Privacy Policy

Effective Date: September 11, 2025

Last Updated: September 11, 2025

Better Compliance Private Limited (“Company,” “we,” “our,” or “us”) is committed to protecting the privacy and security of personal information entrusted to us by our clients, website visitors, and business partners. This Privacy Policy explains how we collect, use, disclose, and protect your personal information in accordance with applicable privacy laws, including India’s Digital Personal Data Protection Act 2023 (DPDPA), the European Union’s General Data Protection Regulation (GDPR), and other relevant international privacy frameworks.

1. Information We Collect

1.1 Personal Information Categories

Business Contact Information

Names, job titles, and professional contact details
Business addresses, phone numbers, and email addresses
Company information and organizational details
Professional social media profiles and business networking data

Identity and Verification Information

Government-issued identification numbers (PAN, Aadhaar, passport details)
Director identification numbers and authorized signatory information
Nationality, residential addresses, and citizenship status
Digital identity verification data and document uploads

Financial and Business Information

Banking details and financial account information
Business revenue, funding sources, and financial projections
Tax identification numbers and regulatory compliance records
Payment information and transaction history

Technical and Usage Data

IP addresses, device identifiers, and browser information
Website interaction patterns and platform usage analytics
Login credentials and authentication data
Communication records and service interaction logs

1.2 Information Collection Methods

Direct Collection

Directly from you through our website forms
During the client onboarding and registration process
Through professional communications, meetings, and consultations
When you sign up for newsletters, webinars, or events

Automated Collection

Website cookies and similar tracking technologies
Platform usage analytics and performance monitoring
Security logs and access attempt records
Marketing campaign interaction and engagement metrics

Third-Party Sources

Public business registries and regulatory databases
Professional networking platforms and business directories
Compliance verification services and due diligence providers
Credit reporting agencies and financial verification services

2. How We Use Your Information

2.1 Primary Processing Purposes

Service Delivery and Management

Processing company registration and setup services
Managing ongoing compliance and regulatory obligations
Providing office solutions, HR services, and IT infrastructure
Delivering legal advisory and business development support
Facilitating cross-border business expansion activities

Legal and Regulatory Compliance

Meeting Know Your Customer (KYC) and Anti-Money Laundering (AML) requirements
Complying with Foreign Exchange Management Act (FEMA) obligations
Fulfilling tax reporting and regulatory filing requirements
Maintaining records as required by Indian company law and regulations

Communication and Customer Support

Responding to inquiries and providing customer assistance
Sending service updates, regulatory notifications, and compliance alerts
Conducting client satisfaction surveys and feedback collection
Providing technical support and platform assistance

Business Operations and Improvement

Analyzing service performance and client satisfaction metrics
Developing new services and improving existing offerings
Conducting market research and competitive analysis
Managing vendor relationships and service partnerships

2.2 Marketing and Business Development

Relationship Management

Maintaining client relationships and account management
Providing relevant business insights and market updates
Facilitating networking opportunities and business connections
Delivering educational content about India market expansion

Marketing Communications

Sending newsletters and industry updates (with consent)
Promoting relevant services and platform features
Sharing success stories and case studies (with anonymization)
Conducting webinars and educational events

3. Legal Basis for Processing

3.1 Under Indian Law (DPDPA)

Consent-Based Processing

Marketing communications and promotional materials
Optional service features and platform enhancements
Participation in surveys, case studies, and testimonials
Third-party integrations and extended service offerings

Legitimate Interests

Fraud prevention and security monitoring
Service improvement and platform optimization
Business development and relationship management
Legal compliance beyond statutory requirements

Performance of Contract

Delivering agreed services and support
Processing payments and managing billing
Maintaining service records and documentation
Providing ongoing compliance assistance

3.2 Under GDPR (for EU Clients)

Article 6(1)(b) – Contractual Necessity

Fulfilling service agreements and contractual obligations
Processing payments and managing client accounts
Delivering promised services and support

Article 6(1)(c) – Legal Obligation

Complying with Indian regulatory requirements
Meeting international anti-money laundering standards
Fulfilling tax reporting and compliance obligations

Article 6(1)(f) – Legitimate Interests

Maintaining platform security and preventing fraud
Improving services based on usage analytics
Managing business relationships and communications

4. Information Sharing and Disclosure

4.1 Service Providers and Partners

Authorized Service Partners

Government agencies and regulatory bodies for compliance filings
Banking institutions and financial service providers
Legal firms and professional service partners
Office space providers and facility management companies
IT infrastructure and technology service providers

Processing Safeguards

Confidentiality and data-processing agreements with all third parties
Security and privacy requirements embedded contractually
Regular audits and compliance monitoring
Least-privilege access limited to necessary information

4.2 Legal and Regulatory Disclosures

Mandatory Disclosures

Court orders, legal proceedings, and regulatory investigations
Tax authorities and revenue department requests
Law enforcement agencies with proper authorization
Regulatory bodies overseeing financial services and business registration

Protective Measures

Legal review of all disclosure requests
Client notification where legally permitted
Disclosure limited to specifically requested information
Documentation and audit trails for all disclosures

4.3 Business Transfers and Corporate Events

Client data may be transferred to successor entities in a merger, acquisition, or business transfer
Advance notice provided where feasible and legally required
Successor bound by equivalent privacy protections
Opt-out options provided where legally permissible

5. Cross-Border Data Transfers

5.1 Transfer Framework

Countries of Transfer

European Union member states (for EU clients)
United Kingdom, United States, Australia, and Japan (for respective clients)
Other countries as necessary for service delivery

Legal Mechanisms

Standard Contractual Clauses for GDPR compliance
Adequacy decisions where available
Consent-based transfers for specific services
DPDPA-compliant transfers from India

5.2 Transfer Safeguards

Security Measures

Encryption of data in transit and at rest
Secure communication channels and protocols
Access controls and authentication requirements
Regular assessments of transfer mechanisms

Contractual Protections

Data processing agreements meeting international standards
Security-breach notification requirements
Data-subject rights provisions
Ongoing compliance audits and monitoring

6. Data Retention and Deletion

6.1 Retention Periods

Active Service Period

Client data retained throughout the active service relationship
Regular updates and accuracy maintenance
Secure storage with appropriate access controls

Post-Service Retention

Business records: 8 years (Indian company law)
Financial records: 6 years (tax compliance)
Communication records: 3 years (relationship management)
Marketing data: until consent withdrawal or 2 years of inactivity

6.2 Deletion Procedures

Secure Deletion Standards

Multi-pass overwriting of digital storage media
Physical destruction of hardware containing sensitive data
Cryptographic deletion for encrypted data
Verification and documentation of deletion completion

Retention Exceptions

Legal holds for litigation or investigations
Ongoing regulatory requirements and compliance obligations
Archived records for historical business purposes (anonymized where possible)

7. Your Privacy Rights

7.1 Rights Under DPDPA

Right to Access

Confirmation of personal data processing
Copy of personal data being processed
Information about processing purposes and recipients

Right to Correction

Rectification of inaccurate or incomplete data
Updates to outdated information
Correction of processing purposes where incorrect

Right to Erasure

Deletion when no longer necessary for stated purposes
Withdrawal of consent where consent is the legal basis
Erasure following successful objection to processing

Right to Grievance Redressal

Internal complaint mechanism via designated contacts
Escalation to the Data Protection Board of India
Independent dispute-resolution procedures

7.2 Rights Under GDPR (EU Clients)

Data portability in a structured, machine-readable format
Restriction of processing in specific circumstances
Objection to processing based on legitimate interests
Rights related to automated decision-making and profiling

7.3 Rights Exercise Process

Request Submission

Email: hello@bettercompliance.in
Online form via client portal
Written request to registered office address
Through designated client relationship manager

Response Timeline

Acknowledgment within 48 hours
Full response within 30 days under DPDPA
Response within 1 month under GDPR (extendable by 2 months for complex requests)
Regular status updates for ongoing requests

8. Data Security Measures

8.1 Technical Safeguards

Encryption and Protection

AES-256 for data at rest
TLS 1.3 for data in transit
End-to-end encryption for sensitive communications
Advanced key-management systems

Access Controls

Multi-factor authentication for all system access
Role-based access control with least privilege
Regular access reviews and privilege management
Biometric authentication for high-security areas

System Security

Firewalls and intrusion detection systems
Security updates and patch management
Vulnerability assessments and penetration testing
24/7 monitoring and incident response

8.2 Organizational Measures

Comprehensive privacy and security training
Updates on regulatory changes and requirements
Confidentiality agreements and professional obligations
Incident-response training and procedures

Physical Security

Secure office facilities with access controls
Surveillance systems and visitor management
Clean-desk policies and secure document storage
Controlled access to server rooms and data centers

8.3 Data Breach Response

Incident Management

24/7 monitoring and threat detection
Rapid response-team activation
Impact assessment and containment
Recovery and restoration processes

Notification Procedures

Internal notification to senior management and DPO
Regulatory notification within required timeframes (72 hours for GDPR; without undue delay under DPDPA)
Client notification for high-risk breaches
Public disclosure where legally required

9. Cookies and Tracking Technologies

9.1 Types of Cookies Used

Essential Cookies

Authentication and session management
Platform functionality and user preferences
Security and fraud prevention
Load balancing and performance optimization

Analytics Cookies

Website usage patterns and popular content
Platform feature utilization and performance metrics
User-journey analysis and conversion tracking
Service improvement insights

Marketing Cookies (with consent)

Campaign effectiveness measurement
Personalized content and recommendations
Social media integration and sharing
Third-party advertising platform integration

9.2 Cookie Management

Your Choices

Browser settings to block or delete cookies
Platform preference center for cookie categories
Opt-out mechanisms for marketing cookies
Regular cookie-consent review and updates

Impact of Cookie Restrictions

Essential cookies are required for platform functionality
Analytics cookies help improve service quality
Marketing cookies enable personalized experiences
Third-party cookies may affect integrated features

10. Children’s Privacy

We do not knowingly collect personal information from individuals under 18 years of age. Our services are designed for business professionals and organizations. If we learn that we have collected personal information from a minor without proper parental consent, we will delete it promptly.

11. International Transfers and Global Operations

11.1 Data Processing Locations

Primary Processing

India (primary data center and business operations)
European Union (for EU client data processing)
Secure cloud infrastructure in approved jurisdictions

Transfer Restrictions

No transfers to countries blacklisted under DPDPA
Enhanced protections for transfers to non-adequate countries
Client notification for new processing locations
Regular review of transfer destinations and safeguards

12. Privacy by Design and Default

12.1 Design Principles

Data Minimization

Collection limited to information necessary for services
Regular review and deletion of unnecessary data
Purpose limitation for processing activities
Storage limitation aligned with retention policies

Transparency and Control

Clear information about data-processing practices
User-friendly privacy controls and preference centers
Regular communication about privacy practices and changes
Accessible privacy information and contact methods

13. Updates to This Privacy Policy

13.1 Policy Changes

Review and Updates

Annual review of privacy practices and policy terms
Updates following regulatory changes or guidance
Modifications based on service changes or expansions
Client feedback integration and privacy enhancements

Notification of Changes

Email notification to registered clients for material changes
Website banner and privacy-policy page updates
Direct communication for significant privacy impacts
Reasonable notice period before changes take effect

14. Contact Information and Complaints

14.1 Privacy Contacts

Data Protection Officer

Email: hello@bettercompliance.in
Phone: +91-9964986427
Address: No.19/1, Chetan Tower, 3rd Floor, Infantry Road Cross, Bengaluru - 560001

General Privacy Inquiries

Email: hello@bettercompliance.in

Security Incidents

Email: security@bettercompliance.com

14.2 Complaint Resolution

Internal Process

Submit complaint through designated channels
Acknowledgment within 48 hours
Investigation and initial response within 15 days
Final resolution within 30 days
Escalation to senior management if unresolved

External Authorities

India: Data Protection Board of India (once operational)
European Union: Relevant supervisory authority in your country
Other Jurisdictions: Contact details provided upon request

14.3 Emergency Contacts

Urgent Privacy Matters

Data-breach incidents affecting your information
Unauthorized access to your account or data
Suspected identity theft or fraud
Legal proceedings requiring immediate attention

Acknowledgment

By using our services, accessing our website, or providing personal information to Better Compliance Private Limited, you acknowledge that you have read and understood this Privacy Policy and consent to the collection, use, and disclosure of your personal information as described herein. Where required by law, separate consent mechanisms may apply to specific processing activities or data categories.

Document Version: 1.0