Privacy Policy

Last Updated: February 2025 | Effective Date: January 1, 2025 | Version 2.0

📋1. Identity of the Data Fiduciary

UrbanFiling Services LLP acts as the Data Fiduciary under the DPDP Act, 2023. Our registered particulars are as follows:

• Entity Name: UrbanFiling Services LLP
• Type: Limited Liability Partnership registered under the LLP Act, 2008
• Principal Place of Business: New Delhi, India – 110001
• Email: help@urbanfiling.com
• Phone: +91 8287855562 (Mon–Sat, 9AM–7PM IST)
• Grievance Officer / Data Protection Contact: Legal Team, UrbanFiling Services LLP

🗂️2. Categories of Personal Data Collected

We collect Personal Data only to the extent necessary for the lawful provision of our services ("purpose limitation"). The categories of data collected include, but are not limited to:

2.1 Data Provided Directly by You:

• Identity Data: Full legal name, date of birth, gender
• Contact Data: Mobile number, email address, residential and business postal address
• KYC & Government-issued Identity Documents: PAN, Aadhaar, Passport, Voter ID, Driving License (as applicable for service delivery)
• Financial & Business Data: GST Identification Number (GSTIN), Corporate Identification Number (CIN), bank account details (only when required for specific statutory filings), Director Identification Number (DIN), Import Export Code (IEC)
• Transactional Data: Details of services availed, payment history, invoice data
• Communication Data: Queries, complaints, feedback, chat transcripts, and email correspondence
• Professional Data: Qualifications, employment details (where relevant to services)

2.2 Data Collected Automatically:

• Technical Data: IP address, browser type and version, operating system, device identifiers, time zone
• Usage Data: Pages visited, time spent, navigation paths, referring URLs, click patterns
• Cookie and Tracking Data: Session cookies, persistent cookies, pixel tags, and similar technologies
• Location Data: Approximate location derived from IP address (state/city level; not precise GPS)

2.3 Sensitive Personal Data: We collect sensitive personal data such as Aadhaar numbers, PAN, financial account information only where expressly required for service completion and pursuant to your informed consent. Such data is handled with enhanced security measures.

⚙️3. Purposes of Processing & Legal Basis

Your Personal Data is processed for the following specific, explicit, and legitimate purposes:

• Service Delivery: To provide the professional services you have engaged us for, including company registration, GST filings, ITR filing, trademark registration, legal drafting, and corporate advisory services
• Account Management: To create, manage, and authenticate your client account and maintain service records
• KYC & Compliance: To comply with Anti-Money Laundering (AML) regulations, Prevention of Money Laundering Act (PMLA), and Know Your Customer (KYC) norms as prescribed by regulatory authorities
• Legal Obligations: To comply with directions from courts, regulatory authorities (MCA, SEBI, RBI, IT Department, GST Council, IRDAI, etc.) and applicable law
• Communications: To respond to your queries, send service updates, generate invoices, and provide status notifications
• Marketing (with consent): To send promotional communications about our new services, offers, and regulatory updates. You may opt out at any time
• Analytics & Improvement: To analyze usage patterns and improve our website, services, and user experience
• Fraud Prevention & Security: To detect, investigate, and prevent fraudulent transactions and other illegal activities
• Dispute Resolution: To pursue or defend legal claims and resolve disputes

🤝4. Disclosure & Sharing of Personal Data

We do not sell, rent, or trade your Personal Data to third parties for commercial purposes. We may share your data strictly on a need-to-know basis with:

• Empanelled Professionals: Chartered Accountants, Company Secretaries, Advocates, and other professionals engaged to deliver your service, bound by confidentiality obligations
• Government Portals & Authorities: MCA21 (Ministry of Corporate Affairs), GSTN, Income Tax Portal (ITD), Trademark Registry (CGP&DM), IPRS, SEBI, RBI, EPFO, ESIC, and other statutory bodies as required for filing and compliance
• Technology & Cloud Service Providers: Data processors engaged for hosting, storage, email, payment processing, and analytics, all bound by Data Processing Agreements (DPAs) and DPDP-compliant agreements
• Payment Gateways: For processing payments securely (Razorpay, Cashfree, or such equivalent PCI-DSS compliant providers)
• Legal & Regulatory Authorities: When required by law, court order, or regulatory directive — we will inform you to the extent legally permissible before such disclosure
• Business Successors: In the event of a merger, acquisition, or sale of assets, subject to notice to you and continuation of this Policy's protections

🔐5. Data Security

We implement industry-standard technical and organisational security measures to protect your Personal Data against unauthorised access, disclosure, alteration, loss, or destruction. These include:

• 256-bit SSL/TLS encryption for all data transmissions
• Encrypted storage for sensitive documents and KYC data
• Role-based access controls and multi-factor authentication for internal systems
• Regular vulnerability assessments and penetration testing
• Data minimisation and pseudonymisation practices where feasible
• Trained personnel on data protection obligations
• Incident response and breach notification procedures

While we implement robust security measures, no method of electronic transmission or storage is 100% secure. We do not guarantee absolute security but commit to notifying you and the Data Protection Board of any personal data breach within the timelines prescribed under the DPDP Act.

🕐6. Data Retention

We retain Personal Data only for the period necessary to fulfil the purpose for which it was collected, or as required by applicable law:

• Statutory / Compliance Data: Minimum 8 years as required under the Income Tax Act, GST Act, Companies Act, and other applicable statutes
• KYC Documents: 5 years from the date of termination of business relationship, as required under PMLA, 2002
• Client Communication Records: 3 years from last interaction, or as legally required
• Marketing Data: Until you withdraw consent or unsubscribe
• Technical & Usage Data: 12 months on an ongoing basis for security and analytics purposes

Upon expiry of the retention period, Personal Data is securely deleted or anonymised in accordance with prescribed standards.

👤7. Rights of the Data Principal

Under the Digital Personal Data Protection Act, 2023, you have the following rights as a Data Principal:

• Right to Access: Request a summary of the Personal Data we hold about you and the processing activities
• Right to Correction: Request correction of inaccurate or incomplete Personal Data
• Right to Erasure: Request deletion of your Personal Data, subject to our legal retention obligations
• Right to Grievance Redressal: File a complaint regarding our data processing with our Grievance Officer
• Right to Nominate: Nominate a person who may exercise these rights in the event of your death or incapacity
• Right to Withdraw Consent: Withdraw consent for processing at any time (this will not affect the lawfulness of prior processing)
• Right to Data Portability: Request your data in a machine-readable format, where technically feasible

To exercise any of these rights, submit a written request to help@urbanfiling.com with the subject line "Data Principal Rights Request." We will respond within 30 days of receipt of a valid request.

🍪8. Cookies & Tracking Technologies

Our website uses cookies and similar technologies to enhance your browsing experience, analyse traffic, and provide personalised content. Cookie categories include:

• Strictly Necessary Cookies: Essential for website functionality; cannot be disabled
• Performance/Analytics Cookies: Google Analytics and similar tools to understand usage patterns (IP-anonymised)
• Functionality Cookies: Remember your preferences and settings
• Marketing Cookies: Used to deliver relevant advertisements (only with your consent)

You can manage cookie preferences through your browser settings or our cookie consent manager. Disabling certain cookies may affect website functionality.

🌐9. Third-Party Links & External Websites

Our website may contain links to third-party websites, government portals, and partner platforms. We are not responsible for the privacy practices or content of such external sites. We encourage you to review the privacy policies of any third-party websites you visit. This Policy applies solely to data processed by UrbanFiling Services LLP.

👶10. Children's Privacy

Our services are not directed at individuals below the age of 18 years. We do not knowingly collect Personal Data from minors. If we become aware that we have inadvertently collected data from a minor without verifiable parental consent, we will take immediate steps to delete such data. If you believe we have collected data from a minor, please contact us immediately at help@urbanfiling.com.

⚖️11. Governing Law & Jurisdiction

This Privacy Policy shall be governed by and construed in accordance with the laws of the Republic of India, including but not limited to the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000, and rules made thereunder. Any dispute arising out of or in connection with this Policy shall be subject to the exclusive jurisdiction of the courts of New Delhi, India.

📝12. Amendments to this Policy

We reserve the right to update, modify, or amend this Privacy Policy at any time to reflect changes in law, technology, or our business practices. Material changes will be notified to registered users via email or a prominent notice on our website at least 15 days prior to the change taking effect. Your continued use of our services after such notice constitutes acceptance of the revised Policy.

📞13. Grievance Redressal & Contact

For any privacy-related concerns, requests, or complaints, please contact our Grievance Officer: