Privacy Policy

Last Updated: 29 January 2026

1. Introduction

GFGC (“Company”, “we”, “our”, or “us”) is committed to protecting the privacy and personal data of individuals whose information we process in the course of our business operations, including website visitors, customers, business partners, vendors, and employees.

This Privacy Policy describes how GFGC collects, uses, stores, shares, and protects personal data in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act) and other applicable laws in India.

This policy applies to:

  • Personal data processed through our website (www.gfgc.com)
  • Personal data processed as part of our products, services, platforms, and business engagements
  • Personal data processed in connection with client projects, integrations, and support activities


2. Scope of Personal Data Processed

Depending on the nature of engagement, GFGC may process the following categories of personal data:

2.1 Website and Communication Data

When you visit our website or contact us voluntarily, we may process:

  • Name
  • Email address
  • Phone number (optional)
  • Organization name
  • Inquiry or communication details
  • Technical information such as IP address, browser type, and access logs (for security and performance)

The GFGC website is primarily informational and does not intentionally collect sensitive personal data, financial data, biometric data, health data, or children’s data.

2.2 Business, Client, and Operational Data

As part of providing services to our customers (including BFSI clients), GFGC may process:

  • Customer or applicant identifiers provided by clients
  • Contact and case-related information
  • Verification-related data strictly as instructed by the client
  • System access and audit logs related to authorized users

In such cases, GFGC acts as a data processor or data fiduciary as contractually defined, and processes data strictly for agreed business purposes.


3. Lawful Purpose and Use of Personal Data

GFGC processes personal data only for lawful purposes permitted under the DPDP Act, including:

  • Responding to inquiries and communications
  • Providing contracted products and services
  • Performing verification, workflow, and case management activities as instructed by clients
  • System security, monitoring, audit, and fraud prevention
  • Compliance with legal, regulatory, and contractual obligations
  • Business operations, support, and service improvement

We do not sell personal data or use it for profiling, advertising, or marketing without explicit consent.


4. Consent and Notice

Where required under law, GFGC obtains consent directly or relies on consent obtained by the client (where GFGC acts as a service provider).

Individuals are provided notice regarding:

  • Purpose of data processing
  • Categories of data processed
  • Rights available under applicable law
  • Contact details for grievance redressal


5. Data Storage, Residency, and Transfers

  • Primary business and customer data is stored and processed on Salesforce (India region)
  • Supporting services such as secure file storage and API orchestration may use AWS infrastructure located in India
  • Personal data is logically segregated by clients and protected through platform-level controls
  • Cross-border data transfers, if any, are performed only where legally permitted and contractually agreed


6. Data Security Safeguards

GFGC implements appropriate technical and organizational security measures, including:

  • Encryption of data at rest and in transit
  • Role-based access control (RBAC) and least-privilege access
  • Multi-factor authentication (MFA) for privileged access
  • Logging, monitoring, and audit trails
  • Secure SDLC practices and vulnerability assessments
  • Periodic security testing (including VAPT)

While we follow industry-standard safeguards, no system can be guaranteed to be 100% secure.


7. Data Retention and Deletion

Personal data is retained:

  • Only for as long as necessary to fulfill the stated purpose
  • In accordance with contractual obligations and legal requirements
  • As per defined data retention and purging policies

Upon completion of purpose or termination of engagement, data is securely deleted or returned as agreed.


8. Rights of Data Principals

  • Right to access personal data
  • Right to correction or erasure
  • Right to withdraw consent (where applicable)
  • Right to grievance redressal

Requests may be submitted to: [email protected]

We will respond within timelines prescribed under the DPDP Act.


9. Personal Data Breach Management

GFGC maintains an incident response process to detect, assess, and respond to personal data breaches.

  • Appropriate containment and remediation actions are initiated
  • Affected clients or individuals are notified as required
  • Regulatory authorities (including the Data Protection Board of India) are informed where legally mandated

Security contact: [email protected]


10. Third-Party Processors and Service Providers

GFGC may engage trusted third-party service providers strictly for operational purposes.

  • Bound by contractual confidentiality and data protection obligations
  • Assessed for security and compliance alignment


11. Grievance Redressal

For privacy-related concerns or complaints, contact:
[email protected]
We aim to resolve grievances within 30 days, or as prescribed by law.


12. Cookies and Tracking

The GFGC website uses limited cookies necessary for:

  • Website functionality
  • Security
  • Performance monitoring

We do not use cookies for behavioral profiling or targeted advertising. Users can control cookies through browser settings.


13. Policy Updates

  • Legal or regulatory changes
  • Business or technology changes
  • Security enhancements

The latest version will always be available at www.gfgc.com


14. Contact Information

For general privacy-related queries:
[email protected]
www.gfgc.com

Scroll to Top
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.