Data Privacy Day 2026

At Perfios, privacy is not a checkbox—it’s embedded into how we design, build, operate, and continuously improve our products and services. We protect personal data across its full lifecycle: collection, use, sharing, storage, retention and secure deletion, using a combination of strong governance, proven controls, and disciplined day-to-day operational practices.

Our goal is simple: enable business outcomes while respecting individuals’ privacy and meeting regulatory expectations—in India and globally.

What this means for you: Your customers’ data is protected with the same rigor and accountability as your most sensitive business information, giving you confidence to scale without compromising trust.

How we manage data privacy end-to-end

1) Privacy by design in products and delivery

Privacy is considered early and throughout the product lifecycle—right from requirements and architecture to release and ongoing operations. This includes:

• Purpose-led processing: personal data is processed only for defined and legitimate purposes.
• Data minimisation: we aim to collect and use only what is necessary for the intended purpose.
• Default protection mindset: privacy and security requirements are treated as foundational controls, not add-ons.

2) Transparency & fair processing

We strive to ensure individuals and stakeholders understand how personal data is handled:

• Clear privacy notices and purpose definitions
• Communication that supports informed decision-making
• Internal alignment so teams process data consistently with defined purposes and contractual commitments

3) Adequate security safeguards

We implement layered protection to reduce risk of unauthorised access, misuse, or leakage:

• Role-based access controls (least privilege)
• Segregation of duties where appropriate
• Monitoring and audit trails to support accountability
• Secure handling practices aligned with security governance controls

4) Retention, deletion & lifecycle controls

We treat retention and deletion as core privacy controls—not operational afterthoughts:

• Defined retention periods aligned to business need, contractual commitments, and applicable legal requirements
• Secure deletion when data is no longer required for the defined purpose (or when applicable triggers arise)
• Controls to prevent “data sprawl” and reduce long-term exposure

5) Rights & grievance handling

We support structured mechanisms to respond to data principal/data subject rights requests and concerns:

• Defined intake and handling workflows for rights requests and grievances
• Clear ownership and escalation paths
• Emphasis on timely, consistent, and documented responses

ISO 27701 certified Privacy Information Management System (PIMS)

Perfios maintains an ISO 27701-certified Privacy Information Management System (PIMS), extending our security governance into privacy-specific accountability and controls. This demonstrates that our privacy program is:

• Structured and documented
• Operated with defined roles and responsibilities
• Periodically reviewed and improved through internal governance, audits, and evidence-led operations

This certification strengthens stakeholder confidence that privacy is managed systematically—across people, process, and technology.

Our security and privacy certification portfolio

Our commitment to security and privacy is independently verified through multiple global certifications:

• ISO 27001 (Information Security Management)
• ISO 27017 (Cloud Security Controls)
• ISO 27701 (Privacy Information Management)
• ISO 42001 (AI Management System)
• CSA STAR Level 2 (Cloud Security)
• SOC 2 Type II (Service Organization Controls)

With additional certifications in progress, we continuously strengthen our security posture to meet evolving industry standards and client expectations.

One unified privacy framework: globally grounded, locally compliant

Our privacy framework is built on widely accepted global privacy principles and designed to support compliance with applicable data privacy laws—including India’s DPDP Act, GDPR, and other regional regulations. Core principles include:

• Purpose limitation
• Data minimisation
• Transparency
• Security safeguards
• Accountability
• Rights handling

This approach enables us to scale privacy consistently across products, engagements, and group entities—without fragmented “region-by-region” privacy programs. Whether you operate under GDPR, DPDP, or other frameworks, our controls are designed to support your compliance requirements.

Privacy in practice

At Perfios, privacy protection happens through daily discipline and accountability:

• We collect and process only what’s necessary for defined purposes
• Access to personal data is role-based and monitored
• Data is retained only as long as required, then securely deleted
• Incidents are reported quickly and handled transparently

Questions?

We’re committed to transparency about how we protect the data you entrust to us. If you’d like to discuss our privacy practices or have specific questions about data handling, our team is here to help.

Contact: DPO@perfios.com | Learn more at – https://perfios.ai/perfios-trust-center/

Data Privacy Day reminds us that trust is earned through consistent action. Thank you for trusting Perfios with your business.