Defitex

Privacy Policy

Your privacy is important to us. This policy explains how we collect, use, and protect your personal information.

Last Updated: August 05, 2025

Table of Contents

Privacy Policy OverviewInformation We CollectHow We Use Your InformationInformation Sharing and DisclosureData SecurityYour Privacy RightsCookies and Tracking TechnologiesData RetentionCommunicationsInternational Data TransfersChildren's PrivacyChanges to This Privacy Policy

Privacy Policy Overview

Defitex Innovative Solutions LLC (Wyoming) and Defitex Innovative Solutions Private Limited (India) (collectively "Defitex", "we", "us", "our") are committed to protecting and respecting your privacy. This Privacy Policy ("Policy") describes how we collect, use, process, store, share, and protect your personal information in connection with our staffing, recruitment, and related professional services.

This Policy applies to all personal information we process, whether collected through our website (defitex.us), mobile applications, services, or through direct interactions with our personnel. We are the data controller for the purposes of applicable data protection laws.

We comply with all applicable privacy and data protection laws, including but not limited to the General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), California Privacy Rights Act (CPRA), Virginia Consumer Data Protection Act (VCDPA), and other applicable state and federal privacy laws.

Information We Collect

We collect personal information through various means and for legitimate business purposes related to our staffing and recruitment services. The categories of personal information we collect include:

Personal Identifiers and Contact Information

  • Full name, aliases, and preferred names
  • Email addresses (personal and professional)
  • Telephone numbers (mobile, home, work)
  • Postal addresses (current and previous)
  • Government-issued identification numbers (SSN, passport, driver's license)
  • Date of birth and age verification information
  • Emergency contact information

Professional and Employment Information

  • Complete employment history and work experience
  • Educational background, degrees, and certifications
  • Professional skills, competencies, and qualifications
  • Salary history and compensation expectations
  • Performance evaluations and work samples
  • Professional references and recommendations
  • Visa status and work authorization information
  • Professional licenses and industry certifications

Sensitive Personal Information

  • Background check results and criminal history (where legally permitted)
  • Credit history and financial information (for specific roles)
  • Health and medical information (for safety-sensitive positions)
  • Biometric identifiers (fingerprints, photos for ID verification)
  • Protected class information for diversity and compliance reporting
  • Immigration status and work eligibility documentation

Technical and Usage Information

  • IP addresses, device identifiers, and browser fingerprints
  • Browser type, version, and operating system information
  • Website interaction data, page views, and session recordings
  • Search queries and application usage patterns
  • Geolocation data and time zone information
  • Cookies, web beacons, and similar tracking technologies
  • Mobile device information and app usage analytics

Third-Party and Public Information

  • Social media profiles and professional networking data
  • Publicly available information from professional databases
  • Information from background check and verification services
  • Data from recruitment partners and affiliate networks
  • Client-provided information about job requirements and preferences
  • Information from educational institutions and certification bodies

How We Use Your Information

We use your information for legitimate business purposes and only as described in this policy or with your explicit consent.

Service Provision and Contract Performance

  • Delivering our consulting services and managing client relationships
  • Executing contracts and providing technical support
  • Maintaining service quality and project management
  • Creating deliverables and progress reporting
  • Client communication throughout the engagement lifecycle

Business Operations and Administration

  • Invoicing, payment processing, and accounting
  • Internal reporting and quality assurance
  • Staff training and resource allocation
  • General business administration and operational efficiency

Legal Compliance and Risk Management

  • Complying with applicable laws, regulations, and court orders
  • Tax obligations and employment law compliance
  • Anti-money laundering requirements and data protection obligations
  • Responding to legal proceedings and government requests

Marketing and Communications (Consent-Based)

  • Sending marketing communications and newsletters (with explicit consent)
  • Service updates and promotional materials
  • Consent may be withdrawn at any time through unsubscribe links

Analytics and Service Improvement

  • Analyzing usage patterns and service performance
  • Improving our offerings and developing new services
  • Enhancing user experience and optimizing business processes
  • Using aggregated and anonymized data for analysis

Security and Fraud Prevention

  • Protecting our systems and preventing unauthorized access
  • Detecting fraudulent activities and investigating security incidents
  • Maintaining the integrity of our services and client data

Information Sharing and Disclosure

We do not sell, rent, or trade your personal information for monetary consideration. We may share your information only in the following circumstances and with appropriate safeguards to protect your privacy rights:

Service Providers and Processors

  • Cloud hosting providers and data center operators (with data processing agreements)
  • Technology service providers (hosting, analytics, communication platforms)
  • Payment processors and financial service providers (for client transactions)
  • Professional service providers (legal, accounting, consulting, auditing)
  • Background check companies and verification services (with your explicit consent)
  • IT support and cybersecurity service providers
  • All service providers are contractually bound to protect your information and may only use it for specified services

Business Partners and Clients

  • Sharing relevant professional information with clients for service delivery purposes
  • Authorized business partners and subcontractors involved in project execution
  • Professional references and recommendations (with your explicit authorization)
  • Information sharing limited to what is necessary for legitimate business purposes
  • All sharing governed by confidentiality agreements and professional obligations

Legal and Regulatory Disclosure

  • Compliance with court orders, subpoenas, warrants, or other legal process
  • Response to lawful requests from government agencies and law enforcement
  • Tax authorities and employment regulatory compliance
  • Anti-money laundering and financial crime prevention requirements
  • Immigration and work authorization verification (where applicable)
  • Professional licensing board inquiries and regulatory investigations
  • We will notify affected individuals unless legally prohibited from doing so

Business Transfers and Corporate Transactions

  • Mergers, acquisitions, or sale of company assets or business units
  • Due diligence processes with appropriate confidentiality safeguards
  • Bankruptcy, insolvency, or other corporate restructuring proceedings
  • Joint ventures or strategic partnerships (limited to necessary information)
  • Advance notice will be provided for material changes to data handling
  • Successor entities will be bound by this privacy policy or provide equivalent protection

Protection of Rights and Safety

  • Protection of our rights, property, or safety, or that of our clients and employees
  • Enforcement of our terms of service and contractual obligations
  • Investigation and prevention of fraud, security breaches, or illegal activities
  • Protection against legal liability and defense of legal claims
  • Emergency situations involving imminent threats to health or safety
  • Workplace safety investigations and incident reporting

Consent-Based Sharing

  • Sharing your profile with potential employers (with explicit consent)
  • Third-party integrations and applications you specifically approve
  • Marketing partnerships and promotional activities (with opt-in consent)
  • Research and analytics projects (with anonymized or aggregated data)
  • You may withdraw consent at any time, subject to legal or contractual restrictions
  • Consent withdrawal will not affect the lawfulness of processing prior to withdrawal

No Sale of Personal Information

  • We do not sell, rent, or trade personal information to third parties for monetary consideration
  • We do not engage in commercial sale of personal data as defined under CCPA, GDPR, or other privacy laws
  • We do not participate in data broker activities or personal information marketplaces
  • Any data sharing is for legitimate business purposes only, not commercial exploitation
  • California residents have the right to opt-out of personal information sales (though we do not sell)

Data Security

We implement comprehensive security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our multi-layered security approach includes technical, administrative, physical, and organizational safeguards designed to meet or exceed industry standards and regulatory requirements.

Technical Safeguards

  • AES-256 encryption for data at rest and TLS 1.3 for data in transit
  • End-to-end encryption for sensitive communications and file transfers
  • Multi-factor authentication (MFA) required for all system access
  • Role-based access controls with principle of least privilege
  • Automated intrusion detection and prevention systems (IDS/IPS)
  • Real-time security monitoring and threat intelligence integration
  • Regular penetration testing and vulnerability assessments by third-party security firms
  • Secure coding practices and automated security testing in development pipelines
  • Network segmentation and micro-segmentation for critical systems
  • Database activity monitoring and anomaly detection
  • Secure backup systems with encryption and air-gapped storage
  • API security with rate limiting, authentication, and input validation

Administrative Safeguards

  • Comprehensive privacy and security training for all personnel (annual and role-specific)
  • Background checks and security clearances for employees with data access
  • Signed confidentiality and non-disclosure agreements for all staff and contractors
  • Documented information security policies and procedures with regular updates
  • Incident response team with 24/7 availability and escalation procedures
  • Data breach notification procedures compliant with GDPR, CCPA, and other regulations
  • Regular security audits and compliance assessments by independent auditors
  • Vendor risk management program with security assessments for all third parties
  • Data classification and handling procedures based on sensitivity levels
  • Secure data retention and disposal policies with certified destruction
  • Business continuity and disaster recovery planning with regular testing
  • Privacy impact assessments for new systems and data processing activities

Physical Safeguards

  • SOC 2 Type II certified data centers with biometric access controls
  • 24/7 physical security monitoring and surveillance systems
  • Environmental controls including fire suppression and climate monitoring
  • Redundant power systems and network connectivity for high availability
  • Secure disposal and destruction of physical media and hardware
  • Clean desk policies and secure storage for physical documents
  • Visitor access controls and escort requirements for sensitive areas
  • Geographic distribution of data centers for disaster recovery

Organizational Safeguards

  • Designated Data Protection Officer (DPO) and Chief Information Security Officer (CISO)
  • Information Security Committee with executive oversight and regular reporting
  • ISO 27001 and SOC 2 compliance programs with annual certifications
  • Cyber liability insurance coverage for data breach and privacy incidents
  • Regular security awareness campaigns and phishing simulation exercises
  • Incident response retainer with leading cybersecurity forensics firms
  • Threat intelligence sharing with industry groups and government agencies
  • Security metrics and KPI tracking with board-level reporting

Data Breach Response

  • Immediate containment procedures to limit scope and impact of security incidents
  • Forensic investigation capabilities with preservation of evidence
  • Regulatory notification within required timeframes (72 hours for GDPR, without unreasonable delay for CCPA)
  • Individual notification procedures with clear communication about risks and remediation steps
  • Credit monitoring and identity protection services for affected individuals when appropriate
  • Post-incident analysis and remediation to prevent similar future incidents
  • Coordination with law enforcement and regulatory authorities as required
  • Documentation and reporting of all security incidents for compliance and improvement purposes

Security Limitations and Your Responsibilities

  • No security system is completely impenetrable; we implement industry-leading measures but cannot guarantee absolute security
  • Internet transmission and electronic storage inherently carry some security risks
  • You are responsible for maintaining the confidentiality of your account credentials
  • Promptly notify us of any suspected unauthorized access to your account
  • Use strong, unique passwords and enable multi-factor authentication when available
  • Keep your contact information current for security notifications
  • Report any suspicious communications claiming to be from Defitex
  • We will never request sensitive information via unsolicited email or phone calls

Your Privacy Rights

Depending on your location and applicable laws, you may have comprehensive rights regarding your personal information. We are committed to facilitating the exercise of these rights without undue delay and free of charge, except in cases of manifestly unfounded or excessive requests. Below are detailed explanations of your rights under various privacy laws:

GDPR Rights (EU/EEA Residents)

  • Right to Access (Article 15): You have the right to obtain confirmation of whether we process your personal data and, if so, access to that data along with specific information about the processing, including purposes, categories of data, recipients, retention periods, and your rights. We will provide this information in a commonly used electronic format.
  • Right to Rectification (Article 16): You have the right to obtain rectification of inaccurate personal data and to have incomplete personal data completed, including by providing a supplementary statement. We will correct inaccurate data without undue delay.
  • Right to Erasure/Right to be Forgotten (Article 17): You have the right to obtain erasure of your personal data when: the data is no longer necessary for the original purposes; you withdraw consent; you object to processing and there are no overriding legitimate grounds; the data has been unlawfully processed; or erasure is required for compliance with legal obligations.
  • Right to Restrict Processing (Article 18): You have the right to restrict processing when: you contest the accuracy of the data; the processing is unlawful but you oppose erasure; we no longer need the data but you require it for legal claims; or you have objected to processing pending verification of overriding legitimate grounds.
  • Right to Data Portability (Article 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format and to transmit that data to another controller when processing is based on consent or contract and carried out by automated means.
  • Right to Object (Article 21): You have the right to object to processing based on legitimate interests, direct marketing (including profiling), or scientific/historical research. For direct marketing, we will cease processing immediately upon objection.
  • Right to Withdraw Consent (Article 7): Where processing is based on consent, you have the right to withdraw consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before withdrawal.
  • Right to Lodge a Complaint (Article 77): You have the right to lodge a complaint with a supervisory authority, particularly in your country of residence, place of work, or where an alleged infringement occurred. Contact details for EU supervisory authorities are available at edpb.europa.eu.
  • Rights Related to Automated Decision-Making (Article 22): You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significant effects, except in specific circumstances outlined in the GDPR.

CCPA/CPRA Rights (California Residents)

  • Right to Know About Personal Information Collected (§1798.100): You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources from which we collected the information, the business or commercial purpose for collecting the information, and the categories of third parties with whom we share personal information.
  • Right to Know About Personal Information Sold or Disclosed (§1798.115): You have the right to request that we disclose the categories of personal information we have sold or disclosed for business purposes, the categories of third parties to whom we sold or disclosed the information, and the business or commercial purpose for selling or disclosing the information.
  • Right to Delete Personal Information (§1798.105): You have the right to request deletion of personal information we have collected from you, subject to certain exceptions such as completing transactions, detecting security incidents, complying with legal obligations, or exercising free speech rights.
  • Right to Opt-Out of Sale/Sharing (§1798.120): You have the right to direct us not to sell or share your personal information. We do not sell personal information, but you may exercise this right if our practices change.
  • Right to Limit Use of Sensitive Personal Information (§1798.121): You have the right to limit our use and disclosure of sensitive personal information to purposes necessary to perform services or provide goods reasonably expected by consumers.
  • Right to Correct Inaccurate Personal Information (§1798.106): You have the right to request correction of inaccurate personal information we maintain about you, taking into account the nature of the personal information and the purposes of processing.
  • Right to Non-Discrimination (§1798.125): You have the right not to receive discriminatory treatment for exercising your CCPA rights, including denial of goods or services, charging different prices, or providing different quality of goods or services.
  • Right to Equal Service and Price: We will not discriminate against you for exercising your privacy rights by denying services, charging different prices, or providing different levels of service quality, unless the difference is reasonably related to the value provided by your data.

VCDPA Rights (Virginia Residents)

  • Right to Access: You have the right to confirm whether we are processing your personal data and to access such personal data.
  • Right to Correct: You have the right to correct inaccuracies in your personal data, taking into account the nature of the personal data and the purposes of processing.
  • Right to Delete: You have the right to delete personal data provided by or obtained about you, subject to certain exceptions.
  • Right to Data Portability: You have the right to obtain a copy of your personal data in a portable and, to the extent technically feasible, readily usable format.
  • Right to Opt-Out: You have the right to opt out of the processing of personal data for purposes of targeted advertising, sale of personal data, or profiling in furtherance of decisions that produce legal or similarly significant effects.

Additional State Privacy Rights

  • Colorado Privacy Act (CPA): Colorado residents have rights similar to VCDPA, including access, correction, deletion, data portability, and opt-out rights.
  • Connecticut Data Privacy Act (CTDPA): Connecticut residents have comprehensive privacy rights including access, correction, deletion, data portability, and opt-out of targeted advertising and sales.
  • Utah Consumer Privacy Act (UCPA): Utah residents have rights to access, delete, and opt-out of the sale of personal data and targeted advertising.
  • Universal Privacy Rights: Regardless of your location, we extend many of these privacy protections to all users as part of our commitment to privacy and data protection.

How to Exercise Your Rights

  • Submitting Requests: Contact us using the methods provided in this policy, including our privacy email (contact@defitex.us), contact form on our website, or by calling our privacy hotline. Requests can be submitted by you directly or through an authorized agent.
  • Identity Verification: For security purposes, we will verify your identity before processing requests. This may include requesting government-issued identification, account information, or other verification methods. For agent requests, we require proof of authorization.
  • Request Specificity: Please specify which rights you wish to exercise and provide sufficient detail to locate your information. For access requests, specify the categories of information you want to access.
  • Response Timeframes: We will respond to requests within the timeframes required by applicable law: 30 days for GDPR requests (extendable to 60 days for complex requests), 45 days for CCPA requests (extendable to 90 days), and similar timeframes for other state laws.
  • No Fee for Most Requests: We do not charge fees for most privacy requests. However, we may charge a reasonable fee for manifestly unfounded, excessive, or repetitive requests, particularly for additional copies beyond the first free copy.
  • Request Limitations: Some rights may be limited by legal requirements, such as our need to retain certain information for tax, legal, or regulatory compliance, or to complete transactions you have requested.
  • Appeal Process: If we decline your request, you have the right to appeal our decision. We will provide information about the appeal process and your right to contact relevant supervisory authorities.
  • Authorized Agents: You may designate an authorized agent to make requests on your behalf. The agent must provide proof of authorization, and we may require you to verify your identity and confirm the authorization directly with us.

Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your experience, analyze usage, and provide personalized content.

Types of Cookies We Use

  • Essential cookies: Required for website functionality
  • Performance cookies: Help us understand how visitors use our site
  • Functional cookies: Remember your preferences and settings
  • Marketing cookies: Used to deliver relevant advertisements

Managing Cookies

  • You can control cookies through your browser settings
  • Disabling cookies may affect website functionality
  • Third-party cookies are governed by respective privacy policies
  • You can opt-out of targeted advertising through industry tools

Data Retention

We retain your personal information only as long as necessary for the purposes outlined in this policy or as required by law.

Retention Periods

  • Active candidate profiles: Retained while you use our services
  • Inactive profiles: Deleted after 3 years of inactivity (unless consent to retain)
  • Client data: Retained for the duration of the business relationship plus 7 years
  • Financial records: Retained as required by applicable tax and accounting laws
  • Marketing communications: Until you unsubscribe or withdraw consent
  • Legal compliance data: Retained as required by applicable laws

Communications

Defitex Innovative Solutions LLC may communicate with you through various channels including email, SMS, telephone calls, and other electronic communications when you provide consent.

Communication Data Sharing

  • We do not share your communication preferences or opt-in data with third parties for unrelated purposes
  • We may share communication data with service providers who assist in message delivery, including platform providers and telecommunications carriers
  • Communication opt-in data and consent information is not shared with third parties for marketing purposes

Opt-Out and Consent Management

  • You may withdraw consent for any communication method at any time by: (a) replying 'STOP' to SMS messages; (b) using unsubscribe links in emails; (c) contacting us at +1 305-575-1071 or contact@defitex.us
  • Opt-out requests are processed within ten (10) business day with confirmation provided
  • Withdrawal applies to the specific communication method requested and does not affect other authorized communications
  • All opt-out processing complies with applicable telecommunications and privacy regulations

International Data Transfers

As a global company with operations in the United States and India, we may transfer your personal information across borders. We ensure appropriate safeguards are in place for such transfers.

Transfer Safeguards

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions where applicable
  • Binding Corporate Rules for intra-group transfers
  • Your explicit consent for specific transfers
  • Compliance with local data protection laws in destination countries

Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by:

• Posting the updated policy on our website with a new 'Last Updated' date

• Sending email notifications to registered users for significant changes

• Providing prominent notice on our website for material changes

Your continued use of our services after the effective date of changes constitutes acceptance of the updated policy.

Questions About Your Privacy?

Contact our privacy team for any questions or concerns about this policy.

Contact Privacy Teamcontact@defitex.us