Applicable Law: This policy is governed by the Digital Personal Data Protection Act, 2023 (DPDP Act), Information Technology Act, 2000 and the IT (Amendment) Act 2008, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011.
1. Who We Are
CosmoOps Technologies Private Limited (“CosmoOps”, “we”, “us”, or “our”) is a Data Fiduciary under the DPDP Act, 2023. We determine the purpose and means of processing personal data collected through our website and technology services.
Contact us: hello@cosmoops.com
2. Personal Data We Collect
We collect the following categories of personal data:
- Identity data: Name, company name, designation
- Contact data: Email address, phone number, postal address
- Technical data: IP address, browser type, pages visited, time spent, cookie identifiers
- Communications: Enquiry messages, support tickets, feedback forms
- Transactional data: Service agreements, invoices, payment references (we do not store full card numbers)
We do not knowingly collect personal data from individuals under 18 years of age without verifiable parental consent.
3. Purposes and Legal Basis for Processing
| Purpose | Legal Basis (DPDP Act) |
|---|
| Responding to enquiries and providing requested information | Consent (Section 6) |
| Delivering contracted software services | Performance of contract (Section 7(b)) |
| Sending service updates and newsletters (with opt-in) | Consent (Section 6) |
| Compliance with legal obligations (tax, regulatory filings) | Legal obligation (Section 7(c)) |
| Fraud prevention and security monitoring | Legitimate interests (Section 7(d)) |
| Website analytics and performance improvement | Legitimate interests / Consent for cookies |
4. Data Sharing and Transfers
We do not sell your personal data. We may share data with:
- Service providers (Data Processors): Cloud hosting, email delivery, analytics, payment processing — bound by data processing agreements
- Legal authorities: When required by law, court order, or government directive under the IT Act or DPDP Act
- Business transfers: In the event of merger, acquisition, or asset sale — you will be notified
Where personal data is transferred to countries outside India, we ensure adequate safeguards as notified by the Central Government under Section 16 of the DPDP Act.
5. Your Rights as a Data Principal
Under the DPDP Act, 2023, you have the following rights:
- Right to Access (Section 11)Request a summary of your personal data we process and how it is used
- Right to Correction (Section 12)Request correction or updating of inaccurate or incomplete data
- Right to Erasure (Section 12)Request deletion of your personal data where processing is no longer necessary
- Right to Grievance Redressal (Section 13)File a complaint with our Grievance Officer and seek redressal
- Right to Nominate (Section 14)Nominate another individual to exercise your rights in the event of your death or incapacity
- Right to Withdraw ConsentWithdraw consent at any time (without affecting lawfulness of prior processing)
To exercise any of these rights, write to grievance@cosmoops.com. We will respond within 30 days as required under the DPDP Act.
6. Data Retention
We retain personal data only as long as necessary for the purpose collected or as required by applicable law. Client project data is retained for 7 years after project completion for statutory and audit purposes. Contact form submissions are retained for 2 years. Upon expiry, data is securely deleted or anonymised.
7. Cookies and Tracking
We use cookies and similar tracking technologies. For full details, see our Cookie Policy. You can manage cookie preferences via the consent banner on your first visit or through your browser settings.
8. Security
We implement reasonable security practices and procedures as prescribed under the IT (SPDI) Rules, 2011, including encryption in transit (TLS), access controls, and regular security assessments. We hold ISO 27001 certification. In the event of a personal data breach, we will notify affected individuals as required under law.
9. Grievance Officer
Designation: Grievance Officer
Organisation: CosmoOps Technologies Private Limited
Email: grievance@cosmoops.com
Response time: Within 30 days of receipt of complaint
If your complaint is not resolved satisfactorily, you may escalate to the Data Protection Board of India (when constituted) under Section 20 of the DPDP Act, 2023.
10. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email or a prominent notice on our website. Continued use of our services after such notice constitutes acceptance of the updated policy.