Legal

Privacy Policy

Effective from 1 January 2026. Issued by eEasy interMESH Private Limited (operator of the TrulyCertify brand) in compliance with India's Digital Personal Data Protection Act, 2023.

1. Who We Are

This privacy policy is issued by eEasy interMESH Private Limited, a Private Limited Company incorporated under the Companies Act, 2013, India, with registered office at Jaipur, Rajasthan, India ("we", "our", "us", or "TrulyCertify"). TrulyCertify is the trading brand under which we provide ISO certification facilitation services through the website trulycertify.com.

2. Personal Data We Collect

When you interact with us — by submitting an enquiry form, contacting us by WhatsApp, email, or telephone, or engaging us for certification services — we may collect the following categories of personal data:

  • Contact details: name, email, telephone, WhatsApp number, company name, designation, country.
  • Business information: industry, ISO standard of interest, scope of operations, locations, headcount, target markets.
  • Engagement records: correspondence, proposals, engagement letters, invoices.
  • Technical data: IP address, browser type, device information, pages visited, and analytics events captured via Google Analytics 4. Cookie preferences captured at first visit.

3. Purposes of Processing

We process personal data only for the following specific, lawful purposes:

  • To respond to your enquiry and provide a tailored quote.
  • To deliver the certification facilitation services you engage us for.
  • To coordinate audits with IAF-accredited certification bodies.
  • To send service updates, surveillance-audit reminders, and renewal notices.
  • To meet our legal, tax, and accounting obligations under Indian law.
  • To improve our website, services, and customer experience based on aggregated analytics.

4. Lawful Basis (DPDP Act, 2023)

Under India's DPDP Act, 2023, we rely on the following lawful bases:

  • Consent — captured at the point of form submission, where you explicitly agree to be contacted and to our processing of your data.
  • Legitimate use — for performance of the certification facilitation contract you engage us for, and for compliance with applicable Indian laws.

5. Sharing of Personal Data

We share personal data only as necessary to deliver the service, and only with the following categories of recipients:

  • IAF-accredited certification bodies engaged on your behalf — for audit scheduling and certificate issuance.
  • Service providers supporting our operations: cloud hosting (Google Cloud), email (Google Workspace), customer-relationship management, analytics (Google Analytics 4), and document storage.
  • Government and regulatory authorities where required by law (Income-Tax Department, GST authorities, accreditation bodies on lawful request).
  • Professional advisors (legal, audit, tax) bound by confidentiality.

We do not sell or rent personal data. We do not share it for third-party marketing.

6. International Transfers

Where the certification body assigned to your engagement is based outside India (for example, when serving clients in KSA, UAE, UK, US, AU), personal data necessary for the audit may be transferred to that jurisdiction. We use such transfers solely for the engagement and only with reputable, IAF-accredited bodies bound by their own data-protection regimes.

7. Retention

We retain personal data for the duration of the engagement and for a period of seven (7) years thereafter, in line with India's Companies Act and tax-record requirements. After this period, personal data is securely deleted or anonymised.

8. Your Rights (Data Principal Rights)

Under the DPDP Act, 2023, you have the right to:

  • Access the personal data we hold about you.
  • Correct or update inaccurate or incomplete personal data.
  • Erase personal data subject to our legal-retention obligations.
  • Nominate another individual to exercise your rights in the event of death or incapacity.
  • Withdraw consent at any time (this will not affect the lawfulness of processing before withdrawal).
  • Grievance redressal — see Section 10 below.

To exercise any of these rights, email privacy@trulycertify.com with the subject line "Data Principal Request".

9. Security

We implement reasonable technical and organisational measures to protect personal data, including:

  • TLS/HTTPS encryption in transit.
  • Access controls limiting personal-data access to the assigned engagement team.
  • Confidentiality agreements with all employees and contractors.
  • Regular review of security practices.

10. Grievance Officer

For privacy complaints or to exercise your rights under the DPDP Act:

Grievance Officer
eEasy interMESH Private Limited
Email: privacy@trulycertify.com
Address: Jaipur, Rajasthan, India

We acknowledge grievance receipts within 72 hours and aim to resolve them within 30 days.

11. Cookies & Analytics

We use essential cookies for site functionality and Google Analytics 4 (anonymised) for traffic measurement. You can opt out of GA4 tracking via the Google Analytics opt-out browser add-on. We do not run third-party advertising trackers on this website.

12. Changes to This Policy

We may update this privacy policy from time to time. Material changes will be highlighted on the site and, for active engagements, notified by email. The effective date is shown at the top of the policy.

13. Contact

eEasy interMESH Private Limited
Email: contact@trulycertify.com
Privacy: privacy@trulycertify.com
Phone / WhatsApp: +91 94148 83452
Registered office: Jaipur, Rajasthan, India