Privacy Policy — Accelarys

Contents

Who We Are
Information We Collect and Why
Legal Basis for Processing (GDPR)
How We Use Your Information
Data Sharing & Disclosure
International Data Transfers
Your Rights — GDPR (EU/UK)
Your Rights — CCPA (California)
Data Retention
Cookies & Tracking
Data Security
Children's Privacy
Changes to This Policy
Contact & Data Requests

Plain-language summary: Accelarys is a Salesforce consulting firm. We collect information only when you contact us, engage our services, or visit our website. We do not sell your data, we do not run advertising, and we only share information with the third-party tools necessary to operate our business — all under strict agreements. This policy explains exactly what we collect, how we use it, and what rights you have.

1Who We Are

Accelarys ("we", "our", "us") is a business-to-business Salesforce consulting and technical architecture firm registered in India, with clients across India, the United States, the European Union, and the United Kingdom. Our services include Salesforce implementation, Agentforce AI automation, Data Cloud architecture, MuleSoft integration, Revenue Operations, and managed CRM support.

For the purposes of the EU General Data Protection Regulation (GDPR) and the UK GDPR, Accelarys acts as a data controller for the personal data of website visitors and prospective clients, and as a data processor for personal data handled on behalf of clients during service delivery engagements.

Data Controller Contact:
Accelarys, Kolkata, West Bengal, India
Email: privacy@accelarys.com

2Information We Collect and Why

We collect only the minimum information necessary to deliver our services and respond to enquiries. We collect information in two ways:

Information you provide directly:

Contact enquiries: When you submit our contact form, we collect your name, business email address, company name, and the details of your enquiry or project.
Client engagement: During onboarding and service delivery, we may collect business contact details, project documentation, and information about your Salesforce environment necessary to perform the contracted work.
Email correspondence: Content of emails you send to us for business purposes.

Information collected automatically when you visit our website:

Technical data: IP address (anonymised where possible), browser type and version, pages visited, and time spent on pages — collected through standard web server logs and analytics tools.
Cookies: We use only essential cookies required for website functionality. See Section 10 for details.

We do not collect sensitive personal data (such as health information, financial account numbers, or government identity numbers) through our website or for our own business purposes. Any sensitive data processed as part of a client Salesforce engagement is governed by a separate Data Processing Agreement with that client.

3Legal Basis for Processing (GDPR)

For individuals located in the European Economic Area (EEA) or United Kingdom, we rely on the following legal bases under GDPR Article 6:

Legitimate interests (Article 6(1)(f)): Responding to enquiries, maintaining client relationships, improving our website, and operating our business securely. We have assessed that these interests are not overridden by your rights and interests.
Contract performance (Article 6(1)(b)): Processing necessary to enter into or perform a contract for Salesforce consulting services you have requested.
Legal obligation (Article 6(1)(c)): Where we are required to retain or disclose information under applicable law.
Consent (Article 6(1)(a)): Where we ask for your consent for specific processing activities (e.g., marketing communications). You may withdraw consent at any time.

We do not use your personal data for automated decision-making or profiling that produces legal or similarly significant effects.

4How We Use Your Information

We use the information we collect for the following purposes:

Responding to your enquiries and providing information about our services
Scoping, delivering, and managing Salesforce consulting engagements
Sending project-related communications, status updates, and deliverables
Sending marketing communications about our services — only where you have provided consent or where permitted by applicable law as an existing business contact
Maintaining records necessary for accounting, tax, and legal compliance
Improving the performance and usability of our website
Detecting and preventing fraudulent or unauthorised use of our services
Complying with applicable legal obligations in India, the EU, the UK, and the United States

We will never use your information for purposes that are incompatible with the reason it was originally collected, without first seeking your consent.

5Data Sharing & Disclosure

We do not sell, rent, or trade your personal data. We share data only in the following limited circumstances:

Service providers acting as processors: We use a small number of trusted third-party tools to operate our business — including cloud hosting providers, email platforms, and project management software. These providers act only on our instructions under Data Processing Agreements and are prohibited from using your data for their own purposes.
Salesforce platform: As a Salesforce consulting partner, we may use Salesforce-hosted environments (such as Partner Community orgs or sandbox environments) in the delivery of client projects. These are governed by Salesforce's own data processing terms.
Legal obligations: We may disclose personal data where required by law, court order, or regulatory authority in India or in jurisdictions where our clients are located.
Business transfers: If Accelarys undergoes a merger, acquisition, or asset sale, personal data may be transferred as part of that transaction. We will notify affected individuals before any transfer and provide the opportunity to opt out where legally required.

We do not share personal data with third parties for marketing or advertising purposes.

6International Data Transfers

Accelarys is based in India and serves clients in the US, EU, and UK. When we receive personal data from individuals in the EU or UK, we ensure appropriate safeguards are in place for any transfers outside those jurisdictions, including:

Standard Contractual Clauses (SCCs) approved by the European Commission for transfers to countries without an adequacy decision
UK International Data Transfer Agreements (IDTAs) for transfers from the United Kingdom
Use of data processors who maintain their own adequacy certifications or Standard Contractual Clauses

India is not currently designated as an adequate country under EU GDPR. Where we receive EU personal data, we rely on Standard Contractual Clauses as the transfer mechanism. You may request a copy of the applicable transfer safeguards by contacting privacy@accelarys.com.

7Your Rights — GDPR (EU/UK)

If you are located in the European Economic Area or United Kingdom, you have the following rights under GDPR:

Right of Access

Request a copy of the personal data we hold about you and information about how we use it.

Right to Rectification

Request correction of inaccurate or incomplete personal data we hold about you.

Right to Erasure

Request deletion of your personal data where we no longer have a lawful basis to retain it.

Right to Restriction

Request that we restrict processing of your data in certain circumstances.

Right to Data Portability

Receive your data in a structured, machine-readable format to transfer to another provider.

Right to Object

Object to processing based on legitimate interests, including direct marketing.

Right to Withdraw Consent

Withdraw any consent you have given at any time, without affecting prior processing.

Right to Lodge a Complaint

Complain to your local supervisory authority (e.g., ICO in the UK, or your national DPA in the EU).

To exercise any of these rights, contact us at privacy@accelarys.com. We will respond within 30 days. We will not charge a fee for reasonable requests but may charge for manifestly unfounded or excessive requests.

8Your Rights — CCPA (California)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), gives you specific rights regarding your personal information:

Right to Know: You have the right to know what categories of personal information we collect, the purposes for which it is used, and whether it is shared with third parties.
Right to Delete: You have the right to request deletion of personal information we have collected, subject to certain exceptions (e.g., legal obligations, completing transactions).
Right to Correct: You have the right to request correction of inaccurate personal information we hold.
Right to Opt-Out of Sale or Sharing: Accelarys does not sell personal information and does not share personal information for cross-context behavioural advertising. You therefore do not need to submit a Do Not Sell request.
Right to Limit Use of Sensitive Personal Information: We do not use or disclose sensitive personal information beyond the purposes permitted under CCPA.
Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights — you will receive the same quality of service regardless of whether you make a request.

Categories of personal information collected (CCPA): Identifiers (name, email, IP address), commercial information (service enquiries, engagement details), and internet activity (website usage). We have not collected sensitive personal information as defined under CPRA for our own business purposes in the preceding 12 months.

To submit a California privacy request, contact us at privacy@accelarys.com with "CCPA Request" in the subject line. We will verify your identity before processing the request and respond within 45 days (extendable by a further 45 days with notice).

9Data Retention

We retain personal data only for as long as necessary for the purposes described in this policy, or as required by applicable law. Our standard retention periods are:

Contact form enquiries that did not lead to an engagement: 24 months from the date of submission
Active client engagement records: Duration of the engagement plus 7 years, for legal and accounting compliance
Marketing communications consent records: Until you withdraw consent plus 3 years
Website analytics data: 13 months on a rolling basis
Legal correspondence: 7 years from the date of the correspondence

At the end of the applicable retention period, personal data is securely deleted or anonymised. You may request earlier deletion subject to our legal obligations by contacting privacy@accelarys.com.

10Cookies & Tracking

Our website uses cookies in a limited and privacy-respecting manner. A cookie is a small text file stored on your browser when you visit a website.

Essential cookies only: We use only cookies that are strictly necessary for the website to function. These include session management cookies that allow you to navigate the website. These cookies do not track you across other websites and do not require consent.

What we do not use:

Third-party advertising or tracking cookies
Social media tracking pixels
Behavioural profiling tools
Cross-site tracking technologies

If we introduce analytics cookies in the future that are not strictly essential, we will update this policy, seek appropriate consent, and provide a cookie preference mechanism.

You can control cookie settings through your browser. Disabling essential cookies may affect website functionality.

11Data Security

We implement appropriate technical and organisational security measures to protect personal data against accidental loss, unauthorised access, disclosure, or alteration. These measures include:

Encryption of data in transit using TLS 1.2 or higher
Access controls limiting data access to personnel who need it to perform their role
Use of reputable cloud infrastructure providers with industry-standard certifications
Regular review of our data handling practices and vendor arrangements

As a Salesforce partner, we apply the same security disciplines to our own business systems that we implement for enterprise clients — including role-based access, audit trails, and data residency controls where relevant.

No transmission over the internet or electronic storage method is 100% secure. In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify the appropriate supervisory authority within 72 hours (as required by GDPR) and inform affected individuals without undue delay.

12Children's Privacy

Accelarys provides business-to-business Salesforce consulting services. Our website and services are directed entirely at businesses and professionals, and are not intended for use by individuals under the age of 18. We do not knowingly collect personal data from minors. If we become aware that we have inadvertently collected personal data from a minor, we will promptly delete it.

13Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, the services we offer, or applicable legal requirements. When we make material changes, we will update the "Last Updated" date at the top of this page and, where required by law or where it is appropriate, notify affected individuals directly.

We encourage you to review this policy periodically. Your continued use of our website or engagement with our services after any update constitutes acceptance of the revised policy.

14Contact & Data Requests

For any questions about this Privacy Policy, to exercise your data rights, or to submit a data request, please contact us:

Privacy Contact — Accelarys
Email: privacy@accelarys.com
General: hello@accelarys.com
Address: Kolkata, West Bengal, India

For EU or UK residents who are not satisfied with our response, you have the right to lodge a complaint with your national data protection supervisory authority. For the UK, this is the Information Commissioner's Office (ICO) at ico.org.uk. For EU residents, contact your relevant national Data Protection Authority.

For California residents, you may also contact the California Privacy Protection Agency (CPPA) at cppa.ca.gov.