Privacy Policy
Purpose

Our privacy policy aims to demonstrate our compliance with Indian data protection laws and provide our customers with confidence in entrusting their customer personal information into ECOBILLZ applications.

Our Role

Our primary role is to process and securely store personally identifiable information (PII) collected by our customers on behalf of their guests. We act as a trusted service provider, diligently managing and safeguarding the PII entrusted to us. We do not use the collected PII for any purpose other than fulfilling our contractual obligations with our customers. We have designated Mr. Neeraj as our Data Protection Officer (DPO) to oversee our privacy practices and ensure compliance with applicable data protection laws. Mr.Neeraj serves as the main point of contact for all queries, concerns, or requests related to the processing of PII.

Storage of PII Data in India and Compliance with Jurisdiction Laws

We store personally identifiable information (PII) data in servers located within India. We are committed to adhering to the laws and regulations governing the protection of personal data in this jurisdiction. We have taken the necessary steps to ensure compliance with these requirements and maintain the privacy and security of your information. We continuously monitor and update our systems and protocols to align with any changes in Indian data protection laws.

PII Collected by our Application

Our application collects certain types of PII in order to provide our services effectively. The following categories of PII may be collected:

  1. Name: We may collect your full name, or any other name provided voluntarily.
  2. Address: We may collect your residential or business address to facilitate specific features or services within our application.
  3. Gender: We may collect gender information for purposes such as personalization or to ensure our services cater to your preferences.
  4. Passport and Visa: We may collect your passport and Visa details.

Please note that the collection of PII is done in compliance with applicable laws and regulations, and we take appropriate measures to protect the confidentiality and security of the collected information. We do not share this information with any third parties except as required by law.

Security of PII

Security Measures for PII Storage: We employ rigorous security measures to ensure the secure storage of the collected PII. A matrix of the data along with its controls is maintained:

  1. Encryption: All PII is encrypted both in transit and at rest using industry-standard encryption protocols to protect against unauthorized access.
  2. Access Control: Access to the stored PII is strictly limited to authorized personnel who require access to fulfil their job responsibilities. Access controls, including unique user credentials and role-based permissions, are enforced to prevent unauthorized disclosure or alteration of the data.
  3. Data Integrity: We employ measures to maintain the integrity and accuracy of the stored PII, including regular data backups, monitoring for data corruption, and implementing error-checking mechanisms.
  4. Physical Security: Our servers and data storage facilities are located in secure environments with restricted access. We utilize physical safeguards, such as access controls and surveillance systems, to protect against unauthorized physical access.
  5. Security Audits: We conduct periodic security audits and assessments to identify and address potential vulnerabilities, ensuring that our security measures remain robust and up to date.

Please note that while we implement these security measures, no method of data transmission or storage can be guaranteed to be 100% secure. However, we continuously strive to employ industry best practices to protect the confidentiality and integrity of the collected PII.

Customer Obligations to its PII Principles

Our application also allows Modification, Deletion, Consent Withdrawal of PII of its Principles.

Security Incidents

We take the security of your PII seriously and have implemented measures to promptly address any security incidents. The following guidelines outline our approach:

  1. Critical Security Incidents: In the event of a critical security incident that poses a significant risk to the confidentiality, integrity, or availability of your PII, we have established a dedicated response team to address the incident promptly. Our response team will take appropriate measures to mitigate the impact of the incident, investigate its cause, and implement corrective actions to prevent recurrence.
  2. Incidents Involving PII: If an incident occurs that involves unauthorized access, disclosure, alteration, or destruction of PII, we will promptly assess the situation and take necessary actions to mitigate the impact. This includes identifying the affected individuals and the nature of the exposed information. We will communicate with the individuals whose PII has been affected, providing them with relevant information about the incident and steps they can take to protect themselves.
  3. Customer and CERT-In Notification: In the case of incidents involving PII, we will notify the affected customers without undue delay, providing them with all necessary details about the incident and the potential impact on their data. Additionally, we will adhere to applicable laws and regulations and promptly report such incidents to the relevant government bodies, such as CERT-In (Indian Computer Emergency Response Team) or other relevant authorities,
    as required by law.
Security Protocols with Vendors

We have implemented robust security protocols to safeguard your data when shared with our trusted vendors:

  1. Confidentiality Measures:
    • We enter into legally binding agreements with our vendors that require them to maintain the confidentiality of any personal data shared with them.

    • Our vendors are only granted access to the specific data necessary to perform their services and are prohibited from using the data for any other purposes.

    • We regularly assess and evaluate our vendors security practices to ensure compliance with our stringent confidentiality requirements.

  2. Data Encryption:
    • All data transmitted between our systems and our vendors systems is encrypted using industry-standard encryption protocols.

    • We employ Transport Layer Security (TLS) encryption to protect the confidentiality of data during transmission.

    • Encryption mechanisms are used to protect sensitive information, such as payment details or personal identifiers, when stored on our vendors servers.

  3. Security Audits and Assessments:
    • We conduct regular audits and assessments of our vendors security measures to verify the adequacy and effectiveness of their controls.

    • These assessments include evaluating their physical security, data storage practices, access controls, and vulnerability management procedures.

  4. Incident Response and Notification:
    • In the event of a data breach or security incident involving our vendors, we have established an incident response plan to mitigate any potential impact.

    • We promptly notify affected individuals and relevant authorities in accordance with applicable laws and regulations.

See how digitizing your operations will impact your business

Try and Go with the Best solution available today!