Privacy and Data Protection Policy
1. Introduction
This Privacy and Data Protection Policy (“Policy”) specifies the Privacy Principles followed by Tpay Platform Private Limited and its employees regarding the collection, use, transfer, storage, and destruction of personal information/personally identifiable information.
Throughout this Policy, “Tpay” refers to Tpay Platform Private Limited (also referred to as “we,” “us,” or “our”).
Tpay’s commitment to these policy requirements reflects the value it places on complying with existing Data Protection regulations/legislation while simultaneously maintaining the trust of the employees, clients, business partners, and others whose personal or confidential information is shared with us in the course of our business operations.
This policy document applies to Tpay’s a) Information, b) Information Systems, c) Employees, and d) Third-Party Staff.
This Policy applies to the collection, storage, processing, transfer, and use of personal information concerning its clients, business partners, employees, former employees, applicants for employment, and may include other personal information not specifically listed here. Personal information may be collected from individuals through various means, including websites, other ordering channels, and service or employment processes.
The following security controls shall apply to the fair and lawful processing of personal information:
- Notice: Provide timely and appropriate notice to Data Subjects (refers to any information relating to an identified or identifiable natural person) about its data processing practices as required by applicable laws and regulations or as necessary from time to time.
- Choice: Do not use or provide personal information to third parties without giving the Data Subject(s) an opportunity to choose whether their information can be disclosed for such use unless otherwise permitted or required by law or regulation.
- Consent: Process personal information only with an individual’s consent, which may be express or implied, depending on the sensitivity of the personal information and the individual’s reasonable expectations, unless otherwise permitted or required by law or regulation.
Purpose:
- Collect personal information only for specific and legitimate business purposes.
- The information collected will be relevant, adequate, and not excessive for the purposes for which it is collected.
- Process personal information in a manner consistent with the purposes for which it was collected unless otherwise permitted or required by law or regulation, or the individual has subsequently consented to the new use of their personal information.
- Personal information collected from data subjects in the course of business will not be sold, rented, or leased.
Data Minimization:
- Take all legally required and commercially reasonable steps to ensure that personal information processed by Tpay is adequate, relevant, and limited to what is necessary for the purposes for which the information is processed.
Onward Transfer:
- Take appropriate measures, by contract or otherwise, to provide adequate protection for personal information that is disclosed to a third party or transferred to or accessed from another country (including internal transfers and transfers between business units and/or third parties).
Accuracy/Integrity:
- Take all legally required and commercially reasonable steps to ensure that personal information:
- is reliable for its intended use, accurate, complete, and, where necessary, kept up to date; and
- that is inaccurate or outdated is promptly either erased or rectified.
Access: Maintain processes to give Data Subjects reasonable access to their personal information and, as appropriate, the ability to correct, delete, or update inaccurate or incomplete information.
Security: Take all legally required and commercially reasonable measures proportional to the associated risk to protect personal information from loss, misuse, unauthorized access or disclosure, alteration, and destruction. Ensure appropriate levels of protection for information considered to be sensitive personal information.
Retention: Keep personal information in a form that permits identification of Data Subjects for no longer than is necessary for the purposes for which the personal information is processed. Personal information may be stored for longer periods and will be processed solely for archiving purposes in the public interest, or for scientific, historical, or statistical purposes, and subject to the implementation of appropriate safeguards.
- Accountability: The Director is responsible for and shall demonstrate compliance with this Policy’s requirements. The Director shall, as needed, designate individuals within the organization to be accountable for compliance with privacy and data protection laws and related policies.
- Data Subject Access Requests, Complaints, and Dispute Resolution: The Director shall provide points of contact and communication channels to raise access requests, initiate data protection and privacy-related complaints, or pursue dispute resolution, including a fair process to investigate and resolve requests and complaints, and to communicate the progress and status of requests or complaints to Data Subjects.
- Education and Awareness: Tpay shall, as needed, make available training and programs to educate and raise awareness among employees regarding legal, regulatory, and contractual responsibilities concerning the processing of personal information.
- Compliance: The Director is charged with implementing and enforcing this policy, promulgating additional privacy-related policies as may be required, and providing strategically coordinated privacy-related compliance functions as the Data Protection Officer when required. All covered under this policy shall ensure compliance and adherence to this Policy and the controls stipulated therein. Any violation of the Policy may result in disciplinary action, which may include suspension, restriction of access, or more severe penalties, up to and including termination of employment.
- Exception: Exceptions to this policy must be approved by the Director.
- Violations: Any employee who knowingly violates or attempts to violate this policy shall be subject to disciplinary action, up to and including separation from Tpay, subject to applicable local employment laws and regulations. Where illegal activities or attempts to bypass security controls are suspected, Tpay may report such events to the applicable local authorities. Exceptions to this policy must be approved by the Director.
Any grievances, complaints, queries, or comments concerning this Policy should be sent to Tpay in writing to the following contact email ID. Grievances and related queries shall be redressed as expeditiously as possible. The contact information is: contact@techpay.ai