Privacy Policy
This Privacy Policy describes how IRPR Media Private Limited ("we", "us", "our", "irpr.network") collects, uses, stores, and protects personal data when you access our website or engage with our services.
1. Who We Are
IRPR Media Private Limited is a company incorporated under the Companies Act 2013 (India), operating the website irpr.network. We provide Global Capability Center (GCC) advisory, employer of record, payroll, company registration, regulatory compliance, and FEMA/RBI filing services to global companies establishing India operations.
2. Personal Data We Collect
We collect the following categories of personal data:
Enquiry and Contact Data
Name, work email address, company name, phone number, and the content of your message when you submit a consultation request or contact form on irpr.network.
Professional Data
Company headquarters country, industry sector, GCC headcount plans, and service requirements - provided voluntarily during the advisory process to enable us to scope your engagement.
Usage and Technical Data
IP address, browser type and version, device type, pages visited, time spent on pages, referring URL, and session duration. Collected automatically when you access our website via cookies and server logs.
Communication Records
Records of email correspondence, video call notes, and written proposals exchanged during a client engagement. Retained as part of our service delivery records.
Statutory and Financial Data
For clients who engage our services: director identification numbers (DIN), PAN, company registration numbers, payroll data, and other regulatory information required to perform statutory filings on your behalf. This data is collected and processed under a Data Processing Agreement (DPA) as a data processor on your instructions.
We do not collect sensitive personal data (health, biometric, religious, or caste information), personal data of minors, or personal data from individuals outside a B2B context unless explicitly disclosed.
3. Legal Basis and Purpose of Processing
Under the Digital Personal Data Protection Act 2023 (DPDP Act) and applicable international law, we process personal data on the following bases:
| Purpose | Legal Basis | Retention |
|---|---|---|
| Responding to consultation enquiries | Consent / Legitimate interest | 2 years from enquiry |
| Performing GCC advisory and compliance services | Contract performance | 7 years (statutory requirement) |
| Filing statutory documents on behalf of clients | Contract / Legal obligation | 7 years from filing date |
| Website analytics and performance monitoring | Legitimate interest / Consent | 26 months (anonymised) |
| Sending service updates and compliance reminders | Contract / Consent | Duration of engagement + 1 year |
| Legal compliance and regulatory obligations | Legal obligation | As required by applicable law |
4. Data Sharing and Third Parties
We do not sell, rent, or trade your personal data to any third party. We may share data with:
- Service Providers:Cloud hosting providers (data stored in India and the US under Standard Contractual Clauses where applicable), email delivery services, and accounting software used to perform our services. All third-party processors are bound by data processing agreements.
- Professional Advisors:Chartered accountants, company secretaries, and legal counsel engaged on a matter-specific basis, bound by professional confidentiality obligations.
- Regulatory Authorities:Ministry of Corporate Affairs (MCA), Reserve Bank of India (RBI), Employees' Provident Fund Organisation (EPFO), GST Network (GSTN), and other statutory bodies where disclosure is required to perform our services or comply with law.
- Business Transfers:In the event of a merger, acquisition, or sale of IRPR Media Private Limited, personal data held may be transferred as part of the transaction, subject to the same privacy commitments.
5. Cross-Border Data Transfers
IRPR Media Private Limited is an Indian company. Your data is primarily processed and stored in India. Where we use third-party service providers located outside India (for example, cloud infrastructure services), we ensure appropriate safeguards are in place including Standard Contractual Clauses as required under the DPDP Act 2023 and GDPR where applicable. If you are located in the European Economic Area, your personal data is transferred to India under Article 46 GDPR mechanisms.
6. Cookies and Tracking Technologies
Our website uses cookies and similar tracking technologies. Please refer to our Cookie Policy for a full description of the cookies we use, their purpose, and how to manage your preferences. You may withdraw cookie consent at any time by adjusting your browser settings or using the cookie preference panel accessible via the link in our website footer.
7. Your Rights as a Data Principal
Under the DPDP Act 2023 and applicable law, you have the following rights regarding your personal data:
Right to Information
Request information about what personal data we hold about you and how it is processed.
Right to Correction
Request correction of inaccurate or incomplete personal data held by us.
Right to Erasure
Request deletion of your personal data where processing is no longer necessary, subject to our legal retention obligations.
Right to Grievance Redressal
Raise a complaint regarding our data processing practices with our Grievance Officer (details below).
Right to Withdraw Consent
Where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.
Right to Portability (GDPR)
If you are in the EU/EEA, receive your personal data in a structured, machine-readable format and transmit it to another controller.
To exercise any of the above rights, contact our Grievance Officer at hello@irpr.network with the subject line "Data Rights Request". We will respond within 30 days as required under the DPDP Act 2023.
8. Data Security
We implement appropriate technical and organisational measures to protect personal data against unauthorised access, accidental loss, destruction, or alteration. These include encrypted data transmission (TLS/HTTPS), access controls restricting data to authorised personnel only, regular security reviews, and contractual obligations on all data processors. In the event of a personal data breach that is likely to result in harm to data principals, we will notify the Data Protection Board of India within the timeframe prescribed under the DPDP Act 2023.
9. Grievance Officer
In accordance with the Information Technology Act 2000 and the DPDP Act 2023, IRPR Media Private Limited has designated a Grievance Officer for data protection matters:
Grievance Officer - IRPR Media Private Limited
Pune, Maharashtra, India
hello@irpr.networkResponse time: Within 30 days of receipt of complaint, as required under the DPDP Act 2023.
10. Children's Privacy
Our services are directed exclusively at businesses and their representatives. We do not knowingly collect personal data from individuals under 18 years of age. If we become aware that we have collected personal data from a child without verifiable parental consent, we will delete it promptly.
11. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in law, our services, or data practices. The "Effective date" at the top of this page indicates the date of the most recent revision. Continued use of irpr.network after a revised policy is posted constitutes your acceptance of the changes. For material changes, we will notify active clients via email.
12. Governing Law
This Privacy Policy is governed by the laws of India, including the DPDP Act 2023 and the Information Technology Act 2000 and its rules. Any dispute arising under this policy shall be subject to the jurisdiction of the courts at Pune, Maharashtra, India.
Questions about this policy
Contact our data team
For any privacy-related enquiries, data rights requests, or to raise a concern, write to us at:
hello@irpr.networkIRPR Media Private Limited · Pune, Maharashtra, India