Privacy Policy
ILLUME Intelligence Private Limited ("we", "our", "us") operates The DPDP Act Assessment Platform (thedpdpact.co.in) ("Platform"). This Privacy Policy explains how we collect, use, store, share, and protect your personal data when you access or use our Platform.
We are committed to handling your data responsibly and in full compliance with India's Digital Personal Data Protection Act 2023, the Information Technology Act 2000, and applicable MeitY Guidelines.
Contents
- 1. Introduction
- 2. Data Fiduciary
- 3. Personal Data We Collect
- 4. Purpose and Legal Basis for Processing
- 5. How We Use Your Assessment Data
- 6. Data Sharing and Disclosure
- 7. Cross-Border Data Transfers
- 8. Data Retention
- 9. Cookies and Tracking Technologies
- 10. Your Rights as a Data Principal
- 11. Data Security
- 12. Children's Data
- 13. Grievance Officer
- 14. Changes to This Privacy Policy
- 15. Governing Law
- 16. Contact Us
1. Introduction
This Privacy Policy explains how ILLUME Intelligence Private Limited collects, uses, stores, shares, and protects personal data through the Platform.
By using the Platform, you agree to the terms of this Privacy Policy and consent to the processing of your personal data in accordance with applicable law.
2. Data Fiduciary — Who We Are
ILLUME Intelligence Private Limited is the Data Fiduciary under the DPDP Act 2023 for the personal data collected through the Platform.
- Legal Name: ILLUME Intelligence Private Limited
- Registered in India
- Contact: security@illume.in
- Address: ILLUME Intelligence Private Limited, Kerala, India
3. Personal Data We Collect
We collect the data necessary to operate the Platform, provide assessments, and communicate with you.
Registration Data
- Full name and designation
- Official email address
- Organisation name, industry, and size
- Contact number
Assessment Data
- Responses to assessment questionnaires
- Details of data processing activities and existing controls
- Information about policies, consents, and data flows
Technical Data
- IP address and browser/device information
- Usage logs and session details
- Cookies and similar tracking technologies
4. Purpose and Legal Basis for Processing
We process your personal data only for lawful purposes related to the delivery of the Platform and compliance with legal obligations.
Service Delivery
To provide gap assessments, compliance reports, and supporting Platform services.
Platform Improvement
To analyse aggregated usage data and enhance the Platform over time.
Legal Compliance
To comply with applicable laws, regulations, and lawful government requests.
Communication
To respond to inquiries and deliver assessment-related notifications.
5. How We Use Your Assessment Data
Your assessment data is used to generate reports and recommendations, and to support the Platform’s functionality.
- We do not sell your assessment information.
- We do not use your data for advertising or profiling.
- We share identifiable data only with your explicit consent or when required by law.
7. Cross-Border Data Transfers
Data is stored in India. If any processing occurs outside India, we will ensure it is conducted under appropriate safeguards permitted by the DPDP Act 2023.
8. Data Retention
We retain personal data only as long as necessary to fulfil the purposes described in this Policy, or as required by law.
- Assessment data: retained for up to 24 months and then deleted or anonymised.
- Account data: retained while your account is active and for up to 12 months thereafter.
- Communication records: retained for up to 12 months.
- Technical logs: retained for up to 90 days.
10. Your Rights as a Data Principal
- Access: Request details of the data we hold about you.
- Correction: Request updates to inaccurate data.
- Erasure: Request deletion of personal data where permitted.
- Grievance Redressal: Raise a complaint with our Grievance Officer.
- Withdraw Consent: Withdraw consent without affecting prior processing.
- Nomination: Nominate an individual to exercise your rights in the event of death or incapacity.
Contact mail@illume.in to exercise your rights. We will respond within the timelines prescribed under the DPDP Act 2023.
11. Data Security
We maintain technical and organisational measures to protect personal data from unauthorised access, loss, or disclosure.
- SSL/TLS encryption for data in transit
- Encryption at rest
- Role-based access controls
- Regular security assessments
12. Children's Data
The Platform is intended for professionals and organisations. We do not knowingly collect personal data from individuals under 18 years of age. If we learn that such data has been collected, we will delete it promptly.
13. Grievance Officer
- Name: Grievance Officer, ILLUME Intelligence Private Limited
- Email: mail@illume.in
- Response target: Within 48 hours; resolution within 30 days
If you are not satisfied with our response, you may escalate your grievance to the Data Protection Board of India once constituted.
14. Changes to This Privacy Policy
We may update this Privacy Policy to reflect changes in the Platform, our practices, or applicable law. We will update the effective date and notify users when changes are material.
15. Governing Law
This Privacy Policy is governed by Indian law, including the Digital Personal Data Protection Act 2023 and the Information Technology Act 2000. Disputes will be subject to the courts in Kerala, India.
16. Contact Us
- Email: mail@illume.in
- Address: ILLUME Intelligence Private Limited, Kerala, India
- Phone: +91 6235 24 7 365
We are committed to resolving privacy concerns promptly and transparently.