Privacy Policy

MagicWorks IT Solutions Pvt. Ltd. (“MagicWorks”, “we”, “us”, or “our”) operates the website magicworksitsolutions.com and provides digital marketing, web development, AI consultation, and platform consultation services to businesses across India.

This Privacy Policy explains what personal data we collect from visitors to our website, why we collect it, how we use and protect it, and what rights you have over it. It applies to all personal data collected through this website, our contact and enquiry forms, newsletter and whitepaper subscriptions, and any direct correspondence with us.

We are the Data Fiduciary in respect of personal data collected through this website, as defined under the Digital Personal Data Protection Act, 2023 (“DPDP Act”). You, the individual providing your data, are the Data Principal.

Please read this policy carefully. By submitting any form on this website or providing us with your personal data, you consent to the practices described here.

We collect personal data only when you voluntarily provide it or when it is generated automatically through your use of this website.

We do not collect sensitive personal data such as financial account details, health data, religious or political beliefs, biometric data, or any data falling within the special categories defined under the DPDP Act.

You can browse this website without submitting any personal data. Personal data is only collected when you choose to interact with a form or subscription on this site.

We use personal data only for the purpose for which it was collected, or for a purpose that is directly compatible with that original purpose. The specific purposes are:

• Responding to enquiries: When you submit a contact or discovery-call form, we use your name, email, phone number, and message to respond to your enquiry and discuss our services with you.
• Newsletter delivery: When you subscribe to our newsletter, we use your email address to send you our published insights, guides, and occasional service updates. You can unsubscribe at any time via the link in every email.
• Whitepaper delivery: When you request a whitepaper, we use your email address to send you the requested PDF and, with your consent, to add you to our mailing list for related content.
• Service delivery: If you become a client, we use the contact and company details you provide to manage our engagement, deliver work, and communicate with you about the project.
• Website improvement: We use aggregated, anonymised usage data to understand how visitors interact with this website and improve its content, structure, and performance. This data is not linked to individual identities.
• Legal and compliance obligations: We may process personal data to comply with applicable law, respond to lawful requests from government or regulatory authorities, or enforce our rights.

We do not sell, rent, or trade your personal data to third parties for their own marketing purposes. We do not use your personal data for automated decision-making or profiling in any way that produces a legal or similarly significant effect on you.

Under the DPDP Act 2023, we process personal data on the following grounds:

• Consent: For newsletter subscriptions, whitepaper downloads, and marketing communications, we rely on your free, specific, informed, and unambiguous consent given at the point of data collection. You may withdraw your consent at any time without affecting the lawfulness of processing carried out before withdrawal.
• Legitimate use: For responding to your direct enquiries, fulfilling service agreements, and managing client relationships, we process data as necessary to carry out the purpose for which you provided the data.
• Legal obligation: We may process data to comply with requirements under Indian law, including responding to lawful orders from courts or authorities.

We do not share your personal data with third parties except in the following limited circumstances:

• Technology service providers (Data Processors): We use Supabase Inc. to store form submissions and subscription data, and Resend to deliver email notifications to our internal team. These providers act as Data Processors under our instructions and are contractually prohibited from using your data for their own purposes.
• Analytics providers: We use aggregated, anonymised website analytics. Where any analytics provider receives identifiable data (such as an IP address), this is subject to their own privacy terms and applicable data transfer protections.
• Legal requirements: We may disclose personal data if required by law, court order, or a lawful request from a government authority, or where we believe disclosure is necessary to protect the rights, property, or safety of MagicWorks, our clients, or the public.
• Business transfers: If MagicWorks IT Solutions Pvt. Ltd. undergoes a merger, acquisition, or sale of assets, personal data held by us may be transferred to the successor entity, subject to equivalent privacy protections.

We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by applicable law. Our standard retention periods are:

When data is no longer required, we delete or anonymise it securely. You may request earlier deletion subject to Section 9 (Your Rights) below.

Some of our technology providers (including Supabase and Resend) may store or process data on servers located outside India. We only transfer personal data to countries or territories that provide an adequate level of data protection, or where we have put in place appropriate safeguards such as standard contractual clauses or equivalent mechanisms consistent with the DPDP Act 2023 and any rules or notifications issued by the Government of India thereunder.

By submitting personal data through this website, you acknowledge that your data may be processed outside India subject to the protections described above.

This website uses cookies and similar tracking technologies to improve your browsing experience and to collect anonymised analytics about site usage.

• Strictly necessary cookies: These are required for the website to function correctly (for example, session state). They cannot be disabled.
• Analytics cookies: These collect anonymised information about how visitors use this website, such as which pages are visited most often. This helps us improve the site. No personal identity is linked to this data.
• Third-party cookies: Third-party services embedded on this site (such as analytics or chat tools) may set their own cookies. We have no control over these and recommend reviewing the privacy policies of those providers.

You can control or disable cookies through your browser settings. Disabling certain cookies may affect the functionality of this website. A cookie consent banner on this site provides you with granular control over non-essential cookies on your first visit.

As a Data Principal under the DPDP Act 2023, you have the following rights in respect of personal data we hold about you:

To exercise any of these rights, write to us at legal@magicworksitsolutions.com. We will respond within the time periods prescribed under the DPDP Act (generally within 30 days, or as may be specified by the Data Protection Board of India). We may need to verify your identity before processing your request.

If you are not satisfied with our response, you may file a complaint with the Data Protection Board of India once it is constituted and operational under the DPDP Act.

This website is directed at businesses and business professionals. We do not knowingly collect personal data from persons under 18 years of age. Where processing of personal data of a child (defined as any person below 18 years under the DPDP Act) is required, we will obtain verifiable consent from the parent or legal guardian before collecting such data.

If you believe we have inadvertently collected personal data from a person under 18, please contact us immediately at legal@magicworksitsolutions.com and we will delete it promptly.

We implement reasonable technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. These include:

• HTTPS encryption for all data transmitted to and from this website.
• Access controls that restrict internal access to personal data to those with a legitimate need.
• Use of reputable, security-certified infrastructure and data processors.
• Regular review of our security practices.

No method of electronic transmission or storage is completely secure. While we take reasonable steps to protect your data, we cannot guarantee absolute security. You transmit personal data to us at your own risk.

In the event of a personal data breach that is likely to result in harm to affected Data Principals, we will notify the Data Protection Board of India as required under the DPDP Act 2023. We will also notify affected individuals promptly in the manner prescribed by the Board, providing information about the nature of the breach, the data affected, and the steps we are taking to address it.

In accordance with the DPDP Act 2023, we have designated a Grievance Officer to address concerns and complaints about the processing of personal data. If you have any questions, concerns, or complaints about this Privacy Policy or our data practices, please contact:

If your grievance is not resolved to your satisfaction, you may escalate it to the Data Protection Board of India once the Board is constituted and operational under the DPDP Act.

We may update this Privacy Policy from time to time to reflect changes in our practices, the services we offer, or applicable law. When we make material changes, we will update the effective date at the top of this page. We encourage you to review this page periodically.

Continued use of this website after changes are published constitutes your acknowledgment of the updated policy. If we make changes that materially affect how we process data for which you have given consent, we will seek fresh consent where required.