Cookie Policy

1. Preambular Declaration

This Cookie Policy (hereinafter referred to as the “Policy”) is issued by Sphinx Worldbiz Limited, a public limited company incorporated under the Companies Act, 1956, having its registered office at G-7, 20, Hari Sadan, Ansari Road, Darya Ganj, New Delhi – 110 002, India and its corporate office at A-27B, Sector-16, Noida, Distt. Gautam Budh Nagar, Uttar Pradesh – 201 301, India (hereinafter referred to as the “Company”, “Sphinx”, “We”, “Us”, or “Our”), and is hereby promulgated as an official, enforceable, and publicly notified articulation of the Company’s data practices with respect to cookies and similar tracking technologies, which may be deployed through its websites, applications, platforms, portals, and other digital infrastructure.

This Policy is issued in compliance with, and pursuant to, the requirements emanating from:

The Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011;
The Digital Personal Data Protection Act, 2023, as notified and enforced by the Government of India;
The General Data Protection Regulation (Regulation (EU) 2016/679), commonly known as the GDPR;
Other data privacy, protection, and cybersecurity regulations in force within jurisdictions wherein the Company operates or wherefrom data principals access the Company’s digital services;
Judicial, quasi-judicial, and administrative orders or directions of competent fora;
The Company’s own legitimate interests, risk mitigation obligations, contractual undertakings, and public commitments.

This Policy supplements and is to be read harmoniously with the Privacy Policy of the Company and constitutes a non-negotiable and binding legal document enforceable against all visitors, users, subscribers, and data principals interacting with the Company’s digital ecosystem.

2. Definitional Clauses And Interpretive Principles

For the purposes of this Policy, and unless the context otherwise requires:

“Cookies” shall refer to small textual, script-based, or code-driven data files or identifiers which may be stored on a user’s device or terminal equipment for the purposes of enabling, analysing, managing, or monitoring digital interaction;
“Web Beacons”, “Pixels”, “Browser Fingerprinting”, and “Tracking Tags” shall, mutatis mutandis, be considered equivalent to Cookies in terms of effect and regulatory treatment;
“User”, “Data Subject”, or “Data Principal” refers to any natural person who, directly or indirectly, interacts with, accesses, or communicates with the Company’s digital infrastructure;
“Third-Party Cookies” shall refer to cookie files deployed by external domains or sub-processors operating in conjunction with the Company’s digital interfaces;
“Consent” shall mean free, explicit, informed, specific, and unambiguous indication of a data subject’s will expressed through affirmative action, including through opt-in mechanisms deployed on banners or interfaces.

All undefined terms shall be construed in accordance with relevant data protection laws, regulations, rules of interpretation, and judicial constructions applicable to electronic records and privacy instruments.

3. Nature, Types And Categories Of Cookies Deployed

The Company, in the legitimate discharge of its technical, operational, functional, commercial, marketing, and security obligations, deploys a plurality of cookies and similar technologies. Such cookies may, depending on purpose, be classified as follows:

Technically Necessary Cookies (Strictly Essential Cookies)
These cookies are indispensable and non-derogable in nature, as they are inherently required for the operational functioning, integrity, and continuity of the website or platform. These include session management cookies, fraud detection cookies, load balancing cookies, and navigation enablers.
Examples:
- OptanonConsent – stores user cookie preferences;
- PHPSESSID, JSESSIONID – enables session management;
- ApplicationGatewayAffinityCORS – ensures user continuity across requests.
Authentication and Credential Cookies
Deployed for verifying the user’s identity and maintaining their login state across multiple pages or visits, including cookie-based session IDs and login tokens. Enables frictionless access to gated resources.
Functional and Preference Cookies
These cookies store and recall user preferences, selections, or interface behaviour, such as preferred language, time zone, theme, or dashboard configurations. They enhance accessibility and user experience.
Analytical and Performance Cookies
Used for performance metrics, application diagnostics, behaviour tracking, and event logging. These cookies aid the Company in performing website optimisation, content curation, and user behaviour modelling.
Targeting, Marketing, and Profiling Cookies
Used to deliver tailored advertisements, newsletters, and push notifications. Profiling may involve inference-based categorisation of the user’s demographic or behavioural parameters based on past interactions.
Examples include:
- LinkedIn Insight Tag
- Google AdWords Pixel
- Mailchimp Beacon
- Google reCAPTCHA (for abuse prevention)
Third-Party Service Cookies
Cookies deployed by third-party vendors, analytics providers, advertising servers, customer support platforms, and content delivery networks. These entities may independently process data in accordance with their privacy policies.

4. Purposes For Which Cookies Are Used

Cookies are deployed for multiple lawful purposes, including but not limited to:

Enabling essential functions of the website (navigation, transaction continuity, security checks);
Authenticating users and maintaining session integrity;
Monitoring fraudulent activity and securing backend operations;
Customising, personalising, and localising user experience;
Generating insights for marketing strategies and audience segmentation;
Gathering telemetry, diagnostics, and heatmaps for performance enhancement;
Ensuring regulatory compliance and risk-based control under internal governance frameworks. AP

5. Legal Justification For Cookie Deployment

The Company processes cookie-derived personal data based on any one or more of the following legally recognised bases:

Explicit and informed consent from the user;
Legitimate interests pursued by the Company, provided fundamental rights are not overridden;
Necessity for the performance of a contract with the data subject;
Legal or regulatory obligation requiring such processing;
Compliance with industry-standard cybersecurity obligations, best practices, and codes of conduct.

6. Cookie Retention Duration And Storage Limitations

All cookies shall be retained and persisted only for the duration strictly required to fulfil the purpose for which they were deployed. Categories of cookies may have the following retention timelines:

Session Cookies: Deleted automatically upon browser closure;
Persistent Cookies: May remain stored for periods extending up to twelve (12) months;
Third-Party Cookies: Retention duration governed by independent third-party policies and regulatory obligations.

7. Consent Management And User Autonomy

The Company has implemented a Cookie Consent Management Interface embedded within its digital interface to enable lawful, auditable, and transparent collection of consent. Users are granted the absolute right to:

Accept or reject non-essential cookies;
Provide granular consent to specific cookie categories;
Withdraw consent at any time;
Review the list of active cookies through a transparent dashboard.
Browser-level cookie controls are also available for users wishing to exercise technical restrictions independent of the website’s own interface.

8. Cross-border Cookie Data Transfers

To the extent that cookie-derived data is transmitted across national borders, the Company undertakes to ensure that such transfers are accompanied by:

Appropriate contractual safeguards;
Legitimate transfer mechanisms under applicable law;
Technical measures such as encryption, minimisation, and access control;
Execution of data processing agreements with subprocessors and recipients.

9. Rights Of Data Subjects In Relation To Cookie Data

Users shall be deemed to possess all rights available to them under applicable data protection laws, including:

The right to withdraw previously granted consent;
The right to access, rectify, or erase cookie-derived data;
The right to restrict or object to processing;
The right to portability (where applicable);
The right to lodge a complaint before the competent supervisory authority.

10. Amendments, Version Control, And Policy Governance

The Company reserves the unqualified right to amend, revise, update, suspend, or rescind this Policy at its sole discretion, subject to compliance with applicable law. Updates shall be notified through:

Banner announcements;
Versioning footers; or
Email notifications where applicable.
Users are encouraged to periodically revisit this Policy.

11. Grievance Redressal And Communication Channels

All complaints, notices, feedback, or communications in relation to this Policy shall be addressed to:

Sphinx Worldbiz Limited
Address: A-27 B, Sector 16, Noida,
District – Gautam Budh Nagar,
Uttar Pradesh – 201 301, India
Email: info@sphinxworldbiz.com
Phone: +91-120-4736400, +91-120-4736499

For users based in the European Union:
Designated Representative: Mr. Avishkar Surana
Email: a.surana@sphinxworldbiz.de