This Data Retention Policy sets out the obligations of CorpAid Consultancy Services Private Limited(hereinafter collectively referred to as “CorpAid”, “We”, “Us” or “Our”) regarding retention of personal data collected, held, and processed by CorpAid. The retention of information collected through our Site shall be governed by this Policy and is therefore incorporated into our Terms of Use.
This Policy is intended to safeguard user records collected and retained by CorpAid. This policy details out what is expected of CorpAid employees and other stakeholders involved in retention of data and its protection.
Personal data shall be kept in a form which permits the identification of users for no longer than is necessary for the reasons why the personal data is processed. In certain cases, personal data may be stored for longer periods where that data is to be processed for archiving purposes that are in the public interest, for scientific or historical research, or for statistical purposes, subject to the implementation of the appropriate technical and organisational measures required to protect that data.
This Policy sets out the types of personal data held by CorpAid, the duration of its retention, the criteria for establishing and reviewing the length of such duration and when it is to be deleted or otherwise disposed of.
a. “User” (hereinafter collectively referred to as “You”, “Your”,), mean our customers who use our Service(s) or any other natural person who visit our website(s) and whose personal data is being collected, held or processed by CorpAid.
b. “Service Data” means all electronic data, text, messages or other materials, including personal data of Users, submitted to the service(s) by You in connection with Your use of the service(s), including, without limitation, to Personal Data.
c. “Personal Data” means data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in, or is likely to come into, the possession of the CorpAid.
a. The primary aim of this Policy is to set out limits for the retention of Service Data or personal data.
b. In addition to safeguarding the rights of users by ensuring that excessive amounts of data are not retained by CorpAid, this Policy also aims to improve the speed and efficiency of managing data.
a. This Policy applies to all personal data held by CorpAid for the sole purpose of processing and fulfilling requests made by users.
b. This policy applies on all CorpAid workstations – desktops, laptops, servers, physical modes of personal data collection including but not limited to physical forms, visitor logs, visiting cards collected etcetera, this policy also covers all virtual machines including cloud servers under control of CorpAid.
a. Records under this policy means any information you enter on our site or give us in any other way. For example, during sign up you provide us with name, email, address, telephone etcetera. You can choose not to provide certain information, but then you might not be able to take advantage of all of our services and features. We use the information that you provide for purposes as mentioned in our Privacy Policy.
b. Such records may be of one person or may be of several persons. Such records may be present in electronic format or as a paper copy. Such records may be present inside the local machines or on a cloud or simply as a printout on a paper.
a. CorpAid shall not retain any personal data for any longer than is necessary considering the purpose(s) for which that data is collected, held, and processed, unless required by the law.
b. Different types of personal data, used for different purposes, will necessarily be retained for different periods (and its retention periodically reviewed).
c. When establishing and/or reviewing retention periods, the following points shall be considered:
i. The objectives and requirements of CorpAid;
ii. The type of personal data in question;
iii. The purposes for which the data in question is collected, held, and processed;
d. If a precise retention period cannot be fixed for a particular type of data, criteria shall be established by which the retention of the data will be determined, thereby ensuring that the data in question, and the retention of that data, can be regularly reviewed against those criteria.
e. Certain personal data may be deleted or otherwise disposed of prior to the expiry of its defined retention period where a decision is made within CorpAid to do so whether in response to a request by a user or otherwise.
f. The required retention period for any category of documents not specifically defined elsewhere in this Policy including the Data Retention Schedule covered under Annexure 1, unless otherwise mandated differently in accordance with applicable law, will be deemed to be 12 months from the date of creation of the document.
a. Your Personal Data and files are stored on CorpAid’s servers and the servers of companies we hire to provide services to us. We have servers located in India, however your personal information may be transferred across national borders as the companies we hire to help us run our business may be located in different countries around the world. Unfortunately, the transmission of information via the internet is not completely secure. Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.
a. We understand that the security of your personal information is important. Sensitive and private data exchange between the Site and its Users happens over a SSL secured communication channel and is encrypted and protected with digital signatures. Our Site is also in compliance with PCI vulnerability standards in order to create as secure of an environment as possible for you. While we provide administrative, technical, and physical security controls to protect your personal information. At the same time, it is important for you to protect against unauthorized access to your password and to your computer. Be sure to sign off when finished using a shared computer. However, despite our efforts, no security controls are 100% effective and we cannot ensure or warrant the security of your personal information.
Upon the expiry of the data retention periods set out in this Policy, personal data shall be deleted, destroyed, or otherwise disposed unless as required by the law.
a. The grievance officer shall be responsible for overseeing the implementation of this Policy and for monitoring compliance with this Policy, CorpAid’s other data management policies, with the Information Technology Act 2008(Amended) and other applicable data protection legislation.
b. Any questions regarding this Policy, the retention of personal data, or any other aspect of compliance with IT Act 2008 should be referred to the grievance officer.
Exemptions for prolonging of retention periods covered in this Policy in view of special circumstances are mentioned below:
CorpAid expects that its Users read and understand this policy and in case you are unable to understand anything, you are required to contact the grievance officer of this Policy in CorpAid i. e. Mr. Ujwal Nikam available at support@shopactregistration.org.
This Policy has been approved and authorised by the Partners of CorpAid.
| Data Type | Review Period | Retention Period | Purpose of Data Retention |
| Name | Quarterly or as soon as business allows | For no longer than 12 months after last contact. |
|
| Postal Address | Quarterly or as soon as business allows | For no longer than 12 months after last contact. | |
| Email and other electronic addresses | Quarterly or as soon as business allows | For no longer than 12 months after last contact. | |
| Telephone Numbers including landline numbers | Quarterly or as soon as business allows | For no longer than 12 months after last contact. | |
| Email Correspondence | Quarterly or as soon as business allows | For no longer than 12 months after last contact. |