Call Us

+91 9676566321

Send Us Email

info@indiastatfiling.com

Locate In

Nallakunta, Hyderabad

Privacy & Data Protection Policy

  HomeIndia Stats Filings  /  Privacy & Data Protection Policy

Privacy & Data Protection Policy

Privacy & Data Protection Policy – India Stat Filing

India Stat Filing (“India Stat Filing”, “we”, “our”, “us”) is committed to protecting your personal and sensitive information in accordance with Indian laws and international data protection standards including GDPR. This Privacy Policy explains how we collect, use, store, and disclose information when you access our website, portal, mobile apps, or use our services.

1. Scope & Applicability

This policy applies to:

  • Clients, visitors, and users of our website, portal, mobile apps, or offline interactions;
  • Personal and business information collected during registration, service delivery, or communication;
  • Data processed in India and EU/EEA for GDPR purposes;
  • All modes of data collection, including online forms, emails, telephonic, or physical submissions.

2. Legal Framework

We comply with the following regulations:

  • Information Technology Act, 2000 & IT Rules 2011 (“Reasonable Security Practices” & Sensitive Personal Data or Information Rules);
  • Digital Personal Data Protection Act, 2023 (India);
  • General Data Protection Regulation (GDPR) 2016/679 for EU/EEA data subjects;
  • Any other applicable Indian or international laws/regulations regarding personal data.

This ensures both Indian and EU/EEA data subjects have their rights and protections acknowledged.

3. Categories of Personal Data Collected

Identity & Contact: Name, address, email, phone, government-issued IDs (PAN, Aadhaar, Passport), DSC/DIN.

Business & Compliance: GSTIN, CIN/LLPIN, registrations, invoices, contracts, payroll extracts, statutory records.

Financial Information: Bank account details for payments/refunds, payment confirmations, challans.

Employment Data: Employee names, IDs, EPF/ESIC numbers, salary information, only when required for filings or compliance.

Technical Data: IP address, device information, browser/device logs, cookies, SDK events, session identifiers for platform security and performance.

Optional Marketing & Communication Preferences: Email, phone, or messaging consented to for promotional updates.

4. Purpose of Processing

We process your data to:

  1. Service Delivery: Prepare, verify, and submit returns, registrations, or applications; maintain statutory records; manage queries or notices; respond to statutory or regulatory requirements.
  2. Financial Management: Generate invoices, receipts, reconciliations, and facilitate payments or refunds.
  3. Platform Security & Fraud Prevention: Monitor activities, prevent fraud, ensure platform security, detect unauthorized access.
  4. Service Improvement: Analytics, reporting, performance monitoring, and research to enhance user experience.
  5. Marketing & Communications: Send updates or promotions with explicit consent.

5. Lawful Basis for Processing (GDPR Art. 6)

  • Contractual Necessity: Processing required to perform services requested by clients.
  • Legal Obligation: Compliance with Indian or international law (tax, company, KYC/AML).
  • Legitimate Interests: Improving platform functionality, preventing fraud, and protecting security.
  • Consent: Optional marketing communications and specific processing; can be withdrawn at any time.

Special Category Data (GDPR Art. 9): If provided (e.g., biometric or health-related employee data for filings), we process only with explicit consent or legal obligation.

6. Data Sharing & Disclosure

We only share data on a need-to-know basis:

  • Statutory Authorities / Portals: GSTN, Income-tax e-filing, MCA, EPFO, ESIC, RBI/DGFT, State departments.
  • Third-Party Service Providers: Cloud hosting, analytics, KYC verification, payment gateways, email/SMS services.
  • Professional Advisors: Legal, audit, or insurance professionals when required.
  • Legal Requirements: Court, regulator, or statutory orders.

We do not sell personal data under any circumstances.

7. International Data Transfers

  • Data may be transferred outside India/EU for cloud hosting, analytics, or operational support.
  • Transfers are safeguarded using standard contractual clauses, adequacy decisions, or equivalent legal mechanisms as required by GDPR and Indian law.
  • EU/EEA users are protected under GDPR’s cross-border transfer requirements.

8. Data Retention

  • Data is retained only as long as necessary for service provision, legal/statutory obligations, or legitimate business purposes.
  • Typically, tax and company law-related data is retained for 6–8 years.
  • Once retention is no longer necessary, data is deleted or anonymized; backups follow cyclic retention policies.

9. Security Measures

We implement commercially reasonable technical and organizational measures, including:

  • Encryption in transit and at rest;
  • Role-based access control and least-privilege principles;
  • Authentication/authorization, logging, monitoring, and periodic security audits;
  • Employee confidentiality undertakings;
  • Regular vulnerability assessments.

10. GDPR-Specific Rights for EU/EEA Users

You have the right to:

  1. Access & Copy personal data;
  2. Rectification of inaccurate or incomplete data;
  3. Erasure (“Right to be Forgotten”) where legal grounds permit;
  4. Restriction of Processing in certain cases;
  5. Data Portability – receive data in machine-readable format;
  6. Object to processing based on legitimate interests or marketing;
  7. Withdraw Consent for marketing or optional processing.

Exercising Rights:
Submit requests to India Stat Filing with subject “Data Request”. Verification of identity may be required. Requests will be addressed within statutory timelines.

11. Breach Notification

  • We maintain breach response protocols.
  • In case of a personal data breach, we will assess impact and notify:
    • Relevant authorities within statutory timeframes (e.g., GDPR Arts. 33–34);
    • Affected individuals if there is a high risk to their rights.

12. Cookies & Tracking Technologies

  • Used for sessions, security, analytics, performance, and user experience.
  • Types: essential, performance, functional, and optional marketing cookies.
  • Users may control cookies via browser/app settings; blocking may limit platform functionality.

13. Children

  • Services are intended for businesses/adults.
  • We do not knowingly collect or process data of children under 18.

14. Updates to Privacy Policy

  • We may update this policy periodically.
  • Material changes will be notified by email or website notice.
  • Continued use of services after changes constitutes acceptance.