Privacy Policy

Phenom Outsourcing Services Pvt Ltd ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website or use our services.

1. Information We Collect

1.1 Personal Information

We may collect personal information that you voluntarily provide to us when you:

• Register for our services
• Fill out contact forms
• Subscribe to our newsletter
• Communicate with us via email, phone, or chat
• Apply for employment

This information may include:

• Name and contact information (email, phone number, address)
• Business information (company name, industry, size)
• Financial information (only as necessary for service delivery)
• Login credentials
• Payment information

1.2 Automatically Collected Information

When you visit our website, we may automatically collect:

• IP address and location data
• Browser type and version
• Device information
• Pages visited and time spent
• Referral source
• Cookies and similar tracking technologies

1.3 Client Data

As part of providing Accounting and Taxation Services, we process financial data on behalf of our clients. This may include:

• Financial statements and records
• Transaction data
• Tax information
• Employee payroll data
• Vendor and customer information

2. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery: To provide, maintain, and improve our Accounting and Taxation Services
• Communication: To respond to inquiries, send updates, and provide customer support
• Billing: To process payments and manage accounts
• Marketing: To send newsletters, promotional materials (with consent)
• Legal Compliance: To comply with legal obligations and protect our rights
• Analytics: To understand how our services are used and improve user experience
• Security: To detect, prevent, and address fraud and security issues

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), we process personal data based on:

• Consent: You have given explicit consent for processing
• Contract: Processing is necessary to fulfill our service agreement
• Legal Obligation: We must comply with legal requirements
• Legitimate Interests: Processing serves our legitimate business interests

4. How We Share Your Information

We do not sell your personal information. We may share information with:

4.1 Service Providers

• Cloud hosting providers (AWS, Microsoft Azure)
• Payment processors
• Email service providers
• Analytics tools (Google Analytics)

4.2 Legal Requirements

We may disclose information if required by law, court order, or government request.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5. Data Security

We implement comprehensive security measures to protect your information:

• Encryption: 256-bit SSL/TLS encryption for data in transit
• Secure Storage: AES-256 encryption for data at rest
• Access Controls: Role-based access with multi-factor authentication
• Monitoring: 24/7 security monitoring and intrusion detection
• Certifications: ISO 27001, SOC 2 Type II compliance
• Regular Audits: Annual security assessments and penetration testing
• Employee Training: Mandatory security and privacy training
• NDAs: All employees sign non-disclosure agreements

6. Data Retention

We retain personal information for as long as necessary to:

• Provide our services to you
• Comply with legal obligations (typically 7 years for accounting records)
• Resolve disputes and enforce agreements
• Fulfill the purposes outlined in this Privacy Policy

Upon termination of services, client data is:

• Returned to the client in agreed format
• Retained for 30 days for transition purposes
• Securely deleted after retention period

7. Your Rights

Depending on your location, you may have the following rights:

7.1 GDPR Rights (EEA)

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data ("right to be forgotten")
• Restriction: Limit how we use your data
• Portability: Receive your data in a portable format
• Objection: Object to processing based on legitimate interests
• Withdraw Consent: Withdraw consent at any time

7.2 CCPA Rights (California)

• Know what personal information is collected
• Know if personal information is sold or disclosed
• Opt-out of the sale of personal information
• Request deletion of personal information
• Non-discrimination for exercising rights

To exercise these rights, contact us at [email protected]

8. Cookies and Tracking Technologies

We use cookies and similar technologies to:

• Essential Cookies: Enable core website functionality
• Analytics Cookies: Understand how you use our site (Google Analytics)
• Marketing Cookies: Deliver relevant advertisements
• Preference Cookies: Remember your settings and preferences

You can control cookies through your browser settings. Note that disabling cookies may affect website functionality.

9. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these sites. We encourage you to review their privacy policies.

10. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware of such collection, we will delete the information immediately.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place:

• Standard Contractual Clauses (SCCs) for EU transfers
• Adequacy decisions where applicable
• Binding Corporate Rules for intra-group transfers

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on our website
• Updating the "Last Updated" date
• Sending email notification for significant changes

Continued use of our services after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us:

EU Representative: For matters related to GDPR compliance, you may also contact our EU representative at [email protected]