Privacy and Data Protection Policy

Effective Date: 08 March 2025

1. Introduction

ScaleX Business Private Limited (“SXB,” “we,” “our,” or “us”) is committed to protecting the privacy and personal data of individuals whose information we process in the course of providing our corporate, compliance, advisory, and technology-enabled services.

This Privacy Policy explains how we collect, use, store, process, transfer, and disclose personal data in compliance with the Digital Personal Data Protection Act, 2023, and other applicable Indian laws.

By accessing our services, visiting our website, or providing your personal data to us, you acknowledge and consent to the practices described in this Privacy Policy.

2. Definitions

  • Personal Data: Any data about an individual who is identifiable by or in relation to such data.

  • Data Principal: The individual to whom the personal data relates.

  • Data Fiduciary: The entity determining the purpose and means of processing personal data. SXB acts as the Data Fiduciary.

  • Data Processor: Any person or entity processing personal data on behalf of SXB.

3. Collection of Personal Data

We collect personal data necessary for delivering our services and fulfilling legal or contractual obligations. This includes, but is not limited to:

  • Full name and contact information

  • Verification documents such as Aadhaar, PAN, passport, voter ID

  • Address details

  • Signature and identity verification data

  • Photographs or videos where required

  • Information required for KYC, statutory filings, regulatory submissions

  • Any information voluntarily provided during interactions with us

3.1 Automatic Data Collection

When you use our website or digital applications, we may collect certain technical and usage data automatically, including:

  • IP address

  • Browser type and version

  • Device information

  • Interaction details and website usage patterns

This information helps improve security, performance, and user experience.

3.2 Purpose of Processing

We collect and process personal data for purposes including:

  • Delivering corporate, compliance, and advisory services

  • Performing statutory filings and regulatory submissions

  • Conducting onboarding and identity verification

  • Communicating with clients regarding services

  • Meeting obligations under applicable Indian laws

  • Internal audits, administration, and service improvement

  • Sending service-related notifications or promotional information (only with consent)

4. Legal Basis for Processing

We process personal data based on:

  • Consent provided by the Data Principal

  • Legal obligations under Indian corporate, tax, and regulatory laws

  • Performance of contracts with clients

  • Legitimate uses, such as fraud prevention and ensuring security

5. Disclosure of Personal Data

We may disclose personal data to the following, as required:

  • Government departments and statutory authorities

  • Regulators and law enforcement agencies

  • External professional advisors such as lawyers, auditors, or consultants

  • Technology providers, cloud service providers, and IT partners

  • Verification agencies and service delivery partners

  • Third parties pursuant to legal or regulatory requirements

All disclosures occur on a need-to-know basis and subject to confidentiality obligations.

6. Data Retention

We retain personal data only for as long as necessary to:

  • Fulfil the purposes for which it was collected; or

  • Comply with statutory, regulatory, accounting, or reporting obligations

After the retention period expires, personal data is securely deleted, anonymized, or archived.

7. Data Security

We use reasonable technical and organizational measures to safeguard personal data, including:

  • Secure servers and encrypted transmission

  • Access control and authentication procedures

  • Firewalls and intrusion-prevention systems

  • Regular security audits and assessments

  • Restricting access to authorized personnel only

While we take reasonable steps to protect data, no method of transmission or storage is completely secure.

8. Rights of the Data Principal

Data Principals are entitled to the following rights under applicable law:

  • Right to access information regarding the processing of personal data

  • Right to correction of inaccurate or incomplete personal data

  • Right to erasure where legally permissible

  • Right to withdraw consent for processing activities based on consent

  • Right to grievance redressal

Requests may be submitted using the contact details provided in Section 11.

9. Cross-Border Transfer of Personal Data

If personal data is transferred outside India, we ensure that:

  • The transfer complies with applicable Indian laws

  • Appropriate contractual or organizational safeguards are in place

We do not transfer personal data to jurisdictions restricted by the Government of India.

10. Updates to This Policy

We may modify or update this Privacy Policy at any time to reflect changes in law, technology, or business practices. Updated versions will be published on our website. Continued use of our services constitutes acceptance of the revised policy.

11. Contact Information

For any questions, concerns, or requests relating to this Privacy Policy, please contact:

Data Protection Officer
ScaleX Business Private Limited
Floor No.19, Miraya Rose, Palm Meadows
Siddapura, Whitefield
Bengaluru, Karnataka 560066
Email: nandu.kumar@scalexbusiness.com
Phone: 80959 99770

12. Disclaimers

  • This Privacy Policy does not constitute a contract except where expressly incorporated into a service agreement.

  • SXB is not liable for unauthorized access arising despite reasonable security measures.

  • SXB does not knowingly collect personal data from minors unless required for statutory purposes and with appropriate consent.

  • If you provide personal data of another individual, you confirm that you are authorized to do so.