Legal

Privacy Policy

Last updated: 1 July 2026

Primitra Consulting ("Primitra", "we", "us", "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit www.primitra.in or engage our consulting services. We act as a Data Fiduciary under India's Digital Personal Data Protection (DPDP) Act, 2023, and as a Data Controller under the EU GDPR for information we determine the purposes and means of processing.

1. Who we are

Primitra Consulting is a privacy and data-protection advisory firm based in Delhi, India and Ireland. For any privacy-related query, contact us at hello@primitra.in.

2. Information we collect

  • Contact details you submit through forms, the chat widget, or email — name, work email, company, phone number, and message content.
  • Booking & engagement data — appointments booked via Calendly, engagement scoping notes, and invoices.
  • Usage data — pages visited, referrer, device type, and approximate location, collected via first-party analytics and (with your consent) third-party analytics cookies.
  • Cookies & similar technologies — see our Cookie Policy.

3. How we use your data (purposes & legal basis)

  • Respond to enquiries and provide requested resources — consent / legitimate use.
  • Deliver consulting services under a signed engagement — performance of contract.
  • Send updates about DPDP Act developments if you opt in — consent.
  • Improve the website and secure our systems — legitimate interests / legal obligation.
  • Comply with legal obligations, including tax, accounting, and lawful requests.

4. Sharing your data

We share personal data only with:

  • Vetted data processors under written agreements — hosting (Lovable / Cloudflare), email delivery, CRM, analytics, scheduling (Calendly), and payments.
  • Professional advisors (auditors, lawyers) where necessary.
  • Government or regulatory bodies where required by law.

We do not sell your personal data.

5. International transfers

As we operate from India and Ireland, personal data may be transferred outside your country of residence. Transfers are protected by contractual safeguards (Standard Contractual Clauses where applicable) and by the DPDP Act's cross-border transfer framework.

6. Retention

We retain enquiry data for up to 24 months, client engagement records for the duration of the engagement plus 7 years (to meet tax and legal obligations), and marketing subscriptions until you unsubscribe.

7. Your rights

Subject to applicable law, you have the right to:

  • Access, correct, or update your personal data.
  • Request erasure of your personal data.
  • Withdraw consent at any time (without affecting prior lawful processing).
  • Nominate another individual to exercise your rights (DPDP Act, Sec. 14).
  • Raise a grievance with our team, and escalate to the Data Protection Board of India or your local Supervisory Authority.

To exercise any right, email hello@primitra.in. We will respond within statutory timelines.

8. Security

We apply reasonable technical and organizational safeguards — encryption in transit, access controls, least-privilege permissions, and vendor due diligence. No system is 100% secure; you share information at your own risk.

9. Children

Our services are intended for businesses. We do not knowingly collect personal data of children (under 18 in India). If you believe a child has provided data, contact us and we will delete it.

10. Changes to this policy

We may update this policy from time to time. Material changes will be notified on this page with a revised "Last updated" date.

11. Contact & grievance officer

Grievance Officer: Devashish Kakkar
Email: hello@primitra.in