Privacy Policy
This Privacy Policy describes how Pristine CyberIntel Private Limited ("Pristine CyberIntel", "we", "our", or "us") collects, uses, stores, discloses, and protects personal information obtained from users of our website https://pristinecyber.com and persons who avail our services. This Policy is formulated in compliance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), the Information Technology (Amendment) Act, 2008, and the Digital Personal Data Protection Act, 2023 ("DPDP Act"), to the extent applicable.
By accessing our website or using our services, you agree to the terms of this Privacy Policy. If you do not agree, please refrain from using our website or services.
1. Identity and Contact Details of the Data Fiduciary
As defined under the Digital Personal Data Protection Act, 2023, Pristine CyberIntel Private Limited acts as the Data Fiduciary in relation to the personal data processed through this website and related services.
Registered Name: Pristine CyberIntel Private Limited
Registered Address: 305-B, Town Centre II, Marol, Andheri-Kurla Road, Andheri (East), Mumbai - 400059, Maharashtra, India
Email: contact@pristinecyber.com
Phone: +91 9029029632
Website: https://pristinecyber.com
2. Information We Collect
2.1 Personal Information Provided by You
We may collect the following categories of personal information when you interact with us:
- Full name and designation
- Business email address and personal email address
- Mobile number and telephone number
- Name and address of your organisation
- Billing and payment information (as required for course enrolment or service engagement)
- Government-issued identification numbers where required for certifications or legal compliance
- Educational qualifications and professional background (for training programme registration)
- Username and password for our learning management or client portals
2.2 Sensitive Personal Data or Information (SPDI)
In certain contexts, particularly in relation to cyber crime investigation, forensic services, or data protection consulting, we may collect information that qualifies as Sensitive Personal Data or Information under the SPDI Rules, including:
- Passwords
- Financial information such as bank account details, payment card details
- Biometric information (only if required for specific forensic engagements)
- Health or medical data (only in exceptional circumstances with explicit consent)
We will collect SPDI only with your free, informed, and explicit written consent and for a specified, lawful purpose.
2.3 Information Collected Automatically
When you visit our website, we may automatically collect:
- Internet Protocol (IP) address and approximate geographic location
- Browser type, version, and device operating system
- Pages visited, time spent, and navigation patterns
- Referral source and exit pages
- Cookies and similar tracking technologies (refer to Section 8)
2.4 Information from Third Parties
We may receive information about you from business partners, referral sources, or publicly available databases in the ordinary course of our business operations.
3. Purpose of Collection and Use of Personal Data
We process your personal data solely for the following specific, lawful purposes:
- To respond to your enquiries and provide requested information about our services or training programmes
- To register you for training courses, issue certificates, and administer your learning account
- To perform contracted IT security services, audits, penetration testing, and cyber crime investigations
- To process payments and issue invoices in compliance with applicable tax laws
- To verify your identity and perform background checks as required by applicable law or client agreements
- To send transactional communications such as booking confirmations, reminders, and service updates
- To send promotional communications about our services, events, and training programmes (only with your consent and subject to your right to opt out at any time)
- To comply with our legal and regulatory obligations under Indian law
- To enforce our contractual rights and resolve disputes
- To improve and secure our website and services
We will not use your personal data for any purpose incompatible with the purposes stated above without obtaining your prior consent.
4. Legal Basis for Processing
We process your personal data on the following legal bases:
- Consent: Where you have given us your explicit consent, in particular for SPDI, marketing communications, and any processing not strictly necessary for service delivery.
- Contractual Necessity: Where processing is necessary for the performance of a contract with you or to take steps at your request prior to entering into a contract.
- Legal Obligation: Where processing is necessary to comply with a legal obligation applicable to us.
- Legitimate Interests: Where processing is necessary for our legitimate interests, provided those interests are not overridden by your rights and freedoms.
5. Disclosure and Sharing of Personal Data
5.1 Internal Sharing
Personal data is accessible only to our authorised employees and contractors who require access in the performance of their duties. All such personnel are bound by confidentiality obligations.
5.2 Disclosure to Third Parties
We do not sell, rent, or trade your personal data. We may disclose personal data to:
- Service Providers: Cloud hosting providers, payment gateways, email delivery platforms, and LMS providers who process data on our behalf under binding data processing agreements.
- Government and Law Enforcement: Where required by law, court order, or the direction of a competent government authority.
- Professional Advisers: Lawyers, auditors, and accountants who are bound by professional confidentiality obligations.
- Business Transfers: In the event of a merger, acquisition, amalgamation, or sale of all or part of our business, personal data may be transferred to the acquirer, subject to appropriate safeguards.
5.3 Cross-Border Transfer of Data
In the event personal data is transferred outside India, we shall ensure such transfer complies with the provisions of the Digital Personal Data Protection Act, 2023 and any rules or notifications issued thereunder.
6. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected or as required by applicable law. In determining the appropriate retention period, we consider the nature and sensitivity of the data, the purposes for which we process it, and applicable legal requirements.
As a general principle:
- Data relating to training records and certifications is retained for seven (7) years.
- Data collected for business development purposes is retained for the duration of our business relationship and for three (3) years thereafter.
- Financial records are retained as required under the Companies Act, 2013 and applicable tax laws.
After the applicable retention period, personal data is securely deleted or anonymised.
7. Security of Personal Data
As an information security company, we apply industry-best security practices to protect your personal data. We have implemented appropriate technical and organisational measures in accordance with the SPDI Rules and the DPDP Act, including:
- Encryption of data in transit using TLS/SSL and encryption of sensitive data at rest
- Role-based access controls and least-privilege principles
- Firewalls, intrusion detection systems, and endpoint security controls
- Regular vulnerability assessments and penetration testing of our own systems
- Periodic security awareness training for all personnel handling personal data
- Incident response procedures for detection, reporting, and remediation of personal data breaches
However, no method of electronic transmission or storage is one hundred percent secure. In the event of a personal data breach that is likely to result in harm to data principals, we will notify the affected individuals and, as required, the Data Protection Board of India, in accordance with the DPDP Act.
8. Cookies and Tracking Technologies
Our website uses cookies and similar technologies to enhance your browsing experience and analyse website traffic. We use the following types of cookies:
- Strictly Necessary Cookies: Required for the operation of our website. These cannot be disabled.
- Analytics Cookies: Help us understand how visitors interact with our website, enabling us to improve content and functionality.
- Preference Cookies: Remember your settings and preferences.
- Marketing Cookies: Used to deliver relevant advertisements (if applicable).
You may control or disable cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website. By continuing to use our website without changing your cookie settings, you consent to our use of cookies.
9. Rights of Data Principals
Under the Digital Personal Data Protection Act, 2023 and the SPDI Rules, you have the following rights in relation to your personal data:
- Right to Access: You have the right to obtain confirmation of whether we process your personal data and to access a summary of such data and the processing activities.
- Right to Correction: You have the right to correct inaccurate or misleading personal data and to complete incomplete personal data.
- Right to Erasure: You have the right to request erasure of your personal data that is no longer necessary for the purpose for which it was collected, subject to our legal retention obligations.
- Right to Grievance Redressal: You have the right to a readily available means of grievance redressal in relation to any act or omission of ours in respect of your personal data.
- Right to Nominate: You have the right to nominate another person to exercise your rights in the event of your death or incapacity.
- Right to Withdraw Consent: Where processing is based on consent, you may withdraw your consent at any time. Withdrawal of consent will not affect the lawfulness of processing prior to withdrawal.
To exercise any of the above rights, please submit a written request to our Grievance Officer (details in Section 11). We will respond to your request within the period prescribed under applicable law.
10. Links to Third-Party Websites
Our website may contain links to third-party websites, platforms, or social media pages for your reference. This Privacy Policy does not apply to such third-party websites. We encourage you to review the privacy policies of any third-party websites you visit. We are not responsible for the privacy practices of third parties.
11. Grievance Officer
In accordance with the Information Technology Act, 2000, the SPDI Rules, and the DPDP Act, we have designated a Grievance Officer to address any concerns relating to this Privacy Policy or the processing of your personal data:
Address: 305-B, Town Centre II, Marol, Andheri-Kurla Road, Andheri (East), Mumbai - 400059, Maharashtra, India
Email: contact@pristinecyber.com
Phone: +91 9029029632
We will acknowledge your grievance within forty-eight (48) hours and endeavour to resolve it within thirty (30) days of receipt, in accordance with applicable law.
12. Children's Privacy
Our website and services are not directed to children below the age of eighteen (18) years. We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected personal data from a child without appropriate parental consent as required under the DPDP Act, we will take steps to delete such data promptly. If you believe we have collected data from a minor, please contact our Grievance Officer immediately.
13. Amendments to This Policy
We reserve the right to amend this Privacy Policy from time to time to reflect changes in law, our business practices, or technology. The revised Policy will be published on our website with the updated effective date. Where changes are material, we will notify you by email or by a prominent notice on our website prior to the change becoming effective. Your continued use of our website or services after the publication of amendments constitutes your acceptance of the revised Policy.
14. Governing Law and Jurisdiction
This Privacy Policy shall be governed by and construed in accordance with the laws of India. Any disputes arising in relation to this Policy shall be subject to the exclusive jurisdiction of the courts at Mumbai, Maharashtra, India.
15. Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or the processing of your personal data, please contact us at:
Company: Pristine CyberIntel Private Limited
Address: 305-B, Town Centre II, Marol, Andheri-Kurla Road, Andheri (East), Mumbai - 400059, Maharashtra, India
Email: contact@pristinecyber.com
Phone: +91 9029029632
Website: https://pristinecyber.com
This Privacy Policy is compliant with the Information Technology Act, 2000; the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011; the Information Technology (Amendment) Act, 2008; and the Digital Personal Data Protection Act, 2023.