Data Protection

1. Data Fiduciary Obligations

As a Data Fiduciary under DPDPA 2023, Laxhar Tech (GST: 27EFMPS4211A1ZM) ensures: reasonable security safeguards, data accuracy, purpose limitation, storage limitation, and lawful processing based on consent or legitimate uses under Section 7.

2. Security Measures

Technical Safeguards

• TLS 1.3 encryption for data in transit
• AES-256 encryption for sensitive data at rest
• Firewalls, intrusion detection, continuous monitoring
• Regular vulnerability assessments and penetration testing
• Secure backup and disaster recovery procedures

Organizational Safeguards

• Role-based access control (RBAC) with unique credentials
• Employee training on data protection
• Confidentiality agreements for all personnel
• Regular access reviews and audits

3. KYC Document Handling

Government-issued IDs collected for verification are:

• Encrypted and stored on secured Indian servers
• Accessible only to authorized KYC personnel
• Retained per PMLA Rules (5 years post-relationship)
• Securely deleted when retention period expires

4. Data Breach Response

In event of a personal data breach likely to cause harm:

5. Data Principal Rights

Under DPDPA 2023, you may:

• Access summary of your data and processing activities (Section 11)
• Request correction of inaccurate data (Section 12)
• Request erasure when data no longer needed (Section 12)
• File grievances with us or the Data Protection Board (Section 13)
• Nominate someone to exercise rights on your behalf (Section 14)

6. Third-Party Processors

We engage Data Processors who:

• Are contractually bound to DPDPA-compliant data protection
• Process data only for specified purposes
• Implement appropriate security measures
• Are subject to our regular compliance audits

7. Grievance Officer

Per IT Act 2000, IT Rules 2011, and DPDPA 2023:

Unsatisfied? File complaint with the Data Protection Board of India under DPDPA 2023.