Privacy Policy

Last Updated: 20 Mar. 26

1. Introduction

Nisa Solutions (“Nisa”, “Company”, “we”, “our”, or “us”) is committed to protecting personal data in accordance with global privacy standards and applicable laws, including:

• General Data Protection Regulation (GDPR)
• India Digital Personal Data Protection Act, 2023 (DPDP Act)

This Privacy Policy describes how we collect, process, use, disclose, and safeguard personal data in connection with:

• Our website: https://nisa-solutions.com
• IT services, SaaS platforms, and engineering solutions
• Consulting and professional services
• Customer, partner, and vendor interactions

2. Roles & Scope of Processing

Depending on the engagement, Nisa Solutions may act as:

• Data Controller / Data Fiduciary – when we determine purposes and means of processing
• Data Processor – when processing data on behalf of clients

This policy applies to all individuals whose personal data is processed by us, including:

• Website users
• Customers and end-users
• Employees, contractors, and applicants
• Business partners and vendors

3. Categories of Data Collected

3.1 Personal, Professional & Financial Information
We may collect the following categories of personal and business-related data:

• Name, email address, phone number
• Company name, designation, department
• Billing, contractual, and invoicing details
• Financial information, including:
  • Bank account details
  • Payment information
  • Salary and compensation data (for employees/contractors)
• Statutory and regulatory information, including:
  • Tax identification numbers (e.g., PAN, GSTIN)
  • Government-issued identifiers (where required for compliance)
• Vendor and supplier onboarding details, including financial and tax-related records

3.2 Technical & Usage Data

• IP address, browser type, device identifiers
• Log files, timestamps, session activity
• Approximate geolocation

3.3 SaaS & Engineering Data

• Application data and configurations
• Uploaded files and datasets
• System logs, diagnostics, telemetry

3.4 Communication Data

• Support tickets, emails, chat logs
• Feedback, survey responses

3.5 Employee, Contractor & Supplier Data
We process personal data of employees, contractors, and suppliers, including:

• Employment and professional records
• Payroll, banking, and compensation details
• Taxation and statutory compliance information (e.g., GST, PAN, social security where applicable)
• Background verification data (where permitted by law)
• Vendor due diligence and onboarding documentation

4. Purpose of Processing

We process personal data for:

• Delivery of IT, SaaS, and engineering services
• System administration, monitoring, and security
• Customer support and service management
• Analytics, performance optimization, and product improvement
• Marketing and communications (subject to consent where required)
• Legal, regulatory, and contractual compliance
• Payroll processing, financial transactions, and vendor payments
• Compliance with tax, labor, and corporate laws (including GST and financial reporting obligations)
• Employee administration, benefits management, and contractor/vendor management

5. Legal Basis for Processing (GDPR)

Where applicable, processing is based on:

• Consent
• Performance of a contract
• Legitimate business interests (e.g., service improvement, fraud prevention)
• Compliance with legal obligations

6. India DPDP Act, 2023 Compliance

In accordance with the Digital Personal Data Protection Act, 2023:

6.1 Data Fiduciary Obligations

Nisa Solutions acts as a Data Fiduciary and ensures:

• Processing is lawful and purpose-specific
• Data minimization and accuracy
• Implementation of reasonable security safeguards

6.2 User (Data Principal) Rights

Users have the right to:

• Access personal data
• Correct or update inaccurate data
• Request erasure of personal data
• Withdraw consent
• Grievance redressal

6.3 Consent & Notice

We provide clear notice and obtain consent where required before processing personal data.

6.4 Breach Notification

We will notify affected users and relevant authorities in case of a personal data breach as required by law.

7. Data Sharing & Disclosure

We may share personal data with:

• Cloud providers (e.g., AWS, Microsoft Azure, GCP)
• Analytics providers (e.g., Google Analytics)
• CRM and communication tools
• Payment processors
• Regulatory or legal authorities

• Banks, financial institutions, and payment gateways for salary processing and vendor payments
• Tax authorities, auditors, and statutory bodies for compliance (e.g., GST filings, financial audits)

We do not sell personal data.

8. Subprocessors

We engage trusted subprocessors to support our services.

Categories of Subprocessors:

• Cloud infrastructure providers
• Data hosting and storage providers
• Email and communication platforms
• Customer support and ticketing systems
• Analytics and monitoring tools

All subprocessors are:

• Contractually bound by data protection obligations
• Subject to security and compliance assessments

9. Data Processing Agreement (DPA)

For enterprise and SaaS customers, Nisa Solutions offers a Data Processing Agreement (DPA) that includes:

• Defined roles (Controller / Processor)
• Confidentiality obligations
• Technical and organizational security measures
• Data breach notification procedures
• Subprocessor governance
• Audit and compliance rights
• Cross-border data transfer safeguards (e.g., SCCs)

10. International Data Transfers

Personal data may be transferred across jurisdictions.

We ensure appropriate safeguards, including:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions (where applicable)
• Contractual and technical protections

11. Data Retention

We retain personal data only for as long as necessary to:

• Fulfill contractual and business purposes
• Meet legal and regulatory requirements

Data is securely deleted or anonymized after retention periods expire.

12. Security Measures

We implement enterprise-grade security controls, including:

• Encryption (in transit and at rest where applicable)
• Role-based access control (RBAC)
• Network security and monitoring
• Vulnerability management and patching
• Incident detection and response
• Enhanced protection measures for sensitive financial and statutory data, including restricted access and encryption controls

13. Cookies & Tracking Technologies

We use cookies and similar technologies for:

• Website functionality
• Analytics and performance
• Marketing and personalization

14. Cookie Consent Banner Integration

Our website implements a cookie consent mechanism that enables users to:

• Accept all cookies
• Reject non-essential cookies
• Customize cookie preferences

Consent is recorded and can be withdrawn at any time.

15. Your Privacy Rights

Subject to applicable laws, you may:

• Access your personal data
• Request correction or deletion
• Restrict or object to processing
• Withdraw consent
• Request data portability

16. Third-Party Links

Our website may contain links to external sites. We are not responsible for their privacy practices.

17. Children’s Privacy

Our services are not intended for individuals under 18. We do not knowingly collect data from children.

18. Updates to This Policy

We may update this Privacy Policy periodically. Changes will be reflected with an updated “Last Updated” date.

19. Sensitive Data

Sensitive Personal Data
Where applicable, certain categories of data such as financial information, bank account details, and government-issued identifiers are treated as sensitive and are subject to enhanced security and access controls in accordance with applicable laws.

20. Contact & Grievance Officer

Nisa Solutions
Website: https://nisa-solutions.com
Email: nisamgmt@neoninfotech.com
Address: 906 Ellora Fiesta Opp Juinagar Railway Station, Plot 8, Sector 11 Sanpada, Juinagar Navi Mumbai, Maharashtra – 400705, India

Grievance Officer (India DPDP Compliance):
Email: nisamgmt@neoninfotech.com