Data Retention Policy

The intent of the Policy

This Data Retention Policy sets out the obligations of Vendekin Technologies Pvt. Ltd. and its subsidiaries and affiliates (hereinafter collectively referred to as “Vendekin”, “We”, “Us” or “Our”) regarding retention of personal data collected, held, and processed by Vendekin. The retention of information collected through our website https://www.vendekin.com/ (the “Site”) and our mobile application the name of Payekin in UK and US and Vendekin in India (the “Application”), collectively “Services” shall be governed by this Policy and is therefore incorporated into our Terms of Use.

This Policy is intended to safeguard user records collected and retained by Vendekin. This policy details out what is expected of Vendekin employees and other stakeholders involved in the retention of data and its protection.

Personal data shall be kept in a form which permits the identification of users for no longer than is necessary for the reasons why the personal data is processed. In certain cases, personal data may be stored for longer periods where that data is to be processed for archiving purposes that are in the public interest, for scientific or historical research, or for statistical purposes, subject to the implementation of the appropriate technical and organisational measures required to protect that data.

This Policy sets out the types of personal data held by Vendekin, the duration of its retention, the criteria for establishing and reviewing the length of such duration and when it is to be deleted or otherwise disposed of.

Please review this Data Retention Policy carefully. By using our Services, you consent to the processing of your personal information as described in this Data Retention Policy. IF YOU DO NOT AGREE WITH THESE PRACTICES, PLEASE DO NOT USE THE SERVICES.

Some Key Terms

  • “User(s)” (hereinafter collectively referred to as “You”, “Your”, “User”), mean our user(s) who use our Services, including, without limitation, any companies, organizations, or other legal entities that register accounts or otherwise access or use the Services through their respective employees, agents, or representatives.

  • “User Content” means all electronic data, text, messages or other materials, including personal data of Users, submitted to the Service(s) by You in connection with Your use of the Service(s).

  • “Service Data” means all electronic data, text, messages or other materials, including personal data of Users, submitted to the service(s) by You in connection with Your use of the service(s), including, without limitation, to Personal Data.

  • “Personal Data” means data relating to a living individual who is or can be identified either from the data or from the data in conjunction with other information that is in or is likely to come into, the possession of the Vendekin.

  • “Applicable Data Protection Law” means the General Data Protection Law, Data Protection Act and Personal Data Protection Bill.

Aims and Objectives

It is necessary to retain and process certain information to enable our business to operate. We may store your data in the following places:

  • Our own servers

  • Google cloud computing servers

  • employee-owned devices (BYOD)

  • Desktops

  • Potential backup storages

  • The policy applies equally to all method used to store personal data.

  • The primary aim of this Policy is to set out limits for the retention of Service Data or personal data.

  • In addition to safeguarding the rights of users by ensuring that excessive amounts of data are not retained by Vendekin, this Policy also aims to improve the speed and efficiency of managing data.

Scope of this policy

  • This Policy applies to all personal data held by Vendekin for the sole purpose of processing and fulfilling requests made by users.

  • This policy applies on all Vendekin workstations – desktops, laptops, servers, physical modes of personal data collection including but not limited to physical forms, visitor logs, visiting cards collected etcetera, this policy also covers all virtual machines including cloud servers under control of Vendekin.

What Are Records?

  • Records under this policy mean any information you enter in order to avail our Service or in case of any dispute arising out of our Services. For example, during sign up you provide us with name, email, mobile number. We use the information that you provide for purposes as mentioned in our Privacy Policy.

  • Such records may be of one person or may be of several persons.

  • Such records may be present in electronic format or as a paper copy.

  • Such records may be present inside the local machines or on a cloud or simply as a printout on a paper.

Data Retention

  • Vendekin shall not retain any personal data for any longer than is necessary considering the purpose(s) for which that data is collected, held, and processed unless required by the law.

  • Different types of personal data, used for different purposes, will necessarily be retained for different periods (and its retention periodically reviewed).

  • When establishing and/or reviewing retention periods, the following points shall be considered:

    • The objectives and requirements of Vendekin;

    • The type of personal data in question;

    • The purposes for which the data in question is collected, held, and processed;

  • If a precise retention period cannot be fixed for a particular type of data, criteria shall be established by which the retention of the data will be determined, thereby ensuring that the data in question, and the retention of that data, can be regularly reviewed against those criteria.

  • Certain personal data may be deleted or otherwise disposed of prior to the expiry of its defined retention period where a decision is made within Vendekin to do so whether in response to a request by a user or otherwise.

  • The required retention period for any category of documents not specifically defined elsewhere in this Policy including the Data Retention Schedule covered under Annexure 1, unless otherwise mandated differently in accordance with applicable law, will be deemed to be 36 months from the date of creation of the document.

Storage and Transfer of Data

  • Your Personal Data and files are stored on Vendekin servers and the servers of companies we hire to provide services to us i.e. Google Cloud Platform.

  • We have servers located in India; however, your personal information may be transferred across national borders as the companies we hire to help us run our business may be located in different countries around the world. Unfortunately, the transmission of information via the internet is not completely secure.

  • Although we will do our best to protect your personal information, we cannot guarantee the security of your information transmitted to our site; any transmission is at your own risk. Once we have received your information, we will use strict procedures and security features to try to prevent unauthorized access.

Security of Information

  • We understand that the security of your personal information is important. Sensitive and private data exchange between our server and our Google cloud platforms happens over an SSL secured communication channel and is encrypted and protected.

  • While we provide administrative, technical, and physical security controls to protect your personal information. At the same time, it is important for you to protect against unauthorized access to your password and to your computer. Be sure to sign off when finished using the Services. However, despite our efforts, no security controls are 100% effective and we cannot ensure or warrant the security of your personal information.

Roles and Responsibilities of Vendekin

  • The grievance officer DPO@vendekin.com shall be responsible for overseeing the implementation of this Policy and for monitoring compliance with this Policy.

  • Any questions regarding this Policy, the retention of personal data, or any other aspect of compliance with data protection laws should be referred to the Data Protection Officer.

Exemptions for prolonging of retention periods covered in this Policy in view of special circumstances are mentioned below:

  • Ongoing investigations from any competent authorities under Indian law, if there is a record of personal data that are needed by us to prove compliance with any legal requirements; or

  • When exercising legal rights in cases of lawsuits or similar court proceeding.

Upon the expiry of the data retention periods set out in this Policy, personal data shall be deleted, destroyed, or otherwise disposed of unless as required by the law.

Our Data Protection Officer Mr. Deepak Singh Mehra is responsible for the continuing process of identifying the records that have met their required retention period and supervising their destruction if needed. The destruction of confidential, financial, and personnel-related records shall be securely destroyed electronically or by shredding if possible. Non-confidential records may be destroyed by recycling.

Implementation of Policy

Vendekin expects that its Users read and understand this policy and in case you are unable to understand anything, you are required to contact the grievance officer of Vendekin at dpo@vendekin.com

 

This Policy has been approved and authorised by the Directors of Vendekin

 

Annexure 1: Data Retention Schedule

Data Type

Name

Postal Address

Email and other electronic addresses

Telephone Numbers

Review Period

Retention Period

Quarterly or as soon as business allows

For no longer than 12 months after the last contact.

Quarterly or as soon as business allows

For no longer than 12 months after the last contact.

Quarterly or as soon as business allows

For no longer than 12 months after the last contact.

Quarterly or as soon as business allows

For no longer than 12 months after the last contact.

Purpose of Data Retention

  • To respond to queries or requests submitted by the user.

  • To administer or otherwise perform the company’s obligations in relation to any agreement with the user.

  • To anticipate and resolve problems with any products or services supplied to the user.

  • To provide the user with the information, products and services requested.

  • To provide the user with information services we offer that are similar to those already purchased or enquired about.

  • To Notify the user about changes to our Services

This Data retention Policy was last updated on 12 July 2019