Privacy policy.

1. Who we are

This privacy notice is issued by Crescent Quality Certification Pvt Ltd (referred to as "Crescent", "we", "us", or "our" throughout this document), the operator of https://www.crescentqualitycertification.com. Our registered office is at 303 Atmiya Complex, Maneja Crossing, Vadodara — 390013, Gujarat, India. For all privacy-related enquiries, please write to us at info@crecent.co.in.

2. Scope

This notice covers the processing of personal information of visitors to our website, prospects and clients who engage us for consultancy services, and third parties whose information we receive in the course of delivering those services. It does not cover personal information of our employees (covered by our internal HR privacy notice) or personal information we process solely as a processor on behalf of a client (covered by the applicable data processing agreement).

3. Information we collect

We collect the following categories of personal information:

• Contact information — name, work email, phone number, company name, and role — provided when you complete the contact form or correspond with us.
• Enquiry content — the text of the message or the services of interest selected in the contact form.
• Technical information — IP address, browser type, operating system, referring URL, and pages visited — collected automatically by our web server and cookies where applicable.
• Client engagement data — information provided during a consulting engagement, including names and contact details of client personnel, operational documentation, and records created in the course of the engagement.

4. Why we collect it (lawful basis)

We process personal information on the following bases:

• Performance of a contract — where processing is necessary for the engagement we have with you or your organisation.
• Legitimate interests — for responding to enquiries, maintaining our website, and protecting it from abuse; and for the ordinary conduct of our consultancy business, subject to your rights and interests.
• Consent — where you have explicitly opted in, for example to receive newsletters or event invitations.
• Legal obligation — where retention is required by tax, company-law, or regulatory requirements.

5. How we use the information

We use personal information to respond to enquiries; to scope, deliver, and administer consultancy engagements; to manage our client and prospect relationships; to maintain and improve our website; to detect and prevent abuse of our systems; and to comply with our legal obligations. We do not sell personal information to third parties, and we do not use it for advertising profiling.

6. Who we share it with

We share personal information only as necessary:

• With service providers who host our website, send our email, or provide similar infrastructure, subject to confidentiality and data processing terms.
• With certification bodies and accreditors where such sharing is integral to the engagement for which you retained us.
• Where required by law, regulation, or valid legal process.

7. International transfers

Some of our service providers are located outside India. Where personal information is transferred internationally, we apply contractual and technical safeguards consistent with the expectations of applicable data protection laws, including India's Digital Personal Data Protection Act and, where relevant, the EU GDPR.

8. How long we keep it

We retain personal information for the duration of the engagement plus a period reasonable for our legitimate business, tax, and regulatory needs — typically seven years from the end of the engagement unless a longer period is required by law. Enquiry data from our contact form is retained for two years unless it becomes part of a client engagement.

9. Your rights

Subject to applicable law, you have rights in respect of the personal information we hold about you, including the right to access, correct, or erase the information; to object to or restrict processing; to withdraw consent where we rely on it; and to lodge a complaint with a supervisory authority. To exercise any of these rights, please contact the Grievance Officer at info@crecent.co.in. We will respond within the timelines required by applicable law.

10. Cookies and similar technologies

Our website uses only a minimal set of cookies required for essential site functionality and basic analytics. We do not use cookies to profile visitors or to serve targeted advertising.

11. Security

We apply reasonable technical and organisational measures to protect personal information against unauthorised access, loss, or alteration — consistent with the management systems we help our clients build. No system is perfectly secure; in the unlikely event of a breach affecting personal information, we will notify affected parties and regulators in accordance with applicable law.

12. Changes to this notice

We update this notice from time to time. Material changes will be flagged on the website; the "last updated" date above reflects the most recent revision.

13. Grievance officer

In accordance with applicable information-technology rules, privacy-related enquiries and complaints can be directed to our privacy team at info@crecent.co.in, with "Privacy" in the subject line. We will respond within the timelines required by applicable law.