Welcome to Expanserve (“Expanserve”, “we”, “us” or “our”). We respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you visit our website https://expanserve.com/ (the “Website”) or interact with us as a client, supplier, subscriber, visitor, job applicant, or other contact.
- Important information and who we are
Purpose
This Policy explains how and why we process personal data collected via the Website and through our services, marketing, sales, events, recruitment, or other business interactions.
Controller
Expanserve (the relevant legal entity operating the Website and providing services) is the data controller responsible for your personal data. For privacy questions, contact us at:
Email: hello@expanserve.com
Postal address: Pune, India
Updates
We may update this Policy from time to time. The “Last updated” date at the top of the page indicates when this Policy was last revised. Please review it periodically.
Third-party sites
Our Website may link to third-party sites. This Policy does not apply to those sites. We encourage you to review the privacy notices of any third-party sites you visit.
- What personal data we collect
Personal data means information that identifies or can be used to identify you. We may collect:
- Identity data: name, title, date of birth (where necessary).
- Contact data: email address, postal address, phone numbers.
- Professional and business data: company name, job title, role, organization details.
- Transactional data: records of services or purchases, billing and invoicing information.
- Client and supplier data: contractual, HR or project-related information where you engage with us.
- Technical data: IP address, browser type and version, operating system, device identifiers, log files.
- Usage data: pages visited, time spent, referral source, clickstream data, analytics.
- Profile data: preferences, interests, feedback, account username and password (where applicable).
- Marketing and communications data: your preferences for receiving communications from us.
- Recordings: audio or video recordings of calls or events where consent or notice is provided.
- Sensitive data: only collected when necessary (for example, health details in limited HR contexts) and only with a lawful basis or explicit consent.
We also collect aggregated or anonymized data that does not identify you.
- How we collect personal data
We collect data:
- Directly from you: when you contact us, register, request services, subscribe to newsletters, apply for jobs, attend events, or otherwise provide information.
- Automatically: via cookies, server logs, analytics and similar technologies when you use the Website.
- From third parties: business partners, professional networks (e.g., LinkedIn), payment processors, public registers, and service providers.
- How we use your personal data (purposes and legal bases)
We process personal data for the following purposes and legal bases (as applicable under local and international law):
- To provide and manage services, contracts and orders: performance of a contract.
- To register accounts, verify identity, and manage relationships: performance of a contract and our legitimate interests.
- To process payments, invoices and returns: performance of a contract and compliance with legal obligations.
- To communicate with you about services, events, support, and administrative matters: performance of a contract, legitimate interests, or consent for marketing.
- To send marketing and promotional communications: with your consent where required; otherwise based on legitimate interest where permitted and where you have not opted out.
- To improve our Website, products and services (analytics and testing): legitimate interests.
- To detect, prevent and investigate fraud or other wrongdoing, and to protect our rights and property: legitimate interests and legal compliance.
- To comply with legal, regulatory, tax or accounting obligations: legal obligations.
Where we rely on legitimate interests, we take steps to balance our interests with your rights. Where we rely on consent (for marketing or special categories), you can withdraw consent at any time.
- Marketing and cookies
Marketing
We may send marketing communications if you have consented or where you have a prior business relationship and have not opted out. You can opt out at any time by following the unsubscribe link or by contacting hello@expanserve.com.
Cookies and tracking
We use cookies and similar technologies for site functionality, analytics and marketing. You can control cookies via your browser settings. For detailed information about cookies we use and how to opt out of tracking, see our Cookie Policy [link to Cookie Policy page].
- Disclosure of personal data
We may share personal data with:
- Service providers and contractors who support our business (hosting, payment processors, CRM, analytics, marketing platforms).
- Professional advisers, auditors and insurers.
- Law enforcement, regulators and other public authorities where required by law.
- Successors in interest where we transfer, sell, or reorganize parts of our business.
We require third parties to process personal data in accordance with applicable law and our instructions. We do not permit them to use your data for their own purposes.
- International transfers
Your data may be processed or stored in countries outside India. When we transfer data internationally we will ensure an adequate level of protection (e.g., standard contractual clauses, appropriate safeguards, or the transfer is to a jurisdiction with an adequacy decision) or obtain your consent where required. - Data security
We use appropriate technical and organisational measures to protect personal data against unauthorized access, loss, misuse, modification or disclosure. Access to personal data is limited to personnel, contractors, and service providers who need it to perform their roles. - Data retention
We retain personal data only as long as necessary for the purposes described, plus any retention periods required by law. Criteria for retention include the nature of the data, the purpose of processing, legal obligations, and any disputes or claims. If you want details on retention periods for specific categories of data, contact hello@expanserve.com. - Your rights
Depending on applicable law, you may have the right to:
- Request access to the personal data we hold about you.
- Request correction of inaccurate or incomplete data.
- Request deletion or restriction of processing.
- Object to processing (including for direct marketing).
- Request portability of your data (where processing is based on consent or contract and is automated).
- Withdraw consent where processing is based on consent.
To exercise your rights or for questions, contact hello@expanserve.com. We may ask for information to verify your identity. We will respond within the timeframes required by applicable law.
- Complaints
If you are not satisfied with our response, you may lodge a complaint with your local data protection authority or regulator. - Children
Our Website and services are not directed to children. We do not knowingly collect personal data from children. If we learn that we have collected information from a child without parental consent, we will take steps to delete it. - Employment and recruitment
If you apply for a role with us, we will collect and process recruitment data (CV, interview notes, references). This is processed to assess your suitability for employment and to comply with legal obligations. - Changes of purpose
We will only use personal data for the purposes described in this Policy, or compatible purposes. If we need to process your data for an unrelated purpose, we will notify you and explain the legal basis. - Contact us
For queries about this Privacy Policy, privacy requests, or data protection matters please contact:
Email: hello@expanserve.com
Postal address: Pune, India
Last updated: o1 July 2026
GDPR Appendix (EU/EEA and UK)
This appendix applies where we process personal data of individuals located in the European Economic Area (EEA), the United Kingdom (UK), or other jurisdictions that have adopted similar data protection rules.
Legal bases under GDPR
When we process personal data subject to the GDPR or UK GDPR, we rely on one or more of the following legal bases.
- Performance of a contract: To provide services you have requested, manage your account, and respond to enquiries.
- Legitimate interests: To improve our services and Website, maintain business records, protect our rights, and prevent fraud, provided your interests and fundamental rights do not override these interests.
- Consent: For certain types of marketing and, where required, for cookies or specific types of data (including some special categories of data).
- Legal obligations: To comply with tax, accounting, and other regulatory requirements.
Additional rights for EU/EEA and UK residents
In addition to the rights listed in our main Privacy Policy, individuals in the EU/EEA and UK may have the following rights under the GDPR/UK GDPR.
- Right to data portability: To receive certain personal data in a structured, commonly used, machine‑readable format and transmit it to another controller.
- Right to object: To object at any time to processing of personal data based on legitimate interests, including profiling, and to object to processing for direct marketing.
- Rights in relation to automated decision‑making: To not be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects, unless specific conditions are met.
To exercise these rights, please contact us at hello@expanserve.com.
EU/EEA and UK data transfers
If we transfer personal data from the EU/EEA or UK to countries outside those regions, we will do so.
- Under an adequacy decision where available; or
- Using appropriate safeguards such as Standard Contractual Clauses or other approved mechanisms; or
- Based on another lawful derogation where appropriate (for example, explicit consent or performance of a contract).
California and US Privacy Addendum (CCPA/CPRA)
This section applies to “consumers” who are residents of California, as defined under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), and may also inform our approach for other US residents where similar rules apply.
Categories of personal information
For California residents, we may collect the following categories of personal information, as defined by California law, for the purposes described in our main Privacy Policy.
- Identifiers (such as name, email address, IP address, device identifiers).
- Commercial information (such as records of services purchased or considered).
- Internet or other electronic network activity information (such as usage data, log data, analytics).
- Professional or employment‑related information (such as job title, organization, or business role).
- Inferences drawn from the above (such as preferences or interests related to our services).
We do not sell personal information for monetary consideration, and we do not knowingly sell or share the personal information of children under 16 years of age.
Rights of California residents
Subject to certain exceptions, California residents have the right to.
- Know: Request disclosure of the categories and specific pieces of personal information we have collected, the sources, the business or commercial purposes, and the categories of third parties with whom we share information.
- Delete: Request deletion of personal information we have collected, subject to certain exceptions.
- Correct: Request correction of inaccurate personal information.
- Opt‑out of “sale” or “sharing”: Direct us not to sell or share personal information for cross‑context behavioral advertising where applicable.
- Limit use of sensitive personal information: Request limitations on our use of sensitive personal information where defined by law.
- Non‑discrimination: Not be discriminated against for exercising any of these rights.
You may exercise these rights by contacting us at hello@expanserve.com and specifying that your request is made under “California privacy law”.
India‑Specific DPDP Act Notice (Digital Personal Data Protection Act, 2023)
As we are based in India and expect to handle personal data of individuals located in India, we act as a “Data Fiduciary” under India’s Digital Personal Data Protection (DPDP) Act, 2023 and its implementing Rules.fisherphillips+5
Data Fiduciary responsibilities
Under the DPDP Act, we are required to.
- Provide a clear, accessible privacy notice stating the types of personal data processed, purposes of processing, and how you can exercise your rights.
- Obtain valid consent where required, using clear and plain language and allowing you to withdraw consent as easily as you gave it.
- Implement reasonable security safeguards to prevent personal data breaches.
- Notify the Data Protection Board of India and affected individuals of qualifying personal data breaches within the timelines prescribed.
- Respect data principal rights, including access, correction, erasure, and grievance redressal.
Lawful use and consent
We process your digital personal data based on one or more of the lawful grounds under the DPDP Act.
- With your consent, where required (for example, certain marketing or optional data you provide).
- For legitimate uses permitted under the Act (such as compliance with law, provision of services you request, or safeguarding our lawful interests), subject to statutory conditions.
You may withdraw consent at any time, and we will make it as easy to withdraw consent as it was to give it. However, withdrawal of consent may affect our ability to provide some services.
Rights of data principals in India
Subject to applicable law and certain exceptions, individuals whose personal data we process as a Data Fiduciary may.
- Request access to their personal data and a summary of processing activities.
- Request correction of inaccurate or incomplete data.
- Request erasure of personal data where it is no longer necessary, consent has been withdrawn, or processing is unlawful.
- Lodge a grievance with our designated contact channel.
- Complain to the Data Protection Board of India if they are not satisfied with our response.
You can exercise these rights by contacting hello@expanserve.com.
Cross‑border transfers under Indian law
Under the DPDP Act, cross‑border transfer of personal data is generally permitted except to countries that may be restricted (blacklisted) by the Government of India through notification.
Where we transfer personal data outside India, we will:
- Respect any country‑specific restrictions notified by the Government of India.
- Use reasonable contractual and technical safeguards with service providers.
- Ensure that the purposes of processing remain consistent with this Privacy Policy and the DPDP Act.
Grievance redressal and breach notifications
If you have any concerns or grievances about how your personal data is processed, or if you want to report a suspected breach, please contact.
- Email: hello@expanserve.com
- Postal address: Pune, India
We aim to respond to grievances within a reasonable period and in any event within the timelines required by applicable law. Where a personal data breach occurs that is required to be notified, we will inform the relevant authority (such as the Data Protection Board of India) and affected individuals as required by law.
If you share your exact legal entity name (e.g., “Expanserve Consulting Private Limited”) and whether you expect EU/US clients soon, I can refine these appendices to mention your entity explicitly and adjust for your actual data flows (coaching, courses, newsletters, consulting projects).