Privacy Policy of Setindiabiz.com (website) and Setindiabiz Private Limited (Company)

Setindiabiz Private Limited ("Setindiabiz", "we", "us", "our") is committed to protecting your personal data in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act) and other applicable Indian data protection laws. As a Data Fiduciary under the DPDP Act, we process personal data responsibly and transparently.

This Privacy Policy explains how we collect, use, share, and protect your personal data when you access our website (www.setindiabiz.com) or use our services. By using our platform or services, you consent to the data practices described in this policy. If you disagree with these practices, please refrain from using our platform or services.

1. SCOPE & WHO WE ARE

  • This Privacy Policy applies to all visitors to our website (www.setindiabiz.com and related domains), users who create accounts or register on our platform, clients who engage our services, individuals whose personal data we process in connection with our services, and partners, vendors, and independent professionals who collaborate with us. Under the DPDP Act, Setindiabiz acts as a Data Fiduciary for personal data collected directly from you. When we engage independent licensed professionals for regulated services, they may act as independent Data Fiduciaries for the specific data they process in their professional capacity.

2. WHAT WE COLLECT:

  • We collect personal data that you provide directly, as well as information generated through your use of our services. This includes identity and contact information such as your full name, title, designation, email address, phone numbers, residential and business addresses, organisation name and details, and professional credentials and qualifications.
  • For KYC and compliance purposes, we collect documentation, including government-issued identification such as PAN, Aadhaar, Passport, or Driving License; corporate documents such as CIN, GSTIN, and incorporation certificates; Director or Partner identification numbers (DIN/DPIN); board resolutions and authorisations; and photographs and signatures, where legally required.
  • Our transactional data collection encompasses service orders and purchase histories, invoices and payment records, GST details and tax information, banking details for payments and refunds, as well as transaction IDs and payment gateway information. When you engage our services, we also collect service content, including documents and files you upload for service delivery, instructions and requirements you provide, correspondence related to service execution, and forms and applications prepared on your behalf.
  • Through your interaction with our platform, we collect usage data and technical information, including IP addresses and device identifiers, browser type and version, operating system and platform, pages visited, interaction patterns, access times, and referring URLs, as well as location data at the country or state level. Additionally, we maintain records of support and communication, including support tickets and queries, call recordings with prior notice, chat transcripts, email correspondence, feedback and satisfaction surveys, as well as records of complaints and grievances.

3. WHY WE PROCESS

  • We process your personal data for various lawful purposes essential to our service delivery and business operations. For service delivery, we use your data for client onboarding, including verifying identity, completing KYC requirements, and creating accounts. We process data for service execution to provide incorporation, compliance, tax, accounting, and IPR services, coordinate with independent licensed professionals where required, and prepare and file statutory forms and applications on your behalf.
  • Legal and regulatory compliance requires us to process data in accordance with the Companies Act, 2013, GST laws, the Income Tax Act, and other relevant acts and regulations. We maintain statutory records and registers, respond to inquiries from government authorities and regulatory bodies, and implement measures to prevent money laundering and financial crimes.
  • For our business operations, we process data for billing and payments, including transactions, invoice issuance, and refund management. We use your information to communicate service updates, reminders, and important notices. Quality assurance involves monitoring service delivery and professional performance, while platform improvement requires analysing usage patterns to enhance user experience.
  • Security and fraud prevention necessitate processing to detect and prevent unauthorised access, investigate security incidents and breaches, protect against fraud and financial crimes, and enforce our Terms of Use and policies. With your consent, we also process data for marketing and business development, including sending promotional communications about our services, conducting market research and surveys, personalising content and recommendations, and managing referral and partner programs.

4. LEGAL BASES FOR DATA PROCESSING

  • We process personal data based on several legal grounds under the Data Protection and Privacy Act. For activities such as marketing communications, non-essential cookies, and optional services, we obtain your free, specific, informed, unconditional, and unambiguous consent through an explicit affirmative action.
  • We also process data for specific legitimate uses as permitted under the DPDP Act. These include contractual necessity, where processing is necessary to fulfil our service agreement with you; legal obligations for compliance with laws, court orders, and regulatory requirements; employment purposes for managing relationships with employees and contractors; and public interest activities as specified by the government. Additionally, for specified purposes in which you voluntarily provide information with a reasonable expectation of processing, such as submitting queries or requesting services, we process the data you provide.

5. SHARING & RECIPIENTS

  • We share personal data only when necessary and with appropriate safeguards in place. When regulated services require licensed professionals, we share relevant data with Chartered Accountants for audits, certifications, and attestations; Company Secretaries for compliance certifications; Cost and Management Accountants for cost audits; and Advocates or Law Firms for legal advice and representation. These professionals receive only the data necessary for their specific engagement and are bound by professional confidentiality obligations.
  • We engage trusted third-party vendors under strict Data Processing Agreements for various operational needs. These include technology infrastructure providers for cloud hosting, data storage, and backup services; communication service providers for email, SMS, and WhatsApp Business API; payment processing partners, including payment gateways and banking institutions; analytics and monitoring tools for website analytics and performance monitoring; and courier and logistics services for document delivery.
  • When legally required, we disclose data to government and regulatory authorities, including the Ministry of Corporate Affairs, Goods and Services Tax authorities, the Income Tax Department, the Registrar of Companies, the Securities and Exchange Board of India, and other statutory authorities and courts. In the event of a merger, acquisition, or asset sale, personal data may be transferred to the successor entity, provided that appropriate notice and safeguards are in place.
  • Other lawful disclosures may occur to professional advisers, such as auditors and legal counsel, who are bound by confidentiality, with your explicit consent for specific purposes, to protect our rights, safety, or property, and in response to valid legal processes. We do not sell, rent, or trade your personal data to any third parties for their marketing purposes.

6. CROSS-BORDER DATA TRANSFERS:

  • Some of our service providers may process data outside India. We ensure that such transfers comply with the DPDP Act requirements for cross-border transfers, government notifications regarding restricted countries, and include appropriate contractual safeguards and data protection clauses.
  • We will not transfer personal data to countries or territories that the Central Government has notified as restricted, except as permitted under the DPDP Act. You may request information about countries where your data is processed and the safeguards applied.

7. DATA RETENTION

  • We retain personal data only for as long as necessary. During active services, we maintain data throughout the service engagement period. Legal requirements mandate retention for a period specified by applicable laws, such as 8 years for financial records under the Companies Act. Tax records are retained for 7 years from the end of the relevant assessment year. Data related to disputes is retained until any disputes or claims are resolved, and consent-based processing data is retained until consent is withdrawn.
  • After the retention period, we either permanently delete personal data from our systems, irreversibly anonymise it for statistical or research purposes, or archive it securely if required by law. We periodically review retained data to ensure continued necessity and lawful basis for retention.

8. DATA SECURITY

  • We implement appropriate technical and organisational security measures as required under the DPDP Act. Our access controls include role-based access and multi-factor authentication. We use TLS/SSL encryption for data in transit and encryption for sensitive data at rest. Network security measures include firewalls, intrusion detection, and regular security patches, while physical security involves restricted access to servers and data centres. We continuously monitor systems for unauthorised access.
  • All employees handling personal data receive regular data protection training, sign confidentiality agreements and NDAs, and follow clear data handling procedures and guidelines. In the event of a personal data breach, we maintain an incident response plan, notify affected individuals as required under the DPDP Act, inform the Data Protection Board within the prescribed timelines, and take immediate steps to contain and remediate the breach.
  • We require all data processors to implement appropriate security measures, notify us immediately of any breaches, allow security audits and assessments, and maintain confidentiality obligations.

9. YOUR RIGHTS UNDER DPDP ACT

  • As a Data Principal under the DPDP Act, you have several necessary rights. You have the right to access your data, including requesting confirmation of whether we process your personal data, obtaining a summary of the personal data we process, and knowing the identity of the Data Processors with whom your data is shared. You can request correction of inaccurate or incomplete personal data, and we will update the information and notify relevant third parties where feasible.
  • You may request deletion of your personal data when it is no longer necessary for the original purpose, you withdraw consent where consent is the legal basis, or processing is unlawful. However, we may retain data where required by law or for legitimate purposes. You have the right to raise grievances with our Grievance Officer and escalate unresolved complaints to the Data Protection Board of India. You can nominate another individual to exercise your rights in case of death or incapacity.
  • Where processing is based on consent, you can withdraw it at any time. This will not affect the lawfulness of processing before withdrawal, processing based on other legal grounds, or your ability to use services not dependent on that consent. To exercise your rights, submit requests to our Grievance Officer at help@setindiabiz.com with your full name and contact details, specification of the rights you wish to exercise, identity verification documents, and any relevant supporting information. We will respond within seven working days of receiving a complete request or as prescribed under the DPDP Act.

10. CONSENT MANAGEMENT

  • By availing yourself of our services, you explicitly and affirmatively give your consent to the terms outlined in this policy. This consent is deemed given upon your first use or registration for our services. This consent shall remain in full force and effect until specifically revoked by you in accordance with the provisions below.
  • You can manage your consent preferences and revoke your consent at any time through your account settings on our platform, by using unsubscribe links in emails, adjusting your browser cookie settings, or by submitting a formal request to our Grievance Officer. We ensure that the process for revoking consent is user-friendly and accessible. Upon revocation, we will cease processing your data related to this matter, subject to any legal or contractual obligations to retain certain information.

11. CHILDREN'S DATA

  • Our services are intended for individuals aged 18 years and above, as well as businesses and corporate entities, and adults acting on behalf of minors for specific services. Suppose we become aware that we are processing data of individuals under 18 without proper consent. In that case, we will obtain verifiable parental or guardian consent, delete the data if consent cannot be obtained, or restrict processing to what is necessary with consent.
  • We do not knowingly market directly to children, create profiles of children for targeted advertising, or process children's data for behavioural tracking.

12. COOKIES & TRACKING TECHNOLOGIES:

  • We use various types of cookies, including essential cookies required for website functionality, analytics cookies to understand usage patterns, preference cookies to remember your choices, and marketing cookies to deliver relevant advertisements with your consent.
  • You can control cookies through our cookie consent banner, browser settings, and third-party opt-out tools.

13. AUTOMATED DECISION-MAKING

  • We currently do not use fully automated decision-making that produces legal or similarly significant effects. Suppose we implement such systems in the future. In that case, we will update this policy, which is available on our website, to reflect these changes and provide necessary details, including obtaining consent, offering human review options, and explaining the logic underlying the automated decision-making process.

14. THIRD-PARTY WEBSITES

  • Our website may contain links to third-party websites. We are not responsible for their privacy practices, and we recommend that you review their privacy policies before providing any personal data. The inclusion of any link does not imply our endorsement of the linked website or its privacy practices.

15. UPDATES TO THIS POLICY

  • We may update this Privacy Policy to reflect changes in legal requirements, new processing activities, improved privacy practices, or feedback from users and regulators. Material changes will be notified to registered users via email, website banners, in-app notifications, and an updated "Last Updated" date. Where required, we will seek fresh consent for any material changes that affect your rights.

16. DATA PROTECTION OFFICER & GRIEVANCE REDRESSAL

  • For privacy or data protection concerns, or to exercise your rights, please contact our Data Protection Grievance Officer, Sudip Manna. He can be reached at A-34, Sector-2, Noida 201301 during business hours (Monday to Saturday, 9:30 AM to 6:30 PM IST) or via email at help@setindiabiz.com.
  • We will acknowledge your grievance within 24 hours and provide an initial response within seven working days. We aim to resolve all matters within 30 days; however, complex issues may require additional time, which will be communicated to you. Suppose your grievance is not resolved to your satisfaction. In that case, you may escalate it to the Data Protection Board of India (once established) or other appropriate judicial forums as per applicable laws.

17. LEGAL COMPLIANCE & JURISDICTION:

  • This Privacy Policy is governed by the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000, and its rules, as well as other applicable Indian data protection laws.
  • We regularly review our practices to ensure compliance with evolving data protection regulations, industry best practices, and, where appropriate, international standards. Any disputes arising from this Privacy Policy shall be subject to the exclusive jurisdiction of the courts in New Delhi, India.

18. CONTACT US

19. ACCEPTANCE

  • By using our website or services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with any part of this policy, please discontinue use of our platform and services. Your continued use of our services after any modifications to this Privacy Policy constitutes your acceptance of the updated terms.

Author Bio

setindiabiz

Editorial Team | in

Setindiabiz Editorial Team is a multidisciplinary collective of Chartered Accountants, Company Secretaries, and Advocates offering authoritative insights on India’s regulatory and business landscape. With decades of experience in compliance, taxation, and advisory, they empower entrepreneurs and enterprises to make informed decisions.

Privacy Policy | Setindiabiz — DPDP-Aligned Data Protection & Your Rights