Privacy Policy

This Privacy Policy describes how Resilient Sustainance Private Limited ("we," "us," or "our"), operating the website india.rsustain.com, collects, uses, stores, and protects your personal information. This policy is published in compliance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), and other applicable Indian laws.

By accessing or using our website and services, you consent to the practices described in this Privacy Policy.

1. Information We Collect

1.1 Information You Provide Directly

We collect information that you voluntarily provide to us, including:

• Contact Information: Name, email address, phone number, company name, designation, and business address when you fill out contact forms, book consultations, or subscribe to our communications.
• BRSR Assessment Data: When you use our BRSR Compass assessment tool, we collect your responses to ESG-related questions, company details, industry sector, and organisational information to generate your readiness scorecard.
• Lead Capture Forms: Information submitted through forms on our website for downloading resources, registering for events, or requesting proposals, including name, email, company, and role.
• Payment Information: When you purchase paid services, payment details are collected and processed securely by our payment processor (Razorpay). We do not store your full card number or CVV on our servers.
• Communication Data: Content of emails, messages, and enquiries you send to us.

1.2 Information Collected Automatically

When you visit our website, we automatically collect certain information, including:

• IP address, browser type, operating system, and device information
• Pages visited, time spent on pages, referring URLs, and navigation patterns
• Geographic location (city/country level, derived from IP address)
• Cookies and similar tracking technologies (see Section 3 below)

1.3 Sensitive Personal Data or Information (SPDI)

We do not intentionally collect sensitive personal data or information as defined under the SPDI Rules (such as passwords, financial information beyond what is processed by Razorpay, health data, biometric data, or sexual orientation). If we need to collect SPDI for any service, we will obtain your explicit consent beforehand.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide our BRSR advisory, assurance, and ESG consulting services, including generating BRSR assessment reports and readiness scorecards.
• Communication: To respond to your enquiries, send service updates, share relevant regulatory alerts, and provide information about our services.
• Improvement: To analyse usage patterns, improve our website and tools (including the BRSR Compass and Report Generator), and develop new services.
• Legal Compliance: To comply with applicable laws, regulations, and legal processes.
• Marketing: To send you information about our services, events, publications, and regulatory updates, where you have opted in to receive such communications.
• Analytics: To understand how our website is used, measure the effectiveness of our content, and improve user experience.

3. Cookies and Tracking Technologies

Our website uses cookies and similar tracking technologies to enhance your browsing experience and collect analytical data.

3.1 Types of Cookies We Use

• Essential Cookies: Required for the website to function properly, including session management and security.
• Analytics Cookies: Used to understand how visitors interact with our website (via Google Analytics). These cookies collect information in an aggregated form.
• Functional Cookies: Remember your preferences and settings to provide a personalised experience.

3.2 Managing Cookies

You can control and manage cookies through your browser settings. Please note that disabling certain cookies may affect the functionality of our website. Most browsers allow you to refuse cookies or alert you when cookies are being sent.

4. Third-Party Services

We use the following third-party services that may collect and process your data:

4.1 Razorpay

We use Razorpay Software Private Limited as our payment gateway for processing payments in Indian Rupees (INR). When you make a payment, your payment information is collected and processed directly by Razorpay in accordance with their privacy policy and PCI DSS compliance standards. We do not store your complete payment card details. For more information, please refer to Razorpay's Privacy Policy.

4.2 Google Analytics

We use Google Analytics to analyse website traffic and usage patterns. Google Analytics uses cookies to collect anonymous information about how visitors use our website. The data generated is transmitted to and stored by Google on servers that may be located outside India. Google's ability to use and share information collected by Google Analytics is governed by the Google Privacy Policy.

4.3 Hosting and Infrastructure

Our website is hosted on infrastructure that may involve data being stored or processed on servers located outside India. We take reasonable steps to ensure that any such transfers comply with applicable data protection requirements.

5. Data Security

We implement reasonable security practices and procedures as required under the SPDI Rules, including:

• SSL/TLS encryption for all data transmitted between your browser and our servers
• Secure storage of personal data with access controls and authentication measures
• Regular security reviews and updates of our systems and processes
• Limiting access to personal data to authorised personnel on a need-to-know basis
• Using PCI DSS compliant payment processing through Razorpay

While we take reasonable precautions to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

6. Your Rights

Under the Information Technology Act, 2000 and the SPDI Rules, you have the following rights:

• Right to Access: You may request a copy of the personal information we hold about you.
• Right to Correction: You may request that we correct or update any inaccurate personal information.
• Right to Withdraw Consent: You may withdraw your consent for the collection and use of your personal information at any time by contacting us. Please note that withdrawal of consent may limit our ability to provide certain services to you.
• Right to Grievance Redressal: You may contact our Grievance Officer (details below) for any complaints or concerns regarding the handling of your personal information.
• Right to Opt Out: You may unsubscribe from our marketing communications at any time using the unsubscribe link in our emails or by contacting us directly.

7. Data Retention

We retain your personal information for as long as reasonably necessary to fulfil the purposes for which it was collected, including:

• Assessment Data: BRSR assessment responses and reports are retained for the duration of our engagement and for a reasonable period thereafter to provide continuity of service.
• Contact Information: Retained for as long as you maintain a business relationship with us or until you request deletion.
• Payment Records: Retained for the period required under applicable tax and financial regulations (typically 8 years under Indian law).
• Analytics Data: Aggregated and anonymised data may be retained indefinitely for trend analysis and service improvement.

When personal information is no longer required, we will securely delete or anonymise it in accordance with our data retention procedures.

8. Disclosure of Information

We do not sell, trade, or rent your personal information to third parties. We may disclose your information in the following circumstances:

• Service Providers: To trusted third-party service providers who assist us in operating our website and delivering our services, subject to confidentiality obligations.
• Legal Requirements: When required by law, court order, or government authority, or to protect our rights, property, or safety.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.
• With Consent: In any other circumstance, with your explicit consent.

9. Children's Privacy

Our website and services are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child, we will take steps to delete such information promptly.

10. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last Updated" date at the top of this page. We encourage you to review this policy periodically.

11. Grievance Officer

In accordance with the Information Technology Act, 2000 and the SPDI Rules, the details of our Grievance Officer are as follows:

Grievance Officer
Resilient Sustainance Private Limited
Email: india@rsustain.com
Website: india.rsustain.com

The Grievance Officer shall acknowledge your complaint within 48 hours and resolve it within 30 days of receipt, in accordance with applicable regulations.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Resilient Sustainance Private Limited
Email: india@rsustain.com
Website: india.rsustain.com