GDPR Compliance

This GDPR page summarises how Mindsolve Consulting (OPC) Private Limited ("Mindsolve Consulting", "we", "us", "our") complies with the EU General Data Protection Regulation (GDPR) and the UK GDPR for individuals located in the European Economic Area (EEA), United Kingdom, and Switzerland.

Our full data-handling practices are described in our Privacy Policy. This page provides additional GDPR-specific detail.

1. Data controller

For the purposes of EU GDPR and UK GDPR, the data controller is:

Mindsolve Consulting (OPC) Private Limited
CIN: U62010HR2024OPC122331
Registered office: 12 K Block K New, Gurugram Pawala Khasrupur, Palam Vihar (Gurgaon), Gurgaon, Haryana, India, 122017
Email: Contact@mindsolveconsulting.store

2. Legal bases for processing

We rely on the following lawful bases under Article 6 of GDPR:

• Contract (Art 6(1)(b)): processing necessary to deliver services you have requested or to take pre-contractual steps
• Legitimate interests (Art 6(1)(f)): for security, fraud prevention, service improvement, and business communications with existing customers
• Consent (Art 6(1)(a)): for non-essential cookies and marketing communications. You can withdraw consent at any time.
• Legal obligation (Art 6(1)(c)): for tax records, anti-fraud, and other regulatory requirements

3. Your rights under GDPR

If you are located in the EEA, UK, or Switzerland, you have the following rights:

Right of access (Article 15)

You can request a copy of the personal data we hold about you, along with information about how it is processed.

Right to rectification (Article 16)

You can request that we correct inaccurate or incomplete data.

Right to erasure / "right to be forgotten" (Article 17)

You can request that we delete your personal data when it is no longer needed for the original purpose, you withdraw consent, you object to processing, or the data has been unlawfully processed. We may retain data where we have a legal obligation to do so (e.g. tax records).

Right to restriction of processing (Article 18)

You can request that we limit the processing of your data in certain circumstances.

Right to data portability (Article 20)

You can request your personal data in a structured, commonly used, machine-readable format and have it transmitted to another controller where technically feasible.

Right to object (Article 21)

You can object to processing based on legitimate interests, including profiling, and to direct marketing at any time.

Rights related to automated decision-making (Article 22)

We do not make decisions based solely on automated processing that produces legal or similarly significant effects on you.

Right to withdraw consent

Where processing is based on consent, you can withdraw it at any time without affecting the lawfulness of processing before withdrawal.

Right to lodge a complaint

You have the right to lodge a complaint with your local data protection supervisory authority. A list of EU supervisory authorities is available at edpb.europa.eu/about-edpb/about-edpb/members_en. UK residents can contact the ICO at ico.org.uk.

4. How to exercise your rights

To exercise any of these rights, email us at Contact@mindsolveconsulting.store with:

• The right you wish to exercise
• Your full name and contact email associated with our services
• Any additional information needed to verify your identity

We respond within 30 days. In complex cases we may extend this by a further 60 days, in which case we will notify you of the extension and the reasons.

There is no fee for exercising your rights, unless requests are manifestly unfounded or excessive, in which case a reasonable administrative fee may apply.

5. International data transfers

Because Mindsolve Consulting is registered in India and our service providers (including Microsoft) operate globally, personal data may be transferred outside the EEA / UK. Where required by GDPR, we rely on appropriate safeguards including:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• UK International Data Transfer Agreements for transfers from the UK
• Adequacy decisions where applicable

You can request a copy of the relevant safeguards by contacting us.

6. Data retention

We retain personal data only as long as needed:

• Customer records: duration of relationship + 7 years (tax / accounting)
• Prospect data: 24 months from last contact
• Website analytics: anonymised after 26 months
• Marketing consent records: until consent is withdrawn

7. Data subject categories and data sources

Categories of data subjects: customers, prospects, website visitors, contact persons at our customers, individuals communicating with us.

Categories of personal data: contact information, professional information, billing information, communications content, website usage data, technical identifiers.

Sources: directly from you, automatically when you visit our website, and occasionally from publicly available business sources.

8. Processors and sub-processors

We use the following categories of processors:

• Cloud hosting and email: Microsoft (Microsoft 365, Azure)
• Microsoft distributor partners: our indirect provider for CSP subscription provisioning
• Payment processing: our payment processor (we do not store full card data)
• Analytics: privacy-respecting website analytics
• Customer support tools: ticketing and chat platforms

All processors are bound by data protection terms consistent with GDPR Article 28. A current list of processors is available on request.

9. Security

We implement appropriate technical and organisational measures including TLS encryption in transit, MFA on admin accounts, role-based access controls, vendor security review, and incident response procedures.

10. Data breach notification

In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay, in accordance with GDPR Articles 33 and 34.

11. Contact and complaints

For any GDPR-related question or to exercise your rights, contact us at Contact@mindsolveconsulting.store. We aim to resolve all concerns directly. If you remain unsatisfied, you have the right to complain to your local supervisory authority.