Data Protection Policy

Last updated: May 18, 2025

1. Introduction

ADAM Consult is committed to protecting the rights and freedoms of data subjects and safely and securely processing their data in accordance with all applicable Indian data protection laws, including the Information Technology Act, 2000, the SPDI Rules, and the Digital Personal Data Protection Act, 2023.

2. Data Protection Principles

We adhere to the following principles when processing personal data:

• We process personal data lawfully, fairly, and in a transparent manner
• We collect personal data only for specified, explicit, and legitimate purposes
• We process personal data only where it is adequate, relevant, and limited to what is necessary
• We keep accurate and up-to-date personal data
• We retain personal data only for the period necessary for processing
• We process personal data in accordance with the rights of data subjects
• We protect personal data with appropriate technical and organizational security measures

3. Data Subject Rights

In accordance with Indian data protection laws, data subjects have the following rights:

• The right to be informed about how their data is collected and used
• The right of access to their personal data
• The right to correct or update inaccurate or incomplete personal data
• The right to withdraw consent at any time
• The right to restrict or object to processing, where applicable
• The right to erasure or the ‘right to be forgotten’, subject to legal and contractual obligations
• The right to data portability where feasible
• The right to lodge a grievance or complaint with the designated Grievance Officer

4. Lawful Basis for Processing

We will only process personal data where a lawful basis exists. These may include:

• Explicit consent of the data subject
• Performance of a contractual obligation
• Compliance with a legal obligation under Indian law
• Protection of the data subject’s vital interests
• Public interest or performance of a public duty
• Legitimate interest pursued by the organization, balanced with the rights of the individual

5. Grievance Officer

In accordance with Rule 5(9) of the SPDI Rules, our Grievance Officer is responsible for addressing any discrepancies or grievances related to the processing of personal data. You may contact the Grievance Officer at: [email protected].

6. Sensitive Personal Data or Information (SPDI)

We may collect and process Sensitive Personal Data or Information (SPDI), which includes passwords, financial information, health conditions, biometric data, and other categories as defined by the SPDI Rules. We ensure that SPDI is processed only with the individual’s prior, written, and informed consent and in strict compliance with Indian regulations.

7. International Data Transfers

ADAM Consult may transfer personal data outside India only where such transfer is permitted under applicable laws and adequate data protection safeguards are in place to ensure the privacy and security of such data.

8. Data Security

We implement reasonable security practices and procedures as required under the Information Technology Act, including encryption, firewalls, access controls, periodic security audits, and employee training to protect personal data from unauthorized access, use, disclosure, alteration, or destruction.