Sustain Right
Back to home
Policy

Privacy Policy

Effective
01 / 07 / 2024
Version
1.0

1. Introduction

Sustain Right (“Sustain Right”, “we”, “us”, or “our”) is committed to protecting the privacy of individuals whose personal data we collect, use, store, or share. This Privacy Policy explains what personal data we collect, how we use it, with whom we share it, how long we retain it, and the rights available to data principals. It applies to our website www.sustainright.com, our service delivery, recruitment, and other interactions where we process personal data.

2. Legal Framework

This Privacy Policy is issued in alignment with the Digital Personal Data Protection Act, 2023 (DPDP Act) and the Information Technology Act, 2000 (including the Reasonable Security Practices and Procedures rules), and applicable principles of generally accepted privacy regimes including the EU General Data Protection Regulation (GDPR) where relevant to international engagements.

3. Personal Data We Collect

Depending on how you interact with us, we may collect the following categories of personal data:

  • Contact information — name, email, phone number, designation, organisation.
  • Professional information — qualifications, work experience, CVs (for candidates).
  • Client engagement information — details shared during scoping, delivery, and follow-up of advisory engagements (typically organisational data; personal data only where necessary).
  • Website usage information — IP address, device and browser information, pages visited, time spent, referring URL, and cookie data.
  • Communication records — emails, meeting notes, and other correspondence with us.

4. How We Collect Personal Data

  • Directly from you when you submit our contact form, subscribe to updates, attend our events, apply for a role, or interact with our content.
  • From your organisation in the course of an engagement.
  • Automatically through cookies and similar technologies when you visit our website.
  • From publicly available sources (for business development purposes).

5. How We Use Personal Data

  • To respond to enquiries and provide the services or information you have requested.
  • To deliver advisory, assessment, reporting, certification, training, and other engagements.
  • To process recruitment applications and communicate with candidates.
  • To send newsletters, insights, and information about our services (with your consent where required).
  • To improve our website, content, and services.
  • To comply with legal, regulatory, contractual, and tax obligations.
  • To protect our rights, property, or safety, and that of our clients and team.

6. Legal Basis for Processing

We process personal data on one or more of the following bases, as applicable: consent, performance of a contract, compliance with legal obligations, and legitimate interests (such as managing and developing our business) where these interests are not overridden by the rights and freedoms of the data principal.

7. Sharing of Personal Data

We do not sell personal data. We share personal data only as needed and only with:

  • Team members and consultants engaged on the relevant matter.
  • Service providers — such as IT and cloud infrastructure providers, communication platforms, and marketing tools — bound by confidentiality and data protection obligations.
  • Regulators and authorities — where required by law.
  • Third-party platforms — where you have authorised us to act on your behalf (for example, EcoVadis or similar disclosure platforms during a client engagement).
  • Successors and assigns — in the event of a business transfer, with continued protection under terms at least as protective as this Policy.

8. International Transfers

Some of our service providers may store or process data outside India. Where this is the case, we take reasonable steps to ensure that such transfers are subject to appropriate safeguards including contractual protections and security measures.

9. Cookies and Tracking

Our website uses cookies and similar technologies to enable site functionality, analyse traffic, and improve user experience. Categories typically include strictly necessary cookies, performance and analytics cookies, and functionality cookies. You can control cookies through your browser settings; disabling certain cookies may affect site functionality.

10. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, to comply with legal and regulatory requirements, to resolve disputes, and to enforce our agreements. Retention periods vary by data category and engagement type. Once data is no longer required, it is securely deleted or anonymised.

11. Security

We maintain reasonable administrative, technical, and physical safeguards to protect personal data against unauthorised access, alteration, disclosure, or destruction. These include access controls, encryption in transit, secure cloud infrastructure, vendor due diligence, and team training. No transmission or storage system is entirely secure; we encourage data principals to take their own reasonable precautions.

12. Your Rights

Subject to applicable law and verification of identity, you may have the right to:

  • Access the personal data we hold about you.
  • Request correction or updating of inaccurate or incomplete data.
  • Request erasure of personal data, subject to legal and contractual retention requirements.
  • Withdraw consent where processing is based on consent.
  • Nominate another individual to exercise your rights in the event of death or incapacity (under DPDP Act).
  • Lodge a grievance or complaint with us through the contact details below.

13. Children's Data

Our services and website are not directed to children under the age of 18. We do not knowingly collect personal data of children. If you believe that we have collected data of a child, please contact us so we can take appropriate action.

14. Third-Party Links

Our website may contain links to third-party websites and platforms. This Privacy Policy does not apply to such third-party sites; we encourage you to review their privacy policies before sharing personal data.

15. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The latest version will always be available on www.sustainright.com with the effective date noted.

16. Grievance Officer and Contact

For any privacy-related queries, requests, or grievances, please contact:

We will acknowledge grievances within a reasonable time and respond within the timelines prescribed under applicable law.