top of page

Privacy Policy

 

Before using this website, please read this policy provided hereinbelow. Use of this website constitutes acceptance of the terms of this policy. We reserve the right to update the terms of this policy and such changes will be posted on this page. As a firm engaged in offering legal services to clients globally, Chadha and Chadha (the firm) is committed to protecting the privacy and “Personal Data” (any Data about an individual who is identifiable by or in relation to such Data) of its customers, employees, affiliates etc. This Privacy Policy applies only to information collected through the website and not to information that may be collected offline.  If you are accessing or using the platform from any location outside India, you do so at your own risk, and will be solely liable for compliance with any local laws, as may be applicable.

1. Definitions:

  • “Processing” in relation to personal data, means a wholly or partly automated operation or set of operations performed on digital personal data, and includes operations such as collection, recording, organisation, structuring, storage, adaptation, retrieval, use, alignment or combination, indexing, sharing, disclosure by transmission, dissemination or otherwise making available, restriction, erasure or destruction (Section 2 DPDPA)/ “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction (Article 4 GDPR);

  • “Data Principal” means the individual to whom the personal data relates and where such individual is— (i) a child, includes the parents or lawful guardian of such a child; (ii) a person with disability, includes her lawful guardian, acting on her behalf (Section 2 DPDPA) ;

  • “Data Processor” means any person who processes personal data on behalf of a Data Fiduciary (Section 2 DPDPA)/ “Processor” means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller (Article 4 GDPR);

  • “Data Fiduciary” means any person who alone or in conjunction with other persons determines the purpose and means of processing of personal data (Section 2 DPDPA)/ “Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law (Article 4 GDPR).

 

2. Data Privacy Principles:

The firm to undertake all reasonable measures to ensure that the processing of personal information is undertaken using the following principles:

  • Lawful purpose: Personal data is processed fairly and lawfully. All practicable steps to be taken to ensure that the individual is informed as to whether the supply/collection of the personal information (including sensitive personal information) is obligatory or voluntary and where the supply of that personal information is obligatory for some specific purpose, the individual will be informed of the consequences of failure to supply that personal information.

  • Purpose Limitation: Personal data to be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with the purposes of collection. personal information (including Sensitive personal information) is collected (including via electronic communications) for several business purposes including, but not limited to for the firm’s administration and management of its activities; for compliance with applicable procedures, laws and regulations; for the transfer, storage and processing of personal information by the firm (or its agent(s) including any third parties retained by it together with their successors and assigns); the firm’s administration and management of its personnel (including but not limited to: taxation and wage administration; medical information for the administration of private medical and other insurance schemes; performance evaluations; contingency planning; business travel; training; career planning; recruitment; provision of references; reimbursement of expenses; disciplinary purposes; compiling personnel profiles, contact lists and directories); and any matters ancillary to the aforesaid.

  • Accuracy: The firm to undertake reasonable measures to ensure that personal data is accurate, complete and consistent. Periodic audits to be conducted to check personal information for accuracy and to ensure that out of date material is updated or discarded. The interval for such audits will be determined by reference to the nature of the personal information and the purpose for which it is being held or processed, including any legal or regulatory requirements to retain the personal information. The firm shall send annual reminders to its personnel to remind them to update their personal information. All individuals should ensure that they notify the firm of any material changes to their key personal information such as home address, name, emergency contacts, etc.

  • Integrity and confidentiality: Personal data is processed in a manner that ensures appropriate security of the personal data, including protection against unlawful and unauthorised processing, accidental loss, damage, destruction etc. The firm has adequate security measures in place to prevent accidental or deliberate compromise of, or unauthorised access to personal data.

  • Accountability: The firm shall undertake all reasonable measures to demonstrate compliance with the above-mentioned principles.

 

These principles apply to all personal information collected, held or processed by the firm. They cover the personal information of general staff, management, employees, contractors, job applicants, clients and even third parties with no direct connection to the firm.

3. What information do we collect?

When you use our website, we collect basic information including your name, contact information, nature of business or any other information you chose to provide to us for responding to general queries made by you. We do not intend to collect more personal information from users upon their access to our website. However, certain data may be collected from the device on which you use this website including but not limited to technical information, such as configuration information made available by your web browser or other programs you use to access the Platform etc.

 

4. Automatically Collected Information:

We may also collect certain information automatically when you use our website or services, including:

  • IP address

  • Device information (such as device type, operating system, and browser type)

  • Log data (such as access times, pages viewed, and referring URL)

  • Cookies and similar tracking technologies.

5. What do we do with your information?

Any of the information we collect from you enables us to respond to your general queries, improve our website user experience, fulfil orders, send updates in the form of mailers, contact for survey or feedback, to execute other activities such as marketing campaigns and promotional communications for which consent is taken appropriately. We also use your information for non-targeting reasons such as frequency capping, compliance, market research or business development purposes. If at any time you would like to unsubscribe from receiving such general emails in the future, we include unsubscribe instructions at the bottom of each such general email. 

 

6. Do we transfer information to third-parties?

We may share your personal information with third parties for the following purposes:

  • Service Providers: We may share your information with third-party service providers who assist us in operating our business and providing our services.

  • Legal Compliance: We may disclose your information to comply with applicable laws, regulations, legal processes, or government requests.

  • Business Transfers: We may transfer your information in connection with a merger, acquisition, restructuring, or sale of assets.

  • Other than the persons working for or with us, your information may also be passed on to third parties that perform services for us such as information technology suppliers, security providers, special consultants, etc.

 

7. Retention of Personal Data

The firm retains Personal Data for as long as necessary to provide the access to and use of the website, or for other essential purposes such as complying with our legal obligations, carrying out business activities, promotions etc. because these needs can vary for different Data types and purposes, actual retention periods can vary significantly. Even if we delete your Data, it may persist on backup or archival media for audit, legal, tax or regulatory purposes.

 

8. Your Rights

When we process Data about you, we do so with your consent and/or as necessary to provide the website you use, operate our business, meet our contractual and legal obligations, protect the security of our systems and our customers, or fulfil other legitimate interests of the firm as described in this privacy statement. Below, you will find additional privacy information that you may find important. The firm adheres to applicable Data protection laws internationally, including in India which if applicable include the following rights in relation to your Data, including:

  • Right to access –

  1. the right to request copies of the information we hold about you at any time, or

  2. That we modify, update or delete such information.

  3. If we provide you with access to the information we hold about you, we will not charge you for this, unless your request is manifestly unfounded or excessive. Where we are legally permitted to do so, we may refuse your request. If we refuse your request, we will tell you the reasons why.

  • Right to correct – the right to have your Data rectified if it is inaccurate or incomplete.

  • Right to erase – the right to request that we delete or remove your Data from our systems.

  • Right to restrict our use of your Data – the right to limit the way in which we can use it.

  • Right to Data portability – the right to request that we move, copy or transfer your Data

  • Right to object – the right to object to our use of your Data including where we use it for our legitimate interests.

 

For information about managing your contact Data, email subscriptions and promotional communications, please submit a request to us at  info@candcip.in. It is important that the Data we hold about you is accurate and current. Please keep us informed if your Data changes during the period for which we hold it.

 

Following are the Data Subject Rights as per the Applicable Laws in countries complying with the GDPR:

  • Right to access personal data: Data subjects have the right to access their personal data held by data controllers, including the source of the data, the purpose for which it is being processed, and the categories of data recipients.

  • Right to data portability: Where the personal data is processed on the ground of consent, and by automated means, the data subject has the right to receive the data they have provided in a structured, commonly-used and machine readable format, the right to transmit this data to another controller without hindrance as well as the right to where technically feasible as well as the right to have this data transmitted directly from one controller to the other.

  • Right of data rectification: Data subjects have the right to  have their personal data amended where it is inaccurate or added to where it is incomplete.

  • Right to object to processing: A data subject has the right to object to the processing of their personal data, and have it stopped, if it is on the ground of necessity for the data controller’s legitimate interests, or necessity for performance of a task in the public interest or in exercise of official authority.

  • Right to have personal data erased in certain circumstances: A data subject has the right to request for erasure of all or some of the personal data you hold about them under circumstances laid down in Article 17 of the GDPR.

  • Right to restrict processing: A data subject has the right to restrict the processing of their personal data in certain circumstances laid down in Article 18 of the GDPR.

 

9. What measures do we use to protect your information?

We endeavour to uphold physical, technical and procedural safeguards that are appropriate to protect your information against loss, misuse, copying, damage or modification and unauthorized access or disclosure. We restrict access to Personal Data, to our employees, agents, affiliates and service providers who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations, and who may be disciplined or whose relationship with us may terminate, if they fail to meet these obligations. We implement strict access controls to limit who can view, modify, or delete video data. We additionally use multi-factor authentication and role-based access controls to ensure that only authorized personnel can access the data.

 

10. Data Security

Appropriate security measures shall be taken by the firm to safeguard personal information against any accident, loss, destruction, damage and unauthorized or unlawful processing. Such measures include, but are not limited to, access controls (e.g., individual passwords), audits and training for personnel responsible for processing, maintaining and transferring personal data. Personnel are regularly reminded of these responsibilities. Additional security measures shall be in place for Sensitive personal information (as may be required by applicable law) which ensure that access is on a strict “need to know” basis.

  • Any personnel handling personal information are required to maintain, secure and protect the confidentiality of such information and take all necessary precautions to protect personal information from any unauthorized use, disclosure or potential loss. Measures that are undertaken to secure personal information include, but are not limited to, the following: access to electronic databases or documents containing personal information is only provided to those personnel who have work-related reasons for access; records containing personal information are stored in a secure location. Electronic databases and documents are safeguarded by password protection and/or other access limiting methods. Passwords are changed periodically. Computers with access to personal information are not to be left unattended, unless they are password protected through screen savers; when an individual is no longer engaged with the firm, his/her access to the firm’s computer systems will immediately be terminated; all computers are protected with multi-tier antivirus software. Computer systems are archived and backed up periodically; any personal information not maintained electronically is maintained in a locked file cabinet or other secure location when not in use; and additional security measures are in place for Sensitive personal information (as provided for by applicable legislation) to ensure that access is on a strict "need to know" basis only and it is secured even when being left unattended for a short while.

  • All personnel engaged by the firm are subject to all restrictions, provisions and covenants contained in any confidentiality, non-solicitation and non-competition agreement(s) and acknowledgment(s) executed in connection with their engagement and any rules and policies implemented by the firm. Under no circumstances shall any person use personal data for their own personal use or otherwise outside of their engagement with the firm.

  • Processing of personal information outside these guidelines is not permitted by the firm. Anyone violating this Policy may be subject to disciplinary action.

 

11. Cross-Border Flow:

For Indian Data Principals. the transfer of data outside India shall happen only to countries which have been approved by the Central Government by notification. The Indian Data Principals must consent to such transfer of personal data and the same shall be a necessity for the performance of the purposes for which the data principals have consented to. With respect to European Data subjects, cross border transfer of data shall be carried out based on adequacy decisions, i.e., decisions on the appropriate level of data protection in a third-party country. 

 

12. What are your rights?

You are entitled to request details of your information with us and are entitled to rectify details of your information if you believe they are inaccurate or incomplete. If at any time you wish to withdraw your consent about us possessing your information, please write to us at  info@candcip.in

 

13. How do we obtain your consent?

By using the Website, you consent to our online privacy policy.

14. Changes to our Privacy Policy

If we decide to change our Privacy Policy, we will update the Privacy Policy modification date below.

bottom of page