UpForge Consulting LLP (LLPIN: ACR-4016) respects your privacy and is committed to protecting your personal data in compliance with the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023. This policy explains how we collect, use, store, and protect your information when you visit our website or engage our services.
1. Information We Collect
We collect only the information you voluntarily provide to us:
- Identity data: name, job title, company name
- Contact data: email address, phone number, LinkedIn profile
- Communication data: messages you send through our contact forms or email, including call recordings if consent is provided
- Usage data: pages visited, time spent, referring URL (collected through cookies and analytics tools)
We do not collect sensitive personal data (such as financial account details, passwords, biometric data) unless explicitly required for a specific engagement and with your express consent.
2. How We Use Your Data
We process your data only for lawful purposes:
- To respond to your enquiries and provide consulting services
- To send relevant communications about our services (only with your consent)
- To improve our website and service offerings through analytics
- To comply with legal and regulatory obligations
3. Legal Basis for Processing
We process your personal data on the following legal bases:
- Consent: where you have explicitly opted in (e.g., newsletter subscription)
- Contractual necessity: where processing is required to fulfil an engagement agreement
- Legal obligation: where we are required to retain or disclose data by applicable law
4. Data Sharing and Disclosure
We do not sell, rent, or trade your personal data to third parties. We may share your data only with:
- Service providers: trusted third parties who help us operate our business (e.g., email hosting, CRM, analytics tools such as Google Analytics). These providers are contractually bound to process data only on our instructions and in compliance with this policy.
- Legal authorities: if required to do so by law, regulation, or valid legal request.
5. Data Retention
We retain your personal data only as long as necessary to fulfil the purposes for which it was collected, or as required by law. Typically:
- Enquiry data: 12 months after last contact
- Client engagement data: 3 years after completion of services
- Legal/regulatory records: as per applicable statutory retention periods
After the retention period, your data is securely deleted or anonymised.
6. Data Security
We implement reasonable security practices and procedures as required under the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. These include:
- Encryption of data in transit (TLS 1.2+) and at rest
- Access controls restricted on a need-to-know basis
- Regular security reviews and vulnerability assessments
- Staff training on data handling and confidentiality
7. Your Rights
Under Indian data protection law, you have the following rights:
- Right to access: request a copy of the personal data we hold about you
- Right to correction: request correction of inaccurate or incomplete data
- Right to deletion: request deletion of your data, subject to legal retention requirements
- Right to withdraw consent: withdraw your consent at any time where processing is based on consent
- Right to grievance redressal: lodge a complaint with our Grievance Officer (see Section 11)
To exercise any of these rights, please contact us at the email address below. We will respond within 30 days.
8. Cookies
Our website uses only essential session cookies required for basic functionality. We may also use analytics cookies (e.g., Google Analytics) to understand site usage. You can disable cookies through your browser settings. No third-party tracking cookies are used.
9. Third-Party Links
Our website may contain links to third-party websites (e.g., Calendly, LinkedIn). We are not responsible for the privacy practices of these sites. We encourage you to read their privacy policies before providing any personal data.
10. Changes to This Policy
We may update this policy from time to time. Material changes will be notified by updating the effective date at the top of this page and, where appropriate, by direct communication. We encourage you to review this page periodically.
11. Grievance Officer & Contact
If you have any questions, complaints, or requests regarding this policy or your data, please contact our Grievance Officer:
Shardul Singh
Founding Partner, UpForge Consulting LLP
Email: shardulsingh@upforgeconsulting.com
Address: Mumbai, Maharashtra, India
If you are not satisfied with our response, you have the right to lodge a complaint with the relevant data protection authority in India.
12. Governing Law
This policy is governed by the laws of India. Any disputes arising out of or in connection with this policy shall be subject to the exclusive jurisdiction of the courts in Mumbai, India.