Privacy Policy | Helioustin

Privacy Policy – Helioustin

Effective Date: [24/1/24]

Helioustin (“we,” “our,” or “us”), a consulting and research firm, values your trust and is committed to protecting the confidentiality, integrity, and availability of your personal and business data. This Privacy Policy outlines our practices under the laws of India, including the Digital Personal Data Protection Act, 2023 (“DPDP Act”), and international standards such as the General Data Protection Regulation (GDPR) and ISO 27001 for Information Security Management.

1. Scope & Applicability

This policy applies to:

Clients, partners, vendors, and website visitors interacting with Helioustin.
Data collected through our website, digital platforms, research engagements, and consulting services.
Both Indian and international users, ensuring compliance with local and global regulations.

2. Information We Collect

We may collect:

Personal Data: Name, email address, phone number, and other identifiers.
Business Data: Company name, operational metrics, research materials, and project documentation.
Technical Data: IP address, browser type, device identifiers, and usage analytics.
Sensitive Data (if applicable): Only with explicit consent, in compliance with DPDP Act & GDPR Article 9.

3. Purpose of Processing

We process your data to:

Deliver and enhance consulting and research services.
Conduct industry research and analytics.
Communicate reports, updates, and project progress.
Meet contractual, legal, and regulatory obligations.
Maintain ISO 27001-compliant security standards for data confidentiality and integrity.

4. Lawful Basis for Processing

Under GDPR, our lawful bases include:

Consent (Article 6(1)(a))
Contractual necessity (Article 6(1)(b))
Legal obligation (Article 6(1)(c))
Legitimate interest (Article 6(1)(f))

Under the DPDP Act, we process data based on consent or for legitimate uses permitted by law.

5. Data Sharing & Disclosure

We do not sell personal data. We may share information with:

Authorized Internal Teams for service execution.
Trusted Service Providers under strict confidentiality agreements.
Regulatory or Legal Authorities as required under applicable laws.
Cross-Border Transfers with adequate safeguards as per GDPR Chapter V and DPDP Act provisions.

6. Data Security & ISO 27001 Compliance

We maintain an ISO 27001-certified Information Security Management System (ISMS) that includes:

Access controls and encryption measures.
Regular risk assessments and penetration testing.
Employee training on data protection and security protocols.

7. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy or as required by law. Retention schedules are documented as per ISO 27001 control requirements.

8. Your Rights

Depending on jurisdiction, you may have the right to:

Access and obtain a copy of your data.
Correct inaccurate or incomplete data.
Request deletion (“Right to be Forgotten” under GDPR & DPDP Act).
Restrict or object to processing.
Data portability (GDPR Article 20).

To exercise these rights, contact us via the details below.

9. Cookies & Tracking

We use cookies and tracking technologies to improve website performance and analytics. You can manage preferences through your browser settings or opt-out where legally required.

10. International Transfers

Where data is transferred outside India or the EU, we ensure compliance with:

GDPR adequacy decisions or standard contractual clauses (SCCs).
DPDP Act cross-border data transfer rules.
ISO 27001 Annex A controls for secure transmission.

11. Policy Updates

We may update this Privacy Policy periodically to reflect legal, technological, or operational changes. Updates will be posted on our website with the new effective date.

12. Contact Us

For privacy concerns or data rights requests, contact:

Helioustin
Email: helioustin.tushar@zohomail.in
Phone: [9205072074]
Address: [Remote]
Data Protection Officer (DPO): [Tushar Srivastava]