User Consent Notice
This User Consent Notice explains how PEGS Standards & Systems Private Limited (“PEGS”, “we”, “us”, “our”) seeks, records, and manages your consent in connection with the Services. It supplements the PEGS Privacy Policy and forms part of these documents.
Purpose of This Notice
This Notice describes the consents we may request, the purposes those consents enable, and the methods by which you can grant or withdraw them. It is designed to comply with the Digital Personal Data Protection Act, 2023 (the “DPDP Act”) and the Digital Personal Data Protection Rules, 2025 (the “DPDP Rules”), and to align with the TRAI commercial-communication framework.
What You Are Consenting To
When PEGS asks for consent, the request will identify:
- the personal data category involved;
- the specific purpose of processing;
- the PEGS service, feature, benefit, or use enabled by that processing;
- whether consent is optional or necessary for the requested Service; and
- how you can withdraw consent.
You may be asked to provide separate consent for different purposes, including:
- account creation and account management;
- user authentication and security, including OTPs;
- service delivery and operational communications;
- property, asset, ESG, verification, certification, or dashboard workflows;
- payments, billing, invoices, receipts, and refunds;
- customer support and grievance handling;
- optional marketing, newsletters, events, or promotional communication;
- cookies, analytics, and service-improvement tools where required by law; and
- third-party integrations requested or enabled by you.
PEGS will not bundle optional marketing consent with consent required to provide core Services.
Types of Consent and Communications
3.1 Service and security communications
These include OTPs, login alerts, account alerts, invoices, receipts, policy updates, service confirmations, and security notices. These are necessary for providing or securing the Services.
3.2 Optional communications
These include newsletters, events, promotional messages, product updates, surveys, or non-essential communications. PEGS sends these only where you have explicitly opted in.
3.3 Cookies and analytics
Where required by law, PEGS collects consent for non-essential cookies or analytics through a cookie banner or preference tool. Further detail is provided in the Cookie Policy.
3.4 Third-party integrations
Where you choose to connect or use a third-party service through PEGS, PEGS may request consent or authorisation specific to that integration.
How Consent Is Collected
Consent is collected through clear and affirmative user action, such as:
- selecting an unchecked checkbox;
- clicking an “I agree”, “Allow”, or equivalent confirmation button;
- selecting communication preferences;
- submitting a service-specific form after being shown the relevant notice; or
- using a cookie consent preference tool.
PEGS does not rely on pre-ticked boxes for consent. Consent requests will be presented in clear and plain language and will not be hidden in unrelated terms.
Where consent is collected for commercial communications through SMS or other telecom channels, PEGS will align with applicable TRAI and telecom service-provider consent-registration and revocation mechanisms.
Withdrawal of Consent
You may withdraw consent at any time, subject to legal, regulatory, contractual, security, or fraud-prevention requirements.
Withdrawal options may include:
- account or privacy settings, where available;
- communication preference settings;
- unsubscribe links in optional emails;
- telecom service-provider consent/revocation mechanisms where applicable;
- writing to privacy@pegs.org.in; or
- contacting PEGS at its registered address.
PEGS will make withdrawal of consent available with ease comparable to the method by which consent was given.
After withdrawal:
- PEGS will stop processing personal data for the withdrawn purpose unless continued processing is permitted or required by law;
- PEGS may retain records necessary for legal, regulatory, security, audit, dispute-resolution, or compliance purposes;
- PEGS may delete, anonymise, suppress, or archive data in accordance with its Privacy Policy and retention schedule; and
- withdrawal may affect your ability to access Services that require the relevant processing.
Record of Consent
PEGS maintains consent records for compliance and accountability. These records may include:
- user identifier, such as registered email address, mobile number, or account ID;
- date and time of consent;
- consent purpose;
- notice version shown to the user;
- consent channel or interface;
- withdrawal date and time, where applicable; and
- communication preferences.
Consent records are retained only for compliance, audit, legal, security, and dispute-resolution purposes and are protected using appropriate technical and organisational measures.
Children's Consent
The Services are not intended for individuals under 18 years of age. PEGS does not knowingly collect or process personal data from children.
If PEGS introduces any Service that processes personal data of a child, PEGS will obtain verifiable consent from the parent or lawful guardian before processing, unless an exemption applies under applicable law.
Where personal data relates to a person with disability who has a lawful guardian acting on their behalf, PEGS will follow applicable guardian-verification requirements before relying on such consent.
Your Data Rights
Depending on applicable law, you may request access, correction, updating, erasure, withdrawal of consent, grievance redressal, or nomination of another person to exercise your rights.
Requests can be submitted through account tools, where available, or by contacting privacy@pegs.org.in. PEGS may ask for reasonable identifiers to verify the request.
Updates to This Notice
PEGS may update this Notice from time to time. Material changes will be notified through the Services, by email, or by other reasonable means. The version, last-updated date, and effective date appear at the top of this Notice.
Contact and Grievance Information
For consent questions, withdrawal requests, or data-rights requests, contact:
PEGS Standards & Systems Private Limited
10th Floor, Building 4, North Wing, NESCO IT Park, Western Express Highway, Goregaon East, Mumbai – 400063, Maharashtra, Bharat (India)
Privacy: privacy@pegs.org.in
Grievance Officer: grievance@pegs.org.in
Website: www.pegs.org.in
PEGS will respond to grievances within the period required by applicable law, and in any case within a reasonable period not exceeding ninety days where the DPDP Rules apply.
If you are not satisfied with PEGS's response, you may have the right to file a complaint with the Data Protection Board of India through the official digital mechanism made available by the Board.
Key References
- Digital Personal Data Protection Act, 2023
- Digital Personal Data Protection Rules, 2025
- TRAI Telecom Commercial Communications Customer Preference framework
- Information Technology Act, 2000, and rules made thereunder
This document was last updated on 17 May 2026 and supersedes all previous versions. PEGS reserves the right to amend it at any time. Continued use of PEGS platforms following any amendment constitutes acceptance of the updated document, subject to applicable law.