Subscribe to our Newsletter
s
Shivadass & Shivadass (2026)
Subscribe to our Newsletter
Shivadass & Shivadass (2026)
PRIVACY & COOKIE POLICY
Shivadass & Shivadass (Law Chambers)
Level 3, No. 4/2, Millers Road, Bengaluru – 560052
www.sdlaw.co.in | admin@sdlaw.co.in | +91-80 43779955
Effective: 1 April 2026
Important Notice: This website is maintained solely for informational purposes and does not constitute an advertisement, solicitation, or inducement of any kind. No attorney-client relationship is created by its use. Shivadass & Shivadass (Law Chambers) fully adheres to the Bar Council of India Rules, 1975.
PART A
PRIVACY POLICY
Shivadass & Shivadass (Law Chambers) (“the Firm”, “we”, “us”) is a boutique law firm in Bengaluru practising, among other areas, Data Privacy and Protection. This Policy governs personal data collected through www.sdlaw.co.in (the “Website”) from visitors worldwide, including those in the EU/UK, the US, and South-East Asia. It does not apply to data processed in the course of client engagements, which is governed by separate retainer terms and professional obligations of confidentiality. Read this Policy together with Part B (Cookie Policy) below.
Jurisdiction | Applicable Law(s) | Our Role |
India | DPDPA 2023; IT Act 2000; SPDI Rules 2011 | Data Fiduciary |
EU | GDPR (EU) 2016/679 | Data Controller |
UK | UK GDPR; Data Protection Act 2018 | Data Controller |
USA (California) | CCPA as amended by CPRA 2020 | Business |
USA (other states) | Virginia CDPA, Colorado CPA, Connecticut CTDPA, and equivalents | Controller |
Singapore | PDPA 2012 (as amended 2020) | Organisation |
Thailand | PDPA B.E. 2562 (2019) | Data Controller |
Malaysia | PDPA 2010 | Data User |
Philippines | Data Privacy Act 2012 (RA 10173) | Personal Information Controller |
Indonesia | PDPL — Law No. 27 of 2022 | Personal Data Controller |
Where multiple frameworks apply, we apply whichever affords the higher level of protection to the individual.
Our Website is purely informational. The data we collect is limited to: (a) data you provide voluntarily — name, job title, employer, contact details, and the content of any message sent to us by email or contact form – such form submissions may be processed through secure third – party services for communication purposes; and (b) data collected automatically by our server infrastructure — IP address (truncated or anonymised where required), browser and device type, visit date/time, pages viewed, and referring URL — processed in aggregate for security and operational monitoring only. We do not use third-party analytics platforms. We do not collect Sensitive Personal Data intentionally; if you include such data in a message to us, it will be used only for the purpose for which it was shared. Cookies are addressed in Part B.
Purpose | India (DPDPA) | EU/UK (GDPR) | US (CCPA) | SEA |
Responding to enquiries | Consent / Legitimate use | Art. 6(1)(f) | Not subject to opt-out | Consent / Legitimate interests |
Website security & operation | Legitimate use | Art. 6(1)(f) | Not subject to opt-out | Legitimate interests |
Legal & regulatory compliance | Legal obligation | Art. 6(1)(c) | Legal obligation | Legal obligation |
Conflict-of-interest checks | Legitimate use / Legal obligation | Art. 6(1)(f) | Not subject to opt-out | Legitimate interests |
Website improvement (aggregate only) | Legitimate use | Art. 6(1)(f) | Not subject to opt-out | Legitimate interests |
We do not sell, rent, share, or trade personal data for commercial purposes under any framework. We do not engage in cross-context behavioural advertising (CCPA/CPRA). We may disclose personal data, strictly and only, to: IT/hosting providers (under data processing agreements, for operational purposes); professional advisers (auditors, insurers); regulatory or law enforcement authorities (where legally required); and successors of the Firm (subject to equivalent protections).
Our hosting infrastructure is in India; we do not ordinarily transfer data outside India. Where transfers do occur: EU/UK data is transferred under Standard Contractual Clauses (SCCs) or the UK International Data Transfer Agreement (IDTA) — India has no EU/UK adequacy decision. US data is not sold or shared. SEA transfers comply with jurisdiction-specific requirements: Singapore (PDPC contractual protections), Thailand (Section 28 PDPA safeguards), Malaysia (ministerially-approved countries or equivalent contracts), Philippines (NPC-compliant contracts), and Indonesia (Law No. 27 of 2022 safeguards).
Category | Period | Basis |
Email / contact form submissions | 3 years from submission or resolution | Legitimate use; limitation periods |
Server and access logs | 90 days, then deleted/anonymised | Operational necessity |
Data subject rights requests | 3 years from resolution | Legal obligation; defence of claims |
Regulatory compliance data | As required by applicable law | Legal obligation |
We implement appropriate technical and organisational measures including HTTPS/TLS encryption, role-based access controls, and periodic security reviews. We apply the “reasonable security practices” standard under the SPDI Rules (ISO/IEC 27001 or equivalent), Article 32 GDPR, and equivalent SEA standards. In the event of a notifiable breach, we will notify the relevant supervisory authority within the timeframes required by law (e.g., 72 hours under the GDPR and Singapore PDPA).
We do not carry out automated decision-making or profiling of any kind in connection with data collected through this Website.
The table below summarises your key rights by jurisdiction. To exercise any right, contact us at admin@sdlaw.co.in. We acknowledge requests within 48 hours and respond within the timeframe required by your applicable law (1 month under GDPR; 45 days under CCPA; 30 days under the IT Act/SPDI Rules).
Jurisdiction | Rights Available |
India (DPDPA / IT Act) | Access (Sec. 11) · Correction & Erasure (Sec. 12) · Withdraw Consent (Sec. 6) · Grievance Redressal (Sec. 13) · Nominate a representative (Sec. 14) · Complain to the Data Protection Board of India (once constituted) (Sec. 13) |
EU / UK (GDPR / UK GDPR) | Access (Art. 15) · Rectification (Art. 16) · Erasure / Right to be Forgotten (Art. 17) · Restriction (Art. 18) · Data Portability (Art. 20) · Object (Art. 21) · No Automated Decision-Making (Art. 22) · Withdraw Consent · Complain to your national supervisory authority or the ICO (ico.org.uk) |
USA (CCPA / CPRA) | Know · Delete · Correct · Opt-Out of Sale/Sharing (we do not sell or share) · Limit Sensitive PI use · Non-Discrimination · Similar rights for residents of Virginia, Colorado, Connecticut, Texas, and other states with comprehensive privacy laws |
Singapore (PDPA) | Access · Correction · Withdraw Consent · Data Portability (from 1 Sep 2021) |
Thailand (PDPA) | Access & Copy · Rectification · Erasure · Restriction · Data Portability · Object · Withdraw Consent |
Malaysia (PDPA) | Access · Correction · Withdraw Consent |
Philippines (DPA 2012) | Be Informed · Access · Rectification · Erasure/Blocking · Object · Data Portability · Complain to the NPC (privacy.gov.ph) |
Indonesia (PDPL) | Access · Correction · Deletion · Withdraw Consent · Complain to Kominfo |
Minors: This Website is not directed at persons under 18 (or the applicable minimum age in your jurisdiction). We do not knowingly collect data from minors; contact us immediately if you believe a minor has submitted data. External Links: We are not responsible for the privacy practices of third-party websites linked from this Website. Changes: We may update this Policy at any time; the revised version will be posted with an updated effective date. Material changes will be signposted on the Website. Governing Law: This Policy is governed by the laws of India; disputes are subject to the exclusive jurisdiction of the courts in Bengaluru, without prejudice to your right to complain to your local supervisory authority.
Grievance Officer (India — IT Act / SPDI Rules) and general privacy contact for all jurisdictions:
Shivadass & Shivadass (Law Chambers)
Level 3, No. 4/2, Millers Road, Bengaluru, Karnataka – 560052, India
Email: admin@sdlaw.co.in | Tel: +91-80 43779955
Response: acknowledgement within 48 hours; resolution within 30 days.
PART B
COOKIE POLICY
We use only strictly necessary cookies — no analytics, advertising, social media, or tracking cookies of any kind. Strictly necessary cookies are essential to the Website’s operation and cannot be switched off without impairing functionality. They do not collect personal information for profiling or marketing.
Cookie Name | Purpose | Duration | Type |
_cf_bm | Used by Cloudflare for bot protection and security | Session | Third-party |
cookieyes-consent | Stores user consent preferences for cookie usage | 12 months | First-party |
India (DPDPA): consent (via banner) or legitimate use (operational necessity). EU/UK (GDPR/ePrivacy): legitimate interests under Article 6(1)(f) — strictly necessary cookies are exempt from the consent requirement under the ePrivacy Directive. US (CCPA/CPRA): strictly necessary cookie data does not constitute a “sale” or “sharing” of personal information. SEA (Singapore PDPA, Thailand PDPA, Malaysia PDPA, Philippines DPA, Indonesia PDPL): strictly necessary cookies fall within the operational necessity exception in each regime and do not require separate consent.
You may block or delete cookies through your browser settings (Chrome, Firefox, Safari, Edge — refer to each browser’s help documentation) or by using private/incognito mode. Blocking strictly necessary cookies may impair Website functionality. We do not permit third-party providers to set non-essential cookies on this Website. We accept no responsibility for cookie practices of external websites linked from here.
All cookie data is processed and stored within India. Any future cross-border transfer will comply with the DPDPA and the transfer frameworks in Section 5 of Part A. This Website is not directed at persons under 18; we do not knowingly collect cookie data from minors. We may update this Cookie Policy from time to time; the current version will always be available at www.sdlaw.co.in with the effective date shown above.
For questions or complaints about our use of cookies, contact us at admin@sdlaw.co.in or at the address in Section 11 of Part A.
This document is for informational purposes only and does not constitute legal advice. This website does not solicit work and is maintained in compliance with the Bar Council of India Rules, 1975.
© Shivadass & Shivadass (Law Chambers). All rights reserved.
s
Shivadass & Shivadass (2026)
Shivadass & Shivadass (2026)