Last updated: 7 December 2025 Global coverage
Brisk Business Services LLP (“Brisk”, “we”, “our”, “us”) provides Business Process Outsourcing (BPO), Employer of Record (EOR), Finance & Accounting, Payroll, and HR outsourcing services to clients globally.
For most website interactions, Brisk is the data controller. When delivering services to clients, we typically act as a data processor (or service provider/processor under applicable laws) processing personal data on our clients’ instructions.
This Policy is intended to be globally applicable and maps to major privacy regimes (e.g., EU/EEA GDPR, UK GDPR, U.S. state privacy laws including California’s CPRA, Canada’s PIPEDA, Australia’s Privacy Act, India’s DPDP Act 2023, and Singapore’s PDPA). Where local law requires different or additional terms, those terms will prevail.
This Policy explains how we collect, use, disclose, transfer, and safeguard personal data when you visit briskbusinessservices.com, contact us, apply for roles, or receive our services. Additional terms may apply in a Master Services Agreement (MSA), Statement of Work (SOW), or Data Processing Addendum (DPA) with clients.
We rely on different grounds depending on jurisdiction and context, including: contract (to provide requested services), legitimate interests (to operate, secure, and improve our business; to communicate with prospects), consent (for certain marketing/cookies where required), and legal obligations.
We operate globally, including delivery centres in India and clients in multiple regions. Where personal data is transferred across borders, we implement appropriate safeguards (e.g., EU Standard Contractual Clauses/UK IDTA where applicable) plus technical and organisational measures proportionate to risk.
We may share personal data with:
Illustrative categories of sub-processors:
| Category | Purpose |
|---|---|
| Cloud hosting & infrastructure | Website/app hosting, storage, backups, security |
| Communications | Email, video calls, ticketing, notifications |
| HR/Payroll systems | Recruitment, onboarding, payroll operations |
| Analytics | Performance, diagnostics, usage insights |
| Security | Threat detection, logging, access control |
We retain personal data only as long as necessary for the purposes described in this Policy, including to meet legal, accounting, or reporting requirements. Retention periods vary based on data type, contractual needs, and applicable law.
We use administrative, technical, and physical safeguards aligned with industry practices, including access controls, least-privilege policies, encryption in transit where applicable, and staff confidentiality commitments. No method is 100% secure; we continuously improve our controls.
Your rights depend on your location and the applicable law. We will honour requests as required by local law.
| Region / Law | Key Rights |
|---|---|
| EU/EEA (GDPR) & UK (UK GDPR) | Access, rectification, erasure, restriction, portability, objection, and withdrawal of consent. Right to lodge a complaint with a supervisory authority. |
| United States (e.g., CA CPRA; VA/CO/CT/UT state laws) | Know/access, correction, deletion, portability, and the right to opt out of “sale”/“sharing” or targeted advertising where applicable. Right to non-discrimination and to appeal certain decisions. |
| Canada (PIPEDA) | Access and correction, withdrawal of consent subject to legal/contractual limits, and information on our practices. |
| Australia (Privacy Act, APPs) | Access and correction; additional rights as set out in the Australian Privacy Principles. |
| India (DPDP Act 2023) | Access, correction, erasure, grievance redressal, and consent management via a consent manager (where applicable). |
| Singapore (PDPA) | Access and correction; withdrawal of consent subject to legal/contractual limits; data portability where in force. |
To exercise rights, contact us at hello@briskbusinessservicess.com. We may need to verify your identity and the scope of your request. If you are in California, you may also request that we not “sell” or “share” your personal information as defined under CPRA.
We use cookies/SDKs to operate the site, analyse usage, and improve services. Where required, we obtain consent (e.g., in the EU/EEA/UK). You can manage preferences via your browser or our cookie banner (if present). A detailed Cookies Policy may be provided separately.
Our services and website are not directed to children. We do not knowingly collect personal data from children. If you believe a child has provided us data, please contact us to delete it.
Our website may contain links to third-party sites/services. Their privacy practices are governed by their own policies; please review them.
Questions or requests about this Policy or your data?
We may update this Policy to reflect operational, legal, or regulatory changes. The “Last updated” date above shows the latest revision. Significant changes will be highlighted on this page.