure email inbox — not stored in external CRMs or databases without your knowledge.
- Staff Awareness: All personnel handling personal data are trained on data protection best practices and confidentiality obligations.
Important: While we implement comprehensive security measures, no method of internet transmission is 100% secure. We cannot guarantee the absolute security of data transmitted over the internet, but we apply every reasonable safeguard available. If you have concerns about submitting sensitive information, please contact us directly at +91 96677 96286.
5 Your Rights
You have the following rights regarding your personal data. To exercise any of these rights, contact us at privacy@enterweb.in — we aim to respond within 30 days.
- Right to Access: Request a copy of the personal data we hold about you, including what data we have, how we use it, and who we share it with.
- Right to Rectification: Request correction of any inaccurate or incomplete personal data we hold about you.
- Right to Erasure: Request deletion of your personal data ("right to be forgotten"), where we are not required by law to retain it.
- Right to Data Portability: Receive a copy of your data in a structured, commonly used, machine-readable format (e.g., CSV/JSON).
- Right to Restriction: Request that we temporarily stop processing your personal data in certain circumstances.
- Right to Object: Object to processing based on legitimate interests, including profiling and analytics.
- Right to Withdraw Consent: Where processing is based on your consent, withdraw it at any time without affecting the lawfulness of prior processing.
- Right to Complain: Lodge a complaint with a data protection authority if you believe we have handled your data incorrectly. For India, this is the Data Protection Board of India under the DPDP Act 2023.
6 Data Retention
We retain personal information only for as long as necessary to fulfill the purposes it was collected for, or to comply with legal and regulatory obligations:
- Contact & Quote Form Data: Up to 3 years, or the duration of our business relationship — whichever is longer.
- Active Client Records: For the entire duration of the service engagement plus 2 years post-termination for warranty and support purposes.
- Financial & Invoice Records: 7 years as mandated by Indian GST and Income Tax Act regulations.
- Website Analytics Data: Up to 26 months rolling, then automatically anonymized or deleted.
- Email Correspondence: Up to 5 years for business continuity and dispute resolution purposes.
- Cookie Consent Logs: 2 years for compliance audit purposes.
When data is no longer needed and no legal obligation requires retention, we securely delete or irreversibly anonymize it.
7 Third-Party Sharing
We may share your data with trusted third-party service providers only as strictly necessary to deliver our services. All third-party processors are bound by data protection agreements and are prohibited from using your data for their own purposes.
- SMTP / Email Delivery: Encrypted SMTP service used to deliver form submissions to our secure inbox. No form data is stored on SMTP servers beyond transmission.
- Hostinger (Web Hosting): Our website hosting provider. Servers located in secure, ISO 27001 certified data centers. Subject to Hostinger's Data Processing Agreement.
- Google Analytics (Optional): Anonymized website usage statistics only — activated with your consent via the cookie banner. You may opt out at any time.
- Google Workspace / Microsoft 365: Internal team communication and document management. Enterprise data protection agreements in place.
We never sell, rent, trade, or otherwise transfer your personal information to any third party for their own marketing or commercial purposes. Period.
7.1 Legal Disclosures
We may disclose personal information if required to do so by law, court order, government authority, or in good faith belief that such disclosure is necessary to: (a) comply with a legal obligation; (b) protect and defend our rights or property; (c) prevent fraud or security issues; or (d) protect the personal safety of our users or the public.
8 Cookies & Tracking Technologies
Our website uses cookies and similar technologies. Here is a full breakdown:
- Strictly Necessary Cookies: Essential for website functionality (e.g., navigation, mobile menu). Cannot be disabled. No personal data stored. Duration: session-only.
- Preference Cookies: Remember your cookie consent decision. Stored in
localStorage for up to 1 year. No personal data.
- Analytics Cookies (Google Analytics): Collect anonymized usage data to help us improve the website. Only activated after you click "Accept" on the cookie banner. You can withdraw consent at any time by clearing your browser cookies.
8.1 Managing Cookies
You can control and delete cookies through your browser settings. Most modern browsers allow you to:
- Block all cookies — note this may affect website functionality
- Delete existing cookies from your browser storage
- Set preferences to be asked before any cookie is placed
- Block third-party cookies specifically (e.g., Google Analytics)
For detailed browser-specific instructions, visit allaboutcookies.org.
9 Children's Privacy
Our website and services are intended solely for business use by adults (18 years and older) and organizations. We do not knowingly collect any personal information from individuals under the age of 18.
If you are a parent or guardian and believe that a minor has submitted personal information to us, please contact us immediately at privacy@enterweb.in and we will promptly delete such data.
10 Privacy Inquiries
For any questions, concerns, data access requests, or complaints regarding this Privacy Policy or our data practices, please contact our Privacy team using the details below. We aim to respond to all inquiries within 5 business days and resolve matters within 30 days.
🏛️ Data Protection Authority (India)
If you are not satisfied with our response, you have the right to lodge a complaint with the Data Protection Board of India established under the Digital Personal Data Protection Act 2023 (DPDP Act). For EU residents, you may also contact your local supervisory authority under the GDPR.
11 Policy Updates
We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable laws. When we make material changes, we will:
- Post the updated policy on this page with a revised "Last Updated" date clearly displayed
- Notify active clients via email of significant changes affecting their rights
- Where required by law, seek fresh consent for new types of data processing
Your continued use of our website or services after the effective date of an updated policy constitutes your acceptance of the changes. We encourage you to review this page periodically.
Previous Version: If you need a copy of a previous version of this Privacy Policy, please contact privacy@enterweb.in and we will provide it on request.