Privacy Policy

1. Who We Are

Triad Evolution is a procurement and contract enablement firm incorporated in Pakistan under the Securities and Exchange Commission of Pakistan (SECP Incorporation No. 0124389), registered with the Federal Board of Revenue (NTN: 5065575), and operating from Islamabad. Our website is www.triadevolution.com and our primary contact email is info@triadevolution.com.

2. Information We Collect

We collect personal information only when you voluntarily provide it. This may include:

• Contact form submissions — name, email address, company, country, service enquiry, budget range, and any information you include in the brief requirement field
• Newsletter subscriptions — email address submitted via our Mailchimp-powered subscription forms
• Client portal access — access tokens and usage information for registered clients
• Direct communications — emails, WhatsApp messages, and other direct correspondence
• Automatically collected data — standard web server logs including IP addresses, browser type, referring URLs, and page visit data

We do not collect sensitive personal data, financial information, or data from minors. We do not use cookies for advertising or tracking purposes.

3. How We Use Your Information

Information collected is used solely for the following purposes:

• Responding to your enquiry and providing the services you have requested
• Sending our monthly procurement intelligence newsletter (only if you subscribed)
• Managing ongoing client engagements and portal access
• Improving the website and understanding visitor behaviour through anonymised analytics
• Complying with legal and regulatory obligations

We do not use your information for unsolicited marketing, sell your data to third parties, or share it with anyone outside of the purposes described above.

4. Legal Basis for Processing (GDPR)

For visitors from the European Economic Area (EEA) and United Kingdom, our legal basis for processing personal data is:

• Legitimate interest — responding to your business enquiry and maintaining client relationships
• Consent — for newsletter subscriptions, which you can withdraw at any time
• Contractual necessity — processing necessary to fulfil an engagement agreement
• Legal obligation — where required by applicable law

5. Third-Party Services

We use the following third-party services that may process your data on our behalf:

• Formspree — processes contact form submissions. Data is handled under Formspree's privacy policy at formspree.io
• Mailchimp (Intuit) — manages email newsletter subscriptions. Data is handled under Mailchimp's privacy policy at mailchimp.com. You can unsubscribe at any time using the link in any newsletter email.
• Calendly — manages scoping call scheduling. Data is handled under Calendly's privacy policy at calendly.com
• GitHub — our tender feed data is maintained via GitHub. No personal data is stored in this repository.
• OpenStreetMap / Leaflet — our interactive map uses OpenStreetMap tiles. No personal data is transmitted.

All third-party services are GDPR-compliant. We have Data Processing Agreements or rely on the providers' standard contractual clauses where applicable.

6. Data Retention

We retain personal data only for as long as necessary:

• Contact form enquiries — retained for up to 24 months for business follow-up purposes, then deleted
• Active client data — retained for the duration of the engagement plus 5 years for compliance and audit purposes
• Newsletter subscriptions — retained until you unsubscribe
• Server logs — retained for up to 90 days for security and diagnostic purposes

7. Data Security

We take reasonable technical and organisational measures to protect your data against unauthorised access, disclosure, or loss. These include HTTPS encryption on all pages, access-controlled admin systems, and confidentiality requirements for all team members. All client engagements are covered by mutual NDA as standard.

While we take security seriously, no internet transmission is completely secure. If you need to share sensitive information, we recommend using encrypted email or a private call, which we can arrange upon request.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Right of access — request a copy of the data we hold about you
• Right to rectification — request correction of inaccurate data
• Right to erasure — request deletion of your data ("right to be forgotten")
• Right to restrict processing — request that we limit how we use your data
• Right to data portability — request your data in a portable format
• Right to object — object to processing based on legitimate interests
• Right to withdraw consent — withdraw consent at any time for newsletter subscriptions

To exercise any of these rights, contact us at info@triadevolution.com. We will respond within 30 days.

9. International Data Transfers

Your data may be processed outside Pakistan by our third-party service providers (Formspree, Mailchimp, Calendly) who operate in the United States. These providers comply with international data transfer frameworks including the EU-US Data Privacy Framework and standard contractual clauses where applicable.

10. Cookies

This website uses a service worker for performance caching. No marketing cookies, advertising trackers, or third-party analytics cookies are used. The website does not use Google Analytics or similar tracking services. Session data may be stored locally in your browser to enable the client portal — this data does not leave your device.

11. Links to Other Websites

Our website contains links to third-party websites including PPRA, LinkedIn, and other external resources. We are not responsible for the privacy practices of those sites and encourage you to review their privacy policies separately.

12. Children's Privacy

Our website is intended for business professionals and is not directed at individuals under the age of 18. We do not knowingly collect personal data from minors.

13. Changes to This Policy

We may update this Privacy Policy periodically. The "Last updated" date at the top of this page reflects when the most recent changes were made. Continued use of the website after changes constitutes acceptance of the updated policy.

14. Complaints

If you have concerns about how we handle your data, please contact us directly. You also have the right to lodge a complaint with your national data protection authority. For Pakistan residents, the relevant authority is the National Telecommunications and Information Technology Security Board (NITB). For EEA residents, contact your local supervisory authority.