1. Introduction

SansoviGCC (“Sansovi”, “we”, “us”, or “our”), a brand under GoodWorks Group, is committed to protecting and respecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your personal information when you visit our website (www.sansovigcc.com), engage our services, or interact with us through any channel.

SansoviGCC is an end-to-end Global Capability Centre (GCC) solutions platform, offering services including GCC-as-a-Service, Employer of Record (EOR), Legal Entity Setup, Workspace Solutions, Talent Solutions, Technology Delivery, and Advisory Services across India and internationally.

By accessing our website or using our services, you consent to the practices described in this Privacy Policy. If you do not agree with the terms herein, please refrain from using our website or services.

2. Company & Data Controller Details

The data controller responsible for your personal information is:

Company Name	SansoviGCC (A GoodWorks Group Company)
Registered Office	Bengaluru, Karnataka, India
Email	contact@goodworklabs.com
Phone (India)	+91-9863077000
Phone (Dubai)	+971-585470072
Website	www.sansovi.com

 

3. Scope of This Policy

This Privacy Policy applies to:

• All visitors to our website and digital properties
• Prospective clients who submit enquiries or contact us
• Clients and their employees using SansoviGCC services
• Candidates and employees managed under our Talent Solutions and EOR services
• Partners, vendors, and suppliers who interact with us
• Individuals who attend our events, webinars, or respond to our marketing communications

This Policy does not cover third-party websites, services, or platforms that may be linked from our website. We encourage you to review the privacy policies of those third parties independently.

4. Information We Collect

We collect personal data through various means. Below is a detailed breakdown:

4.1 Information You Provide Directly

• Identity Information: Full name, job title, designation, company name
• Contact Information: Email address, phone number, mailing address
• Business Information: Company size, industry, business requirements, GCC setup goals
•  Financial Information: Billing details, invoicing data (for clients)
• Recruitment & HR Information: Resume/CV, work history, qualifications, compensation details, identity documents (for candidates and EOR employees)
• Communications: Content of messages, queries, or feedback submitted via our contact forms, email, or chat

4.2 Information Collected Automatically

• Technical Data: IP address, browser type and version, operating system, device identifiers
• Usage Data: Pages visited, time spent on pages, clicks, referral URLs, search queries
• Cookie Data: Session cookies, persistent cookies, analytics and marketing cookies (see Section 12)
• Log Data: Server logs, error reports, access timestamps

4.3 Information from Third Parties

• Business intelligence platforms and data enrichment tools
• LinkedIn, professional directories, and publicly available business data
• Referrals from existing clients or partners
• Background verification agencies (for employment screening with candidate consent)
• Government and regulatory databases (for compliance verification)

 5. How We Use Your Information

We use the personal information we collect for the following purposes, each grounded in a lawful basis:

5.1 Service Delivery

• Setting up and managing GCCs, EOR arrangements, and legal entities on your behalf
• Processing payroll, statutory filings (PAN, GST, EPF, TDS, ROC, RBI), and HR administration
• Providing workspace solutions, talent sourcing, onboarding, and technology delivery
• Managing employment contracts, benefits, and compliance obligations under Indian labor law

5.2 Business Operations & Communication

• Responding to enquiries, quotes, and proposals
• Sending service-related communications, updates, and notifications
• Managing client relationships, account administration, and invoicing
• Coordinating with vendors, legal advisors, and regulatory bodies

5.3 Marketing & Lead Generation

• Sending newsletters, industry reports, and thought leadership content (with your consent or legitimate interest)
• Running targeted advertising campaigns on platforms such as LinkedIn, Google, and Meta
• Conducting webinars, events, and outreach programs
• You may opt out of marketing communications at any time using the unsubscribe link in our emails

5.4 Platform & Product Improvement

• Operating and improving our Unified GCC Platform, NetSkill LMS, and Kriatix.ai
• Conducting analytics, A/B testing, and user research
• Monitoring platform performance, security, and uptime

5.5 Legal & Compliance

• Meeting obligations under the Information Technology Act, 2000, DPDPA 2023 (once operationalised), GST Act, Income Tax Act, Companies Act, and applicable labor laws
• Responding to lawful requests from regulators, courts, or law enforcement
• Fraud prevention, risk management, and audit requirements

6. Legal Basis for Processing

We process your personal data under the following lawful bases:

Legal Basis	When We Apply It
Contractual Necessity	When processing is necessary to fulfil a contract with you (e.g., EOR, GCC setup, talent placement)
Consent	When you voluntarily submit your data via forms, subscribe to marketing, or provide recruitment data
Legitimate Interests	For marketing to business contacts, improving services, fraud prevention, and analytics
Legal Obligation	When required by Indian tax laws, labor regulations, RBI/ROC filings, or court orders
Vital Interests	In exceptional circumstances involving health and safety of individuals

7. How We Share Your Information

We do not sell, rent, or trade your personal information. We may share your data with the following categories of parties under strict confidentiality and data processing obligations:

7.1 Group Companies

Within the GoodWorks Group (including GoodWorkLabs, GoodWorks Spaces, and NetSkill), where necessary to deliver integrated services.

7.2 Service Providers & Technology Partners

• Cloud infrastructure providers (AWS, Azure, GCP) for platform hosting
• HRMS, payroll, and compliance software vendors
• Background verification agencies (with candidate consent)
• Communication tools (email, CRM, video conferencing platforms)
• Marketing and analytics platforms (Google Analytics, LinkedIn Ads, etc.)

7.3 Legal & Regulatory Authorities

• Government agencies: EPFO, ESIC, Income Tax Department, GST Authority, RBI, ROC, MCA
• Courts, tribunals, or law enforcement agencies when legally required
• Auditors and statutory compliance advisors

7.4 Business Transfers

In the event of a merger, acquisition, restructuring, or sale of assets, your data may be transferred as part of that transaction, subject to equivalent privacy protections.

7.5 With Your Consent

In any other circumstances, we will seek your explicit consent before sharing your data.

8. International Data Transfers

SansoviGCC serves clients globally, including from the UAE (Dubai office: +971-585470072), Europe, the United States, and other regions. When personal data is transferred outside India, we ensure appropriate safeguards are in place, including:

• Contractual clauses that impose equivalent data protection standards on recipients
• Transfers only to countries with adequate data protection frameworks
• Explicit consent from data subjects where required
• Compliance with applicable cross-border data transfer regulations under DPDPA 2023 and international standards

9. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes outlined in this Policy, or as required by law. Our general retention principles are:

Data Category	Retention Period
Client & Contract Records	7 years after contract expiry (per Companies Act & Income Tax Act)
Employee & EOR Records	8 years post-employment (EPF, Gratuity, and labor law requirements)
Financial & Tax Records	8 years (Income Tax Act, GST Act)
Recruitment / Candidate Data	12 months post-application, unless hired
Marketing & Enquiry Data	3 years or until opt-out, whichever is earlier
Website & Analytics Data	26 months (Google Analytics default)
Legal & Compliance Correspondence	10 years or as required by applicable law

10. Your Rights as a Data Principal

Under the Digital Personal Data Protection Act, 2023 (DPDPA) and applicable Indian law, you have the following rights:

10.1 Right to Access

You have the right to request a summary of the personal data we hold about you and the purposes for which it is being processed.

10.2 Right to Correction & Update

You may request correction of inaccurate or outdated personal data we hold about you.

10.3 Right to Erasure

You may request deletion of your personal data where it is no longer necessary for the purpose it was collected, subject to legal retention obligations.

10.4 Right to Grievance Redressal

You have the right to raise a grievance regarding the processing of your data. We will respond within 30 days of receiving your request.

10.5 Right to Withdraw Consent

Where processing is based on consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing prior to withdrawal.

10.6 Right to Nominate

Under the DPDPA, you may nominate another individual to exercise your privacy rights in the event of your incapacity or death.

10.7 How to Exercise Your Rights

To exercise any of the above rights, please contact us at:

• Email: contact@goodworklabs.com
• Phone: +91-9863077000
• Subject line: “Privacy Rights Request”

We will respond within 30 business days. Identity verification may be required before processing any request.

11. Data Security

SansoviGCC implements enterprise-grade security measures to protect your personal data from unauthorised access, disclosure, alteration, or destruction. Our security framework includes:

11.1 Technical Safeguards

• AES-256 encryption for data at rest; TLS 1.3 for data in transit
• Multi-Factor Authentication (MFA) for all platform access
• Role-Based Access Control (RBAC) limiting data access to authorised personnel only
• Regular penetration testing, vulnerability assessments, and SOC monitoring
• Automated threat detection and incident response protocols
• Secure DevOps (DevSecOps) practices embedded in our development lifecycle

11.2 Organisational Safeguards

• Mandatory privacy and data security training for all employees
• Non-Disclosure Agreements (NDAs) with employees, contractors, and vendors
• Data minimisation principles applied across all processes
• Regular internal audits and compliance reviews

11.3 Infrastructure Safeguards

• Data hosted on ISO 27001-compliant cloud infrastructure
• 24/7 monitoring and uptime guarantees for platform services
• Business continuity and disaster recovery plans in place

11.4 Data Breach Notification

In the event of a data breach that poses risk to your rights and freedoms, we will notify the relevant regulatory authority (CERT-In / Data Protection Board of India) within the timeframes prescribed by law, and affected individuals will be notified without undue delay.

12. Cookies & Tracking Technologies

Our website uses cookies and similar tracking technologies to improve your browsing experience and understand how our website is used.

12.1 Types of Cookies We Use

Cookie Type	Purpose	Can Be Disabled?
Strictly Necessary	Enable core website functionality (navigation, security, session management)	No – essential for the site to work
Performance & Analytics	Google Analytics, heatmaps – understand how users interact with our site	Yes – via cookie settings
Functional	Remember your preferences, language settings, and form data	Yes – via cookie settings
Marketing & Targeting	LinkedIn Pixel, Google Ads, Meta – track campaign performance and retargeting	Yes – requires opt-in consent
Third-Party Cookies	Embedded content (YouTube, Vimeo) and social sharing buttons	Yes – via cookie settings

You can manage your cookie preferences by clicking the Cookie Settings link on our website, or by adjusting your browser settings. Disabling certain cookies may affect the functionality of our website.

13. Children’s Privacy

SansoviGCC’s services are directed at businesses and professionals. Our website and services are not intended for individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that a minor has submitted personal information, we will delete it promptly. If you believe a minor has provided us with their data, please contact us immediately at contact@goodworklabs.com.

14. Third-Party Links & Integrations

Our website and platform may contain links to third-party websites, tools, or embedded content (e.g., LinkedIn, Google Maps, YouTube). We are not responsible for the privacy practices of those third parties. We encourage you to read the privacy policies of any third-party site before providing your personal information.

Our platform integrations (e.g., HRMS, payroll software, ATS tools) are governed by separate data processing agreements that require equivalent standards of data protection.

15. Marketing Communications

We may send you marketing communications about our GCC services, industry insights, events, and product updates where we have a legitimate interest or your explicit consent.

15.1 Opt-Out

• Click the “Unsubscribe” link in any marketing email
• Email us at contact@goodworklabs.com with the subject “Unsubscribe”
• Call us at +91-9863077000

Please note that even if you opt out of marketing, we may still send you transactional or service-related communications necessary for your ongoing engagement with us.

15.2 B2B Marketing

For business-to-business (B2B) marketing, we may rely on legitimate interests as the lawful basis for contacting professionals at organisations who may benefit from our GCC services, in accordance with applicable law.

16. Regulatory & Compliance Framework

This Privacy Policy is designed to comply with the following applicable legal and regulatory frameworks:

• Digital Personal Data Protection Act, 2023 (DPDPA) – India
• Information Technology Act, 2000 and IT (Amendment) Act, 2008 – India
• Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
• Companies Act, 2013 – India
• Income Tax Act, 1961 – India
• Goods and Services Tax Act, 2017 – India
• Shops and Establishments Act (State-wise, for workspace operations)
• General Data Protection Regulation (GDPR) – EU (for data subjects in the European Economic Area)
• UAE Federal Decree-Law No. 45 of 2021 on Personal Data Protection (for UAE operations)

17. Grievance Officer

In accordance with the Information Technology Act, 2000 and the DPDPA, 2023, we have appointed a Grievance Officer to address data privacy concerns:

Grievance Officer	Data Privacy Team, SansoviGCC
Email	contact@goodworklabs.com
Phone	+91-9863077000
Response Time	Within 30 days of receipt of complaint

If you are not satisfied with the resolution provided by our Grievance Officer, you may escalate your complaint to the Data Protection Board of India (once constituted) or approach the appropriate court of law.

18. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our business practices, regulatory requirements, or technology. When we make material changes, we will:

• Update the “Effective Date” at the top of this document
• Post a prominent notice on our website
• Where required by law, notify you directly by email

We encourage you to review this Privacy Policy periodically. Continued use of our website or services after changes constitutes acceptance of the updated Policy.

19. Governing Law & Dispute Resolution

This Privacy Policy is governed by the laws of the Republic of India. Any disputes arising from or in connection with this Policy shall be subject to the exclusive jurisdiction of the competent courts in Bengaluru, Karnataka, India, unless otherwise required by applicable law in the jurisdiction of the data subject.

20. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or the way we handle your personal data, please contact us through any of the following channels:

Email	contact@goodworklabs.com
Phone (India)	+91-9863077000
Phone (UAE)	+971-585470072
Website	www.sansovi.com
Postal Address	SansoviGCC (A GoodWorks Group Company), Bengaluru, Karnataka, India