Privacy Policy

1. Scope

The scope of this Privacy Policy ("Policy") include the collecting, recording, organizing, storing, modifying, using, disclosing, or deleting customer, employee and company related data. For details of such definitions reference is drawn to the Information Technology Act, 2000 read with all statutory amendments carried forth therewith ("Act") including all other relevant Laws, Rules, By Laws or Standing Orders passed by competent authorities within India applicable to each Company and as amended from time to time. This includes personal information that is collected in India from individuals located outside of India and then transferred outside of India. Any treatment of all such data including its collection, storage, usage be fully protected in accordance with this policy and privacy rules.

1. Applicability

This policy applies to BOBCARD Limited (hereinafter referred to as "BOBCARD" or "the Company") and all its employees, officers, directors, advisors, consultants other personnel, and all third party service providers who act on behalf of the Company and collect, process and use personal data, profile data, financial and other within India and outside.

2. Effective Date

This Policy has been issued on 13th December 2018 and is effective 13th December 2018 onwards.

2. Definitions

1. Provider of Information: The individual who provides the information (i.e., the data subject). The Term "Person" is defined to mean and include natural persons as understood under the applicable Indian laws.

2. Personal information: Any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person.

3. Sensitive Personal Data or Information of a person: means such Personal Information which consists of information relating to -

a) Password

b) Financial information such as Bank account or credit card or debit card or other payment.

c) Instrument details.

d) Physical, physiological and mental health condition.

e) Sexual orientation.

f) Medical records and history.

g) Biometric information.

Any detail relating to the above clauses as provided to body corporate for providing service. Any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise.

4. Public Information: Any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data or information for the purposes of this Policy.
Company or Body Corporate means the body corporates as defined in Section 43A of the IT Act 2000 and for the purposes of this Policy means and refers to BOBCARD.
Password means a secret word or phrase or code or passphrase or secret key, or encryption or decryption keys that one uses to gain admittance or access to information.

5. Aggregated information: This information does not identify the individual; it helps us to analyze patterns among groups of people. We may share aggregated information or de-identified information in several ways, for example: For the same reasons as we might share Personal Information; with business partners to help develop and market products or services and present targeted content, including Targeted Advertising; With business partners to conduct analysis and research about customers, website and app users; with Third-Party Ad-Servers to place ads (including ads of our Business Partners) on various websites and apps, and to analyze the effectiveness of those ads.

3. Policy

1. Data will be processed fairly and lawfully.

2. Data will be collected for specified and legitimate purposes and not processed further in ways incompatible with those purposes which have been duly explained, communicated to and consented by each person concerned.

3. Data will be relevant to and not excessive for the purposes for which they are collected and used. For example, data may be rendered anonymous when feasible and appropriate, depending on the nature of the data and the risks associated with the intended uses.

4. Data will be kept only as long as it is necessary for the purposes for which it was collected and processed and in accordance with data storage requirements under various applicable local laws.

5. Data will be processed in having full regard to each person’s lawful rights (as described in these standards or as provided by appropriate law).

6. All appropriate technical, physical, and organizational measures will be taken to prevent unauthorized access, unlawful processing, and unauthorized or accidental loss, destruction, or damage to data.

4. Security Practice

BOBCARD will ensure Reasonable Security Practices and Procedures including but not limited to the following:

1. Comprehensive documented information security program and information security policies that contain managerial, technical, operational and physical security control measures that are commensurate with the information assets being protected with the nature of business are available.

2. In the event of an information security breach, BOBCARD or a competent and duly authorized person having knowledge of and in possession of information relating to such security breach shall be prepared to demonstrate, as and when called upon to do so by the regulatory agency created under the applicable law, that the Company has taken all bonafide measures and have implemented security control measures in accordance with the BOBCARD documented information security program and information security policies together with standards and codes of best practices in letter and spirit.

3. Such policies, standard or the codes of best practices have been certified or audited on a regular basis by entities by an independent auditor.

5. Consent

The Company while collecting information from the provider of information, data, sensitive personal data and other financial information will try to ensure that, in addition to obtain consent:

1. The provider of information understands the purpose for the collection; the intended recipients of the information.

2. The provider of information will also have an option not to provide or withdraw their consent. The company can decline goods/services for which info was sought.

3. Prior permission from the person is required for disclosure to any third party (except as may be required to be disclosed by law).

4. Providers will have access to review, correct or amend information provided.

5. Data may be transferred in line with the consent (i.e., provider knew purpose/intended recipients when giving information) in India or to any country so long as same level of data protection is provided.

6. The consent obtained by the Company be of a nature and extent so as to fulfill the requirements of a lawful contract between the provider of information and the Company.

7. If access or rectification is denied, the reason for the denial will be communicated and a written record will be made of the request and reason for denial. In this case the person affected may make use of the dispute resolution processes described in law.

8. If the person demonstrates that the purpose for which the data is being processed is no longer legal or appropriate, the data will be deleted, unless the law requires otherwise.

6. Obligations

This Policy includes an obligation to provide actual notice to individuals when personal information is collected. BOBCARD will establish and make this privacy policy available to all persons. BOBCARD will also grant the persons the right to access and correct personal information. In addition, BOBCARD is committed to secure information and establish a dispute resolution process that applies to the collection and use of all personal information.

7. Collection and Use of Sensitive Data:

1. In addition to the general obligations, there are obligations specific to the collection, use, and disclosure of sensitive personal data. Sensitive personal data is broadly defined to include password; financial information (bank account, credit/debit card, or other payment instrument details); physical, physiological, and mental health conditions; sexual orientation; medical records and history; and biometric information. Any information that is freely available or accessible in the public domain or furnished under the Right to Information Act, 2005, is excepted from the definition.

2. Notwithstanding anything in this Policy any sensitive personal data on Information shall be disclosed to any third party by an order under the law for the time being in force.

8. Disputes

Any discrepancies or grievances will be addressed in a timely manner by the Company. A Grievance Officer and such other personnel designated to assist that grievance officer shall be designated, and his or her name and contact details are at all-time be published on the company’s website. The Grievance Officer is singularly responsible for and accordingly redresses the grievances expeditiously (but within one month from the date of receipt of the grievance).

9. Cookies

1. BOBCARD’s digital platforms use various third party services to promote its products and services. These third party services use cookies which are downloaded to your device when you visit a website in order to provide a personalized browsing experience. Cookies are used for lots of tasks like remembering your preferences & settings, provide personalized browsing experience and analyze site operations. 

2. These cookies collect information about how users use a website, for instance, how often visited pages. All information collected by third party cookies is aggregated and anonymous. By using our website user/s agree that these types of cookies can be placed on his/her device. User/s is free to disable/delete these cookies by changing his/her device / browser settings. BOBCARD is not responsible for cookies placed in the device of user/s by any other website and information collected thereto.