Digital Personal Data Protection Act
1.Introduction
At Xneuronz AI, we value your privacy and are committed to ensuring the security and confidentiality of your personal data. This policy explains how we collect, use, and protect your personal data when you use our services, as well as your rights under Indian law. We adhere to the principles set forth by the DPDP Act to ensure that your personal data is handled with the utmost care and in compliance with applicable regulations.
2. Data Collection
We collect personal data directly from you when you interact with our services, visit our website, or communicate with us. The personal data we collect may include the following:
- Personal Identification Information: Full name, email address, phone number, mailing address, date of birth, gender, etc.
- Account and Login Information: Username, password, and other information needed for account registration and login.
- Technical Information: IP address, browser type, operating system, and details about your device used to access our services.
- Usage Data: Information on how you interact with our website, including browsing patterns, preferences, and activities on our site.
- Financial Data: Information required for transactions, such as payment details, billing address, and credit card information (when applicable).
We only collect data that is necessary for the services we provide and the specific purposes detailed below.
3. Purpose of Data Processing
We process your personal data for the following purposes:
- Service Delivery: To create and manage your account, provide customer support, and ensure the functionality of our website and services.
- Communication: To send you updates, newsletters, marketing communications, and respond to your inquiries.
- Personalization: To tailor your experience on our website based on your preferences and interactions.
- Transaction Processing: To process payments and manage billing, orders, and invoices.
- Compliance with Legal Obligations: To comply with applicable laws, respond to legal requests, and handle disputes.
- Security and Fraud Prevention: To protect your personal data from unauthorized access and detect security breaches or potential fraud.
- Research and Development: To improve our services and develop new features based on user feedback and usage data.
We ensure that the processing of your data is always linked to a legitimate purpose, as outlined above.
4. Consent
We rely on your explicit consent to process your personal data when required by the DPDP Act. Consent is obtained before collecting any personal data and for each specific purpose of data processing. You will be informed of the purpose of the data collection and given the opportunity to opt-in or opt-out, depending on your preferences.
- Consent Withdrawal: You have the right to withdraw your consent at any time. If you choose to withdraw your consent, we will stop processing your personal data for the specific purposes for which consent was provided.
- Opt-Out Options: If you do not wish to receive marketing communications from us, you can opt-out by following the unsubscribe link in our communications or by contacting us at [insert contact email].
We do not process any personal data without lawful consent unless required by law.
5. User Rights
Under the DPDP Act, you have the following rights concerning your personal data:
- Right to Access: You have the right to request access to your personal data that we hold, along with information about how it is being processed.
- Right to Rectification: If your personal data is inaccurate or incomplete, you have the right to request corrections or updates.
- Right to Erasure: Under certain circumstances, you have the right to request the deletion of your personal data (e.g., if the data is no longer necessary for the purpose for which it was collected).
- Right to Data Portability: You can request that your personal data be provided to you in a structured, machine-readable format, or transferred to another data controller.
- Right to Restrict Processing: In specific situations, you can request that we limit the processing of your personal data.
Right to Grievance Redressal: If you have concerns about how we handle your data, you can contact us through the grievance mechanism outlined below.
6. Data Security Measures
We take data security seriously and implement technical and organizational measures to protect your personal data from unauthorized access, alteration, disclosure, or destruction. These measures include:
- Encryption: Personal data is encrypted during transmission and storage.
- Access Control: Access to personal data is restricted to authorized personnel who need the information to perform their job functions.
- Regular Security Audits: We conduct regular security audits and assessments to identify vulnerabilities and enhance protection measures.
- Incident Response: We have a formal incident response plan in place to quickly address any data breaches or security incidents. In the event of a data breach, we will notify affected users and the relevant authorities as required by law.
7. Data Retention
We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy or as required by law. The retention period may vary depending on the type of data:
- Account Information: Retained for the duration of your account and deleted upon account closure.
- Transaction Data: Retained as long as necessary to comply with tax, accounting, and legal obligations.
- Marketing Data: Retained until you withdraw your consent or opt-out of marketing communications.
Once the data is no longer required, it will be securely deleted or anonymized.
8. Third-Party Sharing
We do not sell your personal data to third parties. However, we may share your personal data with trusted third parties for the following purposes:
- Service Providers: We may share data with third-party service providers who assist us in delivering our services (e.g., payment processors, cloud hosting services). These providers are contractually bound to process data securely and in compliance with the DPDP Act.
- Legal Compliance: We may disclose your personal data to comply with legal requirements, government requests, or court orders.
- Business Transfers: If our business is acquired, merged, or involved in a similar corporate transaction, personal data may be transferred as part of the transaction.
We ensure that third parties who receive your data are subject to strict contractual obligations regarding confidentiality and data protection.
9. Grievance Redressal
If you have any questions, concerns, or complaints regarding the processing of your personal data, please contact our Grievance Officer. We are committed to resolving all grievances promptly and transparently.
niyaz@xneuronz.com
NO 9, 2nd Floor, 27th Main, 100 Feet Ring Rd, Motors, BTM 1st Stage, Bengaluru, Karnataka 560068
You also have the right to lodge a complaint with the Data Protection Board if you believe your rights under the DPDP Act have been violated.
10. Cross-Border Transfers
If your personal data is transferred outside India, we ensure that appropriate safeguards are in place to protect your data as required by the DPDP Act. These safeguards may include:
- Contractual Clauses: Standard data protection clauses in contracts with foreign data recipients.
- Government Approval: Transfers to countries that have been approved by the Indian government for data transfers based on their data protection laws.
We will inform you if your personal data is transferred to another country and what measures are in place to protect it.
11. Changes to this Policy
We may update this Data Privacy Policy from time to time to reflect changes in our practices, legal obligations, or technology. When we make updates, we will revise the “Last Updated” date at the top of this policy. You are encouraged to review this policy periodically to stay informed about how we are protecting your data.
This Data Privacy Policy ensures compliance with the Digital Personal Data Protection Act (DPDP), 2023, and provides transparency to users regarding how their data is collected, processed, and protected.