Privacy Policy

1. Information We Collect

We collect information you voluntarily provide through our website forms, including:

• Contact Forms: Name, email, phone, company name, job title, message content
• Job Applications: Full name, email, phone, location, experience, skills, resume/CV, cover letter, salary expectations
• Job Posting Requests: Recruiter/HR contact information, job details, company information
• Newsletter Signup: Email address
• Feedback Forms: Rating, message, page reference, browser/device information
• Web Analytics: Page views, click behavior, device type, location (via Google Analytics 4)

2. Legal Basis for Processing

We process your personal data based on:

• Legitimate Interest: To respond to inquiries and improve our services
• Contractual Necessity: To evaluate job applications and recruitment requests
• Consent: For newsletter, analytics, and cookie tracking (GDPR/CCPA)
• Legal Obligation: To comply with applicable tax and employment law

3. How We Use Information

• To respond to your inquiry or request within 24 business hours (IST)
• To evaluate job applications and recruitment requests
• To communicate about our services and relevant updates
• To improve website functionality, security, and user experience
• To detect and prevent fraud, abuse, and security threats
• To maintain business records as required by law
• To understand audience behavior via aggregated analytics (not individual tracking without consent)

4. International Data Transfers

For EU/UK/EEA Users: Your data may be transferred to India (where our processing occurs). We rely on Standard Contractual Clauses (SCCs) as our legal mechanism. India is not deemed adequate under GDPR; however, we implement supplementary safeguards including encryption, access controls, and Data Processing Agreements (DPAs) meeting GDPR Article 28 requirements.

For US Users (CCPA): Data processing occurs in India and on Vercel (US cloud infrastructure). We do not sell personal information. Your CCPA rights are honored as described below.

For UAE/Singapore/Australia Users: Data is stored securely in our India-based infrastructure with redundancy and encryption.

5. Data Security

We implement industry-standard protections:

• HTTPS encryption for all data in transit
• AES-256 encryption for sensitive data at rest (financial records, resumes)
• Role-based access control limiting data exposure to authorized personnel only
• Strict NDA requirements for all team members
• Regular security audits and vulnerability assessments
• Secure deletion protocols (overwriting before archive/disposal)
• No plain-text storage of API keys or credentials (environment variables only)

While we employ reasonable safeguards, no system is 100% secure. You use our website at your own risk.

6. Data Retention Schedule

• Contact Inquiries: 3 years (to maintain business records)
• Job Applications: 2 years (employment law compliance)
• Job Postings: 1 year (reference and audit trail)
• Analytics Data: 14 months (Google Analytics default; older data auto-deleted)
• Newsletter Subscribers: Until unsubscribe or 2 years inactivity
• Feedback: 1 year (service improvement)

Legal holds may extend retention if required by regulatory investigation or litigation.

7. Cookies & Tracking

We use cookies for:

• Essential: Session management, CSRF protection, rate limiting
• Analytics: Google Analytics 4 (pageviews, event tracking, audience insights) — requires consent
• Functional: Newsletter preferences, feedback cache (localStorage)

You can opt-out via our cookie banner (bottom of page) or browser settings. Declining analytics will not prevent website functionality but reduces our ability to understand usage patterns.

Third-party cookies: Google Analytics may set cookies on your device. See Google's Privacy Policy.

8. Your Rights (GDPR / UK GDPR / CCPA)

For EU/UK/EEA Residents (GDPR/UK GDPR):

• Right to Access: Request a copy of your personal data we hold
• Right to Rectification: Correct inaccurate information
• Right to Erasure ("Right to be Forgotten"): Request deletion (subject to legal retention obligations)
• Right to Data Portability: Receive your data in structured, machine-readable format
• Right to Restrict Processing: Limit how we use your data
• Right to Object: Opt-out of marketing, analytics, or legitimate interest processing
• Right to Lodge a Complaint: Contact your local Data Protection Authority (e.g., ICO for UK, local DPA for EU member states)

For California Residents (CCPA/CPRA):

• Right to Know: Request what personal information we collect, use, and share
• Right to Delete: Request deletion of your personal information (with exceptions for legal obligations)
• Right to Opt-Out of Sales/Sharing: We do not sell or share personal information, but you may still submit an opt-out request
• Right to Correct: Request correction of inaccurate information
• Right to Non-Discrimination: We will not discriminate for exercising CCPA rights

9. How to Exercise Your Rights

To submit a data subject request (access, deletion, portability, etc.), email vmglobalconsultants@gmail.com with:

• Your full name and email used with us
• Type of request (access, deletion, portability, correction, etc.)
• Any supporting documentation
• Verification method (we may ask for proof of identity)

We will respond within 30 days (GDPR/UK GDPR) or 45 days (CCPA), with a 15-day extension available if requests are complex or voluminous.

10. Data Processing Agreement (DPA)

If you are a prospective client evaluating our accounting outsourcing services, we will execute a Data Processing Agreement before we process financial records or confidential business data. The DPA outlines:

• Scope of processing (types of data, duration, location)
• Sub-processor disclosures (cloud vendors, payment processors, etc.)
• Security obligations per GDPR Article 28 / UK GDPR Article 28
• Data subject rights assistance
• Liability and indemnification

Note: A signed DPA is a firm requirement for enterprise engagements.

11. Sub-Processors & Service Providers

We may share limited personal data with the following service providers:

• Vercel (vercel.com): Website hosting and CDN (US-based)
• Google Analytics: Analytics processing (US-based)
• Email Communication: Future integrations for transactional email (subject to prior notice)
• Cloud Storage: Secure backup of submitted forms (India-based encryption)

Each sub-processor is bound by confidentiality and data protection obligations. Contact us for the full sub-processor list.

12. Children's Privacy

Our website is not intended for children under 13. We do not knowingly collect information from children. If you believe we have collected data from a child, contact us immediately at vmglobalconsultants@gmail.com for deletion.

13. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be effective upon posting. If material changes affect how we use your data, we will notify you via email (for collected addresses) or through our website.

Last Updated: April 14, 2026

14. Contact & Complaints

For privacy inquiries, rights requests, or complaints:

• Email: vmglobalconsultants@gmail.com
• Phone: +91-9513684424
• Address: Prince Apartments, Maharani Peta, Beach Road, Visakhapatnam 530002, Andhra Pradesh, India
• Response Time: Within 2 business days

For EU/UK residents: If unsatisfied with our response, you have the right to lodge a complaint with your local Data Protection Authority (e.g., ICO for UK, CNIL for France, BfDI for Germany).