At Offshorewave Private Limited (“Offshorewave”, “we”, “us”, or “our”), we are committed to protecting the privacy and personal data of our clients, employees, website visitors, and all individuals we interact with during the course of business. This Privacy Policy outlines how we collect, use, store, share, and safeguard your personal data, in compliance with applicable data protection laws, including the Information Technology Act, 2000 (India), the General Data Protection Regulation (GDPR) (EU), the California Consumer Privacy Act (CCPA) (USA), and other global privacy frameworks. We aim to provide complete transparency around our data handling practices, particularly given our engagements with clients across India, the United States, and other countries.
1. Information We Collect
We collect personal information through our website, contact forms, recruitment processes, direct email/SMS communication, contracts, and onboarding activities. Information collected may include names, phone numbers, email addresses, designations, location data, and IP addresses. For example, when a U.S.-based client submits a staffing requirement, we collect their contact details and company requirements to initiate service.
2. Purpose of Data Collection and Use
We use collected data for defined business purposes such as fulfilling contracts, onboarding employees, payroll processing, legal compliance, analytics, marketing (with consent), and improving user experience. For example, if you’re a client representative, we use your email to share project reports or invoices; if you’re a candidate, your information helps complete your onboarding and compliance checks.
3. Digital Communication Parameters (SMS/Email)
We use SMS and email as essential communication tools for business operations, service updates, account management, and limited promotional activities—always governed by prior consent and legal requirements. In accordance with global communication regulations, such as the Telephone Consumer Protection Act (TCPA) in the U.S., GDPR in Europe, and TRAI regulations in India, we ensure that:
- Every promotional or transactional message includes identification of the sender, purpose, and a clear opt-out/unsubscribe mechanism.
- Communications are only sent to individuals or representatives who have given explicit or implied consent, such as through a contract, form submission, or voluntary engagement.
- We record timestamped logs of when consent was obtained and retain them as part of our compliance protocols.
- Sensitive personal information is never shared via SMS and only securely transmitted via encrypted email, where necessary.
- For example, when we send onboarding details to a contractor in California via email, we include a secure download link with expiry settings. Similarly, a follow-up SMS alert for a meeting with a European client includes an opt-out option as required by GDPR.
- All email communication campaigns (newsletters, service updates) follow CAN-SPAM Act requirements in the U.S., with accurate subject lines, a physical company address, and clear opt-out links.
Users have full control over their communication preferences and may request to stop receiving marketing emails or SMS at any time. Functional or mandatory transactional messages—such as payment confirmations or policy notices—are exempt from opt-out rules but still delivered respectfully and securely.
4. Data Storage and Security
We store all data securely using encrypted servers and cloud platforms compliant with international standards such as ISO 27001, SOC 2, and HIPAA (for relevant health-related data). Multi-factor authentication, access controls, and periodic audits ensure only authorized personnel can access sensitive information. For instance, only designated HR personnel can access payroll records of a candidate deployed to a U.S. healthcare client.
5. International Data Transfers
Personal data may be transferred to and processed in countries outside of your own, including the United States. These transfers are governed by legally recognized frameworks such as the EU Standard Contractual Clauses (SCCs), UK Addendum, and contractual safeguards in compliance with CCPA and Indian cross-border guidelines. For example, data of a European consultant hired for a U.S. project is handled under SCCs and processed using secure channels.
6. Sharing of Personal Information
We do not sell personal data. We may share data with verified third parties like background check agencies, payment processors, or IT service providers who support our operations. Each partner is bound by a strict data processing agreement ensuring data confidentiality. For instance, an India-based payroll provider handling a U.S. client’s data is contractually obligated to follow U.S. data privacy standards.
7. User Rights and Choices
You have the right to access, rectify, delete, or restrict processing of your data. Users in California may opt-out of data sale (though we do not sell data), while European users can request data portability and lodge complaints with their local data protection authority. Requests can be submitted via our website or by contacting our DPO, and we respond within statutory timelines.
8. Data Retention
We retain data only for as long as it is necessary for legal, contractual, or operational purposes. For example, project and payroll data is retained for 7 years to comply with taxation and audit laws. Once no longer needed, data is securely destroyed using industry-standard techniques.
9. Cookies and Tracking
We use cookies for functionality, analytics, and user engagement optimization. Users can manage cookie preferences through browser settings or by clicking the “Cookie Settings” on our website. For instance, cookies help us track geographic traffic trends so we can better serve regions like North America or Europe.
10. Children’s Privacy
We do not knowingly collect data from children under the age of 18. If such data is identified, it will be deleted immediately. Our services are strictly for adult professionals and corporate clients.
11. Policy Updates
We may update this Privacy Policy from time to time to reflect changes in legal, operational, or technical practices. Any significant updates will be communicated via email or notices on our website.
12. Contact Information
For any privacy-related concerns, requests, or to opt-out of communications, please contact our Data Protection Officer (DPO):
Email: privacy@theoffshorewave.com
Address: Offshorewave Private Limited, [Registered Office Address], Pune, Maharashtra, India.