Data Protection Policy

Last Updated: January 28, 2026

1. Overview

Eagle Info Services LLP ("we", "us", "our") is committed to protecting the privacy and security of personal data in accordance with India's Digital Personal Data Protection Act, 2023 (DPDP Act 2023). This Data Protection Policy outlines our approach to data protection, security measures, and compliance obligations.

2. Our Commitment to Data Protection

We are dedicated to:

  • Collecting and processing personal data lawfully, fairly, and transparently
  • Limiting data collection to what is necessary for our services
  • Protecting personal data using appropriate security measures
  • Providing clear information about our data practices
  • Respecting the rights of data principals under DPDP Act 2023
  • Maintaining accountability for our data processing activities

3. Categories of Personal Data We Process

3.1 Client Information

We process personal data of business contacts and decision-makers including:

  • Name and job title
  • Email addresses and phone numbers
  • Company information and professional details
  • LinkedIn profiles and professional social media

3.2 Website Visitors

For individuals visiting our website, we may process:

  • Contact information provided voluntarily
  • Technical data (IP address, browser information)
  • Usage data (pages visited, time spent on site)

3.3 Business Application Submissions

When you submit an application to work with us, we collect:

  • Your name and email address
  • Company name and website
  • Business revenue and deal value information
  • How you heard about us

4. Legal Basis for Data Processing

Under DPDP Act 2023, we process personal data based on:

  • Consent: When you voluntarily provide your information (e.g., application forms, newsletter signups)
  • Contractual necessity: When data is needed to provide services under a contract
  • Legitimate interests: For business operations, fraud prevention, security, and improving our services
  • Legal obligations: When required by Indian law, regulations, or court orders

5. Data Collection Principles

We adhere to the following principles when collecting personal data:

  • Lawfulness, Fairness, and Transparency: We collect data only when legally permitted and inform you clearly about how we use it
  • Purpose Limitation: We collect data only for specified, explicit, and legitimate purposes
  • Data Minimization: We collect only data that is adequate, relevant, and limited to what is necessary
  • Accuracy: We take reasonable steps to ensure data is accurate and kept up to date
  • Storage Limitation: We retain data only as long as necessary for stated purposes
  • Security: We implement appropriate security measures to protect data

6. Data Security Measures

We implement robust security measures to protect personal data, including:

  • Technical Measures:
    • Encryption of data in transit (HTTPS/TLS)
    • Secure servers with access controls
    • Regular security updates and patches
    • Firewall protection and intrusion detection
  • Organizational Measures:
    • Employee background checks for data-access roles
    • Regular security awareness training
    • Access controls based on need-to-know principle
    • Incident response procedures
  • Physical Security:
    • Secure data centers with restricted access
    • Visitor logging and monitoring

7. Data Retention

We retain personal data for different periods based on its purpose:

  • Client Data: Duration of client relationship plus 7 years (for legal and accounting purposes)
  • Website Visitors: Until purpose of collection is fulfilled or you request deletion
  • Applications: 2 years from submission date, unless extended for business purposes
  • Prospect Data: Duration of campaign engagement plus 1 year

Data is securely deleted or anonymized when retention period expires, unless required by law to retain it longer.

8. Your Rights as a Data Principal

Under DPDP Act 2023, you have the following rights:

8.1 Right to Access

You can request confirmation of whether we process your personal data and, if so, access to that data. You may also request information about:

  • Purposes of processing
  • Categories of personal data processed
  • Recipients or categories of recipients
  • Retention period
  • Source of data (if not collected directly from you)

8.2 Right to Correction

You can request correction of inaccurate or incomplete personal data. We will take reasonable steps to update and correct information.

8.3 Right to Erasure (Right to be Forgotten)

You can request deletion of your personal data when:

  • Data is no longer necessary for its purpose
  • You withdraw consent (if consent was the legal basis)
  • You object to processing and there are no overriding legitimate grounds
  • Data has been processed unlawfully
  • Legal obligations require deletion

8.4 Right to Data Portability

You can request your personal data in a structured, commonly used, machine-readable format, and transmit it to another data fiduciary where technically feasible.

8.5 Right to Object

You can object to processing of your personal data based on legitimate interests. We will cease processing unless we demonstrate compelling legitimate grounds that override your interests, rights, or freedoms, or for the establishment, exercise, or defense of legal claims.

8.6 Right to Withdraw Consent

Where we process data based on consent, you can withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing based on consent before withdrawal.

8.7 Right to Grievance

You have the right to file a complaint with the Data Protection Board of India or relevant authority if you believe your rights under DPDP Act 2023 have been violated.

8.8 How to Exercise Your Rights

To exercise any of these rights, contact us at:

  • Email: dpo@eagleinfoservices.com
  • Subject Line: "Data Rights Request - [Your Name]"
  • Information Required: Your name, contact information, and specific request

We will respond to your request within 30 days of receipt, as required by law.

9. Cross-Border Data Transfers

As part of Hyperke Growth Partners global network, personal data may be transferred to and processed in countries outside India. We ensure:

  • Adequate level of protection is maintained for transferred data
  • Appropriate safeguards are in place (e.g., standard contractual clauses)
  • Your rights under DPDP Act 2023 are protected
  • Data is processed in accordance with this policy

10. Cookies and Tracking Technologies

10.1 Types of Cookies We Use

  • Essential Cookies: Necessary for website to function properly
  • Analytics Cookies: Help us understand how visitors use our website
  • Functionality Cookies: Remember your preferences and settings

10.2 Cookie Management

You can:

  • Accept or reject cookies via cookie banner on our website
  • Manage cookie preferences through your browser settings
  • Delete cookies stored on your device

Note: Disabling cookies may affect website functionality and user experience.

11. Data Breach Notification

In the event of a personal data breach that poses a risk to your rights and freedoms, we will:

  • Notify you without undue delay
  • Provide clear and easily understandable information about the breach
  • Describe likely consequences and measures we have taken or propose to take
  • Notify the Data Protection Board of India as required by law

12. Third-Party Service Providers

We may engage third-party service providers to assist with data processing, including:

  • Email delivery and marketing automation platforms
  • Data enrichment and verification services
  • Analytics and website hosting
  • Customer relationship management (CRM) systems

All third parties are contractually obligated to:

  • Process data only for specified purposes
  • Implement appropriate security measures
  • Protect your data rights
  • Not use data for their own purposes

13. Children's Data

Our services are not intended for individuals under 18 years of age. We do not knowingly collect or process personal data of children. If we become aware of such collection, we will take immediate steps to delete the data.

14. Changes to This Policy

We may update this Data Protection Policy from time to time to reflect changes in our practices, technology, or legal requirements. Significant changes will be communicated via:

  • Posting on our website
  • Email notification to clients
  • Updating the "Last Updated" date

Please review this policy periodically to stay informed of our data protection practices.

15. Contact Information

For questions, concerns, or requests regarding this Data Protection Policy or our data practices, please contact our Data Protection Officer:

  • Email: dpo@eagleinfoservices.com
  • Website: https://eagleinfoservices.com
  • Address: NO 302, G TOWER, K.R. NAGAR EXTENSION, KAKRETHA, Agra, Uttar Pradesh 282007, India

We will respond to your inquiry within 30 days as required by DPDP Act 2023.

16. Compliance Statement

Eagle Info Services LLP is committed to full compliance with India's Digital Personal Data Protection Act, 2023. We regularly review and update our data protection practices to ensure continued compliance and protection of your personal data.