Privacy Policy

1. Introduction

The Hill Link ("we", "us", "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our services, visit our website, or engage with our team.

BY USING OUR SERVICES, YOU CONSENT TO THE PRACTICES DESCRIBED IN THIS PRIVACY POLICY. If you do not agree with our policies, please do not use our services.

2. Information We Collect

2.1 Personal Information

We collect the following personal information:

• Contact Information: Name, email address, phone number, mailing address
• Identity Information: PAN card, government-issued ID (Passport, Driving License, Voter ID)
• Aadhaar Collection (Special Consent Required): We collect your Aadhaar number ONLY when required for specific government compliance purposes (such as Bhu Kanoon Act verification with revenue authorities). You will be asked for separate explicit consent before Aadhaar collection. You may refuse Aadhaar sharing if alternative government-issued identification is acceptable for your service needs. Aadhaar is stored with enhanced security measures (encrypted storage, restricted access, separate from other personal data).
• Financial Information: Bank account details (for refunds), payment transaction records
• Property Information: Property addresses, coordinates, seller details, listing links, purchase intent
• Use Case Information: Intended property use (retirement, investment, etc.), budget, timeline

2.2 Technical Information

• IP address, browser type, device information
• Website usage data, pages visited, time spent
• Cookies and tracking technologies (see Cookie Notice)
• Geolocation data (with your consent)

2.3 Third-Party Information

We may collect information about properties from public records, government offices (tehsil, revenue departments, courts), local liaisons, and third-party service providers (surveyors, advocates).

3. How We Use Your Information

We use your information for:

• Service Delivery: Conducting property verification, preparing reports, providing advisory services
• Communication: Responding to inquiries, providing updates, delivering reports
• Payment Processing: Processing payments, issuing invoices, handling refunds
• Legal Compliance: Complying with Bhu Kanoon Act requirements, tax regulations, and other legal obligations
• Service Improvement: Analyzing service quality, identifying improvement areas
• Marketing: Sending promotional materials (you may opt out anytime)
• Security: Preventing fraud, protecting against unauthorized access

4. Information Sharing & Disclosure

4.1 We May Share Information With:

• Service Providers: Advocates, surveyors, local liaisons, payment processors (under strict confidentiality agreements)
• Government Authorities: When required by law or for legal compliance (e.g., Bhu Kanoon Act verification)
• Legal Proceedings: If required by court order, subpoena, or law enforcement
• Business Transfers: In the event of merger, acquisition, or sale of our business

4.2 We DO NOT:

• Sell your personal information to third parties
• Share your property search details with sellers or brokers
• Disclose your identity to property sellers without your explicit consent
• Use your information for purposes unrelated to our services without consent

5. Data Security

We implement appropriate security measures to protect your information:

• Encrypted data transmission (SSL/TLS)
• Secure password-protected databases
• Access controls limiting employee access to need-to-know basis
• Regular security audits and updates
• Confidentiality agreements with all team members and service providers
• Two-factor authentication for sensitive systems
• Regular backups with encrypted storage

However, NO METHOD of electronic storage or transmission is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

5.1 Data Breach Notification

In the event of a data breach that compromises your personal information, we will:

• Notify You Within 72 Hours: Email notification to your registered email address describing the nature of the breach, data affected, and steps being taken
• Notify Authorities: Report to the Indian Computer Emergency Response Team (CERT-In) and other relevant authorities as required by law
• Remediation Steps: Immediately implement measures to contain the breach and prevent future incidents
• Support: Provide guidance on protective measures you can take (e.g., password changes, fraud monitoring)

You will receive detailed information about: (a) what data was compromised, (b) when the breach occurred, (c) steps we're taking to investigate and remediate, and (d) recommended actions for your protection.

6. Data Retention

We retain your information for:

• Active Clients: Duration of service engagement plus 7 years (for legal and tax compliance)
• Inactive Inquiries: 2 years from last contact
• Truth Reports: 10 years (for warranty and liability purposes)
• Financial Records: 10 years (as per Indian tax laws)

After retention periods, we securely delete or anonymize your information unless longer retention is required by law.

7. Your Rights

You have the right to:

• Access: Request a copy of your personal information we hold
• Correction: Request correction of inaccurate or incomplete information
• Deletion: Request deletion of your information (subject to legal retention requirements)
• Opt-Out: Unsubscribe from marketing communications
• Portability: Request your data in a structured, machine-readable format
• Objection: Object to processing of your information for certain purposes

To exercise these rights, contact us at [email protected]. We will respond within 30 days.

8. Cookies & Tracking Technologies

We use only strictly necessary cookies required for website functionality. We do not use marketing or advertising cookies.

User preferences (language, currency) are stored locally on your device and are not transmitted to our servers.

For complete details, see our Cookie Notice.

We use privacy-focused, self-hosted analytics to understand how visitors use our website. Our analytics solution does not use cookies, does not collect personal information, and is fully compliant with GDPR and DPDP Act. We collect only aggregate data: pages visited, referrer source, browser type, device type, and country. No individual tracking or profiling is performed.

9. Third-Party Links

Our website may contain links to third-party websites. We are not responsible for the privacy practices of these websites. We encourage you to read their privacy policies.

10. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect information from children. If you believe we have collected information from a child, contact us immediately for deletion.

11. Digital Personal Data Protection Act, 2023 (DPDP Act) Compliance

In compliance with India's Digital Personal Data Protection Act, 2023, we provide the following additional protections and rights:

11.1 Lawful Processing

We process your personal data only for legitimate purposes with your consent or as required by law. When you engage our services, you provide explicit consent for data processing necessary to deliver those services.

11.2 Data Minimization

We collect only the minimum data necessary to provide our services. We do not collect excessive or irrelevant information.

11.3 Purpose Limitation

Your data is used ONLY for the purposes disclosed at the time of collection (service delivery, communication, legal compliance). We will NOT repurpose your data without obtaining fresh consent.

11.4 Data Principal Rights

Under the DPDP Act, you have the right to:

• Access: Obtain information about personal data we hold and how it's processed
• Correction: Request correction of inaccurate or incomplete data
• Erasure: Request deletion of data when retention is no longer necessary (subject to legal retention requirements)
• Grievance Redressal: File complaints with our Consent Manager or the Data Protection Board of India
• Nominate: Nominate another individual to exercise your rights in case of death or incapacity

11.5 Consent Manager

For all data privacy requests, contact our Consent Manager:

11.6 Data Processing Record

We maintain records of all data processing activities including: data categories collected, processing purposes, retention periods, and third-party disclosures. You may request a copy of these records.

11.7 Cross-Border Data Transfer

Your data is primarily stored in India. If we transfer data outside India (e.g., to cloud providers), we ensure adequate safeguards and comply with DPDP Act requirements. We will notify you of such transfers.

11.8 Automated Decision-Making

We do NOT use automated decision-making or profiling that significantly affects your rights. All property assessments and recommendations involve human professional judgment.

12. International Data Transfers

Your information is primarily stored and processed in India. If you are accessing our services from outside India, please note that your information may be transferred to, stored, and processed in India where our servers and service providers are located.

13. Changes to Privacy Policy

We may update this Privacy Policy periodically. Material changes will be notified via email or prominent website notice. The "Last Updated" date indicates when changes were last made. Continued use after changes constitutes acceptance.

14. Contact Us

For privacy-related questions or concerns, contact our Privacy Officer: