Lex Arbitrate

Institutional Notice

Privacy Policy

The Registry processes personal data only as needed to administer institutional matters and operate this website. Nothing more.

Lex Arbitrate operates under Indian privacy law including the Digital Personal Data Protection Act, 2023 (DPDPA), and the Information Technology (Reasonable Security Practices) Rules, 2011. This policy explains what personal data the Registry collects, why, how long it is held, and the rights of data principals under Indian law.

1. The Registry as data fiduciary

For matters administered under the Rulebook, the Registry is the data fiduciary in respect of personal data of parties, counsel, witnesses, and arbitrators. For website use, the Registry is the data fiduciary in respect of website visitors. Contact for data-protection enquiries: registry@lexarbitrate.com.

2. What we collect

From visitors to this website: server-side request logs (IP address, user agent, referrer, timestamps) for security and operational integrity; an institutional acknowledgement of the Rule 36 notice, stored locally in the visitor's browser; and, if you submit the Quarterly Digest form, your email address.

From parties to a matter: the personal and corporate data necessary to administer the matter under the Rulebook — party identity, counsel of record, contact information, pleadings and exhibits, financial and award data, and the institutional file required by Article 38.

3. Why we collect it

Website data is held for security, debugging, and aggregate institutional analytics. Matter data is held for the administration of the matter, the issuance of awards, and the satisfaction of statutory and supervisory-court record-keeping obligations. The Registry does not sell, trade, or licence personal data, ever.

4. How long we hold it

Website logs are retained for ninety days, then purged. Quarterly Digest emails are retained until the subscriber unsubscribes. Matter records are retained as long as the Rulebook and Indian law require — generally, the duration of the matter plus seven years — to support enforcement, set-aside, and supervisory-court proceedings. Records may be retained longer where required by court order.

5. Where it is stored

Personal data is stored on infrastructure located in India and in jurisdictions that the Government of India has not restricted under DPDPA section 16. The Registry uses encryption in transit (TLS 1.3) and encryption at rest for the institutional data room.

6. Cookies and similar technologies

This website uses functional storage only: a single localStorage entry recording the institutional acknowledgement, and the cookies set by the WordPress core for content delivery and caching. There are no advertising cookies, no third-party analytics cookies, and no cross-site tracking. AI training and large-language-model crawling are explicitly opted-out of, by both meta directive and HTTP header.

7. Your rights

Under DPDPA, you have the right to obtain a summary of personal data processed, to seek correction or erasure, to nominate a representative for data-rights exercise, and to lodge a grievance with the Data Protection Board. Write to registry@lexarbitrate.com. The Registry responds within fourteen days.

8. Children

This website is not directed at minors. The Registry does not knowingly collect personal data from anyone under eighteen.

9. Changes to this policy

Material changes are notified by an updated Reviewed date on this page and, where appropriate, by an institutional notice issued through the Registry.

Reviewed: 25 April 2026.