How quickly does IMFS report a data breach under CERT-In Directions 2022?

Under CERT-In Directions 2022, IMFS is required to report any qualifying cyber security incident to the Indian Computer Emergency Response Team (CERT-In) within 6 hours of becoming aware of it. IMFS also notifies affected individuals promptly in compliance with DPDPA 2023.

What personal data does IMFS collect from students?

IMFS collects name, email address, phone number, city, course interest (e.g. MS, MBA, Bachelor's), and preferred study destination when you submit a form, call us, or contact us via WhatsApp. We also collect website usage data via Google Analytics (anonymised IP).

Does IMFS sell my personal data to third parties?

No. IMFS never sells, rents, or trades your personal data to any third party. Your data is used solely to provide study-abroad counselling services and relevant communications.

How can I request deletion of my data from IMFS?

Email your deletion request to [email protected] with subject line 'Data Deletion Request — [Your Name]'. IMFS will action your request within 30 days in accordance with India's Digital Personal Data Protection Act 2023.

Why does IMFS use Meta Lead Ads and what data is shared with Meta?

IMFS uses Meta (Facebook/Instagram) Lead Ads to reach students interested in studying abroad. When you submit a Meta Lead Ad form, Meta shares your form responses (name, email, phone) with IMFS. Meta's own privacy policy governs how Meta processes this data on their platform.

Does IMFS use cookies on its website?

Yes. IMFS uses cookies for Google Analytics (website performance tracking with anonymised IP), YouTube video embeds, and WordPress session management. You can disable cookies in your browser settings, though some website features may not function correctly.

Giving Wings to Your Dreams

India's Trusted Study Abroad Pioneer Since 1997

60,000+

Students Admitted

99.8%

Visa Success

8

Full GRE Scores

4.7

Rating on Google

15 million USD

Scholarship Awarded

Home › Privacy Policy

Legal & Privacy

Privacy Policy

How IMFS collects, uses, and protects your personal data — in plain English. Compliant with India’s Digital Personal Data Protection Act 2023 (DPDPA), IT Act 2000, SPDI Rules 2011, CERT-In Directions 2022, IT Intermediary Guidelines 2021, Bharatiya Nyaya Sanhita 2023, and applicable international standards including GDPR.

27+ Years Trusted

67,000+ Students Guided

13 Branches Across India

4.7 ★ Google Rating

Effective Date: 24 May 2026 | Last Updated: 24 May 2026

This Privacy Policy applies to all visitors and users of www.imfs.co.in and all IMFS lead generation forms across Meta (Facebook & Instagram), Google, and WhatsApp. It covers every IMFS branch and service.

Governing laws: Digital Personal Data Protection Act 2023 (DPDPA) · Information Technology Act 2000 & Amendment Act 2008 · IT (SPDI) Rules 2011 · IT Intermediary Guidelines Rules 2021 · CERT-In Directions 2022 · Bharatiya Nyaya Sanhita 2023 · National Cyber Security Policy 2013 · GDPR (EU/EEA visitors)

📋 Table of Contents

Who We Are
What Personal Data Does IMFS Collect?
How Do We Collect Your Data?
Why Do We Use Your Data?
Who Do We Share Your Data With?
Meta (Facebook & Instagram) Lead Ads — Special Notice
Cookies and Tracking Technologies
How Long Do We Keep Your Data?
What Are Your Rights Under India’s DPDPA 2023?
Indian Cyber Laws Governing This Policy
Sensitive Personal Data — IT (SPDI) Rules 2011
Grievance Officer — IT Intermediary Guidelines 2021
Cyber Incident Reporting — CERT-In Directions 2022
Children’s Privacy
International Transfers of Data
How Do We Protect Your Data?
Changes to This Privacy Policy
How to Contact Us or Exercise Your Rights
Frequently Asked Questions

1. Who We Are

IMFS (Indian Management & Foreign Studies) is India’s most trusted study-abroad consultancy, operating since 1997 with 13 branches across Mumbai, Pune, Hyderabad, Manipal, Warangal, and Nellore. We are the data controller for all personal data collected through our website and advertising.

Full legal name: Indian Management & Foreign Studies (IMFS)
Registered office: Mumbai, Maharashtra, India
Website: www.imfs.co.in
Phone: +91 22 6921 0000
Privacy contact email: [email protected]

When this policy refers to “IMFS”, “we”, “us”, or “our”, it means Indian Management & Foreign Studies and all its branch locations.

2. What Personal Data Does IMFS Collect?

We collect only the information needed to provide study-abroad counselling services: your name, email, phone number, city, course type, and preferred destination. We do not collect sensitive personal data such as financial account details, passport numbers, or biometric data through our website.

Information You Provide Directly

Full name
Email address
Mobile phone number
City / location
Course interest (e.g. MS, MBA, Bachelor’s, PhD, MBBS)
Preferred study destination (e.g. USA, Germany, Canada, UK, Australia, Ireland, New Zealand)
Test scores (GRE, GMAT, SAT, IELTS, TOEFL) — only if you voluntarily share these with a counsellor
Messages or queries submitted via contact forms or WhatsApp

Information Collected Automatically

IP address (anonymised via Google Analytics)
Browser type and version
Pages visited and time spent on each page
Referring website (how you found imfs.co.in)
Device type (desktop, mobile, tablet)
Geographic region (city/state level, from anonymised IP)

✅ We do not collect Sensitive Personal Data (SPDI) as defined under Rule 3 of the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011. This means IMFS does not collect passwords, financial account information, physical/physiological/mental health data, sexual orientation, medical records, or biometric data through our website or lead forms.

3. How Do We Collect Your Data?

IMFS collects your data through website contact forms, Meta (Facebook/Instagram) lead ad forms, WhatsApp messages, phone calls to our branches, walk-in branch visits, and automated analytics tools embedded in our website.

Collection Method	Data Collected	Where This Happens
Website contact / enquiry forms	Name, email, phone, city, course interest	imfs.co.in contact pages and pop-ups
Meta Lead Ad forms	Name, email, phone (pre-filled by Meta from your Facebook/Instagram profile)	Facebook and Instagram ads placed by IMFS
WhatsApp Business	Your phone number; contents of your messages	WhatsApp chat initiated by you
Phone calls to branches	Name, phone, query details (recorded in our CRM)	Calls to any IMFS branch number
Walk-in branch visits	Name, contact details, academic background	Any IMFS branch location
Google Analytics	Anonymised website usage data, device type, region	Embedded on all pages of imfs.co.in
YouTube video embeds	Viewing data (YouTube’s own cookies apply)	Pages on imfs.co.in with embedded YouTube videos

📌 Table current as of May 2026. IMFS may add new data collection channels and will update this policy accordingly.

4. Why Do We Use Your Data?

Your data is used to contact you about your study-abroad enquiry, provide counselling services, send relevant information about courses and destinations, and improve our website. We do not use your data for automated decision-making that produces legal effects.

Purpose	Legal Basis (DPDPA 2023)
Responding to your counselling enquiry	Consent (you submitted an enquiry form)
Providing study-abroad counselling services	Contract performance / Legitimate interest
Sending information about courses, scholarships, visa updates	Consent (you opted in via form submission)
Sending WhatsApp or SMS communications	Consent (you initiated WhatsApp contact or opted in)
Retargeting via Meta or Google ads	Consent (via cookie consent / Meta pixel)
Website analytics and improvement	Legitimate interest (anonymised data; low privacy impact)
Legal and regulatory compliance	Legal obligation

📌 Legal bases per India’s Digital Personal Data Protection Act 2023 (DPDPA).

⚠️ We will never use your data to: sell it to third parties, share it with universities without your knowledge, or make automated decisions that affect your application outcomes.

6. Meta (Facebook & Instagram) Lead Ads — Special Notice

When you submit a Meta Lead Ad form placed by IMFS, Meta pre-fills your name, email, and phone number from your Facebook or Instagram profile and shares it with IMFS. This notice explains exactly what happens to that data and what Meta’s Lead Ad policy requires of us.

IMFS runs lead generation advertisements on Facebook and Instagram. These ads include a form that Meta pre-fills with your profile information (name, email, phone number) to make it easier to enquire.

What happens when you submit a Meta Lead Ad form?

Meta collects your information on their platform, governed by Meta’s Data Policy.
Meta shares your submitted information with IMFS as the advertiser.
IMFS stores your information in our CRM and an IMFS counsellor contacts you — typically within 24–48 hours.
You may opt out of further communications at any time by replying “STOP” to any SMS or WhatsApp, or by emailing [email protected].

What data do Meta Lead Ads collect?

Full name
Email address
Phone number
Any additional questions in the form (e.g. preferred study destination, course type)

Meta’s Lead Ad Policy requirement: We are required to provide a link to this Privacy Policy in every Meta Lead Ad we run. If you arrived here from a Meta ad, this is that required privacy notice. By submitting a Meta Lead Ad form, you consent to IMFS contacting you using the information provided.

You can manage your ad preferences and data on Meta’s platform at: facebook.com/ads/preferences.

7. What Cookies Does IMFS Use?

IMFS uses essential cookies for website functionality, analytics cookies via Google Analytics (with anonymised IP), and third-party cookies from YouTube embeds. We do not use intrusive tracking cookies. You can disable cookies in your browser settings at any time.

Cookie Type	Purpose	Provider	Can You Opt Out?
Essential / Session	Keep you logged in; form submissions	WordPress	No — required for basic site function
Analytics	Understand how visitors use the site (anonymised)	Google Analytics	Yes — via browser settings or Google Analytics Opt-Out
Video / Embedded media	Play YouTube videos on site pages	YouTube (Google)	Yes — disable in browser or via YouTube settings
Advertising / Pixel	Meta Pixel — show relevant IMFS ads on Facebook/Instagram	Meta	Yes — via Meta Ad Preferences

📌 Cookie list current as of May 2026. IMFS will update this list if new cookies are added.

8. How Long Does IMFS Keep Your Data?

IMFS retains your data for as long as is necessary to deliver counselling services and comply with our legal obligations. Enquiry data from students who do not enrol is typically retained for 3 years. You may request deletion at any time.

Data Type	Retention Period	Reason
Enquiry / lead form data (non-enrolled)	3 years from last contact	Follow-up counselling; student may re-enquire
Active student counselling records	Duration of counselling + 5 years	Service delivery; reference for future applications
WhatsApp / email communications	3 years	Record of counselling advice given
Website analytics data	26 months (Google Analytics default)	Website improvement; traffic analysis
Financial / fee records (if applicable)	7 years	Legal and tax compliance under Indian law

📌 Retention periods set in accordance with India’s DPDPA 2023 and applicable financial regulations.

After the retention period expires, your data is securely deleted or anonymised so it can no longer identify you.

9. What Are Your Rights Under India’s DPDPA 2023?

India’s Digital Personal Data Protection Act 2023 gives you clear rights over your personal data, including the right to access it, correct it, and request its deletion. IMFS will respond to all valid requests within 30 days.

Under the Digital Personal Data Protection Act 2023 (DPDPA) — India’s primary data protection law — you have the following rights as a Data Principal (the person whose data we process):

Your Right	What It Means	How to Exercise It
Right to Access	Know what personal data IMFS holds about you	Email [email protected]
Right to Correction	Have inaccurate data corrected or updated	Email or WhatsApp your counsellor
Right to Erasure	Request deletion of your personal data	Email [email protected] with subject: “Data Deletion Request”
Right to Withdraw Consent	Withdraw your consent to process your data at any time	Reply “STOP” to any SMS/WhatsApp, or email us
Right to Grievance Redressal	Raise a complaint about how IMFS handles your data	Email [email protected]; we respond within 30 days
Right to Nominate	Nominate a person to exercise your rights if you are incapacitated	Contact us in writing

📌 Rights per India’s Digital Personal Data Protection Act 2023. Source: meity.gov.in

EU / EEA visitors: If you are based in the European Union or European Economic Area, the GDPR also applies to your data when you interact with IMFS. You have additional rights under GDPR including the right to data portability and the right to lodge a complaint with your national data protection authority. Contact [email protected] to exercise any GDPR right.

We will respond to all valid data rights requests within 30 calendar days. We may need to verify your identity before processing a request.

10. What Indian Cyber Laws Govern This Privacy Policy?

IMFS’s data practices are governed by multiple layers of Indian law — not just DPDPA 2023. The full legal framework includes the IT Act 2000, SPDI Rules 2011, IT Intermediary Guidelines 2021, CERT-In Directions 2022, and the Bharatiya Nyaya Sanhita 2023. This section explains each law and what it means for you as an IMFS user.

Law / Rule	What It Covers for IMFS	Key Obligation	Official Source
Digital Personal Data Protection Act 2023 (DPDPA)	Primary personal data protection law; governs all data IMFS collects from Indian residents	Consent, data principal rights, breach notification, children’s data	meity.gov.in
Information Technology Act 2000 (IT Act)	India’s primary cyber law; governs electronic records, computer offences, data security liability	S.43A: Compensation for failure to protect data; S.72A: Punishment for disclosure of information in breach of lawful contract; S.66: Computer-related offences	meity.gov.in
IT (Amendment) Act 2008	Strengthened cyber crime definitions; introduced S.66A–66F; expanded S.43A liability for body corporates	IMFS as a “body corporate” has civil liability for data breaches caused by negligence	meity.gov.in
IT (SPDI) Rules 2011	Defines Sensitive Personal Data; mandates written privacy policy; sets consent, disclosure, and transfer rules for any body corporate collecting SPDI	Publish a privacy policy; obtain consent before SPDI collection; do not transfer SPDI without consent or legal necessity	meity.gov.in
IT (Intermediary Guidelines & Digital Media Ethics Code) Rules 2021	Applies to intermediaries (websites with user interaction); mandates Grievance Officer, privacy policy, and complaint resolution timelines	Appoint a Grievance Officer; acknowledge complaints within 24 hours; resolve within 15 days; publish privacy policy	meity.gov.in
CERT-In Directions 2022	Mandatory cyber incident reporting to India’s Computer Emergency Response Team within 6 hours of discovery	Report qualifying incidents to CERT-In within 6 hours; maintain logs for 180 days; synchronise ICT system clocks to NTP server of NIC/NPCI/STQC	cert-in.org.in
Bharatiya Nyaya Sanhita 2023 (BNS)	Replaced the Indian Penal Code from 1 July 2024; criminalises data theft, identity fraud, cheating using personal data collected online	Criminal liability for misuse of data collected by IMFS or its staff; S.318 (cheating), S.319 (cheating by personation), S.316 (criminal breach of trust)	legislative.gov.in
National Cyber Security Policy 2013	Guiding framework for organisational cyber security practices in India	IMFS follows NCSP 2013 best practices: access controls, data encryption, regular security audits, staff training	meity.gov.in

📌 All laws current as of May 2026. Source: meity.gov.in, cert-in.org.in, legislative.gov.in.

11. What Is Sensitive Personal Data and Does IMFS Collect It?

Under Rule 3 of the IT (SPDI) Rules 2011, Sensitive Personal Data includes passwords, financial information, health data, sexual orientation, biometric data, and medical records. IMFS does not collect any of these categories through its website, lead forms, or WhatsApp. The data IMFS collects — name, email, phone, city, course interest — is ordinary personal data, not SPDI.

The IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011 — commonly called the SPDI Rules — were made under Section 43A of the IT Act 2000. They place specific obligations on any “body corporate” (which includes IMFS) that collects, stores, or deals with personal data.

What qualifies as Sensitive Personal Data under the SPDI Rules 2011?

SPDI Category (Rule 3)	Does IMFS Collect This?
Passwords	❌ No
Financial information (bank account, card details, credit score)	❌ No
Physical, physiological, and mental health condition	❌ No
Sexual orientation	❌ No
Medical records and history	❌ No
Biometric information	❌ No
Any detail relating to the above as provided to a body corporate	❌ No

📌 Source: Rule 3, IT (SPDI) Rules 2011 — meity.gov.in. IMFS does not collect SPDI as defined in this Rule.

What the SPDI Rules require IMFS to do

Even though IMFS does not collect SPDI, the SPDI Rules 2011 impose the following obligations on IMFS as a body corporate handling any personal data:

Publish a privacy policy — this document fulfils that requirement
Collect data only for a lawful purpose — IMFS collects data solely to provide study-abroad counselling
Provide notice at collection — IMFS forms state the purpose of data collection
Not retain data beyond the stated purpose — see Section 8 (Retention) of this policy
Allow withdrawal of consent — you may opt out at any time (see Section 9)
Not publish personal data without consent — IMFS never publishes student data publicly
Implement reasonable security practices — see Section 16 (Security) of this policy

✅ IS-5/ISO 27001 alignment: The SPDI Rules 2011 require body corporates to follow IS/ISO/IEC 27001 or an equivalent internationally accepted information security standard. IMFS follows the security practices aligned with this framework for protecting student and enquiry data.

12. Who Is IMFS’s Grievance Officer Under IT Intermediary Guidelines 2021?

The IT (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021 require IMFS to appoint a named Grievance Officer who can be contacted by any user with a complaint about how their data is handled. IMFS’s designated Grievance Officer is Inderjit Singh Matta, CEO. All grievances are acknowledged within 24 hours and resolved within 15 days.

Under Rule 3(2) of the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules 2021, every intermediary — including websites that accept user-generated enquiries or form submissions — must publish the name and contact details of a Grievance Officer and provide a mechanism for users to register complaints.

🏛️ Designated Grievance Officer — IMFS

Name: Inderjit Singh Matta

Designation: Chief Executive Officer (CEO) — IMFS

Organisation: Indian Management & Foreign Studies (IMFS)

Email: [email protected]

Phone: +91 22 6921 0000

Address: IMFS Head Office, Mumbai, Maharashtra, India

How to file a grievance: Email the Grievance Officer at [email protected] with the subject line “Grievance — [Your Name] — [Brief Description]”. Include your contact details and a clear description of your complaint.

Response timelines (as mandated by IT Intermediary Guidelines Rules 2021):

Acknowledgement: within 24 hours of receiving the complaint
Resolution: within 15 days of receiving the complaint

What you can raise with the Grievance Officer:Complaints about how IMFS collects, stores, uses, or shares your personal data
Requests to access, correct, or delete your data that have not been resolved
Any concern about privacy, data misuse, or unauthorised disclosure
Complaints about unsolicited communications from IMFS

13. How Does IMFS Handle Cyber Security Incidents Under CERT-In Directions 2022?

Under the CERT-In (Indian Computer Emergency Response Team) Directions issued on 28 April 2022, IMFS is legally required to report qualifying cyber security incidents to CERT-In within 6 hours of becoming aware of them. This is significantly faster than the 72-hour GDPR requirement. IMFS also maintains ICT system logs and notifies affected individuals promptly.

The CERT-In Directions 2022 (issued under Section 70B(6) of the IT Act 2000, effective 27 June 2022) impose mandatory cyber incident reporting obligations on all organisations operating in India, including IMFS.

What qualifies as a reportable incident under CERT-In Directions 2022?

Targeted scanning or probing of critical networks or systems
Compromise of critical systems or information
Unauthorised access to IT systems or data
Defacement of IMFS website
Malicious code attacks (ransomware, malware, spyware)
Identity theft, spoofing, or phishing attacks targeting IMFS or its users
Denial of Service or Distributed Denial of Service attacks
Data breaches — including any unauthorised access to student personal data

IMFS’s obligations under CERT-In Directions 2022

Obligation	Requirement
Incident reporting timeline	Report to CERT-In within 6 hours of becoming aware of a qualifying incident (not 72 hours — India’s law is stricter)
Log retention	Maintain all ICT system logs for a minimum of 180 days within Indian jurisdiction
Contact details	Maintain accurate contact details with CERT-In for incident reporting
Clock synchronisation	Synchronise ICT system clocks with NTP servers of NIC/NPCI/STQC
User notification	Notify affected individuals (students, enquirers) promptly in the event of a data breach affecting their personal data

📌 Source: CERT-In Directions 2022, issued under S.70B(6) IT Act 2000 — cert-in.org.in. Effective 27 June 2022.

⚠️ What happens if IMFS suffers a data breach affecting your data? IMFS will: (1) report the incident to CERT-In within 6 hours; (2) notify you by email or phone as soon as practicable; (3) take immediate steps to contain the breach; (4) cooperate fully with CERT-In and any investigation by the Data Protection Board of India under DPDPA 2023.

How does this compare to GDPR breach reporting?

GDPR requires breach reporting to EU supervisory authorities within 72 hours. India’s CERT-In Directions 2022 require reporting within 6 hours — twelve times faster. As IMFS operates primarily in India, the 6-hour rule applies to all our systems.

IMFS services are aimed at students aged 17 and above. We do not knowingly collect personal data from children under the age of 13. If you believe a child under 13 has submitted data to us, please contact us immediately for deletion.

Our study-abroad counselling services are designed for students who are typically 17 years and older. Our website and advertising are not directed at children under the age of 13.

Under India’s DPDPA 2023, processing personal data of a child (under 18) requires verifiable parental or guardian consent. If a student is under 18, IMFS counsellors will obtain consent from a parent or guardian before processing the student’s data.

If you believe a child under the age of 13 has provided personal data to IMFS without appropriate parental consent, please contact us at [email protected] and we will delete the data promptly.

11. Are International Data Transfers Involved?

IMFS is based in India and primarily processes data within India. However, because we use international platforms — Google Analytics, Meta, YouTube, and WhatsApp — some data is processed on servers outside India, including in the USA and EU. These transfers are covered by the platforms’ own compliance frameworks.

When you use services on our website that are provided by international platforms (listed below), your data may be transferred to and processed on servers outside India:

Google Analytics & Google Ads — servers in USA / EU (Google LLC, subject to EU-US Data Privacy Framework)
Meta Lead Ads & Pixel — servers in USA / Ireland (Meta Platforms, Inc.)
YouTube — servers in USA / EU (Google LLC)
WhatsApp Business — servers in USA / EU (Meta Platforms, Inc.)

IMFS itself processes and stores student counselling data on servers located in India. We rely on each third-party platform’s own compliance mechanisms (Standard Contractual Clauses, adequacy decisions) for cross-border transfers.

16. How Does IMFS Protect Your Data?

IMFS implements layered security measures aligned with IS/ISO/IEC 27001 and the National Cyber Security Policy 2013, including HTTPS encryption, access-controlled CRM, staff training, and mandatory CERT-In incident reporting within 6 hours. No system is 100% secure, but we take our obligations seriously and act fast when incidents occur.

We implement the following safeguards:

HTTPS encryption across the entire imfs.co.in website (TLS 1.2+)
Access-controlled CRM — only authorised IMFS staff can access student records, and only as required for their role
Password policies and staff training — all staff with data access follow secure credential policies
Regular security reviews of website and data systems, aligned with IS/ISO/IEC 27001
ICT system log retention — minimum 180 days as mandated by CERT-In Directions 2022
Limited data sharing — we do not transfer data unnecessarily
NTP clock synchronisation — ICT systems synchronised with NIC/NPCI/STQC servers per CERT-In Directions 2022

⚠️ Data breach notification: In the event of a qualifying cyber security incident or data breach, IMFS will: (1) report to CERT-In within 6 hours as required by CERT-In Directions 2022; (2) notify the Data Protection Board of India as required by DPDPA 2023; (3) inform affected individuals promptly. See Section 13 for full details on our CERT-In obligations.

17. Will This Privacy Policy Change?

IMFS may update this Privacy Policy from time to time as our services evolve or regulations change. When we make material changes, we will update the “Last Updated” date at the top and, where appropriate, notify active students by email.

We will post the updated Privacy Policy on this page with a revised “Last Updated” date. We encourage you to check this page periodically. Your continued use of our website or services after a policy update constitutes acceptance of the revised terms.

If we make changes that significantly affect your rights, we will notify current enrolled students by email to the address we hold for you.

18. How to Contact IMFS or Exercise Your Rights

For any privacy query, data access request, correction, or deletion request, email us at [email protected] with the subject line matching your request type. For grievances under the IT Act / Intermediary Guidelines, contact our Grievance Officer (Section 12). We respond within 30 calendar days for data rights and 15 days for IT Act grievances.

📬 Privacy Contact Details

General privacy email: [email protected]

Grievance Officer (IT Act): Inderjit Singh Matta, CEO — [email protected]

Subject line for requests:

Data access: “Data Access Request — [Your Name]”
Data deletion: “Data Deletion Request — [Your Name]”
Data correction: “Data Correction Request — [Your Name]”
IT Act grievance: “Grievance — [Your Name] — [Brief Description]”
Opt-out: “Opt-Out Request — [Your Name] — [Your Phone Number]”

Phone: +91 22 6921 0000

Response time: Data rights requests — within 30 calendar days. IT Act grievances — acknowledged within 24 hours, resolved within 15 days.

Postal address: IMFS Head Office, Mumbai, Maharashtra, India.
View all 13 branch addresses →

Raising a Complaint with the Regulator

If you are not satisfied with IMFS’s response to a privacy or data complaint, you have the right to:

Lodge a complaint with India’s Data Protection Board of India under DPDPA 2023 (meity.gov.in)
File a complaint with CERT-In regarding a cyber security incident at cert-in.org.in
Approach the Adjudicating Officer under Section 46 of the IT Act 2000 for compensation claims
For EU residents: contact your national Data Protection Authority under GDPR

Frequently Asked Questions — IMFS Privacy Policy

Does IMFS sell my personal data to universities or third parties? ＋

No. IMFS never sells, rents, or trades your personal data to any third party — including universities. If you ask us to help with a university application, we share only the necessary information for that specific application, with your explicit consent, and we always tell you before doing so.

I submitted a form on a Meta (Facebook/Instagram) ad. Who has my data now? ＋

Both Meta and IMFS hold your data after a Lead Ad submission. Meta collected it on their platform (governed by Meta’s Data Policy). Meta shared it with IMFS as the advertiser. IMFS holds it in our CRM and will use it to contact you about your study-abroad enquiry. You can request deletion from IMFS at any time by emailing [email protected].

How do I stop receiving WhatsApp or SMS messages from IMFS? ＋

Reply “STOP” to any IMFS WhatsApp or SMS message and we will remove you from our messaging list within 5 business days. You can also email [email protected] with the subject “Opt-Out Request” and include your phone number.

How do I request deletion of all my data from IMFS? ＋

Email [email protected] with the subject line “Data Deletion Request — [Your Name]” and include your phone number or email used when you enquired. IMFS will action your request within 30 calendar days. Note that we may retain certain financial records for 7 years as required by Indian law, even after a deletion request.

Does IMFS use Google Analytics? Is my browsing tracked? ＋

Yes. IMFS uses Google Analytics to understand how visitors use imfs.co.in — which pages are most useful, how students find us, and which content helps most. Google Analytics anonymises IP addresses, so we cannot identify individual visitors. You can opt out of Google Analytics tracking at any time using the Google Analytics Opt-Out Browser Add-on at tools.google.com/dlpage/gaoptout.

My child (under 18) enquired through IMFS. What consent do you need? ＋

Under India’s DPDPA 2023, processing personal data of anyone under 18 requires verifiable parental or guardian consent. If a student is under 18, our counsellors will always seek and record parental consent before processing that student’s data or providing counselling services.

I am in the EU. Does GDPR apply to how IMFS handles my data? ＋

Yes. If you are based in the EU or EEA and interact with IMFS, GDPR applies alongside India’s DPDPA 2023. You have additional GDPR rights including the right to data portability and the right to lodge a complaint with your national Data Protection Authority. Contact [email protected] to exercise any GDPR right and we will respond within 30 days.

How long does IMFS keep my enquiry data if I never enrolled? ＋

If you enquired but did not enrol with IMFS, we retain your data for 3 years from last contact. After that, it is securely deleted or anonymised. You can request earlier deletion at any time by emailing [email protected].

What law governs IMFS’s data protection practices? ＋

IMFS’s primary governing law for data protection is India’s Digital Personal Data Protection Act 2023 (DPDPA), enacted by the Ministry of Electronics and Information Technology (MeitY). For EU/EEA visitors, GDPR also applies. For any disputes, Indian courts in Mumbai have jurisdiction.

Does IMFS comply with India’s IT Act 2000 and SPDI Rules 2011? ＋

Yes. IMFS complies with the Information Technology Act 2000, the IT (Amendment) Act 2008, and the IT (SPDI) Rules 2011 made under Section 43A. IMFS does not collect Sensitive Personal Data as defined in Rule 3 of the SPDI Rules — including passwords, financial information, health data, biometric data, or sexual orientation. IMFS publishes this privacy policy in compliance with the SPDI Rules’ mandatory disclosure requirement.

Who is IMFS’s Grievance Officer and how quickly will my complaint be resolved? ＋

IMFS’s Grievance Officer under the IT (Intermediary Guidelines) Rules 2021 is Inderjit Singh Matta, CEO — reachable at [email protected] or +91 22 6921 0000. All grievances are acknowledged within 24 hours and resolved within 15 days, as required by law.

If IMFS suffers a data breach, how quickly will I be notified? ＋

Under CERT-In Directions 2022, IMFS must report any qualifying cyber security incident to CERT-In within 6 hours of becoming aware of it — much faster than the 72-hour GDPR rule. IMFS will also notify affected individuals (including you) as promptly as possible, and will report to the Data Protection Board of India as required by DPDPA 2023.

What criminal laws apply if someone at IMFS misuses my data? ＋

Any misuse of your personal data by IMFS staff would be subject to criminal liability under India’s Bharatiya Nyaya Sanhita 2023 (which replaced the IPC from 1 July 2024) — including Section 316 (criminal breach of trust), Section 318 (cheating), and Section 319 (cheating by personation). Civil liability under Section 43A and Section 72A of the IT Act 2000 would also apply. IMFS takes these obligations seriously and conducts staff training on data handling.

Where can I file a complaint against IMFS if my data rights are violated? ＋

You have multiple options: (1) Contact IMFS’s Grievance Officer at [email protected] — resolved within 15 days; (2) File a complaint with the Data Protection Board of India under DPDPA 2023 at meity.gov.in; (3) Report a cyber security incident to CERT-In at cert-in.org.in; (4) Approach the Adjudicating Officer under Section 46 of the IT Act 2000 for compensation; (5) If you are in the EU, contact your national Data Protection Authority under GDPR.

Content & SEO DPDPA Compliance Data Privacy

This Privacy Policy was prepared by IMFS’s content and compliance team and reflects IMFS’s data practices as of May 2026. It is reviewed annually and updated whenever our data practices or applicable regulations change. For privacy queries, email [email protected].

Last updated: May 2026 | Governing laws: DPDPA 2023 · IT Act 2000 · SPDI Rules 2011 · IT Intermediary Guidelines 2021 · CERT-In Directions 2022 · BNS 2023 | Sources: meity.gov.in, cert-in.org.in, legislative.gov.in, policies.google.com, meta.com/policies

Questions? Talk to an IMFS Counsellor — Free

27+ years of placing students in USA, UK, Germany, Canada, Australia, Ireland & New Zealand. No fees. No pressure. Just honest guidance.

👉 Book Free Counselling 💬 WhatsApp Us

Branches: Dadar · Thane · Borivali · Vashi · Churchgate · Pimpri · Shivaji Nagar · Kukatpally · LB Nagar · Madhapur · Manipal · Warangal · Nellore

Study in USA Study in Germany Study in Canada Study in UK Study in Ireland Study in Australia

USA

Germany

New - Zealand

Canada

UK

Australia

Ireland