Privacy Policy

1. Introduction

SpicyPrivacy (referred to as "we", "us", or "our") is a data privacy consultancy and training provider operated by Imagine Huge Private Limited. This Privacy Policy explains how we collect, use, disclose, store, and protect personal data when you visit our website (the "Site") or engage with our services. By accessing the Site or using our services, you consent to the practices described in this Policy. If you do not agree with this Policy, do not use the Site or provide personal data to us.

2. Scope and Applicability

This Policy applies to individuals who interact with SpicyPrivacy from within India. For residents of the European Union, processing of personal data will be carried out in accordance with the General Data Protection Regulation (GDPR). For residents of India, processing will be governed by the Digital Personal Data Protection Act, 2023 (DPDP Act). Where local law affords greater protection, the higher standard will apply.

3. Controller and Contact Details

Data Controller: Imagine Huge Private Limited, trading as SpicyPrivacy.
Primary contact for privacy inquiries and rights requests: team@spicyprivacy.com.
Grievance Officer: SpicyPrivacy, email: team@spicyprivacy.com.

4. Information We Collect

We collect the following categories of personal data:

• Personal Data you provide directly:
  • Name
  • Email address
  • Telephone number
  • Job title and employer
  • Company name
  • Information submitted through contact forms, consultation requests, registrations, or correspondence
  • Materials or content shared during consultancy, training, or research engagements
• Usage and Technical Data collected automatically: tracking and cookie-related disclosures are governed by a separate Cookie Policy.

5. Purposes of Processing

We process personal data for the following purposes:

• responding to enquiries and delivering consulting, advisory, training, and certification services;
• administering registrations, subscriptions, invoicing, and contractual obligations;
• sending service updates, newsletters, and promotional materials where you have opted in;
• conducting research and analysis relating to regulatory developments;
• monitoring and improving the Site and our services;
• maintaining the security of systems and preventing fraud;
• complying with legal and regulatory requirements;
• any purpose for which you provide explicit consent.

6. Legal Bases for Processing

Processing is undertaken only where a lawful basis exists:

• consent;
• performance of a contract or steps preceding a contract;
• compliance with legal obligations;
• legitimate interests pursued by us, provided such interests are not overridden by your rights.

7. Disclosure and Sharing of Personal Data

We do not sell personal data. Data may be shared with:

• internal employees and authorised contract personnel;
• third-party service providers supporting hosting, communication, analytics, or operational functions, subject to confidentiality obligations;
• regulators, law enforcement, or authorities where legally required;
• entities involved in a merger, acquisition, financing, or transfer of assets, subject to safeguards;
• any party where you have expressly consented to disclosure.

8. International Transfers

Although primary processing occurs in India, certain service providers may operate outside India. Where transfers occur, appropriate safeguards and legally compliant transfer mechanisms will be applied.

9. Data Retention

Personal data is retained only for the duration necessary to fulfil the purposes described in this Policy, to meet legal obligations, or to establish or defend legal claims. Data that is no longer required will be securely deleted or anonymised.

10. Security Measures

We implement administrative, technical, and organisational safeguards to protect personal data from unauthorised access, alteration, disclosure, or destruction. While reasonable steps are taken to secure data, no system can be guaranteed completely secure.

11. Your Rights

Depending on the jurisdiction, you may have the right to:

• access;
• rectification;
• erasure;
• restriction of processing;
• objection to processing based on legitimate interests or direct marketing;
• data portability where applicable;
• withdrawal of consent at any time.

Rights requests may be submitted to team@spicyprivacy.com.

12. Children's Data

The Site and services are not intended for individuals under 18. We do not knowingly collect personal data from minors. If such data is identified, it will be deleted.

13. Third-Party Websites

The Site may contain links to external websites. This Policy does not govern those sites, and we are not responsible for their data handling practices. Users should review third-party privacy notices before interacting with such sites.

14. Changes to this Policy

We may amend this Policy to align with legal developments or business needs. The updated version will be published with a revised "Last Updated" date. Continued use of the Site constitutes acceptance of the updated Policy.

15. Complaints and Grievance Redressal

For complaints, questions, or to exercise data rights, contactteam@spicyprivacy.com. If you remain dissatisfied, you may escalate your complaint to the relevant supervisory authority under applicable law.