1. Data Fiduciary

Roots Cyber Law Firm (“Firm”, “we”, “us”, or “our”) acts as a Data Fiduciary under the Digital Personal Data Protection Act, 2023 (“DPDPA”).

Address: No.30, 1st Floor, 4th Cross, 7th Block, Jayanagar, Bengaluru – 560070
Email: myadvocate@rclfglobal.com

2. Nature of Legal Services and Confidentiality

As a law firm, we are bound by professional standards of confidentiality, privilege, and ethical conduct. Personal data is processed strictly in connection with the provision of legal services, legal advice, dispute resolution, transactional work, regulatory compliance, and related professional activities.

Certain personal data may be subject to legal professional privilege and confidentiality obligations under applicable laws and Bar Council rules.

3. Categories of Personal Data Processed

In the course of providing legal services, we may process:

• Client identification and contact details
• Personal data relating to legal matters, disputes, investigations, or transactions
• Financial, commercial, employment, or corporate information
• Personal data of opposing parties, witnesses, experts, employees, and other third parties
• Communications, pleadings, filings, agreements, and evidence
• Information obtained from courts, tribunals, regulators, public records, and counterparties

4. Purpose of Processing

Personal data is processed solely for lawful purposes, including:

• Providing legal advice, representation, and opinions
• Drafting, reviewing, and filing legal documents
• Conducting due diligence, investigations, and research
• Representing clients before courts, tribunals, and authorities
• Complying with statutory, regulatory, and professional obligations
• Billing, accounting, record management, and internal administration

5. Legal Basis and Consent

Where required under the DPDPA, personal data is processed based on consent provided by the Data Principal.

In certain cases, processing may occur for legitimate uses as permitted under the DPDPA, including compliance with law, court orders, or legal proceedings. Withdrawal of consent may be subject to ongoing legal, contractual, or professional obligations.

6. Disclosure of Personal Data

Personal data may be disclosed, where necessary, to:

• Courts, tribunals, arbitrators, and judicial bodies
• Regulatory and governmental authorities
• Opposing counsel, parties, and their advisers
• Advocates, senior counsel, experts, investigators, and consultants
• Service providers supporting legal operations (IT, document management, billing)

Such disclosures are limited to what is legally required or professionally necessary.

7. Data Security

We implement reasonable technical and organisational safeguards appropriate to the nature of legal practice, including access controls, confidentiality protocols, and secure data handling procedures.

8. Retention of Personal Data

Personal data is retained only for as long as required to:

• Fulfil the purpose of legal representation
• Comply with applicable laws, limitation periods, and Bar Council rules
• Defend or pursue legal claims

9. Rights of Data Principals

Under the DPDPA, Data Principals have the right to:

• Obtain information about personal data processed by us
• Request correction or erasure of personal data
• Withdraw consent, where applicable
• Seek grievance redressal

Requests may be subject to legal professional privilege and statutory exemptions.

10. Grievance Redressal Officer

In accordance with the DPDPA, we have appointed a Grievance Redressal Officer:

Name: Ranganath M A
Email: myadvocate@rclfglobal.com
Address: No.30, 1st Floor, 4th Cross, 7th Block, Jayanagar, Bengaluru – 560070

11. Updates to This Privacy Notice

This Privacy Notice may be updated periodically to reflect changes in law or professional practice. The latest version will be made available upon request or on our website.