Privacy Policy | ISO Registration India

1 Who We Are

ISO Registration India is an ISO certification consultancy firm operating from New Delhi, India. We are the Data Controller for personal information collected through our website and services. Contact our data officer at info@isoregistration.grih.in.

2 Data We Collect

2.1 Information You Provide

Category	Examples	When Collected
Identity Data	Full name, designation	Enquiry forms, order forms
Contact Data	Email address, phone number	Enquiry forms, WhatsApp, order forms
Business Data	Company name, GST number, industry, address	Order forms, onboarding
Financial Data	Payment confirmation, transaction ID	Razorpay payment gateway
Document Data	Company registration, certificates, quality records	During service delivery
Communication Data	Emails, WhatsApp messages, call notes	Throughout service engagement

2.2 Automatically Collected Data

When you visit our website, we automatically collect:

IP address and approximate geographic location
Browser type and version, operating system
Pages visited, time spent, referring URLs
Device type (mobile/desktop/tablet)

This data is collected via server logs and analytics tools and is not linked to your identity without additional steps.

2.3 Data We Do NOT Collect

Credit/debit card numbers or CVV (handled entirely by Razorpay)
Passwords in plain text
Biometric or sensitive personal data
Social media passwords

3 How We Use Your Data

Purpose	Legal Basis
To deliver ISO certification consultancy services	Contract performance
To process payments and send receipts/invoices	Contract performance, legal obligation
To respond to enquiries and provide support	Legitimate interest
To send service updates and appointment reminders	Contract performance
To send promotional communications (only with consent)	Consent
To improve our website and services	Legitimate interest
To comply with legal and tax obligations	Legal obligation

4 Data Sharing

We never sell your personal data. We share data only in the following limited circumstances:

4.1 Certification Bodies

Your business information and contact details are shared with the IAF-accredited Certification Body conducting your audit. This is necessary to facilitate the certification process.

4.2 Payment Processors

Payment data is shared with Razorpay to process transactions. Razorpay operates under its own privacy policy and is PCI-DSS certified.

4.3 Service Providers

We use trusted third-party service providers for email, cloud storage, and analytics. These providers process data only under our instructions and are bound by confidentiality agreements.

4.4 Legal Requirements

We may disclose your data if required by a court order, government authority, or applicable law (e.g., GST compliance).

We never sell, rent, or trade your personal information with any third party for their marketing purposes.

5 Cookies & Tracking

Our website uses cookies to improve your experience:

Cookie Type	Purpose	Duration
Session Cookies	Maintain your session and cart	Browser session
Analytics Cookies	Understand website usage (Google Analytics)	Up to 2 years
Preference Cookies	Remember your language/location preferences	1 year
Marketing Cookies	Relevant ads (Google Ads, Meta Pixel)	Up to 90 days

You can control cookies through your browser settings. Disabling cookies may affect website functionality.

6 Data Retention

We retain your personal data for as long as necessary to fulfil the purposes described in this policy:

Client records: 7 years after completion of engagement (for tax and legal compliance)
Transaction records: 8 years (as required under the Income Tax Act, 1961)
Enquiries without conversion: 12 months
Marketing consent records: Until consent is withdrawn

After these periods, data is securely deleted or anonymised.

7 Data Security

We implement industry-standard security measures to protect your data:

SSL/TLS encryption for all data transmitted to/from our website (HTTPS)
Secure, access-controlled cloud storage for client documents
Role-based access controls — only authorised consultants access your files
Regular security audits and software updates
No storage of payment card data (handled by Razorpay)

While we take all reasonable precautions, no method of transmission over the internet is 100% secure. In the unlikely event of a data breach affecting your rights, we will notify you as required by applicable law.

8 Your Rights

Under the Digital Personal Data Protection Act, 2023 (DPDP Act) and applicable Indian law, you have the right to:

Access
Request a copy of your personal data we hold

Correction
Ask us to correct inaccurate or incomplete data

Erasure
Request deletion of your data (subject to legal obligations)

Withdraw Consent
Opt out of marketing communications at any time

Portability
Receive your data in a structured, machine-readable format

Grievance Redressal
File a grievance with our data officer

To exercise any of these rights, email us at info@isoregistration.grih.in with the subject line "Data Rights Request". We will respond within 30 days.

9 Children's Privacy

Our services are not directed at individuals under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will delete it promptly.

10 Changes to This Policy

We may update this Privacy Policy periodically. When we make material changes, we will update the "Last Updated" date at the top and, where required, notify you by email or a prominent notice on our website. Continued use of our services after changes constitutes acceptance of the revised policy.

11 Contact Our Data Officer

For privacy-related queries, data requests, or to register a grievance:

Email

info@isoregistration.grih.in

+91 9876543210

Address

New Delhi, India