top of page

Privacy Policy 

Communique Marketing Solutions Private Limited | www.communiqueindia.com

Version 2026.1  |  Effective Date: [01. Jan. 2026]  |

Compliance basis: Digital Personal Data Protection Act, 2023; DPDP Rules, 2025 (notified 14 Nov 2025); ISO/IEC 27001:2022 (ISMS

Communique Marketing Solutions Private Limited (“Communique”, “we”, “us”, “our”) respects your privacy and is committed to protecting the personal data of every individual who interacts with us. This Privacy Policy explains what personal data we collect through www.communiqueindia.com (the “Website”) and through our enterprise event, conference and experience-management engagements, why we collect it, how we use and protect it, and the rights available to you.


This Policy is issued in accordance with the Digital Personal Data Protection Act, 2023 (the “DPDP Act”) and the Digital Personal Data Protection Rules, 2025 (the “DPDP Rules”), read with the Information Technology Act, 2000 and applicable rules. For the personal data we determine the purpose and means of processing, Communique acts as the Data Fiduciary (equivalent to a data controller).
By using the Website or sharing personal data with us, you acknowledge that you have read and understood this Policy. If you do not agree, please do not use the Website or submit personal data through it.


1. Key Definitions
Personal Data – any data about an individual who is identifiable by or in relation to such data.
Processing – any operation performed on personal data, such as collection, storage, use, sharing, disclosure or erasure.
Data Principal – the individual to whom the personal data relates (you).
Data Fiduciary – the person who determines the purpose and means of processing; here, Communique.
Data Processor – a person who processes personal data on behalf of a Data Fiduciary (e.g. our vetted vendors and cloud providers).
Consent Manager – a Data Protection Board-registered entity through which a Data Principal may give, manage, review and withdraw consent.
Data Protection Board / Board – the Data Protection Board of India established under the DPDP Act.


2. Scope and Applicability
This Policy applies to personal data collected through the Website, contact and enquiry forms, event registration and accreditation systems, microsites we operate for client programmes, and our business correspondence. Where we process personal data solely on behalf of a corporate client (for example, as part of an event we manage for them), that client is the Data Fiduciary and we act as a Data Processor under contract; in such cases the client’s privacy notice governs the processing and this Policy applies only to our own collection.

3. Personal Data We Collect


3.1 Data you provide directly
Your name, email address, phone number, organisation, designation and the content of any enquiry or correspondence you choose to share, including high-level information of individuals who ask us to contact them.


3.2 Data we collect automatically
When your browser accesses the Website, our servers log technical information such as IP address, click-stream data, HTTP protocol elements, page response times, download errors, length of visits, page-interaction data and the method used to navigate away from a page. We also collect cookies and similar identifiers (see Section 15 and our separate Cookie Policy).


3.3 Data from other sources
We may receive limited business-contact information from event clients, partners and publicly available professional sources, used strictly for the bona fide purpose for which it was shared.
We do not seek to collect special-category or sensitive financial data through the Website. Please do not submit payment-card numbers, passwords or government identifiers through Website forms or email.


4. Notice and Lawful Basis for Processing
In line with the DPDP Rules, before or at the time of seeking consent we provide an itemised notice, in clear and plain language, stating: the personal data sought; the specific purpose; the goods, services or uses it enables; how you may exercise your rights; how you may withdraw consent; and how you may make a complaint to the Data Protection Board.
We process personal data on one of the following bases:
Consent – a free, specific, informed, unconditional and unambiguous indication given by a clear affirmative action, for the stated purpose.
Certain legitimate uses – as permitted by the DPDP Act, for example where you voluntarily provide data for a purpose and have not objected, or to comply with law.


5. Purposes of Processing
We use personal data only for purposes that are specified and lawful, including to:
respond to enquiries and provide advisory, event, conference and experience-management services;
administer event registration, accreditation, hospitality and on-ground/virtual access;
operate, secure, maintain and improve the Website and our services;
send service-related and, where you have consented, marketing communications; and
comply with legal, regulatory, audit and security obligations.


6. Consent and Withdrawal
Where we rely on consent, we ask for it through a clear affirmative action (no pre-ticked boxes). You may withdraw consent at any time, and we will make withdrawal as easy as it was to give. You may exercise consent and withdrawal directly with us or, where available, through a Board-registered Consent Manager.
Withdrawing consent does not affect the lawfulness of processing carried out before withdrawal. On withdrawal, we will cease the relevant processing and cause our Data Processors to do the same, unless retention is required by law.


7. Children’s Data and Persons with Disabilities
The Website is intended for a business audience and is not directed at children. Where we knowingly process the personal data of a child (an individual below 18 years) or of a person with a disability who has a lawful guardian, we will obtain verifiable consent from the parent or lawful guardian as required by the DPDP Act and Rules. We do not undertake tracking, behavioural monitoring or targeted advertising directed at children, and we do not process children’s data in a manner likely to cause detrimental effect to their well-being.


8. Your Rights as a Data Principal
Subject to the DPDP Act and Rules, you have the right to:
Access – obtain a summary of the personal data we process about you and the processing activities.
Correction and updating – have inaccurate or incomplete data corrected, completed or updated.
Erasure – request deletion of personal data that is no longer necessary for the purpose for which it was collected.
Grievance redressal – a readily available means to raise grievances about our processing.
Nominate – nominate another individual to exercise your rights in the event of death or incapacity.
Withdraw consent – as described in Section 6.


To exercise any right, contact our Grievance Officer / Data Protection contact (Section 20). We will verify your identity and respond within the timelines prescribed under the DPDP Rules. You also have the right to lodge a complaint with the Data Protection Board of India.


9. Grievance Redressal
We maintain an effective mechanism to receive and address grievances. Please contact our Grievance Officer at info@communiqueindia.com. If your grievance is not resolved to your satisfaction within the period prescribed under the DPDP Rules, you may escalate to the Data Protection Board of India.


10. Data Retention and Erasure
We keep personal data only for as long as necessary for the purpose for which it was collected, or as required to meet legal, regulatory, accounting or security obligations. We periodically review the data we hold and securely delete, destroy or permanently de-identify data for which there is no longer a lawful, business or consumer need. Identifiable data collected for targeting purposes is retained for as short a period as possible.


11. Data Security Safeguards
Consistent with the “reasonable security safeguards” required by the DPDP Rules and with our information-security posture aligned to ISO/IEC 27001:2022, we implement appropriate technical and organisational controls, including: encryption, obfuscation or tokenisation of personal data in transit and, where appropriate, at rest;role-based access control on a need-to-know basis, with strong authentication;logging and monitoring of access to personal data, retained to enable detection and investigation of incidents;secure backups to enable continuity and recovery;network, application and endpoint security, vulnerability management and patching;contractual confidentiality and security obligations on Data Processors and vendors; and a documented Information Security Management System (ISMS) with periodic risk assessment, staff awareness training and review.No method of transmission or storage over the internet is completely secure. While we take every reasonable measure to protect your data, we cannot guarantee absolute security, and any transmission is at your own risk.


12. Personal Data Breach Notification
We operate a breach-response procedure aligned to the DPDP Rules and to ISO/IEC 27001 incident-management controls. In the event of a personal data breach, we will:notify each affected Data Principal without delay, in plain language, describing the nature of the breach, the data involved, the likely consequences, the measures we have taken, the steps you can take to protect yourself, and our contact details; and
notify the Data Protection Board of India of the breach, with the further detailed report furnished within 72 hours (or such longer period as the Board may allow).2


13. Data Sharing, Processors and Third Parties
We do not sell personal data. We share it only: with Data Processors and service providers who process it on our instructions under written contracts containing confidentiality and security obligations; with our event clients where the data was collected for their programme; with professional advisers and auditors; and as required by law (see Section 14). We may share aggregated or anonymised information, such as demographics and Website-usage statistics, which cannot identify you.


14. Cross-Border Data Transfers
Where personal data is transferred to or processed in a country outside India (for example, by a cloud provider), we do so in accordance with the DPDP Act and Rules and any restrictions notified by the Central Government, and we apply contractual and technical safeguards to protect the data. We prefer India-located processing and data residency wherever operationally feasible.


15. Cookies and Similar Technologies
We use cookies and web-server logs to understand how the Website is used, to control access to certain content and to provide tailored information. You can set your browser to notify you before accepting cookies. For full details of the categories we use, their purpose and how to manage your preferences, please see our separate Cookie Policy.


16. Legal Disclosure
We may disclose personal data where we believe in good faith that this is required to comply with a legal obligation, subpoena, court order or lawful request of a governmental authority; to verify or enforce our Terms of Use and policies; to detect, prevent or address fraud, security or technical issues; to respond to an emergency; or to protect the rights, property or safety of Communique, our users or the public.


17. Changes to this Policy
We may update this Policy from time to time to reflect changes in law, technology or our practices. The current version, with its effective date, will always be available on the Website. Material changes will be brought to your notice where required. We encourage you to review this page periodically.


18. Governing Law and Jurisdiction
This Policy is governed by the laws of India. Any claim or dispute relating to this Policy is subject to the exclusive jurisdiction of the courts at New Delhi, India.


19. Consent
By using the Website and providing personal data, you consent to the processing of your personal data as described in this Policy, subject to your right to withdraw consent under Section 6.


20. Contact Us
Data Fiduciary: Communique Marketing Solutions Private Limited
Grievance Officer / Data Protection contact: [Saurabh S]
Email: [info@communiqueindia.com]  |  Address: [83, Udyog Vihar Phase 4, Gurugram , Haryana , India - 122015]   |  

CIN: [ U51909DL2004PTC125109]


© 2026 Communique Marketing Solutions Private Limited. All Rights Reserved.
 

bottom of page