1.Introduction
The Aarogya Techzone Private Limited Data Protection and Privacy (DPDP) Act outlines our commitment to safeguarding personal data and ensuring compliance with data protection regulations. This Act sets forth the policies and procedures Aarogya Techzone Private Limited adheres to in the collection,
use, processing, and protection of personal data.
2.Data Subject Rights Policy
Aarogya Techzone acknowledges and respects the rights of individuals with respect to their personal data. This policy outlines the rights of data subjects and how they can exercise these rights.
2.1. Right to Access
- Description: Data subjects have the right to request access to their personal data held by Aarogya Techzone.
- Procedure: Requests must be submitted in writing to the Data Protection Officer (DPO). Aarogya Techzone will respond within 30
days of receiving the request.
2.2. Right to Rectification
- Description: Data subjects can request correction of inaccurate or incomplete personal data.
- Procedure: Requests must be directed to the DPO. DPO will make necessary corrections and notify the data subject of the updates.
2.3. Right to Erasure
- Description: Data subjects can request the deletion of personal data under certain conditions.
- Procedure: Requests must be submitted to the DPO. DPO will evaluate the request and, if appropriate, erase the data and notify
the data subject. Data subjects can request the deletion of personal data under certain conditions.
2.4. Right to Restrict Processing
- Description: Data subjects can request the restriction of processing their personal data in specific circumstances.
- Procedure: Requests must be made to the DPO. Aarogya Techzone will implement the restriction and inform the data subject.
2.5. Right to Data Portability
- Description: Data subjects can request their data in a structured, commonly used format or request direct transmission to another
controller.
- Procedure: Requests should be submitted to the DPO. Aarogya Techzone will comply with the request where feasible.
2.6. Right to Object
- Description: Data subjects can object to the processing of their personal data based on legitimate interests or direct marketing.
- Procedure: Objections should be made to the DPO. Aarogya Techzone will cease processing unless there are compelling legitimate grounds.
3. Data Privacy Policy
Aarogya Techzone is committed to protecting the privacy of personal data and ensuring its security.
3.1. Data Collection
- Scope: Aarogya Techzone collects personal data necessary for business operations, including contact details, identification
information, and transactional data.
- Purpose: Data is collected to provide and improve services, communicate effectively, and comply with legal obligations.
3.2. Data Use
- Scope: Personal data is used for its intended purposes and not for any incompatible purposes.
- Limitations: Data is processed in accordance with the principle of data minimization.
3.3. Data Sharing
- Scope: Data may be shared with third parties for operational reasons or with consent.
- Third-Party Compliance: Third parties are required to adhere to data protection standards similar to those upheld by Aarogya Techzone.
3.4. Data Security
- Measures: Aarogya Techzone implements technical and organizational measures to protect personal data from unauthorized access, alteration, or loss.
- Review: Security measures are regularly reviewed and updated.
3.5. Data Breach Notification
- Scope: In the event of a data breach, Aarogya Techzone will notify affected individuals and relevant authorities within 24 hours of discovery.
- Procedure: Breach notifications will include details of the breach, potential consequences, and mitigation measures.
4. Evidence of Data Protection Officer (DPO)
Aarogya Techzone has appointed a Data Protection Officer to oversee data protection practices.
4.1. DPO Details
4.2. Responsibilities
- Oversight: Monitor compliance with data protection laws.
- Advice: Provide guidance on data protection impact assessments and policies.
- Liaison: Serve as the contact point for data subjects and regulatory authorities.
5. Record of Processing Activities
Aarogya Techzone maintains a comprehensive record of processing activities to ensure transparency and accountability.
5.1. Record Contents
- Details: Includes the purposes of processing, categories of personal data, categories of data subjects, and retention periods.
- Review: The record is reviewed regularly and updated as necessary.
5.2. Documentation
- Access: The record is available for inspection by relevant authorities as required.
6. Data Transfer Policy
Aarogya Techzone ensures that international transfers of personal data comply with applicable data protection laws.
6.1. Transfer Mechanisms
- Compliance: Transfers outside the European Economic Area (EEA) are conducted using mechanisms such as Standard Contractual Clauses (SCCs) or ensuring adequate data protection standards in the receiving country.
6.2. Safeguards
- Measures: Adequate safeguards are implemented to protect personal data during international transfers.
7. Data Processor Agreement
Aarogya Techzone enters into agreements with data processors to ensure compliance with data protection standards.
7.1. Agreement Content
- Clauses: Agreements include obligations related to data protection, confidentiality, and security measures.
- Compliance: Processors are required to comply with applicable data protection laws and standards.
7.2. Processor Responsibilities
- Security: Implement technical and organizational measures to protect personal data.
- Notification: Inform Aarogya Techzone of any data breaches involving personal data.
8. Data Retention Policy
Aarogya Techzone establishes a data retention policy to ensure that personal data is kept only as long as necessary.
8.1. Retention Periods
- Criteria: Personal data is retained based on legal, regulatory, and operational requirements.
- Review: Retention periods are regularly reviewed to ensure compliance with data protection laws.
8.2. Data Disposal
- Procedure: When data is no longer needed, it is securely disposed of to prevent unauthorized access or use.
9. Contact Us
If you have any questions or concerns about this Policy or our data protection practices, please contact us at:
Data Protection Officer:
