๐Ÿ”’ Legal & Compliance

Privacy Policy

At FOGS Consultants, your privacy is a priority. This policy explains what personal data we collect, why we collect it, how we use it, and your rights under applicable data protection laws.

Effective Date: 21 March 2026  ยท  Governed under UK GDPR & Indian IT Act 2000

1 Information We Collect

We collect information that you provide to us directly, information generated through your use of our website and services, and information obtained from third parties where lawfully permitted.

Information you provide directly:

  • Contact details: full name, business email address, phone number, and company name
  • Enquiry and project details submitted through our contact or quote request forms
  • Candidate information including CVs, employment history, qualifications, and references for recruitment services
  • EPF or ESIC-related documents such as UAN numbers, Aadhaar details, and PAN cards when you engage our statutory compliance services
  • Correspondence records including emails, WhatsApp messages, or phone call notes

Information collected automatically:

  • IP address, browser type, device type, and operating system
  • Pages visited, time spent on pages, referral URLs, and click-through data
  • Cookies and similar tracking technologies (see Section 7)

2 How We Use Your Data

We use personal data for the following purposes:

  • Service Delivery: To provide HR, IT, EPF/ESIC, and recruitment services you have engaged us for
  • Communication: To respond to enquiries, send service updates, and manage ongoing projects
  • Compliance: To fulfil statutory obligations under Indian and UK law, including EPF filings, payroll records, and audit requirements
  • Website Improvement: To analyse usage patterns, fix technical issues, and enhance user experience
  • Marketing: To send relevant service updates or newsletters โ€” only where you have provided explicit consent
  • Legal Protection: To detect fraud, enforce our Terms of Service, and respond to legal claims

We do not use your personal data for automated decision-making or profiling that produces significant legal effects.

3 Legal Basis for Processing

Under UK GDPR and applicable Indian data protection law, we process personal data on the following legal grounds:

  • Contract Performance: Processing is necessary to deliver the services you have requested
  • Legal Obligation: Processing is required to comply with statutory, regulatory, or tax obligations
  • Legitimate Interests: Processing supports our legitimate business interests in communicating with clients and improving our services, where these do not override your rights
  • Consent: Where we rely on consent (e.g. for marketing), you may withdraw it at any time without affecting prior processing

4 Data Sharing & Disclosure

FOGS Consultants does not sell, rent, or trade personal data. We may share information with trusted third parties only under the following circumstances:

  • Service Providers: Trusted vendors such as cloud hosting providers, email platforms, and analytics tools who process data on our behalf under strict data processing agreements
  • Regulatory Bodies: EPFO, ESIC, income tax authorities, or other statutory bodies where mandated by law
  • Professional Advisors: Lawyers, accountants, or auditors where required for business operations or legal compliance
  • Business Transfers: In the event of a merger, acquisition, or asset sale, data may be transferred subject to equivalent privacy protections
  • Legal Requirements: Where disclosure is required by court order, law enforcement, or applicable regulation

All third-party processors are vetted and bound by confidentiality and data protection obligations.

5 Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law.

  • Client and service data: Retained for a minimum of 7 years following the end of a contract, in line with accounting and statutory obligations
  • EPF/ESIC records: Retained in accordance with EPFO and ESIC regulatory requirements
  • Candidate data: Retained for up to 24 months after the conclusion of a recruitment process, unless you request earlier deletion
  • Website analytics data: Aggregated and anonymised within 26 months
  • Marketing consent records: Retained until consent is withdrawn

Upon expiry of the applicable retention period, data is securely deleted or anonymised.

6 Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data. We will respond to verified requests within 30 days.

  • Right of Access: Request a copy of the personal data we hold about you
  • Right to Rectification: Request correction of inaccurate or incomplete data
  • Right to Erasure: Request deletion of your data where there is no lawful basis for retention
  • Right to Restrict Processing: Ask us to suspend processing while a dispute is resolved
  • Right to Data Portability: Receive your data in a structured, machine-readable format
  • Right to Object: Object to processing based on legitimate interests or for direct marketing
  • Right to Withdraw Consent: Withdraw consent at any time where processing relies on it

To exercise any of these rights, contact us at info@fogsconsultants.com.

7 Cookies & Tracking

Our website uses cookies and similar technologies to ensure functionality, analyse traffic, and improve user experience. For full details, please refer to our Cookie Policy.

You can manage cookie preferences through your browser settings at any time. Disabling certain cookies may affect website functionality.

8 International Data Transfers

FOGS Consultants operates across the United Kingdom and India. Personal data may be transferred between these jurisdictions in the course of delivering services.

All cross-border transfers are governed by appropriate safeguards, including standard contractual clauses or equivalent mechanisms, to ensure your data receives the same level of protection regardless of where it is processed.

9 Security

We implement technical and organisational measures proportionate to the risks involved, including but not limited to:

  • Encrypted data storage and transmission (TLS/SSL)
  • Role-based access controls limiting data access to authorised personnel
  • Regular security reviews and vulnerability assessments
  • Incident response procedures for data breaches

In the event of a data breach that poses a risk to your rights, we will notify the relevant supervisory authority and affected individuals as required by law.

10 Children's Privacy

Our services are directed at businesses and adult professionals. We do not knowingly collect personal data from individuals under the age of 18. If you believe we have inadvertently collected such data, please contact us immediately and we will take steps to delete it.

11 Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. The most current version will always be published on this page with an updated effective date. We encourage you to review this policy periodically.

Material changes will be communicated via email or a prominent notice on our website.

12 Contact & Complaints

For any privacy-related queries, requests, or complaints, please contact our Data Protection contact point:

  • Email: info@fogsconsultants.com
  • UK Office: London, United Kingdom
  • India Office: Kochi, Kerala, India
  • UK Phone: +44 7436 382395
  • India Phone: +91 8891 909965

If you are located in the UK and are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk.

Have a privacy concern?

Our team is happy to address any questions about how your data is handled.

โœ‰ Contact Us