TuringX (OPC) Private Limited (“TuringX”, “we”, “our”, or “us”) is committed to protecting the privacy and personal data of individuals in accordance with the Digital Personal Data Protection Act, 2023 (India) (“DPDP Act”).
This page explains how we collect, process, store, and protect personal data when acting as a Data Fiduciary or Data Processor, and outlines the rights of individuals (“Data Principals”) under Indian data protection law.
Scope of This Policy
This DPDP Compliance Policy applies to:
- Personal data of individuals located in India
-
Personal data collected through:
-
https://www.turingx.in
- Client engagements
- Contact forms, project requests, and communications
- Employment and vendor interactions
- Processing activities carried out digitally or digitised subsequently
This policy applies irrespective of whether processing occurs within or outside India, where DPDP obligations apply.
Key Definitions
For the purposes of this policy:
- Personal Data: Any data about an individual who is identifiable by or in relation to such data.
- Data Principal: The individual to whom the personal data relates.
- Data Fiduciary: The entity that determines the purpose and means of processing personal data.
- Data Processor: The entity that processes personal data on behalf of a Data Fiduciary.
- Processing: Any operation performed on personal data, including collection, storage, use, disclosure, or deletion.
Lawful Basis for Processing
TuringX processes personal data only where permitted under the DPDP Act, including:
- Consent provided freely, specifically, informed, and unambiguous
- Performance of a contract or steps taken prior to entering into a contract
- Compliance with legal obligations
- Legitimate uses permitted under the Act (such as security, fraud prevention, or business operations)
Where consent is required, it is obtained through clear affirmative action.
Categories of Personal Data We Process
Depending on context, we may process:
- Identity information (name, designation, company)
- Contact details (email address, phone number)
- Professional and business information
- Communication records and correspondence
- Technical data (IP address, browser type, logs)
- Client and vendor-related data provided during engagements
We do not intentionally collect unnecessary or excessive personal data.
Purpose Limitation
Personal data is collected and processed only for specific, explicit, and lawful purposes, including:
- Responding to enquiries and project requests
- Delivering contracted services
- Managing client and vendor relationships
- Providing technical support and communications
- Ensuring security and operational integrity
- Meeting legal, regulatory, and compliance obligations
Data is not processed in a manner incompatible with these purposes.
Consent Management
Where consent is the basis for processing:
- Consent requests are presented clearly and in plain language
- Data Principals may withdraw consent at any time
- Withdrawal of consent does not affect processing already carried out lawfully
Upon withdrawal, personal data is deleted or anonymised unless retention is legally required.
Rights of Data Principals
Under the DPDP Act, Data Principals have the right to:
- Access personal data being processed
- Correction and erasure of inaccurate or outdated data
- Withdraw consent at any time
- Grievance redressal regarding processing activities
- Nominate another individual to exercise rights in case of incapacity or death
Requests can be made by contacting us through email at [email protected].
Data Security Safeguards
TuringX implements reasonable security safeguards to protect personal data, including:
- Role-based access controls
- Secure authentication mechanisms
- Encryption in transit and at rest where applicable
- Regular security updates and patching
- Monitoring and logging of system activity
- Restricted access to production environments
Security controls are reviewed periodically based on risk and operational needs.
Data Retention
Personal data is retained only for as long as necessary to:
- Fulfil the stated purpose
- Meet contractual obligations
- Comply with legal and regulatory requirements
Once no longer required, data is securely deleted or anonymised.
Data Sharing & Disclosure
Personal data may be shared only:
- With authorised employees and contractors
- With trusted service providers acting as Data Processors
- Where required by law or regulatory authority
All processors are required to implement appropriate security measures and process data only as instructed.
Cross-Border Data Transfers
Where personal data is transferred outside India:
- Transfers are conducted in accordance with the DPDP Act
- Appropriate contractual and technical safeguards are applied
- Transfers are limited to jurisdictions permitted by law
Breach Management
In the event of a personal data breach:
- Appropriate containment and remediation steps are taken
- Impact is assessed promptly
- Notifications are made to authorities or affected individuals where legally required
TuringX maintains internal processes for incident response and breach handling.
Children’s Personal Data
TuringX does not knowingly collect or process personal data of children unless explicitly permitted under law and with required consent.
Cookies & Tracking Technologies
We use cookies to enhance user experience. You can manage cookie preferences via browser settings. For details, refer to our Cookie Policy.
Grievance Redressal
If you have concerns or requests related to personal data processing, you may contact our Grievance Officer:
Grievance Officer
Email: [email protected]
Response time: As required under applicable law.
We are committed to resolving grievances in a timely and transparent manner.
Updates to This Policy
This DPDP Compliance Policy may be updated periodically to reflect:
- Changes in law or regulatory guidance
- Changes in our data processing practices
- Operational or security improvements
The latest version will always be available on our website.
Commitment Statement
TuringX is committed to responsible data stewardship and maintaining the trust of clients, partners, and individuals. Compliance with the Digital Personal Data Protection Act is integral to how we design, build, and operate our systems.
This policy is subject to periodic updates. We encourage users to review it regularly. By using our services, you acknowledge and agree to this DPDP Policy.
Last Updated: 22 December 2025
