Get Service
Get Service
Qaltron Consulting
Strategy. Innovation. Legacy

Privacy Policy

Effective Date: 10 August 2025 (last updated) 

 

Qaltron Consulting (SMC-Private) Limited (“Qaltron”, “we”, “us”, “our”) values your privacy and is committed to protecting your personal data. We respect the privacy of everyone who visits our website www.qaltron.com (“Our Site”) and use your personal data only as described here, in compliance with all applicable laws and regulations. This Privacy Policy explains how we collect, use, share, and protect your information, your rights over your data, and how to exercise those rights.

1. Definitions

  • Personal Data: Any information relating to an identified or identifiable person. Under UK/EU law this is “any information relating to an identified or identifiable natural person” (GDPR Art.4) – for example, your name, contact details, identification number, location data, or online identifiers. Similarly, Pakistan’s draft Personal Data Protection Act (PDPA) uses comparable language. In general, Personal Data means information that can directly or indirectly identify you.
  • Sensitive Data: Special categories of personal data (like health or race) that require extra protection. We do not collect sensitive personal data or data about children on our site.
  • Data Controller/Processor: We (Qaltron) are the data controller (and processor) of the personal data we collect. It means we decide why and how your data is processed.
  • Data Protection Legislation: This includes all applicable privacy and data protection laws in the jurisdictions where we operate. For example, the UK Data Protection Act 2018 and UK GDPR, the EU’s General Data Protection Regulation (EU GDPR), as well as Pakistan’s applicable laws (such as the Prevention of Electronic Crimes Act 2016 (PECA)) and the draft PDPA Bill.
  • It also includes laws in the United States (such as the California Consumer Privacy Act) and Middle Eastern countries (e.g. Saudi Arabia’s Personal Data Protection Law) to the extent they apply. We aim to comply with all such laws, using GDPR standards as a baseline to the extent of markets where we offer services – digitally and otherwise.
  • Cookie: A small text file placed on your device by our site to remember your preferences and improve your experience. We use both first-party cookies (set by Qaltron) and third-party cookies (set by service providers) as described below. We comply with the UK/EU e-Privacy Rules (PECR) which require us to inform you about cookies and obtain your consent.

2. About Us and Scope

Our Company: Qaltron Consulting (SMC-Private) Limited is a company registered in Pakistan (SECP company no. 0270028), with our office in Lahore, Pakistan. We provide consulting services to businesses (e.g. of every size, across broad sectors and domains). When delivering services, we may collect personal or business data (e.g. client contact persons, employee records, etc.), including some personal data of adult individuals in connection with our clients’ operations. We do not collect data from or about children. 

What This Policy Covers: This Privacy Policy covers information collected on Our Site. It also describes how we handle your data if you become a client or contact us. Our Site may contain links to other websites. We do not control those sites and are not responsible for their privacy practices. Please review the privacy policies of any third-party sites before providing personal data to them. 

Regulatory Compliance: We are regulated by the Pakistan Securities and Exchange Commission (SECP) and comply with Pakistani laws. We also adhere to applicable international standards. For users in the UK/EU, this policy is intended to meet the requirements of the UK GDPR and EU GDPR; for users in the US, it is designed to be consistent with laws like the CCPA/CPRA. For operations involving Middle Eastern jurisdictions (e.g. Saudi Arabia, UAE), we follow any mandatory rules (such as providing a transparent privacy policy and honoring data subject rights under those laws).

3. Personal Data We Collect

Depending on how you use Our Site or our services, we may collect different types of data:

  • Identity Data: Name, title, date of birth, or other identifiers. (e.g. from account sign-up forms, employment records, or correspondence.)
  • Contact Data: Mailing address, email address, telephone number. (Provided by you on forms, emails, or business cards.)
  • Business Data: Company name, job title, business addresses. (From application forms or professional platforms.)
  • Financial/Payment Data: Bank account, credit card number, billing address (collected if you make a purchase or payment through our secure payment processor).
  • Profile Data: Account login credentials, preferences, interests, or history of your interactions with our services. (Provided by you or tracked during site use.)
  • Technical Data: IP address, browser type/version, operating system, device identifiers, and browsing activity (collected automatically when you visit Our Site via cookies and server logs).
  • Third-Party Data: Technical or profile data we obtain from affiliates, business partners, or analytics services (e.g. if you sign in via Google or LinkedIn, or we integrate Google Analytics).

We collect this data in various ways: through account registration and service forms, email, phone or chat correspondence, and automated technologies (cookies, analytics tools). We do not collect “sensitive” data (health, race, etc.) nor do we knowingly process data of children.

4. How We Use Your Personal Data

We only use your personal data where we have a lawful basis under applicable law. Typical lawful bases include your consent, the performance of a contract with you, our legal obligations, or our legitimate interests (provided these do not override your rights). For example:

  • Account Registration & Management: To set up and manage your account on Our Site. 
  • Providing Services: To provide consulting services you request (e.g. deliver reports, schedule meetings).
  • Access to Our Site: To authenticate you and allow secure access to our client portal/features.
  • Personalization: To tailor your experience on Our Site (such as remembering your preferences) and to send relevant communications. 
  • Communication: To respond to your inquiries, send administrative messages (order confirmations, security updates), and to send marketing or informational emails if you have opted in.
  • Marketing: If you consent, we may send newsletters, service announcements, or offers by email, phone, or SMS. You can withdraw consent or opt out at any time as described below.
  • Legal Obligations: To comply with laws (e.g. financial record-keeping, tax, anti-money laundering) and to respond to legal requests (court orders, government inquiries).
  • Security and Fraud Prevention: To prevent and detect security incidents or fraud on Our Site or our services.
  • Internal Administration: For business management, analytics, billing, to enforce our agreements, or for audit purposes. 

Automated Decisions: We do not make decisions about you based solely on automated processing (profiling) that would have legal or significant effects on you. 

Special Note – Marketing: We will never send you unlawful spam. We will only send marketing messages if you have given your consent (opted in). You may opt out of any marketing at any time (for example, using unsubscribe links or contacting us). We will also honor “Do Not Call” or “Do Not Disturb” registry preferences. We will not share your data with third parties for their own marketing without your explicit consent.

5. Your Rights

Under Pakistani and UK/EU law, you have certain rights regarding your personal data. To the extent these laws apply, we honor rights similar to those in the GDPR:

  • Right to be Informed: You have the right to know how we use your data. This policy and any notices you receive explain our data uses.
  • Right of Access: You can ask for a copy of the personal data we hold about you (“subject access request”). We will respond promptly, typically within one month of receipt (and no longer than three months if the request is complex).
  • Right to Rectification: You can ask us to correct or update any inaccurate or incomplete personal data we have about you.
  • Right to Erasure (“Right to be Forgotten”): You can request deletion of your personal data if there is no lawful reason for us to retain it. (We may keep data if needed for compliance with laws or if it is part of a contract.)
  • Right to Restrict Processing: You can ask us to pause or limit the processing of your personal data in certain situations (e.g. if you contest its accuracy).
  • Right to Object: You can object to our processing of your data, including for direct marketing or if you believe our legitimate interests are overridden by your rights.
  • Right to Withdraw Consent: Where we rely on your consent (e.g. for marketing or cookies), you may withdraw your consent at any time, without affecting processing done before withdrawal.
  • Right to Data Portability: You may request a copy of your personal data in a structured, machine-readable format and reuse it elsewhere if we process it by automated means based on your consent or contract.
  • Rights related to Automated Decisions: You can request that we review any automated decision or profiling concerning you. (We do not use such processing by default.)

These rights are summarized from the GDPR and reflected in Pakistan’s draft PDPA. For example, the PDPA 2023 (draft) explicitly grants rights of access, correction, erasure, portability, withdrawal of consent, and more.In general, you are empowered to access, correct, erase, restrict, or move your data and to object to its use, as listed above.

If you wish to exercise any of these rights, please contact us (see Contact below). We will verify your identity and respond within the timeframes required by law. If you have a concern or wish to complain about our data handling, you may contact our Data Protection Officer (see Contact below) or lodge a complaint with a supervisory authority (for example, the Pakistani regulator and/or the UK Information Commissioner’s Office) if unresolved.

6. Data Retention

We keep your personal data only as long as necessary for the purposes collected. Retention periods vary by category of data and legal requirements. For example:

  • Account & identity data: kept while your account is active and for any required warranty or legal period (e.g. 6–7 years for financial/contract records).
  • Contact and business data: kept for the duration of our relationship and as needed for business operations or compliance (e.g. tax purposes).
  • Transaction/payment data: kept as required by financial regulations (often 6–7 years).
  • Technical/log data: typically retained for a shorter period (e.g. up to 2 years) for security/analytics.
  • Marketing consents/preferences: retained until you withdraw consent or unsubscribe.

We periodically review data and securely delete or anonymize information that is no longer needed. This ensures we comply with legal obligations (such as Pakistan’s PDPA when enacted, and UK/EU GDPR) to not keep data longer than necessary.

7. Data Storage, Security, and Transfers

Where Your Data Is Stored: We store data on secure servers in Pakistan and third countries. Some data is hosted on third-party cloud services (e.g. Google Cloud, Microsoft Azure, CRM and analytics platforms, payment gateways) and may be processed or backed up internationally. When data is transferred outside Pakistan or the UK/EU, we ensure it is protected by appropriate safeguards (such as encryption or standard contractual clauses). 

For example, Pakistan’s draft PDPA permits cross-border transfers only with equivalent protections or with explicit consent. Likewise, laws like the EU/UK GDPR require “adequacy” or safeguards for international transfers. We comply with these rules by using only providers who implement strong security measures and contractual guarantees. Data Security: Protecting your data is vital. 

We implement physical, administrative, and technical safeguards including: access controls limiting who can see your data, encryption of sensitive information, secure password policies, regular security audits, and employee training. All our third-party providers are vetted for data security. We also maintain procedures for handling data breaches: if a breach affecting your data occurs, we will take prompt action to contain it and notify you and regulators as legally required.

8. Do We Share Your Data?

We do not sell or rent your personal data to third parties. We share your data only when necessary:

  • Affiliates and Agents: We may share data with our trusted service providers and business partners who help us operate the business (e.g. payment processors, cloud hosting, email services, CRM platforms) but only as needed for them to perform services on our behalf. All such parties are contractually bound to protect your data.
  • Legal and Regulatory: We will share information to comply with laws or to respond to lawful requests by public authorities (e.g. court orders, law enforcement inquiries, tax authorities). For example, Pakistan’s Prevention of Electronic Crimes Act empowers authorities to investigate data misuse. We also comply with any lawful requests under UK/EU law (such as by the ICO or courts). We will notify you if required by law.
  • Business Transfers: If Qaltron (or part of it) is acquired or merged, your data may be transferred to the new owners. They will be bound by this Privacy Policy or required to follow equivalent data protection standards.

In all cases, we take steps to ensure that shared data remains confidential and secure. For instance, Pakistan’s draft PDPA mandates that third parties handling data must safeguard it and comply with data protection rules.

9. Cookies and Similar Technologies

We use cookies and similar tracking technologies on Our Site. A cookie is a small file placed on your device that helps our site recognize you and tailor your experience. We use cookies for strictly necessary functions (e.g. allowing you to navigate Our Site securely) as well as optional functions (e.g. remembering preferences, performing analytics). Before non-essential cookies are placed, we will obtain your consent via a cookie banner.

  • Strictly Necessary Cookies: These cookies enable basic site functionality (e.g. secure login, shopping cart). We do not seek consent for these, as they are essential for Our Site to work.
  • Performance/Analytics Cookies: We use these (e.g. Google Analytics cookies) to understand how visitors use Our Site so we can improve it. These cookies collect anonymous data (pages viewed, time on site) and do not reveal your identity. You can refuse these cookies without affecting normal site operations.
  • Functionality and Preference Cookies: These remember choices you make (like language or region) to provide a more personalized experience.
  • Advertising/Third-Party Cookies: We do not place advertising cookies. However, some third-party content (like social media widgets or embedded videos) may place their own cookies. We do not control these, and you should review those third parties’ policies.

You can manage cookies through your browser settings or via the opt-out options in our cookie banner. The UK/EU privacy rules require that we inform you and obtain consent for cookies. Our Cookie Notice (linked from this policy) provides full details on the cookies we use, their purposes, and how to disable them.

10. Your Choices and Controls

  • Opting Out of Marketing: You can unsubscribe from our marketing emails or texts at any time by clicking “unsubscribe” or contacting us. Even if you opt out, we may still send you transactional messages related to your use of Our Site or our services.
  • Cookie Controls: Most browsers let you refuse or delete cookies. The “Help” function in your browser will explain how to do this. Note that blocking cookies may affect the functionality of Our Site.
  • Updating Your Data: You can review and update your account information by logging into your account or contacting us. Please keep your information accurate and up-to-date.
  • Limiting Communications: If we contact you by email, every message includes an easy way to stop future messages. You can also opt out of telephone or text marketing by telling us or your operator’s do-not-call registry.

If you withdraw consent for certain processing (e.g. analytics or marketing), we will cease that processing, though we may continue to use data where we have another lawful basis (like a contract or legal obligation).

11. Accessing Your Personal Data

You have the right to request details of the personal data we hold about you, and a copy of that data (“subject access request”). To do this, please write to us (see Contact below). We may ask for proof of identity before releasing information to protect your privacy. No Charge: Normally there is no fee for a subject access request. If a request is clearly unfounded or excessive, we may charge a reasonable fee or refuse it (in line with law).
Response Time: We will acknowledge and respond to your request promptly, and in any event within one month of receipt (extending by up to two more months if the request is complex or numerous). Upon request, we will provide:

  • The categories of personal data we hold about you and the purposes of processing.
  • The recipients or categories of recipients to whom your data has been disclosed.
  • The envisaged retention period (or criteria).
  • Any source of the data if not collected directly from you (to the extent known).
  • The existence of any automated decision-making (none at present).

If you identify any errors in your personal data, please let us know. We will correct inaccuracies within a reasonable timeframe.

12. Children’s Data

Our services are intended for business use. We do not knowingly collect or target data of children under 18. If you believe we have inadvertently collected a child’s data, please contact us to have it deleted.

13. Updates to This Policy

We may update this Privacy Policy from time to time (e.g. due to changes in laws or our practices). Any changes will be posted on Our Site with a new “last updated” date. Your use of the Site after any update signifies your acceptance of the new terms. We encourage you to review this policy periodically to stay informed of how we protect your information.

14. Contact Us

For questions about this policy, or to exercise your data protection rights, please contact:

  • Data Protection Officer: Qaltron Consulting (SMC-Private) Ltd – Privacy Policy Office
  • Email: info@qaltron.com
  • Address: [Our registered office address in Lahore, Pakistan]

Please specify “Privacy Policy” or the right you wish to exercise. We will handle your inquiry promptly and in accordance with the law. If you have concerns that we have not addressed, you may lodge a complaint with a supervisory authority (for example, Pakistan’s National Commission for Personal Data Protection [when constituted], or the UK Information Commissioner’s Office if relevant).

Sources: This policy has been prepared with reference to applicable data protection laws and guidance. Omissions and Commissions are accepted and you are requested to notify us if any deviation from the applicable laws and regulations is noticed in the policy or the use of our service. We will update the part (s) if your request is found to have legal effect.

END OF PRIVACY POLICY