Skip to content

Privacy notice

Effective date: 2026-05-22  ·  Nyaya Record Desk Pvt Ltd

This notice explains how Nyaya Record Desk Pvt Ltd ("NRD", "we") collects, uses and protects personal data in accordance with the Digital Personal Data Protection Act 2023 ("DPDPA").

1. Data we collect

[LEGAL: Counsel to supply the definitive list of personal data collected from each category of data principal — insurer users, lawyer users, claimants whose records are processed. Include contact details, professional identifiers, claim-related medical and financial records, and any other fields.]

2. Purpose of processing

[LEGAL: Counsel to specify the lawful basis and declared purpose for each category of processing — claims evidence structuring, QC, gap analysis, summary, panel advocate assignment, FMF compliance reporting, contact-form response, and any others.]

3. Data residency

All personal data processed by NRD is stored and processed within India, in the AWS Mumbai region (ap-south-1). No personal data is transferred outside India except as permitted under the DPDPA.

[LEGAL: Counsel to add any cross-border transfer provisions and applicable safeguards if required.]

4. Retention periods

Active claim records are retained for seven years, aligned with the standard limitation period for motor accident claims. Contact-form enquiries are retained for [LEGAL: period to be specified]. Data is deleted on schedule with a logged audit trail.

5. Consent and withdrawal

[LEGAL: Counsel to describe how consent is obtained at intake, how a data principal can withdraw consent, and the consequences of withdrawal. Include the mechanism for submitting a withdrawal request.]

6. Your rights under the DPDPA

[LEGAL: Counsel to enumerate rights — access, correction, erasure, grievance redressal — and the process for exercising each.]

7. Grievance officer

Data principals may submit grievances to our designated Grievance Officer:

[LEGAL: Counsel to supply officer name, address and contact email.]
Email: privacy@nrdesk.in

Grievances will be acknowledged within [LEGAL: period] and resolved within [LEGAL: period].

8. Breach notification

In the event of a personal data breach, NRD will notify the Data Protection Board of India and affected data principals within 72 hours of confirming the breach, as required by the DPDPA. [LEGAL: Counsel to add any additional notification steps.]

9. Sub-processors

We use a small, fixed list of sub-processors, all governed by Data Processing Agreements. See our Compliance page for the full sub-processor table.

10. Changes to this notice

We will update this notice when processing activities change. The effective date at the top of this page reflects the most recent revision. [LEGAL: Counsel to specify how data principals will be notified of material changes.]

For questions about this notice, contact us at privacy@nrdesk.in.