DPDP Act 2023 Compliance

Digital Personal Data Protection Act, 2023

1. Introduction

TharCloud is committed to complying with the Digital Personal Data Protection Act, 2023 (DPDP Act). This page outlines our compliance measures and how we protect your digital personal data in accordance with this legislation.

2. Our Commitment

We are committed to:

  • Processing personal data lawfully, fairly, and transparently
  • Collecting data only for specified, explicit, and legitimate purposes
  • Ensuring data accuracy and keeping it up to date
  • Retaining data only as long as necessary
  • Implementing appropriate technical and organizational security measures
  • Respecting the rights of data principals (individuals)

3. Your Rights as a Data Principal

Under the DPDP Act 2023, you have the following rights:

  • Right to Access: You can request information about the personal data we hold about you
  • Right to Correction: You can request correction of inaccurate or incomplete personal data
  • Right to Erasure: You can request deletion of your personal data when it is no longer necessary
  • Right to Data Portability: You can request your data in a structured, commonly used format
  • Right to Grievance Redressal: You can lodge complaints regarding personal data processing
  • Right to Nominate: You can nominate another individual to exercise your rights in the event of death or incapacity

4. Lawful Basis for Processing

We process your personal data based on:

  • Consent: When you explicitly consent to specific processing activities
  • Contract Performance: When processing is necessary to fulfill our contractual obligations
  • Legitimate Interests: When processing is necessary for our legitimate business interests
  • Legal Obligations: When required by law to process your data

5. Data Processing Activities

We process personal data for the following purposes:

  • Providing and maintaining our cloud infrastructure services
  • Customer relationship management and support
  • Billing and account management
  • Service improvement and analytics
  • Security monitoring and fraud prevention
  • Compliance with legal and regulatory requirements

6. Data Security Measures

We implement robust security measures to protect your personal data:

  • Encryption of data in transit and at rest
  • Access controls and authentication mechanisms
  • Regular security audits and vulnerability assessments
  • Employee training on data protection
  • Incident response and breach notification procedures
  • Data backup and disaster recovery measures

7. Data Breach Notification

In the event of a data breach that may cause harm to you, we will:

  • Notify the Data Protection Board of India as required by law
  • Inform affected data principals without undue delay
  • Provide details about the nature of the breach and our response measures
  • Take immediate steps to mitigate the impact of the breach

8. Children's Data

We do not knowingly process personal data of children without verifiable parental consent. If we become aware that we have collected personal data from a child without proper consent, we will take steps to delete such information promptly.

9. Cross-Border Data Transfer

When transferring personal data outside India, we ensure:

  • Compliance with government-approved transfer mechanisms
  • Adequate protection of personal data in the receiving jurisdiction
  • Contractual safeguards with data processors and recipients
  • Transparency about the countries where data may be transferred

10. Data Retention

We retain personal data only for as long as necessary to:

  • Fulfill the purposes for which it was collected
  • Comply with legal and regulatory requirements
  • Resolve disputes and enforce agreements

Once the retention period expires, we securely delete or anonymize your personal data.

11. Consent Management

When we rely on consent for processing your personal data:

  • We obtain clear, specific, and informed consent
  • We provide easy mechanisms to withdraw consent at any time
  • We maintain records of consent obtained
  • We respect your withdrawal of consent and cease processing accordingly

12. Grievance Redressal

We have appointed a Data Protection Officer and established a grievance redressal mechanism:

  • You can submit complaints regarding personal data processing
  • We will acknowledge your complaint within 72 hours
  • We aim to resolve grievances within 30 days
  • You may escalate unresolved grievances to the Data Protection Board of India

13. Updates to Compliance

As the DPDP Act 2023 and its rules evolve, we will update our compliance measures accordingly. We will notify you of any material changes to our data protection practices.

14. Contact Information

For any questions or concerns regarding DPDP Act compliance or to exercise your rights, please contact us at:

Email: info@tharcloud.com