Privacy Policy

This Privacy Policy describes how Bajpai & Co. Research Private Limited ("Company", "we", "us", or "our"), operating the brand Bajpai Labs, collects, uses, and discloses information about you when you access or use our website at https://bajpailabs.com and any subdomains (collectively, the "Services").

The Company is incorporated under the Companies Act, 2013 (18 of 2013) with Corporate Identity Number (CIN) U72100UP2026PTC248170 and registered in Uttar Pradesh, India.

1. Information We Collect

1.1 Information You Provide

• Contact & enquiry data: Name, email address, company name, and message content when you submit a contact or consultation form.
• Communications: Content of emails or messages you send us directly.

1.2 Information Collected Automatically

• Usage data: Pages visited, time spent, referral source, and browser or device type collected via server logs and analytics tools.
• Cookies and similar technologies: See our Cookie Policy for details.
• IP address: Collected automatically for security, fraud prevention, and approximate geographic analytics.

1.3 Information From Third Parties

We may receive information about you from third-party platforms (e.g. Cloudflare for infrastructure analytics). We do not purchase personal data from data brokers.

2. How We Use Your Information

We use the information we collect to:

• Respond to enquiries, consultation requests, and support messages.
• Provide, maintain, and improve the Services.
• Monitor and analyse usage patterns to improve performance and user experience.
• Detect, prevent, and address fraud, security incidents, and technical issues.
• Comply with applicable legal obligations under Indian law (including the Information Technology Act, 2000 and the Digital Personal Data Protection Act, 2023) and international regulations including GDPR where applicable.
• Send you updates or communications you have consented to receive (you may opt out at any time).

3. Legal Basis for Processing (GDPR)

Where the General Data Protection Regulation (EU) 2016/679 ("GDPR") applies, we process your personal data on the following legal bases:

• Legitimate interests, to operate our Services, respond to enquiries, and prevent fraud.
• Consent, for non-essential cookies and marketing communications.
• Legal obligation, where processing is required by applicable law.
• Contract, to perform a contract with you or take pre-contractual steps at your request.

4. Sharing Your Information

We do not sell your personal data. We may share data with:

• Service providers: Third-party vendors who assist us in operating the Services (e.g. cloud hosting, email delivery, analytics). These parties are contractually bound to protect your data and use it only as directed by us.
• Legal requirements: When required by law, court order, or governmental authority in India or another applicable jurisdiction.
• Business transfers: In connection with a merger, acquisition, or sale of assets, subject to confidentiality obligations.

5. International Data Transfers

The Company is incorporated in India. Our Services are accessed globally, including from the European Economic Area (EEA), UAE, and other jurisdictions. When we transfer personal data outside India or the EEA, we implement appropriate safeguards such as Standard Contractual Clauses (SCCs) or rely on adequacy decisions where available.

6. Data Retention

We retain personal data only for as long as necessary to fulfil the purposes set out in this Policy, or as required by applicable law. Contact form submissions are retained for up to 24 months unless you request earlier deletion. Analytics data is retained in aggregate form with no personally identifiable information.

7. Your Rights

Depending on your jurisdiction, you may have the following rights regarding your personal data:

• Access: Request a copy of the personal data we hold about you.
• Rectification: Request correction of inaccurate or incomplete data.
• Erasure: Request deletion of your personal data ("right to be forgotten") subject to legal retention obligations.
• Restriction: Request that we restrict processing of your data in certain circumstances.
• Portability: Receive your data in a structured, machine-readable format.
• Objection: Object to processing based on legitimate interests or for direct marketing.
• Withdraw consent: Where processing is based on consent, you may withdraw it at any time without affecting prior processing.

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days. EEA residents may also lodge a complaint with their local supervisory authority.

8. Cookies

We use cookies and similar tracking technologies. Please refer to our Cookie Policy for full details including how to manage your preferences.

9. Children's Privacy

Our Services are not directed at children under the age of 18. We do not knowingly collect personal data from minors. If you believe we have inadvertently collected such data, please contact us immediately at [email protected].

10. Security

We implement appropriate technical and organisational measures to protect your personal data against accidental loss, unauthorised access, disclosure, alteration, or destruction. These include TLS encryption in transit, access controls, and periodic security reviews. No method of transmission over the internet is 100% secure; we cannot guarantee absolute security.

11. Third-Party Links

Our Services may contain links to third-party websites. We are not responsible for the privacy practices or content of those sites. We encourage you to review the privacy policies of any third-party sites you visit.

12. Changes to This Policy

We may update this Privacy Policy from time to time. The updated version will be indicated by a revised "Last updated" date at the top of this page. We encourage you to review this Policy periodically. Continued use of the Services after changes become effective constitutes acceptance of the revised Policy.

13. Governing Law

This Privacy Policy is governed by the laws of India, including the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and the Digital Personal Data Protection Act, 2023. Any disputes shall be subject to the exclusive jurisdiction of the courts in Uttar Pradesh, India.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact: