SahaytaLegal is committed to compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act). This page outlines how we implement the requirements of the DPDP Act in our operations.
1. Lawful Basis for Processing
We process your personal data based on your consent, provided when you create an account and use our services. For certain operations, we process data based on legitimate uses as defined under Section 7 of the DPDP Act, including fulfillment of our contractual obligations to you.
2. Purpose Limitation
We collect and process personal data only for the specific purposes communicated to you at the time of collection:
- Providing judgment summarization, document drafting, and case tracking services
- Account management and authentication
- Payment processing and subscription management
- Service improvement and platform analytics
- Communication regarding service updates and notifications
3. Data Minimization
We collect only the personal data that is necessary to provide our services. We do not collect excessive or irrelevant information.
4. Rights of Data Principals
Under the DPDP Act, you (as a Data Principal) have the following rights:
- Right to Access: You can request a summary of your personal data and the processing activities we perform
- Right to Correction: You can request correction of inaccurate or incomplete personal data
- Right to Erasure: You can request deletion of your personal data, subject to legal retention requirements
- Right to Grievance Redressal: You can raise grievances about our data processing through our designated contact
- Right to Nominate: You can nominate another person to exercise your rights in case of death or incapacity
5. Consent Management
We obtain clear, informed consent before processing your personal data. You can withdraw consent at any time through your account settings or by contacting us. Withdrawal of consent will not affect the lawfulness of processing performed prior to withdrawal.
6. Data Protection Measures
We implement reasonable security safeguards including:
- Encryption of data in transit (TLS 1.3) and at rest (AES-256)
- Role-based access controls for all personnel
- Regular security audits and vulnerability assessments
- Incident response procedures for data breaches
- Employee training on data protection obligations
7. Cross-Border Data Transfers
We primarily store and process data within India. Where data is transferred to servers outside India, we ensure compliance with the DPDP Act's provisions on cross-border transfers, including ensuring adequate protection in the receiving jurisdiction.
8. Data Breach Notification
In the event of a personal data breach, we will notify the Data Protection Board of India and affected Data Principals as required under the DPDP Act, without unreasonable delay.
9. Children's Data
Our platform is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children.
10. Grievance Officer
For any grievances related to data protection, you may contact our Grievance Officer:
- Email: grievance@sahaytalegal.com
- Response time: We will acknowledge your grievance within 48 hours and resolve it within 30 days
11. Updates
This compliance statement will be updated as the DPDP Act's rules and regulations are further notified by the Government of India.