Privacy Policy

Privacy Policy

URL: vincoconsult.com/privacy-policy
Last updated: May 2026

Vinco Consultancy & Advisory Services (“Vinco,” “we,” “our,” or “us”) is committed to protecting the privacy of individuals who visit our website (vincoconsult.com) and engage with our services. This Privacy Policy explains how we collect, use, store, share, and protect personal data in accordance with applicable Indian laws, including the Digital Personal Data Protection Act, 2023 (“DPDP Act”) and any rules notified thereunder.

By accessing or using our website, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use our website.

1. Information We Collect

1.1 Information You Provide

We collect personal data that you voluntarily provide to us, including:

  • Contact and enquiry forms — Name, email address, phone number, company name, and industry, when you complete a contact form, enquiry form, or consultation request.
  • Certificate Portal — Email address, when you search for certificates.
  • Learner information — Name, email, programme name, location, and date of training, uploaded by authorised certificate managers for the purpose of generating training certificates.
  • Career applications — Name, email, phone, area of interest, and CV, when you apply through our Careers page.
  • Newsletter subscription — Name, email address, and city, if you choose to subscribe.
  • Training enquiries — Name, email, organisation, and programme interest, when you enquire about training programmes.

1.2 Information Collected Automatically

When you visit our website, certain information is collected automatically through cookies and similar technologies, including:

  • IP address and approximate geographic location.
  • Browser type, operating system, and device information.
  • Pages visited, time spent on pages, and navigation patterns.
  • Referring website or search terms used to find our website.

Analytics information is collected via Google Analytics and is used in aggregate form to improve our website. Analytics cookies are only set after you provide consent through our cookie consent banner.

2. How We Use Your Information

We use personal data only for the purposes notified to you, including:

  • Responding to your enquiries and consultation requests.
  • Generating, storing, and delivering training certificates to learners.
  • Allowing learners to search for and download their certificates.
  • Enabling third-party verification of Certificate of Achievement credentials.
  • Processing career applications.
  • Sending you information about our services, training programmes, and events, where you have opted in.
  • Improving our website, services, and user experience.
  • Complying with legal, regulatory, and tax obligations under applicable Indian law.

3. Lawful Grounds for Processing Personal Data

We process your personal data only on the grounds permitted under the DPDP Act, 2023, namely:

  • Consent — Free, specific, informed, unconditional, and unambiguous consent provided through a clear affirmative action. We rely on consent for newsletter subscriptions, marketing communications, optional analytics cookies, and other voluntary interactions.
  • Certain Legitimate Uses (Section 7 of the DPDP Act) — Where you voluntarily provide personal data for a specified purpose (such as making an enquiry, applying for a role, registering for training, or requesting certificate verification) and have not indicated that you do not consent. We also rely on this ground for the limited purposes recognised under Section 7, including compliance with legal obligations, performance of any function under law, and responding to medical or other emergencies.

We do not rely on “legitimate interest” as a standalone ground, as that concept is not recognised under the DPDP Act.

4. Certificate Portal — Data Handling

Our Certificate Portal stores the following information for each training certificate issued:

  • Learner’s full name.
  • Learner’s email address.
  • Programme/course name.
  • Training location.
  • Date of completion.
  • Certificate ID (for Certificates of Achievement only).
  • The generated certificate PDF.

This data is uploaded by authorised Vinco personnel only and is used exclusively for certificate issuance, learner access, and third-party verification. We do not use learner email addresses for marketing and do not share them with any third party.

Certificate PDFs are stored in a secured directory on our hosting server with restricted access controls.

5. Data Sharing and Third Parties

We do not sell, rent, or trade your personal information to any third party for marketing purposes.

We share your data only in the following limited circumstances:

  • Service providers / Data Processors — We use third-party tools such as Google Analytics, hosting providers, and email-delivery services. These providers process data on our behalf under written terms requiring confidentiality, security, and use limited to the purposes we specify.
  • Legal requirements — We may disclose information where required by law, regulation, legal process, or a lawful request by a government authority under Indian law.
  • Certificate verification — When a third party verifies a Certificate of Achievement, we display only the learner’s name, programme name, location, and date of training. Email addresses are never disclosed during verification.
  • Business transfers — In the event of a merger, acquisition, restructuring, or sale of assets, personal data may be transferred to the successor entity, subject to the same protections set out in this Policy.

6. Data Storage and Security

Your personal data is primarily stored on secure servers located in India. We implement reasonable technical and organisational safeguards, including:

  • SSL/TLS encryption for data transmitted between your browser and our website.
  • Password-protected access to the Certificate Manager, restricted to authorised personnel.
  • Protected upload directories with restricted server access.
  • Regular backups of website data and certificate records.
  • Security plugins and patching to address known vulnerabilities.
  • Access controls ensuring that only authorised personnel can view or modify personal data.

Although we take reasonable precautions, no method of transmission or storage on the internet is fully secure. We cannot guarantee absolute security.

7. Personal Data Breach Notification

In the event of a personal data breach, Vinco will, in accordance with Section 8(6) of the DPDP Act, 2023:

  • Notify the Data Protection Board of India in the form and manner prescribed under the Act and the rules thereunder; and
  • Notify each affected Data Principal of the breach, the type of data involved, the possible consequences, the mitigation measures taken, and the contact details for further information.

We maintain an incident response process to ensure timely identification, containment, and notification of breaches.

8. Data Retention

We retain personal data only for as long as is necessary for the purposes for which it was collected, or for any longer period required or permitted by law:

Data Type Retention Period
Contact form submissions Up to 2 years from the date of submission, then deleted or anonymised
Certificate records (database entry) Up to 7 years from the date of issuance, after which records are deleted unless the learner expressly consents to longer retention or law requires otherwise
Certificate PDF files Retained for the same period as the corresponding certificate record
Career applications Up to 1 year after the position is filled, unless you consent to longer retention for future opportunities
Newsletter subscriber data Until the subscriber opts out / unsubscribes, after which data is deleted
Training enquiry data Up to 2 years from the date of enquiry
Analytics data (Google Analytics) As per Google Analytics default settings (currently 14 months)
Server logs 90 days

Upon expiry of the applicable retention period, personal data is securely deleted or anonymised. Where a Data Principal requests deletion before the end of the retention period, we will comply unless retention is required to satisfy a legal obligation.

9. Your Rights as a Data Principal

Under the DPDP Act, 2023, you have the following rights in respect of your personal data:

  • Right to Access — To obtain a summary of the personal data we are processing, the processing activities undertaken, and the identities of any Data Fiduciaries and Data Processors with whom your personal data has been shared.
  • Right to Correction, Completion, Updating, and Erasure — To have inaccurate, incomplete, or misleading personal data corrected; to have data updated; and to have your personal data erased, subject to any retention required by law.
  • Right to Withdraw Consent — Where processing is based on consent, you may withdraw your consent at any time. Withdrawal will be as easy as giving consent and will not affect the lawfulness of processing carried out before withdrawal.
  • Right to Grievance Redressal — To have your concerns addressed by our Grievance Officer (see Section 11).
  • Right to Nominate — To nominate another individual who may exercise your rights under the DPDP Act in the event of your death or incapacity.
  • Right to Lodge a Complaint with the Data Protection Board of India — If you are not satisfied with our response, you may approach the Data Protection Board of India.
  • Certificate removal — Learners may request removal of their certificate records by contacting our Grievance Officer.

To exercise any of these rights, please contact our Grievance Officer at Lakshman@vincoconsult.com. We will acknowledge your request within 48 hours and respond substantively within 30 days.

10. How to Withdraw Consent

You may withdraw your consent through any of the following methods, each of which is designed to be at least as easy as the manner in which consent was originally given:

  • Click the “unsubscribe” link in any marketing email to opt out of further marketing communications.
  • Use our cookie consent banner to disable optional cookies, or clear cookies through your browser settings.
  • Email Lakshman@vincoconsult.com with the subject line “Withdraw Consent”, specifying the processing you wish to withdraw.

Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal. Where you withdraw consent for processing that is necessary to provide a service (for example, certificate generation), we may no longer be able to provide that service.

11. Grievance Officer

In accordance with the DPDP Act, 2023, we have appointed a Grievance Officer who is the single point of contact for all privacy-related concerns and rights requests:

Grievance Officer: Lakshman Pandey
Designation: Founder & Chief Executive
Email: Lakshman@vincoconsult.com
Phone: +91 99711 70920
Address: Gurugram, Haryana, India
Response Time: Acknowledgment within 48 hours; resolution within 30 days

If you are not satisfied with the resolution provided, you may lodge a complaint with the Data Protection Board of India as established under the DPDP Act, 2023.

12. Children’s Privacy

Our website and services are not directed to individuals under the age of 18. Under the DPDP Act, 2023, processing of personal data of a child requires verifiable parental or lawful-guardian consent. In line with Section 9 of the Act, we do not:

  • Knowingly process personal data of children without verifiable parental consent.
  • Undertake tracking, behavioural monitoring, or targeted advertising directed at children.
  • Process personal data of a child in any manner that is likely to cause detrimental effect on the well-being of the child.

If we become aware that we have inadvertently collected personal data of a child without the required consent, we will delete such data promptly.

13. Cross-Border Data Transfer

Your personal data is primarily stored and processed in India. Some of our service providers (for example, Google Analytics) may process limited data outside India. Where such transfers occur, they are made in accordance with Section 16 of the DPDP Act, 2023, and any restrictions notified by the Central Government. We will not transfer personal data to any country to which transfer has been restricted by the Central Government.

14. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. When we make material changes, we will update the “Last updated” date at the top of this Policy and, where appropriate, notify you by email or through a prominent notice on our website. We encourage you to review this Policy periodically.

15. Contact Us

Vinco Consultancy & Advisory Services
General Enquiries: vinco@vincoconsult.com
Training Enquiries: vinco@vincoconsult.com
Career Enquiries: vinco@vincoconsult.com
Grievance Officer: Lakshman@vincoconsult.com
Phone / WhatsApp (India): +91 99711 70920
Phone / WhatsApp (Nepal): +977 97659 28158
Office: Gurugram, Haryana, India
Office Hours: Monday – Friday, 09:30 – 18:30 IST