Privecta Privacy Notice
This notice explains what personal data we collect, why we collect it, how we use it, and your rights under the DPDP Act, 2023.
Our contact details
The type of personal data we collect
We currently collect and process the following information:
- Name and contact details (email address, phone number, business address)
- Business information (company name, industry sector, business size)
- Professional details (job title, role, department)
- Communication records (emails, meeting notes, consultation records)
- Payment and billing information (for services rendered)
- Compliance assessment data and documentation
- Training attendance and certification records
How we get your personal data and why we collect it
Data you provide to us directly
- When you contact us for compliance consulting services
- When you engage us for DPDP Act compliance assessments
- When you register for our training programs or workshops
- When you subscribe to our newsletters or updates
- When you visit our website and use our online forms
- When you enter into a service agreement with us
- When you participate in our compliance audits or assessments
Data we may receive indirectly
- Business directories and professional networking platforms (to identify potential clients who may need compliance support)
- Referrals from existing clients or business partners
- Publicly available business information
How we use the information
- Provide data privacy compliance consulting and advisory services
- Conduct DPDP Act compliance assessments and audits
- Deliver training programs and educational content
- Communicate with you about our services and compliance updates
- Process payments and maintain financial records
- Send you relevant updates about data protection regulations
- Improve our services and website functionality
- Fulfill our contractual obligations to you
Who we may share your information with
- Payment processors (for billing purposes)
- Professional advisors (legal, accounting, when necessary for service delivery)
- Technology service providers (website hosting, email services, cloud storage)
- Training platform providers (when you attend our online programs)
Lawful Grounds for Processing Under DPDP Act, 2023
We process your personal data based on the following lawful grounds:
- Your consent — Where you have provided clear consent for specific purposes (such as receiving newsletters or marketing communications). You can withdraw consent any time by contacting hello@privecta.in.
- Performance of contract — Where processing is necessary to fulfill our service agreement with you or to take steps at your request before entering into a contract.
- Compliance with legal obligations — Where we must process your data to comply with Indian laws and regulations.
- Legitimate purposes — Where processing is necessary for legitimate business purposes that do not override your rights and interests, such as fraud prevention, network security, and business administration.
How We Store Your Personal Data
Your information is securely stored on our internal systems and infrastructure located in India.
Security measures we implement
- Encryption of data in transit and at rest
- Access controls and authentication procedures
- Regular security assessments and updates
- Staff training on data protection practices
Data Retention
- Client consultation records: 7 years after completion of services (to meet legal and professional requirements)
- Financial and billing information: 8 years (as required by Indian tax and accounting laws)
- Marketing consent records: Until you withdraw consent, or 3 years of inactivity
- Training attendance records: 5 years (for certification purposes)
After the retention period, we will securely delete or anonymise your data through secure deletion protocols and data destruction procedures.
Your Rights Under DPDP Act, 2023
As a Data Principal, you have the following rights:
Right to access
Obtain confirmation of processing and access your personal data along with related information.
Right to correction
Request correction of inaccurate/misleading data and completion of incomplete data.
Right to erasure
Request erasure in certain circumstances unless retention is required for legal/compliance purposes.
Right to grievance redressal
Register a complaint with our Grievance Officer for data protection concerns.
Right to nominate
Nominate another individual to exercise your rights in the event of death or incapacity.
Fee: You are not required to pay any charge for exercising your rights.
Response timeline: If you make a request, we have 90 days to respond.
Contact: Email hello@privecta.in or call +91 8445929001.
Cross-Border Data Transfers
We may transfer your personal data outside India unless such transfer is restricted by the Central Government under the DPDP Act, 2023.
Currently, we use service providers located in India.
How to Complain
If you have concerns about our use of your personal data, you can contact our Grievance Officer:
You also have the right to lodge a complaint with the Data Protection Board of India if you are unhappy with how we have handled your personal data.
Children's Data
We do not knowingly collect or process personal data of children (individuals under 18 years of age) without verifiable parental consent. If you believe we have inadvertently collected data from a child, please contact us immediately.
Changes to This Privacy Notice
We may update this privacy notice from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes by posting the updated notice on our website and, where appropriate, by direct communication.
Last Updated: 29-12-2025
Consent Record
By engaging our services, visiting our website, or providing your personal data to us, you acknowledge that you have read and understood this Privacy Notice.
For specific processing activities requiring explicit consent (such as marketing communications), we will obtain and record your consent separately.