Privacy Policy

1. About Us & Scope

This Privacy Policy ("Policy") is published by LegalXIndia Advisory Pvt. Ltd. (CIN: U74999WB2021PTC246214), hereinafter referred to as "LegalX India," "we," "our," or "us." Our registered office is at 58B, Bidhan Park, Taki Road, Barasat, Kolkata, Pin Code - 700124.

This Policy applies to all personal data collected through our website legalxindia.com, mobile applications, and when you engage with our services. It complies with:

• The Digital Personal Data Protection Act, 2023 (DPDP Act)
• The Information Technology Act, 2000 and IT (Reasonable Security Practices) Rules, 2011
• The Consumer Protection Act, 2019
• Any other applicable data protection and privacy regulations in India

2. Information We Collect

2.1 Information You Provide Directly

When you register, enquire, or use our services, we collect:

• Identity Data: Full name, date of birth, gender, father's/spouse's name
• Contact Data: Email address, mobile number, postal address
• Business Data: Company name, proposed business name, nature of business, industry
• Government ID Documents: PAN card, Aadhaar card, Passport, Voter ID, Driving Licence (as required by law)
• Financial Data: Bank account details, payment information (processed via secure third-party gateways — we do not store card details)
• Professional Data: Educational qualifications, Director Identification Number (DIN), digital signatures
• Communication Data: Queries, feedback, complaints, and support correspondence

2.2 Information Collected Automatically

When you visit our website, we automatically collect:

• IP address and approximate geographic location
• Browser type, version, and operating system
• Device identifiers and device type
• Pages visited, time spent, clicks, and navigation paths
• Referring website or source
• Cookies, web beacons, and similar tracking technologies (see Section 9)

2.3 Information from Third Parties

We may receive information about you from:

• Government databases (MCA21, GST Portal, Income Tax Portal) during service delivery
• Payment gateways and financial institutions
• Social media platforms when you connect via social login
• Business partners and referral sources

3. How We Use Your Information

We use your personal data for:

• Service Delivery: Processing company registrations, GST filings, trademark applications, compliance filings, and all other services you have engaged us for
• Government Submissions: Filing applications and documents with MCA, Income Tax Department, GSTN, Trademark Registry, FSSAI, and other regulatory authorities on your behalf
• Communication: Sending service updates, status notifications, document requests, and compliance reminders
• Billing & Payments: Processing payments, generating invoices, and managing your account
• Customer Support: Responding to your queries, complaints, and service requests
• Marketing (with consent): Sending promotional emails, newsletters, and offers — you may opt out at any time
• Analytics & Improvement: Understanding how our website is used to improve user experience
• Legal Compliance: Complying with applicable laws, regulations, court orders, and government requests
• Fraud Prevention: Detecting, preventing, and investigating fraudulent or illegal activities

4. Legal Basis for Processing (DPDP Act, 2023)

Under the Digital Personal Data Protection Act, 2023, we process your data on the following lawful bases:

• Consent: Where you have given explicit consent for marketing communications or optional features
• Contract Performance: Processing necessary to deliver the services you have contracted with us
• Legal Obligation: Processing required to comply with applicable Indian laws
• Legitimate Interests: For fraud prevention, network security, and improving our services

5. Sharing & Disclosure of Information

We do not sell, rent, or trade your personal information to third parties. We may share your data only:

• Government Authorities: MCA, GSTN, Income Tax, Trademark Registry, FSSAI, and other regulatory bodies as required to deliver your services
• Service Providers: Trusted vendors (payment processing, cloud hosting, email delivery) under strict confidentiality agreements
• Professional Advisors: CAs, Company Secretaries, and lawyers engaged in delivering your services
• Legal Requirements: When required by law, court order, or government directive
• Business Transfers: In case of merger or acquisition — we will notify you before any such transfer

6. Data Retention

We retain your personal data as long as necessary:

• Active clients: Duration of engagement and 7 years thereafter (per Companies Act, Income Tax Act requirements)
• Enquiry data: Up to 2 years from last contact
• Transaction data: As required by Income Tax Act (minimum 8 years) and GST laws
• Marketing data: Until you withdraw consent or unsubscribe

After retention periods expire, data is securely deleted or anonymised.

7. Data Security

We implement robust security measures to protect your personal data:

• Encryption: SSL/TLS encryption for all data in transit; AES-256 encryption for sensitive data at rest
• Access Controls: Role-based access ensuring only authorised personnel access your data
• Secure Infrastructure: Data hosted on ISO 27001-certified cloud servers with regular backups
• Security Audits: Regular vulnerability assessments and penetration testing
• Employee Training: All staff trained on data protection and confidentiality obligations
• Incident Response: Documented data breach response with regulatory notification protocols

In the event of a data breach, we will notify affected individuals and the Data Protection Board of India as required under the DPDP Act, 2023.

8. Your Rights as a Data Principal

Under the DPDP Act, 2023, you have the following rights:

• Right to Access: Obtain information about what personal data we hold about you
• Right to Correction: Request correction of inaccurate or incomplete personal data
• Right to Erasure: Request deletion of your personal data (subject to legal retention obligations)
• Right to Withdraw Consent: Withdraw consent for data processing at any time
• Right to Grievance Redressal: Lodge a complaint with our Grievance Officer
• Right to Nominate: Nominate another individual to exercise these rights on your behalf in case of incapacity

To exercise any of these rights, write to our Grievance Officer at info@legalxindia.com. We will respond within 30 days.

9. Cookies & Tracking Technologies

Our website uses cookies to enhance your experience:

• Strictly Necessary Cookies: Essential for the website to function. Cannot be disabled.
• Analytics Cookies: Google Analytics to understand traffic patterns (anonymised)
• Functional Cookies: Remember your preferences such as language and region
• Marketing Cookies: Used to deliver relevant ads on third-party platforms (only with your consent)

You can control cookies through your browser settings. Disabling cookies may limit some website features.

10. Links to Third-Party Websites

Our website may contain links to external websites (government portals, payment gateways). This Policy does not apply to those websites. We are not responsible for the content or privacy practices of third-party sites.

11. Children's Privacy

Our services are intended for individuals who are 18 years of age or older. We do not knowingly collect personal data from minors under 18 years. If you believe we have inadvertently collected data from a minor, please contact us immediately.

12. Cross-Border Data Transfers

Your data is primarily stored and processed in India. Where data is transferred outside India (e.g., to cloud service providers), we ensure adequate safeguards are in place as required by the DPDP Act, 2023.

13. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Last Updated" date, display a notice on our website, and send an email notification to registered users for significant changes.

14. Grievance Officer & Contact

In accordance with the IT Act, 2000 and DPDP Act, 2023, we have appointed a Grievance Officer to address concerns about your personal data:

You also have the right to file a complaint with the Data Protection Board of India once constituted under the DPDP Act, 2023.