Our Commitment to Your Privacy
Your privacy matters to us. Securexocean is committed to handling your personal information responsibly and transparently. This page explains what personal data we collect, the reasons we collect it, how we use it, and the rights available to you as an individual whose data we process.
Please take the time to read this carefully. Using our website, products, or services means you agree to the collection and use of your information as described here.
Defining Personal Data
Personal data is any information that can identify a specific individual — directly or indirectly. This includes but is not limited to your name, email address, phone number, job title, and IP address.
Data We Collect From You
We collect only what is necessary for legitimate business purposes.
When you contact us, request a consultation, register for an event, or engage our services, you may be asked to provide information such as your full name, email address, phone number, designation, and organization name.
If you are using our cybersecurity services, we may collect additional professional information from you or through your employer — including your address, job title, and relevant organizational details.
We may also collect personal information from publicly available sources or through our business partners where appropriate. Individuals exploring careers with Securexocean may provide relevant personal information during that process.
Our Reasons for Collecting Your Information
We collect personal information exclusively to interact with you and to deliver our services effectively. Information is used only for the specific purpose it was provided for. We do not sell your personal data to any third party under any circumstances.
How We Use Your Personal Data
- We process personal information for the following specific purposes:
- Delivering the cybersecurity services or products you have requested or contracted
- Communicating with you and responding to your enquiries in a timely manner
- Personalizing and improving your experience on our website and service platforms
- Developing and refining our service offerings to better serve our clients
- Meeting our obligations under applicable laws and regulatory frameworks
How We Use Your Personal Data
We process your personal data on one or more of the following grounds:
Consent — where you have provided explicit permission for a specific processing activity
Performance of a Contract — where processing is necessary to deliver a service you have engaged us for, or to take steps at your request before entering a contract.
Legal Compliance — where processing is required to fulfil obligations under applicable law, including CERT-In directions, RBI guidelines, and other regulatory requirements
Legitimate business interests — where processing serves our legitimate operational interests in a way that does not override your rights and freedoms
When and With Whom We Share Your Data
We do not sell, rent, or trade personal information. We may share your data only in the following limited circumstances:
Technology and service partners — third parties who support our operations through hosting, communications, and project tools. These providers act on our instructions under contractual data protection obligations.
Regulatory and legal bodies — when disclosure is required by law, court order, or a regulatory authority such as CERT-In, law enforcement, or other bodies with lawful authority.
Group companies and Affiliates — within our business group where necessary for the delivery of services.All client engagement data including infrastructure details, security findings, credentials, and technical documentation is governed by executed NDAs and is never shared outside the engagement team without explicit written authorization from the client.
Rights Over Your Personal Data
You hold specific rights in relation to the personal data we hold about you:
Right to access — request a copy of the personal data we hold about you.
Right to rectification — request correction of any inaccurate or incomplete data.
Right to erasure — request deletion of your personal data where we no longer have a lawful basis for processing it.
Right to object — object to processing carried out on the basis of legitimate interests or for direct marketing purposes.
Right to data portability — request your data in a structured, commonly used format for transfer to another controller where technically feasible.
Right to withdraw consent — where processing is consent-based, withdraw that consent at any time without affecting prior processing.
Exercising Your Rights
To exercise any of the rights described above, contact us at privacy@securexocean.com
We will respond within 30 days of receiving your request. Identity verification may be required before we process certain requests.
How Long We Keep Your Data
We retain personal information only for as long as needed to fulfil the purposes for which it was collected, or as required by law. Engagement and project records are kept for up to 7 years in line with professional record-keeping standards. Technical documentation and credentials provided during service engagements are managed under the applicable NDA and are not retained beyond the period specified in that agreement.
Security of Your Information
Securexocean holds ISO 27001, ISO 9001, and ISO 20000 certifications — standards we apply to our own internal operations. We have implemented robust security controls to protect personal data, including access restrictions, encryption, and defined incident response procedures.
While we take every reasonable precaution, no method of electronic transmission or storage is completely immune to risk. We encourage you to keep your credentials and systems secure at all times.
If you suspect any security concern involving your personal data in connection with our services, contact us immediately at privacy@securexocean.com
Our Use of Cookies
Our website uses cookies to support essential functionality and to understand how visitors engage with our content. Essential cookies are necessary for the site to operate. Analytics cookies provide aggregate insights into visitor behavior without identifying you personally. You can manage cookie preferences through your browser settings. We do not use cookies for advertising purposes.
When and With Whom We Share Your Data
India — Digital Personal Data Protection Act 2023 — The DPDP Act governs the processing of personal data of Indian residents and applies to organizations both within and outside India that offer goods or services to Indian residents. It establishes consent requirements, data principal rights, cross-border transfer restrictions, security safeguards, and financial penalties for violations. Securexocean complies with the obligations imposed by the DPDP Act applicable to our role as a Data Fiduciary.
European Union — General Data Protection Regulation (GDPR) — Where we process personal data of individuals in the EU or UK, we comply with GDPR requirements including lawful basis for processing, data subject rights, breach notification, and international transfer safeguards.
United States — California Consumer Privacy Act (CCPA) — California residents have rights under the CCPA including the right to know what information is collected, the right to request deletion, and the right to opt out of data sales. We do not sell personal information. California residents may exercise their rights by contacting us directly.
Updates to This Policy
We may update this Privacy Policy from time to time. Any changes will be published on this page with a revised effective date. For significant changes, we will provide notice through our website or by direct communication. Continued use of our website or services after any update constitutes acknowledgment of the revised policy.
Get in Touch
For privacy concerns, complaints, or questions about this policy, reach us at:
Securexocean Mumbai, Maharashtra, India Email:privacy@securexocean.com Phone:+91 (0)22 0000 0000
We take your trust seriously and will respond to all privacy-related requests promptly and appropriately.
