Privacy Policy

Privacy Policy

for mindZvue

This Privacy Policy is an electronic record in the form of an electronic contract formed under the Information Technology Act of 2000. The Rules made thereunder and the amended provisions pertaining to electronic documents/records in various statutes as amended by the Information Technology Act, 2000. This Privacy Policy does not require any physical, electronic, or digital signature.

This Privacy Policy is a legally binding document between you and mindZvue (both terms are defined below). The terms of this privacy policy will be effective upon your acceptance of them (directly or indirectly in electronic form, by clicking on the “I accept” tab, or by using the Website or by other means). They will govern the relationship between you and mindZvue for your use of the Website (defined below).

This document is published and shall be construed in accordance with the provisions of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data of Information) Rules, 2011, under the Information Technology Act, 2000, which require the publication of the privacy policy for the collection, use, storage, and transfer of sensitive personal data or Information.

Please read this Privacy Policy carefully. Using the Website indicates that you understand, agree, and consent to this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not use this Website. You hereby provide your unconditional consent or agreements to mindZvue as provided under Section 43A and Section 72A of the Information Technology Act, 2000.

By providing us with your Information or by using the facilities provided by the Website, you hereby consent to the collection, storage, processing, and transfer of any or all of Your Personal and Non-Personal Information by mindZvue as specified under this Privacy Policy. You further agree that such collection, use, storage, and transfer of Your Information shall not cause any loss or wrongful gain to you or any other person.

mindZvue Technologies Private Limited and its affiliates (individually and/ or collectively, “mindZvue“) are/are concerned about the privacy of the data and information of users accessing mindZvue’s websites, mobile sites, or mobile applications (“Website“) on the Website and otherwise doing business with mindZvue. The terms “We” / “Us” / “Our” individually and collectively refer to each entity being part of the definition of mindZvue, and the terms “You“/”Your” / “Yourself” refer to the users. This Privacy Policy is a contract between You and mindZvue, whose Website You use or access or You otherwise deal with. This Privacy Policy shall be read with the respective Terms of Use or other terms and conditions of mindZvue.

mindZvue has provided this Privacy Policy to familiarize You with:
  • The type of data or Information that You share with or provide to mindZvue and that mindZvue collects from You;
  • The Purpose for collection of such data or Information from You;
  • mindZvue information security practices and policies;
  • mindZvue’s Policy on sharing or transferring your data or Information to third parties. This Privacy Policy may be amended/updated from time to time. Upon amending/updating the Privacy Policy, we will amend the date above accordingly. We suggest you regularly check this Privacy Policy to apprise yourself of any updates. Your continued use of the Website or provision of data or Information after that will imply Your unconditional acceptance of such updates to this Privacy Policy.
  • The “Information” (which shall also include data) provided by You to mindZvue or collected from You by mindZvue may consist of “Personal Information” and “Non-Personal Information.”
  • Personal Information: “Personal Information” is Information collected that can be used to uniquely identify or contact You. Personal Information for this Privacy Policy shall include, but not be limited to:
  1. Your name;
  2. Your telephone number;
  3. Your email address;
  4. Internet Protocol address;
  5. Any other items of ‘sensitive personal data or information’ as such term is defined under the Information Technology (Reasonable Security Practices And Procedures And Sensitive Personal Data Of Information) Rules, 2011, enacted under the Information Technology Act, 2000;
  6. Identification code of your communication device which You use to access the Website or otherwise deal with mindZvue;
  • Non-Personal Information: mindZvue may also collect Information other than Personal Information from You through the Website when You visit and/or use the Website. Such Information may be stored in server logs. This Non-Personal Information would not assist mindZvue in identifying You personally. This Non-Personal Information may include:
  1. Your geographic location,
  2. Details of Your telecom service provider or internet service provider,
  3. The type of browser (Internet Explorer, Firefox, Opera, Google Chrome etc.),
  4. The operating system of Your system, device, and the Website You last visited before visiting the Website,
  5. The duration of Your stay on the Website is also stored in the session, along with the date and time of Your access; non-personal Information is collected in various ways, such as through the use of cookies. mindZvue may store temporary or permanent ‘cookies’ on Your computer. You can erase or choose to block these cookies from Your computer. You can configure Your computer’s browser to alert You when we attempt to send You a cookie with an option to accept or refuse the cookie. If You have turned cookies off, You may be prevented from using certain features of the Website.
  • You hereby represent to mindZvue that:The Information you provide to mindZvue from time to time is and shall be authentic, correct, current and updated and You have all the rights, permissions and consents as may be required to provide such Information to mindZvue.
  • mindZvue officers, partners, employees, contractors, or agents shall not be responsible for the authenticity of the Information that You or any other user provide to mindZvue. You shall indemnify and hold harmless mindZvue and its officers, partners, employees, contractors, or agents and any third party relying on the Information provided by You in the event You are in breach of this Privacy Policy, including this provision and the immediately preceding provision above.
  • Your Information will primarily be stored electronically; however, certain data can also be stored in physical form. We may store, collect, process, and use your data in countries other than the Republic of India but under compliance with Applicable Laws (“Applicable Laws” shall mean and include all applicable statutes, enactments, acts of the legislature or the Parliament, laws, ordinances, rules, bye-laws, regulations, notifications, guidelines, policies, directions, directives and orders of any governmental authority, tribunal, board, court of India). We may enter into agreements with third parties (in or outside of India) to store or process your Information or data. These third parties may have their security standards to safeguard your Information or data, and we will, on a commercially reasonable basis, require such third parties to adopt reasonable security standards to safeguard your information/data.
  • The Purpose for Collecting, using, storing, and Processing Your Information mindZvue collects, uses, stores, and processes Your Information for any purpose as may be permissible under Applicable Laws (including where the Applicable Laws provide for such collection, usage, storage, or processes in accordance with the consent of the user) connected with a function or activity of mindZvue shall include the following:
  1. to facilitate Your use of the Website or other services of mindZvue;
  2. to respond to Your inquiries or fulfill Your requests for Information about the various products and services offered on the Website;
  3. To provide You with Information about products and services available on the Website and to send You Information, materials, and offers from mindZvue;
  4. to send You important Information regarding the Website, changes in terms and conditions, user agreements, and policies and/or other administrative Information;
  5. To send You surveys and marketing communications that mindZvue believes may be of interest to You;
  6. to personalize Your experience on the Website by presenting advertisements, products, and offers tailored to Your preferences;
  7. to help You address Your problems incurred on the Website, including addressing any technical problems;
  8. for proper administering of the Website;
  9. to conduct internal reviews and data analysis for the Website (e.g., to determine the number of visitors to specific pages within the Website);
  10. to improve the services, content, and advertising on the Website;
  11. to facilitate various programs and initiatives launched by mindZvue or third-party service providers and business associates;
  12. To analyze how our services are used, to measure the effectiveness of advertisements, to facilitate payments;
  13. to conduct academic research and surveys;
  14. to protect the integrity of the Website;
  15. to respond to legal, judicial, and quasi-judicial processes and provide Information to law enforcement agencies or in connection with an investigation on matters related to public safety, as permitted by law;
  16. to conduct analytical studies on various aspects, including user behavior, user preferences, etc.;
  17. To permit third parties who may need to contact users who have bought products from the Website to facilitate installation, service, and any other product-related support;
  18. to implement information security practices;
  19. to determine any security breaches, computer contaminants, or computer viruses;
  20. to investigate, prevent, or take action regarding illegal activities and suspected fraud,
  21. to undertake forensics of the concerned computer resource as a part of an investigation or internal audit;
  22. To trace computer resources or any person who may have contravened, or is suspected of having or being likely to contravene, any provision of law, including the Information Technology Act, 2000, that is likely to have an adverse impact on the services provided on any Website or by mindZvue;
  23. To enable a potential buyer or investor to evaluate the business of mindZvue. [Individually and collectively referred to as (“Purposes“)] You hereby agree and acknowledge that the Information so collected is for a lawful purpose connected with a function or activity of mindZvue or any person on their respective behalf, and the collection of Information is necessary for the Purposes.
Sharing and disclosure of Your Information:

You hereby unconditionally agree and permit that mindZvue may transfer, share, disclose, or part with all or any of Your Information, within and outside of the Republic of India, to mindZvue and to third-party service providers/partners/banks and financial institutions for one or more of the Purposes or as may be required by the Applicable Laws. In such a case, we will contractually oblige the receiving parties of the Information to ensure the same level of data protection that is adhered to by mindZvue under the Applicable Laws.

You acknowledge and agree that, to the extent permissible under the Applicable Laws, it is adequate that when mindZvue transfers Your Information to any other entity within or outside Your country of residence, mindZvue will place contractual obligations on the transferee, which will oblige the transferee to adhere to the provisions of this Privacy Policy.

mindZvue may also share Personal Information if mindZvue believes it is necessary in order to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the physical safety of any person, violations of various terms and conditions, or our policies.

We reserve the right to disclose your Information when required to do so by law or regulation, or under any legal obligation or order under law, or in response to a request from a law enforcement or governmental agency or judicial, quasi-judicial, or any other statutory or constitutional authority or to establish or exercise our legal rights or defend against legal claims.

You further agree that such disclosure, sharing, and transfer of Your Personal Information and Non-Personal Information shall not cause any wrongful loss to you or to any third party or any wrongful gain to us or to any third party.

Security & Retention

The security of your Personal Information is important to us. mindZvue strives to ensure the security of your personal Information and protect It against unauthorized access, alteration, disclosure, or destruction. For this Purpose, mindZvue adopts internal reviews of the data collection, storage, and processing practices and security measures, including appropriate encryption and physical security measures to guard against unauthorized access to systems where mindZvue stores Your Personal Information. mindZvue shall adopt reasonable security practices and procedures as mandated under Applicable Laws to protect your Information. Provided that your right to claim damages shall be limited to the right to claim only statutory damages under the Information Technology Act 2000, you hereby waive and release mindZvue from any claim of damages under contract or under tort.

mindZvue may share your Information with third parties under a confidentiality agreement, which inter alia provides that such third parties do not disclose the Information further unless such disclosure is for the Purpose. However, mindZvue is not responsible for any security breach or any actions by any third parties that receive your Personal Information. mindZvue is not liable for any loss or injury caused to You as a result of You providing Your Personal Information to a third party (including any third party websites, even if links to such third party websites are provided on the Website).

Notwithstanding anything contained in this Policy or elsewhere, mindZvue shall not be held responsible for any loss, damage, or misuse of Your Personal Information if such loss, damage, or misuse is attributable to a Force Majeure Event (as defined below).

A Force Majeure Event shall mean any event that is beyond the reasonable control of mindZvue and shall include, without limitation, sabotage, fire, flood, explosion, acts of God, civil commotion, strikes or industrial action of any kind, riots, insurrection, war, acts of government, computer hacking, unauthorized access to computer, computer system or computer network, computer crashes, breach of security and encryption (provided beyond reasonable control of mindZvue), power or electricity failure or unavailability of adequate power or electricity.

While We will endeavor to take all reasonable and appropriate steps to secure any Personal Information we hold about you and prevent unauthorized access, you acknowledge that the Internet or computer networks are not fully secure and that we cannot provide any absolute assurance regarding the security of Your Personal Information.

You agree that all Personal Information shall be retained till such time required for the Purpose or required under Applicable Laws, whichever is later. Non-personal Information will be retained indefinitely.

User discretion and opt-out

You agree and acknowledge that you are providing Your Information out of your free will. You have an option not to provide or permit mindZvue to collect Your Personal Information or later withdraw your consent with respect to such Personal Information so provided herein by sending an email to the grievance officer or such other electronic address of mindZvue as may be notified to You. In such case, you should neither visit any Website nor use any services provided by mindZvue nor should you contact mindZvue.

You can add or update Your Personal Information regularly. Kindly note that mindZvue will retain Your previous Personal Information in its records.

Grievance Officer

If you find any discrepancies or have any grievances about the collection, storage, use, disclosure, and transfer of Your Personal Information under this Privacy Policy or any terms and conditions or policies of mindZvue, please contact the following:

For mindZvue:

Mr. Sanket Chouksey, the designated grievance officer under the Information Technology Act, 2000 Email: legal@mindzvue.com.

We may change the details of the grievance officer from time to time by updating this Privacy Policy.

Business / Assets Sale or Transfers

mindZvue may sell, transfer, or otherwise share some or all of its assets, including Your Information, in connection with a merger, acquisition, reorganization, or sale of assets or business or in the event of bankruptcy. Should such a sale or transfer occur, mindZvue will reasonably ensure that the Information you have provided and that we have collected is stored and used by the transferee in a manner consistent with this privacy policy. Any third party to which mindZvue transfers or sells as aforesaid will have the right to continue to use the Information you provide or collect by us immediately prior to such transfer or sale.

Further Acknowledgements

You, at this moment, acknowledge and agree that this Privacy Policy:

  • is clear and easily accessible and provides statements of mindZvue policies and practices concerning the Information;
  • provides for the various types of personal or sensitive personal data of Information to be collected;
  • provides for the purposes of collection and usage of the Information;
  • provides for disclosure of Information; and
  • Provides for reasonable security practices and procedures.
Digital Personal Data Protection (DPDP) Act Compliance Policy
 
mindZvue Technologies Pvt. Ltd.
07 August, 2025
https://mindzvue.com/

 

1. Introduction

The Digital Personal Data Protection Act, 2023 (DPDP Act) is India’s landmark legislation that governs the processing of digital personal data to safeguard individuals’ privacy while balancing lawful data usage for legitimate purposes. This Policy outlines the principles, procedures, roles, and responsibilities adopted by mindZvue Technologies Pvt. Ltd. (hereinafter referred to as “the Company”) to ensure compliance with the DPDP Act, 2023, applicable rules, and internationally recognized data protection standards.

2. Objective

This Policy aims to:

  • Ensure lawful, fair, and transparent processing of digital personal data.
  • Protect the rights of individuals (Data Principals).
  • Implement robust measures for data privacy, security, accountability, and redressal.
  • Demonstrate compliance with the DPDP Act, 2023, and related statutory requirements.

3. Scope

This Policy applies to:

  • All employees, contractors, consultants, interns, and third-party vendors who process personal data on behalf of the Company.
  • All digital personal data collected, stored, transmitted, or otherwise processed by the Company.
  • All data processing activities conducted within or related to Indian data subjects, regardless of the location of the data processor.

4. Definitions

For the purpose of this Policy, the terms used shall have the meanings assigned under the DPDP Act, 2023:

  • Personal Data: Any data about an individual who is identifiable by or in relation to such data.
  • Data Principal: The individual to whom the personal data relates.
  • Data Fiduciary: Any person, company, or entity that determines the purpose and means of processing personal data.
  • Processing: Any automated or manual operation performed on personal data, including collection, storage, usage, disclosure, or erasure.
  • Consent: A freely given, specific, informed, unambiguous, and affirmative indication of the Data Principal’s agreement to process personal data.
  • Significant Data Fiduciary: As designated by the Central Government based on factors like volume of data processed, risk of harm, and impact on sovereignty.

5. Principles of Data Processing

The Company adheres to the following data protection principles:

  • Lawful and Fair Processing: Personal data shall be processed lawfully and with the informed consent of the Data Principal.
  • Purpose Limitation: Data shall be collected for specific, clear, and lawful purposes and not further processed in a manner incompatible with those purposes.
  • Data Minimization: Only the minimum data necessary for the stated purpose shall be collected and processed.
  • Accuracy: Reasonable steps shall be taken to ensure data is accurate and up-to-date.
  • Storage Limitation: Data shall be retained only as long as necessary for the purposes for which it was collected.
  • Security Safeguards: Appropriate technical and organizational measures shall be in place to prevent unauthorized access, alteration, or disclosure.
  • Accountability: The Company shall demonstrate compliance with applicable data protection obligations.

6. Legal and Regulatory Compliance

The Company complies with the following legal provisions:

  • Under the Digital Personal Data Protection Act, 2023 (DPDP Act):
    Section 4 & 6 mandate that personal data must be processed lawfully with valid consent and clear notice to the Data Principal (individual).
    Section 7 provides for deemed consent under specific circumstances such as medical emergencies, legal requirements, or public interest functions.
    Section 8 outlines core obligations of Data Fiduciaries, including ensuring data accuracy, purpose limitation, implementing technical safeguards, and ensuring timely data deletion.
    Section 14 requires Data Fiduciaries to establish a grievance redressal mechanism for users to raise concerns regarding data processing.
    Sections 15 & 16 focus on mandatory breach reporting and impose penalties for non-compliance.

Punishment: Financial penalties under the Act may extend up to ₹250 crore for serious violations like failure to protect personal data, improper processing, or breach notification delays.

  • Under the Information Technology Act, 2000:
  • Section 43A holds a corporate body liable if it fails to implement reasonable security practices and procedures while handling sensitive personal data. Punishment: Compensation up to ₹5 crore may be awarded to the affected individuals for negligence in safeguarding personal data.
  • Section 72A penalizes any person who, in breach of a lawful contract, discloses personal information obtained while providing services.
    Punishment: Imprisonment up to 3 years, and/or fine up to ₹5 lakh.

7. Data Breach Response

In the event of a data breach:

  • An internal assessment will be initiated immediately to ascertain scope, impact, and risks.
  • Incidents shall be reported to the internal authority and escalated without delay.
  • Corrective measures will be implemented to prevent recurrence.
  • If the breach is likely to cause harm, affected Data Principals and the Data Protection Board of India will be notified promptly, in accordance with the DPDP Act.

8. Appointment of Data Protection Officer (DPO)

Where mandated (e.g., designation as a Significant Data Fiduciary), the Company shall appoint a Data Protection Officer who will:

  • Act as the Company’s liaison with the Data Protection Board of India.
  • Monitor and enforce data protection compliance across departments.
  • Address grievances raised by Data Principals regarding their personal data.

9. Grievance Redressal Mechanism

Data Principals may file complaints regarding:

  • Inaccurate data: Complaints related to the processing or retention of incorrect or outdated personal data, which may result in harm or misrepresentation.
  • Refusal to correct or delete data: Instances where the Company fails to act on legitimate requests for correction or deletion of personal data as per the rights of the Data Principal.
  • Consent withdrawal issues: Concerns arising from the Company’s failure to honour a Data Principal’s withdrawal of consent, leading to continued or unauthorized processing of personal data.
  • Breach of privacy rights: Any act or omission by the Company that results in a violation of the Data Principal’s privacy rights, including unauthorized access, sharing, or misuse of personal data.

Grievances can be submitted via email to legal@mindzvue.com and must include contact details and a brief description of the issue. All grievances will be addressed within 10 working days. If unresolved, complaints may be escalated to the Data Protection Board of India.

10. Engagement with Third-Party Data Processors

The Company may engage third-party processors to handle personal data on its behalf, under the following conditions:

  • A written agreement outlining responsibilities and compliance with this Policy.
  • Prior due diligence of the third party’s privacy and security practices.
  • Periodic audits to ensure ongoing compliance.
  • Cross-border data transfers will comply with the rules under the DPDP Act and government guidelines.

11. Training and Awareness

  • All employees shall undergo mandatory data protection training upon joining.
  • Regular refresher sessions and awareness campaigns shall be held.
  • Contractors, interns, and third-party vendors may also be required to participate in orientation on data privacy obligations.
  • Training records shall be maintained for audit and compliance purposes.

12. Penalties for Non-Compliance

Non-compliance with this Policy or the DPDP Act may lead to the following consequences:

Penalties under DPDP Act, 2023:

  • Up to ₹250 crore for failure to take reasonable security safeguards.
  • Up to ₹200 crore for breach of Data Principal’s rights.
  • Up to ₹50 crore for failure to report data breaches.

Internal Disciplinary Action:

  • Suspension, warning, or termination of employment or contract.
  • Legal proceedings in case of gross misconduct or willful violation.

Frequently Asked Questions (FAQ)

Q1: What is considered personal data under the DPDP Act?

A: Any digital information that identifies or relates to an individual, such as name, email, IP address, biometric data, etc.

Q2: Can I withdraw my consent once given?

A: Yes, consent can be withdrawn at any time by the Data Principal, and processing must stop unless covered under deemed consent or legal obligation.

Q3: What should I do if I suspect a data breach?

A: Immediately notify the internal IT/security team or the Data Protection Officer.

Q4: What are my rights as a Data Principal?

A: Right to access, correct, delete data, and grievance redressal.

Q5: Who do I contact for privacy-related concerns?

A: Reach out to our Grievance Officer at [Insert Email].

13. Review and Amendments

This Policy will be reviewed annually or as required due to changes in law or business operations. Amendments will be communicated to all stakeholders accordingly.

14. Contact Information

Grievance Officer

Mr. Sanket Chouksey

legal@mindzvue.com