Home
NextSaaS
Home - Privacy Statement

Privacy Statement

GDPR CONSULTANTS’ PRIVACY STATEMENT

At GDPR Consultants (“we,” “our,” or “us”), we value your privacy and are committed to protecting the personal information of our customers, service users, and website visitors. This Privacy Statement reflects our adherence to the General Data Protection Regulation (GDPR) and outlines how we collect, use, disclose, and secure your personal data.

We collect and process personal data to provide efficient services, enhance your experience, and ensure transparency in all interactions. This Statement applies to:

  • Our websites https://www.gdprconsultants.in/
  • Services provided by GDPR Consultants
  • Marketing activities and communications
  • Interactions with us, including downloading resources.

This Privacy Statement applies to personal information collected by GDPR Consultants in its capacity as a data controller, as we determine the purposes and means of processing personal data. The purpose of this Privacy Statement is to inform you about how we collect, use, disclose, and store information that can identify you as an individual.

Please note that our services and website are not intended for children under 16 years of age, and we do not knowingly collect personal data from minors. Any such data discovered will be deleted promptly.

Effective Date: 30 September 2025
    1. How Does GDPR Consultants Protect Your Personal Data?
  • At GDPR Consultants, we prioritize the privacy and security of your personal data. Our goal is to ensure that you can trust your information is handled safely whenever you interact with us.
  • We safeguard personal data in full compliance with applicable data protection laws and our internal privacy policies and procedures.
  • Additionally, we implement robust technical and organizational measures designed to prevent unauthorized or unlawful processing, accidental loss, alteration, disclosure, damage, or destruction of your personal data.
    2. Which Categories of Personal Data Do We Collect and How Is It Processed?
  • GDPR Consultants collects personal data from individuals, including our employees, clients, their current, former, or prospective employees and directors, suppliers, business partners, shareholders, and users of our website.
  • In cases where we collect personal data not explicitly mentioned in this Privacy Statement, we will provide clear notice to the relevant individuals, as required by law, detailing the additional data being collected and the purposes for which it will be used.
    2.1 Information We Automatically Collect
  • When you access our website, we may automatically gather certain information about your device and online activity. This can include details such as your device’s IP address, the pages you visit, and the time and duration of your visit.
  • We may also use analytics tools to better understand website usage and improve user experience. For more information on how we use such tools, please refer to our Cookie Policy.

The table below outlines the categories of personal data we collect, the purposes for which we process it, and the corresponding legal basis under GDPR:

Sr. No. Category of Personal Data Types of personal information collected by category Purpose Legal Basis
1. Personal Information from Website Visitors Name, email, phone number (via "Contact Us" forms) To respond to inquiries Consent (to communicate with users)
2. Support and Maintenance Information Name, email, phone number, payment details, eligibility information To provide support and maintain products or services Contractual necessity (to deliver services)
3. Usage Information (Online Products & Applications) IP address, device type, browser details, search terms For website functionality, analytics, and service improvements Legitimate interest (to improve services and website functionality)
4. Marketing Campaign Emails Email activity data (email opened, links clicked) To improve marketing strategies and engagement Consent (for direct marketing)
5. Social Media Interactions Information about interactions with buttons or tools, browser data To understand user engagement and improve user experience Legitimate interest (enhancing user experience)
6. Hosted Services (Third party Service Providers) Data processed by technology services (e.g., web hosting, analytics) To provide technology services and maintain product offerings Contractual necessity / Legitimate interest
7. Customisation and contact information for Newsletter Name, Email Address To provide personalization of newsletters, newsletters updates and Managing subscriptions Consent (for communication/ marketing)
8. Legal Obligations PI required by court orders or legal processes Legal compliance Legal obligation
9. Mergers and Acquisitions Customer PI (if transferred) Continuity of service during company mergers or acquisitions Legitimate interest / Contractual necessity

We will process your personal data for the purposes described above based on your prior consent, where such consent is required under applicable law.

If you are asked to select or click options such as “I accept,” “I agree,” or similar checkboxes or buttons in connection with a privacy statement, your action will be considered as providing consent to process your personal data, only to the extent that such consent is legally required.

We will not use your personal information for any purposes that are inconsistent with those you have been informed about, except where processing is required or permitted by law.

3. How Do We Safeguard and Process Your Sensitive Personal Data?

We typically do not collect sensitive personal information referred to as special category data under EEA regulations through this site or other interactions. In exceptional cases where such information is needed, it will be collected and processed only in strict compliance with applicable data protection laws, and your explicit consent will be obtained wherever legally required.

Sensitive personal data covers types of information that require extra protection due to their nature. For more details, please refer to the Definitions section.

4. Who Do We Share Your Personal Data With?

GDPR Consultants may be required to share personal data with third parties under certain circumstances. This sharing occurs only when necessary and in compliance with applicable laws and internal data protection standards.

4.1 Legal and Regulatory Requirements

We may disclose personal data when required:

  • To comply with court orders, legal processes, statutes, or regulations.
  • For reasons of national security or law enforcement, where disclosure is legally mandated or justified under our legitimate interests.



4.2 Business Transfers

In the event of a merger, acquisition, or sale of assets:

  • Personal data may be transferred as part of the assets involved in the transaction.
  • We will only transfer personal data to the extent necessary to maintain continuity of services.
  • The acquiring entity must uphold the same level of data protection as GDPR Consultants.
  • Where legally required, we will provide notice and an opportunity for individuals to opt out of the transfer of identifiable personal data.
4.3 Sharing with Service Providers and Affiliates

GDPR Consultants may share personal data with service providers, vendors, consultants, affiliates, or clients for legitimate business purposes, including operations, marketing, and service delivery. This may include transfers to third parties located in other countries. Before sharing, we ensure:

  • Personal data receives protection consistent with GDPR and relevant data privacy laws.
  • Contracts with third parties require compliance with these privacy standards.

    • Examples of such sharing include:

    Vendors, consultants, and service providers:
  • Website analytics and technical support services.
  • Marketing and sales platforms, only to the extent necessary.
  • Payment service providers, for processing payments, refunds, and related inquiries.
    • Cross-border transfers:
  • Transfers of EU personal data to third parties are carried out in full compliance with applicable privacy laws, including the GDPR. Unless explicitly notified otherwise, any transfer of your personal data from within the European Economic Area (EEA) to recipients outside the EEA will be based on an adequacy decision or governed by standard contractual clauses. Any other transfers of personal data to non-EEA countries will be conducted in accordance with relevant international data transfer mechanisms and standards.
  • In all cases, GDPR Consultants ensures that third parties maintain appropriate security and privacy measures to protect personal data.
5. How Long Do We Retain Personal Data?

GDPR Consultants retains personal data only for as long as necessary to fulfil the purposes for which it was collected. Our retention practices are guided by regulatory requirements and internal records management policies to ensure timely and secure deletion of data.

We retain personal data:

  • For the duration of the relevant processing activities and our ongoing relationship with you.
  • As long as necessary to provide the services you have requested.
  • To meet any applicable legal or regulatory obligations.

    • Once personal data is no longer required for these purposes, it is securely deleted or anonymized in accordance with GDPR principles.

6. Where Do We Store This Data?

Information and data files are stored on our servers and the servers of companies we hire to provide services to us. We use AWS Cloud, infrastructure to store such data, and the data is stored with strict security measures. We do not share, sell, or lease any kind of information collected to any third parties.

7. How do we secure the information collected?

At GDPR Consultants, we understand that the security of your personal information is essential. To ensure this, we have implemented robust administrative, technical, and physical security measures designed to protect your data globally.

Our privacy practices are structured to safeguard your personal information, with access to information stored on our servers hosted through Amazon Web Services (AWS) in India restricted to authorized employees who require it for their job responsibilities. Access is secured using user/password credentials and two-factor authentication.

We employ industry-standard Secure Socket Layer (SSL) encryption to protect account registration and sign-up information. Additional security measures include multi-factor authentication, data encryption, firewalls, and strict physical access controls to buildings and files.

We caution our visitors about phishing attacks, where malicious third parties attempt to obtain sensitive information by impersonating legitimate websites or sending deceptive emails. GDPR Consultants will never request sensitive data, such as financial or health information, via email or our websites. If you receive any such communication claiming to be from GDPR Consultants, please do not respond and immediately report it to dpo@gdprconsultants.in

We also recognize the risk posed by spam emails and have implemented reasonable measures to minimize their transmission and impact within our computing environment.

In addition, we are certified under ISO 27001:2022, reflecting our commitment to the highest international standards of information security. This globally recognized certification defines the requirements for an Information Security Management System (ISMS) and confirms that GDPR Consultants’ processes and controls provide a strong framework to safeguard both our clients’ information and our own organizational data.

8. How Is Your Personal Information Transferred Internationally

Personal data you provide to us via our website or social media may be transferred to and processed in India or other countries, including on our service providers’ cloud servers (such as AWS). We implement appropriate safeguards to ensure your information is protected in accordance with this Privacy Statement, regardless of where it is processed.

GDPR Consultants will notify any third parties with whom your personal data has been shared of any changes, withdrawal requests, or objections, and will apply suitable policies, procedures, or mechanisms to address them.

9. What Are Your Rights Regarding the Processing of Personal Data?

Under the European Union’s General Data Protection Regulation (GDPR), you have certain rights regarding the personal data you share with us when we act as the data controller. Subject to applicable laws, conditions, and any legal exceptions, you are entitled to exercise the following rights with respect to your personal data:

  • Right to be Informed: You have the right to know how your personal data is being collected and processed.
  • Access Your Personal Data: You have the right to know if GDPR Consultants holds any personal data about you and, if so, to receive details about that data along with a copy.
  • Rectify Your Personal Data: You can request corrections to your personal data if it is inaccurate, incomplete, or outdated.
  • Object to Processing: You may ask GDPR Consultants to stop processing your personal data in certain situations, including when processing is based on legitimate interests.
  • Request Erasure: You have the right to request that your personal data be deleted, particularly when it is no longer needed for the purposes for which it was collected.
  • Restrict Processing: You can request that the processing of your personal data be limited under specific circumstances, such as when you contest the accuracy of the data or withdraw consent.
  • Data Portability: You are entitled to receive your personal data in a structured, commonly used, and machine-readable format and, where technically feasible, request that it be transferred directly to another data controller.
  • The right to refuse to be subjected to automated decision making, including profiling: You have the right not to be subject to automated decision making and insist on human intervention if the decision is based on automated processing and produces a legal effect or a similarly significant effect on you.

    • Processing of your personal data is based on your consent; you may withdraw that consent at any time by contacting dpo@gdprconsultants.in.

    Withdrawing consent will not affect the lawfulness of any processing carried out before the withdrawal, nor does it prevent GDPR Consultants from continuing processing activities that are based on other lawful grounds.

    If you believe that your data privacy rights have been violated, we encourage you to first contact GDPR Consultants so we can address and resolve your concerns. You also have the right to lodge a complaint directly with the relevant supervisory authority or to initiate a claim before a competent court in the country where you reside, work, or where applicable data protection laws may have been breached.

    For requests regarding erasure, rectification, or access rights of personal data can be submitted directly. Any other data subject rights can be exercised by reaching out to us.

10. Updates to Privacy Statement

We’re constantly trying to improve our Websites and Services, so we may need to change this Privacy Statement from time to time as well. We will inform you regarding material changes, for example, placing a notice on our websites when we are required to do so by applicable law. You can see when this Privacy Statement was last updated by checking the date at the top of this page. You are responsible for periodically reviewing this Privacy Statement.

10. Notification of Changes

If we decide to change our Privacy Statement, we will post those changes on this page, so our users are always aware of the information we collect and how we use it. If at any point we decide to use personally identifiable information in a manner different from that stated at the time it was collected, we will notify users by way of an email. Users will have a choice as to whether we use their information in this different manner. We will use information in accordance with the Privacy Statement under which the information was collected. Where links are provided to other websites it should be noted that they are not and cannot be governed by our Privacy Statement. We cannot guarantee your privacy when you access other websites through any link provided on this website.

12. How to Contact Us

For any questions, concerns, or complaints regarding the handling of your personal data by GDPR Consultants, please reach out to us at info@gdprconsultants.in . We are committed to protecting the privacy of all individuals equally and ensuring that your personal information is handled responsibly and securely.

If you feel that your concern has not been properly addressed, you have the right to raise a complaint with the appropriate data protection authority in your country. Your privacy is important to us, and we value the trust you place in GDPR Consultants.

13. Definitions
  • Associates: Refers to employees, officers, directors, independent contractors, job applicants, end customers, or any representatives of GDPR Consultants.
  • Consent The freely given, specific, informed, and unambiguous indication of a Data Subject’s wishes by which they, through a statement or clear affirmative action, agree to the processing of personal data relating to them.
  • Data Subject: A data subject is an identified or identifiable natural person to whom personal data relates. This includes any living individual who can be identified, directly or indirectly, through information such as a name, identification number, location data, an online identifier, or factors relating to their physical, psychological, genetic, economic, cultural, or social identity.
  • Legitimate Interest The reasonable grounds GDPR Consultants relies on to process personal data. When processing is based on legitimate interest, we ensure that our interests are not overridden by the rights and freedoms of the Data Subject. This assessment considers:
    • Transparency in processing activities.
    • Privacy by design and default.
    • Regular privacy reviews.
  • Personal Data: Any information relating to an identified or identifiable natural person (‘Data Subject’). An identifiable person is one who can be directly or indirectly identified, for example, by reference to identifiers such as a name, identification number, location data, online identifier, or factors specific to their physical, physiological, genetic, mental, economic, cultural, or social identity. Examples include full name, government ID, passport number, bank account details, email address, location information, or other personal characteristics.
  • Processing: Any operation or set of operations performed on personal data, whether automated or manual, including collection, recording, organization, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, alignment, combination, restriction, erasure, or destruction.
  • Processor: A natural or legal person, public authority, agency, or other entity that processes personal data on behalf of GDPR Consultants.
  • Third party: Third party means a natural or legal person, public authority, agency or body other than the data subject, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.
  • Sensitive Personal Data: Special categories of personal data that require heightened protection, including information about racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, physical or mental health, biometric or genetic data, sexual orientation or life, and criminal convictions or offenses, including suspected criminal activity.
  • Supervisory authority: Supervisory authority means an independent public authority which is established by a Member State.