Introduction

At Bankai Infotech Limited, we take data privacy seriously. This Data Protection Policy outlines our commitment to comply with the Digital Personal Data Protection Act, 2023 (DPDPA) and European Union’s General Data Protection Regulation (GDPR). The Data Protection rules herein sets out the rules for how personal data must be collected, processed, and stored by businesses. 

INDIAN DATA PROTECTION LAWS

India’s data protection framework is governed by the Information Technology Act, 2000, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (SPDI Rules), and the recently enacted Digital Personal Data Protection Act, 2023 (DPDPA). These laws standardize the handling of personal data across India and impose strict requirements on organizations for collecting, processing, and storing personal information.
The DPDPA extends enhanced rights to individuals (data principals), including the right to access, correct, and erase personal data, and ensures that organizations (data fiduciaries) uphold principles of transparency, accountability, and security when managing such data. Consent is central to data processing, ensuring individuals retain control over their personal information.
If you are an Indian resident, rest assured that we process your information in compliance with the DPDPA, 2023, SPDI Rules, and other applicable Indian regulations.

Your Rights Under the DPDPA 2023, you have the following rights in respect of your personal data: 
Right to Access: Know what personal data is being collected and how it is being used.
Right to Correction and Erasure: Request corrections to inaccurate data and erasure when no longer required.
Right to Consent & Withdrawal: Personal data processing requires explicit consent, which can be withdrawn at any time.
Right to Nominate a Representative: Nominate a person to act on behalf of the individual in case of incapacity.
Right to Grievance Redressal: Lodge complaints with the Data Protection Board of India (DPBI) in case of violations.

Data Transfers Under Indian Law

We may transfer personal data outside India, ensuring compliance with DPDPA, 2023, and government-imposed safeguards for cross-border data transfers.

To uphold data security, we implement industry-standard Reasonable Security Practices and Procedures and execute necessary data processing agreements with our partners and stakeholders. We are committed to ensuring that your personal data is managed securely and in compliance with all legal requirements.
For more information about Indian data protection laws, please refer to the official guidelines and notifications issued by the Ministry of Electronics and Information Technology (MeitY), Government of India.

Definitions ‘Personal data’ means any information relating to an identified or identifiable natural person (‘data subject’). ‘Processing’ means any operation or set of operations which is performed on personal data or on sets of personal data. ‘Controller’ means the natural or legal person, public authority, agency or other body which determines the purposes and means of the processing of personal data. 

Our Role at Bankai Infotech Limited is the data controller for the personal data we collect through our website. We determine the purposes and means of the processing of that personal data. 

Principles of GDPR We adhere to the principles relating to processing of personal data set out in the GDPR which require personal data to be: 
(a) processed lawfully, fairly and in a transparent manner; (b) collected only for specified, explicit and legitimate purposes; (c) adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed; (d) accurate and where necessary kept up to date; (e) not kept in a form which permits identification of data subjects for longer than is necessary for the purposes for which the data is processed; (f) processed in a manner that ensures its security using appropriate technical and organisational measures to protect against unauthorised or unlawful processing and against accidental loss, destruction or damage. 

Your Rights Under GDPR Under the GDPR, you have the following rights in respect of your personal data: 
The right to be informed about how your personal data is being used. 
The right to access the personal data we hold about you. 
The right to request the correction of inaccurate personal data we hold about you. 
The right to request the erasure of your personal data. 
The right to request the restriction of processing of your personal data. 
The right to object to the processing of your personal data for marketing purposes. 
The right to request the transfer of your personal data to another party. 
If you wish to exercise any of the rights set out above, please contact us at [email protected]. 
Data Transfers We may transfer your personal data to countries outside the European Economic Area (EEA). Where we transfer your personal data outside of the EEA, we will ensure that it is protected in a manner that is consistent with how your personal data will be protected by us in the EEA. This can be done in a number of ways, for instance: 
the country that we send the data to might be approved by the European Commission; 
the recipient might have signed up to a contract based on “model contractual clauses” approved by the European Commission, obliging them to protect your personal data. 
In other circumstances the law may permit us to otherwise transfer your personal data outside the EEA. In all cases, however, we will ensure that any transfer of your personal data is compliant with data protection law. 

 

Data Retention

Compliance & Implementation at Bankai Infotech Limited
To ensure compliance with both Indian and European data protection laws, Bankai Infotech Limited implements:

Reasonable Security Practices as required by the DPDPA, 2023, and SPDI Rules.
GDPR-aligned Data Processing Agreements (DPAs) for international data transfers.
Strict Access Controls & Encryption Measures to protect personal data.
Internal Data Protection Policies to ensure ongoing regulatory compliance.
A Dedicated Data Protection Officer (DPO) to oversee compliance activities.

Changes to This GDPR Policy We reserve the right to update this GDPR Policy at any time. We may also notify you in other ways from time to time about the processing of your personal data. 

Contact If you have any questions about this GDPR Policy or our privacy practices, please contact us at [email protected].