1. Introduction

(1) LexCreate & Co (“LexCreate”, “we”, “our”, “us”) values your privacy and is committed to protecting your personal data.

(2) This Privacy Policy (“Policy”) explains how we collect, use, store, disclose, and safeguard your personal information in accordance with applicable Indian laws, including the Digital Personal Data Protection Act, 2023 (DPDPA) and related rules.

(3) By engaging our services, visiting our website, or communicating with us, you consent to the practices described in this Policy.

​

2. Scope and Application

​

(1) This Policy applies to visitors to our website [www.lexcreate.in]; clients, vendors, consultants, employees, interns, and other stakeholders; and any person whose data LexCreate processes in the course of providing professional or administrative services.

(2) This Policy does not apply to data collected by third-party websites or services linked from our website.

​

3. Definitions

​

(1) Unless otherwise defined herein, terms such as “Data Principal”, “Data Fiduciary”, and “Personal Data” shall have the meanings assigned under the DPDPA.

(2) Personal Data means any data about an individual who is identifiable by or in relation to such data.

(3) Sensitive Personal Data includes information such as financial data, health details, biometric identifiers, or any data classified as sensitive by law.

(4) Processing means the collection, storage, use, sharing, or deletion of personal data.

​

4. Categories of Personal Data Collected

(1) Identity and Contact Information: Name, title, designation, address, email, phone number.

(2) Identification Information: PAN, Aadhaar, passport details (where necessary).

(3) Professional and Employment Information: Occupation, qualifications, work experience.

(4) Financial and Payment Data: Bank details, billing information, invoices.

(5) Digital Information: IP address, browser type, usage data, cookies, device identifiers.

(6) Special Categories (Sensitive Data): Health or payment credentials, only when necessary for legitimate business or legal compliance purposes.

(7) Communications Data: Information shared through forms, emails, or in-person meetings.

​

5. Lawful Basis and Purpose of Processing

(1) We process personal data lawfully, fairly, and for specific purposes as per Section 4 of the DPDPA, including but not limited to:

(2) Providing legal, consulting, or advisory services;

(3) Managing client relationships, billing, and correspondence;

(4) Responding to inquiries, feedback, or job applications;

(5) Sending newsletters, event invites, and legal updates (only with consent);

(6) Compliance with statutory, regulatory, and professional obligations;

(7) Protecting our rights, property, and interests;

(8) Improving website functionality and user experience through aggregated analytics.

(9) We do not process personal data for any purpose incompatible with the original collection purpose unless required by law.

​

6. Consent and Withdrawal

(1) Where processing is based on consent, we ensure it is obtained freely, specifically, and informedly.

(2) You may withdraw your consent at any time by writing to contact@lexcreate.in. Such withdrawal will not affect prior lawful processing.

 

7. Data Sharing and Disclosure

(1) We do not sell, rent, or trade personal data. Data may be disclosed only in the following circumstances:

(2) Service Providers: To IT, accounting, HR, or marketing vendors who are bound by confidentiality agreements.

(3) Legal Obligations: To comply with court orders, government directives, or law enforcement requirements.

(4) Business Interests: To protect our rights, enforce contracts, or prevent fraud.

(5) Client Instructions: When required to fulfil our professional engagement obligations.

(6) All third parties are required to process data only as per our instructions and maintain equivalent safeguards.

​

8. Cross-Border Data Transfer

(1) Where personal data is transferred outside India, we ensure that such transfer complies with Section 16 of the DPDPA and is made to jurisdictions or entities offering an adequate level of data protection or under appropriate contractual safeguards.

​

9. Data Retention

(1) We retain personal data only as long as necessary to fulfil its purpose or comply with legal obligations.

(2) Upon withdrawal of consent or completion of purpose, data is securely deleted or anonymised unless retention is legally mandated.

​

10. Data Security Measures

(1) We implement reasonable technical and organisational security measures, including:

(2) Secure servers, firewalls, and encryption protocols;

(3) Multi-factor authentication and password protection;

(4) Regular security audits and vulnerability assessments;

(5) Limited access to authorised personnel only;

(6) Continuous employee training on privacy and data handling.

(7) In case of a personal data breach, LexCreate shall notify the Data Protection Board of India and affected individuals as per Section 8(6) of the DPDPA.

​

11. Data Principal Rights

(1) Under the DPDPA, you are entitled to exercise the following rights:

(2) Right to Access: Obtain a summary of your personal data and entities with whom it is shared.

(3) Right to Correction and Erasure: Request rectification or deletion of inaccurate or outdated data.

(4) Right to Withdraw Consent: Revoke consent for processing at any time.

(5) Right to Grievance Redressal: Lodge complaints regarding data misuse or non-compliance.

(6) Right to Nomination: Nominate another person to exercise your rights in the event of death or incapacity.

(7) Requests may be made to our Data Protection Officer via contact@lexcreate.in.

​

12. Cookies and Website Analytics

(1) Our website may use cookies or similar technologies to enhance browsing experience, analyse web traffic, and improve content relevance.

(2) You can modify your browser settings to decline cookies; however, some parts of the website may not function properly thereafter.

​

13. Children’s Data

(1) We do not knowingly collect personal data from children under 18 years without verified parental or guardian consent, as per Section 9 of the DPDPA.

​

14. Grievance Redressal and Contact Information

(1) If you have concerns regarding this Policy or wish to exercise your rights, please contact:

(2) Data Protection Officer (DPO), LexCreate & Co, Email: contact@lexcreate.in, [Postal Address of Office].

(3) All grievances will be addressed within the timelines prescribed under the DPDPA and applicable regulations.

 

15. Updates and Amendments

(1) LexCreate reserves the right to modify or update this Policy at any time without prior notice.

(2) The updated version will be made available on our website at www.lexcreate.in/privacy-policy, and the 'Effective Date' above will reflect the latest revision.

​

16. Disclaimer

(1) While we take all reasonable precautions to safeguard personal data, transmission of information over the internet is inherently insecure.

(2) LexCreate disclaims liability for any unauthorised access, alteration, or misuse of data beyond its control.