DPDP Consultants (hereinafter referred to as “DPDP Consultants”, “company”, “we”, “us”, or “our”) respects your privacy and recognises the importance of protecting personal data entrusted to us.
In compliance with the Digital Personal Data Protection Act, 2023 (“DPDP Act”), we are committed to ensuring the lawful, fair, and transparent processing of personal data and to safeguarding such information through appropriate technical and organisational measures. This Privacy Notice sets out how DPDP Consultants collects, uses, stores, shares, and protects personal data when you interact with our websites, products, solutions, services, and marketing initiatives (collectively referred to as the “Services”). It also explains how individuals may exercise their rights and maintain meaningful control over their personal data.
This Notice applies to:
This Notice is effective from the date of publication as below which governs the processing of your personal data from that date onwards, in accordance with the Digital Personal Data Protection Act, 2023.
DPDP Consultants collects and processes your personal data either:
DPDP Consultants collects personal data directly from individuals or through their interactions with our website, digital platforms, services and training programs. This data may be processed in the course of the Company’s operations, including providing data privacy advisory services, supporting DPDP and other data protection compliance requirements, conducting assessments, delivering training, and offering compliance-related tools and solutions.
Under the Digital Personal Data Protection Act, 2023 (“DPDP Act”), personal data refers to any data about an individual who is identifiable by or in relation to such data. When you interact with company’s websites, applications, or services, we may collect personal data that can identify, contact, or locate you. This includes information such as your name, address, phone number, email ID, IP address, location data, and device-related information.
DPDP Consultants acts as a Data Fiduciary where personal data is directly requested and collected through its platforms. In situations where you voluntarily choose to share personal data with third parties through our platforms or otherwise, those third parties act as independent Data Fiduciaries. They are responsible for ensuring compliance with applicable data protection laws, including obtaining valid consent from the concerned Data Principals.
In addition, not all personal data processed by us is collected directly from you. In certain cases, we may receive personal data from our business partners or service providers as part of service delivery or operational requirements. We ensure that all such personal data is processed lawfully, securely, and in accordance with the DPDP Act.
The sections below provide an overview of the categories of personal data processed, the related business activities and purposes, and the applicable lawful grounds. The following list shows the various processing purposes for personal data here at DPDP Consultants.
| Sr. No. | Categories of Personal Data Collected | Lawful Grounds of Processing | Platform / Source of Collection | Purpose for Collection |
|---|---|---|---|---|
| 1 | Website Interaction & Event Registration Data (Name, Email, Contact Number, Designation, Organization Name) | The processing of your data is based on your explicit consent in accordance with Section 6 of the DPDP Act. | Website forms, events, webinars, podcasts, resource downloads |
Website Interaction & Event Registration Data
|
| 2 | Recruitment & Applicant Data (Name, Email, Contact Number, Resume) | The lawful basis for processing this data is your consent under Section 6 of the DPDP Act. | Careers page on websites, job portals, referrals, emails, social media platforms |
Recruitment & Role Evaluation:
Talent Management & Workforce Planning: HR & Legal Compliance: Candidate Communication & Interview Coordination: |
| 3 | Website & Digital Interaction Data (e.g., enquiry details, IP address, device data, cookies) | The processing of your data is based on your explicit consent in accordance with Section 6 of the DPDP Act. | For website functionality, analytics, and service improvements |
Website Operations & Enquiries:
AAnalytics & Performance: |
| 4 | Marketing & Communication Preferences (marketing preferences, newsletter subscriptions) | The processing of your data is based on your explicit consent in accordance with Section 6 of the DPDP Act. | Email campaigns, newsletter subscription forms |
Marketing & Engagement:
|
| 5 | Training & Certification Data (Name, Email, Organisation, Mobile number, Address) | The processing of your data is based on your explicit consent in accordance with Section 6 of the DPDP Act. | Website foundation course registrations |
Training & Certification Management:
|
| 6 | Visitor Management and In-premise Surveillance Data (e.g., name, phone number, CCTV footage) | The lawful basis for processing this data is your consent under Section 6 of the DPDP Act, along with legitimate use as permitted under Section 7 of the Act. | Visitor Management System, CCTV systems |
Physical Security & Safety Compliance:
|
| 7 | Vendor & Third-Party Sharing Data (Name, Phone Number, Email Address shared with authorized processors) | The processing of your data is based on your explicit consent in accordance with Section 6 of the DPDP Act. | IT service providers |
Operational Support & Service Delivery:
|
| 8 | Vendor & Business Partner Data (Representative name, firm name, designation, contact details, PAN, GST, bank details) | The processing of your data is based on your explicit consent in accordance with Section 6 of the DPDP Act. | emails, contracts |
Partner Coordination:
Commercial & Financial Processing: Operational Continuity: |
| 9 | Financial & Regulatory Compliance (e.g., PAN, Aadhaar, bank details, GST details, invoices, tax records) | The processing of your data is based on your explicit consent in accordance with Section 6 of the DPDP Act | Email, statutory filings |
Financial Operations and other regulatory Compliance:
|
As a Data Fiduciary under the Digital Personal Data Protection Act, 2023, DPDP Consultants engages authorised third parties (“Data Processors”) who process personal data strictly on our instructions. These partners are contractually obligated to maintain confidentiality, implement appropriate security controls, and process personal data only for the specific purposes defined by us.
We may share your personal data with different categories of processors to support our operations. Your personal data may be shared strictly for the purposes described in this Privacy Notice.
As a Data Principal, you have the following rights in relation to your personal data processed by DPDP Consultants:
You may request a summary of the personal data processed by us, including the categories of data, the purpose of processing, and details of third parties with whom the data has been shared. A copy of your personal data may be provided in electronic form, subject to applicable legal requirements and exceptions under the DPDP Act.
You have the right to request correction of inaccurate or incomplete personal data and to request erasure of personal data that is no longer required for the purpose for which it was collected, unless retention is required under applicable law.
You may raise grievances relating to the processing of your personal data or the exercise of your rights under the DPDP Act. DPDP Consultants has established a grievance redressal mechanism to address such concerns in a timely manner, in accordance with applicable law.
You may request the correction of inaccurate or incomplete personal data held by us, ensuring it remains accurate and current. Please inform us if your personal data changes during your association with us.
You have the right to nominate an individual to exercise your rights on your behalf in the event of death or incapacity, in accordance with the DPDP Act.
We will respond to data principal rights requests in accordance with the timelines prescribed under the DPDP Act, 2023.
For security purposes, identity verification may be required before processing any request. Where a request cannot be fulfilled, a reasoned response will be provided.
For any queries or to exercise your rights, you may contact DPDP Consultant’s Data Protection Officer at dpo@dpdpconsultants.com
Information and data files are stored on our servers and the servers of companies we hire to provide services to us. We use AWS Cloud, infrastructure to store such data, and the data is stored with strict security measures.
We understand that the security of your information is vital and have in place strong administrative, technical, and physical security controls and measures to keep data safe and secure. Our privacy practices are designed to provide protection for your personal information, all over the world. To protect information stored in our servers, through Amazon Web Service infrastructure at India, access is limited (through user/password credentials and two-factor authentication) to those employees who require it to perform their job functions. We use industry-standard Secure Socket Layer (SSL) encryption technology to safeguard the account registration process and sign-up information. Other security safeguards include but are not limited to multifactor authentication, data encryption, firewalls, and physical access controls to buildings and files We would like to caution our visitors about phishing attacks, wherein unscrupulous third parties seek to extract sensitive and confidential information from you by posing as a genuine website or by sending an email misrepresenting it to be from a genuine source. Please be aware that we never seek sensitive or confidential information such as regarding your financial or health record through emails or through our websites. If you receive such a message claiming to be from DPPD Consultants, then please do not reply to it and immediately bring it to our attention by contacting us at dpo@dpdpconsultants.com. DPDP Consultants also recognizes the receipt, transmission, or distribution of spam emails
We ensure that your Personal Data is accurate, up to date, and retained only for as long as necessary to fulfil the purposes for which it is collected, including providing access to and use of the website. Personal Data may also be retained as required to comply with applicable laws, regulations, legal obligations, resolve disputes, enforce agreements, or to establish, exercise, or defend legal claims.
Retention periods may vary depending on the nature of the Personal Data and the purpose of processing, and are determined in accordance with applicable statutory requirements, organisational retention policies, and limitation periods.
Once the relevant purpose has been fulfilled and the applicable retention period has expired, the Personal Data is securely deleted or anonymised in a systematic manner. Even after deletion from active systems, certain data may be retained in backup or archival systems for audit, legal, tax, or regulatory purposes, as permitted under applicable law.
DPDP Consultants primarily processes Personal Data within India. In the normal course of business, Personal Data is not transferred outside India. Where cross-border access or transfer is required in limited and specific circumstances, it is undertaken strictly in accordance with the Digital Personal Data Protection Act, 2023, and applicable directions issued by the Central Government.
Limited cross-border transfers may occur in connection with interactions involving overseas group entities, joint ventures, customers, vendors, or travel and logistics service providers, and only to the extent necessary for business purposes.
In all such cases, DPDP Consultants implements appropriate safeguards, including:
DPDP Consultants maintains transparency in its international data processing activities and undertakes cross-border transfers only where legally permitted and operationally necessary. For queries relating to cross-border data processing, you may contact the Data Protection Officer at dpo@dpdpconsultants.com.
This Privacy Notice is subject to modification in response to changes in our privacy practices or upon notification from governmental authorities. In the event of any amendments, the revised notice will be published on this website. Should there be significant changes affecting the processing of your personal data, we will notify you via email or through any other available communication channels.
Your websites may feature buttons or tools that link to services provided by other companies. We encourage you to review the privacy policies of these external sites, as they may have their own privacy notices in place. Please note that we cannot be held responsible for the privacy practices of these external sites.
You may exercise these rights by contacting our Data Protection Officer through the following means: Kindly login your request to access, correction and erasure, redressal and nomination through the principal rights page of our website Data Principals Rights
alternatively
Contact our DPO: dpo@dpdpconsultants.com
Address: 4th floor, Plot no 32-33, Sector 142, Noida, Uttar Pradesh 201304, India
We will respond within 90 working days or as prescribed under the DPDP Act. You may also approach the Data Protection Board of India if you are not satisfied with our response.
Date of Publication: 02/03/2026
Disclaimer
Individuals who are 18 years of age or older and possess the legal capacity are authorized to access our website and applications.