Skip to main content
Legal

Privacy Policy

Last updated: 30 June 2026

1. Introduction

FairIT Solutions is a brand operated by TRNM Digital Consulting LLP ("we", "us", "our"). This Privacy Policy explains how we collect, use, store, and protect information about you when you use our website at fairitsolutions.ch, our consultation services, and any communications you have with us.

This policy is designed to meet the requirements of India's Digital Personal Data Protection Act, 2023 (DPDP Act), the EU General Data Protection Regulation (GDPR), and the revised Swiss Federal Act on Data Protection (revFADP).

2. Who we are

TRNM Digital Consulting LLP is the legal entity behind the FairIT Solutions brand and is the data controller for the purposes of the India DPDP Act, the GDPR, and the revised Swiss FADP. Our principal place of business is in Pune, India, with operating offices in Switzerland and Germany and a registered office in Alibag (Raigad), India. The same data-protection standards apply across all locations.

3. Data we collect

  • Contact information: name, email address, phone number, company name, job title
  • Communication data: messages you send us via contact forms, email, calls, or chat
  • Engagement data: budget bands, timelines, service interests, company size (provided during consultation requests)
  • Technical data: IP address, browser type, device, pages visited, referrer, session duration (via privacy-respecting analytics)
  • Marketing data: newsletter subscription status, click and open data on emails you receive from us

We do not knowingly collect data from individuals under 16.

4. How we use your data

  • To respond to enquiries and deliver our services
  • To prepare proposals, scopes, and engagement documents
  • To send transactional and service-related communications
  • To send marketing communications where you have opted in (or where permitted as a soft opt-in to existing clients)
  • To improve our website, services, and user experience
  • To detect, prevent, and respond to fraud or abuse
  • To comply with legal, tax, and accounting obligations

5. Legal basis for processing (GDPR Art. 6)

  • Consent: for marketing emails and non-essential cookies
  • Contract: to provide the services you have requested
  • Legitimate interests: service improvement, security, business development with B2B contacts where reasonably expected
  • Legal obligation: tax, accounting, regulatory compliance

Under the India DPDP Act, our lawful grounds are typically your consent and certain "legitimate uses" defined in the Act (such as responding to your enquiry or fulfilling a contract).

6. Data retention

We retain personal data only as long as necessary for the purposes set out in this policy or as required by applicable law.

  • Lead and enquiry data: 3 years from last meaningful interaction, after which it is anonymised or deleted. The 3-year period reflects the typical B2B sales cycle and post-engagement follow-up window in our industry.
  • Client engagement records: 10 years (statutory accounting and contractual requirement)
  • Newsletter subscribers: until unsubscribe request
  • Website analytics: 14 months

7. Cross-border data transfers (India ↔ EU ↔ Switzerland)

Because the controlling entity is based in India and we serve clients globally with operating presence in Switzerland and Germany, personal data may be transferred between these jurisdictions and to sub-processors in the EU, UK, and US. We rely on the following mechanisms:

  • EU/EEA → India: Standard Contractual Clauses (SCCs) plus supplementary technical and organisational measures
  • Switzerland → India: the Swiss FADP transfer regime, including SCCs adapted to Swiss requirements and the FDPIC-recognised safeguards
  • EU/EEA → US sub-processors: SCCs or EU-US Data Privacy Framework certification where applicable
  • India → outside India: made only in compliance with the DPDP Act and applicable notifications

8. Your rights

Subject to applicable law, you have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Erase your data ("right to be forgotten")
  • Restrict or object to processing
  • Port your data to another controller in a structured, machine-readable format
  • Withdraw consent at any time (without affecting the lawfulness of prior processing)
  • Lodge a complaint with a supervisory authority (Swiss FDPIC, your local EU DPA, or India's Data Protection Board)
  • Nominate another individual to exercise rights on your behalf in the event of incapacity (DPDP Act)

To exercise these rights, email privacy@fairitsolutions.ch. We will respond within 30 days (or 1 month under GDPR; sooner where reasonably possible).

9. Data Protection point of contact

FairIT Solutions has not formally appointed a Data Protection Officer (DPO) because our processing does not currently meet the mandatory DPO thresholds under GDPR Art. 37 (large-scale systematic monitoring or large-scale special-category processing). Privacy matters are nonetheless escalated through a single point of contact:

Privacy contact: privacy@fairitsolutions.ch

For DPDP Act matters, the same contact functions as the designated Data Protection Officer / Grievance Officer in India.

10. Data security

We implement appropriate technical and organisational measures including TLS encryption in transit, encryption at rest, role-based access control, least-privilege for sub-processors, regular security reviews, and a documented incident-response plan.

11. Breach notification

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will:

  • Notify the competent supervisory authority within 72 hours of becoming aware of the breach (GDPR Art. 33; revFADP).
  • Notify affected individuals without undue delay where the breach is likely to result in a high risk.
  • Notify the Data Protection Board of India in accordance with the DPDP Act and applicable rules.

12. Sub-processors and third-party services

We use trusted sub-processors to operate our services. Categories include cloud hosting and infrastructure, transactional email, customer support tooling, privacy-respecting analytics, and payment processing. All sub-processors are bound by written data-processing agreements equivalent in protection to this policy. A current list is available on request.

13. Cookies and analytics

We use a minimal set of cookies and similar technologies. Non-essential cookies (analytics, marketing) require your consent. See our Cookie Policy for details, including the specific analytics provider in use.

14. Automated decision-making

We do not engage in any automated decision-making — including profiling — that produces legal or similarly significant effects on you.

15. Changes to this policy

We may update this policy from time to time. Material changes will be highlighted on this page with a revised "last updated" date. Where required, we will obtain your consent again.

16. Contact

For privacy-related enquiries, please email privacy@fairitsolutions.ch or visit our Contact page.