Who we are

Brisk Business Services LLP (“Brisk”, “we”, “our”, “us”) provides Business Process Outsourcing (BPO), Employer of Record (EOR), Finance & Accounting, Payroll, and HR outsourcing services to clients globally.

For most website interactions, Brisk is the data controller. When delivering services to clients, we typically act as a data processor (or service provider/processor under applicable laws) processing personal data on our clients’ instructions.

This Policy is intended to be globally applicable and maps to major privacy regimes (e.g., EU/EEA GDPR, UK GDPR, U.S. state privacy laws including California’s CPRA, Canada’s PIPEDA, Australia’s Privacy Act, India’s DPDP Act 2023, and Singapore’s PDPA). Where local law requires different or additional terms, those terms will prevail.

Scope

This Policy explains how we collect, use, disclose, transfer, and safeguard personal data when you visit briskbusinessservices.com, contact us, apply for roles, or receive our services. Additional terms may apply in a Master Services Agreement (MSA), Statement of Work (SOW), or Data Processing Addendum (DPA) with clients.

Personal data we collect

Contact data: name, company, role, email, phone.
Business context: service interests, project requirements, billing details (business).
Communications: enquiries, proposals, support tickets, meeting notes.
Recruitment: CV/resume, work history, qualifications, references.
Website/Device data: IP address, device identifiers, pages viewed, referrers, cookies/SDK events.
Client-provided data (processor role): employee, contractor, customer, vendor or payroll data necessary to deliver contracted services.
Sensitive data: only where required and lawful (e.g., payroll identifiers). We do not knowingly collect sensitive data via the public website’s contact forms.

How we use personal data

Provide, operate, secure, and improve our services and website.
Respond to enquiries, prepare proposals, and deliver support.
Perform contracts and manage client relationships.
Recruitment and internal HR administration.
Compliance with legal/regulatory obligations and lawful requests.
Fraud prevention, auditing, and service integrity.
Marketing/communications (with consent or as permitted by law; you may opt out anytime).

Legal bases / lawful grounds

We rely on different grounds depending on jurisdiction and context, including: contract (to provide requested services), legitimate interests (to operate, secure, and improve our business; to communicate with prospects), consent (for certain marketing/cookies where required), and legal obligations.

International transfers

We operate globally, including delivery centres in India and clients in multiple regions. Where personal data is transferred across borders, we implement appropriate safeguards (e.g., EU Standard Contractual Clauses/UK IDTA where applicable) plus technical and organisational measures proportionate to risk.

Sharing & sub-processors

We may share personal data with:

Trusted service providers/sub-processors (hosting, communications, HR/payroll, analytics, security) under contracts that protect your data.
Professional advisors (legal, tax, audit) under confidentiality.
Authorities as required by law or to protect rights, safety, and security.

Illustrative categories of sub-processors:

Category	Purpose
Cloud hosting & infrastructure	Website/app hosting, storage, backups, security
Communications	Email, video calls, ticketing, notifications
HR/Payroll systems	Recruitment, onboarding, payroll operations
Analytics	Performance, diagnostics, usage insights
Security	Threat detection, logging, access control

Retention

We retain personal data only as long as necessary for the purposes described in this Policy, including to meet legal, accounting, or reporting requirements. Retention periods vary based on data type, contractual needs, and applicable law.

Security

We use administrative, technical, and physical safeguards aligned with industry practices, including access controls, least-privilege policies, encryption in transit where applicable, and staff confidentiality commitments. No method is 100% secure; we continuously improve our controls.

Your rights (by region)

Your rights depend on your location and the applicable law. We will honour requests as required by local law.

Region / Law	Key Rights
EU/EEA (GDPR) & UK (UK GDPR)	Access, rectification, erasure, restriction, portability, objection, and withdrawal of consent. Right to lodge a complaint with a supervisory authority.
United States (e.g., CA CPRA; VA/CO/CT/UT state laws)	Know/access, correction, deletion, portability, and the right to opt out of “sale”/“sharing” or targeted advertising where applicable. Right to non-discrimination and to appeal certain decisions.
Canada (PIPEDA)	Access and correction, withdrawal of consent subject to legal/contractual limits, and information on our practices.
Australia (Privacy Act, APPs)	Access and correction; additional rights as set out in the Australian Privacy Principles.
India (DPDP Act 2023)	Access, correction, erasure, grievance redressal, and consent management via a consent manager (where applicable).
Singapore (PDPA)	Access and correction; withdrawal of consent subject to legal/contractual limits; data portability where in force.

To exercise rights, contact us at hello@briskbusinessservicess.com. We may need to verify your identity and the scope of your request. If you are in California, you may also request that we not “sell” or “share” your personal information as defined under CPRA.

Cookies & similar technologies

We use cookies/SDKs to operate the site, analyse usage, and improve services. Where required, we obtain consent (e.g., in the EU/EEA/UK). You can manage preferences via your browser or our cookie banner (if present). A detailed Cookies Policy may be provided separately.

Children’s privacy

Our services and website are not directed to children. We do not knowingly collect personal data from children. If you believe a child has provided us data, please contact us to delete it.

Third-party links

Our website may contain links to third-party sites/services. Their privacy practices are governed by their own policies; please review them.

Contact & regional queries

Questions or requests about this Policy or your data?

Need a DPA or region-specific addendum (e.g., CPRA service provider terms, EU SCCs/UK IDTA)? Email hello@briskbusinessservicess.com and we’ll share our standard template or review yours.

Changes to this Policy

We may update this Policy to reflect operational, legal, or regulatory changes. The “Last updated” date above shows the latest revision. Significant changes will be highlighted on this page.

Privacy Policy