Login Contact Careers
Services Products Industries Insights About

Global Privacy Policy

Last Updated - 21st May, 2026

Who We Are

Cprime is a global consulting organisation offering a range of services like digital transformation, cloud services, software development, and training. We operate through various entities worldwide. The Cprime entity that processes your data will be the "Company," "we," "us," or "our" in this policy. Some of our entities operate under a different trade or brand names; however, all personal data collected or processed in connection with those operations is governed by this Global Privacy Policy.

Cprime Companies (Joint Data Controllers):

Entity Name

Country of Incorporation

Business Address

Cprime, Inc.

USA

5700 Granite Pkwy, Suite 670, Plano, Texas 75024, United States of America

Cprime Consulting Canada ULC

Canada

1133 Melville Street, The Stack, Vancouver, BC V6E 4E5, Canada

Cprime Limited

UK

Bruntwood Platform – Office 3D, New Station Street, Leeds LS1 4JB, England

Cprime Oy

Finland

c/o Gallant Oy, Hämeenkatu 26 A, 33200 Tampere, Finland

Cprime Studios Ukraine LLC

Ukraine

14A Ihorivska Street, Kyiv, 04070, Ukraine

Elabor8 Pty Ltd

Australia

Level 5, 440 Collins Street, Melbourne, VIC, 3000, Australia

Elabor8 (NZL) Pty Limited

New Zealand

Level 4, Grant Thornton House,
152 Fanshaw Street, Auckland, New Zealand

Cprime Technologies India Private Limited

India

9 E, 9th Floor,

IIT Madras Research Park,

Kanagam Road, Taramani,

Chennai - 600 113, India

Cprime Singapore Pte. Ltd.

Singapore

8 Marina View #40-04, Asia Square Tower 1, Singapore 018960

Integrhythm (India) Private Limited

India

Level 9 (9th floor), Block 3, DLF Cyber City, APHB (A.P.H.B.) Colony / Indira Nagar, Plot Nos. 129–132, Gachibowli, Hyderabad, Telangana 500032, India

Integrhythm LLC

USA

5700 Granite Pkwy, Suite 670, Plano, Texas 75024, United States of America

Purpose of This Policy

This Privacy Policy helps you understand:

  • What personal data we collect from you or others.
  • How we use, store, and protect your personal data.
  • Who we might share your personal data with.
  • Your rights regarding your personal data.

Please read this policy along with any other privacy notices we provide.

See Also

Terms & Conditions
Cookie Policy

Children's Privacy

Our websites are for adults. We do not knowingly collect information from children under 18 (or the relevant age of consent in your country). By using our websites, you represent that you are at least 18 years of age, or that you are the parent or guardian of a minor and consent to such minor’s use of our websites. If you believe your child has provided us with personal data, please Contact Us.

What Data We Collect

We may collect different types of personal data, including:

  • Identity Data: Your name, title, username, gender, job title, company, and sometimes national insurance/social security/passport/driver's license numbers and situational photos.
  • Contact Data: Billing and delivery addresses (including office), personal and company email and phone numbers.
  • Financial Data: Bank account and payment card details.
  • Transaction Data: Information about your payments, orders, and products/services you've bought or downloaded.
  • Technical Data: Your IP address, location, how you use our websites (visits, content viewed, clicks), login info, browser details, cookies, and other tech info. This includes online identifiers such as IP addresses, cookie identifiers, device geolocation, and similar data used for analytics and marketing purposes.
  • Profile Data: Your username, password, purchases, call records, interests, preferences, feedback, and survey responses.
  • Employment & Educational Data: Course/training records, CV, employer details, role, past jobs, superannuation, residency, next of kin contact, office location, and educational institution.
  • Usage Data: How you use our websites, products, and services.
  • Marketing & Communications Data: Your preferences for receiving marketing from us and partners.
  • Visitor Data: Information about your visits to our offices/venues, including date, time, accident reports, and CCTV footage (where allowed at law).
  • Job Applicant Data: Information you or a recruitment agency provide for job applications, including referee details.

Sensitive Personal Data / Special Categories of Data

We generally do not collect 'sensitive personal data' or 'special categories of data' (as defined under certain privacy laws, such as the GDPR), which includes information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

Where we do collect such data, for example:

For employment purposes: This may include health information for accommodations, or national identification numbers as required by law for payroll and taxation.

With your explicit consent: For specific services where you choose to provide it.

We process such data only when strictly necessary and with heightened security measures. The legal bases for processing sensitive data will always be one of the following: explicit consent, necessity for employment, social security or social protection law, vital interests of the data subject, or where it is necessary for reasons of substantial public interest, all in accordance with applicable laws.

How We Collect Your Data

We gather information in a few ways:

  • Automatically: As you navigate our websites, we gather browsing and technical data using cookies, server logs, and similar technologies. See our Cookie Policy for details.
  • Directly From You: When you request or use our services, register an account, complete forms, or communicate with us (e.g., inquiries, contract signing, course applications, visiting our premises, or job applications). All personal information you provide to us must be true, complete, and accurate, and you must notify us of any changes to such personal information. Where practicable, we prefer to collect personal information directly from you rather than from third parties.
  • From Third Parties:
    • Business partners or organizations that enroll you in our courses (they should have informed you and directed you to this policy).
    • Service providers who help us deliver consulting, engineering, software development, implementation, managed services, marketing, analytics, training, and support services.
    • Organizations that have sold us marketing lists (they should have informed you and directed you to this policy).
    • Our affiliated companies.
    • Recruitment agencies, credit reference agencies, background check agencies, and your references.
    • Publicly available sources (e.g., government websites, social media, public databases).
  • Algorithmic Data: Information that may be used for statistical analysis or the development and improvement of our AI models.

How We Use Your Personal Data

We use your data for various purposes, supported by one or more legal bases. We are committed to the principle of data minimization, ensuring that we collect and process only the personal data necessary for the stated purposes.

Providing Services: To deliver courses, materials, and support. This includes sharing data with independent instructors who are contractually obligated to keep it confidential. (Legal basis: contract performance, legal obligations, our legitimate interests in providing services and managing relationships).

  • Managing Performance: To track your progress in training and courses. (Legal basis: contract performance, our legitimate interests in ensuring effective service delivery).
  • Processing Payments: For invoices and payment collection. (Legal basis: contract performance, our legitimate interests in efficient financial management and debt recovery).
  • Improving Services: For quality control, training, and enhancing our offerings. (Legal basis: our legitimate interests in business improvement and service innovation).
  • Benchmarking & Statistics: For analysis and improving our business and marketing. (Legal basis: our legitimate interests in understanding market trends and optimizing business strategy).
  • Personalizing Your Experience: To tailor your experience on our websites and optimize user experience. (Legal basis: consent for cookies, our legitimate interests in enhancing user engagement and website functionality).
  • Customer Service: To respond to inquiries and requests. (Legal basis: contract performance, our legitimate interests in providing effective support and maintaining customer satisfaction).
  • Important Communications: To send you service-related information, updates, and security alerts. (Legal basis: legal obligation, our legitimate interests in keeping you informed about service updates and security).
  • Monitoring Trends: To understand user behavior and improve content. (Legal basis: consent for cookies, legal obligation, our legitimate interests in improving our offerings and understanding user behavior ).
  • Sales & Marketing Evaluation: To track sales and assess marketing campaigns. (Legal basis: your consent, our legitimate interests in assessing the effectiveness of our campaigns and optimizing our outreach).
  • Tracking Usage & Performance: To improve services, products and delivery. (Legal basis: our legitimate interests in optimizing our services, products, and operational efficiency).
  • Marketing Photos/Videos: Occasionally capturing situational photos or videos at events for marketing (not individual participants). (Legal basis: your consent, our legitimate interests in promoting our brand and services through visual media).
  • Contractual Obligations: To fulfil agreements with you or your employer. (Legal basis: contract performance, our legitimate interests in fulfilling our commitments and managing business relationships).
  • Business Management: To operate and protect our business, including in business sales or restructurings. (Legal basis: legal obligation, our legitimate interests in managing our corporate structure and protecting our assets).
  • Marketing: To send you information about products and services you might like. We'll get your consent where needed and always provide an unsubscribe option. We never sell your name or contact details to third parties for their marketing. (Legal basis: your consent, our legitimate interests in promoting our services and engaging with potential clients).
  • Site Administration & Security: Troubleshooting, data analysis, system maintenance, fraud prevention. (Legal basis: legal obligation, our legitimate interests in ensuring the security and integrity of our systems and preventing fraudulent activities).
  • Relevant Content & Ads: To deliver personalized content and measure ad effectiveness. (Legal basis: consent for cookies, our legitimate interests in delivering tailored content and improving marketing relevance).
  • Data Analytics: To improve our websites, services, marketing, and customer relationships. (Legal basis: consent for cookies, legal obligation, our legitimate interests in improving our services, marketing strategies, and customer understanding).
  • Online Advertising: To show you relevant ads while you browse the internet or social media. (Legal basis: your consent, our legitimate interests in promoting our brand and services through digital channels).
  • Job Applications: To process applications, conduct background checks, and potentially enter into employment. (Legal basis: steps prior to contract, legal obligation, our legitimate interests in evaluating candidates and managing our recruitment processes).
  • Research & Development: For new services and products, which may include using anonymized or aggregated data for statistical analysis or the development of AI models. (Legal basis: our legitimate interests in fostering innovation and developing new solutions).
  • Training & Surveys: Related to our services. (Legal basis: contract performance, our legitimate interests in enhancing our service quality and gathering valuable feedback).
  • Protecting Business Interests: To protect our and our clients' interests. (Legal basis: legal obligation, our legitimate interests in safeguarding our assets and ensuring legal compliance).
  • Explicit Consent: For any purpose where you have given us explicit consent. (Legal basis: your consent).
  • Legal Compliance: To comply with laws, regulations, or enforce our policies. (Legal basis: legal obligation, our legitimate interests in upholding legal standards and protecting our legal standing).
  • Product and Service Updates
  • Event Invitations
  • Newsletters
  • Industry Insights and Whitepapers
  • Cprime Affiliated Companies: Who operate, provide, improve, and market our services and perform our internal business processes/services.
  • Certification Organizations: If you attend a certified training course in person or online or complete our e-learning.
  • Third-Party Service Providers: Who help us operate, provide, improve, and market our services. These providers may include:
  • Cloud hosting providers (e.g., for data storage and infrastructure)
  • Analytics providers (e.g., for website usage analysis)
  • Payment processors (e.g., for handling transactions)
  • Customer relationship management (CRM) platforms
  • Email marketing and communication services
  • IT support and security providers
  • Advertising and lead generation platforms
  • Content optimization services
  • Retargeting platforms
  • Web and mobile analytics platforms
  • We have contracts in place with our data processors. They cannot use your personal data except as instructed by us, must keep it confidential and secure, and will not share it with any other organization apart from us. Where we share personal data with overseas recipients, we take reasonable steps to ensure that those recipients handle your personal data in a manner consistent with this Policy and applicable law. We remain responsible for ensuring that your personal data is protected in accordance with applicable data protection laws.
  • Third Parties with Your Consent: (e.g., pension or medical benefits providers).
  • Legal & Regulatory Bodies: When required by law or to enforce our rights. This includes compliance with applicable law, governmental requests, judicial proceedings, court orders, or legal processes, including in response to public authorities to meet national security or law enforcement requirements.
  • Vital Interests: We may disclose your personal data where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person and illegal activities, or as evidence in litigation in which we are involved.
  • In Business Transactions, Such as a sale or restructuring of our business.
  • Marketing Data: As long as you wish to receive marketing from us (you can opt out anytime by filling in the form at Contact Us).
  • Contract & Purchase History: At least 7 years (or longer if legally required) after your account closes, for future reference, after-sales inquiries, claims, and tax purposes. This may be archived.
  • Visitor Data & CCTV: For the maximum periods allowed by law.
  • Cookies: Until they expire or you disable them. See our Cookie Policy.
  • Job Applicant Data: If you are not hired, we typically retain your application data for 3 years to consider you for future opportunities, unless you request earlier deletion or legal requirements dictate otherwise.
  • Accuracy: Please notify us of any changes to your personal data, especially contact information, so we can keep it accurate.
  • Security: We use strong organizational and technical security measures to protect your data and address breaches. To further demonstrate our commitment to data security and privacy, we are actively undergoing the Service Organization Control 2 (SOC 2) Type 2 certification process, which includes a comprehensive independent audit of our systems and controls. While we strive for security, data transmission over the internet is never 100% secure. Transmission of personal data to and from our websites is at your own risk. You should only access our websites within a secure environment. In the unlikely event of a data breach, we will take steps to mitigate any loss or destruction of data and, if required by law, will notify you and any applicable authority of such a breach.
  • Data Breaches: For Australian residents, we will notify the Office of the Australian Information Commissioner (OAIC) and affected individuals of eligible data breaches as soon as practicable and generally within 30 days of becoming aware of a breach, in accordance with the Notifiable Data Breaches scheme. For New Zealand residents, we will notify the Office of the Privacy Commissioner (OPC) and affected individuals of privacy breaches that are likely to cause serious harm, in accordance with the Privacy Act 2020. For Singapore residents, we will notify the Personal Data Protection Commission (PDPC) within 3 business days of assessing that a notifiable data breach has occurred, and will notify affected individuals without undue delay, in accordance with Singapore’s Personal Data Protection Act.
  • If your data is transferred outside the UK, EEA, or Switzerland to countries not deemed to provide an adequate level of data protection by the relevant authorities, we ensure appropriate safeguards are in place (e.g., standard contractual clauses, or, for UK transfers, the International Data Transfer Agreement (IDTA) as applicable).
  • By using our services and providing your data, you acknowledge and understand that your personal data will be processed in these international locations, subject to the aforementioned appropriate safeguards and applicable local laws.
  • We ensure our service providers comply with local data protection and security laws.
  • For personal data collected from individuals in India: transfer of such data outside India are made in accordance with the Digital Personal Data Protection Act 2023 (DPDPA) and any applicable government notifications issued thereunder specifying permitted transfer destinations. We will not transfer personal data of Indian residents to jurisdictions that have been restricted by the Indian government under the DPDPA.
  • Right of Access: Request a copy of your personal data.
  • Right to Rectification: Ask us to correct inaccurate data.
  • Right to Erasure: Request deletion of your data (with legal exceptions).
  • Right to Restriction of Processing: Ask us to limit how we use your data.
  • Right to Object to Processing: Object to our use of your data.
  • Right to Data Portability: Obtain your personal data in a portable, common, and machine-readable format.
  • Right to Withdraw Consent: If we rely on your consent, you can withdraw it anytime.
  • Right to Lodge a Complaint: File a complaint with a supervisory authority (e.g., Information Commissioner’s Office in the UK, Finnish Data Protection Ombudsman in Finland).
  • Right to Know: What personal information we collect, its sources, purpose of collection, categories of third parties it's shared with, and the specific pieces of data.
  • Right to Know Disclosures/Sales/Sharing: What personal information we've disclosed, sold, or shared, and with whom.
  • Right to Request Deletion: Ask us to delete your personal information (subject to exceptions).
  • Right to Correct Inaccurate Information: Request correction of inaccurate personal information.
  • Right to Opt-Out of Sale/Sharing: You can opt out of the "sale" or "sharing" of your personal information (as defined under California law, which includes sharing for cross-context behavioral advertising).
  • Right to Limit Sensitive Personal Information Use: This right generally doesn't apply to how we use your sensitive data, as our uses are necessary for providing services, security, or improving our offerings.
  • Right to Non-Discrimination: You won't be discriminated against for exercising your rights.
  • Access: The right to know if your personal information is being used and to get a copy of it.
  • Correction: The right to ask us to correct inaccurate or incomplete information.
  • Deletion: The right to ask us to delete your data if there's no good reason for us to keep it.
  • Restriction: The right to ask us to limit how we use your data.
  • Objection: The right to object to us using your data.
  • Portability: The right to receive an electronic copy of your data in a common, machine-readable format or have it sent to another organization.
  • Right to Nominate: You have the right to nominate another individual to exercise your data protection rights on your behalf in the event of your death or incapacity. To register a nominee, please contact us at privacy@cprime.com.
  • Grievance Redressal: If you have a grievance regarding the processing of your personal data, you may contact our designated Grievance Officer at privacy@cprime.com. We will acknowledge your grievance within 48 hours and resolve it within 30 days of receipt, in accordance with the DPDPA.
  • Consent: Where we rely on your consent to process your personal data under the DPDPA, we will provide you with a clear, plain-language notice of the personal data to be processed and the purpose of processing, and will seek your specific, informed, and unambiguous consent before processing. You may withdraw consent at any time by contacting us at privacy@cprime.com, and we will cease processing within a reasonable period. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
  • Duties of Data Principal: When providing personal data to us, you agree not to impersonate another individual, suppress material information, or make false or frivolous complaints or grievances.
  • Withdrawal of Consent: You may withdraw consent for our processing of your personal data at any time by contacting us at privacy@cprime.com. We will inform you of the consequences of withdrawal before processing your request. Withdrawal does not affect the lawfulness of processing before withdrawal.
  • Data Portability: Where technically feasible, you may request that we transmit your personal data directly to another organization in a structured, commonly used format.
  • Legal Bases for Processing: In addition to consent, we may process your personal data in Singapore based on legitimate interests or deemed consent by contractual necessity, where permitted under the PDPA 2021 amendments and applicable PDPC advisory guidelines.
  • UK: Information Commissioner's Office (ICO) — ico.org.uk
  • Australia: Office of the Australian Information Commissioner (OAIC) — oaic.gov.au
  • New Zealand: Office of the Privacy Commissioner (OPC) — privacy.org.nz
  • Singapore: Personal Data Protection Commission (PDPC) — pdpc.gov.sg
  • Finland: Office of the Data Protection Ombudsman — tietosuoja.fi
  • USA: +1 (877) 800-5221
  • UK: +44 (0) 203 811 0424
  • Australia: +61 1300 352 278
  • India: +91 809 351 9009

Marketing

We may collect your identity and contact details (like your name, email, phone number, or address) to send you information about our products and services that might interest you. We might get this directly from you, or from a third party where allowed under the applicable laws. If we get your details from a third party, we'll send you a notice and respect your communication preferences.

You can always opt out of receiving our marketing. To do this, simply Contact Us. If we send you marketing emails, we'll get your consent if needed and always include an unsubscribe option. If you opt out, we'll add you to our suppression list to ensure you don't receive future marketing from us.

We never share your name or contact details with third parties for their marketing purposes. We may use third-party service providers to send our marketing, but they can only use your information under our instructions and must keep it confidential and secure.

You can update your marketing preferences anytime by filling out the form in the Contact Us section on our website. You can request to receive specific types of communications, such as:

  • Product and Service Updates
  • Event Invitations
  • Newsletters
  • Industry Insights and Whitepapers

For residents of Singapore: if you receive marketing communications from us via telephone or SMS, you may register with Singapore’s Do Not Call (DNC) Registry to opt out of such communications. We will honour DNC registrations in accordance with Singapore’s Personal Data Protection Act.

Sharing Your Personal Data

We do not sell your information to advertisers or other third parties for their direct marketing. We may share your information with:

  • Cprime Affiliated Companies: Who operate, provide, improve, and market our services and perform our internal business processes/services.
  • Certification Organizations: If you attend a certified training course in person or online or complete our e-learning.
  • Third-Party Service Providers: Who help us operate, provide, improve, and market our services. These providers may include:
  • Cloud hosting providers (e.g., for data storage and infrastructure)
  • Analytics providers (e.g., for website usage analysis)
  • Payment processors (e.g., for handling transactions)
  • Customer relationship management (CRM) platforms
  • Email marketing and communication services
  • IT support and security providers
  • Advertising and lead generation platforms
  • Content optimization services
  • Retargeting platforms
  • Web and mobile analytics platforms
  • We have contracts in place with our data processors. They cannot use your personal data except as instructed by us, must keep it confidential and secure, and will not share it with any other organization apart from us. Where we share personal data with overseas recipients, we take reasonable steps to ensure that those recipients handle your personal data in a manner consistent with this Policy and applicable law. We remain responsible for ensuring that your personal data is protected in accordance with applicable data protection laws.
  • Third Parties with Your Consent: (e.g., pension or medical benefits providers).
  • Legal & Regulatory Bodies: When required by law or to enforce our rights. This includes compliance with applicable law, governmental requests, judicial proceedings, court orders, or legal processes, including in response to public authorities to meet national security or law enforcement requirements.
  • Vital Interests: We may disclose your personal data where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our policies, suspected fraud, situations involving potential threats to the safety of any person, illegal activities, or as evidence in litigation in which we are involved.
  • In Business Transactions: Such as a sale or restructuring of our business.

Data Retention

We keep your personal data for as long as needed to provide services, or as required by law. When calculating the appropriate retention period for your data, we consider the nature and sensitivity of the data, the purposes for which we are processing the data, and any applicable statutory retention periods. We regularly review the data we hold.

  • Marketing Data: As long as you wish to receive marketing from us (you can opt out anytime by filling in the form at Contact Us).
  • Contract & Purchase History: At least 7 years (or longer if legally required) after your account closes, for future reference, after-sales inquiries, claims, and tax purposes. This may be archived.
  • Visitor Data & CCTV: For the maximum periods allowed by law.
  • Cookies: Until they expire or you disable them. See our Cookie Policy.
  • Job Applicant Data: If you are not hired, we typically retain your application data for 3 years to consider you for future opportunities, unless you request earlier deletion or legal requirements dictate otherwise.
  • Accuracy: Please notify us of any changes to your personal data, especially contact information, so we can keep it accurate.
  • Security: We use strong organizational and technical security measures to protect your data and address breaches. To further demonstrate our commitment to data security and privacy, we are actively undergoing the Service Organization Control 2 (SOC 2) Type 2 certification process, which includes a comprehensive independent audit of our systems and controls. While we strive for security, data transmission over the internet is never 100% secure. Transmission of personal data to and from our websites is at your own risk. You should only access our websites within a secure environment. In the unlikely event of a data breach, we will take steps to mitigate any loss or destruction of data and, if required by law, will notify you and any applicable authority of such a breach.
  • Data Breaches: For Australian residents, we will notify the Office of the Australian Information Commissioner (OAIC) and affected individuals of eligible data breaches as soon as practicable and generally within 30 days of becoming aware of a breach, in accordance with the Notifiable Data Breaches scheme. For New Zealand residents, we will notify the Office of the Privacy Commissioner (OPC) and affected individuals of privacy breaches that are likely to cause serious harm, in accordance with the Privacy Act 2020. For Singapore residents, we will notify the Personal Data Protection Commission (PDPC) within 3 business days of assessing that a notifiable data breach has occurred, and will notify affected individuals without undue delay, in accordance with Singapore’s Personal Data Protection Act.
  • If your data is transferred outside the UK, EEA, or Switzerland to countries not deemed to provide an adequate level of data protection by the relevant authorities, we ensure appropriate safeguards are in place (e.g., standard contractual clauses, or, for UK transfers, the International Data Transfer Agreement (IDTA) as applicable).

Data Accuracy & Security

  • Accuracy: Please notify us of any changes to your personal data, especially contact information, so we can keep it accurate.
  • Security: We use strong organizational and technical security measures to protect your data and address breaches. To further demonstrate our commitment to data security and privacy, we are actively undergoing the Service Organization Control 2 (SOC 2) Type 2 certification process, which includes a comprehensive independent audit of our systems and controls. While we strive for security, data transmission over the internet is never 100% secure. Transmission of personal data to and from our websites is at your own risk. You should only access our websites within a secure environment. In the unlikely event of a data breach, we will take steps to mitigate any loss or destruction of data and, if required by law, will notify you and any applicable authority of such a breach.
  • Data Breaches: For Australian residents, we will notify the Office of the Australian Information Commissioner (OAIC) and affected individuals of eligible data breaches as soon as practicable and generally within 30 days of becoming aware of a breach, in accordance with the Notifiable Data Breaches scheme. For New Zealand residents, we will notify the Office of the Privacy Commissioner (OPC) and affected individuals of privacy breaches that are likely to cause serious harm, in accordance with the Privacy Act 2020. For Singapore residents, we will notify the Personal Data Protection Commission (PDPC) within 3 business days of assessing that a notifiable data breach has occurred, and will notify affected individuals without undue delay, in accordance with Singapore’s Personal Data Protection Act.
  • If your data is transferred outside the UK, EEA, or Switzerland to countries not deemed to provide an adequate level of data protection by the relevant authorities, we ensure appropriate safeguards are in place (e.g., standard contractual clauses, or, for UK transfers, the International Data Transfer Agreement (IDTA) as applicable).
  • By using our services and providing your data, you acknowledge and understand that your personal data will be processed in these international locations, subject to the aforementioned appropriate safeguards and applicable local laws.
  • We ensure our service providers comply with local data protection and security laws.
  • For personal data collected from individuals in India: transfer of such data outside India are made in accordance with the Digital Personal Data Protection Act 2023 (DPDPA) and any applicable government notifications issued thereunder specifying permitted transfer destinations. We will not transfer personal data of Indian residents to jurisdictions that have been restricted by the Indian government under the DPDPA.

International Data Transfer

Cprime is a global company, so your data may be transferred between our entities and third-party service providers (and their subcontractors) located worldwide, including the United States (USA), United Kingdom (UK), India, and Australia.

Third-Party Links

Our websites may link to other websites, platforms or applications. We are not responsible or liable for their privacy practices or their applications and websites. Always review their privacy policies before providing any personal data to these websites/applications.

  • Accuracy: Please notify us of any changes to your personal data, especially contact information, so we can keep it accurate.
  • Security: We use strong organizational and technical security measures to protect your data and address breaches. To further demonstrate our commitment to data security and privacy, we are actively undergoing the Service Organization Control 2 (SOC 2) Type 2 certification process, which includes a comprehensive independent audit of our systems and controls. While we strive for security, data transmission over the internet is never 100% secure. Transmission of personal data to and from our websites is at your own risk. You should only access our websites within a secure environment. In the unlikely event of a data breach, we will take steps to mitigate any loss or destruction of data and, if required by law, will notify you and any applicable authority of such a breach.
  • Data Breaches: For Australian residents, we will notify the Office of the Australian Information Commissioner (OAIC) and affected individuals of eligible data breaches as soon as practicable and generally within 30 days of becoming aware of a breach, in accordance with the Notifiable Data Breaches scheme. For New Zealand residents, we will notify the Office of the Privacy Commissioner (OPC) and affected individuals of privacy breaches that are likely to cause serious harm, in accordance with the Privacy Act 2020. For Singapore residents, we will notify the Personal Data Protection Commission (PDPC) within 3 business days of assessing that a notifiable data breach has occurred, and will notify affected individuals without undue delay, in accordance with Singapore’s Personal Data Protection Act.
  • If your data is transferred outside the UK, EEA, or Switzerland to countries not deemed to provide an adequate level of data protection by the relevant authorities, we ensure appropriate safeguards are in place (e.g., standard contractual clauses, or, for UK transfers, the International Data Transfer Agreement (IDTA) as applicable).
  • By using our services and providing your data, you acknowledge and understand that your personal data will be processed in these international locations, subject to the aforementioned appropriate safeguards and applicable local laws.
  • We ensure our service providers comply with local data protection and security laws.
  • For personal data collected from individuals in India: transfer of such data outside India are made in accordance with the Digital Personal Data Protection Act 2023 (DPDPA) and any applicable government notifications issued thereunder specifying permitted transfer destinations. We will not transfer personal data of Indian residents to jurisdictions that have been restricted by the Indian government under the DPDPA.

International Data Transfer

Cprime is a global company, so your data may be transferred between our entities and third-party service providers (and their subcontractors) located worldwide, including the United States (USA), United Kingdom (UK), India, and Australia.

Third-Party Links

Our websites may link to other websites, platforms or applications. We are not responsible or liable for their privacy practices or their applications and websites. Always review their privacy policies before providing any personal data to these websites/applications.

Do-Not-Track Features

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. No uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Policy.

Automated Decision-Making

We do not make decisions about you based solely on automated processing (including profiling) that produce legal or similarly significant effects, except where permitted or required by law. Where we use algorithmic tools or AI models to assist with analysis or service improvement, these processes are subject to human oversight and do not result in solely automated decisions that significantly affect you. If this changes, we will update this Policy and, where required by law, obtain your consent or provide you with the right to request human review of any such decision.

Most web browsers and some mobile operating systems and mobile applications include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. No uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Policy.

Your Rights (UK, EEA, Switzerland Residents)

If you are in the UK, EEA, or Switzerland, you may have the following rights regarding your personal data:

  • Right of Access: Request a copy of your personal data.
  • Right to Rectification: Ask us to correct inaccurate data.
  • Right to Erasure: Request deletion of your data (with legal exceptions).
  • Right to Restriction of Processing: Ask us to limit how we use your data.
  • Right to Object to Processing: Object to our use of your data.
  • Right to Data Portability: Obtain your personal data in a portable, common, and machine-readable format.
  • Right to Withdraw Consent: If we rely on your consent, you can withdraw it anytime.
  • Right to Lodge a Complaint: File a complaint with a supervisory authority (e.g., Information Commissioner’s Office in the UK, Finnish Data Protection Ombudsman in Finland).
  • Right to Know: What personal information we collect, its sources, purpose of collection, categories of third parties it's shared with, and the specific pieces of data.
  • Right to Know Disclosures/Sales/Sharing: What personal information we've disclosed, sold, or shared, and with whom.
  • Right to Request Deletion: Ask us to delete your personal information (subject to exceptions).
  • Right to Correct Inaccurate Information: Request correction of inaccurate personal information.
  • Right to Opt-Out of Sale/Sharing: You can opt-out of the "sale" or "sharing" of your personal information (as defined under California law, which includes sharing for cross-context behavioral advertising).
  • Right to Limit Sensitive Personal Information Use: This right generally doesn't apply to how we use your sensitive data, as our uses are necessary for providing services, security, or improving our offerings.
  • Right to Non-Discrimination: You won't be discriminated against for exercising your rights.

To exercise these rights (except lodging a complaint with a supervisory authority), please contact us in writing with proof of identity and address and specify the right you wish to exercise. We aim to respond within one month of receipt of your request. Where a request is complex or we receive a high volume or requests, we may extend this period by a further two months and will notify you accordingly.

If you have questions regarding our data protection practices or wish to exercise any of your rights, you may also contact our Data Protection Officer at privacy@cprime.com.

Your Rights (USA Residents)

If you are a US resident, your state laws (like California's CCPA/CPRA) may grant you specific rights regarding your personal data, including:

California Shine the Light (Civil Code § 1798.83): California residents may request, once per year and free of charge, information about the categories of personal data (if any) we disclosed to third parties for direct marketing purposes in the immediately preceding calendar year, and the names and address of those third parties. To make such a request, please contact us using the details below.

California Minors (Civil Code § 22581): If you are under 18 years of age and a California resident with a registered account, you may request removal of content or information you have publicly posted. To make such a request, please contact us with your account email address and a statement that you reside in California.

Verification Process: To protect your privacy, we will verify your identity before fulfilling requests. This may involve matching data points you provide with our records, and for specific data requests, may require a signed declaration.

Response Time: We will response to verifiable consumer requests within 45 days of receipt. Where necessary, we may extend this period by a further 45 days and will notify you of the extension within the initial 45-day period, in accordance with applicable law.

To exercise your rights: Call us at (877) 800-5221 or email us at privacy@cprime.com.

Other US State Residents: Residents of other US states with applicable privacy laws (including Virginia, Colorado, Connecticut, Texas, and others) may have similar rights to those described above. Please contact us at privacy@cprime.com to exercise any rights available to you under your state’s applicable law.

Note on "Sale" and "Sharing" (California): We do not "sell" your personal information in the common sense. However, under California law, certain data shared with advertising and social media partners (via cookies, if you accept them) for cross-context behavioral advertising might be considered a "sale" or "sharing." We do not have actual knowledge of selling or sharing personal information of consumers under 16 years of age.

Your Rights (Other Locations Including Australia, New Zealand, Singapore, India)

If you reside in Australia, New Zealand, Singapore, India, or other locations where we provide services, you also have rights under applicable laws. These may include:

  • Access: The right to know if your personal information is being used and to get a copy of it.
  • Correction: The right to ask us to correct inaccurate or incomplete information.
  • Deletion: The right to ask us to delete your data if there's no good reason for us to keep it.
  • Restriction: The right to ask us to limit how we use your data.
  • Objection: The right to object to us using your data.
  • Portability: The right to receive an electronic copy of your data in a common, machine-readable format or have it sent to another organization.
  • Right to Nominate: You have the right to nominate another individual to exercise your data protection rights on your behalf in the event of your death or incapacity. To register a nominee, please contact us at privacy@cprime.com.
  • Grievance Redressal: If you have a grievance regarding the processing of your personal data, you may contact our designated Grievance Officer at privacy@cprime.com. We will acknowledge your grievance within 48 hours and resolve it within 30 days of receipt, in accordance with the DPDPA.
  • Consent: Where we rely on your consent to process your personal data under the DPDPA, we will provide you with a clear, plain-language notice of the personal data to be processed and the purpose of processing, and will seek your specific, informed, and unambiguous consent prior to processing. You may withdraw consent at any time by contacting us at privacy@cprime.com, and we will cease processing within a reasonable period. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.
  • Duties of Data Principal: When providing personal data to us, you agree not to impersonate another individual, suppress material information, or make false or frivolous complaints or grievances.
  • Withdrawal of Consent: You may withdraw consent for our processing of your personal data at any time by contacting us at privacy@cprime.com. We will inform you of the consequences of withdrawal before processing your request. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
  • Data Portability: Where technically feasible, you may request that we transmit your personal data directly to another organization in a structured, commonly used format.
  • Legal Bases for Processing: In addition to consent, we may process your personal data in Singapore on the basis of legitimate interests or deemed consent by contractual necessity, where permitted under the PDPA 2021 amendments and applicable PDPC advisory guidelines.

Additional Rights for Indian Residents (Digital Personal Data Protection Act 2023):

  • Right to Nominate: You have the right to nominate another individual to exercise your data protection rights on your behalf in the event of your death or incapacity. To register a nominee, please contact us at privacy@cprime.com.
  • Grievance Redressal: If you have a grievance regarding the processing of your personal data, you may contact our designated Grievance Officer at privacy@cprime.com. We will acknowledge your grievance within 48 hours and resolve it within 30 days of receipt, in accordance with the DPDPA.
  • Consent: Where we rely on your consent to process your personal data under the DPDPA, we will provide you with a clear, plain-language notice of the personal data to be processed and the purpose of processing, and will seek your specific, informed, and unambiguous consent prior to processing. You may withdraw consent at any time by contacting us at privacy@cprime.com, and we will cease processing within a reasonable period. Withdrawal of consent does not affect the lawfulness of processing carried out prior to withdrawal.
  • Duties of Data Principal: When providing personal data to us, you agree not to impersonate another individual, suppress material information, or make false or frivolous complaints or grievances.
  • Withdrawal of Consent: You may withdraw consent for our processing of your personal data at any time by contacting us at privacy@cprime.com. We will inform you of the consequences of withdrawal before processing your request. Withdrawal does not affect the lawfulness of processing prior to withdrawal.
  • Data Portability: Where technically feasible, you may request that we transmit your personal data directly to another organization in a structured, commonly used format.
  • Legal Bases for Processing: In addition to consent, we may process your personal data in Singapore on the basis of legitimate interests or deemed consent by contractual necessity, where permitted under the PDPA 2021 amendments and applicable PDPC advisory guidelines.

Additional Rights for Singapore Residents (Personal Data Protection Act 2012):

  • We may charge a reasonable fee for certain requests or deny requests if we cannot confirm your identity or if the request is unfounded or excessive (where allowed under applicable laws). We will inform you in writing if this happens.

  • We aim to respond to all requests within 30 days. Where a request is complex or we receive a high volume of requests, we will notify you and may extend this period as permitted by applicable law.

Cookies

We use cookies to personalize your experience on our websites. These are small data files sent to your browser that may be stored on your device. You can block or delete our cookies, but this might affect some website features. We also use other tracking technologies. For more details, please see our Cookie Policy.

You can manage your cookie settings through our Cookie Consent Manager on our website.

Policy Amendments

We may update this Privacy Policy at any time. The most current version will always be available on our website at https://www.cprime.com/privacy-policy/. The updated version will be effective as soon as it is accessible. We encourage you to check this policy from time to time for changes.

Your continued use of our websites or interactions with us will constitute your acceptance of the updated policy. If you disagree with any changes to this policy, you must not access or use our services or interact with any other aspect of our business.

This policy is subject to regular review, typically on an annual basis, to ensure its continued relevance and effectiveness.

How to Contact Us

You have the right to lodge a complaint with your local data protection supervisory authority, including:

  • UK: Information Commissioner's Office (ICO) — ico.org.uk
  • Australia: Office of the Australian Information Commissioner (OAIC) — oaic.gov.au
  • New Zealand: Office of the Privacy Commissioner (OPC) — privacy.org.nz
  • Singapore: Personal Data Protection Commission (PDPC) — pdpc.gov.sg
  • Finland: Office of the Data Protection Ombudsman — tietosuoja.fi
  • USA: +1 (877) 800-5221
  • UK: +44 (0) 203 811 0424
  • Australia: +61 1300 352 278
  • India: +91 809 351 9009

For questions or concerns about this Privacy Policy, to update/correct/delete your information, or to manage your marketing preferences, please contact us.

Email: privacy@cprime.com

Mail: Cprime Inc, 5700 Granite Pkwy, Suite 670, Plano, TX 75024, United States of America

Telephone:

Data Protection / Grievance Officer: The Cprime General Counsel is the Cprime group’s Data Protection Officer and Grievance Officer and can be contacted on privacy@cprime.com