Privacy Policy

1 Introduction

This Privacy Policy describes the types of personal information we collect, how we use and protect it, and the choices available to you regarding your data. By accessing our website or engaging our services, you acknowledge that you have read and understood this policy.

2 Information We Collect

Information You Provide Directly

We collect personal information that you voluntarily provide when interacting with us, including:

• Contact information: Name, email address, phone number, company name, and job title when you book a consultation, fill out a contact form, or correspond with us.
• Engagement information: Details you share during consultations, assessments, or project engagements, including business requirements, compliance documentation, and technical infrastructure details.
• Communication records: Emails, messages, and other correspondence exchanged with our team.
• Payment information: Billing details necessary to process service payments (processed securely through third-party payment providers).

Information Collected Automatically

When you visit our website, we do not collect cookies.

Information from Third Parties

We may receive information about you from third-party sources such as business partners, referral sources, publicly available databases, and social media platforms when you interact with our content.

3 How We Use Your Information

We use the information we collect for the following purposes:

• Service delivery: To provide, manage, and deliver our cybersecurity compliance consulting, VAPT, and related services.
• Communication: To respond to your inquiries, schedule consultations, and send service updates.
• Legal compliance: To comply with applicable laws, regulations, and legal processes.
• Security: To detect, prevent, and respond to fraud, security incidents, and technical issues.
• Business operations: For invoicing, accounting, contract management, and internal administrative purposes.

4 Legal Basis for Processing

We process your personal data on the following legal grounds:

• Consent: Where you have provided explicit consent for specific processing activities.
• Contractual necessity: Where processing is necessary to perform a contract with you or take pre-contractual steps at your request (e.g., delivering consulting engagements).
• Legitimate interests: Where processing is necessary for our legitimate business interests, such as improving our services and ensuring security, provided these interests do not override your fundamental rights.
• Legal obligation: Where processing is required to comply with applicable legal or regulatory requirements.

5 Information Sharing & Disclosure

We do not sell your personal information. We may share your information only in the following circumstances:

• Service providers: With trusted third-party vendors who assist us in operating our website, conducting our business, and delivering services to you (e.g., cloud hosting providers, email service platforms, payment processors). These providers are contractually obligated to protect your data.
• Audit and certification bodies: Where necessary for certification audits conducted on behalf of our clients, with prior client approval.
• Legal requirements: When disclosure is required by law, regulation, court order, or governmental authority.
• Business transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction, subject to applicable privacy obligations.
• With your consent: In any other circumstance where you have provided explicit consent for such sharing.

6 Data Security

We implement industry-standard technical and organizational security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit (TLS/SSL) and at rest
• Access controls and role-based permissions for internal systems
• Regular security assessments and vulnerability testing
• Employee training on data protection and security best practices
• Secure cloud infrastructure with reputable service providers
• Incident response procedures for prompt action in case of a data breach

While we strive to use commercially acceptable means to protect your data, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security but are committed to continuously improving our safeguards.

7 Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.

• Client engagement data: Retained for the duration of the engagement and thereafter as required for legal and compliance purposes. Once no longer required, data is securely deleted.
• Financial records: Retained as required by applicable tax and accounting laws.

When personal information is no longer required, we securely delete or anonymize it in accordance with our data retention policies.

8 Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Right to access: Request a copy of the personal data we hold about you.
• Right to correction: Request correction of inaccurate or incomplete data.
• Right to erasure: Request deletion of your personal data, subject to legal retention obligations.
• Right to restrict processing: Request that we limit the processing of your data in certain circumstances.
• Right to data portability: Request your data in a structured, commonly used, machine-readable format.
• Right to object: Object to the processing of your personal data for specific purposes.
• Right to withdraw consent: Withdraw previously given consent at any time, without affecting the lawfulness of processing based on consent before withdrawal.
• Right to nominate: Under the DPDP Act, nominate an individual to exercise your rights on your behalf in the event of your death or incapacity.
• Right to grievance redressal: Lodge a complaint with the relevant data protection authority.

To exercise any of these rights, please contact us using the details provided in Section 13. We will respond to your request within the timeframe required by applicable law.

9 Third-Party Links & Services

Our website may contain links to third-party websites, tools, or services (such as Microsoft Outlook for booking consultations). We are not responsible for the privacy practices of these third parties. We encourage you to review the privacy policies of any third-party websites or services you access through our site.

10 International Data Transfers

Your personal data may be transferred to and processed in countries other than your country of residence. Where we transfer data internationally, we ensure that appropriate safeguards are in place, including standard contractual clauses, adequacy decisions, or other legally recognized transfer mechanisms to protect your personal data in compliance with applicable laws.

11 Children's Privacy

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected data from a child, we will take prompt steps to delete such information.

12 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes, we will notify you by updating the "Effective Date" at the top of this policy and, where appropriate, provide additional notice via our website. We encourage you to review this policy periodically.

13 Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out to us:

• Email: shivani@seccomply.net
• Website: seccomply.net
• Phone: +91 9860013381