Privacy Policy

Effective Date: September 24, 2025
Last Updated: September 24, 2025

Introduction

At the Indian Council for Politics and Research (ICPR), we are committed to protecting your privacy and safeguarding the personal data we process. As a leading political consultancy firm specializing in data-driven election strategies, voter analytics, and governance optimization, we handle sensitive information, including voter and public data, with the utmost responsibility. Our operations span India and international jurisdictions, and we adhere to the highest global standards to build trust.

This Privacy Policy explains how ICPR collects, uses, shares, and protects your personal data in compliance with:

  • ISO 27001: Global information security management standards, ensuring robust risk-based controls.
  • GDPR (EU General Data Protection Regulation): For EU data subjects, providing comprehensive rights and protections.
  • DPDP Act 2023 (India’s Digital Personal Data Protection Act): As a Data Fiduciary, we prioritize consent, purpose limitation, and data minimization.
  • Other Applicable Laws: Including the Information Technology Act 2000 (India)

We process data only for legitimate purposes, such as enhancing democratic processes through ethical AI-driven insights. While we provide exceptional data protections, our role in election management requires access to aggregated/de-identified data for service optimization—always with your consent or under lawful bases like legitimate interests (DPDP). By using our services, website (icprindia.com), or providing data, you consent to this Policy. If you do not agree, please do not use our services.

Contact our Data Protection Officer (DPO) at contact@icprindia.com for questions.

1. Data We Collect

We collect only the data necessary for our services (“Data Minimization” principle under DPDP). Categories include:

  • Personal Identifiers: Name, email, phone, address, IP address, device ID (collected via forms, cookies, or interactions).
  • Demographic/Voter Data: Age, gender, location, political affiliations, voting history, preferences (from surveys, public sources, or clients—with explicit consent for sensitive data like caste/religion under DPDP Schedule).
  • Professional Data: Job title, organization, interests (for networking/events).
  • Usage Data: Browsing behavior, site interactions (via analytics tools).
  • Sensitive Data: Health, biometric, or financial info (rarely; only with explicit consent and for specific programs, e.g., skill initiatives).

Sources: Directly from you (forms/surveys), automatically (cookies), third parties (public voter rolls, clients), or partners (e.g., event co-hosts). We do not knowingly collect data from children under 18 (COPPA/DPDP compliant).

2. How We Use Your Data

We use data transparently and for specified purposes (DPDP §5). Primary uses:

  • Service Delivery: Personalize outreach, manage campaigns, provide analytics dashboards (e.g., voter sentiment mapping).
  • Improvement & Analytics: Aggregate/de-identify data for AI model training, trend analysis, and service enhancement (legitimate interest under GDPR Art. 6(1)(f)/DPDP).
  • Communication: Send newsletters, updates, or election insights (with opt-in consent).
  • Legal/Compliance: Report to authorities (e.g., Election Commission of India), prevent fraud.
  • Research: Anonymized insights for policy reports (no re-identification).

For election management, we access data to optimize strategies (e.g., micro-targeting), but only with verifiable consent or as a legitimate use for “democratic processes” (DPDP legitimate uses). Data is retained only as needed (e.g., 2 years post-campaign) and deleted securely.

3. Sharing Your Data

We prioritize data protection and share minimally (DPDP §7 on consent):

  • Internal: With ICPR affiliates/teams for service fulfillment (ISO 27001 access controls).
  • Service Providers: Vendors (e.g., cloud hosts like AWS) under strict contracts (GDPR Art. 28/DPDP data processor obligations).
  • Clients/Partners: Aggregated voter insights for campaigns (with your consent; no raw personal data shared without explicit permission).
  • Legal: To regulators (e.g., ECI, courts) or in mergers (DPDP (16) on transfers).
  • No Sales: We never sell data.

International transfers (e.g., to EU/U.S.) use Standard Contractual Clauses (GDPR) or adequacy decisions, ensuring equivalent protections.

4. Data Security

Security is our foundation (ISO 27001 certified). We implement:

  • Technical Measures: Encryption (AES-256 for data at rest/transit), firewalls, multi-factor authentication.
  • Organizational: Regular audits, risk assessments, employee training, incident response plans (DPDP(6)).
  • Continuous Monitoring: Automated threat detection, penetration testing annually.
  • Breach Response: Notify affected users/authorities within 72 hours (GDPR Art. 33/DPDP timelines).

No system is infallible; we mitigate risks but cannot guarantee against breaches.

5. Your Rights and Choices

Under DPDP/GDPR/CCPA, you have strong rights (exercisable via contact@icprindia.com; response within 30 days):

  • Access: Request a copy of your data.
  • Correction/Erasure: Update or delete inaccurate/unneeded data (“Right to be Forgotten,” DPDP (12)).
  • Objection/Restriction: Oppose processing (e.g., for marketing; legitimate interests assessment required).
  • Portability: Receive data in structured format.
  • Withdraw Consent: Anytime, without affecting prior processing.
  • Opt-Out: From cookies (via browser) or marketing (unsubscribe links).

For voter data, you can revoke campaign-use consent. We verify requests to prevent fraud.

6. Cookies and Tracking

We use cookies for functionality, analytics (Google Analytics), and targeted ads (essential/performance/marketing).

  • Types: Session (temporary), persistent (e.g., preferences).
  • Management: Opt-out via browser settings or tools like NAI/DAA. We honor Do Not Track signals.
  • Third-Party: Partners (e.g., Facebook Pixel) may track; see their policies.

Details in our Cookie Policy.

7. Children’s Privacy

We do not target children. No data collection from under-18s without parental consent (COPPA/DPDP).

8. International Data Transfers

Data may transfer to India/U.S./EU servers. We ensure adequacy (e.g., EU Standard Clauses) and notify you of risks.

9. Changes to This Policy

We may update this Policy (e.g., for legal changes). Posted here with effective date; continued use implies acceptance. Significant changes emailed to subscribers.

10. Contact Us

  • DPO: contact@icprindia.com
  • Address: Badarpur, New Delhi - 110044, India
  • Complaints: To India’s Data Protection Board or ICO (UK)/CNIL (France).

Thank you for trusting ICPR. We process data to strengthen democracy—ethically and securely.