top of page
Privacy Policy Statement
Effective Date: 5 July 2026Â |Â Registered Office: Mohali, Punjab, India
1. Introduction
SMB+ Solutions Private Limited ("SMB+", "the Company", "we", "us", or "our") is a company incorporated under the laws of India, with its registered and corporate headquarters at Mohali, Punjab, India. SMB+ operates across three principal lines of business: (a) the design, manufacture and supply of aerobic bio-toilets and allied sanitation infrastructure to government bodies, builders and real-estate developers, defence and paramilitary establishments, and industrial clients; (b) a large-format Call Centre and Business Process Outsourcing (BPO) operation of 600+ seats providing customer support, technical helpdesk, telemarketing, and allied voice/non-voice services; and (c) a Strategic Partnerships division that assists foreign companies and overseas principals in structuring partnerships, joint ventures, and market-entry strategies to access Indian private-sector and government procurement opportunities.
​This Privacy Policy explains how we collect, use, share, store, and protect Personal Data across all three business lines, pan-India, in accordance with the Digital Personal Data Protection Act, 2023 ("DPDP Act"), the Information Technology Act, 2000 and rules made thereunder (including the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011), and other applicable Indian laws. By engaging with SMB+ through any of our websites, offices, call centre, field operations, tenders, or partnership engagements, you consent to the practices described in this Policy.
​
2. Scope and Application
This Policy applies to Personal Data collected across India from: website visitors and enquirers; customers and end-users of our bio-toilet products and installation/maintenance services; government departments, municipal bodies, defence and paramilitary personnel or nodal officers who interact with us in relation to tenders, supply contracts, or after-sales service; builders, contractors, and industrial clients; callers to and agents of our Call Centre operations; job applicants and employees; vendors and suppliers; and representatives of foreign companies and Indian government counterparts engaged through our Strategic Partnerships division. It applies uniformly across every SMB+ facility, branch office, call centre seat, and field/site office anywhere in India.
​
3. Definitions
-
"Personal Data" means any data about an individual who is identifiable by or in relation to such data, as defined under the DPDP Act, 2023.
-
"Sensitive Personal Data" includes financial information, biometric data, health data, and government identifiers (e.g., Aadhaar, PAN) as recognised under Indian law.
-
"Data Principal" means the individual to whom the Personal Data relates.
-
"Data Fiduciary" means SMB+ Solutions Private Limited, which determines the purpose and means of processing Personal Data.
-
"Processing" means any operation performed on Personal Data, including collection, storage, use, sharing, and erasure.
-
​
4. Information We Collect
​
4.1 Product and Institutional Clients (Government, Builders, Military, Industry)
For tendering, procurement, and after-sales relationships, we collect: names, designations, and official contact details of authorised representatives; organisational and billing details; site addresses and installation locations; procurement/tender identifiers; bank and payment details for invoicing; and, where required by tender conditions, identity and authorisation documents of signatories.
​
4.2 Call Centre and BPO Operations
Our 600+ seat Call Centre handles inbound and outbound interactions for SMB+ and for third-party clients who engage our BPO services. In the course of these operations we may collect and process: caller name, contact number, and email address; nature of enquiry or complaint; call recordings and interaction transcripts for quality, training, and dispute-resolution purposes; customer account or order identifiers; and, where a client campaign requires it and the underlying client relationship separately authorises it, limited additional data fields specified by that client (for example order numbers, appointment details, or service history). Call recordings are retained and used strictly as described in Clause 8 below.
​
4.3 Strategic Partnerships Division
For foreign companies and overseas principals seeking Indian market entry, joint ventures, or access to Indian government procurement, we collect: corporate registration and beneficial ownership information; authorised signatory identity and contact details; commercial proposals, term sheets, and due-diligence documentation; and details of Indian government officials, PSU representatives, or private-sector counterparts introduced during facilitation, limited to their professional contact details and role.
​
4.4 Employees, Applicants and Vendors
We collect employment application data, identity and background-verification documents, payroll and statutory compliance data (PF, ESI, PAN, Aadhaar where legally required), and vendor/contractor onboarding data including GST and bank details.
​
4.5 Website and Digital Interactions
Our websites and digital enquiry forms collect name, contact details, IP address, device and browser information, and cookies as described in Clause 14.
​
5. How We Collect Information
Information is collected directly from you (forms, tenders, calls, emails, site visits, meetings), automatically (website cookies, call-recording systems, CCTV at facility premises), and from third parties (government portals, tender databases, background-verification agencies, and referral partners), always for a lawful purpose consistent with this Policy.
​
6. Purposes and Legal Basis for Processing
We process Personal Data for the following purposes, relying on your consent, performance of a contract, compliance with legal obligations, or our legitimate business interests as permitted under the DPDP Act, 2023:
-
Fulfilling product orders, installation, warranty, and maintenance obligations for bio-toilet systems.
-
Responding to and resolving enquiries and complaints through the Call Centre.
-
Operating BPO campaigns on behalf of third-party clients under duly executed data-processing agreements.
-
Facilitating and documenting Strategic Partnership introductions, due diligence, and transaction support.
-
Complying with government tender, procurement, defence-supply, and statutory record-keeping requirements.
-
Employee administration, payroll, and statutory compliance.
-
Fraud prevention, quality assurance, staff training, and internal audit.
-
Marketing communications, where you have opted in, and which you may withdraw at any time.
-
​
7. Call Centre Specific Provisions
Calls made to or received from our Call Centre may be recorded and monitored for quality assurance, training, dispute resolution, and regulatory compliance purposes. Callers are notified of recording at the start of an interaction wherever operationally feasible. Recordings and associated metadata are stored on secure servers located in India, access-controlled on a need-to-know basis, and retained for the period set out in Clause 11. Where our Call Centre operates a campaign on behalf of a third-party client, that client remains responsible, as an independent Data Fiduciary or joint Data Fiduciary, for the purposes for which such data is used, and SMB+ processes such data strictly under the terms of the applicable service agreement.
​
8. Data Sharing and Disclosure
We do not sell Personal Data. We may share Personal Data with:
-
Government departments, regulators, defence/paramilitary procurement authorities, and courts, where required by law, tender conditions, or lawful directive.
-
Group companies, sub-contractors, logistics and installation partners, strictly for fulfilling product and service obligations.
-
Third-party BPO clients, limited to the data fields relevant to their specific campaign, under written confidentiality and data-processing obligations.
-
Foreign partner companies and Indian government or PSU counterparties introduced through the Strategic Partnerships division, only with the explicit consent of the individuals concerned and under NDA.
-
Professional advisers (legal, accounting, audit) and regulators as necessary for compliance.
-
Successors in the event of a merger, acquisition, or corporate restructuring, subject to equivalent privacy protections.
Â
9. Cross-Border Data Transfer
Given the nature of our Strategic Partnerships division, Personal Data of foreign company representatives may need to be shared with or accessed from outside India, and conversely, limited data relating to Indian government or private-sector counterparts may be shared with foreign principals strictly for the purpose of the facilitated engagement. Any such cross-border transfer is undertaken only where permitted under the DPDP Act, 2023 and rules notified thereunder, and is governed by contractual safeguards, including confidentiality and data-protection clauses, appropriate to the jurisdiction of transfer. Core operational data relating to our Call Centre, government, and defence clients is hosted and processed within India.
Â
10. Data Security Measures
We maintain reasonable security practices and procedures under Section 43A of the Information Technology Act, 2000 and the SPDI Rules, 2011, including access controls, encryption of data in transit, network security monitoring, CCTV surveillance at facility and call-centre premises, restricted physical access to server and recording infrastructure, background verification of Call Centre staff, and periodic security audits. Government and defence-related data is additionally handled in accordance with any specific security clearance, confidentiality, or classification requirements stipulated in the relevant contract.
Â
11. Data Retention
We retain Personal Data only for as long as necessary to fulfil the purposes described in this Policy, to satisfy statutory retention requirements applicable to government and defence contracts (which may extend retention periods), or to resolve disputes and enforce agreements. Call recordings are typically retained for a period specified in the applicable service agreement or, absent such specification, for up to 12 months, unless a longer period is required for an ongoing dispute, audit, or legal obligation. Thereafter, data is securely deleted or anonymised.
Â
12. Your Rights under the DPDP Act, 2023
Subject to applicable exemptions, Data Principals have the right to: obtain a summary of Personal Data processed and the processing activities undertaken; request correction, completion, updating, or erasure of Personal Data; nominate another individual to exercise rights on their behalf in the event of death or incapacity; withdraw consent at any time (without affecting the lawfulness of processing prior to withdrawal); and file a grievance with our Grievance Officer, followed, if unresolved, with the Data Protection Board of India. Requests may be sent to the contact details in Clause 19.
Â
13. Children's Privacy
Our products, Call Centre services, and Strategic Partnership engagements are directed at institutions and adults acting in a professional capacity. We do not knowingly collect Personal Data from individuals below 18 years of age. If we become aware of such collection, we will delete the data promptly.
Â
14. Cookies and Website Tracking
Our websites use cookies and similar technologies to remember preferences, understand site usage, and improve services. You may control cookies through your browser settings; disabling cookies may affect certain website functionality.
Â
15. Government and Military Clients — Special Provisions
Where SMB+ supplies bio-toilet systems or related services to defence, paramilitary, or other sensitive government establishments, any Personal Data or operational information shared with us in that context is treated with heightened confidentiality, is accessed strictly on a need-to-know basis, and is handled in accordance with any additional non-disclosure, security clearance, or site-access protocols specified by the relevant establishment, which shall prevail over this Policy to the extent of any conflict.
Â
16. Grievance Officer / Data Protection Contact
Grievance Officer / Data Protection Officer: SMB+ Solutions Private Limited
SMB+ Solutions Private Limited, Registered Office, Mohali, Punjab, India
Email: sandeepbanerjee@smbplussolutions.com
Phone: +91 99150 49333Â (Call Centre Grievance Line)
​
Grievances will be acknowledged within a reasonable time and, in any event, addressed in accordance with the timelines prescribed under applicable Indian law.
​
17. Changes to this Policy
We may update this Policy periodically to reflect changes in law, technology, or our business operations. The "Effective Date" above indicates the date of the latest revision. Material changes affecting government, defence, or Call Centre client obligations will additionally be communicated through the relevant contractual notice channels.
​
18. Governing Law and Jurisdiction
This Policy is governed by the laws of India. Courts at Mohali, Punjab, and the Punjab and Haryana High Court, shall have exclusive jurisdiction over any disputes arising in connection with this Policy, without prejudice to any statutory forum (including the Data Protection Board of India) having concurrent jurisdiction.
​
19. Contact Us
For any questions about this Privacy Policy or our data practices, across any of our manufacturing, Call Centre, or Strategic Partnerships operations anywhere in India, please contact number below in footer.
Direct Contact
Email: sandeepbanerjee@smbplussolutions.com
Phone: +91 99150 49333
WhatsApp: +91 99150 49333
Headquarters
SMB+ Solutions
Mohali, Punjab, India
600-seat BPO facility with 310+ trained agents.
Expanding Offices
- Delhi
- Hyderabad
Partner network across 4+ Indian states including Jharkhand, Tripura, Andhra Pradesh, Gujarat, Rajasthan, and Uttar Pradesh.
bottom of page