means any information that relates to a natural person, which, either directly or indirectly, in connection with other information available or likely to be available with us, is capable of identifying such person.

means personal information consisting of information relating to passwords, financial information, health records, sexual orientation, medical records, and biometric information, as defined under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.

means any operation or set of operations performed on personal information or sets of personal information, whether or not by automated means, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure by transmission, dissemination, alignment, combination, restriction, erasure, or destruction.

means the natural person to whom the personal information relates.

means a natural or legal person, public authority, agency, or body other than the data subject, the Company, and persons who, under the direct authority of the Company, are authorized to process personal information.

Current and Prospective Clients: Residential homeowners/tenants, commercial businesses/corporations, industrial facilities, and hospitality venues (hotels, restaurants, cafes) seeking consultancy, design planning, project management, space optimization, ergonomic design, color consultation, furniture selection, customized furnishing, styling, decoration, renovation, and refurbishment services.

Website/App Users: Visitors to corporate websites, portfolio galleries, online showrooms, e- commerce platforms, mobile applications, virtual consultation tools, digital project management portals, and online design planning platforms for browsing, purchasing furniture/decor items, tracking projects, and accessing remote consultations.

Subscribers/Participants: Newsletter subscribers, marketing communication recipients, workshop/training attendees, exhibition visitors, survey participants, feedback providers, social media followers (Instagram, Facebook, Pinterest, LinkedIn, YouTube), contest participants, brand ambassadors, and community members engaging through comments, shares, user-generated content, and online reviews.

Professional Network: Contractors, vendors, suppliers (material/furniture/import-export partners), technology providers, craftsmen, architects, maintenance service providers, and after-sales support teams involved in cleaning, repair, and restoration services.

Data collection occurs across Physical Touchpoints (showrooms, retail stores, client properties, office locations), Digital Infrastructure (websites, mobile apps, cloud services), and Communication Channels (email, phone, video conferences, project documentation, customer support, warranties).

This Policy covers all activities related to interior design/decoration including space layout, furniture arrangement, lighting design, colour schemes, wall treatments, flooring, supply/installation of furniture/fixtures/decorative items, import/export/trade of interior products, project management, contractor coordination, material procurement, sustainable/eco-friendly design practices, showroom operations, and educational workshops/exhibitions.

Regulatory Alignment: NIC Codes 74102 (Activities of interior decorators), 74100 (Specialized design activities), 74109 (Other specialized design activities n.e.c.)

• Full name, title, and designation
• Date of birth and age verification
• Government-issued identification numbers (Aadhaar, PAN, Passport, Driver's License)
• Photographs for identification and project documentation purposes
• Digital signatures for contract execution

• Residential and business addresses
• Telephone numbers (mobile and landline)
• Email addresses (personal and professional)
• Emergency contact details

• Income and employment details
• Bank account information
• Payment card details
• Transaction history
• Credit assessment information
• GST registration details (where applicable)

• Family composition and demographics
• Lifestyle patterns and preferences
• Design style preferences
• Accessibility requirements
• Religious and cultural considerations

• Legal descriptions and ownership documentation
• Architectural specifications and floor plans
• Property valuations and insurance information
• Existing infrastructure and systems
• Renovation history and modifications

• Design specifications and preferences
• Technical requirements (electrical, plumbing, HVAC)
• Budget parameters and payment arrangements
• Timeline and delivery expectations
• Special accommodation needs

• Property photographs and videos
• Progress documentation
• 3D renderings and design visualizations
• Before-and-after comparisons

• IP addresses and geolocation data
• Device and browser information
• Pages visited and navigation patterns
• Session duration and interaction data
• Search queries and referral sources

• Email correspondence and attachments
• Chat transcripts and support interactions
• Voice recordings (where consent is provided)
• Video conference recordings

• Newsletter subscription preferences
• Campaign interaction metrics
• Social media engagement patterns
• Event participation records
• Customer satisfaction ratings

• Business registration and licensing details
• Professional certifications and qualifications
• Insurance coverage information
• Portfolio samples and references
• Performance metrics and quality assessments

• Comprehensive project planning and resource allocation
• Design consultation and visualization services
• Quality control and compliance verification
• Installation supervision and execution
• Customer support and relationship management
• Warranty and post-completion services

• Financial management and billing
• Risk assessment and management
• Vendor and supplier coordination
• Performance monitoring and improvement
• Legal compliance and regulatory reporting
• Insurance and liability management

• Customer acquisition and retention programs
• Market research and competitive analysis
• Product and service development
• Brand promotion and reputation management
• Customer segmentation and targeting
• Referral and loyalty programs

Personal information may be shared internally among authorized personnel on a need-to- know basis for legitimate business purposes, subject to appropriate access controls and confidentiality obligations.

Service Providers and Business Partners:

• Licensed architects and interior designers
• Contractors, suppliers, and installation specialists
• Professional service providers (legal, accounting, insurance)
• Technology service providers and vendors
• Quality assurance and inspection services

Regulatory and Government Authorities:

• Municipal and regulatory authorities for permits and compliance
• Tax authorities for reporting and audit purposes
• Consumer protection agencies for dispute resolution
• Law enforcement agencies pursuant to legal obligations
• Industry regulatory bodies for certification and compliance

All external data sharing is governed by comprehensive data processing agreements that specify:

• Permitted uses and purpose limitations
• Security and confidentiality requirements
• Data retention and deletion obligations
• Breach notification procedures
• Audit rights and compliance monitoring

• Advanced encryption for data in transit and at rest
• Multi-factor authentication and access controls
• Network security and intrusion detection systems
• Regular security assessments and penetration testing
• Secure backup and disaster recovery procedures
• Continuous monitoring and threat detection

• Comprehensive information security policies
• Regular security awareness training for personnel
• Background verification for employees with data access
• Incident response and breach notification procedures
• Vendor security assessments and compliance monitoring
• Physical security controls and access restrictions

Personal information is retained only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce agreements.

Retention Periods:

• Active project data: Duration of project plus 10 years
• Financial records: 7 years from transaction date
• Customer communications: 5 years from last interaction
• Marketing data: Until consent withdrawal plus compliance period
• Legal and compliance records: As required by applicable law

Secure disposal procedures are implemented for all personal information upon expiration of retention periods.

Our website uses cookies and similar technologies for:

• Essential website functionality and security
• Performance monitoring and analytics
• User preference management
• Marketing and advertising optimization

Users can manage cookie preferences through:

• Browser settings and controls
• Our cookie preference center
• Third-party opt-out mechanisms
• Privacy-focused browser extensions

Detailed information about our cookie practices is available in our separate Cookie Policy.

Where personal information is transferred outside India, we ensure adequate protection through:

• Adequacy decisions by competent authorities
• Standard contractual clauses
• Binding corporate rules
• Certification schemes and codes of conduct
• Specific derogations for limited circumstances

Transfer impact assessments are conducted to evaluate and mitigate risks associated with international data transfers.

We may use automated processing systems for:

• Credit assessment and risk evaluation
• Service recommendations and personalization
• Marketing campaign optimization
• Quality control and compliance monitoring

Data subjects have the right to:

• Receive information about automated decision-making
• Request human intervention and review
• Express their point of view and contest decisions
• Opt-out of automated processing where legally permissible

We do not knowingly collect personal information from individuals under 18 years of age without verifiable parental consent. If we become aware of unauthorized collection of children's information, we will take immediate steps to delete such information and notify parents or guardians as appropriate.

In the event of a personal data breach, we will:

• Implement immediate containment measures
• Conduct comprehensive impact assessment
• Notify regulatory authorities within 72 hours (where required)
• Inform affected data subjects without undue delay (for high-risk breaches)
• Document the incident and remedial actions taken
• Review and improve security measures as necessary

Marketing communications are sent only with explicit consent, which may be withdrawn at any time by contacting us through the methods specified in Section 22 of this Policy.

• Service-related notifications (no opt-out required)
• Promotional offers and newsletters (consent required)
• Market research and surveys (consent required)
• Event invitations and announcements (consent required)

Our website may contain links to third-party websites and services. We are not responsible for the privacy practices of such third parties. Users are advised to review the privacy policies of third-party websites before providing personal information.

For any privacy-related complaints, concerns, or grievances, please contact us using the information provided in Section 22. Our designated representative will handle all privacy matters and ensure appropriate resolution.

Complaints will be acknowledged within 48 hours and resolved within 30 days. If unsatisfied with our response, data subjects may approach relevant regulatory authorities or seek alternative dispute resolution.

This Policy may be updated periodically to reflect changes in legal requirements, business practices, or technology. Material changes will be communicated through:

• Email notifications to registered users
• Website prominently displayed notices
• Direct mail for significant changes affecting rights
• Social media announcements for transparency

Continued use of our services after policy updates constitutes acceptance of the revised terms.

This Policy is governed by the laws of India. Any disputes arising from this Policy shall be subject to the exclusive jurisdiction of the courts in Durgapur, West Bengal, India.

For all privacy-related inquiries, concerns, requests, complaints, or any other matters regarding this Privacy Policy, please contact us:

• Call Us: +91 933 255 2770
• Email Us: contact@mdcdecor.in
• Write to Us: MDC Decor Private Limited, 3/4, Central Park, City Centre, Bardhaman, Durgapur Mc, West Bengal, India, 713216

Acknowledgment: By engaging with our services or using our website, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

This Privacy Policy was last updated on June 19, 2025, and is effective immediately.