Privacy Policy

Effective Date: 21st Aug – 2025

At CertiTrust Consulting, we are committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, store, and protect your personal data, in compliance with the Digital Personal Data Protection Act, 2023 (India) and, where applicable, the General Data Protection Regulation (GDPR – EU).

1. Information We Collect

We may collect the following categories of personal data:

• Identity Data: Full Name, Company/Organization Name.
• Contact Data: Email Address, Phone Number.
• Business Data: Service requirements, project details, proposals, and related communications.
• Technical Data: IP address, browser type, operating system, cookies, and usage analytics.
• Other Information: Any information you voluntarily provide to us via forms, emails, or discussions.

We do not knowingly collect information from children under the age of 18. If such data is inadvertently collected, we will delete it promptly.

2. Purpose of Data Collection

We collect and process your personal data for the following purposes:

• To communicate with you regarding proposals, quotes, invoices, and service updates.
•  To discuss, clarify, and deliver consulting and auditing services (ISO 27001, ISO 27701, SOC 2, Cybersecurity).
• ·To personalize client interactions and provide tailored business solutions.
•  To improve our website, services, and client experience through analytics.
•  To comply with applicable legal and regulatory requirements.
  
  

3. Legal Basis for Processing (GDPR)

Depending on your location, we process your personal data based on:

•  Contractual Necessity: To deliver requested services.
•  Legitimate Interests: To engage with potential and existing clients.
•  Legal Obligation: To comply with applicable laws and regulations.
•  Consent: Where required, we will seek your consent for specific uses (e.g., newsletters, cookies).
  
  

4. Data Sharing and Transfers

· We do not sell, rent, or trade your personal data.

· Data may be shared with trusted third-party service providers (e.g., hosting, communication, analytics), bound by confidentiality agreements.

· Your data may be transferred and stored outside India. In such cases, we ensure appropriate safeguards, including contractual protections or adequacy mechanisms, as required under DPDP and GDPR.

5. Data Retention

We retain personal data only as long as necessary for the purposes stated, or as required by law. For example:

•  Client/project data: up to 3 years after the end of the engagement.
• Contact/communication data: up to 2 years after the last interaction.

After expiry of the retention period, data will be securely deleted or anonymised.

6. Data Security

We implement technical and organisational measures, including:

• Encryption and secure transmission protocols.
• Role-based access controls.
•  Secure storage and disposal of data.
•  Monitoring and audits aligned with ISO 27001 Information Security standards.

However, no method of transmission or storage is 100% secure. We continuously work to enhance our security practices.

7. Your Rights

Under DPDP (India):

• Right to Access personal data.
•  Right to Correction and Erasure.
•  Right to Nominate (appoint a nominee to exercise your rights in case of death/incapacity).

Under GDPR (EU):

• Right of Access to your data.
• Right to Rectification of inaccuracies.
•  Right to Erasure (“Right to be Forgotten”).
• Right to Restrict Processing.
•  Right to Data Portability.
•  Right to Object to processing.
• Right to Withdraw Consent (where processing is based on consent).

To exercise these rights, contact us (details below). We will respond within applicable legal timelines.

 

8. Cookies and Tracking

We use cookies and similar technologies to:

•  Improve website performance.
• Analyse visitor interactions.
•  Provide relevant content and user experience.

You may control cookies through your browser settings. Where required by law, we will request your consent before placing cookies.

 

9. Contact Information

For privacy-related queries, concerns, or to exercise your rights, please contact our Grievance Officer / Data Protection Officer (DPO):

CertiTrust Consulting
Email: audit@itauditor.co.in
Phone: +91 97376 10002
Website: https://www.itauditor.co.in

 

10. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in laws, regulations, or our practices. Updates will be posted on this page with a revised “Effective Date.” We encourage you to review this policy periodically.