ZoNest Solutions

Data Privacy and Protection Policy

Last Updated: 23rd January 2026

Introduction

ZoNest Solutions ("ZoNest", "Company", "we", "us", or "our") is a global technology consulting and services firm that offers implementation, advising, managed services, and support to clients in several jurisdictions. We gather, receive, access, store, and handle client-controlled and personal data from website visitors, potential clients, client representatives, staff, end users, vendors, and other stakeholders during our international activities.

ZoNest recognizes that personal data and client data are shared with a high expectation of trust. We are committed to ensuring confidentiality, integrity, availability, and lawful processing of such data throughout its lifecycle. This Policy describes how ZoNest manages personal data and client data and reflects our commitment to applicable data protection laws, contractual obligations, and internal governance standards.

Scope of Policy

This Policy applies to all personal data and client data processed by ZoNest, irrespective of the country in which the data subject is located or the ZoNest entity involved.

It covers information processed through:

  • ZoNest websites, portals, and digital platforms
  • Client engagements, including consulting, implementation, support, and managed services
  • Pre-sales activities, commercial discussions, and contractual communications
  • Authorized access to client systems, applications, and environments
  • Internal corporate functions such as recruitment, employment administration, vendor management, and regulatory compliance

This Policy applies to data that is:

  • Collected directly or indirectly
  • Received from clients, partners, or third parties
  • Generated through system usage or service delivery
  • Processed in electronic or physical form
  • Stored on ZoNest-managed infrastructure or approved cloud platforms

Compliance With Applicable Data Protection Laws

ZoNest processes personal data in accordance with applicable privacy and data protection laws in the jurisdictions where it operates or provides services.

Relevant regulations include, where applicable:

  • Digital Personal Data Protection Act, 2023 (India), regulating the processing of digital personal data in India
  • EU General Data Protection Regulation (GDPR) 2016/679, governing the processing of personal data of individuals in the European Union and European Economic Area
  • UK GDPR, applicable to the processing of personal data of individuals in the United Kingdom
  • California Consumer Privacy Act / California Privacy Rights Act (CCPA / CPRA), providing privacy rights to California residents
  • Other applicable national or regional privacy laws, depending on ZoNest’s operations, client locations, and processing activities

Where more than one legal framework applies to a processing activity, ZoNest adopts the most stringent applicable standard to ensure consistent protection.

Fundamental Data Protection Principles

ZoNest handles personal data in accordance with internationally recognized data protection principles. Accordingly, personal data is:

  • Processed lawfully, fairly, and in a transparent manner
  • Collected for specific, explicit, and legitimate purposes
  • Limited to what is relevant and necessary for those purposes
  • Maintained accurately and updated where appropriate
  • Retained only for the period justified by purpose, law, or contract
  • Protected using appropriate technical and organizational safeguards
  • Subject to accountability, documentation, and auditability

These commitments are embedded into ZoNest’s internal policies, procedures, and operational controls.

Roles and Responsibilities in Data Processing

ZoNest’s role varies depending on the nature of the engagement and processing activity.

ZoNest acting as Data Controller

ZoNest acts as a Data Controller where it determines the purposes and means of processing, including for:

  • Website inquiries and contact submissions
  • Marketing, promotional, and business communications
  • Vendor, partner, and supplier administration
  • Recruitment, employment, and human resources activities
  • Internal corporate governance and compliance functions

ZoNest acting as Data Processor

ZoNest acts as a Data Processor when it processes personal data solely on behalf of a client and in accordance with documented instructions or executed agreements. Typical scenarios include:

  • System implementation and configuration services
  • Application support and managed services
  • Data migration, testing, and issue resolution
  • Temporary or controlled access to client environments

In such cases:

  • The client remains the Data Controller
  • ZoNest does not independently define retention periods
  • Client data is not used for ZoNest’s own purposes

Information We Collect

Online and Website Interaction Information

Collected when individuals visit ZoNest websites or submit forms:

  • Name, business email address, and contact number
  • Company name and job title
  • Inquiry details or submitted content
  • IP address, browser type, and device information
  • Usage data, cookies, and analytics information

Commercial and Engagement Information

Collected during business and contractual interactions:

  • Contact details of client and partner representatives
  • Business correspondence and meeting records
  • Contractual, billing, and commercial details

Client-Controlled Information

Processed strictly on behalf of clients under contractual arrangements:

  • Employee, customer, or end-user personal data
  • Transactional and operational records
  • System configuration details, logs, and reports
  • Files and documents stored within client systems
  • Access to such information is restricted, purpose-specific, time-bound, logged, and monitored

System, Log, and Security Information

Generated by systems and security mechanisms:

  • Access logs and audit trails
  • Authentication and session records
  • Security alerts, error logs, and performance metrics

Workforce and Recruitment Information

Where applicable:

  • Identification and contact information
  • Professional qualifications and employment history
  • Background verification details (where legally permitted)
  • Payroll and statutory compliance information

Purposes of Data Processing

ZoNest processes personal data and client data only where there is a defined and legitimate purpose, including to:

  • Deliver contracted services and comply with client instructions
  • Support, maintain, and enhance client systems and environments
  • Manage inquiries, communications, and service requests
  • Protect system security, integrity, and availability
  • Meet contractual, legal, audit, and regulatory obligations
  • Improve service quality through controlled and anonymized analysis

Confidentiality and Access Management

ZoNest enforces strict confidentiality and access controls, including:

  • Confidentiality obligations for all personnel
  • Role-based access and least-privilege principles
  • Time-limited access aligned with engagement scope
  • Immediate revocation of access upon role change or disengagement
  • Logging, monitoring, and periodic access reviews

Use of Service Providers and External Parties

ZoNest may engage third-party service providers or sub-processors solely to support service delivery. Such parties are:

  • Assessed for security and compliance suitability
  • Contractually bound by data protection and confidentiality obligations
  • Subject to ZoNest’s oversight and accountability
  • ZoNest does not sell personal data.

Cross-Border Data Movement

Due to ZoNest’s global operations, personal data and client data may be transferred across national borders. Appropriate safeguards are implemented, including:

  • Contractual protections such as Standard Contractual Clauses, where applicable
  • Technical measures including encryption and controlled access
  • Compliance with applicable cross-border transfer regulations

Information Retention and Secure Disposal

ZoNest retains personal data and client data in accordance with internal policies, applicable legal and regulatory requirements, and contractual terms. Data is not retained beyond what is necessary or permitted.

Retention Standards Applicable to All Information

Personal data is retained only where required to:

  • Fulfil the purpose for which it was collected or processed
  • Perform obligations under a valid contract or engagement
  • Comply with legal, statutory, tax, audit, or regulatory requirements
  • Resolve disputes or defend legal claims

Retention periods vary depending on data type, purpose, and applicable law. Where no lawful basis exists, data is not retained.

Retention of Client-Directed Information

Client‑controlled data is retained strictly in line with executed agreements and documented client instructions. ZoNest:

  • Does not independently determine retention periods
  • Retains client data only for agreed purposes and durations
  • Does not reuse or archive client data beyond contractual scope

Upon completion or termination of services, client data is returned and/or securely deleted or irreversibly anonymized, unless otherwise required by law or expressly agreed in writing.

Secure Deletion and Destruction Practices

When information is no longer required:

  • It is securely deleted, anonymized, or irreversibly destroyed using industry‑accepted methods
  • Disposal activities are documented and auditable
  • Data remains protected during deletion, archiving, and backup processes

Personal Data Breach Management

In the event of a suspected or confirmed data breach:

  • Incidents are promptly identified, recorded, and assessed
  • Containment and remediation measures are initiated
  • Affected clients are notified without undue delay
  • Regulatory authorities are informed where legally required
  • Root cause analysis and preventive measures are implemented

Rights of Individuals

Subject to applicable law, individuals may have rights including:

  • Access to their personal data
  • Correction of inaccurate or incomplete data
  • Erasure or restriction of processing
  • Objection to certain processing activities
  • Data portability

Where ZoNest acts as a Data Processor, such requests are handled in coordination with the relevant client acting as a Data Controller.

External Website References

  • ZoNest websites or digital platforms may include links to third‑party websites or online services that are not owned, operated, or controlled by ZoNest.
  • ZoNest does not exercise control over, and is not responsible for, the content, security practices, or privacy policies of such third‑party websites. Any personal data you choose to provide to third parties is governed by their respective privacy notices and terms.
  • The inclusion of external links does not imply endorsement or approval by ZoNest. Users are encouraged to review the applicable privacy policies and terms of use of any third‑party websites before interacting with or submitting personal information through them.

Contact Information

ZoNest may update this Policy from time to time. Any changes will be published on the ZoNest website along with a revised effective date.

For questions, concerns or requests relating to privacy or data protection, please feel free to contact us on given details:

ZoNest Solutions

Email: privacy@zonestsolutions.com