This is a complete template for a Privacy Policy tailored for Startfilings, a company providing compliance, tax, and registration services in India. It is presented as flowing content and incorporates key principles from the Information Technology Act, 2000, and the Digital Personal Data Protection (DPDP) Act, 2023.

Disclaimer: This is a template for informational purposes only. It is not legal advice and must be reviewed and customized by a qualified legal professional to ensure it fully meets all regulatory requirements specific to your business operations.

 

Privacy Policy for Startfilings

 

[Startfilings] (referred to as “the Company,” “we,” “us,” or “our”) is committed to protecting the privacy and confidentiality of your personal and business data. This Policy outlines our practices concerning the collection, use, disclosure, and safeguarding of your information when you use our services, website, or mobile application (collectively, the “Services”).

 

1. Acceptance and Consent

 

By accessing or using our Services, you consent to the terms of this Privacy Policy. You acknowledge that providing your information is free, specific, informed, and unambiguous, and necessary for us to fulfill our contractual obligation to provide filing and compliance services. If you do not agree with the terms, please do not use our Services. This Policy is governed by the laws of India, including the Information Technology Act, 2000, and the Digital Personal Data Protection Act, 2023.

 

2. Information We Collect and Its Purpose

 

We collect two categories of information: Personal Data and Non-Personal Data.

 

A. Personal Data and Sensitive Personal Data

 

We primarily collect data that is necessary for the specified purpose of statutory compliance and business services.

• Contact & Identity Data: This includes your Name, Company Name, Address, Email Address, Phone Number, and job title.

• Sensitive Personal Data (SPD): This highly confidential data is mandatory for government filings. It includes PAN, Aadhaar Number, Director Identification Number (DIN), Digital Signature Certificate (DSC) details, Bank Account and Payment Instrument details, Passport copies, and other KYC documents required by government portals (e.g., MCA, Income Tax, GSTN).

• Business & Financial Data: This covers your GSTIN, TAN, annual financial statements, turnover figures, sales, purchases, and other proprietary business details needed for tax and regulatory filings.

• Login Credentials: User IDs and Passwords for government portals (MCA, GST, Income Tax) are collected only with your explicit authorization to enable us to complete the authorized filings on your behalf.

 

B. Non-Personal Data

 

When you access our website, we automatically collect data about your device and usage for site maintenance and analytical purposes. This includes your IP address, browser type, operating system, pages visited, and time spent on the site. We use cookies and similar tracking technologies to enhance user experience; you can manage these preferences through your browser settings.

 

3. How We Use Your Personal Data

 

Your data is processed strictly for the purposes for which it was collected:

• Service Delivery: To provide and manage your registered services, including Company Formation, Income Tax E-filing, GST returns, FCGPR filing, and other regulatory submissions.

• Statutory Filings: To disclose the necessary Personal Data and SPD to Government Authorities and Regulatory Bodies (like the MCA, Income Tax Department, GST Council, and RBI) as mandated by the law and as authorized by you.

• Communication: To send you essential service-related notifications, updates on the status of your filing, invoices, and renewal reminders.

• Customer Support: To provide efficient customer service, technical support, and respond to your queries or complaints.

• Marketing (Optional): With your specific consent, to send promotional emails and newsletters about our related products or services, from which you can opt-out at any time.

 

4. Disclosure and Data Sharing

 

We do not sell your personal data. We disclose your information only in the following necessary situations:

• Regulatory Compliance: Disclosure to government agencies is done solely to complete the authorized compliance service.

• Third-Party Service Providers: We engage trusted third-party vendors for specific business functions, such as payment processing, cloud hosting, and data analysis. These parties are contractually bound by strict confidentiality obligations and are only permitted to use the data for the purpose we specified.

• Legal Obligation: If required by law, court order, judicial process, or governmental request, we will disclose information to the extent legally required.

• Corporate Restructuring: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the successor entity, subject to their commitment to abide by a privacy policy that provides protection no less than this one.

 

5. Security and Data Protection Practices

 

We implement reasonable security practices and procedures (including encryption, access controls, and firewall protection) to safeguard your Personal Data, particularly Sensitive Personal Data, from unauthorized access, loss, misuse, or alteration, in compliance with the IT Act and the DPDP Act. Access to your sensitive information is strictly restricted to employees and agents who require it to perform the requested services.

 

6. Data Principal Rights and Withdrawal of Consent

 

As the Data Principal, you have the following rights:

• Right to Access: You may request access to your Personal Data and information about the processing activities.

• Right to Correction and Erasure: You may request the correction of inaccurate or incomplete data and the erasure of data when the purpose for its collection is no longer being served.

• Right to Withdraw Consent: You have the right to withdraw your consent at any time. However, please note that withdrawing consent may prevent us from completing the compliance services you engaged us for, as these services often legally require the processing of specific Sensitive Personal Data.

• Grievance Redressal: You have the right to file a complaint regarding the processing of your data through our Grievance Officer.

 

7. Data Retention

 

We retain your Personal Data only for the period necessary to fulfill the purpose of collection, to provide the Services, and to comply with statutory and legal obligations for retaining records (e.g., under Income Tax laws or Companies Act). Once the data is no longer necessary, it is securely deleted or anonymized.

 

8. Changes to this Policy

 

We may update this Privacy Policy periodically. We will notify you of any material changes by posting the new policy on our website and updating the "Last Updated" date at the top of the policy.