Privacy Policy

Privacy Policy

1. PURPOSE & SCOPE

1. PURPOSE & SCOPE

The purpose of this Privacy Policy (hereinafter, referred to as "Policy") is to establish a comprehensive framework that ensures the secure and compliant handling of Personal Data within DPO Club (hereinafter, referred to as "Organization", "us", "we", "our"). This Policy underscores our unwavering commitment to safeguarding the rights of Data Subjects, including chapter chairs, volunteers, and participants, in strict accordance with the Digital Personal Data Protection Act (DPDPA).

The purpose of this Privacy Policy (hereinafter, referred to as "Policy") is to establish a comprehensive framework that ensures the secure and compliant handling of Personal Data within DPO Club (hereinafter, referred to as "Organization", "us", "we", "our"). This Policy underscores our unwavering commitment to safeguarding the rights of Data Subjects, including chapter chairs, volunteers, and participants, in strict accordance with the Digital Personal Data Protection Act (DPDPA).

This Privacy Policy applies to all individuals involved with the Organization, including visitors to our website, chapter chairs, prospective volunteers, and participants in our events.

This Privacy Policy applies to all individuals involved with the Organization, including visitors to our website, chapter chairs, prospective volunteers, and participants in our events.

2. PERSONAL DATA WE COLLECT FROM YOU

2. PERSONAL DATA WE COLLECT FROM YOU

We may collect personal information from individuals through various means, including registration forms, volunteer applications, and event participation. The types of personal data we may collect include:

We may collect personal information from individuals through various means, including registration forms, volunteer applications, and event participation. The types of personal data we may collect include:

Personal Data:

· Full Name

· Email Address

· Phone Number

· Country/Region

· Address/Location

· Organization Affiliation (if any)

· Tokenised information of Affiliated registered entities as per the direction of RBI

Device Data:

· IP Address

3. HOW AND WHEN WE COLLECT YOUR INFORMATION

3. HOW AND WHEN WE COLLECT YOUR INFORMATION

We collect and process information when you engage in the following activities:

We collect and process information when you engage in the following activities:

· Visiting our website and providing us with your details to get in touch, or contacting us via social media.

· Visiting our website and providing us with your details to get in touch, or contacting us via social media.

· Registering as a chapter chair or volunteer or participant for our events.

· Registering as a chapter chair or volunteer or participant for our events.

· Participating in our events and activities.

· Participating in our events and activities.

· Making payments for training or event registrations.

· Making payments for training or event registrations.

We also collect information through various technologies, such as cookies, when you visit our site.

We also collect information through various technologies, such as cookies, when you visit our site.

Where payment is made for training or event registration, the act of completing such payment constitutes your consent to the collection and use of the personal data provided, for the purpose of delivering the registered service.

Where payment is made for training or event registration, the act of completing such payment constitutes your consent to the collection and use of the personal data provided, for the purpose of delivering the registered service.

4. USE OF INFORMATION

4. USE OF INFORMATION

We may collect, hold, use, and disclose information for the following purposes:

We may collect, hold, use, and disclose information for the following purposes:

· To process registrations and volunteer applications.

· To process registrations and volunteer applications.

· To communicate with you regarding event-related updates, sessions, schedules, and logistics.

· To communicate with you regarding event-related updates, sessions, schedules, and logistics.

· To facilitate networking opportunities among participants and volunteers.

· To facilitate networking opportunities among participants and volunteers.

· To add you to our WhatsApp Group and Community where we share information regarding events and updates from DPO Club.

· To add you to our WhatsApp Group and Community where we share information regarding events and updates from DPO Club.

· To improve our programs and services.

· To improve our programs and services.

· To comply with legal and regulatory requirements.

· To comply with legal and regulatory requirements.

· To process training and event registration payments through applicable payment aggregators.

· To process training and event registration payments through applicable payment aggregators.

5. SHARING YOUR INFORMATION WITH OTHER ENTITIES

5. SHARING YOUR INFORMATION WITH OTHER ENTITIES

● We may share your Personal Data with third parties, including service providers and vendors, that have been contracted to offer services on our behalf. These entities are only permitted to use the disclosed data in accordance with our instructions. We do not sell or disclose your personal information to any third party for purposes other than those described in this Policy.

● We may share your Personal Data with third parties, including service providers and vendors, that have been contracted to offer services on our behalf. These entities are only permitted to use the disclosed data in accordance with our instructions. We do not sell or disclose your personal information to any third party for purposes other than those described in this Policy.

● DPO Club has entered into a Data Privacy Agreement with its payment gateway partner(s) and/or applicable payment aggregators, and all privacy obligations undertaken by DPO Club are correspondingly extended to and binding upon them. DPO Club does not collect or store any financial or payment data. We receive only remittance confirmation necessary for service delivery or refund processing. All detailed transaction data, including any financial data regulated by the Reserve Bank of India (RBI), is processed and held solely by the applicable payment aggregator, whose privacy policy and applicable RBI regulations further govern the handling of such data.

● DPO Club has entered into a Data Privacy Agreement with its payment gateway partner(s) and/or applicable payment aggregators, and all privacy obligations undertaken by DPO Club are correspondingly extended to and binding upon them. DPO Club does not collect or store any financial or payment data. We receive only remittance confirmation necessary for service delivery or refund processing. All detailed transaction data, including any financial data regulated by the Reserve Bank of India (RBI), is processed and held solely by the applicable payment aggregator, whose privacy policy and applicable RBI regulations further govern the handling of such data.

6. YOUR RIGHTS

6. YOUR RIGHTS

Data subjects have certain rights under the DPDPA in relation to the personal data held by us. These rights include:

Data subjects have certain rights under the DPDPA in relation to the personal data held by us. These rights include:

· Right to access: You have the right to obtain confirmation of whether your personal data is being processed and access to that information.

· Right to access: You have the right to obtain confirmation of whether your personal data is being processed and access to that information.

· Right to rectification: You have the right to request the correction of inaccurate or incomplete personal data.

· Right to rectification: You have the right to request the correction of inaccurate or incomplete personal data.

· Right to erasure: You have the right to request the deletion of your personal data if the processing is not necessary or the purpose of the processing ceases to exist.

· Right to erasure: You have the right to request the deletion of your personal data if the processing is not necessary or the purpose of the processing ceases to exist.

· Right to be informed: You have the right to be aware of how your personal information is collected, processed, and used by us.

· Right to be informed: You have the right to be aware of how your personal information is collected, processed, and used by us.

· Right to withdraw consent: You can revoke your permission for data processing at any time.

· Right to withdraw consent: You can revoke your permission for data processing at any time.

· Right to object: You can contest the processing of your personal data for specific reasons.

· Right to object: You can contest the processing of your personal data for specific reasons.

· Right to nominate: You have the right to nominate, who in case of your death or incapacity exercise these rights

· Right to nominate: You have the right to nominate, who in case of your death or incapacity exercise these rights

· Right to grievance redressal: You have the right to register your grievances with regards to the processing your Personal Data shared with us. You can contact on info@dpoclub.in for this.

· Right to grievance redressal: You have the right to register your grievances with regards to the processing your Personal Data shared with us. You can contact on info@dpoclub.in for this.

To exercise any of these rights, please contact us using the information provided in Section 9.

To exercise any of these rights, please contact us using the information provided in Section 9.

7. DATA STORAGE AND RETENTION

7. DATA STORAGE AND RETENTION

We keep your Personal Data for as long as needed to fulfil the purpose for which it was collected or until you withdraw your consent, whichever happens first. The duration of this retention may vary depending on the specific use of your information and as mandated by applicable law.

We keep your Personal Data for as long as needed to fulfil the purpose for which it was collected or until you withdraw your consent, whichever happens first. The duration of this retention may vary depending on the specific use of your information and as mandated by applicable law.

8. DATA SECURITY MEASURES

8. DATA SECURITY MEASURES

We are committed to safeguarding and protecting personal information. We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to protect any personal information provided to us from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal information transmitted, stored, or otherwise processed. As DPO Club does not store any financial data, all payment security is governed by the applicable payment aggregator in compliance with industry standards.

We are committed to safeguarding and protecting personal information. We have implemented appropriate technical and organizational measures to ensure a level of security appropriate to protect any personal information provided to us from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal information transmitted, stored, or otherwise processed. As DPO Club does not store any financial data, all payment security is governed by the applicable payment aggregator in compliance with industry standards.

9. CONTACT US

9. CONTACT US

For any requests concerning your rights, or if you have any questions or concerns regarding this Privacy Policy, please contact us at:

For any requests concerning your rights, or if you have any questions or concerns regarding this Privacy Policy, please contact us at:

Email: info@dpoclub.in

Email: info@dpoclub.in

DPO CLUB APP — PRIVACY NOTICE

DPO CLUB APP — PRIVACY NOTICE

This section explains how DPO Club ("DPO Club", "we", "us", "our") collects and processes personal data through the DPO Club App (the "App") — a mobile application that lets registered participants access DPO Club events, including the Namma Privacy Conference, view their entry pass, browse the agenda, speakers, sponsors and exhibitors and venue floor maps, and receive event updates.

This App Privacy Notice supplements, and must be read together with, the DPO Club Privacy Policy above. Where this notice is silent, the main Privacy Policy
applies. Capitalised terms such as "Data Principal", "Data Fiduciary" and "personal data" have the meaning given to them under India's Digital Personal
Data Protection Act, 2023 and the rules made under it (together, the "DPDP Act").

For the purposes of the App, DPO Club is the Data Fiduciary that determines the
purpose and means of processing your personal data.


  1. PERSONAL DATA WE PROCESS IN THE APP

    a. Registration and identity data: your name, email address, organisation, registration/ticket number, ticket type and participant category. Most of this originates from your event registration and is mad available to you in the App — the App does not ask you to re-enter it.

    b. Student-concession data (only if you register on a student pass): your student identification number and institution name, used solely to verify eligibility for the concessional pass at the venue.

    c. Event-participation data: entry / check-in records for each conference day and for the gala dinner (including date, time and the authorised staff member who recorded the entry), and your access entitlements.

    d. Device and technical data: a push-notification token and your device platform (used to deliver notifications), and basic diagnostic information needed to operate the App.

    e. Camera: on authorised organiser and volunteer devices only, the App uses the device camera to scan entry QR codes. The camera is processed on the device for scanning; camera images are not stored by us.

  2. HOW WE USE YOUR PERSONAL DATA (PURPOSES)

    • to verify your identity and sign you in (your registration number together with your registered email);

    • to display your entry pass / QR code, the event agenda, speaker profiles, sponsors and exhibitors, and venue floor maps;

    • to manage entry and check-in for each conference day and the gala dinner, including verifying that a pass includes the relevant access;

    • to verify student eligibility at entry (student passes only);

    • to send you event-related announcements and notifications;

    • to maintain the security, integrity and auditability of event access.

  3. LAWFUL BASIS AND CONSENT

    We process your personal data on the basis of your consent and, where applicable, as a legitimate use under the DPDP Act — namely the personal data you voluntarily provided for the specified purpose of registering for and attending the event. You may withdraw your consent at any time (see Section 7). Withdrawing consent is as easy as giving it. Please note that some features — such as notifications or on-site check-in — may not work without the related data, and withdrawal does not affect processing carried out before withdrawal.

  4. NOTIFICATIONS AND CAMERA PERMISSIONS

    • Notifications are optional. We use them to send event updates and announcements. You can enable or disable them at any time in your device
      settings.

    • The camera permission is used only by authorised event staff to scan entry QR codes. It is not used for general attendee features, and scanned images
      are not retained.

  5. SHARING AND SERVICE PROVIDERS

    We do not sell your personal data. We share it only:

    • with service providers who process personal data on our behalf, under appropriate contractual safeguards and solely to operate the App — including our cloud hosting and database provider and our push-notification delivery provider; and

    • where required to comply with applicable law, regulation or a lawful request.

    • If you download the App from an app store, the relevant app store may collect
      data about your download and use of the App as an independent controller,
      governed by its own privacy policy.

  6. CROSS-BORDER PROCESSING

    Our service providers may store or process personal data on infrastructure located outside India. Any such transfer is carried out in accordance with the
    DPDP Act and is not made to any country or territory restricted by the Central Government for this purpose.

  7. YOUR RIGHTS AND CHOICES

    As a Data Principal, you have the right to:

    • access a summary of your personal data and how it is processed;

    • correct, complete or update your personal data;

    • erase your personal data where it is no longer required;

    • withdraw your consent;

    • have your grievance redressed; and

    • nominate another individual to exercise your rights in the event of your
      death or incapacity.

    To exercise any of these rights, or to withdraw consent, email
    info@dpoclub.in. We will respond within the timelines prescribed under the
    DPDP Act and its rules. You may also uninstall the App at any time.

  8. DATA RETENTION

    We retain App-related personal data only for as long as necessary for the purposes set out above — generally for the duration of the event and a limited
    period afterwards for records, reconciliation and security — after which it is deleted or anonymised, unless a longer retention period is required by law.
    Your push-notification token is deleted when you withdraw consent, disablenotifications, or uninstall the App.

  9. CHILDREN

    The App and DPO Club events are intended for participants aged 18 years andabove and are not directed at children. We do not knowingly process the
    personal data of a child without the verifiable consent of a parent or lawful guardian as required under the DPDP Act, and we do not undertake tracking,
    behavioural monitoring or targeted advertising directed at children. If you believe a child's personal data has been provided to us, please contact us and
    we will take appropriate action.

  10. SECURITY

We implement reasonable technical and organisational safeguards to protect personal data in the App, including encryption of data in transit, restricted database access, and role-based access controls for authorised event staff.
No method of transmission or storage is completely secure; we maintain measures appropriate to the nature and sensitivity of the data we process.

  1. GRIEVANCES, CONTACT AND THE DATA PROTECTION BOARD

If you have any questions, requests or complaints about how the App handle your personal data, please contact our grievance officer:

Email: info@dpoclub.in WhatsApp: +91 7510050868

If you are not satisfied with our response, you have the right to lodge a complaint with the Data Protection Board of India.

  1. CHANGES TO THIS NOTICE

We may update this App Privacy Notice from time to time. The current version will always be available on our website, and material changes will be notified in the App or by other appropriate means.

This section explains how DPO Club ("DPO Club", "we", "us", "our") collects and processes personal data through the DPO Club App (the "App") — a mobile application that lets registered participants access DPO Club events, including the Namma Privacy Conference, view their entry pass, browse the agenda, speakers, sponsors and exhibitors and venue floor maps, and receive event updates.

This App Privacy Notice supplements, and must be read together with, the DPO Club Privacy Policy above. Where this notice is silent, the main Privacy Policy
applies. Capitalised terms such as "Data Principal", "Data Fiduciary" and "personal data" have the meaning given to them under India's Digital Personal
Data Protection Act, 2023 and the rules made under it (together, the "DPDP Act").

For the purposes of the App, DPO Club is the Data Fiduciary that determines the
purpose and means of processing your personal data.


  1. PERSONAL DATA WE PROCESS IN THE APP

    a. Registration and identity data: your name, email address, organisation, registration/ticket number, ticket type and participant category. Most of this originates from your event registration and is mad available to you in the App — the App does not ask you to re-enter it.

    b. Student-concession data (only if you register on a student pass): your student identification number and institution name, used solely to verify eligibility for the concessional pass at the venue.

    c. Event-participation data: entry / check-in records for each conference day and for the gala dinner (including date, time and the authorised staff member who recorded the entry), and your access entitlements.

    d. Device and technical data: a push-notification token and your device platform (used to deliver notifications), and basic diagnostic information needed to operate the App.

    e. Camera: on authorised organiser and volunteer devices only, the App uses the device camera to scan entry QR codes. The camera is processed on the device for scanning; camera images are not stored by us.

  2. HOW WE USE YOUR PERSONAL DATA (PURPOSES)

    • to verify your identity and sign you in (your registration number together with your registered email);

    • to display your entry pass / QR code, the event agenda, speaker profiles, sponsors and exhibitors, and venue floor maps;

    • to manage entry and check-in for each conference day and the gala dinner, including verifying that a pass includes the relevant access;

    • to verify student eligibility at entry (student passes only);

    • to send you event-related announcements and notifications;

    • to maintain the security, integrity and auditability of event access.

  3. LAWFUL BASIS AND CONSENT

    We process your personal data on the basis of your consent and, where applicable, as a legitimate use under the DPDP Act — namely the personal data you voluntarily provided for the specified purpose of registering for and attending the event. You may withdraw your consent at any time (see Section 7). Withdrawing consent is as easy as giving it. Please note that some features — such as notifications or on-site check-in — may not work without the related data, and withdrawal does not affect processing carried out before withdrawal.

  4. NOTIFICATIONS AND CAMERA PERMISSIONS

    • Notifications are optional. We use them to send event updates and announcements. You can enable or disable them at any time in your device
      settings.

    • The camera permission is used only by authorised event staff to scan entry QR codes. It is not used for general attendee features, and scanned images
      are not retained.

  5. SHARING AND SERVICE PROVIDERS

    We do not sell your personal data. We share it only:

    • with service providers who process personal data on our behalf, under appropriate contractual safeguards and solely to operate the App — including our cloud hosting and database provider and our push-notification delivery provider; and

    • where required to comply with applicable law, regulation or a lawful request.

    • If you download the App from an app store, the relevant app store may collect
      data about your download and use of the App as an independent controller,
      governed by its own privacy policy.

  6. CROSS-BORDER PROCESSING

    Our service providers may store or process personal data on infrastructure located outside India. Any such transfer is carried out in accordance with the
    DPDP Act and is not made to any country or territory restricted by the Central Government for this purpose.

  7. YOUR RIGHTS AND CHOICES

    As a Data Principal, you have the right to:

    • access a summary of your personal data and how it is processed;

    • correct, complete or update your personal data;

    • erase your personal data where it is no longer required;

    • withdraw your consent;

    • have your grievance redressed; and

    • nominate another individual to exercise your rights in the event of your
      death or incapacity.

    To exercise any of these rights, or to withdraw consent, email
    info@dpoclub.in. We will respond within the timelines prescribed under the
    DPDP Act and its rules. You may also uninstall the App at any time.

  8. DATA RETENTION

    We retain App-related personal data only for as long as necessary for the purposes set out above — generally for the duration of the event and a limited
    period afterwards for records, reconciliation and security — after which it is deleted or anonymised, unless a longer retention period is required by law.
    Your push-notification token is deleted when you withdraw consent, disablenotifications, or uninstall the App.

  9. CHILDREN

    The App and DPO Club events are intended for participants aged 18 years andabove and are not directed at children. We do not knowingly process the
    personal data of a child without the verifiable consent of a parent or lawful guardian as required under the DPDP Act, and we do not undertake tracking,
    behavioural monitoring or targeted advertising directed at children. If you believe a child's personal data has been provided to us, please contact us and
    we will take appropriate action.

  10. SECURITY

We implement reasonable technical and organisational safeguards to protect personal data in the App, including encryption of data in transit, restricted database access, and role-based access controls for authorised event staff.
No method of transmission or storage is completely secure; we maintain measures appropriate to the nature and sensitivity of the data we process.

  1. GRIEVANCES, CONTACT AND THE DATA PROTECTION BOARD

If you have any questions, requests or complaints about how the App handle your personal data, please contact our grievance officer:

Email: info@dpoclub.in WhatsApp: +91 7510050868

If you are not satisfied with our response, you have the right to lodge a complaint with the Data Protection Board of India.

  1. CHANGES TO THIS NOTICE

We may update this App Privacy Notice from time to time. The current version will always be available on our website, and material changes will be notified in the App or by other appropriate means.