DPDP Act 2023 — Key Obligations
Digital Personal Data Protection Act, 2023 (DPDP Act) Digital Personal Data Protection Rules, 2025 (when notified) Information Technology Act, 2000 — s.43A (Sensitive Personal Data Rules) SEBI, IRDA, RBI regulations — sector-specific data requirements The DPDP Act applies to processing of digital personal data in India, and to processing outside India if related to offering goods/services in India. Significant Data Fiduciaries will face heightened obligations. Consent must be free, specific, informed, unconditional, and unambiguous. Data principals have rights to access, correction, erasure, and grievance redressal.
PRIVACY NOTICE Acme Technologies Pvt Ltd — Digital Personal Data Protection Act, 2023https://www.acmetechnologies.in
Data Fiduciary Acme Technologies Pvt Ltd
Effective Date [Effective Date]
Grievance Officer Priya Sharma | privacy@acme.in 1. Who We Are
Acme Technologies Pvt Ltd , with its registered office at Registered office address , is the Data Fiduciary as defined under the Digital Personal Data Protection Act, 2023 ("DPDP Act"). We are responsible for the personal data you share with us.
2. What Personal Data We Collect
We collect personal data that you provide directly or that is generated through your interaction with our services. This may include: (a) Identity information — name, date of birth, government-issued ID details; (b) Contact information — email address, phone number, mailing address; (c) Account information — username, password (hashed), preferences; (d) Transaction and usage data — service usage, purchase history, log data; (e) Device and technical data — IP address, browser type, cookies; (f) We do not collect sensitive personal data such as financial account numbers, health records, or biometric data as a routine matter.
3. Purposes of Processing
We process your personal data for the following purposes: (a) to provide and operate our services; (b) to communicate with you about your account, transactions, and service updates; (c) to comply with legal and regulatory obligations; (d) to prevent fraud, abuse, and ensure security; (e) to improve our products and services through analytics (in aggregated, de-identified form); (f) to send marketing communications where you have given consent or there is a legitimate interest. We will not process your data for any purpose other than those for which it was collected without your consent or as required by law.
4. Consent
Where we rely on your consent to process personal data, such consent will be: (a) free — not coerced; (b) specific — for a clearly specified purpose; (c) informed — with this Notice provided in advance; (d) unconditional — not bundled with unrelated services; (e) unambiguous — through a clear affirmative action. You have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
5. Legal Bases for Processing
We process personal data on one or more of the following legal bases under the DPDP Act: (a) your consent; (b) legitimate uses permitted by the DPDP Act including employment, provision of services, legal obligation, research/statistics (with appropriate safeguards), medical emergencies; (c) compliance with court orders or statutory obligations.
6. Data Sharing and Disclosure
We may share personal data with: (a) Data Processors — third-party vendors who process data on our behalf under contractual safeguards; (b) Affiliates and subsidiaries — for group-wide services; (c) Law enforcement and regulatory authorities — when required by law or to protect legal rights; (d) Professional advisors — lawyers, auditors, under confidentiality obligations. We do not sell your personal data to third parties.
7. Data Retention
We retain personal data only for as long as necessary to fulfil the purpose for which it was collected, or as required by applicable law. Our general retention period is: As long as necessary for the stated purpose or as required by law. After this period, personal data is securely deleted or anonymised.
8. Your Rights as a Data Principal
Under the DPDP Act, you have the right to: (a) Access — obtain a summary of personal data processed and information about third parties with whom it has been shared; (b) Correction and Erasure — have inaccurate or incomplete data corrected, or request erasure where the purpose has been fulfilled or consent withdrawn; (c) Grievance Redressal — file a complaint with our Grievance Officer if your rights are not addressed; (d) Nominate — nominate another person to exercise rights on your behalf in case of death or incapacity. To exercise any right, please contact us at privacy@acme.in .
9. Grievance Redressal
If you have any complaint, concern, or query about the handling of your personal data, please contact our Grievance Officer: Priya Sharma at privacy@acme.in . We will acknowledge your grievance within 48 hours and endeavour to resolve it within 30 days. If your grievance is not resolved to your satisfaction, you may approach the Data Protection Board of India.
10. Cookies and Tracking
Our website and application may use cookies and similar tracking technologies to improve user experience and analyse usage. You may manage cookie preferences through your browser settings. Essential cookies required for the functioning of the website cannot be disabled.
11. Updates to this Notice
We may update this Privacy Notice from time to time. Material changes will be communicated via email or a prominent notice on our website. Continued use of our services after the update constitutes acceptance of the revised Notice.
Last updated: [Effective Date]
For questions about this Privacy Notice, contact: privacy@acme.in