Privacy Policy | TAMZ Consulting Services

Policy Overview

This Privacy Policy governs the collection, processing, storage, and protection of personal data by TAMZ Consulting Services ("Company", "we", "us") in compliance with:

India's Information Technology Act, 2000 and amendments
Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
Digital Personal Data Protection Act, 2023 (when effective)
EU General Data Protection Regulation (GDPR) 2016/679

This policy applies to all our services, websites, and client engagements globally.

1. Detailed Information Collection

1.1 Personal Data Collected

We collect the following categories of personal data:

Data Category	Examples	Legal Basis	Purpose
Identification Data	Full name, government ID (for KYC), signature	Contractual necessity (GDPR Art. 6(1)(b)) Legal obligation (IT Act Sec. 43A)	Client onboarding, service delivery
Contact Information	Email, phone, business address	Legitimate interest (GDPR Art. 6(1)(f)) Implied consent (IT Act)	Project communication, support
Financial Data	Bank details, tax information, payment records	Legal obligation (GDPR Art. 6(1)(c)) Financial regulations	Billing, compliance
Technical Data	IP addresses, device IDs, cookies	Consent (GDPR Art. 6(1)(a)) Legitimate interest	Website security, analytics
Sensitive Personal Data (India)	Passwords, financial info, health data (if collected)	Explicit consent (SPDI Rule 5) Special category (GDPR Art. 9)	Specific service requirements

1.2 Collection Methods

We collect data through:

Direct interactions: Client intake forms, contracts, emails, meetings
Automated technologies: Website cookies, analytics tools (Google Analytics), security logs
Third parties: Business partners, publicly available sources, referral programs
Employee data: HR records, background checks as permitted by law

2. Data Processing & Legal Compliance

2.1 Indian Legal Framework

Under Indian law, we adhere to:

IT Act Section 43A: Implement reasonable security practices for sensitive personal data
SPDI Rules 2011:
1. Rule 3: Only collect necessary personal information
2. Rule 4: Publish this privacy policy
3. Rule 5: Obtain written consent for sensitive data
4. Rule 8: Maintain security standards (ISO 27001 certified)
DPDPA 2023: When effective, we will comply with:
- Data Principal rights (access, correction, erasure)
- Appointment of Data Protection Officer
- Data localization requirements

2.2 GDPR Compliance

For EU data subjects, we ensure:

Lawful Processing: All processing has a valid legal basis under Article 6
Data Subject Rights: Facilitation of rights under Articles 12-22
Data Protection by Design: Privacy impact assessments for new projects
International Transfers: Use of Standard Contractual Clauses or adequacy decisions

3. Data Security Measures

We implement a multi-layered security approach:

3.1 Technical Measures

Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
Network security: Firewalls, intrusion detection, DDoS protection
Access controls: Role-based access, multi-factor authentication
Regular vulnerability scanning and penetration testing

3.2 Organizational Measures

Privacy training for all employees (quarterly)
Strict confidentiality agreements with staff and vendors
Data protection officer oversight
Incident response plan (tested biannually)

3.3 Physical Security

Indian data stored in ISO 27001 certified data centers
Biometric access controls to server locations
Secure disposal of physical records

4. Data Subject Rights

4.1 Indian Users

Under Indian law, you may:

Review your personal information (SPDI Rule 5(1))
Request corrections of inaccurate data
Withdraw consent (SPDI Rule 5(7))
File grievances with our designated officer

4.2 GDPR Rights (EU Users)

Under GDPR, you have:

Right to Access: Obtain confirmation of processing (Article 15)
Right to Rectification: Correct inaccurate data (Article 16)
Right to Erasure: Request deletion under certain conditions (Article 17)
Right to Restriction: Limit processing (Article 18)
Right to Data Portability: Receive your data in machine-readable format (Article 20)
Right to Object: To direct marketing or legitimate interest processing (Article 21)

Exercising Your Rights

To exercise any rights, please contact our Data Protection Officer:

Email: info@tamz.works
Phone: +91 9091 77 88 66
Post: Attn: Data Protection Officer, TAMZ Consulting Services, #1, Narasimhan Street, Nagalkeni, Chrompet, Chennai-600044. Tamil Nadu, India

We respond to all valid requests within:
- 30 days (as required by Indian law)
- 1 month (GDPR requirement)

5. Data Retention Policy

We retain personal data only as long as necessary:

Data Type	Retention Period	Legal Basis
Client project data	7 years after contract termination	Indian contract law limitation period
Financial records	8 years	Income Tax Act requirements
Marketing data	3 years after last contact	Legitimate business interest
Website analytics	26 months (anonymized thereafter)	GDPR data minimization
Employee records	5 years post-employment	Indian labor laws

Data is securely destroyed after retention periods using NIST SP 800-88 standards.

6. International Data Transfers

As a global consultancy, data may be transferred internationally:

6.1 India-Specific

Primary storage in India for Indian client data
Mirroring to disaster recovery sites only in GDPR-adequate countries

6.2 GDPR Compliance

EU data transfers use Standard Contractual Clauses (SCCs)
Regular transfer impact assessments conducted
Additional safeguards for sensitive data transfers

6.3 Third-Party Processors

We use these major sub-processors:

Cloud Services: AWS India (Mumbai region) for primary hosting
CRM: Salesforce (with EU Standard Contractual Clauses)
Communication: Microsoft 365 (GDPR compliant configuration)

7. Cookies & Tracking Technologies

Our website uses:

Cookie Type	Purpose	Duration	Control
Essential	Session management, security	Session	Cannot be disabled
Analytics	Website improvement (Google Analytics)	2 years	Opt-out available
Marketing	Ad targeting, conversion tracking	1 year	Consent required

We obtain explicit consent via cookie banner for non-essential cookies as required by GDPR and Indian SPDI Rules.

8. Grievance Redressal (India)

As mandated by IT Act Section 79(2) and SPDI Rules, we have appointed:

Mr. Hari krishnan Govindha Raju

Designation: Grievance Officer & Data Protection Lead

Email: grievance.officer@tamz.works

Phone: +91 9655786421 (Mon-Fri, 10AM-6PM IST)

Address:#1, Narasimhan Street, Nagalkeni, Chrompet, Chennai-600044. Tamil Nadu, India

Response Time: Acknowledgment within 24 hours, resolution within 30 days as required by law

9. Policy Updates

We will notify users of material changes through:

Website notices for all users
Email notifications for registered users
30-day advance notice for significant changes

Archive of previous versions available upon request.

Comprehensive Privacy Policy