Privacy Policy | ICS — Indus Certification & Standardisation

This Privacy Policy explains how Indus Certification & Standardisation (ICS) collects, uses, stores, and protects your personal data when you visit icscertification.in or contact us for regulatory and compliance services. We are committed to protecting your privacy in accordance with the General Data Protection Regulation (GDPR), India's Digital Personal Data Protection Act 2023 (DPDPA), and other applicable data protection laws.

1. Who We Are

Data Controller: Indus Certification & Standardisation (ICS)

Registered Office: Second Floor, 1151/3, 895-C/5, Plot No. 11, Ward No. 8, Mehrauli, India

Corporate Office: B 602, Platinum Heights, Ramprastha Greens, Vaishali, Ghaziabad, India

European Representative: ICS Netherlands, Abel Tasmanstraat 39, Almere, 1363KB, The Netherlands (KVK: 95183159)

Email: contact@icscertification.in

Phone: +91-9873100072

2. What Data We Collect

We collect the following categories of personal data:

2.1 Data You Provide Directly

Full name
Company name and country of origin
Email address
Phone number (if provided via WhatsApp or call)
Product and certification requirements you describe in enquiry messages
Any other information you voluntarily share in correspondence with us

2.2 Data Collected Automatically

IP address and approximate geographic location
Browser type and version
Pages visited and time spent on our website
Referring URL (how you arrived at our website)
Device type (desktop, mobile, tablet)

2.3 Data We Do Not Collect

We do not collect special category data (health, biometric, political opinions, religious beliefs), financial information, or data from children under 18. We do not sell, rent, or trade your personal data to third parties for marketing purposes.

3. Why We Collect Your Data (Legal Basis)

Purpose	Data Used	Legal Basis (GDPR)
Responding to enquiries and providing compliance advisory	Name, email, company, requirements	Legitimate interests / Contract performance
Sending project updates and certification status	Name, email, phone	Contract performance
Sending relevant regulatory newsletters (if opted in)	Email	Consent
Website analytics and performance improvement	IP, browser, usage data	Legitimate interests / Consent (cookies)
Legal compliance and record-keeping	All data	Legal obligation

4. Cookies

Our website uses cookies — small text files stored on your device. We use the following types:

4.1 Strictly Necessary Cookies

These are essential for the website to function and cannot be disabled. They do not store personally identifiable information. No consent is required for these cookies.

4.2 Analytics Cookies

We use Google Analytics to understand how visitors use our website — which pages are most visited, how long visitors stay, and where they come from geographically. This helps us improve our content and user experience. These cookies are only set after you provide consent via our cookie banner.

4.3 How to Control Cookies

You can withdraw cookie consent at any time by clicking the cookie settings link in the footer of any page. You can also disable cookies in your browser settings — however, this may affect the functionality of the website.

5. How We Share Your Data

We do not sell your data. We may share data with the following categories of recipients only where necessary:

Regulatory bodies: BIS, ARAI, WPC, CPCB, CDSCO, DGFT — when you engage ICS to file applications or represent you before these authorities, your details are shared as required by law.
Service providers: Email service providers, website hosting (Netlify), and analytics tools (Google Analytics) — all bound by data processing agreements.
ICS offices: Our Netherlands, South Korea, Thailand, and Nepal offices may access your data when coordinating on your programme.
Legal requirements: Where required by Indian law, EU law, or other applicable jurisdiction.

6. International Data Transfers

ICS operates globally with offices in India, Netherlands, South Korea, Thailand, and Nepal. When your data is transferred outside the European Economic Area (EEA), we ensure appropriate safeguards are in place — including Standard Contractual Clauses (SCCs) approved by the European Commission where applicable.

Our Netherlands office (KVK: 95183159) serves as our EU representative and point of contact for data protection matters relating to EU residents.

7. How Long We Keep Your Data

Data Type	Retention Period
Enquiry / contact form data (no engagement)	12 months
Client project data (active engagement)	Duration of engagement + 7 years
Email correspondence	7 years (legal and regulatory records)
Website analytics data	26 months (Google Analytics default)
Newsletter / marketing consent records	Until consent is withdrawn + 3 years

8. Your Rights

Under GDPR (for EU/EEA residents) and India's DPDPA, you have the following rights regarding your personal data:

Right of access — Request a copy of the personal data we hold about you
Right to rectification — Request correction of inaccurate or incomplete data
Right to erasure — Request deletion of your data (subject to legal retention requirements)
Right to restriction — Request that we limit how we use your data
Right to data portability — Receive your data in a structured, machine-readable format
Right to object — Object to processing based on legitimate interests or for direct marketing
Right to withdraw consent — Withdraw any consent you have given at any time

To exercise any of these rights, contact us at: contact@icscertification.in with the subject line "Data Privacy Request". We will respond within 30 days.

9. Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, destruction, or alteration. Our website is served over HTTPS with SSL/TLS encryption. Access to client data is restricted to ICS personnel who need it to deliver our services.

In the event of a data breach that poses a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and inform affected individuals without undue delay.

10. Complaints

If you believe we have not handled your data correctly, you have the right to lodge a complaint with the relevant supervisory authority:

EU residents: Your local Data Protection Authority, or the Dutch Autoriteit Persoonsgegevens (AP) — autoriteitpersoonsgegevens.nl
Indian residents: The Data Protection Board of India (once operational under DPDPA 2023)

We would always appreciate the opportunity to resolve any concern directly — please contact us first at contact@icscertification.in.

11. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. The "Last updated" date at the top of this page indicates when the policy was last revised. We will notify active clients of material changes by email.

12. Contact Us

For any privacy-related queries, data subject requests, or concerns:

Email: contact@icscertification.in
Phone: +91-9873100072
Post: B 602, Platinum Heights, Ramprastha Greens, Vaishali, Ghaziabad, India
EU Contact: Abel Tasmanstraat 39, Almere, 1363KB, The Netherlands