Contact Us Request Consultation

Privacy Policy

Contents

Version 1.0 — Last Updated: April 2026

Introduction

Signisys Consultancy Services (“Signisys,” “Company,” “we,” “us,” or “our”) is committed to protecting the privacy and security of your personal data. We recognise that privacy is a fundamental right and that the responsible handling of personal information is critical to maintaining trust with our clients, partners, employees, and website visitors.

This Privacy Policy describes how we collect, use, store, disclose, transfer, and protect personal information when you visit our website (www.signisys.com), interact with our digital platforms, use our consulting and technology services, attend our events or webinars, apply for employment, subscribe to our publications, or engage with us in any other capacity.

By accessing our website or providing your personal information to us, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of our website and services immediately.

Scope and Applicability

This Privacy Policy applies globally to all personal data collected, processed, or stored by Signisys, regardless of the medium or method of collection. Signisys is incorporated and operates from India, and serves clients across the globe. All personal data collected through our website, services, and interactions is primarily processed and stored in India.

This policy covers personal data collected through our website at www.signisys.com, including all subdomains, microsites, and web applications; our CyberPedia knowledge base and blog platforms; service engagement processes, including proposals, contracts, and project delivery; recruitment and employment application processes; marketing communications, newsletters, and email campaigns; events, webinars, workshops, and conferences hosted or co-hosted by Signisys; contact forms, consultation requests, and inquiry submissions; and social media interactions on platforms where Signisys maintains a presence.

This policy applies to all categories of individuals whose personal data we process, including website visitors and users from any country, prospective and existing clients (whether located in India or internationally), client employees and representatives, job applicants and candidates, newsletter and publication subscribers, webinar and event attendees, business partners, vendors, and suppliers, and any other individuals who interact with Signisys.

Definitions

For the purposes of this Privacy Policy, the following terms have the meanings set out below. Terms from both the Digital Personal Data Protection Act, 2023 (DPDPA) and internationally recognised data protection frameworks are used to ensure clarity for all users regardless of location.

“Personal Data” means any information relating to an identified or identifiable natural person, including but not limited to names, email addresses, phone numbers, IP addresses, and device identifiers. “Processing” means any operation performed on personal data, whether automated or manual, including collection, recording, organisation, structuring, storage, adaptation, alteration, retrieval, consultation, use, disclosure, dissemination, alignment, combination, restriction, erasure, or destruction. “Data Fiduciary” (referred to as “Data Controller” in other jurisdictions) means the entity that determines the purposes and means of processing personal data — in this context, Signisys Consultancy Services. “Data Processor” means an entity that processes personal data on behalf of the Data Fiduciary. “Data Principal” (referred to as “Data Subject” in other jurisdictions) means the identified or identifiable natural person to whom the personal data relates. “Consent” means any freely given, specific, informed, and unambiguous indication of a Data Principal’s agreement to the processing of their personal data. “Consent Manager” means a person registered with the Data Protection Board of India who acts as a single point of contact to enable Data Principals to give, manage, review, and withdraw consent through an accessible, transparent, and interoperable platform, as defined under the DPDPA. “Sensitive Personal Data or Information” (SPDI) as defined under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, includes passwords, financial information, physical and mental health conditions, sexual orientation, medical records, and biometric information. Note: The DPDPA 2023 does not maintain a separate category for sensitive personal data and treats all personal data uniformly.

Information We Collect

Information You Provide Directly

Identity and contact information: Full name, job title, designation, and department; business email address, personal email address, and phone numbers; company or organisation name, industry, and company size; mailing address, city, state, country, and postal code; LinkedIn profile URL or other professional networking details.

Service engagement information: Project requirements, business objectives, and technical specifications; procurement and vendor onboarding documentation; contractual terms, service level agreements, and statements of work; feedback, testimonials, and case study participation consent.

Recruitment information: Resume or curriculum vitae, cover letter, and portfolio; educational qualifications, certifications, and professional licences; employment history, references, and background verification details; salary expectations, notice period, and availability; responses to assessment tests, technical evaluations, and interviews.

Communication data: Messages, queries, and feedback submitted through contact forms, email, or telephone; webinar registration details and participation data; event registration, attendance, and feedback responses; newsletter subscription preferences and communication opt-ins; survey responses, poll participation, and feedback submissions.

Financial information: Billing address and invoice details; payment method information (processed securely through third-party payment processors — we do not store complete payment card details); tax identification numbers and GST details (for business engagements); purchase order numbers and procurement references.

Information Collected Automatically

Device and browser information: Internet Protocol (IP) address (which may indicate your approximate geographic location); browser type, version, and language preferences; operating system, platform, and device type (desktop, mobile, tablet); screen resolution and display settings; device identifiers and hardware attributes.

Usage and navigation data: Pages visited, content viewed, and features used; date, time, and duration of your visit; referring website URL, search engine, or campaign source; click patterns, scroll depth, and interaction events; search queries entered on our website; file downloads and resource access patterns.

Technical data: Connection type, speed, and internet service provider; server logs, error reports, and diagnostic data; page load times and performance metrics.

Information from Third-Party Sources

We may receive personal information about you from publicly available sources such as professional networking platforms (LinkedIn), company websites, and business directories; our technology partners, including AWS, Microsoft Azure, Fortinet, Palo Alto Networks, and Trend Micro; event and webinar hosting platforms; analytics and advertising platforms (such as Google Analytics and LinkedIn Campaign Manager); recruitment agencies, job portals, and professional referrals; and credit reporting agencies and business verification services.

How We Use Your Information

We process your personal data for service delivery, including delivering, managing, and improving our consulting, cloud, cybersecurity, and infrastructure services; managing client relationships, accounts, and billing; providing technical support and incident resolution; and fulfilling contractual obligations.

We process your data for communication and marketing, including responding to queries and service inquiries; sending marketing communications and thought leadership content (with your consent); delivering newsletters, blog updates, and CyberPedia notifications; inviting you to events and webinars; and personalising content and recommendations.

We process your data for recruitment, including evaluating applications, conducting interviews and assessments, and maintaining a talent pool (with consent).

We process your data for website operations, including analysing traffic and user behaviour, diagnosing technical issues, personalising your experience, and conducting A/B testing.

We process your data for legal and compliance purposes, including complying with applicable laws and regulations, enforcing our Terms and Conditions, detecting and preventing fraud and security incidents, and responding to lawful requests from governmental authorities.

Legal Basis for Processing

Consent: Where you have provided explicit consent for a specific processing activity (e.g., subscribing to our newsletter or opting in to marketing communications). You may withdraw consent at any time without affecting the lawfulness of prior processing.

Deemed Consent / Legitimate Purposes: Under Section 7 of the DPDPA 2023, consent is deemed to have been given in certain circumstances, including where processing is necessary for the performance of a contract, compliance with Indian law, response to a medical emergency, employment-related purposes, or for other legitimate purposes as may be prescribed by the Central Government. We may process your personal data under deemed consent where applicable.

Contractual necessity: Where processing is necessary for the performance of a contract to which you are a party, or to take pre-contractual steps at your request.

Legitimate interests: Where processing is necessary for our legitimate business interests (improving services, marketing, security, analytics), provided those interests are not overridden by your fundamental rights and freedoms. This basis applies to the extent recognised under applicable law.

Legal obligation: Where processing is necessary to comply with a legal or regulatory obligation, including tax reporting, audit requirements, and breach notification laws.

Data Sharing and Disclosure

Signisys does not sell, rent, lease, or trade your personal information to third parties for their independent use.

Service providers and data processors: We engage carefully selected third-party service providers who process personal data on our behalf and under our instructions, including cloud infrastructure and hosting providers (AWS, Microsoft Azure), email delivery and marketing automation platforms, CRM systems, analytics tools, payment processors, recruitment platforms, event management platforms, and IT security services. All service providers are subject to data processing agreements and regular compliance assessments.

Technology partners: In connection with our partnerships with AWS, Microsoft Azure, Fortinet, Palo Alto Networks, and Trend Micro, we may share limited information where necessary for joint service delivery, partner certification, co-marketing (with consent), and technical support escalation.

Legal and regulatory disclosure: We may disclose your personal data when required by applicable law, court order, or governmental request; when necessary to enforce our Terms or protect our rights; when necessary to detect or prevent fraud or security breaches; and when required to protect safety.

Business transfers: In the event of a merger, acquisition, reorganisation, or asset sale, your personal data may be transferred to the acquiring entity with continued protection.

Data Storage and International Considerations

Signisys is based in India, and all personal data is primarily processed and stored on servers located in India. Our third-party service providers (including AWS and Microsoft Azure) may process or store data on servers located outside India.

If you are accessing our website or services from outside India, your personal data will be transferred to and processed in India. By using our website or providing your data, you consent to such transfer. Where data is processed by service providers outside India, we ensure appropriate safeguards through data processing agreements, technical security measures, and selection of providers with industry-standard certifications.

Data Retention

We retain personal data only for as long as necessary. Specific periods include: website analytics and cookie data — up to 26 months; marketing and subscription records — until unsubscribe or deletion request; client engagement records — duration plus 7 years (Indian regulatory requirements); financial, billing, and tax records — 8 years (income tax and GST regulations); job application data — up to 2 years; event and webinar data — up to 3 years; and correspondence and support records — up to 3 years. When no longer required, data is securely deleted, destroyed, or anonymised.

Data Security

Technical safeguards: Encryption in transit (TLS 1.2+) and at rest (AES-256); firewalls, IDS/IPS; WAF and DDoS protection; multi-factor authentication; vulnerability assessments and penetration testing; secure SDLC; SIEM and threat monitoring; and endpoint protection.

Organisational safeguards: Role-based access controls; information security policies; mandatory employee training; confidentiality agreements; incident response and breach notification procedures; data protection impact assessments; vendor assessments; physical security; and disaster recovery planning.

Data Breach Notification

In the event of a personal data breach that is likely to cause harm to a Data Principal, Signisys will notify the Data Protection Board of India and affected Data Principals as required under the Digital Personal Data Protection Act, 2023 and applicable rules, without undue delay. We maintain documented incident response procedures to ensure timely detection, containment, assessment, and notification of data breaches.

Your Rights as a Data Principal

Under the DPDPA 2023 and other applicable laws, you may exercise the following rights:

Right to access: You have the right to obtain confirmation of whether we process your personal data, and to request a summary of such data and the processing activities.

Right to correction and erasure: You have the right to request correction of inaccurate or misleading personal data, completion of incomplete data, updating of outdated data, and erasure of personal data that is no longer necessary for the purpose for which it was collected.

Right to grievance redressal: You have the right to register a grievance with Signisys regarding our processing of your personal data (see Grievance Redressal section below).

Right to nominate: Under Section 14 of the DPDPA 2023, you have the right to nominate another individual to exercise your rights on your behalf in the event of your death or incapacity.

Right to withdraw consent: Where processing is based on your consent, you may withdraw consent at any time. Withdrawal does not affect the lawfulness of processing carried out prior to withdrawal. We will cease processing within a reasonable period following your withdrawal request.

For users in jurisdictions that recognise additional rights (such as the right to data portability, the right to restrict processing, or the right to object to processing), we will honour such rights to the extent applicable to our processing of your personal data.

To exercise any of these rights, please contact us at privacy@signisys.com. We will acknowledge your request within 48 hours and respond within 30 days.

Duties of Data Principals

Under Section 15 of the DPDPA 2023, Data Principals have certain duties, including the duty to not provide false or misleading personal data or suppress material information when providing personal data for a specified purpose; the duty to not impersonate another person while providing personal data; the duty to not register a false or frivolous grievance or complaint with the Data Fiduciary or the Data Protection Board of India; and the duty to furnish only verifiably authentic information when exercising the right to correction or erasure.

Children’s Privacy

Our website and services are not intended for individuals under 18. We do not knowingly collect data from children. Under the DPDPA 2023, processing of personal data of a child (defined as an individual under 18 years of age) requires verifiable consent from a parent or lawful guardian. If we discover we have collected data from a child without appropriate consent, we will delete it immediately.

Third-Party Links and Social Media

Our website may contain links to third-party websites. We do not control these sites and are not responsible for their privacy practices. We encourage you to review their privacy policies before providing information.

Applicable Law and Compliance

Signisys processes personal data in accordance with the laws of India, including the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023 (DPDPA), as applicable.

While Signisys operates from India, we serve clients and website visitors globally. Where we process personal data of individuals in other jurisdictions, we are committed to respecting the data protection principles applicable in those jurisdictions to the extent reasonably practicable. All processing is governed by Indian law and subject to the jurisdiction of courts in India.

Changes to This Privacy Policy

We may update this Privacy Policy at any time. Changes will be posted on this page with a revised version number and effective date. We will not reduce your rights without your explicit consent. For material changes, we will provide additional notice via email or website notification.

Contact Us

Signisys Consultancy Services
Data Protection Inquiries
Email: privacy@signisys.com
Website: www.signisys.com/contact

We will acknowledge receipt within 48 hours and respond within 30 days.

Grievance Redressal

In accordance with the Information Technology Act, 2000, the IT Rules 2011, and the Digital Personal Data Protection Act, 2023, Signisys has appointed a Grievance Officer to address concerns, complaints, or grievances relating to personal data processing or any alleged breach of this Privacy Policy. Grievances should be submitted in writing and will be addressed within one month of receipt.

Grievance Officer
Signisys Consultancy Services Private Limited
Email: grievance@signisys.com

If you are not satisfied with our resolution, you may escalate your concern to the Data Protection Board of India as constituted under Section 18 of the Digital Personal Data Protection Act, 2023, or to any other relevant regulatory authority in your jurisdiction.