CyberLex Legal Services Pvt. Ltd. ("CyberLex", "we", "us", or "our") is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our website www.cyberlex.co.in and our services. Please read it carefully.
01 Information We Collect
1.1 Information You Provide Directly
When you interact with our website or contact us for legal services, we may collect:
- Identity Information: Full name, date of birth, government-issued ID (when required for legal filings)
- Contact Information: Email address, phone number, postal/residential address
- Case Details: Description of cyber crime incidents, financial fraud details, transaction records, screenshots, and supporting documents you share with us
- Financial Information: Bank account details, transaction IDs, UPI handles — only when directly relevant to fraud recovery cases
- Communication Records: Emails, chat messages, call recordings (with consent) related to your matter
1.2 Information Collected Automatically
When you visit our website, we automatically collect certain technical data:
- IP address, browser type and version, operating system
- Pages visited, time spent on pages, referral URLs
- Device identifiers and screen resolution
- Cookie data and session information (see Section 5)
1.3 Information from Third Parties
We may receive information about you from:
- Law enforcement agencies and cyber cells (with your consent or by legal compulsion)
- Partner legal firms or affiliates referring you to us
- Public records, court databases, and government portals relevant to your case
02 How We Use Your Information
We use your personal information strictly for the following lawful purposes:
Legal Service Delivery
To evaluate your case, provide legal advice, file complaints, draft documents, and represent your interests before authorities.
Client Communication
To contact you via phone, email, or WhatsApp regarding your case progress, consultation scheduling, and legal updates.
Service Improvement
To analyse usage patterns and improve our website functionality, user experience, and service quality.
Legal & Regulatory Compliance
To comply with applicable Indian laws including the IT Act, DPDP Act, Bar Council regulations, and court/authority orders.
Service Notifications
To send important alerts, case updates, appointment reminders, and legal advisories relevant to your matter.
Fraud Prevention
To detect, investigate, and prevent fraudulent activity, security breaches, or misuse of our platform.
We do NOT use your information for unsolicited marketing, sell your data to third parties, or use it for any purpose not listed above without your explicit consent.
03 Data Sharing & Disclosure
We maintain strict confidentiality over your data. We only share your information in the following limited circumstances:
| Recipient | Purpose | Safeguards |
|---|---|---|
| Law Enforcement / Cyber Cells | Filing FIRs, cyber crime complaints, court filings — only as directed by you | Your written consent; legally mandated disclosures |
| Partner Advocates / Law Firms | Specialist legal representation when required | NDA + attorney-client privilege; your prior consent |
| Technology Service Providers | Hosting, email, CRM, and secure communication platforms | Data Processing Agreements; DPDP-compliant vendors only |
| Financial Institutions | Assisting with fraud recovery, freeze requests, and chargeback disputes | Only transaction-specific data; your explicit authorization required |
| Regulatory Authorities | RBI, SEBI, MCA, or court-mandated disclosures | Only as legally required; you are notified wherever legally permissible |
We never sell, rent, lease, or trade your personal information to any third party for commercial purposes.
04 Data Security
We implement robust, multi-layered security measures to protect your personal data:
- 256-bit SSL/TLS Encryption for all data in transit
- AES-256 Encryption for data stored in our databases
- Access Controls: Only authorised legal personnel assigned to your matter can access your case files
- Audit Logs: All access to sensitive client data is logged and periodically reviewed
- Penetration Testing: Our systems are tested for vulnerabilities on a regular basis
- Staff Training: All employees handling client data undergo mandatory data protection training
While we take every reasonable precaution, no system is 100% impenetrable. In the unlikely event of a data breach affecting your personal information, we will notify you within 72 hours as required under applicable law.
05 Cookies & Tracking
Our website uses cookies and similar technologies to enhance your experience. Here is what we use:
| Cookie Type | Purpose | Duration |
|---|---|---|
| Essential Cookies | Core website functionality, security, and session management | Session |
| Analytics Cookies | Understanding how visitors use our site (Google Analytics) | 2 years |
| Preference Cookies | Remembering your settings and preferences | 1 year |
| Marketing Cookies | Displaying relevant service advertisements (disabled by default) | 90 days |
You can control cookie settings in your browser. Disabling essential cookies may affect website functionality. You can also opt out of Google Analytics at tools.google.com/dlpage/gaoptout.
06 Your Rights
Under the Digital Personal Data Protection Act, 2023 (DPDP Act) and applicable Indian laws, you have the following rights:
Right to Access
Request a copy of all personal data we hold about you, including how it is being used.
Right to Correction
Request correction of any inaccurate or incomplete personal information in our records.
Right to Erasure
Request deletion of your personal data when it is no longer necessary, subject to legal retention obligations.
Right to Withdraw Consent
Withdraw consent for data processing at any time, without affecting the lawfulness of prior processing.
Right to Data Portability
Receive your data in a structured, machine-readable format for transfer to another service provider.
Right to Grievance Redressal
Lodge a complaint with our Data Protection Officer or the Data Protection Board of India.
To exercise any of these rights, contact our Data Protection Officer at: help@cyberlex.co.in. We will respond within 30 days.
07 Data Retention
We retain your personal data only for as long as necessary for the purposes outlined in this policy or as required by law:
- Active Client Files: Duration of engagement + 7 years (per Bar Council and legal requirements)
- Consultation Inquiries (non-converted): 12 months from last contact
- Website Analytics Data: 26 months (Google Analytics standard)
- Financial Transaction Records: 8 years (as required under PMLA 2002)
- Communication Records: 3 years from case closure
After the applicable retention period, your data is securely deleted or anonymised.
08 Third-Party Links
Our website may contain links to external websites, government portals (e.g., cybercrime.gov.in), or partner platforms. We are not responsible for the privacy practices of these third-party sites. We encourage you to review their individual privacy policies before sharing any personal information.
09 Children's Privacy
Our services are not directed at individuals under the age of 18. We do not knowingly collect personal information from minors. If you are a parent or guardian and believe your child has submitted data to us, please contact us immediately at help@cyberlex.co.in and we will delete such data promptly.
10 Changes to This Policy
We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page
- Notify active clients via email at least 15 days before the changes take effect
- Post a prominent notice on our website
Your continued use of our services after the effective date of changes constitutes acceptance of the revised policy.
11 Contact Us
If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please reach out to: