Privacy Policy

Data Controller Information

This privacy policy applies to data processing activities conducted by:

We act as the data controller for all personal information collected through our website and digital signature certificate services.

Information We Collect

We collect various types of information to provide and improve our digital signature certificate services:

Personal Information for DSC Application

• Identity Information: Full name, date of birth, gender, father’s/mother’s name
• Contact Details: Email address, mobile number, postal address
• Identity Documents: Aadhaar card, PAN card, passport, voter ID, driving license
• Photographs: Recent passport-size photographs for certificate verification
• Biometric Data: Digital fingerprints and facial recognition data during eKYC
• Organization Details: Company name, designation, official email (for organizational certificates)

Technical Information

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Data: Pages visited, time spent, click patterns, referral sources
• Cookies & Tracking: Session cookies, preference cookies, analytics cookies
• Payment Information: Transaction IDs, payment gateway data (we don’t store card details)

Communication Data

• Support Communications: Email exchanges, chat logs, support tickets
• Marketing Communications: Newsletter subscriptions, promotional preferences
• Feedback & Surveys: Customer satisfaction surveys, service feedback

How We Use Your Information

We use your personal information for the following purposes, based on legitimate business interests and legal requirements:

Data Sharing and Disclosure

We share your personal information only in specific circumstances and with appropriate safeguards:

Authorized Third Parties

• Certifying Authorities (CAs): Your application data is shared with licensed CAs for certificate issuance and verification
• Payment Processors: Transaction details shared with secure payment gateways for processing payments
• eKYC Service Providers: Identity verification data shared with authorized eKYC service providers
• Courier Services: Delivery address and contact details shared for DSC token shipping
• IT Service Providers: Technical data shared with hosting and security service providers under strict confidentiality

Legal Disclosures

• Government Authorities: As required by law enforcement, tax authorities, or regulatory bodies
• Court Orders: When mandated by valid legal proceedings or court orders
• Compliance Requirements: To comply with applicable laws, regulations, and industry standards
• Emergency Situations: To protect safety, prevent fraud, or address security incidents

Data Retention Periods

We retain your personal information for different periods based on the type of data and legal requirements:

After the retention period expires, personal data is securely deleted or anonymized unless longer retention is required by law.

Your Privacy Rights

You have several rights regarding your personal information. We are committed to facilitating the exercise of these rights:

Access and Information Rights

• Right to Access: Request a copy of personal data we hold about you
• Right to Information: Understand how your data is being processed
• Data Portability: Receive your data in a structured, machine-readable format

Control and Correction Rights

• Right to Rectification: Correct inaccurate or incomplete personal information
• Right to Update: Modify your account information and preferences
• Consent Withdrawal: Withdraw consent for marketing communications

Deletion and Restriction Rights

• Right to Erasure: Request deletion of personal data (subject to legal requirements)
• Right to Restriction: Limit processing of personal data in certain circumstances
• Right to Object: Object to processing based on legitimate interests

Data Security Measures

We implement comprehensive security measures to protect your personal information:

Technical Security

• SSL/TLS Encryption: All data transmission secured with industry-standard encryption
• Data Encryption: Personal data encrypted at rest using AES-256 encryption
• Secure Servers: Data hosted on secure servers with regular security updates
• Access Controls: Role-based access with multi-factor authentication
• Regular Backups: Automated secure backups with disaster recovery procedures

Operational Security

• Staff Training: Regular privacy and security training for all employees
• Access Monitoring: Continuous monitoring of data access and usage
• Incident Response: Defined procedures for security incident management
• Vendor Management: Security assessments for all third-party service providers
• Audit & Compliance: Regular security audits and compliance assessments

Compliance Standards

• CCA Guidelines: Compliance with Controller of Certifying Authorities regulations
• Data Protection Laws: Adherence to Indian data protection and privacy laws
• Industry Standards: Implementation of ISO 27001 security practices
• Regular Updates: Continuous improvement of security measures

Cookies and Tracking Technologies

We use cookies and similar technologies to enhance your browsing experience and provide personalized services:

Types of Cookies We Use

• Essential Cookies: Required for website functionality, login sessions, and security
• Performance Cookies: Collect anonymous usage statistics to improve website performance
• Functionality Cookies: Remember your preferences and settings
• Marketing Cookies: Used for targeted advertising and measuring campaign effectiveness (with consent)

Third-Party Tracking

• Google Analytics: Website usage analytics and performance monitoring
• Payment Processors: Transaction tracking for payment processing
• Customer Support Tools: Chat functionality and support ticket management
• Social Media: Integration with social media platforms for sharing content

Managing Cookies

• Browser Settings: Configure cookie preferences in your browser settings
• Opt-Out Options: Disable marketing cookies through our privacy preference center
• Cookie Consent: Manage consent for different cookie categories
• Regular Cleanup: Periodically clear cookies and browsing data

Children’s Privacy Protection

We are committed to protecting the privacy of children and comply with applicable children’s privacy laws:

• Age Restrictions: Our services are intended for users aged 18 and above
• No Intentional Collection: We do not knowingly collect personal information from children under 18
• Parental Notice: If we discover we have collected information from a child, we will notify parents/guardians
• Immediate Deletion: Any inadvertently collected children’s data is immediately deleted
• Verification Procedures: Age verification is required during the DSC application process

International Data Transfers

Information about how we handle international data transfers:

• Primary Storage: All personal data is primarily stored and processed within India
• Cloud Services: Some data may be stored on international cloud platforms with appropriate safeguards
• Service Providers: International service providers are required to maintain equivalent data protection standards
• Adequacy Decisions: Transfers only to countries with adequate data protection levels
• Contractual Safeguards: Standard contractual clauses and data processing agreements in place
• Encryption in Transit: All international data transfers are encrypted and secured

Policy Updates and Changes

We may update this privacy policy from time to time to reflect changes in our practices or legal requirements:

• Regular Reviews: Privacy policy reviewed annually and updated as needed
• Material Changes: Significant changes will be prominently displayed on our website
• Email Notifications: Registered users notified of material changes via email
• Effective Date: Changes take effect 30 days after posting unless immediate compliance is required
• Previous Versions: Archives of previous policy versions available upon request
• Continued Use: Continued use of services indicates acceptance of updated policy