Privacy Policy for City Professionals Private Limited

Last Updated: 21st July, 2025

This Privacy Policy ("Policy") describes how City Professionals Private Limited ("City Professionals", "we", "us", or "our") collects, uses, processes, stores, and discloses your personal data when you access, use, or interact with our platform available at our website or mobile application (collectively, the "Platform") or avail services that City Professionals offers you on or through the Platform (collectively, the "Services"). The services offered to you by service professionals on or through the Platform are referred to as "Professional Services".

Company Information

Legal Entity Name: City Professionals Private Limited

Registered Office Address: 10TH FLR C WING, NESCO IT BUILDING NO 4, Goregaon East, Mumbai- 400063, Maharashtra

Email for Privacy/Grievance Queries: support@cityprofessionals.in

At City Professionals, we are committed to protecting your personal data and respecting your privacy in accordance with the Digital Personal Data Protection Act, 2023 ("DPDP Act"), the Information Technology Act, 2000, and other applicable data protection laws in India. This Policy explains how we process and use personal data about you and your rights in relation to such data.

By using the Services, you confirm that you have read and agree to be bound by this Policy and consent to the processing activities described under this Policy.

 

1. BACKGROUND AND KEY INFORMATION

(a) How this Policy applies

This Policy applies to individuals who access or use the Services or otherwise avail the Professional Services. By using the Platform, you consent to the collection, storage, usage, and disclosure of your personal data as described in this Policy.

(b) Review and Updates

We regularly review and update our Privacy Policy to ensure compliance with applicable laws and regulations. It is important that the personal data we hold about you is accurate and current. Please let us know if your personal data changes during your relationship with us.

(c) Legal Compliance

This Privacy Policy has been designed to comply with the DPDP Act, 2023, which requires clear consent mechanisms, transparent data processing practices, and robust grievance redressal systems.

 

2. PERSONAL DATA THAT WE COLLECT

We collect different types of personal data about you in accordance with the data minimization principle under the DPDP Act. This includes, but is not limited to:

(a) Identity and Contact Data

Name, username or similar identifiers

Mailing or home address, location

Email addresses and mobile numbers

Photographs and gender information

Government-issued identification documents (when required)

(b) Professional and Service Data

Service requests and preferences

Booking history and service utilization patterns

Communication records with service professionals

Reviews, feedback, and ratings

(c) Technical Data

IP address, browser type, internet service provider

Details of operating system and access time

Device ID, device type, and mobile application activity

Website and mobile application usage patterns

Location data (with your consent)

(d) Transaction and Payment Data

Details of Services or Professional Services availed

Limited payment card details (tokenized for security)

UPI IDs and transaction histories

Billing and invoice information

(e) Marketing and Communications Data

Your preferences in receiving marketing communications

Responses to surveys and promotional activities

Communication preferences and interaction history

We also collect, use, and share aggregated data such as statistical or demographic data. Aggregated data may be derived from your personal data but does not directly or indirectly reveal your identity and is not considered personal data under applicable law.

 

3. HOW WE COLLECT PERSONAL DATA

(a) Direct Interactions

You provide us your personal data when you:

Create an account or profile with us

Use our Services or avail Professional Services

Enter promotions, surveys, or provide feedback

Request marketing communications

Report problems or contact us for support

(b) Automated Technologies

We automatically collect Technical Data through:

Cookies, web beacons, and similar technologies

Server logs and analytics tools

Mobile application usage tracking

Device and browser information collection

(c) Third Parties and Service Professionals

We receive personal data from:

Service professionals providing services to you

Payment processors and financial institutions

Analytics providers and advertising networks

Publicly available sources where legally permitted

 

4. HOW WE USE YOUR PERSONAL DATA

We process your personal data only for lawful purposes and in accordance with the DPDP Act requirements:

(a) Primary Purposes

To verify your identity and create your user account

To provide the Services and facilitate Professional Services

To process payments and manage transactions

To communicate with you regarding bookings and services

To provide customer support and resolve queries

(b) Secondary Purposes (with consent)

To personalize your experience and improve our Services

To send marketing communications and promotional offers

To conduct research and analytics for service improvement

To ensure platform safety and prevent fraudulent activities

(c) Legal Obligations

To comply with applicable laws and regulations

To respond to legal requests from government authorities

To enforce our Terms and Conditions

To protect our rights and interests

(d) Consent Mechanisms

In accordance with the DPDP Act, we obtain your free, specific, informed, unconditional and unambiguous consent through clear affirmative action before processing your personal data. You have the right to withdraw consent at any time through your account settings or by contacting us at support@cityprofessionals.in.

 

5. DATA SHARING AND DISCLOSURE

(a) Service Professionals

We share relevant personal data with Service Professionals to enable them to provide Professional Services to you, including your contact information, location, and service requirements.

(b) Third-Party Service Providers

We may share your data with trusted third-party service providers who assist us in:

Payment processing and transaction management

Cloud hosting and data storage services

Analytics and marketing services

Customer support and communication services

(c) Legal Disclosures

We may disclose your personal data when required by law or to:

Comply with legal obligations and court orders

Protect and defend our rights and property

Prevent fraud and ensure platform security

Cooperate with law enforcement agencies

(d) Business Transfers

In the event of a merger, acquisition, or sale of assets, your personal data may be transferred to the acquiring entity, subject to appropriate safeguards.

 

6. CROSS-BORDER DATA TRANSFERS

Personal data may be transferred to and processed in countries other than India as part of our service operations. We ensure such transfers comply with:

Section 16 of the DPDP Act, which permits transfers unless specifically restricted by the Central Government

Appropriate security measures and contractual safeguards

Applicable sectoral regulations that may impose additional restrictions

Currently, no countries have been notified as restricted for data transfers under the DPDP Act.

 

7. DATA RETENTION

(a) General Principle

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Policy or as required by applicable law. In accordance with Section 8(7) of the DPDP Act, we will erase personal data when:

The specified purpose is no longer being served

You withdraw your consent (unless retention is legally required)

The retention period specified under applicable rules expires

(b) Specific Retention Periods

For platforms with significant user bases, the Draft DPDP Rules specify a three-year retention period from the date of your last interaction with our services. We will notify you at least 48 hours before scheduled erasure of your data.

(c) Legal Retention Requirements

Some data may be retained longer when required for:

Compliance with legal obligations

Resolution of disputes or legal proceedings

Prevention of fraud and ensuring platform security

 

8. DATA SECURITY

(a) Security Measures

We implement comprehensive security safeguards including:

Advanced encryption for data in transit and at rest

Multi-factor authentication and access controls

Regular security audits and vulnerability assessments

Employee training on data protection practices

Secure cloud infrastructure with industry-standard protections

(b) Data Breach Response

In the event of a personal data breach, we will:

Notify the Data Protection Board of India as required under the DPDP Act

Inform affected data principals about the breach

Take immediate remedial measures to mitigate harm

Conduct thorough investigations to prevent future incidents

(c) Your Security Responsibilities

You are responsible for:

Maintaining the confidentiality of your account credentials

Using strong passwords and updating them regularly

Promptly notifying us of any unauthorized access to your account

Keeping your contact information updated

 

9. YOUR RIGHTS UNDER THE DPDP ACT

As a data principal under the DPDP Act, you have the following rights:

(a) Right to Information

You have the right to obtain information about:

Personal data being processed about you

The purpose and lawful basis for processing

Categories of recipients of your personal data

Retention periods for your data

(b) Right to Correction, Completion, and Updates

You can request us to:

Correct inaccurate personal data

Complete incomplete personal data

Update outdated information

(c) Right to Erasure

You can request deletion of your personal data when:

The data is no longer necessary for the original purpose

You withdraw consent and no other lawful basis exists

The data has been unlawfully processed

(d) Right to Data Portability

You have the right to receive your personal data in a structured, commonly used format and transmit it to another data fiduciary.

(e) Right to Nomination

You can nominate another person to exercise your rights in the event of death or incapacity.

(f) Right to Withdraw Consent

You can withdraw your consent at any time, though this may affect our ability to provide certain Services.

10. CHILDREN'S DATA PROTECTION

(a) Definition of Child

Under the DPDP Act, a "child" means an individual who has not completed 18 years of age.

(b) Parental Consent Requirement

We process personal data of children only after obtaining verifiable parental or guardian consent. This includes:

Verification of the parent's or guardian's identity

Confirmation of their relationship to the child

Clear consent for specific data processing activities

(c) Prohibited Activities for Children's Data

We do not engage in:

Tracking or behavioral monitoring of children

Targeted advertising directed at children

Processing that may cause detrimental effects to children's well-being

(d) Enhanced Protection Measures

For children's data, we implement:

Age verification mechanisms

Additional security safeguards

Limited data collection and retention

Child-safe platform design principles

 

11. COOKIES AND TRACKING TECHNOLOGIES

(a) Use of Cookies

We use cookies and similar technologies to:

Remember your preferences and settings

Analyze platform usage and performance

Provide personalized content and advertisements

Ensure platform security and prevent fraud

(b) Cookie Categories

Essential Cookies: Necessary for platform functionality

Analytics Cookies: Help us understand user behavior

Marketing Cookies: Used for targeted advertising (with consent)

Functional Cookies: Remember your preferences

(c) Managing Cookies

You can control cookies through:

Browser settings and preferences

Platform cookie consent tools

Opt-out mechanisms for marketing cookies

 

12. GRIEVANCE REDRESSAL MECHANISM

(a) Internal Grievance Process

We have established an accessible grievance redressal mechanism as required under the DPDP Act. You can raise complaints or exercise your rights by:

Sending an email to support@cityprofessionals.in

Using the in-platform grievance submission system

Writing to our grievance officer (details below)

(b) Grievance Officer Details

Name: Rohit Dhawan

Designation: CEO

Email: support@cityprofessionals.in

Phone: 8668998536

(c) Response Timeline

We will acknowledge your grievance within 48 hours and provide a resolution within the timeframes prescribed by applicable law, typically within 30 days.

(d) Escalation to Data Protection Board

If you are not satisfied with our response, you can approach the Data Protection Board of India established under the DPDP Act.

 

13. THIRD-PARTY SERVICES AND LINKS

(a) Third-Party Services

Our Platform may integrate with third-party services for:

Payment processing

Analytics and marketing

Social media integration

Customer support tools

(b) Third-Party Privacy Policies

We encourage you to read the privacy policies of any third-party services you access through our Platform. We are not responsible for the privacy practices of these third parties.

(c) External Links

Our Platform may contain links to external websites. We do not control these websites and are not responsible for their content or privacy practices.

 

14. MARKETING COMMUNICATIONS

(a) Consent for Marketing

We will send you marketing communications. You can opt-in to receive:

Service updates and new feature announcements

Promotional offers and discounts

Newsletters and industry insights

Survey and feedback requests

(b) Opting Out

You can opt-out of marketing communications by:

Using the unsubscribe link in emails

Updating your communication preferences in your account

Contacting us at support@cityprofessionals.in

(c) Service Communications

Please note that we may still send you essential service-related communications even if you opt-out of marketing communications.

 

15. INTERNATIONAL DATA TRANSFERS

(a) Transfer Mechanisms

When we transfer personal data internationally, we ensure:

Compliance with the DPDP Act's cross-border transfer provisions

Implementation of appropriate safeguards

Adherence to sectoral regulations where applicable

(b) Restricted Countries

We monitor and comply with any countries or territories that may be notified as restricted by the Central Government under Section 16 of the DPDP Act.

 

16. DATA PROTECTION IMPACT ASSESSMENTS

For high-risk processing activities, we conduct Data Protection Impact Assessments (DPIAs) to:

Identify and mitigate privacy risks

Ensure compliance with data protection principles

Implement appropriate safeguards

Document our decision-making process

 

17. COMPLIANCE MONITORING

(a) Regular Audits

We conduct regular audits to ensure:

Compliance with this Privacy Policy

Adherence to applicable data protection laws

Effectiveness of security measures

Proper implementation of data subject rights

(b) Staff Training

We provide regular training to our employees on:

Data protection principles and requirements

Handling of personal data

Security protocols and procedures

Incident response and breach management

 

18. UPDATES TO THIS POLICY

(a) Policy Changes

We may update this Policy periodically to reflect:

Changes in applicable laws and regulations

Updates to our business practices

Enhancements to our security measures

Feedback from users and regulators

(b) Notification of Changes

We will notify you of significant changes through:

Email notifications to your registered email address

Prominent notices on our Platform

(c) Continued Use

Your continued use of our Services after policy updates constitutes acceptance of the revised Policy.

19. CONTACT INFORMATION

(a) General Inquiries

For questions about this Privacy Policy or our data practices:

Email: support@cityprofessionals.in

Address: 10TH FLR C WING, NESCO IT BUILDING NO 4, Goregaon East, Mumbai- 400063, Maharashtra

(b) Data Protection Matters

For specific data protection queries or to exercise your rights:

Email: support@cityprofessionals.in

Grievance Officer: Rohit Dhawan, CEO

(c) Regulatory Authorities

If you have concerns about our data practices, you may also contact:

Ministry of Electronics and Information Technology for intermediary-related matters

 

20. LEGAL BASIS FOR PROCESSING

Our legal basis for processing personal data includes:

Consent: Where you have provided clear consent for specific processing activities

Legitimate Use: As defined under the DPDP Act for certain specified purposes

Legal Obligation: Where processing is required to comply with applicable laws

Vital Interests: To protect your vital interests or those of others in emergency situations

 

21. AUTOMATED DECISION-MAKING

(a) Use of Automated Systems

We may use automated decision-making for:

Service professional matching and recommendations

Fraud detection and prevention

Platform security and risk assessment

Personalized content delivery

(b) Your Rights

You have the right to:

Be informed about automated decision-making

Request human intervention in automated decisions

Challenge automated decisions that significantly affect you

 

22. SPECIAL CATEGORIES OF DATA

We do not generally process special categories of personal data (such as health data, biometric data, or religious beliefs) unless:

Required for specific service delivery (e.g., health-related professional services)

You have provided explicit consent

Processing is necessary for legal obligations

 

23. BUSINESS CONTACT PROCESSING

For business contacts and professional relationships, we process personal data based on:

Legitimate business interests

Contractual obligations

Consent where required

Legal compliance requirements

This Privacy Policy demonstrates City Professionals Private Limited's commitment to data protection and privacy rights under Indian law. We are dedicated to maintaining the highest standards of data security and transparency in all our processing activities.

For any questions or concerns regarding this Privacy Policy, please contact us at support@cityprofessionals.in.