Alea Logo

PRIVACY POLICY

This Privacy Policy describes how Alea International Consulting Pvt Ltd (“Company”, “we”, “us”, or “our”) collects, uses, discloses, and protects personal data. We are committed to processing personal data lawfully, transparently, and securely in accordance with applicable data protection laws, including the General Data Protection Regulation (EU) 2016/679 (“GDPR”), the Digital Personal Data Protection Act, 2023 (“DPDP Act”) of India, and other applicable information protection and financial crime compliance regulations.

Scope of This Privacy Policy

This Privacy Policy applies to:

  • Visitors to our websites and digital platforms
  • Corporate customers, business partners, and authorized users of our services
  • Individuals whose personal data is processed as part of compliance research, sanctions screening, AML, KYC, adverse media, or risk intelligence activities
  • Representatives of regulated entities interacting with us in a professional capacity

Information We Collect

Automatically Collected Information

We may automatically collect technical and usage information, including IP address, browser type, device identifiers, operating system, access logs, timestamps, referring URLs, and interaction data through cookies, server logs, and analytics tools.

Business and Research Data

In the course of providing compliance and risk intelligence services, we may process:

  • Identifying information (name, aliases, date of birth, nationality)
  • Professional information (employment, directorships, affiliations)
  • Publicly available regulatory, sanctions, enforcement, and watchlist data
  • Media reports and publicly accessible sources
  • Risk indicators related to AML, CFT, sanctions, and PEP status

Such data is processed strictly for lawful compliance, risk assessment, and due diligence purposes.

Legal Bases for Processing (GDPR)

Where GDPR applies, we process personal data based on one or more of the following legal bases:

  • Compliance with legal and regulatory obligations
  • Legitimate interests relating to financial crime prevention, regulatory compliance, and risk management
  • Performance of a contract with our corporate customers
  • Consent, where expressly required by law

How We Use Information

Personal data is processed to:

  • Provide AML, KYC, sanctions, and PEP screening services
  • Support regulatory compliance obligations of our customers
  • Conduct risk assessments and adverse media research
  • Maintain service integrity, auditability, and security
  • Comply with legal, regulatory, and supervisory requirements

Cookies and Tracking

We use cookies and similar technologies for essential website functionality, security monitoring, and performance analytics. Users may manage cookie preferences through browser settings where applicable.

Communications Monitoring and Analysis

Business communications may be recorded, monitored, or analyzed for security, compliance, audit, training, and quality assurance purposes. We do not use communications data for consumer profiling, advertising, or resale.

Sharing & Disclosure of Information

We may disclose personal data:

  • To corporate customers strictly in accordance with contractual terms
  • To regulators, law enforcement, or competent authorities where legally required
  • To authorized processors and service providers under data protection agreements
  • In connection with audits, certifications, or legal proceedings

We do not sell personal data or permit its use for marketing purposes.

Data Retention

Personal data is retained only for as long as necessary to meet contractual, legal, regulatory, and audit requirements. Retention periods are determined in accordance with AML, KYC, and financial crime compliance obligations.

Data Security

We implement robust technical and organizational security measures, including access controls, encryption, segregation of duties, monitoring, and periodic security assessments, to protect personal data from unauthorized access, loss, or misuse.

Cross-Border Data Transfers

Where personal data is transferred outside India or the European Economic Area, we ensure appropriate safeguards such as standard contractual clauses, adequacy decisions, or equivalent lawful transfer mechanisms.

Children’s Privacy

Our services are intended exclusively for business and professional use. We do not knowingly collect or process personal data relating to children.

COMPLIANCE WITH INDIA’S DIGITAL PERSONAL DATA PROTECTION ACT, 2023

We act as a Data Fiduciary under the DPDP Act and process digital personal data in accordance with lawful purpose limitation, data minimization, storage limitation, security safeguards, and grievance redressal requirements.

GDPR Compliance

Where applicable, we adhere to GDPR principles of lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality, and accountability.

Data Subject / Data Principal Rights

Subject to applicable law, individuals may have rights to:

  • Access and confirmation of processing
  • Correction or erasure of personal data
  • Withdrawal of consent, where applicable
  • Restriction or objection to processing
  • Data portability
  • Lodge complaints with supervisory authorities or India’s Data Protection Board

Certain rights may be limited where processing is required for legal compliance or public interest purposes relating to financial crime prevention.

To exercise your rights, contact info@alea.asia.

Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect legal, regulatory, or operational changes. Updates will be effective upon publication.

Contact Information and Grievance Redressal

For privacy-related inquiries, data subject requests, or grievances, please contact:

Data Protection Officer, Alea International Consulting Pvt Ltd.
Email: info@alea.asia
Website: www.alea.asia