📢 IMCA — Premium Partner of The Gap 📢 IMCA — Premium Partner of The Gap 📢 IMCA — Premium Partner of The Gap 📢 IMCA — Premium Partner of The Gap 📢 IMCA — Premium Partner of The Gap 📢 IMCA — Premium Partner of The Gap 📢 IMCA — Premium Partner of The Gap 📢 IMCA — Premium Partner of The Gap 📢 IMCA — Premium Partner of The Gap 📢 IMCA — Premium Partner of The Gap
IMCA logo white
Get In Touch

PRIVACY POLICY

Indian Muneem (A division of Aeren IT Solution Pvt Limited) | www.indianmuneem.com

Effective Date: 27 March 2026

1. Introduction 2. Scope and Application 3. Personal Data We Collect 4. Purposes and Legal Bases for Processing 5. Cross-Border Data Flows 6. Disclosure of Personal Data 7. Data Retention 8. Cookies Policy 9. Your Privacy Rights 10. Contact Details 11. Grievance Officer (India — DPDP Act, 2023) 12. Security of Personal Data 13. Protection of Children's Privacy 14. Third-Party Links 15. Changes to this Privacy Policy

1. Introduction

This Privacy Notice describes our policies and procedures on the collection, use, and disclosure of your Information when you use the Website and tells you about your privacy rights and how the law protects you. This privacy notice for Indian Muneem (“Company," 'we," "us," or 'our”) describes how and why we might collect, store, use, and/or share ("process) your information when you use our website (“Website"), such as when you:

  • Visit our website at www.indianmuneem.com or any website of ours that links to this privacy notice.
  • Engage with us in other related ways, including any sales, marketing, or events.

We use your personal data to provide and improve the Website. You agree to the collection and use of information in accordance with this Privacy Notice.

This Policy addresses three overlapping legal frameworks simultaneously: the Digital Personal Data Protection Act, 2023 (DPDP Act) as the primary Indian law governing our operations; the EU General Data Protection Regulation (GDPR) as it applies extraterritorially to the processing of personal data of EU/EEA residents; and the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA) as applicable to California residents.

2. Scope and Application

This Policy applies to:

  • All visitors to the Website, regardless of location.
  • Existing and prospective clients based in the EU/EEA, United States, Canada, or other offshore jurisdictions, whose personal data is submitted to or processed through the Website.
  • Any individual whose personal data is shared with us by an offshore client in connection with service delivery.

This Policy does not govern personal data processed pursuant to a separate data processing agreement (DPA) executed between us and a client. Where such a DPA exists, its terms prevail in relation to data processed on behalf of that client.

3. Personal Data We Collect

3.1 Data You Provide Directly

  • Full name
  • Email address and phone number
  • Organisation / company name and designation
  • Country of residence or operation
  • Queries, messages, or documents submitted through the Website contact form

3.2 Data Collected Automatically

  • IP address and derived approximate geographic location
  • Browser type, version, and language settings
  • Device type and operating system
  • Pages visited, time on page, navigation paths, and referring URL

3.3 Cookies and Tracking Technologies

We use cookies and similar technologies to collect usage and analytics data. Please refer to Section 9 (Cookies Policy) for full details.

We do not collect sensitive personal data (such as health, biometric, financial account, or government ID data) through the Website. If any engagement requires processing of such data, it will be governed by a separate written agreement.

4. Purposes and Legal Bases for Processing

We process personal data for the following purposes. Where GDPR applies, the applicable legal basis under Article 6 GDPR is noted.

Responding to enquiries and service requests — GDPR Basis: Article 6(1)(b) — steps prior to entering a contract; or Article 6(1)(f) — legitimate interest in responding to business communications.

Service delivery and client relationship management — GDPR Basis: Article 6(1)(b) — performance of a contract.

Website analytics and performance improvement — GDPR Basis: Article 6(1)(f) — legitimate interest; or Article 6(1)(a) — consent, where required by applicable law (e.g., cookies).

Compliance with legal obligations — GDPR Basis: Article 6(1)(c). Security monitoring and fraud prevention — GDPR Basis: Article 6(1)(f) — legitimate interest.

5. Cross-Border Data Flows

Our operations and data processing infrastructure are based in India. When you access the Website or submit personal data from outside India — including from the EU/EEA, United States, or Canada — your personal data is transferred to and processed in India.

5.1 Transfers from the EU/EEA to India

India does not currently hold a formal adequacy decision from the European Commission under Article 45 GDPR. Where we receive personal data of EU/EEA residents, we rely on one or more of the following safeguards under Chapter V GDPR:

  • Standard Contractual Clauses (SCCs) as approved by the European Commission, incorporated into our client agreements where applicable.
  • Explicit consent of the data subject, where appropriate and freely given.
  • Necessity for the performance of a contract entered into at the data subject's request.

Clients who wish to enter into SCCs or a formal DPA with us are invited to contact us at the email address in Section 11.

5.2 Transfers from the United States / Canada to India

We process personal data of US and Canadian residents on the basis of our contractual relationships and applicable legal requirements. We implement appropriate technical and organisational safeguards to protect such data in accordance with applicable law, including the CCPA/CPRA where California residents are involved.

5.3 Onward Transfers

We do not transfer personal data received from offshore clients to third countries other than as necessary for service delivery (e.g., use of cloud hosting or analytics services). Any such onward transfers are subject to appropriate contractual protections.

6. Disclosure of Personal Data

We do not sell, rent, or trade your personal data to third parties. We may disclose personal data only in the following circumstances:

  • Service Providers: Third-party vendors who assist in operating the Website or delivering services (e.g., cloud hosting, email delivery, analytics platforms), bound by confidentiality and data processing obligations.
  • Professional Advisers: Lawyers, auditors, and accountants acting in an advisory capacity, subject to professional confidentiality.
  • Legal and Regulatory Authorities: Aeren may be required to disclose personal information in response to lawful requests from public authorities, including to meet national security or law enforcement requirements. Where permitted under applicable law, Aeren may voluntarily publish periodic transparency reports indicating the number and type of requests for Personal Information or Sensitive Information received from public authorities for law enforcement or national security purposes. Such disclosures will only be made to the extent required or permitted by applicable law, court order, or regulatory directive in India or in the jurisdiction of the data subject.
  • Business Transfers: In the event of a merger, acquisition, or restructuring, personal data may be disclosed to prospective or actual acquirers subject to equivalent privacy protections.

7. Data Retention

We retain personal data for no longer than necessary to fulfil the purposes described in this Policy, subject to applicable statutory minimum retention requirements. Our general retention periods are:

  • Contact form submissions and pre-engagement communications: up to 24 months from the date of last contact.
  • Client-related data: for the duration of the engagement and up to 5 years thereafter, or as required under applicable Indian law (including the IT Act, 2000).
  • Analytics and Website usage data: up to 26 months in aggregated or anonymised form. Cookie data: in accordance with the periods specified in Section 9.
  • After the applicable retention period, personal data is securely deleted or irreversibly anonymised.

8. Cookies Policy

8.1 Strictly Necessary Cookies

Essential for Website operation. Cannot be disabled. No consent required.

8.2 Analytics Cookies

We use analytics tools (such as Google Analytics) to understand Website usage patterns. These cookies are anonymised where possible. Consent is obtained before deployment where required by applicable law (e.g., for EU/EEA visitors under the ePrivacy Directive).

8.3 Functional / Preference Cookies

Cookies that remember your preferences (such as region or language) to improve your experience. EU/EEA visitors: Cookies other than strictly necessary ones are deployed only upon your active consent, which you may withdraw at any time through your browser settings or our cookie consent mechanism. Withdrawal does not affect the lawfulness of prior processing. US/California visitors: You may opt out of analytics tracking by using browser-level controls or opt-out tools provided by our analytics providers (e.g., Google Analytics Opt-out Browser Add-on).

9. Your Privacy Rights

9.1 Rights under the DPDP Act, 2023 (India)

All data principals (individuals) whose personal data we process have the following rights under the DPDP Act:

  • Right to access a summary of personal data being processed and the purposes thereof.
  • Right to correction of inaccurate or incomplete personal data.
  • Right to erasure of personal data where the purpose of processing has been fulfilled and retention is not required by law.
  • Right to grieve and seek redressal through our Grievance Officer (see Section 12).
  • Right to nominate a nominee to exercise rights in the event of death or incapacity.

9.2 Rights under the GDPR (EU/EEA Residents)

  • Right of access to your personal data (Article 15).
  • Right to rectification of inaccurate data (Article 16).
  • Right to erasure (Article 17), subject to grounds for continued processing.
  • Right to restriction of processing (Article 18).
  • Right to data portability in a structured, commonly used format (Article 20).
  • Right to object to processing based on legitimate interests (Article 21).
  • Right to withdraw consent at any time without affecting prior lawful processing (Article 7(3)).
  • Right to lodge a complaint with your national data protection supervisory authority.

9.3 Rights under the CCPA / CPRA (California Residents)

  • Right to know what personal information is collected, used, disclosed, or shared.
  • Right to delete personal information, subject to applicable exceptions.
  • Right to correct inaccurate personal information (CPRA).
  • Right to opt out of the sale or sharing of personal information. We do not sell or share personal information for cross-context behavioural advertising.
  • Right to limit use of sensitive personal information (CPRA), where applicable.
  • Right to non-discrimination for exercising any of the above rights.

To exercise any of the rights above, please submit a request to us at the contact details in Section 11. We will respond within the timeframe required by applicable law: 30 days under the DPDP Act; one calendar month (extendable by two further months) under the GDPR; 45 days (extendable by a further 45 days) under the CCPA/CPRA.

We may require verification of identity before processing a rights request. We will not charge a fee for reasonable requests.

9.4 Privacy Rights - Australia and New Zealand

We collect and process your personal data under the obligations and conditions set by Australia’s Privacy Act 1988 and New Zealand’s Privacy Act 2020 (Privacy Act). This privacy notice satisfies the notice requirements defined in both Privacy Acts, in particular: what personal information we collect from you, from which sources, for which purposes, and other recipients of your personal information. If you do not wish to provide the personal information necessary to fulfil their applicable purpose, it may affect our ability to provide our services, in particular:

  • offer you the products or services that you want;
  • respond to or help with your requests

At any time, you have the right to request access to or correction of your personal information. You can make such a request by contacting us by using the contact details provided in the section “HOW YOU CAN REVIEW, UPDATE, OR DELETE THE DATA WE COLLECT FROM YOU?”

We will take reasonable steps to ensure your personal information is accurate, secure, and used only for appropriate purposes. Your information may be transferred overseas, and we will take reasonable steps to ensure it is protected. If you believe we are unlawfully processing your personal information, you have the right to submit a complaint about a breach of the Australian Privacy Principles to the Office of the Australian Information Commissioner and a breach of New Zealand’s Privacy Principles to the Office of the New Zealand Privacy Commissioner.

10. Contact Details

For any privacy-related queries, rights requests, or concerns:

Indian Muneem

Plot No 14, Rajiv Gandhi IT Park, Chandigarh – 160101, INDIA

Email: privacy@indianmuneem.com

Website: www.indianmuneem.com

11. Grievance Officer (India — DPDP Act, 2023)

In accordance with the Digital Personal Data Protection Act, 2023, we have designated a Grievance Officer to receive and resolve complaints from data principals: Designation: Grievance Officer

Email: privacy@indianmuneem.com

Address: Plot No 14, Rajiv Gandhi IT Park, Chandigarh – 160101, INDIA

Acknowledgement: within 48 hours of receipt. Resolution: within 30 days, or as prescribed under the DPDP Act and applicable Rules.

12. Security of Personal Data

We implement appropriate technical and organisational security measures to protect personal data against unauthorised access, disclosure, alteration, loss, or destruction. These include encryption of data in transit (TLS/SSL), access controls and role-based permissions, regular security assessments, and confidentiality obligations for personnel handling personal data.

Notwithstanding the above, no method of electronic transmission or storage is entirely secure. In the event of a personal data breach affecting individuals' rights and freedoms, we will notify the relevant supervisory authority and affected individuals in accordance with applicable law (72 hours under GDPR Article 33; as prescribed under the DPDP Act).

13. Protection of Children's Privacy

Our website and services are not directed at children under the age of 18 years (or such other age as constitutes a minor under applicable law in the data subject's jurisdiction). We do not knowingly collect personal data from minors without verifiable parental or guardian consent. If we become aware that personal data of a minor has been collected without appropriate consent, we will take immediate steps to delete it.

14. Third-Party Links

Our website may contain links to third-party websites or external resources. We are not responsible for the privacy practices of any third party. We encourage all users to review the privacy policies of any external sites they visit.

15. Changes to this Privacy Policy

We may update this Policy from time to time to reflect changes in our data practices, legal obligations, or service offerings. The revised Policy will be posted on this page with an updated effective date. For material changes, we will provide advance notice through the Website or by direct communication to affected clients or users where practicable. Your continued use of the Website after the effective date of any update constitutes acceptance of the revised Policy.

This Privacy Policy was last updated on 27 March 2026.

© 2026 Aeren IT Solutions Private Limited. All rights reserved.

Scroll to Top