Effective Date: [26/03/2025]
Last Updated: [26/03/2025]
MotherShepherd Private Limited (“Company,” “we,” “us,” or “our”), a company registered under the Companies Act, 2013, is committed to protecting your privacy under Indian data protection laws, including the DPDPA 2023 and IT Act, 2000 (with SPDI Rules). This policy applies to our website development services for individuals and businesses.
Compliance with Indian Laws
We adhere to:
- Digital Personal Data Protection Act (DPDPA), 2023
- Information Technology Act, 2000 (Sec. 43A & SPDI Rules, 2011)
- Reasonable Security Practices (IS/ISO/IEC 27001 certified)
Types of Data Collected
We process:
- Personal Data: Name, email, phone, business address, payment details (via RBI-compliant gateways like Razorpay, PayU, CCAvenue, etc).
- Sensitive Data (if applicable): Passwords, financial data (encrypted and stored per IT Rules, 2011).
- Technical Data: IP address, cookies (see Section 6).
Lawful Basis for Processing
Under DPDPA 2023, we process data based on:
- Consent: Explicit opt-in for marketing.
- Legitimate Use: Necessary for service delivery (e.g., project contracts).
- Legal Obligations: Tax/compliance under Indian laws.
Data Sharing & Disclosure
We share data only with:
- Indian Subprocessors: Hosting providers (e.g., AWS India), payment gateways (Razorpay/CCAvenue/PayU).
- Government Authorities: If mandated by Indian courts/laws (e.g., IT Act Sec. 69).
- Enterprise Clients: With signed Data Processing Agreements (DPAs) per DPDPA.
Data Subject Rights (Under DPDPA 2023)
You have the right to:
- Access & Correction: Request your data in a structured format.
- Erase & Forget: Withdraw consent (email privacy@mothershepherd.in).
- Grievance Redressal: Contact our Data Protection Officer (DPO) below(Visit our Contact Us Page).
Cookies & Tracking
We use cookies for:
- Essential Functions: Session management.
- Analytics: Google Analytics (anonymized data).
To disable, adjust browser settings.
Data Security & Retention
- Security Measures:
- Encryption: AES-256 for data at rest, SSL for transfers.
- Audits: Annual IS audits under IT Act Sec. 43A.
- Retention Period:
- Active Clients: Retained during service period.
- Inactive Clients: Deleted after [3 years] or as per Indian tax laws.
Data Processing Agreement (DPA) for Indian Clients
For enterprise clients, our DPA includes:
- Roles: We act as “Data Fiduciary” (per DPDPA).
- Data Localization: Prefers storage in India (unless cross-border transfer is necessary).
- Breach Notification: Notify clients within 72 hours of a breach.
Request DPA: legal@mothershepherd.in
9. Grievance Officer (Mandatory Under IT Act)
Name: Ruchi Kumari
Email: grievance@mothershepherd.in
Response Time: 30 days (per IT Rules).
10. Updates & Contact
Queries? Contact:
📧 DPO: dpo@mothershepherd.in
📞 Phone: +91 83 5395 9422
📍 Registered Office: 26/360 Durga Colony Nagala Deena Fatehgarh Farrukhabad Uttar Pradesh – 209601
Policy Changes: Notified via email/website.