This Privacy Policy ("Policy") is promulgated by RPKA Technologies Private Limited, a company duly incorporated under the provisions of the Companies Act, 2013, having its registered office situated at 205, Samruddhi Complex, opposite Sakar III, near Income Tax crossroads, Navrangpura, Ahmedabad 380009 (hereinafter referred to as the "Company," "we," "us," or "our"), operating the insurance claims consultation and advocacy platform known as "The Insurance Bar."
The Company is engaged in the business of providing specialized legal processing services, insurance claims consultation, advocacy services, and related professional advisory services to individuals and entities experiencing difficulties with insurance claims, settlements, and coverage disputes, without engaging in the sale, distribution, or underwriting of insurance policies;
The nature of the Company's business necessitates the collection, processing, storage, and handling of extensive personal information, including Sensitive Personal Data or Information ("SPDI") as defined under Rule 3 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011;
The Company recognizes the fundamental right to privacy as enshrined in the Constitution of India and as interpreted by the Hon'ble Supreme Court of India in Justice K.S. Puttaswamy (Retd.) and Another v. Union of India and Others;
The Company is committed to ensuring full compliance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, the Digital Personal Data Protection Act, 2023, the Consumer Protection Act, 2019, the Right to Information Act, 2005, the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, the Prevention of Money Laundering Act, 2002, the Companies Act, 2013, the Indian Contract Act, 1872, the Telegraph Act, 1885, the Indian Evidence Act, 1872, the Criminal Procedure Code, 1973, the Insurance Act, 1938, the Insurance Regulatory and Development Authority of India Act, 1999, and all other applicable Central and State laws, rules, regulations, notifications, circulars, and guidelines pertaining to data protection, privacy, consumer rights, and information security;
NOW THEREFORE, this Privacy Policy establishes a framework governing the collection, use, processing, storage, transfer, disclosure, and disposal of personal information and sensitive personal data or information by the Company. This Policy extends to all forms of interaction between the data principal (the individual whose personal information is collected) and the Company, including but not limited to website usage, service engagement, consultation requests, ongoing professional relationships, and all ancillary communications and transactions.
The territorial scope of this Policy encompasses all activities conducted by the Company within the Republic of India and extends to any cross-border processing or transfer of personal information to the extent permitted by and in compliance with applicable laws. This Policy shall apply with equal force to all employees, officers, directors, consultants, agents, service providers, and third parties acting on behalf of the Company who may have access to or process personal information in the course of their engagement with the Company.
By accessing the Company's website, engaging the Company's services, providing personal information to the Company, or maintaining any form of professional or business relationship with the Company, the data principal acknowledges having read, understood, and consented to be bound by the terms and conditions of this Privacy Policy. Such consent shall be deemed to be informed, voluntary, and specific to the purposes outlined herein.
The Company collects personal information as defined under Section 2(1)(i) of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, which includes any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person.
Such personal information encompasses, without limitation, the complete legal name of the data principal as recorded in government-issued identification documents, including any aliases, previous names, maiden names, or alternative spellings utilized by the data principal at any point in time. The Company collects contact information including permanent residential address, temporary or correspondence address, telephone numbers (mobile, landline, and alternative contact numbers), electronic mail addresses (primary and secondary), and emergency contact details including names, relationships, and contact information of persons authorized to be contacted on behalf of the data principal.
The Company further collects demographic and identification information including date of birth, place of birth, nationality, citizenship status, gender identity as disclosed by the data principal, marital status, family composition details, educational qualifications, professional background, employment history, and government-issued identification numbers including Aadhaar number, PAN, voter identification number, passport number, driving license number, and any other identification credentials as may be required for the provision of services or compliance with legal obligations.
In accordance with Rule 3 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, the Company necessarily collects and processes Sensitive Personal Data or Information ("SPDI"), which is defined to include:
FINANCIAL INFORMATION: The Company collects financial information including bank account details, credit card and debit card information, other payment instrument details, income statements, tax returns, asset declarations, liability statements, credit reports, investment portfolio details, insurance policy information, premium payment records, claim history across all insurance categories, and detailed financial statements including profit and loss accounts, balance sheets, and cash flow statements where applicable. Such financial information is essential for assessing claim viability, calculating potential settlements, and providing financial advocacy services.
HEALTH RECORDS AND MEDICAL INFORMATION: Given the nature of insurance claims, particularly health insurance and disability-related claims, the Company collects extensive medical information including complete medical history, current health conditions, diagnostic reports, treatment records, prescription medication details, hospitalization records, surgical procedures, therapy and rehabilitation records, mental health information, genetic information where relevant to insurance coverage, and any other health-related data necessary for claim evaluation and advocacy. Such information is collected and processed in strict compliance with applicable medical privacy laws and professional ethical standards.
BIOMETRIC INFORMATION: Where required for identity verification or as mandated by regulatory requirements, the Company may collect biometric information including fingerprints, retinal scans, voice recognition data, and other biometric identifiers, subject to explicit consent and in accordance with the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, and related regulations.
PASSWORD AND SECURITY CREDENTIALS: The Company necessarily maintains password information, security questions and answers, digital signatures, and other authentication credentials required for secure access to client accounts and confidential information systems.
SEXUAL ORIENTATION AND PERSONAL PREFERENCES: While not routinely collected, such information may be disclosed by data principals in the context of discrimination claims, harassment cases, or other insurance matters where such information is relevant to claim evaluation and advocacy.
CASTE, RELIGIOUS, AND POLITICAL BELIEFS: Such information may be collected only where specifically relevant to insurance claims involving discrimination, harassment, or other circumstances where such characteristics are material to the claim being pursued.
The Company operates sophisticated digital platforms for service delivery and client communication, necessitating the collection of technical information. Such information includes internet protocol (IP) addresses, device identifiers including Media Access Control (MAC) addresses, browser type and version, operating system information, device specifications, geolocation data (where permitted), cookies and similar tracking technologies, website usage patterns, clickstream data, search queries, form completion data, download activities, session duration, referring websites, and detailed logs of all system interactions.
The Company utilizes advanced analytics tools, artificial intelligence systems, and machine learning algorithms to enhance service delivery, requiring the collection and processing of behavioral data, preference patterns, service utilization metrics, and predictive modeling data. All such technical information collection is conducted in compliance with applicable privacy laws and with appropriate notice to data principals.
The Company may obtain personal information from various third-party sources, subject to appropriate legal authorization and in compliance with applicable privacy laws. Such sources include insurance companies and their authorized representatives, healthcare providers and medical institutions, legal professionals and law firms, government agencies and regulatory bodies, credit bureaus and financial institutions, background verification agencies, public records and databases, social media platforms (only publicly available information), professional associations and licensing bodies, and other legitimate sources of information relevant to claim evaluation and advocacy services.
All third-party information collection is conducted pursuant to appropriate legal agreements, privacy notices, and with proper authorization from data principals or as permitted by applicable law. The Company maintains detailed records of all third-party sources and the legal basis for information collection from such sources.
The Company maintains a sophisticated classification system for personal information based on sensitivity levels and applicable legal protections. Category I information includes basic contact and demographic information subject to standard privacy protections. Category II information encompasses financial and commercial information requiring enhanced security measures. Category III information includes health and medical records subject to heightened privacy protections and professional confidentiality requirements. Category IV information comprises legal and litigation-related information protected by attorney-client privilege and work product doctrine. Category V information includes any information classified as sensitive personal data or information under applicable statutory frameworks.
Each category of information is subject to specific handling procedures, access controls, security measures, and retention policies designed to ensure appropriate protection commensurate with the sensitivity of the information and applicable legal requirements.
The Company processes personal information primarily to ensure compliance with various statutory and regulatory obligations applicable to insurance advocacy services. Such processing is necessary to comply with the appropriate laws, and related regulations governing insurance intermediaries and advisors. The Company must maintain detailed records of client interactions, claim advocacy activities, and outcomes to demonstrate compliance with professional standards and regulatory requirements.
Processing is further justified under the Prevention of Money Laundering Act, 2002, and related rules requiring the Company to verify client identity, maintain transaction records, and report suspicious activities. The Company processes personal information to comply with tax obligations under the Income Tax Act, 1961, including maintenance of financial records, reporting of specified transactions, and compliance with tax deduction and collection requirements.
The Company processes personal information to comply with various consumer protection laws, including the Consumer Protection Act, 2019, requiring maintenance of service records, complaint handling procedures, and quality assurance measures. Such processing ensures the Company can demonstrate fair business practices and provide appropriate remedies in case of service-related disputes.
Processing of personal information is essential for the performance of service contracts between the Company and its clients. Such processing enables the Company to evaluate insurance claims, develop advocacy strategies, communicate with insurance companies and other relevant parties, coordinate with healthcare providers and legal professionals, prepare and submit claim documentation, negotiate settlements, and provide ongoing case management services.
The contractual relationship between the Company and its clients necessarily involves the exchange of personal information, including sensitive personal data, to enable effective advocacy and representation. Such processing is fundamental to the Company's ability to fulfill its contractual obligations and provide the specialized services for which clients engage the Company.
The Company processes personal information to pursue legitimate business interests that do not override the fundamental rights and freedoms of data principals. Such interests include maintaining accurate business records, conducting quality assurance and service improvement activities, analyzing market trends and client needs, developing new service offerings, protecting the Company's legal rights and interests, preventing fraud and ensuring system security, and conducting internal audits and compliance assessments.
The Company's legitimate interests extend to analyzing claim outcomes and settlement patterns to improve advocacy strategies, benchmarking performance against industry standards, conducting research and development activities to enhance service delivery, and maintaining professional competence through continuous learning and improvement initiatives.
For certain processing activities, particularly those involving marketing communications, enhanced analytics, or optional service features, the Company relies on explicit consent from data principals. Such consent is obtained through clear and unambiguous statements, affirmative actions, or explicit opt-in mechanisms that allow data principals to understand and control the scope of processing.
Consent-based processing includes the use of personal information for marketing communications about additional services, sharing of case studies and success stories (with appropriate anonymization), participation in research studies and service improvement initiatives, and access to enhanced digital platform features requiring additional data collection.
The Company ensures that all consent is freely given, specific, informed, and unambiguous, and maintains detailed records of consent obtained, including the date, method, and scope of consent. Data principals retain the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
In exceptional circumstances involving threats to life, health, or safety, the Company may process personal information without explicit consent to protect the vital interests of data principals or other individuals. Such processing is strictly limited to emergency situations where immediate action is necessary and obtaining consent is not practical or would materially delay necessary protective measures.
Emergency processing may include sharing medical information with healthcare providers during medical emergencies, providing contact information to emergency services, coordinating with family members or emergency contacts during crisis situations, and taking immediate protective measures to prevent harm to data principals or others.
The Company may process personal information for purposes of substantial public interest, including contributing to research studies on insurance industry practices, participating in regulatory investigations or proceedings, providing anonymized data for academic research on consumer protection, and supporting policy development initiatives aimed at improving insurance consumer rights and protections.
Such public interest processing is conducted in accordance with applicable legal frameworks and with appropriate safeguards to protect individual privacy while contributing to broader social benefits and improvements in insurance industry practices.
The Company utilizes personal information primarily to deliver insurance claims advocacy services tailored to each client's specific circumstances and needs. This encompasses conducting thorough policy analysis to identify coverage provisions, exclusions, limitations, and potential grounds for claim disputes. The Company analyzes the interplay between policy terms, applicable law, regulatory guidelines, and industry practices to develop sophisticated advocacy strategies designed to maximize claim approval rates and settlement amounts.
Personal information enables the Company to prepare claim submissions that present each case in the most compelling manner possible, incorporating detailed factual narratives, supporting documentation, expert opinions, legal precedents, and persuasive arguments calculated to overcome insurer resistance and achieve favorable outcomes. The Company utilizes client information to engage in complex negotiations with insurance companies, their representatives, adjusters, medical reviewers, and legal counsel, employing advanced negotiation techniques and industry knowledge to secure optimal settlements.
The Company processes personal information to coordinate with various professionals involved in client cases, including attorneys, medical experts, financial advisors, vocational rehabilitation specialists, and other professionals whose expertise may be necessary to support claim advocacy efforts. Such coordination ensures case management and maximizes the likelihood of successful claim resolution.
Personal information is utilized in sophisticated case management systems that track claim progress, monitor critical deadlines, coordinate multiple workstreams, and ensure that all necessary actions are taken to advance client interests. The Company maintains detailed case files that document all interactions, developments, strategies employed, and outcomes achieved, enabling case management and strategic adaptation as circumstances evolve.
The Company utilizes personal information to conduct advanced predictive analytics that assess claim viability, estimate potential settlement ranges, identify optimal timing for negotiations, and predict likely insurer responses to various advocacy approaches. Such analytics enable the Company to provide clients with realistic expectations and strategic guidance based on empirical data and industry expertise.
Personal information supports the Company's development of customized advocacy strategies that account for individual client circumstances, preferences, risk tolerance, financial needs, and long-term objectives. The Company recognizes that each client's situation is unique and requires personalized approaches that cannot be achieved through standardized or automated processes.
The Company processes personal information to maintain effective communication channels that keep clients informed, engaged, and empowered throughout the claims process. This includes providing regular updates on case progress, explaining complex insurance concepts and procedures, interpreting insurer communications, and ensuring that clients understand their options and can make informed decisions about their cases.
Personal information enables the Company to customize communication approaches based on individual client preferences, communication styles, technological capabilities, and scheduling constraints. The Company recognizes that effective communication is essential to successful advocacy and tailors its approach to each client's specific needs and circumstances.
The Company utilizes personal information to provide proactive client education and empowerment services, including explaining consumer rights, identifying potential coverage issues before they become problems, providing guidance on preventive measures, and helping clients understand how to protect their interests in future insurance matters.
Personal information supports quality assurance programs designed to ensure consistent service delivery, identify areas for improvement, and maintain the highest professional standards. The Company analyzes case outcomes, client satisfaction metrics, and performance indicators to continuously enhance its service delivery capabilities and maintain excellence in client advocacy.
The Company utilizes aggregated and anonymized personal information to conduct research and analysis aimed at understanding insurance industry trends, identifying emerging issues affecting consumers, and developing improved advocacy techniques and strategies. Such research contributes to the Company's ability to provide cutting-edge advocacy services and stay ahead of evolving industry practices.
Personal information enables the Company to conduct training and professional development programs for its staff, ensuring that all team members maintain current knowledge of industry practices, legal developments, and effective advocacy techniques. Such training is essential to maintaining the Company's reputation for excellence and providing clients with the highest quality representation.
The Company processes personal information to ensure compliance with various legal and regulatory requirements applicable to its business operations. This includes maintaining accurate records as required by professional licensing bodies, reporting obligations under various statutes, tax compliance requirements, and consumer protection law mandates.
Personal information supports the Company's risk management activities, including identifying potential conflicts of interest, assessing legal and ethical obligations, maintaining professional liability insurance coverage, and ensuring appropriate safeguards are in place to protect client interests and Company operations.
The Company utilizes personal information to defend against legal claims, respond to regulatory inquiries, participate in legal proceedings, and protect its legitimate business interests while maintaining appropriate confidentiality protections for client information.
Personal information supports the Company's business development activities, including analyzing market trends, identifying new service opportunities, assessing client needs and preferences, and developing strategic plans for business growth and expansion. Such analysis is conducted using aggregated and anonymized data that protects individual privacy while enabling informed business decision-making.
The Company utilizes personal information to develop and refine its service offerings, pricing structures, delivery methods, and client engagement strategies to better serve client needs and maintain competitive advantage in the insurance advocacy marketplace.
Personal information enables the Company to assess the effectiveness of various marketing and client acquisition strategies, measure return on investment for business development activities, and allocate resources efficiently to maximize client service capabilities and business sustainability.
The Company may share personal information with carefully selected third-party service providers and professional consultants who assist in delivering advocacy services to clients. Such sharing is governed by strict contractual arrangements that ensure appropriate confidentiality protections, limit use of information to specified purposes, and require compliance with applicable privacy laws and professional standards.
Legal professionals and law firms may receive personal information when their expertise is necessary to support client advocacy efforts, including complex litigation matters, appeals of claim denials, regulatory proceedings, and other legal matters requiring specialized knowledge and representation. All such sharing is subject to attorney-client privilege protections and professional confidentiality requirements.
Medical professionals and healthcare experts may receive relevant health information when their expertise is necessary to evaluate medical claims, assess disability determinations, review treatment recommendations, or provide expert opinions supporting client advocacy efforts. Such sharing is conducted in compliance with applicable medical privacy laws and professional ethical standards.
Financial experts and consultants may receive relevant financial information when their expertise is necessary to assess economic damages, calculate settlement values, evaluate loss of income claims, or provide expert analysis supporting client advocacy efforts. All financial consultants are bound by appropriate confidentiality agreements and professional standards.
Technology service providers who maintain the Company's information systems, digital platforms, and security infrastructure may have access to personal information in the course of providing technical services. All such providers are contractually bound to maintain strict confidentiality and implement appropriate security measures to protect client information.
In the course of advocating for client interests, the Company necessarily shares relevant personal information with insurance companies, their representatives, adjusters, medical reviewers, legal counsel, and other entities involved in the claims process. Such sharing is limited to information necessary to effectively represent client interests and is conducted in accordance with applicable laws, professional standards, and client authorization.
The Company may share personal information with insurance regulatory bodies, state insurance departments, and other governmental agencies when required by law, regulation, or in connection with regulatory proceedings affecting client interests. Such sharing is conducted in compliance with applicable disclosure requirements and with appropriate protections for client confidentiality.
The Company may share personal information with insurance industry organizations, professional associations, and standard-setting bodies when necessary to support client advocacy efforts, participate in industry improvement initiatives, or contribute to the development of better practices for consumer protection.
The Company may disclose personal information when required by law, court order, legal process, or regulatory mandate. Such disclosures are made in compliance with applicable legal requirements and with appropriate efforts to protect client confidentiality to the extent permitted by law.
The Company may disclose personal information to law enforcement agencies when required by law or when necessary to investigate suspected criminal activity, fraud, or other illegal conduct affecting client interests or Company operations. Such disclosures are made in accordance with applicable legal frameworks and with appropriate consideration for client privacy rights.
The Company may disclose personal information in connection with legal proceedings, including litigation, arbitration, mediation, or other dispute resolution processes where such disclosure is necessary to protect client interests or defend the Company's legal rights and obligations.
The Company may disclose personal information without prior consent when necessary to protect the vital interests of clients or other individuals, including medical emergencies, threats to safety, prevention of serious harm, or other emergency situations where immediate action is required to protect life, health, or safety.
Such emergency disclosures are limited to information necessary to address the specific emergency situation and are made to appropriate emergency services, healthcare providers, family members, or other individuals who can provide necessary assistance or protection.
In the event of a merger, acquisition, sale of assets, bankruptcy, or other corporate transaction affecting the Company, personal information may be transferred to the acquiring entity or successor organization, subject to appropriate confidentiality protections and continuation of privacy obligations under this Policy or a substantially similar privacy framework.
Clients will be provided with appropriate notice of any such business transfer and will have the opportunity to object to the transfer of their personal information or to request deletion of their information prior to such transfer, subject to applicable legal and contractual obligations.
The Company may share anonymized and aggregated information that does not identify individual clients for research purposes, industry analysis, academic studies, policy development initiatives, and other purposes that contribute to improved understanding of insurance industry practices and consumer protection needs.
All such sharing is conducted with appropriate safeguards to ensure that individual identity cannot be determined from the shared information and that such sharing contributes to legitimate research or policy objectives without compromising individual privacy.
The Company implements state-of-the-art technical security measures designed to protect personal information against unauthorized access, use, disclosure, modification, or destruction. These measures include advanced encryption protocols for data transmission and storage, utilizing industry-standard encryption algorithms such as AES-256 for data at rest and TLS 1.3 for data in transit.
The Company maintains sophisticated network security infrastructure including next-generation firewalls, intrusion detection and prevention systems, network segmentation protocols, virtual private networks for remote access, and continuous monitoring systems that detect and respond to potential security threats in real-time.
Access controls are implemented through multi-factor authentication systems, role-based access controls that limit information access to authorized personnel based on job responsibilities, privileged access management systems for administrative functions, regular access reviews and certification processes, and automated account provisioning and deprovisioning procedures.
The Company utilizes advanced endpoint protection systems including anti-malware software, endpoint detection and response capabilities, device encryption requirements, mobile device management systems, and patch management procedures to ensure all systems remain secure against evolving threats.
Data backup and recovery systems include encrypted backup storage, geographically distributed backup locations, regular backup testing and validation procedures, disaster recovery planning and testing, and business continuity measures designed to ensure service availability and data protection even in emergency situations.
The Company maintains extensive administrative security measures including staff training programs on privacy and security requirements, background checks for all personnel with access to personal information, signed confidentiality agreements for all employees and contractors, regular security awareness training and updates, and clear policies and procedures governing information handling practices.
Access management procedures include detailed authorization protocols specifying who may access different categories of information, regular reviews of access permissions and user accounts, mandatory security training for all users, incident reporting and response procedures, and audit trails documenting all access to personal information.
The Company maintains a dedicated privacy and security team responsible for overseeing compliance with this Policy, conducting regular security assessments, investigating potential security incidents, implementing security improvements, and ensuring ongoing compliance with applicable privacy laws and industry standards.
Quality assurance measures include regular internal audits of security practices, third-party security assessments and penetration testing, compliance monitoring and reporting procedures, continuous improvement processes for security measures, and regular updates to policies and procedures based on emerging threats and best practices.
The Company maintains physical security measures for all facilities where personal information is stored or processed. These measures include controlled access to facilities through key card systems and biometric authentication, 24/7 security monitoring and surveillance systems, environmental controls to protect against natural disasters and other physical threats, secure storage facilities for physical documents and backup media, and visitor management procedures that ensure appropriate supervision of non-employee access to secure areas.
Document handling procedures include secure printing and copying facilities, locked storage for confidential documents, secure disposal procedures for documents containing personal information, chain of custody protocols for document transfers, and inventory management for all physical records containing personal information.
Workstation security measures include locked screens for unattended computers, clear desk policies requiring secure storage of confidential documents, restrictions on personal device usage in secure areas, and physical barriers to prevent unauthorized viewing of confidential information.
The Company requires all third-party service providers who may have access to personal information to implement security measures consistent with this Policy and applicable legal requirements. This includes security assessments before engaging new vendors, contractual requirements for appropriate security measures, regular monitoring of vendor security practices, incident notification requirements, and termination procedures that ensure secure return or destruction of personal information.
All vendor agreements include specific provisions addressing data protection requirements, security incident reporting obligations, compliance with applicable privacy laws, audit rights and compliance monitoring procedures, and liability provisions for security breaches or privacy violations.
The Company maintains a preferred vendor list of service providers who have demonstrated appropriate security capabilities and maintains ongoing relationships with vendors who consistently meet or exceed security requirements.
The Company implements continuous monitoring systems that provide real-time visibility into potential security threats, system performance issues, unauthorized access attempts, and other security-related events. These systems include automated alerting for suspicious activities, logging of all system access and data handling activities, regular analysis of security metrics and trends, and proactive threat hunting activities.
Security improvement processes include regular updates to security technologies and procedures, implementation of emerging security standards and best practices, participation in industry security initiatives and information sharing programs, and ongoing investment in advanced security capabilities.
The Company conducts regular security assessments including vulnerability scanning, penetration testing, security architecture reviews, and compliance audits to identify potential weaknesses and implement appropriate improvements to maintain the highest levels of information security.
The Company maintains personal information for periods determined by applicable legal and regulatory requirements, professional standards, business needs, and client interests. Retention periods vary based on the type of information, its sensitivity, the purpose for which it was collected, and specific legal obligations that may apply.
Client case files and related documentation are retained for a minimum period of seven years from the date of case closure, in accordance with professional standards for insurance advocacy services and potential limitation periods for legal claims that may arise from the advocacy relationship. Such files include all communications, documents, work product, and other materials related to client representation.
Financial records including payment information, billing records, and financial transactions are retained in accordance with applicable accounting standards and tax regulations, typically for a period of seven years from the date of the transaction or as required by specific legal obligations.
Medical information and health records are retained in accordance with applicable medical privacy laws and professional standards, with retention periods varying based on the type of information and applicable regulatory requirements. Such information may be retained for extended periods when necessary for ongoing advocacy efforts or potential future claims related to the same underlying health conditions.
Legal documents and correspondence related to litigation, appeals, or regulatory proceedings are retained for periods appropriate to the specific legal matter and applicable limitation periods, which may extend beyond the general retention period for other client information.
The Company maintains detailed retention schedules that specify appropriate retention periods for different categories of information based on their business purpose, legal requirements, and sensitivity levels. Category I information including basic contact and demographic information is retained for the duration of the client relationship plus seven years. Category II information including financial and commercial data is retained in accordance with applicable financial recordkeeping requirements. Category III information including health and medical records is retained in accordance with applicable healthcare privacy laws. Category IV information including legal and privileged communications is retained for periods appropriate to the specific legal matter and applicable professional standards.
The Company regularly reviews and updates retention schedules to ensure compliance with evolving legal requirements, changes in business practices, and emerging best practices for information management. Such reviews include assessment of business needs for continued retention, evaluation of legal and regulatory requirements, consideration of client interests and potential future needs, and analysis of storage costs and security risks associated with extended retention.
When personal information reaches the end of its retention period or is no longer needed for legitimate business purposes, the Company implements disposal procedures designed to ensure complete destruction of the information and prevent unauthorized recovery or reconstruction.
Physical documents containing personal information are destroyed through certified document destruction services that provide certificates of destruction and maintain appropriate security measures throughout the disposal process. Such services utilize cross-cut shredding, pulverization, or incineration methods that ensure complete destruction of the information.
Electronic information is securely disposed of through multiple-pass overwriting procedures that prevent recovery of the original data, degaussing of magnetic storage media, physical destruction of storage devices when appropriate, and verification procedures that confirm complete data destruction. The Company maintains detailed records of all disposal activities including dates, methods used, personnel involved, and certificates of destruction when applicable.
Backup media and archived information are subject to the same secure disposal requirements, with particular attention to ensuring that all copies of information are identified and properly destroyed. The Company maintains inventory records that facilitate identification of all locations where information may be stored and ensure complete disposal when required.
The Company provides clients with the ability to request deletion of their personal information in circumstances where such deletion is legally permissible and practically feasible. Such requests are evaluated based on applicable legal requirements, professional obligations, business needs, and the specific circumstances of the request.
Deletion requests are processed through formal procedures that include verification of the requesting party's identity, assessment of legal and professional obligations that may require continued retention, evaluation of potential impacts on ongoing or future advocacy efforts, and coordination with relevant staff to ensure complete removal of information from all systems and records.
When deletion is not legally permissible or would materially harm the client's interests, the Company will explain the reasons for retaining the information and will implement additional protections to limit access and use of the information to essential purposes only.
The Company maintains detailed records of all deletion activities including requests received, evaluations conducted, actions taken, and any information that could not be deleted due to legal or professional obligations.
For information that must be retained for extended periods due to legal requirements or ongoing business needs, the Company implements archival procedures designed to maintain information security while reducing operational costs and risks associated with long-term storage.
Archival procedures include migration of information to secure long-term storage systems, implementation of additional access controls for archived information, regular testing of archived information to ensure continued accessibility, periodic review of archived information to assess continued need for retention, and secure disposal of archived information when retention periods expire.
The Company maintains detailed cataloging systems for archived information that facilitate retrieval when necessary while minimizing routine access and associated security risks. Access to archived information requires specific authorization and is logged for audit purposes.
Every data principal possesses the fundamental right to access personal information held by the Company and to receive details regarding the collection, processing, and use of such information. This right encompasses the ability to obtain copies of all personal information in the Company's possession, understand the sources from which information was obtained, learn about the purposes for which information is being processed, identify all parties with whom information has been shared, and receive information about the legal basis for processing activities.
Access requests must be submitted in writing through formal procedures that include verification of the requesting party's identity to prevent unauthorized disclosure of personal information. The Company will respond to access requests within thirty days of receipt, or sooner when required by applicable law, and will provide information in a structured, commonly used, and machine-readable format when technically feasible.
The Company may charge reasonable fees for providing access to personal information when permitted by applicable law, particularly for requests that are manifestly unfounded, excessive, or repetitive. However, the first copy of personal information will typically be provided without charge, and fees will be clearly communicated before processing any request.
Data principals have the right to request correction of any personal information that is inaccurate, incomplete, outdated, irrelevant, or misleading. This right extends to all categories of personal information held by the Company and includes the ability to supplement incomplete information with additional accurate details.
Correction requests are processed through formal procedures that include assessment of the requested changes, verification of supporting documentation when appropriate, coordination with relevant staff to implement corrections across all systems and records, and notification of corrections to any third parties who have received the incorrect information when practically feasible.
The Company will complete correction activities within thirty days of receiving a valid correction request and will provide confirmation of the changes made. When the Company cannot verify the accuracy of requested corrections or has legitimate reasons to believe the current information is accurate, it will provide detailed explanations of its position and offer alternative resolution options.
Data principals possess the right to request deletion of their personal information in specific circumstances including when the information is no longer necessary for the purposes for which it was collected, when consent for processing has been withdrawn and no other legal basis exists for continued processing, when information has been unlawfully processed, or when deletion is required for compliance with legal obligations.
Deletion requests are subject to certain limitations including legal obligations that require continued retention of information, legitimate interests that justify continued processing, establishment, exercise, or defense of legal claims, and professional obligations that mandate retention of client records for specified periods.
When deletion is not legally permissible or would materially harm the data principal's interests, the Company will implement restrictions on processing that limit access and use of the information to essential purposes only. Such restrictions will remain in place until the circumstances requiring retention no longer apply.
Data principals may request restriction of processing of their personal information in circumstances where the accuracy of information is contested, processing is unlawful but deletion is not desired, the Company no longer needs the information but the data principal requires it for legal claims, or processing has been objected to pending verification of legitimate grounds for continued processing.
Restricted processing means that information will be stored securely but will not be actively processed except for specific limited purposes including storage itself, processing with explicit consent, establishment, exercise, or defense of legal claims, protection of rights of other natural or legal persons, or important public interest purposes.
The Company will implement appropriate technical and administrative measures to ensure that restricted information is clearly identified and that processing restrictions are consistently applied across all systems and personnel with access to the information.
Where technically feasible and legally permissible, data principals have the right to receive their personal information in a structured, commonly used, and machine-readable format and to request direct transfer of such information to another service provider. This right applies primarily to information provided directly by the data principal and processed based on consent or contract.
Data portability requests are subject to technical limitations and will be fulfilled to the extent possible using standard formats such as PDF, CSV, or XML files. The Company will provide reasonable assistance in facilitating transfers to other service providers while maintaining appropriate security measures and confidentiality protections.
Data principals have the right to object to processing of their personal information based on legitimate interests or for direct marketing purposes. Such objections will be honored unless the Company can demonstrate compelling legitimate grounds for continued processing that override the interests, rights, and freedoms of the data principal, or when processing is necessary for establishment, exercise, or defense of legal claims.
Objections to direct marketing will be honored immediately and without exception, and the Company will cease all marketing communications to data principals who have exercised this right. Objections to other forms of processing will be evaluated on a case-by-case basis considering the specific circumstances and applicable legal requirements.
The Company maintains a grievance resolution mechanism to address concerns, complaints, and disputes related to privacy practices and personal information handling. This mechanism includes multiple channels for submitting complaints, formal investigation procedures, escalation processes for unresolved issues, and appropriate remedies for verified privacy violations.
Data principals may submit complaints through written communication to the designated Grievance Officer, email communication to the designated privacy contact address, telephone communication during specified business hours, or in-person meetings by appointment at the Company's registered office. All complaints will be acknowledged within forty-eight hours of receipt and will be investigated thoroughly and impartially.
The Company will provide regular updates on complaint status and will resolve complaints within thirty days of receipt when possible, or will provide detailed explanations when additional time is required for thorough investigation. When complaints cannot be resolved to the satisfaction of the data principal, information will be provided regarding external remedies including regulatory complaints and judicial review options.
When the Company transfers personal information outside the Republic of India, such transfers are conducted in strict compliance with applicable legal requirements and with appropriate safeguards to ensure continued protection of personal information. Transfer mechanisms include adequacy decisions by the Government of India recognizing equivalent protection in destination countries, standard contractual clauses approved by relevant authorities, binding corporate rules for intra-group transfers within multinational organizations, and certification schemes that provide appropriate guarantees for personal information protection.
All international transfers are subject to risk assessments that evaluate the legal framework in destination countries, security measures implemented by receiving parties, purposes and duration of transfers, and additional safeguards necessary to ensure appropriate protection. The Company maintains detailed records of all international transfers including destinations, legal mechanisms used, safeguards implemented, and ongoing monitoring procedures.
Transfers of sensitive personal data or information are subject to enhanced protections including explicit consent from data principals for specific transfer purposes, additional contractual safeguards requiring equivalent protection standards, technical measures such as encryption and anonymization where appropriate, and ongoing monitoring to ensure continued compliance with protection requirements.
The Company will not transfer sensitive personal data to countries or organizations that do not provide adequate protection unless specific exceptions apply and appropriate additional safeguards are implemented to compensate for any deficiencies in legal protection.
In exceptional circumstances involving urgent needs to protect vital interests, prevent serious harm, or comply with legal obligations, the Company may transfer personal information without prior authorization, subject to immediate notification to affected data principals and implementation of additional protective measures to minimize risks associated with such transfers.
Such exceptional transfers are limited to information necessary to address the specific circumstances and are subject to enhanced monitoring and additional safeguards to ensure appropriate protection throughout the transfer process.
The Company utilizes various categories of cookies and similar tracking technologies to enhance website functionality, improve user experience, analyze usage patterns, and provide personalized services. Essential cookies are necessary for basic website functionality including user authentication, security features, load balancing, and core navigation features that cannot be disabled without materially impairing website operation.
Performance cookies collect aggregated information about website usage patterns, page performance metrics, error reports, and user behavior analytics that help the Company understand how visitors interact with the website and identify areas for improvement. These cookies do not collect personally identifiable information but provide valuable insights for enhancing website functionality and user experience.
Functional cookies remember user preferences, settings, and choices to provide personalized experiences including language preferences, accessibility settings, customization options, and other features that enhance usability for individual users. These cookies improve user experience by eliminating the need to repeatedly configure settings during each website visit.
Marketing and analytics cookies track user behavior across multiple website visits to provide insights into marketing effectiveness, user engagement patterns, conversion rates, and other metrics that inform business decisions and marketing strategies. These cookies may collect personally identifiable information and are subject to explicit consent requirements.
The Company may utilize third-party analytics services, marketing platforms, and other external tools that place cookies or similar tracking technologies on user devices. Such third-party tools include Google Analytics for website traffic analysis, social media platforms for content sharing and engagement tracking, marketing automation tools for lead generation and campaign management, and customer relationship management systems for sales and service optimization.
All third-party tracking technologies are subject to their respective privacy policies and terms of service, which may differ from this Policy. The Company provides clear information about third-party tools in use and maintains contractual arrangements with third-party providers that include appropriate data protection requirements and compliance obligations.
The Company provides cookie management tools that allow users to control which categories of cookies are enabled, review detailed information about specific cookies in use, modify consent preferences at any time, and understand the implications of enabling or disabling different types of cookies.
Cookie consent is obtained through clear and prominent notices that explain the types of cookies in use, their purposes, and the consequences of consenting or refusing consent. Users can withdraw consent at any time through cookie preference centers accessible from every page of the website.
The Company respects browser-based cookie controls and Do Not Track signals where technically feasible and will honor user preferences for cookie blocking or deletion. However, blocking essential cookies may impair website functionality and limit access to certain features and services.
The Company maintains incident detection systems designed to identify potential security breaches, privacy violations, or other incidents that may affect personal information. Detection systems include automated monitoring tools that continuously scan for unusual activity, manual reporting procedures for staff to report suspected incidents, third-party notifications of potential breaches, and regular security assessments that may identify previously undetected incidents.
All potential incidents are classified based on severity levels including Critical incidents involving confirmed unauthorized access to large volumes of sensitive personal data, High-priority incidents involving suspected unauthorized access or potential system compromises, Medium-priority incidents involving procedural violations or minor system irregularities, and Low-priority incidents involving technical issues or policy clarifications that do not pose immediate risks to personal information.
Upon detection of any potential privacy or security incident, the Company implements immediate response procedures designed to contain the incident, assess its scope and impact, preserve evidence for investigation, and implement corrective measures to prevent recurrence. Response procedures include immediate isolation of affected systems or data sources, preservation of logs and other evidence, notification of senior management and relevant staff, engagement of external experts when necessary, and documentation of all response activities.
Containment measures are implemented immediately to prevent further unauthorized access or damage, including disabling compromised user accounts, blocking suspicious network traffic, implementing additional access controls, and temporarily restricting access to affected systems until security can be verified.
All incidents undergo thorough investigation to determine their cause, scope, and potential impact on affected data principals. Investigation procedures include forensic analysis of affected systems, review of access logs and audit trails, interviews with relevant personnel, assessment of potential data compromise, evaluation of existing security measures, and identification of necessary improvements to prevent similar incidents.
Impact assessments consider the volume and sensitivity of information potentially affected, the likelihood that information has been accessed or misused by unauthorized parties, potential harms to affected data principals, and legal and regulatory notification requirements that may apply to the specific incident.
When incidents meet legal notification thresholds, the Company will provide timely notification to affected data principals, regulatory authorities, and other relevant parties as required by applicable law. Notification procedures include immediate notification to senior management and legal counsel, assessment of notification requirements under applicable laws, preparation of appropriate notification content, coordination with external communications specialists when necessary, and maintenance of detailed records regarding all notification activities.
Data principal notifications will be provided without undue delay when incidents pose risks to rights and freedoms, and will include clear descriptions of the incident, potential impacts, measures taken to address the incident, and steps data principals can take to protect themselves. Regulatory notifications will be provided within seventy-two hours when required by applicable law and will include all information required by relevant authorities.
Following resolution of any privacy or security incident, the Company conducts post-incident reviews designed to identify lessons learned, assess the effectiveness of response procedures, and implement improvements to prevent similar incidents in the future. Review procedures include analysis of incident causes and contributing factors, evaluation of response effectiveness and timeline, assessment of communication procedures and stakeholder notifications, identification of necessary policy or procedure updates, and implementation of additional security measures or training programs.
All incidents and response activities are thoroughly documented to support continuous improvement efforts, regulatory compliance requirements, and potential legal proceedings that may arise from incident circumstances.
The Company operates in strict adherence to the Digital Personal Data Protection Act, 2023 ("DPDP Act"), which establishes the primary legal framework for personal data protection in India. Under the DPDP Act, the Company functions as a "Data Fiduciary" and ensures compliance with all obligations including lawful processing of personal data based on valid legal grounds, implementation of appropriate technical and organizational measures to ensure data security, provision of clear and privacy notices to Data Principals, obtaining and maintaining valid consent for data processing where required, enabling Data Principals to exercise their rights including access, correction, erasure, and data portability, appointment of Data Protection Officers where mandated, conducting Data Protection Impact Assessments for high-risk processing activities, implementing data breach notification procedures as prescribed, ensuring cross-border transfer safeguards when applicable, and maintaining detailed records of data processing activities.
The Company complies ly with the Information Technology Act, 2000, which provides the foundational legal framework for electronic transactions, digital signatures, and cybersecurity in India. Compliance includes implementation of reasonable security practices as defined under Section 43A, adherence to due diligence requirements for intermediaries under Section 79, compliance with data protection obligations under Section 72A regarding disclosure of personal information without consent, implementation of cybersecurity incident response procedures under Section 70B, and cooperation with law enforcement and regulatory authorities as required under various provisions of the Act.
Under the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, the Company implements data protection measures including classification of information as Personal Information and Sensitive Personal Data or Information (SPDI), implementation of detailed consent mechanisms for SPDI collection and processing, appointment of a designated Grievance Officer to address privacy complaints, establishment of data retention and disposal policies, implementation of access controls and audit procedures, and provision of detailed privacy policies and notices to data subjects.
The Company adheres to the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, regarding digital platform operations including appointment of Chief Compliance Officer, Nodal Contact Person, and Resident Grievance Officer as applicable, implementation of user grievance redressal mechanisms with prescribed timelines, compliance with content moderation and takedown requirements, maintenance of transparency reports regarding platform operations, and adherence to traceability requirements for messaging platforms where applicable.
Compliance with the Consumer Protection Act, 2019, includes recognition of consumer rights to information, choice, safety, and redressal in digital commerce, implementation of fair business practices and transparent service terms, establishment of effective consumer grievance mechanisms, adherence to advertising and promotional standards to prevent misleading communications, and compliance with e-commerce regulations including disclosure requirements and consumer protection measures.
Under the Right to Information Act, 2005, the Company recognizes the fundamental right to information while maintaining appropriate confidentiality protections for personal information, implements procedures for responding to RTI requests in compliance with legal timelines, maintains appropriate records and documentation to facilitate transparency obligations, and ensures that RTI compliance does not compromise individual privacy rights or commercial confidentiality where legally protected.
The Company complies with the Aadhaar (Targeted Delivery of Financial and Other Subsidies, Benefits and Services) Act, 2016, and related regulations including restrictions on Aadhaar data collection to legally permissible purposes only, implementation of enhanced security measures for Aadhaar information storage and processing, compliance with authentication and authorization requirements when using Aadhaar services, adherence to data retention limitations and disposal requirements for Aadhaar information, and implementation of audit and compliance monitoring procedures as prescribed by the Unique Identification Authority of India.
Financial regulatory compliance includes adherence to the Prevention of Money Laundering Act, 2002, and Prevention of Money Laundering (Maintenance of Records) Rules, 2005, requiring implementation of Know Your Customer (KYC) procedures, maintenance of detailed transaction records for prescribed periods, reporting of suspicious transactions to the Financial Intelligence Unit, implementation of customer due diligence measures including beneficial ownership identification, and compliance with record-keeping and reporting obligations as prescribed by the Enforcement Directorate and other competent authorities.
Under the Insurance Act, 1938, the Company clarifies that it does not engage in insurance business activities requiring IRDAI licensing, including sale, distribution, solicitation, or underwriting of insurance policies. The Company's services are limited to legal consultation, advocacy, and professional advisory services related to existing insurance policies and claims. However, the Company adheres to general consumer protection principles applicable to professional services including implementation of fair business practices in legal consultation and advocacy services, compliance with professional conduct standards and ethical obligations applicable to legal service providers, and cooperation with relevant legal and consumer protection authorities as required.
The Company ensures compliance with the Companies Act, 2013, regarding corporate governance, disclosure obligations, maintenance of statutory records, board governance requirements, and shareholder protection measures. Data protection compliance includes implementation of appropriate internal controls and risk management systems, maintenance of accurate books of accounts and corporate records, compliance with audit and disclosure requirements, and adherence to board oversight obligations regarding data protection and privacy practices.
Constitutional compliance includes recognition of the fundamental right to privacy as established by the Supreme Court of India in Justice K.S. Puttaswamy (Retd.) and Another v. Union of India and Others, implementation of the proportionality test for any restrictions on privacy rights, adherence to principles of data minimization and purpose limitation, ensuring that data processing serves legitimate state or business purposes, and maintaining appropriate procedural safeguards to protect individual privacy rights while enabling legitimate business operations.
State-level privacy and data protection laws are monitored and complied with as they emerge, including state-specific digital governance frameworks, e-governance privacy requirements, state consumer protection regulations, and any state-level data localization or protection mandates that may apply to the Company's operations across different Indian states and union territories.
For data principals located in the European Economic Area, the Company complies with the General Data Protection Regulation (GDPR) including recognition of enhanced rights for data subjects, implementation of lawful basis requirements for processing activities, adherence to data minimization and purpose limitation principles, provision of detailed privacy notices, and compliance with breach notification requirements.
For data principals located in California, the Company complies with the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) including recognition of consumer rights to know, delete, and opt-out, implementation of required disclosures regarding personal information collection and sharing, provision of accessible mechanisms for exercising consumer rights, and compliance with non-discrimination requirements.
The Company adheres to Reserve Bank of India (RBI) guidelines and circulars regarding digital payments, cybersecurity frameworks, and data protection in financial services where applicable to payment processing and financial data handling. Compliance includes implementation of RBI's Cyber Security Framework for payment systems, adherence to data localization requirements for payment system data, compliance with digital lending guidelines where applicable, and implementation of incident reporting procedures for cybersecurity events affecting financial data.
Under the Securities and Exchange Board of India (SEBI) regulations, where applicable to investment-related insurance products or financial advisory services, the Company complies with investor protection measures, disclosure requirements, KYC and anti-money laundering obligations, and data protection standards specific to securities market operations.
The Company ensures compliance with Reserve Bank of India Master Directions on Know Your Customer (KYC), Anti-Money Laundering (AML), and Combating of Financing of Terrorism (CFT) where applicable, including implementation of risk-based customer due diligence procedures, ongoing monitoring of customer transactions and relationships, reporting of suspicious transactions and cash transactions above prescribed thresholds, and maintenance of KYC records for prescribed periods with appropriate security measures.
Telecommunications regulatory compliance includes adherence to Telecom Regulatory Authority of India (TRAI) regulations regarding telemarketing, unsolicited commercial communications, and customer privacy protection. The Company maintains Do Not Call Registry compliance, implements appropriate consent mechanisms for marketing communications, and adheres to timing and frequency restrictions for customer outreach activities.
Under the Central Consumer Protection Authority guidelines and various consumer protection regulations, the Company implements fair business practices, transparent pricing and service terms, effective grievance redressal mechanisms, and compliance with advertising standards to prevent misleading or deceptive practices in marketing and service delivery.
The Company complies with various Central and State government e-governance frameworks, digital service delivery standards, and public service transparency requirements where applicable to its interactions with government agencies and regulatory bodies in the course of providing insurance advocacy services.
Professional regulatory compliance includes adherence to Bar Council of India regulations where legal services are provided, compliance with relevant professional standards for legal consultation and advocacy services, adherence to ethical obligations applicable to legal service providers, and compliance with continuing legal education and professional development requirements.
The Company monitors and complies with emerging Indian privacy and data protection legislation including proposed amendments to existing laws, new sectoral regulations affecting insurance and financial services, state-level privacy and digital rights legislation, and judicial pronouncements establishing new privacy rights or obligations.
Cross-border compliance includes adherence to Indian foreign exchange regulations under the Foreign Exchange Management Act (FEMA), 1999, where international data transfers or service delivery may involve foreign exchange considerations, compliance with customs and trade regulations for cross-border data flows, and coordination with international regulatory frameworks while maintaining primacy of Indian legal requirements.
The Company maintains active monitoring of regulatory developments through engagement with industry associations, participation in regulatory consultations, subscription to regulatory update services, legal counsel engagement for complex compliance matters, and implementation of compliance management systems that ensure timely adaptation to evolving legal requirements.
The Company complies with insurance industry regulations including licensing requirements for insurance intermediaries, professional conduct standards, financial reporting obligations, and consumer protection requirements specific to insurance services. Compliance includes maintenance of appropriate professional liability insurance, adherence to continuing education requirements, and implementation of fair business practices.
Healthcare privacy compliance includes adherence to applicable medical privacy laws when processing health information, implementation of HIPAA-equivalent protections when handling medical records, compliance with medical professional confidentiality requirements, and coordination with healthcare providers regarding patient privacy rights.
Financial services compliance includes adherence to anti-money laundering requirements, implementation of know-your-customer procedures, compliance with financial privacy laws, and maintenance of appropriate records regarding financial transactions and client relationships.
Data principals wishing to exercise privacy rights must submit formal requests through designated channels to ensure proper verification and processing. Written requests may be submitted by post to the registered office address, by email to designated privacy contact addresses with appropriate identity verification, or through secure online portals when available. All requests must include sufficient information to verify the identity of the requesting party and specify the particular rights being exercised.
Processing timelines for privacy rights requests are thirty days for most requests, with possible extensions to sixty days for complex requests involving large volumes of information. Urgent requests involving potential harm or emergency situations will be processed expeditiously regardless of normal timelines. Status updates will be provided every seven days for requests requiring extended processing time.
The Company is committed to resolving privacy complaints promptly and fairly through its internal grievance mechanism. Complaints that cannot be resolved internally may be escalated to external authorities including the Cyber Crime Coordination Centre under the Ministry of Home Affairs for cyber security related complaints, the Computer Emergency Response Team (CERT-In) for technical security incidents, relevant state police authorities for criminal matters involving privacy violations, and appropriate regulatory bodies for professional conduct or industry-specific issues.
Data principals also retain the right to seek judicial remedies through appropriate courts of competent jurisdiction for privacy violations, breach of contract claims, or other legal remedies available under applicable law. The Company will cooperate fully with legitimate legal proceedings and will provide necessary documentation and testimony to support fair resolution of disputes.
This Privacy Policy is subject to regular review and updating to ensure continued compliance with evolving legal requirements, changes in business practices, technological developments, and emerging best practices in privacy protection. Review procedures include annual policy assessment, quarterly legal compliance reviews, ongoing monitoring of regulatory developments, and immediate updates for material changes in business operations or legal requirements.
Material changes to this Policy will be communicated to data principals through prominent website notices, direct email communication to registered users, and other appropriate communication channels. Continued use of Company services following policy updates constitutes acceptance of revised terms, though data principals retain the right to object to changes and terminate their relationship with the Company if they do not accept revised policy terms.
This Privacy Policy becomes effective on [Insert Date] and supersedes all previous privacy policies, notices, and statements issued by the Company. Transitional provisions apply to personal information collected prior to the effective date, which will be governed by this Policy going forward unless specific legal or contractual obligations require continued application of previous terms.
Data principals who provided consent under previous policy versions retain the right to withdraw such consent and request application of rights under this updated Policy. The Company will honor all commitments made under previous policy versions and will not apply retroactive changes that would diminish privacy protections previously provided.
This Policy shall remain in effect until superseded by future policy updates or until termination of Company operations, at which time appropriate data disposition procedures will be implemented in accordance with legal requirements and professional obligations.
Professional Advisory & Legal Consultation Services
205, SAMRUDDHI COMPLEX, OPPOSITE SAKAR III,
NEAR INCOME TAX CROSSROADS, NAVRANGPURA,
AHMEDABAD 380009, GUJARAT, INDIA
For privacy complaints, data access requests, and policy-related queries
Available during business hours (10:00 AM - 6:00 PM IST, Monday to Saturday)
