Privacy Policy

PRIVACY POLICY
Last updated / Effective: April 22, 2026
This Privacy Policy is prepared in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act) and DPDP Rules, 2025. By using our services, you (the Data Principal) consent to the practices described herein.
TABLE OF CONTENTS

  1. ABOUT US
  2. SCOPE & APPLICABILITY
  3. PERSONAL DATA WE COLLECT
  4. PURPOSES OF PROCESSING PERSONAL DATA
  5. LAWFUL BASIS FOR PROCESSING
  6. DATA SHARING & DISCLOSURE
  7. DATA PRINCIPAL RIGHTS
  8. DATA SECURITY & RETENTION
  9. COOKIES & TRACKING TECHNOLOGIES
  10. CHILDREN’S PRIVACY
  11. CROSS-BORDER DATA TRANSFERS
  12. CONSENT MANAGEMENT & POLICY UPDATES
  13. GRIEVANCE OFFICER & CONTACT
  14. ABOUT US
    Nonce Systems LLP is a specialized Cyber Security company providing ISO 27001 Implementation and Consulting, Cyber Security Risk Management services, IT Infrastructure Management Services, Managed Service Provider (MSP) solutions, Cloud Transformation and Migration, Network Security, Employee Cyber Security Awareness Training, and Vulnerability Assessment and Penetration Testing (VAPT).
    We operate as the Data Fiduciary under Section 2(i) of the DPDP Act, 2023. We manage and operate our official website located at http://www.noncesystems.com.
    Registered Address: Plot No 391-B, Ward 2B, Adipur, Kutch, Gujarat 370205, India.
  15. SCOPE & APPLICABILITY
    This Policy applies to all digital personal data processed by Nonce Systems LLP in connection with our website (www.noncesystems.com) and associated corporate consultation services—including all Data Principals in India whose data we process.
    Exclusions: This policy does not cover (a) non-digital data that has not been digitized; (b) data processed for purely personal or domestic use; or (c) data made publicly available by the Data Principal as exempted under the provisions of the DPDP Act.
  16. PERSONAL DATA WE COLLECT
    We collect only the baseline digital personal data necessary for the stated purposes of business coordination and operational security. We do not collect data we do not strictly need.
    3.1 Personal Data
    • Full Name
    • Email Address
    • Mobile / Contact Number
    • Shipping / Billing Address
    • IP Address
    • Device ID & Browser Configurations
    • Purchase & Corporate Transaction History
  17. PURPOSES OF PROCESSING PERSONAL DATA
    We process your personal data strictly for specified, lawful purposes associated with delivering our GRC and security advisory operations:
    • To provide, maintain, and execute our cybersecurity consulting, compliance audits, and corporate training programs.
    • To communicate updates, respond to specific service queries, or manage project timelines through our interactive portals.
    • To safeguard our digital boundaries, protect infrastructure integrity, and prevent unauthorized scraping, system probes, or network exploits.
    • To comply with binding legal, accounting, and regulatory compliance mandates.
  18. LAWFUL BASIS FOR PROCESSING
    Under the DPDP Act, 2023, we process personal data only on the following grounds:
    • Consent: Where you have given explicit, affirmative, and clear consent via specific web checkboxes or service enrollment documents.
    • Legitimate Uses: For specific purposes where you have voluntarily provided data to us (such as submitting an inquiry form for an audit proposal) and have not indicated refusal of processing.
  19. DATA SHARING & DISCLOSURE
    We do not sell, rent, or trade your personal data to third-party brokers. We share your information only with trusted entities under strict contractual safeguards:
    • Service Providers: Specialized third-party vendors, cloud infrastructure platforms, or technical tools that assist us in operating our corporate website or managing client deliverables.
    • Legal Imperatives: When mandated by legal disclosure orders under applicable laws in India or to protect our system infrastructure against critical security incidents.
  20. DATA PRINCIPAL RIGHTS
    As a Data Principal under the DPDP Act, 2023, you possess robust statutory controls regarding your digital personal data, which you may execute by contacting our Grievance Officer:
    • Right to Information: The right to request a summary of your personal data processed by us and the list of third parties with whom it has been shared.
    • Right to Correction & Erasure: The right to correct, complete, update, or request the erasure of personal data that is no longer necessary for the purpose it was collected.
    • Right to Withdraw Consent: The right to withdraw your consent to data processing at any point, subject to legal or contractual limitations.
    • Right to Grievance Redressal: The right to lodge formal complaints regarding any perceived data handling anomalies.
  21. DATA SECURITY & RETENTION
    We enforce rigorous technical and organizational controls to protect personal data from unauthorized access, alteration, disclosure, or destruction. We limit internal access to sensitive customer data strictly on a role-based, need-to-know basis.
    We retain your personal data only for as long as necessary to fulfill the specific operational objectives detailed in this Policy, or as required by statutory accounting and cybersecurity log retention regulations under Indian law.
  22. COOKIES & TRACKING TECHNOLOGIES
    Our platform employs cookies and similar digital identifiers to optimize website performance, remember user preferences, and generate aggregated analytical trends about traffic patterns. You can configure or restrict cookies through your browser preferences; however, disabling certain functional cookies may limit access to specific portal features.
  23. CHILDREN’S PRIVACY
    Our services are intended strictly for corporate businesses, enterprise entities, and adult clients. We do not knowingly collect personal data from children without verifiable parental consent as required by the DPDP Act. If we become aware of such collection, we will execute immediate erasure protocols from our primary databases.
  24. CROSS-BORDER DATA TRANSFERS
    Nonce Systems LLP primarily stores, manages, and processes digital personal data within secure storage environments located inside India. To the extent data is processed by international service providers or integrated enterprise clouds, such transfers strictly adhere to the requirements of the DPDP Act and applicable government-notified cross-border transfer restrictions.
  25. CONSENT MANAGEMENT & POLICY UPDATES
    We ensure that consent is acquired through a clear, affirmative action before any underlying personal data is processed. We reserve the right to modify this Policy to maintain strict structural alignment with evolving regulatory rules or technological variations. Material updates will be clearly reflected on our website home or legal subpages.
  26. GRIEVANCE OFFICER & CONTACT
    Nonce Systems LLP has designated a dedicated Grievance Officer to oversee data protection parameters, handle privacy complaints, and process Data Principal rights requests:
    Grievance Officer: Rajesh Gangwani
    Designation: vCISO / Manager
    Address: Plot No 391-B, Ward 2B, Adipur, Kutch, Gujarat 370205, India
    Phone: +919327766298
    Email: rgangwani@noncesystems.com / info@noncesystems.com