PRIVACY POLICY

Last Updated: July 10, 2025

1. PRIVACY FRAMEWORK & LEGAL COMPLIANCE

1.1 Comprehensive Privacy Statement

DIGIMEND is committed to protecting the privacy and personal data of all individuals who interact with our services. This Privacy Policy demonstrates our compliance with applicable data protection laws and outlines our transparent approach to personal data processing. We believe that privacy is a fundamental right and operate under the principle of “privacy by design” in all our business operations.

1.2 Legal Compliance Framework

This Privacy Policy is designed to comply with:

  • Digital Personal Data Protection Act, 2023 – India’s comprehensive data protection law
  • Information Technology Act, 2000 – Digital data and cyber security provisions
  • Information Technology (Reasonable Security Practices) Rules, 2011 – Data security requirements
  • European Union General Data Protection Regulation (GDPR) – For international customers

2. DATA COLLECTION & CLASSIFICATION

2.1 Personal Data Categories

We collect the following categories of personal information:

a) Identity Information:

  • Full name and preferred name/nickname
  • Email addresses (primary and secondary)
  • Phone numbers (mobile and landline)
  • Physical addresses (residential and business)
  • Government-issued identification numbers (when required)
  • Professional titles and company information

b) Financial Information:

  • Payment method details (UPI IDs, bank account numbers)
  • Transaction history and purchase patterns
  • Billing addresses and payment preferences
  • Credit/debit card information (processed through secure payment gateways)
  • GST registration numbers for business customers

c) Technical Information:

  • IP addresses and device identifiers
  • Browser types and versions
  • Operating system information
  • Website usage patterns and navigation paths
  • Device specifications and hardware configurations
  • Error logs and diagnostic information

2.2 Sensitive Personal Data

We do NOT collect the following sensitive categories:

  • Biometric information (fingerprints, facial recognition data)
  • Health records or medical information
  • Religious or political affiliations
  • Sexual orientation or gender identity details
  • Genetic or biometric data
  • Detailed financial account information beyond payment processing

3. LAWFUL BASIS FOR DATA PROCESSING

3.1 Legal Justifications

We process personal data based on the following lawful grounds:

a) Contractual Necessity:

  • Processing orders and appointment confirmations
  • Delivering products and services as agreed
  • Managing customer accounts and service histories
  • Fulfilling warranty and support obligations

b) Explicit Consent:

  • Marketing communications and promotional materials
  • Newsletter subscriptions and product updates
  • Optional data collection for service improvement
  • Cookies and tracking technologies (where required)

c) Legitimate Business Interests:

  • Fraud prevention and security measures
  • Business analytics and performance optimization
  • Customer service quality improvement
  • Legal compliance and regulatory reporting

4. DATA SHARING & THIRD-PARTY DISCLOSURES

4.1 Limited Third-Party Sharing

We share personal data only in the following circumstances:

a) Service Providers:

  • Payment Processors: Secure processing of financial transactions
  • Shipping Companies: Delivery of physical products within service areas
  • Cloud Service Providers: Secure data storage and backup services
  • Technical Support Vendors: Specialized technical assistance when required

b) Legal Requirements:

  • Law Enforcement: When required by valid legal process
  • Regulatory Authorities: Compliance with statutory reporting requirements
  • Court Orders: Compliance with judicial orders and subpoenas
  • Tax Authorities: GST and income tax compliance reporting

5. DATA SECURITY & PROTECTION MEASURES

5.1 Technical Security Measures

We implement comprehensive security controls:

a) Data Encryption:

  • Data in Transit: TLS 1.3 encryption for all data transmissions
  • Data at Rest: AES-256 encryption for stored personal data
  • Database Security: Encrypted database storage with access controls
  • Backup Encryption: Encrypted backup systems with secure key management

b) Access Controls:

  • Role-Based Access: Granular access permissions based on job functions
  • Multi-Factor Authentication: Required for all system access
  • Regular Access Reviews: Periodic audit of user access rights
  • Privilege Management: Principle of least privilege for data access

6. INDIVIDUAL RIGHTS & CONTROL MECHANISMS

6.1 Fundamental Privacy Rights

Under the DPDP Act 2023, individuals have the following rights:

a) Right to Information:

  • Processing Details: Information about how personal data is used
  • Data Categories: Details of what personal data is collected
  • Retention Periods: Information about how long data is stored
  • Third-Party Sharing: Details of data sharing with external parties

b) Right to Access:

  • Data Portability: Receive personal data in a structured, machine-readable format
  • Processing History: Details of all processing activities involving personal data
  • Source Information: Details about how personal data was obtained
  • Automated Decision-Making: Information about any automated processing

7. DATA RETENTION & DELETION POLICIES

7.1 Retention Schedule

Our data retention framework:

Data CategoryRetention PeriodLegal BasisDeletion Method
Transaction Records7 yearsLegal requirementSecure deletion
Customer Communications5 yearsBusiness necessitySystematic purging
Technical Logs3 yearsSecurity requirementsAutomated deletion
Marketing DataUntil consent withdrawalConsent-basedImmediate removal
Account InformationActive relationship + 3 yearsContractual necessitySecure deletion

8. INTERNATIONAL DATA TRANSFERS

8.1 Cross-Border Data Transfers

For international customers, we ensure:

a) Transfer Safeguards:

  • Standard Contractual Clauses: EU-approved data transfer agreements
  • Adequacy Decisions: Transfers to countries with adequate protection levels
  • Corporate Binding Rules: Internal data transfer governance frameworks
  • Certification Programs: Participation in recognized privacy certification schemes

9. GRIEVANCE REDRESSAL & CONTACT INFORMATION

9.1 Data Protection Officer Details

Primary Contact:

  • Name: Omkar Parte (Data Protection Officer)
  • Email: grievance@digimend.in
  • Phone: +919167575557
  • Address: 807, Malwadi, Vijaydurg RD, Landmark – PARTE FARMHOUSE, Ozaram, Kankavli, Maharashtra – 416801

Response Standards:

  • Acknowledgment: 24 hours from receipt of inquiry
  • Investigation: 48-72 hours for initial assessment
  • Resolution: 30 days maximum for final resolution
  • Documentation: Written response provided for all inquiries