Privacy
Policy

1. INTRODUCTION AND SCOPE

This Privacy Policy (“Policy”) governs the collection, use, processing, storage, and disclosure of personal information by Queens Digital Agency Nepal Private Limited, a company incorporated under the laws of Nepal with registration number [Registration Number], having its registered office at Sano Khari Boat, Shantinagar, Kathmandu 44600, Nepal (“Company,” “we,” “us,” or “our”).

This Policy applies to all personal information collected through our website (queensdigital.com.np), mobile applications, social media platforms, email communications, telephonic communications, physical interactions, and any other digital or physical touchpoints where personal information is collected in connection with our business operations.

By accessing our services, providing personal information, or engaging with our digital marketing services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy and consent to the collection, use, and processing of your personal information as described herein.

2. DEFINITIONS

Personal Information: Any information that can be used to identify, contact, or locate a person, either directly or indirectly, including but not limited to name, address, telephone number, email address, date of birth, financial information, device identifiers, IP addresses, location data, and online behavioral data.

Processing: Any operation performed on personal information, whether automated or manual, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, restriction, erasure, or destruction.

Data Subject: An identified or identifiable natural person whose personal information is processed by the Company.

Controller: The entity that determines the purposes and means of processing personal information.

Processor: An entity that processes personal information on behalf of the Controller.

3. TYPES OF PERSONAL INFORMATION COLLECTED

3.1 Information You Provide Directly:

• Contact information including full name, business name, email addresses, telephone numbers, mailing addresses, and business addresses
• Professional information including job title, company name, industry sector, business size, and professional background
• Account credentials including usernames, passwords, security questions and answers
• Payment information including credit card details, bank account information, billing addresses, and transaction history
• Communication preferences and marketing consent records
• Content of communications including emails, chat messages, phone call recordings (where legally permitted), and support ticket information

3.2 Information Collected Automatically:

• Technical information including IP addresses, browser type and version, operating system, device identifiers, screen resolution, and referring websites
• Usage information including pages visited, time spent on pages, click-through rates, download information, and search terms used
• Location information including geographic location derived from IP addresses and, where permitted, precise location data from mobile devices
• Cookies and tracking technologies including session cookies, persistent cookies, web beacons, pixel tags, and similar technologies

3.3 Information from Third Parties:

• Social media information when you connect or interact with our social media accounts
• Business information from publicly available sources, industry databases, and business directories
• Analytics information from third-party analytics providers
• Advertising information from advertising platforms and networks

4. LEGAL BASIS FOR PROCESSING

We process personal information based on the following legal grounds:

• Consent (Article 6(1)(a) GDPR): Where you have given clear, informed, and unambiguous consent for specific processing activities, including marketing communications and optional data collection.
• Contract Performance (Article 6(1)(b) GDPR): Where processing is necessary for the performance of a contract to which you are party or to take steps at your request prior to entering into a contract.
• Legal Obligation (Article 6(1)(c) GDPR): Where processing is necessary for compliance with legal obligations including tax obligations, regulatory reporting, and responses to lawful requests from authorities.
• Legitimate Interests (Article 6(1)(f) GDPR): Where processing is necessary for legitimate interests pursued by us or third parties, provided that such interests are not overridden by your fundamental rights and freedoms.

5. PURPOSES OF PROCESSING

We process personal information for the following purposes:

• Service provision including digital marketing campaign management, SEO services, PPC advertising, social media management, and e-commerce optimization
• Account management including user registration, authentication, profile management, and customer support
• Payment processing including transaction processing, billing, invoicing, and financial record keeping
• Communication including service updates, performance reports, technical notifications, and customer support communications
• Marketing including promotional communications, newsletter distribution, and targeted advertising (with consent)
• Analytics including website usage analysis, campaign performance measurement, and business intelligence
• Security including fraud prevention, security monitoring, and protection of our systems and data
• Legal compliance including regulatory reporting, tax obligations, and responses to legal requests

6. DATA SHARING AND DISCLOSURE

We may share personal information with the following categories of recipients:

• Service Providers: Third-party vendors who provide services on our behalf including cloud hosting, payment processing, email delivery, analytics, and customer support platforms
• Advertising Platforms: Google Ads, Facebook Ads, LinkedIn Ads, and other advertising networks for campaign management and audience targeting
• Professional Advisors: Lawyers, accountants, auditors, and other professional service providers
• Regulatory Authorities: Government agencies, regulatory bodies, and law enforcement when required by law
• Business Transfers: In connection with mergers, acquisitions, or asset sales, subject to confidentiality agreements

We do not sell personal information to third parties for monetary consideration. All data sharing arrangements include appropriate data protection agreements and security measures.

7. INTERNATIONAL DATA TRANSFERS

Personal information may be transferred to, stored, and processed in countries outside Nepal, including countries that may not provide the same level of data protection as Nepal. When transferring personal information internationally, we implement appropriate safeguards including:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions recognizing equivalent protection levels
• Binding Corporate Rules for multinational service providers
• Certification schemes and codes of conduct
• Additional security measures including encryption and access controls

8. DATA RETENTION

We retain personal information for the following periods:

• Client Data: Duration of service relationship plus three (3) years for business purposes and potential legal claims
• Financial Records: Seven (7) years as required by Nepalese tax and company law
• Marketing Data: Until consent is withdrawn or two (2) years of inactivity, whichever is earlier
• Analytics Data: Twenty-six (26) months in aggregated form, consistent with industry standards
• Security Logs: Twelve (12) months for security monitoring and incident response
• Communication Records: Three (3) years for customer service and dispute resolution purposes

Data is securely deleted or anonymized at the end of retention periods unless longer retention is required by law.

9. DATA SUBJECT RIGHTS

You have the following rights regarding your personal information:

• Right of Access: Request confirmation of processing and copies of your personal information
• Right to Rectification: Request correction of inaccurate or incomplete personal information
• Right to Erasure: Request deletion of personal information in certain circumstances
• Right to Restrict Processing: Request limitation of processing in certain circumstances
• Right to Data Portability: Request transfer of personal information to another provider
• Right to Object: Object to processing based on legitimate interests or for direct marketing
• Right to Withdraw Consent: Withdraw consent for consent-based processing at any time
• Right to Lodge Complaints: File complaints with supervisory authorities regarding data protection violations

Requests can be submitted to [email protected] and will be processed within thirty (30) days.

10. SECURITY MEASURES

We implement comprehensive technical and organizational security measures including:

• AES-256 encryption for data at rest and TLS 1.3 for data in transit
• Multi-factor authentication for all administrative accounts
• Regular security audits, penetration testing, and vulnerability assessments
• SOC 2 Type II compliant infrastructure and data centers
• Employee security training and background verification
• Incident response procedures and breach notification protocols
• Data minimization and privacy by design principles
• Regular backup procedures and disaster recovery planning

11. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar technologies for:

• Essential Cookies: Necessary for website functionality and security
• Analytics Cookies: To understand website usage and improve user experience
• Marketing Cookies: For targeted advertising and campaign measurement (with consent)
• Preference Cookies: To remember user settings and preferences

You can manage cookie preferences through your browser settings or our cookie preference center.

12. POLICY UPDATES

This Privacy Policy may be updated periodically to reflect changes in our practices, technology, legal requirements, or business operations. Material changes will be communicated through email notification, website notices, or other appropriate means. Continued use of our services after policy updates constitutes acceptance of the revised terms.