Cookie Policy

1. Purpose

This Cookie Policy defines how Beeworks Organisation Pvt Ltd, a FinOps organization, uses cookies and similar technologies on its website to ensure:

  • Secure and reliable digital services
  • - Protection of customer and visitor data
  • Compliance with applicable laws and regulations
  • Alignment with ISO/IEC 27001:2022 Information Security Management System (ISMS)

2. Scope

This policy applies to:

  • The official corporate and product websites.
  • All visitors, customers, and users accessing the website.
  • Employees, vendors, and third parties involved in website operations

3. Regulatory and Standard References

  • ISO/IEC 27001:2022 & ISO/IEC 27002:2022
  • Digital Personal Data Protection Act, 2023 (India)
  • Information Technology Act, 2000
  • IT (Reasonable Security Practices and Procedures) Rules, 2011
  • PCIDSS 4.0.1 

4. Definition of Cookies

Cookies are small text files stored on a user’s device when a website is accessed. Cookies enable core website functionality, enhance security, support analytics, and improve user experience.

5. Policy Statement

Beeworks Softwares Pvt Ltd uses cookies in a controlled, minimal, and secure manner.
Cookies:

  • Do not store sensitive financial information such as passwords, PINs, CVV, or account details
  • Are used only for defined and legitimate purposes
  • Are subject to risk assessment, access controls, and consent management

6. Categories of Cookies Used

6.1 Strictly Necessary Cookies

These cookies are essential for secure website operations and cannot be disabled.

Purpose includes:

  • Session management
  • Fraud prevention
  • Authentication and security controls
  • Load balancing

ISMS Alignment:
A.8.20 (Network Security), A.8.15 (Logging), A.8.2 (Access Control)

6.2 Security Cookies

Used to protect the website and users from fraud, cyber attacks, and unauthorized access.

Examples:

  • CSRF tokens
  • Bot detection cookies
  • Rate-limiting identifiers
  • ISMS Alignment:
    A.5.25 (Incident Management), A.8.16 (Monitoring Activities)

6.3 Analytics / Performance Cookies

Used to understand website performance and user behavior. Data is aggregated and anonymized.

Examples:

  • Page visits
  • Session duration
  • Traffic sources
  • Enabled only after user consent.
  • ISMS Alignment:
    A.5.34 (Privacy & PII Protection), A.5.10 (Acceptable Use)

6.4 Functional Cookies

Used to remember user preferences and improve usability.

Examples:

  • Language preferences
  • Region settings
  • Enabled only with consent.

6.5 Advertising / Tracking Cookies

Beeworks does not use advertising or behavioral tracking cookies.

7. Cookie Inventory (Maintained Internally)

  • session_id
    • Category: Necessary
    • Purpose: User session management
    • Retention: Session
  • csrf_token
    • Category: Security
    • Purpose: Prevents CSRF attacks
    • Retention: Session
  • _ga
    • Category: Analytics
    • Purpose: Website analytics
    • Retention: 24 months
  • user_lang
    • Category: Functional
    • Purpose: Language preference
    • Retention: 6 months

The cookie inventory is reviewed annually or upon website changes.

8. Consent Management (DPDP Act, 2023)

  • User consent is obtained through a cookie consent banner
  • Non-essential cookies are disabled by default
  • Users may withdraw or modify consent at any time
  • Consent records are maintained as compliance evidence

9. Third-Party Cookies and Vendors

Where third-party services are used:

Vendors are assessed as per Supplier Risk Management Procedure

  • Data protection and confidentiality clauses are contractually enforced
  • Access is restricted on a need-to-know basis

ISMS Alignment:
A.5.19 (Supplier Relationships), A.5.22 (Supplier Monitoring)

10. Data Protection and Security Controls

Cookie-related data is protected using:

  • Secure hosting environments
  • Encryption in transit (TLS)
  • Access control and monitoring
  • Periodic vulnerability assessments

11. Information Security Incidents

Any incident involving cookie data shall be handled under the Information Security Incident Management Procedure, including investigation, containment, and corrective actions.

12. Roles and Responsibilities

  • Board / Top Management
    • Responsibility: Governance and oversight
  • CISO / ISMS Head
    • Responsibility: Policy enforcement and review
  • IT & Security Team
    • Responsibility: Secure implementation
  • Web Administrator
    • Responsibility: Cookie updates and inventory

13. Monitoring and Audit

  • Compliance is reviewed during internal ISMS audits
  • Findings are tracked through corrective action plans
  • Policy effectiveness is reviewed during management review meetings

14. Policy Review

This policy is reviewed:

  • Annually
  • Upon regulatory changes
  • After major website or technology changes