This Policy is intended to safeguard user records collected and retained by Passport-India. This policy details out what is expected of Passport-India employees and other stakeholders involved in retention of data and its protection.
Personal data shall be kept in a form which permits the identification of users for no longer than is necessary for the reasons why the personal data is processed. In certain cases, personal data may be stored for longer periods where that data is to be processed for archiving purposes that are in the public interest, for scientific or historical research, or for statistical purposes, subject to the implementation of the appropriate technical and organisational measures required to protect that data.
This Policy sets out the types of personal data held by Passport-India, the duration of its retention, the criteria for establishing and reviewing the length of such duration and when it is to be deleted or otherwise disposed of.
a. “User” (hereinafter collectively referred to as “You”, “Your”,), mean our customers who use our Service(s) or any other natural person who visit our website(s) and whose personal data is being collected, held or processed by Passport-India.
b. “Service Data” means all electronic data, text, messages or other materials, including personal data of Users, submitted to the service(s) by You in connection with Your use of the service(s), including, without limitation, to Personal Data.
c. “Personal Data” means data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the Passport-India.
a. The primary aim of this Policy is to set out limits for the retention of Service Data or personal data.
b. In addition to safeguarding the rights of users by ensuring that excessive amounts of data are not retained by Passport-India, this Policy also aims to improve the speed and efficiency of managing data.
a. This Policy applies to all personal data held by Passport-India for the sole purpose of processing and fulfilling requests made by users.
b. This policy applies on all Passport-India workstations – desktops, laptops, servers, physical modes of personal data collection including but not limited to physical forms, visitor logs, visiting cards collected etcetera, this policy also covers all virtual machines including cloud servers under control of Passport-India.
b. Such records may be of one person or may be of several persons. Such records may be present in electronic format or as a paper copy. Such records may be present inside the local machines or on a cloud or simply as a printout on a paper.
a. Passport-India shall not retain any personal data for any longer than is necessary considering the purpose(s) for which that data is collected, held, and processed, unless required by the law.
b. Different types of personal data, used for different purposes, will necessarily be retained for different periods (and its retention periodically reviewed).
c. When establishing and/or reviewing retention periods, the following points shall be considered:
i. The objectives and requirements of Passport-India;
ii. The type of personal data in question;
iii. The purposes for which the data in question is collected, held, and processed;
d. If a precise retention period cannot be fixed for a particular type of data, criteria shall be established by which the retention of the data will be determined, thereby ensuring that the data in question, and the retention of that data, can be regularly reviewed against those criteria.
e. Certain personal data may be deleted or otherwise disposed of prior to the expiry of its defined retention period where a decision is made within Passport-India to do so whether in response to a request by a user or otherwise.
f. The data retention mandated differently in accordance with applicable law, will be deemed to be 12 months from the date of creation of the document.
- To respond to queries or requests submitted by the user.
- To administer or otherwise perform the company’s obligations in relation to any agreement with the user.
- To provide the user with the information, products and services requested.
- To provide the user with information services we offer that are similar to those already purchased or enquired about.
- To Notify the user about changes to our services.
a. Your Personal Data and files are stored on Passport-India’s servers and the servers of companies we hire to provide services to us. We have servers located in India, however your personal information may be transferred across national borders as the companies we hire to help us run our business may be located in different countries around the world. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.
a. We understand that the security of your personal information is important. Sensitive and private data exchange between the Site and its Users happens over a SSL secured communication channel and is encrypted and protected with digital signatures. Our Site is also in compliance with PCI vulnerability standards in order to create as secure of an environment as possible for you. While we provide administrative, technical, and physical security controls to protect your personal information. At the same time, it is important for you to protect against unauthorized access to your password and to your computer. Be sure to sign off when finished using a shared computer. However, despite our efforts, no security controls are 100% effective and we cannot ensure or warrant the security of your personal information.
Upon the expiry of the data retention periods set out in this Policy, personal data shall be deleted, destroyed, or otherwise disposed unless as required by the law.
a. The grievance officer shall be responsible for overseeing the implementation of this Policy and for monitoring compliance with this Policy, Passport-India’s other data management policies, with the Information Technology Act 2008(Amended) and other applicable data protection legislation.
b. Any questions regarding this Policy, the retention of personal data, or any other aspect of compliance with Information Technology Act 2008 should be referred to the grievance officer.
Exemptions for prolonging of retention periods covered in this Policy in view of special circumstances are mentioned below:
- Ongoing investigations from any competent authorities under Indian law, if there is a chance records of personal data are needed by us to prove compliance with any legal requirements; or
- When exercising legal rights in cases of lawsuits or similar court proceeding.
Passport-India expects that its Users read and understand this policy and in case you are unable to understand anything, you are required to contact the grievance officer of this Policy in Passport-India available by filing grievance form on the same portal.
This Policy has been approved and authorised by the Partners of Passport-India.