Privacy Policy

1. Introduction

SERPRO Consulting Pvt Ltd. ("Company," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website, use our services, or interact with us in any way.

Please read this Privacy Policy carefully. By accessing or using SERPRO Consulting's services, you acknowledge that you have read, understood, and agree to be bound by all the terms of this Privacy Policy. If you do not agree, please discontinue your use of our Service immediately.

2. Information We Collect

2.1 Information You Provide Directly

• Contact Information: When you submit our consultation form, subscribe to our newsletter, or contact us, we collect your full name, email address, phone number, company name, and project description.
• Communication Data: Email messages, chat records, and other communications you initiate with us.
• Account Information: If applicable, login credentials and account preferences.
• Documentation & Technical Data: During engagements, you may provide us with business documents, code repositories, database credentials, system access, and technical specifications necessary to perform our services.
• Payment Information: Billing address, invoice preferences, and payment method details (processed securely through third-party payment providers).

2.2 Information Collected Automatically

• Website Analytics: We use Google Analytics and similar tools to track page views, click-through behavior, session duration, and user demographics to understand how our website is used.
• Cookies & Tracking Technologies: Our website uses cookies to remember your theme preference (dark/light mode) and maintain session information. These are first-party cookies only and do not track you across other sites.
• Device Information: Browser type, operating system, IP address, referral sources, and device type.
• Log Data: Server logs containing access times, pages visited, and error messages.

2.3 Third-Party Information

We may receive information about you from third parties, such as business partners, marketing affiliates, or public data sources, which we combine with other information to verify your identity or enhance our service delivery.

3. Legal Basis for Processing (GDPR & Data Protection)

If you are located in the European Economic Area (EEA) or other jurisdictions with data protection laws (e.g., GDPR):

• Contractual Necessity: We process data to perform our consulting services and fulfill contractual obligations.
• Legitimate Business Interest: We analyze website usage and improve our services, market our offerings, and comply with legal obligations.
• Consent: For marketing communications and non-essential cookies, we rely on your explicit consent.
• Legal Compliance: We process data to comply with laws, regulations, and court orders.

You have the right to withdraw consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

4. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To perform consulting services, develop software, manage infrastructure, and fulfill contractual obligations.
• Communication: To respond to your inquiries, send project updates, and provide customer support.
• Billing & Payments: To process invoices, manage subscriptions, and handle financial transactions.
• Website Optimization: To improve website functionality, troubleshoot errors, and enhance user experience.
• Marketing & Outreach: To send promotional emails, case studies, whitepapers, and updates about new services (only if you've opted in).
• Legal Compliance: To comply with tax obligations, audits, regulatory requirements, and legal disputes.
• Security & Fraud Prevention: To detect unauthorized access, prevent abuse, and protect against cyber threats.
• Analytics: To analyze trends, measure campaign effectiveness, and understand market demand.

5. How We Share Your Information

We do not sell, rent, or trade your personal information. However, we may share data in the following circumstances:

• Service Providers: We engage third-party vendors for payment processing (Stripe, PayPal), email marketing (Mailchimp), analytics (Google Analytics), and cloud hosting (AWS, Google Cloud). These vendors are contractually obligated to protect your data.
• Legal Requirements: If required by law, court order, or government request, we will disclose information to comply with legal obligations.
• Business Transfers: If SERPRO Consulting is acquired, merges with another entity, or undergoes bankruptcy, your information may be transferred as part of that transaction.
• Team Members & Subcontractors: Our employees and authorized subcontractors access your information only as necessary to provide services.
• With Your Consent: We may share information with third parties if you explicitly authorize us to do so.

International Data Transfers: If you are located outside India and we transfer your data to India or other countries, we implement appropriate safeguards such as Standard Contractual Clauses (SCCs) to ensure compliance with data protection laws.

6. Data Security

We implement industry-standard security measures to protect your information:

• Encryption: Sensitive data (login credentials, payment information) is encrypted in transit using SSL/TLS protocols and at rest using AES-256 encryption.
• Access Controls: Only authorized personnel access sensitive information on a need-to-know basis.
• Firewalls & Intrusion Detection: Our systems are protected by firewalls and monitored for unauthorized access attempts.
• Regular Audits: We conduct periodic security audits and penetration testing to identify and remediate vulnerabilities.
• Data Minimization: We collect only data necessary for our stated purposes.

While we strive to protect your information, no system is 100% secure. We cannot guarantee absolute security against all cyber threats. You are responsible for maintaining the confidentiality of your passwords and account credentials.

7. Data Retention

We retain your information only for as long as necessary to fulfill the purposes for which it was collected, unless a longer retention period is required by law:

• Service Data: Project files and work product are retained for the duration of the engagement and for 1 year after completion for dispute resolution and audit purposes.
• Contact Information: Retained for marketing purposes until you unsubscribe or opt out.
• Website Analytics: Aggregated analytics data is retained for 24 months.
• Financial Records: Retained for 7 years for tax and compliance purposes (as required by Indian tax law).
• Customer Communication: Retained for 3 years for legal and dispute resolution purposes.

Upon your request or termination of an engagement, we will securely delete or anonymize your personal data, except where we are legally required to retain it.

8. Your Rights & Choices

Depending on your location and applicable laws, you may have the following rights:

8.1 Right to Access

You have the right to request a copy of the personal information we hold about you. We will provide this within 30 days of your request.

8.2 Right to Rectification

If your information is inaccurate or incomplete, you may request that we correct or update it.

8.3 Right to Erasure ("Right to be Forgotten")

Under certain circumstances (e.g., data is no longer necessary, you withdraw consent), you may request deletion of your personal data. We will comply except where legal obligations require retention.

8.4 Right to Data Portability

You have the right to receive a copy of your personal data in a structured, commonly used, machine-readable format and to transmit it to another organization.

8.5 Right to Restrict Processing

You may request that we limit how we use your information while we verify its accuracy or assess the legality of our processing.

8.6 Right to Object

You may object to direct marketing communications, profiling, and automated decision-making. We will respect your preferences and remove you from marketing lists promptly.

8.7 Right to Lodge a Complaint

If you believe your data privacy rights have been violated, you have the right to lodge a complaint with the relevant data protection authority in your jurisdiction (e.g., the Information Commissioner's Office in the UK, or local authorities in other countries).

To exercise any of these rights, contact us at enquiries@serproconsulting.com with "Data Privacy Request" in the subject line. We will respond within 30 days.

9. Cookies & Tracking Technologies

What Are Cookies? Cookies are small text files stored on your device that help us remember your preferences and track your activity.

Types of Cookies We Use:

• Essential Cookies: Required for website functionality (e.g., session management, theme preference).
• Analytics Cookies: Used by Google Analytics to track user behavior and improve our website.
• Marketing Cookies: Used for targeted advertising (only if you consent).

Managing Cookies: Most browsers allow you to disable or delete cookies. You can adjust cookie preferences in your browser settings. However, disabling essential cookies may affect website functionality.

10. Third-Party Links & Services

Our website may contain links to third-party websites and services. We are not responsible for the privacy practices of external sites. We encourage you to review the privacy policies of any third-party services before providing personal information.

11. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors. If we become aware that we have collected information from a minor, we will delete it immediately and notify the relevant parties. If you believe we have collected information from a minor, please contact us at enquiries@serproconsulting.com.

12. Data Breach Notification

In the event of a data breach that compromises your personal information, we will:

• Notify affected individuals without undue delay (within 72 hours where legally required).
• Provide details of the breach, affected data, and measures we're taking to remediate it.
• Notify relevant regulatory authorities as required by law.

13. California Privacy Rights (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information is collected, used, and shared.
• Right to delete personal information collected from you.
• Right to opt-out of the "sale" or sharing of personal information (we do not sell data, but this may apply to analytics sharing).
• Right to non-discrimination for exercising CCPA rights.

To exercise these rights, submit a request to enquiries@serproconsulting.com. We will verify your identity and respond within 45 days.

14. Updates to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on our website with a revised "Last Updated" date. Your continued use of our services following notice of changes constitutes your acceptance of the updated Privacy Policy.

15. Contact Us

If you have questions about this Privacy Policy, wish to exercise your data rights, or have concerns about our data practices, please contact us:

• Email: enquiries@serproconsulting.com
• Phone: 0824 200 1236
• Address: Unit No.7, NITK STEP, Surathkal, Mangaluru 575025, Karnataka, India
• Data Protection Officer (DPO): enquiries@serproconsulting.com