Privacy Policy

1. Who We Are

Accord Compliance is a division of Accordix Group Private Limited, a company incorporated in India under the Companies Act, 2013. We operate an independent digital accessibility audit and compliance institution at accordcompliance.org.

For the purposes of this Privacy Policy, 'Accord Compliance', 'we', 'us', and 'our' refer to Accordix Group Private Limited and its Accord Compliance division. 'You' and 'your' refer to individuals who visit our website, submit enquiries, engage our services, or otherwise interact with us.

We act as a Data Fiduciary under India's Digital Personal Data Protection Act, 2023 (DPDP Act) and as a Data Controller for the purposes of applicable international data protection laws including the EU General Data Protection Regulation (GDPR) where we process data of EU residents.

2. What Personal Data We Collect

2.1 Data You Provide Directly

When you interact with our website or services, you may provide us with personal data including:

  • Name and professional title
  • Organisation name and role
  • Email address
  • Telephone number
  • Postal address or location information
  • Details of the digital assets, regulatory context, or compliance matter you wish to discuss
  • Any other information you include in enquiry forms, email correspondence, or service requests

2.2 Data Collected Automatically

When you visit our website, we or our service providers may automatically collect certain technical data including:

  • IP address
  • Browser type and version
  • Operating system
  • Referring website URLs
  • Pages visited and time spent on pages
  • Date and time of your visit
  • Device type

This data is typically collected via cookies, web server logs, and analytics tools. Please see Section 7 (Cookies) for further detail.

2.3 Data From Third-Party Sources

We may receive information about you from third parties such as professional networking platforms (e.g. LinkedIn), referral partners, or publicly available professional directories, where you have made such information publicly available.

2.4 Data We Do Not Collect

Accord Compliance does not knowingly collect:

  • Personal data from children under 18 years of age
  • Sensitive personal data (as defined under the DPDP Act) unless specifically required for a service and collected with explicit consent
  • Financial account or payment card information (payment processing, where applicable, is handled by secure third-party providers)

3. How We Use Your Personal Data

We use personal data we collect for the following purposes:

3.1 Responding to Enquiries

When you submit an enquiry through our website or contact us directly, we use your contact details and enquiry information to respond to your request, assess whether our services are suitable for your needs, and provide relevant information about our services.

Legal basis (GDPR / DPDP): Legitimate interest in responding to professional enquiries; performance of pre-contractual steps.

3.2 Service Delivery

When you engage our services, we use your personal and organisational data to scope, conduct, and deliver accessibility audits, compliance assessments, and other contracted services; prepare and deliver audit reports and other deliverables; communicate with you during and after the engagement; and issue invoices and manage payment.

Legal basis: Performance of a contract.

3.3 Legal and Regulatory Compliance

We may process personal data where necessary to comply with our legal obligations under Indian law (including the DPDP Act, the IT Act, and taxation laws), or to respond to lawful requests from courts, regulators, or law enforcement authorities.

Legal basis: Legal obligation; legitimate interest in legal compliance.

3.4 Improving Our Services

We may use aggregated, anonymised data about how individuals interact with our website and services to improve our offerings, website design, and user experience. We do not use identifiable personal data for this purpose.

Legal basis: Legitimate interest in service improvement.

3.5 Communications and Updates

Where you have provided consent or where we have a legitimate interest to do so, we may send you information about regulatory developments, accessibility standards updates, our services, or industry news that we believe may be of professional interest.

Legal basis: Consent; legitimate interest (for existing professional contacts in a B2B context).

You may withdraw consent or opt out of communications at any time — see Section 8 (Your Rights).

4. How We Share Your Personal Data

Accord Compliance does not sell, rent, or trade personal data. We share personal data only in the following limited circumstances:

4.1 Service Providers and Sub-Processors

We engage trusted third-party service providers who process data on our behalf to deliver services. These may include:

  • Cloud hosting and data storage providers
  • Email and communication platforms
  • Analytics service providers (see Section 7)
  • Payment processing providers (for fee collection)
  • Specialist accessibility testing partners engaged under confidentiality obligations

All third-party processors are required to handle personal data in accordance with applicable law and our data processing agreements.

4.2 Legal Requirements

We may disclose personal data if required to do so by applicable law, court order, or the direction of a competent regulatory authority, or where we believe disclosure is necessary to protect our legal rights or the rights of others.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of all or part of our business, personal data held by us may be transferred to the successor entity, subject to equivalent privacy protections.

4.4 With Your Consent

We may share your information with third parties with your express prior consent for purposes not listed above.

5. International Data Transfers

Accord Compliance is based in India. Where personal data is transferred to or accessed from countries outside India, including for cloud hosting or tool usage, we ensure appropriate safeguards are in place in accordance with the DPDP Act and applicable international data protection requirements.

For individuals in the European Economic Area (EEA), we comply with GDPR requirements for cross-border data transfers, including use of Standard Contractual Clauses (SCCs) or adequacy decisions where applicable.

For individuals in the United Kingdom, we comply with the UK GDPR and Data Protection Act 2018.

6. Data Retention

We retain personal data only for as long as necessary for the purposes for which it was collected, or as required by applicable law.

  • Enquiry and pre-engagement correspondence: up to 2 years from last contact, or until the enquiry is resolved
  • Client engagement data and audit deliverables: up to 7 years from completion of engagement (for legal, audit, and tax record purposes)
  • Website analytics data: as configured with our analytics provider (typically 14 months for GA4)
  • Marketing communications data: until you withdraw consent or opt out

When data is no longer required, it is deleted or anonymised in a manner that prevents recovery.

7. Cookies and Tracking Technologies

7.1 What Cookies We Use

Our website uses cookies and similar tracking technologies. We use the following categories:

Essential Cookies

These cookies are necessary for the website to function. They cannot be disabled. They include session management cookies and security cookies that prevent fraudulent use.

Analytics Cookies

We use Google Analytics 4 (GA4) via Google Tag Manager to understand how visitors interact with our website. GA4 collects anonymised usage data including pages visited, session duration, and general geographic region. IP addresses are anonymised. Analytics data is processed by Google in accordance with their privacy policy.

Analytics cookies are only placed with your consent where required by applicable law.

Preference Cookies

Where applicable, these cookies remember your preferences (e.g. cookie consent choices) to improve your experience on return visits.

7.2 Managing Cookies

When you first visit our website, you will be presented with a cookie consent notice (where legally required). You can manage cookie preferences at any time through your browser settings or our cookie preference centre.

Disabling cookies may affect the functionality of certain parts of the website.

8. Your Rights

Depending on your location and applicable law, you have the following rights in relation to your personal data:

8.1 Right of Access

You have the right to request confirmation of whether we hold personal data about you and, if so, to receive a copy of that data.

8.2 Right to Correction

You have the right to request correction of inaccurate or incomplete personal data we hold about you.

8.3 Right to Erasure

You have the right to request deletion of your personal data where we no longer have a lawful basis to retain it, subject to our legal record-keeping obligations.

8.4 Right to Restrict Processing

In certain circumstances, you may request that we restrict the processing of your personal data while we address your concerns.

8.5 Right to Data Portability

Where processing is based on consent or contract and carried out by automated means, you may request that we provide your data in a structured, commonly used, machine-readable format.

8.6 Right to Object

You have the right to object to processing of your personal data where we rely on legitimate interest as the legal basis, or where data is processed for direct marketing purposes.

8.7 Right to Withdraw Consent

Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.

8.8 Exercising Your Rights

To exercise any of these rights, please contact us at the details in Section 11. We will respond to requests within the timelines required by applicable law (typically 30 days). We may need to verify your identity before processing your request.

8.9 Right to Complain

You have the right to lodge a complaint with the relevant data protection authority in your jurisdiction. In India, complaints may be directed to the Data Protection Board of India once established under the DPDP Act. EU residents may complain to their national data protection authority (supervisory authority).

9. Data Security

Accord Compliance implements appropriate technical and organisational measures to protect personal data against unauthorised access, disclosure, alteration, or destruction. These measures include:

  • Encrypted data transmission (HTTPS / TLS)
  • Access controls limiting data access to authorised personnel on a need-to-know basis
  • Regular review of security practices and third-party processor arrangements
  • Confidentiality obligations for all staff and contractors handling personal data

No system of data security is impenetrable. In the event of a personal data breach, we will notify affected individuals and relevant authorities in accordance with applicable legal requirements and within required timeframes.

10. Children's Privacy

Our website and services are directed at business and professional users. We do not knowingly collect personal data from individuals under 18 years of age. If we become aware that we have inadvertently collected personal data from a minor, we will delete it promptly. If you believe we may have collected data from a minor, please contact us immediately.

11. Contact Us

For any questions, concerns, or requests relating to this Privacy Policy or the processing of your personal data, please contact us at:

Accord Compliance — Data Privacy
Accordix Group Private Limited

For GDPR-specific enquiries from EEA residents, please mark your communication 'GDPR Request' and we will ensure it is addressed within the required 30-day timeframe.

12. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. The updated Policy will be posted on this page with a revised effective date. We encourage you to review this Policy periodically. Where changes are material, we will take reasonable steps to notify you directly.