DIGITAL PERSONAL DATA PROTECTION ACT POLICY

Sonick Edge Advisors LLP

This Digital Personal Data Protection Act Policy is issued by Sonick Edge Advisors LLP in accordance with the Digital Personal Data Protection Act 2023 of India, referred to in this document as the DPDP Act. The DPDP Act is a law of the Parliament of India that governs the processing of digital personal data in a manner that recognises both the right of individuals to protect their personal data and the need to process such personal data for lawful purposes.

This policy explains in clear terms what digital personal data we collect through this website, how and why we process it, the rights of individuals whose data is processed, and the safeguards we adopt as a data fiduciary under the DPDP Act, while also setting reasonable boundaries to protect Sonick Edge Advisors LLP and its stakeholders from misuse of this website or its content.

By accessing or using this website, you acknowledge that you have read, understood and agreed to be bound by this Digital Personal Data Protection Act Policy.

PURPOSE AND RELEVANCE OF THIS POLICY

The purpose of this policy is to

  • describe how Sonick Edge Advisors LLP as a data fiduciary processes digital personal data of individuals in compliance with the DPDP Act
  • explain what kinds of digital personal data are collected, how such data is collected, for what lawful purposes it is used, and how long it is retained
  • set out the rights that individuals, called data principals under the DPDP Act, may exercise in respect of their digital personal data
  • record the security safeguards, breach response measures, consent handling mechanisms and grievance redressal processes adopted by Sonick Edge Advisors LLP
  • clarify how this policy protects both the users of the website and Sonick Edge Advisors LLP by creating clear legal expectations and limitations on both sides

The DPDP Act is relevant to this website because it applies to the processing of digital personal data where the data is collected in digital form or collected in non-digital form and digitised later and to processing outside India when such processing relates to offering goods or services to data principals within India.

SCOPE AND APPLICATION

This policy applies to digital personal data that is collected or received through this website and processed by Sonick Edge Advisors LLP in connection with communication, enquiry handling, business development, professional engagement assessment, regulatory compliance, security, and administration of this website.

This policy applies to all individuals whose digital personal data is processed through this website including visitors, users, prospective clients, existing clients, vendors, and other business contacts, irrespective of their country of access.

This policy supplements the general Privacy Policy of Sonick Edge Advisors LLP and should be read together with the Privacy Policy, Terms and Conditions and Disclaimer published on this website. In case of any inconsistency relating specifically to digital personal data protection, this policy will prevail to the extent required to give effect to the DPDP Act.

WHAT DIGITAL PERSONAL DATA WE COLLECT

For the purposes of the DPDP Act, digital personal data means any data about an individual who is identifiable by or in relation to such data in digital form.

Through this website, Sonick Edge Advisors LLP may collect and process the following categories of digital personal data when you voluntarily provide them:

  • identification details such as full name and professional designation
  • contact details such as electronic mail address, mobile number, telephone number and business address
  • business related details such as company or firm name, role in the organisation, industry, country and city of operation
  • enquiry and communication details such as the subject of your message, the nature of your query, the services you are interested in, and any information you choose to include in free text fields or email messages
  • technical and usage data such as internet protocol address, browser type and version, device type, operating system, date and time of visit, pages visited, duration of visit, referring address, and high level geographic location derived from internet protocol information
  • log data and security data generated by our servers and security systems, used for monitoring, diagnostics, fraud prevention and protection of this website

We do not design this website to collect sensitive categories of personal data such as financial card information, bank access credentials, government identification numbers, biometric identifiers, medical or health details. You are strongly advised not to submit such information through general contact forms on this website. If you nevertheless choose to do so, this will be solely at your own risk and shall not be regarded as an authorised or required data field under this policy.

HOW WE COLLECT DIGITAL PERSONAL DATA

We collect digital personal data in the following ways:

  • when you fill out contact or enquiry forms and submit them through the website
  • when you request a consultation, callback or information using email or other contact details displayed on the website
  • when you subscribe to communications where such functionality is offered
  • when you navigate and interact with the website, in which case technical data and usage data are collected automatically through server logs, cookies and similar technologies
  • where business conversations initiated through the website continue over electronic communication channels, the related digital correspondences may also be stored and processed as part of our records

In all cases where we collect data directly from you, you choose what information you provide. By submitting the information, you consent to our processing of that information for the purposes described in this policy.

HOW AND WHY WE PROCESS DIGITAL PERSONAL DATA

Under the DPDP Act, a data fiduciary may process digital personal data only for lawful purposes and on valid grounds such as consent or certain legitimate uses.

Sonick Edge Advisors LLP processes digital personal data collected through this website for the following purposes:

  • to receive, review and respond to your enquiries and requests
  • to communicate with you regarding our services, capabilities and potential engagements where you have expressed interest
  • to assess fit and feasibility for a potential professional engagement or collaboration
  • to manage and improve the content, layout, performance and security of the website
  • to maintain logs and records necessary for information security and fraud prevention
  • to comply with applicable laws and regulations including record keeping, audit, tax and regulatory obligations
  • to establish, exercise or defend legal claims or to enforce agreements and rights where necessary

Processing activities include collection, recording, organisation, structuring, storage, retrieval, consultation, use, disclosure by transmission where necessary, restriction, erasure or destruction of digital personal data, as relevant to the above purposes.

We do not use digital personal data collected through this website for automated decision making that produces legal or similar significant effects on individuals, nor do we use it for behavioural advertising or profiling.

LEGAL BASIS AND NOTICE UNDER THE DPDP ACT

Sonick Edge Advisors LLP processes digital personal data on the basis of:

  • your consent when you voluntarily provide information through the website or other electronic means
  • legitimate use where you voluntarily provide personal data for a specified purpose and do not indicate that you do not consent to its processing for that purpose, as contemplated by the DPDP Act
  • compliance with legal obligations imposed by Indian law
  • legitimate interests in securing this website, improving user experience, and managing risk and compliance

The DPDP Act requires that when personal data is processed based on consent, the data fiduciary must provide a notice that describes the personal data and the purpose of its processing, the manner in which data principals may exercise their rights, and the manner of making complaints to the Data Protection Board of India, in clear and plain language.

This policy and our Privacy Policy together are intended to serve as that notice. By submitting your data through the website, you acknowledge that you have read and understood these policies.

Where consent is required, you may withdraw your consent at any time by contacting us through the details provided on this website. The consequences of withdrawal, such as our inability to continue communication or provide information, will be explained to you where relevant. Withdrawal of consent does not affect processing already carried out before the withdrawal.

CHILDREN AND SPECIAL CATEGORIES

This website is intended for use by adults engaged in or exploring business and professional matters. It is not directed to individuals under eighteen years of age.

Sonick Edge Advisors LLP does not knowingly process digital personal data of children through this website and does not provide services targeted at children. The DPDP Act places special duties regarding processing of data relating to children including restrictions on tracking and profiling.

If we become aware that we have inadvertently collected digital personal data relating to a child through this website, we will take reasonable steps to delete such data.

DATA STORAGE, RETENTION AND LOCATION

Digital personal data is stored in secure electronic systems and cloud infrastructure under the control of Sonick Edge Advisors LLP or its trusted service providers. Systems may be located within India or in other jurisdictions, subject to contractual clauses and reasonable security safeguards.

We retain digital personal data only for as long as it is reasonably necessary to fulfil the purposes described in this policy, or as required by law, regulation, professional standards, audit requirements or dispute resolution needs. Once data is no longer required, it is deleted, anonymised or archived in accordance with our internal retention policies and the storage limitation principle in the DPDP Act.

SECURITY SAFEGUARDS

Sonick Edge Advisors LLP implements reasonable technical and organisational measures to protect digital personal data, including access controls, authentication, secure servers, logging, and monitoring mechanisms designed to reduce the risk of unauthorised access, misuse, alteration or loss.

While we endeavour to maintain appropriate safeguards, no internet based system can be guaranteed as completely secure. Data transmission is at your own risk. Sonick Edge Advisors LLP shall not be liable for security incidents, breaches or attacks that occur due to factors beyond its reasonable control or due to third party malicious actions.

DATA SHARING, DATA PROCESSORS AND THIRD PARTIES

We do not sell or trade digital personal data to third parties.

We may share digital personal data with:

  • internal authorised personnel of Sonick Edge Advisors LLP for legitimate business and compliance purposes
  • professional advisors such as auditors or legal counsel where required
  • technology and infrastructure service providers engaged to host, maintain or secure our systems and communications
  • regulators, courts or governmental authorities where required by law, regulation, court order or lawful request

When we engage third party service providers as data processors, they are required to act only on our documented instructions, to implement appropriate security measures and to maintain confidentiality, consistent with the obligations placed on data fiduciaries and their processors under the DPDP Act.

COOKIES, LOGS AND ANALYTICS

This website may use cookies and similar technologies to manage sessions, remember certain preferences, improve navigation, monitor performance and maintain security.

Cookies are small data files placed on your device. You may configure your browser to refuse cookies or to alert you when cookies are being sent. If you disable cookies, some parts of the website may not function correctly.

We may use analytics tools that process aggregated technical data such as pages visited, duration of session and approximate geographic area to understand usage patterns and improve our services. These tools are not used to identify individuals for advertising or profiling.

RIGHTS OF DATA PRINCIPALS AND HOW TO EXERCISE THEM

Under the DPDP Act, data principals have rights including the right to obtain information about the processing of their personal data, the right to seek correction and updating of inaccurate data, the right to seek erasure when data is no longer required or consent is withdrawn, and the right to grievance redressal before the data fiduciary and the Data Protection Board of India.

If you wish to exercise these rights in respect of digital personal data processed through this website, you may submit a written request using the contact details provided on this website, clearly stating:

  • your full name and contact details
  • the nature of your relationship with Sonick Edge Advisors LLP
  • the specific right you wish to exercise and details of the data in question

We may request reasonable proof of identity before acting on any request. We will respond within a reasonable time, subject to applicable law. Some requests may be refused where they conflict with law, ongoing legal obligations, rights of other persons or legitimate interests such as fraud prevention or legal claims.

GRIEVANCE REDRESSAL

Sonick Edge Advisors LLP will provide a readily available means of grievance redressal in respect of any act or omission relating to the performance of its obligations in relation to digital personal data under the DPDP Act.

If you have any grievance regarding the processing of your digital personal data, you should first contact us in writing using the details provided on this website, describing the nature of your grievance. We will consider and respond to your grievance within a reasonable period.

DATA BREACH RESPONSE

In the event of a personal data breach involving digital personal data processed by Sonick Edge Advisors LLP, we will assess the incident, take steps to contain and remediate it, and where required by the DPDP Act and relevant rules, notify the Data Protection Board of India and affected data principals of such breach.

We will maintain records of such incidents as required and review our controls to reduce the risk of recurrence.

PROTECTION OF SONICK EDGE ADVISORS LLP

While this policy is designed to protect the privacy rights of users, it also establishes boundaries that protect Sonick Edge Advisors LLP, its partners and employees.

Use of this website does not create any professional client relationship by itself. Sonick Edge Advisors LLP is not responsible for any loss or damage arising from:

  • use of this website or reliance on its content
  • submission of inaccurate, incomplete or unlawful data by users
  • security incidents that occur due to factors beyond our reasonable control
  • misuse of content by third parties

To the maximum extent permitted by applicable law, Sonick Edge Advisors LLP shall not be liable for indirect or consequential loss arising from the processing of digital personal data in accordance with this policy and the DPDP Act.

CROSS BORDER DATA TRANSFERS

Digital personal data collected through this website may be processed on servers located outside the territory of India for lawful business, technology and support reasons. The DPDP Act permits cross border processing subject to conditions notified by the Central Government.

By using this website and providing your digital personal data, you consent to such cross border transfers, subject to this policy and applicable law.

GOVERNING LAW, JURISDICTION AND UPDATES

This Digital Personal Data Protection Act Policy is governed by the laws of India. Any dispute arising in connection with this policy shall be subject to the exclusive jurisdiction of the courts of Hyderabad, Telangana, subject to any overriding requirements of the DPDP Act.

Sonick Edge Advisors LLP may update or amend this policy from time to time to reflect changes in law, regulatory guidance or internal practices. The latest version will be posted on this website and will take effect upon publication. Continued use of the website after any such update will be deemed acceptance of the revised policy.

CONTACT FOR DATA PROTECTION MATTERS

For any questions, requests, or grievances relating to this policy or to digital personal data processed through this website, you may contact Sonick Edge Advisors LLP using the official contact information published on this website.