Introduction

At GRIH® (accessible from https://www.grih.in/), we are committed to protecting your privacy and handling your personal data responsibly. This Privacy Policy explains what information we collect, why we collect it, how we use and share it, and your choices and rights regarding your data.

We have modeled this policy to align with best practices for compliance with the General Data Protection Regulation (GDPR) as outlined in Google's GDPR compliance guidelines, ensuring transparency, user control, and data security. This policy applies to all users of our website, services, and related platforms, including business registration, MSME, GeM, GST, and compliance services.

Information We Collect

We collect information to provide, improve, and secure our services. The types of data we collect depend on how you interact with us.

Information You Provide Directly

• Account and Registration Data: When you register for services (e.g., company incorporation, Udyam/MSME registration), you may provide personal details such as name, email address, phone number, address, business details, identification documents (e.g., Aadhaar, PAN), and payment information.
• Content and Communications: Documents uploaded for compliance (e.g., certificates, forms), messages sent via contact forms, chat, or email, and feedback or reviews.
• Business Setup Data: Information related to your business, such as company name, structure (e.g., Private Limited, LLP), and financial details for GST or GeM registration.

Information Collected Automatically

• Device and Usage Data: IP address, browser type, operating system, device identifiers, referral URLs, pages viewed, time spent, and interactions (e.g., clicks on packages or add-ons).
• Log Data: Date/time stamps, error reports, and performance metrics to monitor site activity.
• Cookies and Similar Technologies: We use cookies, web beacons, and local storage for analytics, personalization, and advertising. Essential cookies enable core functions; others require consent (see our Cookie Policy for details).
• Location Data: Inferred from IP address for region-specific services (e.g., Indian compliance rules), but not precise GPS unless you enable it.

Information from Other Sources

• Partners and Third Parties: Data from government portals (e.g., MCA for company checks), payment processors, or marketing partners, only with your consent or as required for services.
• Public Sources: Business directories or public records for verification during registrations.

Why We Collect and Use Your Information

Our use of your data is based on lawful grounds under GDPR, such as consent, contract performance, legitimate interests (e.g., service improvement), or legal obligations.

• Providing Services: Process registrations, prepare documents, handle payments, and deliver add-ons like website development or digital marketing setup.
• Maintaining and Improving Services: Analyze usage to fix bugs, enhance features (e.g., faster registration flows), and develop new offerings (e.g., based on user trends).
• Personalization: Tailor recommendations (e.g., suggest packages based on your business type) and communications (e.g., updates on registration status).
• Communications: Send service-related emails (e.g., confirmations, invoices), marketing (with opt-in consent), or notifications (e.g., compliance deadlines).
• Security and Fraud Prevention: Detect suspicious activity, prevent abuse, and comply with laws (e.g., anti-money laundering checks).
• Analytics and Measurement: Use tools like Google Analytics to understand trends, without using sensitive data for ads.
• Legal Compliance: Fulfill obligations under Indian laws (e.g., Companies Act) or GDPR if processing EU data.

We combine data across services and devices for these purposes, but only where it benefits you and aligns with your settings.

Your Privacy Controls

You have control over your data:

General Controls

• Account Settings: Access, update, or delete your information via your dashboard.
• Consent Management: Opt-in/out of marketing, cookies, or data sharing through our consent banner or settings.
• Data Export and Deletion: Request a copy of your data or deletion (subject to legal retention requirements) by emailing info@grih.in.

GDPR Rights (for EEA/UK/Swiss Users)

Additional Controls

• Do Not Track: We honor browser DNT signals for non-essential tracking.
• Cookie Controls: Manage via browser settings or our Cookie Policy.

For automated decision-making (e.g., eligibility checks), you can request human review.

Sharing Your Information

• With Your Consent: E.g., sharing documents with government portals for registration.
• Service Providers: Trusted partners (e.g., payment gateways like Razorpay, cloud hosts) process data under strict contracts ensuring GDPR compliance (e.g., data processing agreements).
• Legal Requirements: Disclose to authorities if required by law, court order, or to protect rights/safety.
• Business Transfers: In mergers/acquisitions, data is protected and users notified.
• Aggregated/Anonymous Data: Shared with partners (e.g., for trends) without identifying individuals.

For international transfers (e.g., to servers outside India/EEA), we use Standard Contractual Clauses (SCCs) or other GDPR-approved mechanisms.

Keeping Your Information Secure

We implement robust security measures:

Technical Safeguards

• Encryption (e.g., SSL/TLS for transmissions)
• Access controls and firewalls
• Regular security audits

Organizational Measures

• Employee training on data protection
• Data minimization (e.g., temporary storage of documents)
• Incident response plans

Security Incidents

If a breach occurs, we notify affected users and authorities as required by GDPR (within 72 hours where feasible).

Exporting and Deleting Your Information

• Export: Request a portable copy of your data in a structured format.
• Deletion: We delete data upon request or when no longer needed, except for legal retention (e.g., 7 years for tax records under Indian law).
• Tools: Use our self-service options or contact us.

Retaining Your Information

We retain data only as long as necessary:

• Account data: Until deletion or inactivity (e.g., 2 years)
• Logs: Up to 1 year for analytics
• Documents: Temporarily during processing, then deleted automatically

Retention is based on purpose, legal requirements, and user requests.

Compliance and Cooperation with Regulators

We comply with applicable laws, including GDPR for EU data, India's Digital Personal Data Protection Act (DPDP) 2023, and other global standards. As a data controller, we ensure lawful processing and cooperate with regulators (e.g., providing transparency reports if requested).

For GDPR-specific compliance (inspired by Google's approach):

• Lawful Bases: Documented for each processing activity
• Data Protection Officer (DPO): Appointed for oversight (contact: dpo@grih.in)
• Impact Assessments: Conducted for high-risk processing
• Children's Data: We do not target children under 16; parental consent required if applicable

About This Policy

This policy applies to GRIH® services operated by [Your Company Name/Entity], located in India. It does not cover third-party sites linked from ours.

We may update this policy; changes will be posted here with the effective date. For material changes, we'll notify you via email or site notice.

By using our services, you consent to this policy. If you disagree, please do not use our site.

Last Updated: August 17, 2025