1. Scope and Applicability

This Privacy Policy applies to:

This Policy does not apply to third-party websites, applications, or services that DMrix may link to or integrate with. Such third parties operate under their own independent privacy frameworks.

• All visitors to the DMrix website, whether or not they create an account or engage our services
• All clients who enter into a service agreement with DMrix
• All individuals who submit inquiries, quotation requests, project briefs, or feedback through any DMrix communication channel
• All subscribers to DMrix newsletters, promotional content, or automated communications
• Users of any DMrix-developed digital platform where DMrix acts as the data controller

2. Information We Collect

DMrix collects personal information through various direct and automated means. The categories of information we may collect include, but are not limited to:

2.1 Information You Provide Directly

• Full name, designation, and professional title
• Business or personal email address
• Mobile and landline phone numbers
• Company name, registered business address, and GST/TIN number where applicable
• Project briefs, creative requirements, and scope documents submitted through inquiry forms
• Billing information including bank transfer details, UPI IDs, or partial payment card data handled by PCI-compliant gateways
• Testimonials, reviews, feedback, and survey responses submitted voluntarily
• Login credentials for client portals or project management systems
• Any additional documents, files, images, or media assets provided for project execution

2.2 Information Collected Automatically

• IP address and approximate geographic location derived from it
• Browser type, version, and operating system
• Pages visited, session duration, referral URLs, and clickstream data
• Device identifiers and screen resolution
• Cookie data and local storage information
• Server log files capturing timestamped access events

2.3 Information from Third Parties

• Public professional profile data from LinkedIn or other business directories where you have publicly disclosed it
• Business registration details from government databases for KYC purposes
• Payment status confirmation from integrated payment gateways

3. Legal Basis for Processing

DMrix processes your personal data only when a valid legal basis exists. Applicable bases include:

Contractual Necessity: Processing is required to fulfil a service agreement between you and DMrix, including billing, project delivery, and support.

Legitimate Interests: Processing serves DMrix's legitimate business interests — such as fraud prevention, security monitoring, analytics, and portfolio curation — provided these do not override your fundamental rights.

Consent: Where you have explicitly provided your consent, such as for promotional communications or the use of non-essential cookies.

Legal Obligation: Processing is required to comply with applicable laws, regulations, court orders, or government directives in India and any other relevant jurisdiction.

4. Purposes of Data Processing

Your personal information is collected and used for the following purposes:

• Providing, personalising, and continuously improving our website design, development, hosting, automation, and maintenance services
• Generating and sending project quotations, invoices, receipts, and payment reminders
• Communicating project progress, deliverable approvals, revision notes, and final handovers
• Processing payments and reconciling financial records in compliance with accounting obligations
• Performing identity verification and Know Your Client (KYC) checks for high-value contracts
• Sending transactional notifications including project milestones, scheduled maintenance windows, and system alerts
• Sending marketing and promotional communications where consent has been provided, and ceasing such communications immediately upon opt-out
• Conducting internal analytics to evaluate service quality, website traffic trends, and customer satisfaction
• Detecting, preventing, and responding to fraud, security incidents, or abuse of DMrix services
• Maintaining business records and fulfilling statutory obligations including tax filings and audit trails
• Resolving disputes, enforcing contractual obligations, and defending against legal claims

5. Cookies and Tracking Technologies

DMrix uses cookies, web beacons, pixel tags, and similar tracking technologies to enhance the user experience, understand visitor behaviour, and optimise website performance.

5.1 Types of Cookies Used

Strictly Necessary Cookies: Essential for core website functionality. These cannot be disabled without significantly impairing your ability to use the site.

Performance and Analytics Cookies: Collect anonymised data on how visitors interact with the website, including pages visited, time spent, and error messages encountered. We may use tools such as Google Analytics for this purpose.

Functionality Cookies: Remember your preferences and personalise your experience across sessions.

Marketing and Targeting Cookies: Track your browsing activity across sites to serve relevant advertisements. These are deployed only with your explicit prior consent.

5.2 Cookie Consent and Control

Upon your first visit to the DMrix website, you will be presented with a cookie consent banner. You may accept all cookies, customise your preferences, or reject non-essential cookies. Regardless of your choice, strictly necessary cookies will remain active. You may also manage or delete cookies at any time through your browser settings; however, disabling certain cookies may limit website functionality.

5.3 Third-Party Cookies

Third-party service providers integrated into our website — such as Google Analytics, Facebook Pixel, or advertising networks — may set their own cookies subject to their respective privacy policies. DMrix does not control these third-party cookies.

6. Data Sharing and Disclosure

DMrix does not sell, lease, trade, or otherwise transfer your personal information to external parties for commercial gain. Your data may be shared only in the following limited circumstances:

Service Providers: Trusted vendors engaged to support our operations, including hosting companies (e.g., AWS, DigitalOcean), payment gateways (e.g., Razorpay, PayU), cloud storage providers, email delivery services, and project management tools. All such providers are bound by confidentiality obligations and are authorised to use your data solely for agreed service purposes.

Legal Compliance: Where disclosure is required by applicable law, regulation, judicial order, or government authority, including the Income Tax Act, 1961, the Information Technology Act, 2000, and any successor legislation.

Business Transfers: In the event of a merger, acquisition, asset sale, or restructuring of DMrix, your data may be transferred to the successor entity, subject to equivalent privacy protections.

Protection of Rights: Where disclosure is necessary to protect the legal rights, safety, property, or interests of DMrix, its clients, or the general public.

With Your Consent: In any other circumstances where you have provided explicit prior written consent.

7. International Data Transfers

DMrix is based in India and primarily processes data within Indian territory. Some third-party service providers may store or process data outside India. Where data is transferred internationally, DMrix ensures that adequate safeguards are in place, including contractual data processing agreements aligned with applicable data protection regulations. By using our services, you acknowledge and consent to such international transfers where necessary for service delivery.

8. Data Retention

DMrix retains personal data for no longer than is necessary to fulfil the purposes for which it was collected, unless a longer retention period is required or permitted by law.

Client project data and communications are typically retained for a minimum of five (5) years following project completion to support post-delivery queries, warranty obligations, and audit requirements.

Financial and billing records are retained for a minimum of seven (7) years in compliance with Indian accounting standards and tax regulations.

Marketing consent records are retained until consent is withdrawn, plus an additional twelve (12) months to evidence compliance.

Website analytics data is typically retained in anonymised form for up to twenty-four (24) months.

Upon expiry of applicable retention periods, data will be securely deleted or anonymised such that it can no longer be associated with an identifiable individual.

9. Data Security

DMrix implements a comprehensive set of technical and organisational measures to protect your personal information against accidental loss, unauthorised access, disclosure, alteration, or destruction. These measures include, but are not limited to:

Notwithstanding the above, no method of data transmission or storage is entirely secure. DMrix cannot guarantee absolute security and shall not be liable for unauthorised access resulting from circumstances beyond its reasonable control. In the event of a data breach that poses a risk to your rights and freedoms, DMrix will notify affected individuals in accordance with applicable law.

• HTTPS/TLS encryption for all data transmitted to and from the DMrix website
• Encrypted storage for sensitive data at rest using industry-standard algorithms
• Role-based access controls ensuring only authorised personnel access client data on a need-to-know basis
• Regular software updates and patch management to address known security vulnerabilities
• Periodic internal security reviews and, where appropriate, third-party audits
• Multi-factor authentication for administrative access to critical systems
• Contractual security obligations imposed on all third-party processors handling personal data

10. Your Rights as a Data Subject

Subject to applicable data protection law, you have the following rights in respect of your personal data:

Right of Access: You may request confirmation of whether we hold personal data about you and obtain a copy of that data.

Right to Rectification: You may request correction of inaccurate or incomplete personal data.

Right to Erasure: You may request deletion of personal data that is no longer necessary, or where processing is based solely on your consent and you choose to withdraw it, subject to legal retention obligations.

Right to Restriction: You may request that we limit processing of your data in certain circumstances, such as while a rectification request is under review.

Right to Data Portability: Where processing is based on consent or contract and carried out by automated means, you may request transfer of your data in a structured, machine-readable format.

Right to Object: You may object to processing based on legitimate interests, including profiling, and to direct marketing at any time.

Right to Withdraw Consent: Where processing relies on your consent, you may withdraw it at any time without affecting the lawfulness of processing prior to withdrawal.

To exercise any of the above rights, submit a written request to hello@dmrix.com with sufficient information to verify your identity. We will respond within thirty (30) days of receiving a valid request.

11. Children's Privacy

DMrix services are intended exclusively for individuals aged 18 years and above, or individuals of legal contracting age in their jurisdiction. DMrix does not knowingly collect personal data from minors. If you believe that a minor has provided us with personal information without appropriate consent, please contact us immediately so that we may take appropriate corrective action.

12. Changes to This Privacy Policy

DMrix reserves the right to amend this Privacy Policy at any time to reflect changes in our practices, applicable laws, or regulatory requirements. Material changes will be communicated via email or a prominent notice on our website at least fifteen (15) days prior to taking effect. Your continued use of our website or services following the effective date of any amendment constitutes your acceptance of the revised Policy. We encourage you to review this page periodically to remain informed.