Privacy & security policy

Privacy & security policy

At IDCUBE, we respect your privacy and are committed to protecting the personal data you share with us through our platform.

IDCUBE Identification Systems Private limited, a company incorporated under the laws of India, having our registered office at B 19, SECTOR-2, NOIDA, Gautam Buddha Nagar, Uttar Pradesh, 201301 (hereinafter referred as “Company”, “IDCUBE”, “We”, “Us”, or “Our”).

This Privacy Policy explains how we collect, use, store, and protect your personally identifiable information (“PII”) in compliance with the General Data Protection Regulation (GDPR).  You must not use the platform if you disagree with these Terms.

1. Information We Collect

We collect the following types of information when you use our Service:

• Personal Information: Name, email address, job title, company name, and other identifiable information you provide during account registration or through the Service.
• Usage Data: Information about your use of the Service, such as login data, device information, event logs, alarm logs, and browsing activity.
• Payment Information: Billing information necessary to process payments for the Service.

2. How We Use Your Information

We use the collected information for purposes such as:

• Providing and maintaining our services.
• Improving and personalizing the user experience.
• Communicating updates, security alerts, and system-generated notifications explicitly authorized by you.
• Complying with legal obligations.

We do not use PII data for marketing or any other purposes without your explicit consent.

3. Legal Basis for Processing Personal Data

Under the GDPR, we process personal data based on the following legal grounds:

• Contractual necessity: To fulfil our obligations under the Terms of Service and provide you with the Service.
• Legitimate interests: To improve the Service and protect against fraud and security threats.
• Consent: For certain marketing activities, where you have provided consent.

4. Sharing Your Information

We do not sell or rent your personal data to third parties. However, we may share your data with:

• Service providers: Third parties who assist us in operating the Service, such as payment processors or IT support.
• Legal compliance: If required by law or in response to legal requests, such as a subpoena or court order.
• Business transfers: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of the transaction.

5. Data Retention

We retain your personal data for as long as necessary to fulfill the purposes outlined in this Privacy Policy, including legal and regulatory purposes. You can request the deletion of your personal data in accordance with your rights under GDPR.

6. Retention of Event and Alarm Logs
   We retain event and alarm logs for a default period of two (2) years to ensure compliance with operational requirements and applicable regulations. If customers require log retention beyond the default period, we offer extended retention services on a chargeable basis. Please note that the availability of extended retention options may depend on the specific service or storage limitations. Customers can contact us for further details and to customize their log retention requirements.

7. Your Rights Under GDPR

As a data subject, you have the following rights:

• Access: The right to request a copy of the personal data we hold about you.
• Correction: The right to request corrections to any inaccurate or incomplete personal data.
• Deletion: The right to request the deletion of your personal data under certain circumstances.
• Restriction: The right to request the restriction of processing in certain situations.
• Objection: The right to object to the processing of your personal data.
• Portability: The right to receive your data in a structured, commonly used format and transfer it to another provider.

8. Data Security

We implement the highest level of security to protect your Personally Identifiable Information (PII). This includes ensuring that PII data is secured both at rest and in transit through encryption and other robust security measures. PII data is also encrypted within our databases located in the data centre in your region, ensuring it cannot be used for marketing or any purposes other than system-generated notifications or those explicitly authorized by you. Additionally, employees of IDCUBE are restricted from accessing the PII data of tenants on our platform, ensuring further protection of your information. However, no system is entirely secure, and we cannot guarantee complete security of your information.

9. International Data Transfers

Your personal data may be transferred and stored in countries outside your region of residence. In such cases, we ensure that appropriate safeguards are in place to protect your data, as applicable data protection laws require.

10. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect data about how you use the Service and to improve your user experience. You can control cookie settings through your browser.

11. Consent Management

To ensure transparency, we provide you with details on how your personal data will be collected, stored, and processed when visiting our premises.

Data Collected:

We collect the following information:

1. Name: To identify Employees/visitors.
2. Email ID: For communication and verification purposes.
3. Mobile Number: To contact you regarding your visit.
4. Photograph: To verify identity and ensure security.
5. ID Proof and Scanned Document: This is to validate your credentials for access.

Purpose of Data Collection:

The data is collected to:

1. Identify employees/visitors for secure access to the premises.
2. Maintain a record of employees/visitors for safety and operational reasons.
3. Comply with legal and regulatory obligations.

Consent:

By submitting your personal information and entering the premises, you explicitly agree to:

1. The collection, processing, and storage of your data for the purposes stated above.
2. Sharing your data with authorized personnel when required for security purposes.

Your Rights:

You have the following rights regarding your data:

1. The right to access your data.
2. The right to correct any inaccuracies in your data.
3. The right to withdraw your consent at any time (subject to legal obligations).
4. The right to request deletion of your data.

12. Data Breach Policy

We take data breaches seriously and have a detailed protocol to manage such incidents effectively. In the event of a data breach:

1. Identification: We will promptly identify and assess the scope of the breach.
2. Notification: If required by applicable laws, we will notify affected individuals and relevant regulatory authorities within 72 hours of becoming aware of the breach, where feasible. Notifications will include details of the breach, its impact, and recommended actions to mitigate risks.
3. Mitigation: We will take immediate steps to contain the breach, secure the system, and prevent future occurrences.
4. Review: We will conduct a thorough investigation and review to understand the cause of the breach and implement corrective measures.
5. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If any material changes are made, you will be notified, and you will be required to accept the updated Policy to continue using the Service.

14. Data Protection Officer (DPO)

We have appointed a Data Protection Officer (DPO) to oversee compliance with this Privacy Policy and applicable data protection laws. The DPO’s roles and responsibilities include:

1. Monitoring compliance with data protection laws and our internal policies.
2. Providing guidance on data protection impact assessments (DPIAs).
3. Serving as a point of contact for data subjects and regulatory authorities regarding privacy-related matters.
4. Ensuring that PII data is handled securely and in accordance with this Privacy Policy.

You can contact our DPO at:
Name: Ujjal Sarmah
Email: ujjal@idcubesystems.com

Thank you for trusting IDCUBE