Pricoris

Privacy Notice

Home / Privacy Notice

Effective Date: 14th November 2025

Privacy at Pricoris

Pricoris LLP (“Pricoris”, “we”, “us”, “our”) is responsible for the personal data we collect and process for our own business purposes.

We are committed to protecting the privacy of individuals whose data we process in connection with:

  • our website and online forms,
  • our consulting, training and advisory services,
  • events, webinars and marketing,
  • employee and contractor administration,
  • finance and vendor management.

This Privacy Notice is issued in accordance with the Digital Personal Data Protection Act, 2023 (“DPDP Act”) and applicable rules.

1. Who we are – Data Fiduciary Details

Data Fiduciary:
Pricoris LLP
1002, Corporate Park, Sector 142, NOIDA – 201305, India

Primary contact for privacy:

  • Email: privacy@pricoris.com
  • Phone: +91 120 432 3179

Grievance Officer (DPDP Act):

  • Name: Sandhya Khamesra
  • Email: sandhya.khamesra@pricoris.com

You may contact us at these details for any privacy-related query, request or grievance.

2. Scope of this Notice

This Privacy Notice applies when we act as a Data Fiduciary under the DPDP Act, including:

  • visitors to our website and landing pages,
  • individuals who fill our online forms (e.g., training, readiness assessments, contact forms),
  • client and prospective client representatives,
  • participants in events, webinars, workshops and surveys,
  • associates, contractors and job applicants,
  • employees (to the extent not covered by a separate internal employee privacy notice).

It does not cover personal data that we process purely as a Data Processor on behalf of our clients (for example, when we help clients implement security/privacy controls on their own systems). In those cases, the client’s privacy notice will apply.

3. What personal data we collect

We generally collect and process business-related personal data. Examples:

• Identity & contact data

  • Name, designation, company name
  • Business email, phone number
  • Office/postal address

• Professional data

  • Role, department, skills, areas of responsibility
  • CV / profile / work history (for associates, contractors, applicants)

• Engagement & transaction data

  • Details of enquiries, proposals, statements of work, contracts
  • Invoices, payment and billing information (including bank account details of clients/suppliers where required)

• Website / communication data

  • Information you submit through forms or emails (e.g., training interest, readiness scores, questions)
  • Technical data from site usage (IP address, device, browser, basic analytics, where enabled)

• Survey and feedback data

  • Customer satisfaction survey responses
  • Testimonials and references (used only with your consent)

We do not intentionally collect sensitive personal data through our website forms. Please do not include information such as health data, financial credentials or government identifiers (e.g., Aadhaar) in free-text fields unless explicitly requested through a secure mechanism.

4. How we collect personal data

We collect personal data directly from you when you:

  • fill in a contact or enquiry form on our website,
  • register for a webinar, training or event,
  • participate in our readiness assessments or online diagnostics,
  • email us at info@pricoris.com, privacy@pricoris.com or other business email IDs,
  • exchange business cards or interact with us at conferences and industry events,
  • work with us as a client, supplier, contractor, associate or employee.

We may also receive personal data from:

  • your employer or colleagues (e.g., when they nominate you as a contact person),
  • professional networking platforms like LinkedIn,
  • referral partners or recruitment firms (for associates and applicants),
  • billing and accounting systems, payment processors and banks (for finance-related data).

5. Why we process personal data (purposes and legal bases)

Under the DPDP Act, we process personal data on the basis of:

  • Consent (where we seek your clear agreement)
  • Legitimate uses as permitted under the Act (e.g., employment, contractual performance, legal and compliance purposes)

5.1 Website enquiries and contact forms

Purpose:

  • To respond to your query, schedule discussions, share service/training details, and maintain context of interactions.

Typical data:

  • Name, company, designation
  • Email, phone
  • Subject + free-text description

Legal basis (DPDP):

  • Your consent when submitting the form
  • Legitimate use for entering into or performing a contract

Retention: Typically 2 years from last meaningful interaction unless legally required otherwise. You may withdraw consent or request deletion at privacy@pricoris.com.

5.2 Training, readiness assessments and consulting engagements

Purpose:

  • To register you for training/webinars
  • To run assessments (e.g., DPDP readiness, ISO 27001/27701) and share reports
  • To deliver consulting services to your organisation

Typical data:

  • Name, company, role, email, phone
  • Assessment responses, feedback

Legal basis:

  • Consent for inputs and sending reports
  • Legitimate use for contract performance or pre-contract steps

Retention: Contract term + up to 2 years unless law/contract requires more.

5.3 Prospective clients and business development

Purpose:

  • To manage leads, proposals and opportunities
  • To track communication and relationship history

Typical data:

  • Name, designation, company
  • Email, phone
  • Meeting notes, email exchanges

Legal basis: Legitimate use for business communication and contract-related engagement.

Retention: Typically 2 years from last interaction unless you become a client.

5.4 Financial management, accounting and administration

Purpose:

  • To issue invoices, process payments
  • To manage vendor/client accounts
  • To maintain statutory books/records

Typical data:

  • Names/contact details of client/supplier representatives
  • Billing addresses, bank details (where required)
  • Invoice/payment records

Legal basis:

  • Legitimate use for contract performance
  • Compliance with accounting/tax laws

Retention: Contract duration + typically 8 years (or longer if legally required).

5.5 Employees, associates and contractors

Purpose:

  • Recruitment, background checks (where applicable)
  • Onboarding, assignment management
  • Payment of fees/salary

Typical data:

  • Identity/contact data, CVs, skills, job history
  • Bank details, tax identifiers
  • References, certifications, insurance documents
  • Contractual records

Legal basis: Legitimate use for employment/contract performance + compliance with labour/tax laws.

Retention: Employment/engagement duration + legal retention periods. Additional details may appear in internal notices.

5.6 Marketing, newsletters and events

Purpose:

  • To send service/event information and thought-leadership
  • To invite you to webinars, talks, programmes

Typical data:

  • Name, company, designation
  • Email, interest areas
  • Event registrations

Legal basis:

  • Consent for marketing
  • Legitimate use for contacting existing/prospective business relationships

Retention: While subscribed or while a live business relationship exists. You may unsubscribe anytime.

5.7 Customer satisfaction surveys and testimonials

Purpose:

  • To request feedback and improve services
  • To use testimonials (only with explicit consent)

Legal basis:

  • Legitimate use to understand service quality
  • Consent for publishing testimonials

Retention: Survey responses retained up to 2 years. Testimonials retained while published or until consent is withdrawn.

6. Cookies and website analytics

Our website may use cookies and similar technologies to:

  • remember your preferences (e.g., language, layout),
  • understand basic usage patterns on our site,
  • secure login sessions where relevant.

Where analytics or marketing cookies are used, we will:

  • provide a cookie banner / notice, and
  • rely on your consent or your browser settings, as required.

You can block or delete cookies through your browser settings. This may affect some website features.

7. How long we retain your data

We retain personal data only for as long as necessary for:

  • the purposes described in this Notice, and
  • compliance with legal, accounting or regulatory requirements.

Retention periods differ by category (e.g., 2 years for general enquiries and prospect data; 8 years+ for financial records). Where specific retention is not mandated, we apply reasonable business and legal criteria and may anonymise or delete data after that period.

8. How we share personal data

We do not sell personal data.

We may share personal data with:

  • Service providers / Data Processors who support our operations, such as:
    • cloud and hosting providers,
    • email and collaboration tools,
    • CRM, invoicing and accounting platforms,
    • webinar/meeting platforms (e.g., Zoom/Teams).
  • Professional advisors (e.g., auditors, legal counsel), where required.
  • Regulators, courts or authorities, if legally obliged.

Where we use service providers as Data Processors, we require them to:

  • process personal data only under our instructions,
  • implement reasonable security measures, and
  • comply with confidentiality and data protection requirements.

9. Cross-border transfers

Pricoris is based in India. Our systems are primarily located in India, but some of our service providers or staff may be located in or may access systems from other countries.

Where personal data is accessed from or processed in a country outside India, we:

  • use reputable, security-conscious service providers, and
  • ensure that appropriate contractual and technical safeguards are in place.

You may contact privacy@pricoris.com if you wish to know more about cross-border safeguards for specific processing activities.

10. Security of your personal data

We take the security of personal data very seriously. We implement a combination of technical and organisational measures, such as:

  • access controls and role-based permissions,
  • secure transmission and encryption where appropriate,
  • strong authentication (including multi-factor authentication where feasible),
  • backup and continuity arrangements,
  • logging and monitoring of key systems, and
  • staff awareness and training on confidentiality and data protection.

However, no system can be guaranteed to be 100% secure. If we become aware of a personal data breach that is likely to cause harm, we will act in accordance with the DPDP Act and any applicable reporting obligations.

11. Your rights under the DPDP Act

As a Data Principal under the DPDP Act, you have certain rights in relation to your personal data, subject to conditions in the law. These include:

  • Right to access: To know whether we process your personal data and to access such data.
  • Right to correction and updating: To request correction, completion or updating of inaccurate or incomplete personal data.
  • Right to erasure: To request deletion of personal data when it is no longer necessary for the stated purpose, or when you withdraw consent and there is no other lawful basis.
  • Right to withdraw consent: Where processing is based on consent, you may withdraw consent at any time. Withdrawal will not affect past processing already carried out.
  • Right to grievance redressal: To lodge a grievance with our Grievance Officer and, where unresolved, escalate to the Data Protection Board of India in accordance with the DPDP Act.
  • Right to nominate: To nominate another individual to exercise your rights under the DPDP Act in the event of your death or incapacity.

To exercise these rights, please contact us at: privacy@pricoris.com or write to us at the postal address mentioned above.

We may need to verify your identity and may request additional details to locate your data. We aim to respond within timelines prescribed under the DPDP Act and applicable rules.

12. Grievance redressal

If you have any concerns or complaints regarding the processing of your personal data by Pricoris, you may contact:

Grievance Officer

Name: Sandhya Khamesra

Email: sandhya.khamesra@pricoris.com

We will review and respond to your grievance in good faith and in accordance with the DPDP Act. If you are not satisfied with our response, you may have the right to escalate the matter to the Data Protection Board of India once constituted and operational in accordance with the law.

13. Updates to this Notice

We may update this Privacy Notice from time to time to reflect changes in law, technology or our practices. The “Effective date” at the top indicates when it was last revised. We encourage you to review this page periodically.

14. How to contact us

For any question, request or concern relating to this Notice or our handling of personal data, you can contact:

  • Email: privacy@pricoris.com
  • Post: Privacy Officer, Pricoris LLP, 1002, Corporate Park, Sector 142, NOIDA – 201305, India
  • Telephone: +91 120 432 3179
Scroll to Top