This Privacy Policy explains how KServe BPO Private Limited (“KServe”, “we”, “us”, “our”) collects, uses, discloses, and protects personal data when you interact with us, visit our website, or use our services.

 

By accessing or using our website or services, you agree to the terms of this Privacy Policy and our Terms of Use.

 

SCOPE & APPLICABILITY

This Privacy Policy applies to:

1. Visitors to our website: kserve.co.in (“Website”);
2. Individuals who interact with us (e.g., via email, call, or forms);
3. Our customers, vendors, service providers and their representatives;
4. Candidates applying for employment;
5. Any other person whose personal data we process in the course of our business.

 

This Privacy Policy is primarily governed by the laws of India, including the Digital Personal Data Protection Act, 2023 (DPDP Act) and applicable rules thereunder, to the extent in force.

 

We are an Indian company and do not specifically target residents of the European Economic Area (“EEA”) or the State of California, USA. However, in limited scenarios where we incidentally receive or process personal data from such jurisdictions, we endeavour to handle such data in line with the applicable principles of:

1. General Data Protection Regulation (EU) 2016/679 (“GDPR”) – if and to the extent it applies;
2. California Consumer Privacy Act of 2018 (“CCPA”), as amended by CPRA – if and to the extent it applies.

 

Where there is a conflict between applicable local law and this Policy, the applicable law shall prevail.

 

DEFINITIONS

For this Privacy Policy:

1. “Personal Data” / “Personal Information” means any information that relates to an identified or identifiable natural person (a “Data Principal” / “Data Subject” / “Consumer”).
2. “Processing” means any operation performed on personal data, such as collection, storage, use, disclosure, transfer, or erasure.
3. “Services” means the services we provide as a business process outsourcing/call centre and related support services, whether for a fee or otherwise.
4. “You” / “Your” refers to any individual whose personal data we process.

 

CATEGORIES OF DATA WE COLLECT

We may collect the following types of information, depending on your interaction with us:

 

1. Information You Provide Directly
   • Identification & Contact Information: Name, email address, phone number, postal address, company name, job title, and other similar details.
   • Business / Client Information: Information you share about your organisation, requirements, project details, or any data disclosed as part of our call centre / BPO services.
   • Financial / Payment Information: Limited details needed for invoicing and payment processing (such as bank account details, UPI details or payment reference data). We generally use payment gateways and do not store full card details ourselves.
   • Account / Access Credentials: Usernames, passwords or access tokens, if we create or manage logins for client systems (subject to separate contractual confidentiality obligations).
   • Job Application Data: CV/Resume, qualifications, employment history and other data submitted as part of recruitment.
   • Communications: Records of communication you send to us, such as emails, queries submitted via forms, feedback, or call recordings (where permitted by law and disclosed to you).

 

2. Information Collected Automatically

When you visit our Website, we may automatically collect:

1. • IP address, browser type, device type, operating system;
   • Date and time of visit, pages viewed, time spent on pages;
   • Referring URLs and general location (approximate, based on IP).

 

This data is typically collected through cookies, web beacons, log files, and similar technologies (see Cookies).

 

3. Information Received from Third Parties

Depending on our engagement:

1. • Our clients may provide us with personal data of their customers / users for call centre, support, or back-office services.
   • Vendors or partners may share your details for coordination and business operations.
   • Publicly available sources (e.g., company websites, LinkedIn, public records).

 

Where we act as a data processor / service provider on behalf of a client, our use of that data is governed by our contract with the client, and this Policy applies only to the extent we act as controller / data fiduciary.

 

 

LEGAL BASIS & PURPOSE OF PROCESSING

We process your personal data for one or more of the following purposes:

 

1. Service Delivery & Business Operations
   • To provide our call centre / BPO / back-office and related services to clients;
   • To respond to your queries, requests, or support needs;
   • To set up, manage and maintain your account or relationship with us;
   • To manage billing, invoicing, collections, and reconciliation.

 

2. Communications & Marketing
   • To send you service-related notices, updates, or administrative information;
   • To send you newsletters, surveys, or marketing communications (only where lawful);
   • To invite you to events, webinars, or share information about our services.

 

You can opt out of marketing communications at any time by following the unsubscribe link in the email or contacting us.

 

3. Analytics & Website Improvement
   • To understand how our Website is used;
   • To monitor performance, prevent misuse and improve user experience;
   • To troubleshoot, maintain and secure our systems.

 

4. Legal & Regulatory Compliance
   • To comply with applicable laws, orders, and regulatory requirements;
   • To respond to lawful requests from authorities;
   • To establish, exercise, or defend legal claims.

 

5. Security & Fraud Prevention
   • To protect our infrastructure, systems, data, and users;
   • To detect, prevent, and investigate fraud, abuse, or security incidents.

 

HOW WE OBTAIN CONSENT & YOUR CHOICES

Where required by law, we obtain your consent before processing your personal data for specified purposes (e.g., certain marketing activities or cookies).

 

You have the right to:

1. Withdraw consent at any time (this will not affect processing already carried out);
2. Decline to provide certain data, although this may affect our ability to provide services.

 

For clients’ customer data that we process as a service provider, the client is responsible for ensuring appropriate consent or lawful basis, and we process such data strictly per client instructions.

 

SHARING & DISCLOSURE OF PERSONAL DATA

We may share your personal data with:

 

1. Group Entities & Affiliates

Group companies or affiliates, where necessary, for business operations, support functions, or consolidated reporting, in accordance with this Policy and applicable law.

 

2. Service Providers & Vendors

Trusted third-party service providers who support us in:

1. • IT infrastructure, hosting, cloud services;
   • Payment processing and accounting;
   • Email delivery, SMS, or other communication platforms;
   • Analytics, security, and operational support.

 

These service providers are bound by confidentiality and data protection obligations and may only process data on our instructions.

 

3. Clients (Business Customers)

Where our client is the data controller / data fiduciary, we may share records of interactions, reports, call logs, or other process outputs with that client as part of the contracted services.

 

4. Legal & Regulatory Authorities

We may disclose data:

1. • Where required by applicable law, court order, or governmental / regulatory request;
   • To protect our legal rights, safety, or the rights of others;
   • To investigate fraud, security incidents, or policy violations.

 

5. Business Transfers

In connection with any merger, acquisition, restructuring, sale of assets, or similar transaction, personal data may be transferred to the relevant successor entity, subject to continuing protection consistent with this Policy.

 

6. We do not sell your personal data for monetary consideration.

 

INTERNATIONAL DATA TRANSFERS

We primarily process and store data in India. However:

1. Our clients, affiliates, or service providers may be located in other countries;
2. Data may be transferred outside India, subject to contractual safeguards and applicable law.

Where required by the DPDP Act, we will ensure that any cross-border transfer complies with applicable Indian rules and is not made to any country restricted by the Government of India.

If and to the extent GDPR applies, we will ensure that transfers of personal data outside the EEA are made on an appropriate legal basis, such as:

1. Adequacy decisions;
2. Standard Contractual Clauses; or
3. Other appropriate safeguards recognised under GDPR.

 

DATA RETENTION

We retain personal data only for as long as necessary to fulfil the purposes described in this Policy or as required by:

1. Applicable law;
2. Contractual obligations;
3. Legitimate business needs (e.g., audit, tax, legal defence).

 

When data is no longer required, we will take reasonable steps to securely delete, anonymise or archive it, unless retention is required by law.

 

YOUR RIGHTS

 

Your rights depend on the laws applicable to you. At a minimum, under Indian law and our internal practices, you may be entitled to the following rights in relation to your personal data:

 

Under Indian Law (DPDP Act, where applicable), subject to conditions and applicable law, you may:

1. Access: Request confirmation as to whether we process your personal data and a summary of such data.
2. Correction & Updating: Request correction, completion, or updating of inaccurate or incomplete data.
3. Erasure: Request deletion of personal data where it is no longer necessary, or where consent has been withdrawn (subject to legal/contractual retention).
4. Grievance Redressal: Lodge a complaint with our Grievance Officer.

 

If you are located in the EEA/UK and GDPR applies to our processing of your personal data, you may also have, in addition to the above:

1. Right to Restriction of Processing;
2. Right to Data Portability;
3. Right to Object to Processing (including direct marketing);
4. Right not to be subject to decisions based solely on automated processing, in certain cases;
5. Right to lodge a complaint with a supervisory authority in your country.

 

If you are a resident of California and CCPA applies to our processing, you may also have, subject to conditions:

1. Right to know what personal information is collected, used, disclosed;
2. Right to request deletion of personal information;
3. Right to non-discrimination for exercising CCPA rights;
4. Right to opt out of sale or sharing of personal information (we do not sell personal information in the conventional sense).

 

You may exercise your rights by contacting us using the details below. We may need to verify your identity before processing your request. In some situations, we may be unable to comply fully with your request due to legal or contractual obligations, in which case we will inform you of the reason, to the extent permitted by law.

 

COOKIES & TRACKING TECHNOLOGIES

Our Website may use cookies and similar technologies to:

1. Recognise you when you return to the Website;
2. Remember your preferences;
3. Analyse Website usage and improve performance.

 

You can usually control cookies through your browser settings (block, delete or disable). However, disabling certain cookies may affect the functioning of some parts of the Website.

 

If we use third-party analytics tools (such as Google Analytics), those third parties may set their own cookies. Their use of information is governed by their own privacy policies.

 

We do not use interest-based advertising cookies or AdSense for our BPO operations unless explicitly stated on the Website at the relevant time.

 

INFORMATION SECURITY

We take reasonable technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction, including:

1. Access controls, authentication and role-based permissions;
2. Encryption in transit and/or at rest where appropriate;
3. Firewalls, monitoring, and secure configurations;
4. Employee confidentiality obligations and restricted access on a need-to-know basis.

 

However, no system or transmission over the internet is completely secure. While we strive to protect your information, we cannot guarantee absolute security.

 

THIRD-PARTY LINKS & WEBSITES

Our Website may contain links to third-party websites or services. We do not control, endorse, or take responsibility for their content or privacy practices. We encourage you to review their privacy policies before providing any personal data.

 

CHILDREN’S PRIVACY

 

Our Services are not intended for children below the age of 18 years, and we do not knowingly collect personal data from children. If you believe that we have inadvertently collected personal data from a child, please contact us, and we will take appropriate steps to delete such data.

 

CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time to reflect changes in:

1. Legal requirements;
2. Our operations or services;
3. Technological or industry practices.

 

When we make material changes, we will update the “Last Updated” date at the top and, where appropriate, provide additional notice (e.g., on the Website or via email). Your continued use of our Website or Services after such changes signifies your acceptance of the updated Policy.

 

CONTACT & GRIEVANCE REDRESSAL

This Website is owned and operated by:

Name:                        KServe BPO Pvt Ltd

CIN:                            U93000MH2021PTC3586366

Registered Office:    Ashar IT Park, 8th Floor, A Wing, Building No.1, Office No. A-1, Road No.16Z, Wagle Estate, Thane (W) – 400604, Maharashtra, India.

 

For any questions about this Privacy Policy or our data practices, or to exercise your rights, you may contact us at:

 

Grievance Officer

In accordance with the DPDP Act, we have designated the following Grievance Officer:

 

Name: Benjamin Mohanty

Email: benjamin.mohanty@kserve.co.in

Address: Same as registered office address above.

 

We will endeavour to acknowledge and respond to grievances or requests within the timelines prescribed under applicable law.