Bima Samadhan: Trusted for Insurance Grievance & RTI: Privacy Policy - Bima Samadhan

Privacy Policy - Bima Samadhan

Bima Samadhan ("Company," "we," "our," or "us") is committed to protecting the privacy of individuals ("you" or "Users") who visit our website located at www.bimasamadhan.in ("Website") and use the services provided therein ("Services"). This Privacy Policy outlines our policies and practices regarding the collection, use, storage, processing, and disclosure of personal information, in compliance with applicable Indian laws, including the Digital Personal Data Protection Act, 2023 ("DPDP Act") and the Information Technology Act, 2000 ("IT Act"), along with associated rules and regulations ("Applicable Law").

By accessing or using the Website and Services, you agree to the terms of this Privacy Policy. If you do not agree with any terms, please refrain from using the Website or Services. This Privacy Policy forms part of and is incorporated into the Terms of Use of the Website.

1. Introduction


1.1. Scope of this Privacy Policy

This Privacy Policy applies to all operations of Bima Samadhan, including visitors to our Website and users of our Services. It covers how we collect, use, store, process, and disclose your personal information and outlines the principles that guide our privacy practices in line with Applicable Law.

1.2. Updates to this Privacy Policy

We may update this Privacy Policy periodically to reflect changes in Applicable Law, technology, or our business practices. Any updates will be posted on this page, and the "Last Updated" date at the top of this document will indicate the date of the most recent revisions. Users are encouraged to review this Privacy Policy regularly to stay informed of any changes.

2. Definitions


2.1. Personal Data

"Personal Data" refers to any information relating to an identified or identifiable natural person, including but not limited to name, contact information, identification numbers, location data, online identifiers, and other factors specific to the identity of an individual.

2.2. Sensitive Personal Data or Information (SPDI)

"Sensitive Personal Data or Information (SPDI)" includes information related to:

  • Passwords;
  • Financial information, such as bank account or payment instrument details;
  • Biometric data;
  • Health data;
  • Sexual orientation;
  • Any detail relating to the above information categories;
  • Any information received by the Company for processing, which is stored or processed under lawful contract or otherwise.

2.3. Data Principal

"Data Principal" means the individual to whom the personal data relates, including users of the Website and Services.

2.4. Data Fiduciary

"Data Fiduciary" refers to the entity that determines the purpose and means of processing personal data, which in this case is Bima Samadhan.

2.5. Processing

"Processing" includes any operation performed on personal data, such as collection, recording, organization, structuring, storage, adaptation, retrieval, consultation, use, disclosure, dissemination, or deletion.

3. Types of Personal Information Collected


3.1. Categories of Data Collected

We collect various types of personal data, which include but are not limited to the following categories:

  • Personal Data: Information such as your full name, address, email address, contact number, date of birth, gender, occupation, and other identifying information.
  • Sensitive Personal Data or Information (SPDI): Passwords, financial details (e.g., credit card, debit card, or bank account information), biometric data (e.g., fingerprints or facial recognition), and health-related information.
  • Usage Data: Technical data collected when you interact with our Website, including IP addresses, browser types, operating systems, referring URLs, page views, clicks, and other actions taken on the Website.
  • Communications Data: Information you provide when you contact us for support or through any other communication medium.

3.2. Methods of Collection

Personal information is collected through:

  • Direct Collection: Information you provide directly, such as when registering on the Website, filling out forms, making inquiries, or engaging in transactions.
  • Automated Collection: Data automatically collected through cookies, server logs, and similar technologies to track and improve user experience.
  • Third-Party Sources: Information obtained from third parties, such as social media networks, data partners, or service providers.
  • Correspondence: Personal information collected through email, phone calls, or other correspondence.

4. Purpose and Use of Personal Information


4.1. Primary Purposes

The primary purposes for which we collect and process your personal data include:

  • Service Delivery: To facilitate the provision of our Services, process transactions, verify identity, and provide customer support.
  • Communication: To respond to your inquiries, provide updates regarding your use of the Website and Services, and send administrative information.
  • Personalization: To tailor the content and resources provided to you based on your preferences and activities on the Website.
  • Improvement of Services: To improve the functionality, performance, and user experience of the Website and Services through data analysis and user feedback.

4.2. Secondary Purposes

The secondary purposes for which we may process your personal data include:

  • Marketing and Promotions: To send you promotional materials, newsletters, or other information about our Services, subject to your consent.
  • Research and Analytics: To conduct research and analyze user behavior to improve our business strategies.
  • Security and Fraud Prevention: To monitor for security threats, prevent fraudulent activities, and ensure compliance with our Terms of Use and other legal obligations.
  • Legal Compliance: To comply with court orders, regulatory requests, or any other legal obligations.

5. Legal Basis for Processing Personal Information


5.1. Consent

Processing of your sensitive personal data will only occur with your explicit consent. You may withdraw your consent at any time; however, this may affect your ability to use certain features of the Website.

5.2. Contractual Necessity

Processing is necessary for the performance of a contract to which you are a party, such as fulfilling service requests or transactions.

5.3. Legal Obligations

We may process personal data to comply with statutory requirements, including but not limited to tax laws, regulatory compliance, and court orders.

5.4. Legitimate Interests

Processing is necessary for our legitimate business interests, such as improving our Services, protecting against fraud, or maintaining security.

6. User Rights Under the DPDP Act


6.1. Right to Access

You have the right to obtain confirmation of whether your personal data is being processed and access the data in an intelligible format.

6.2. Right to Correction

You may request that we correct any inaccurate, incomplete, or outdated personal data.

6.3. Right to Erasure

You may request the deletion of personal data that is no longer necessary for the purposes for which it was collected, or if the processing was based on consent and such consent has been withdrawn.

6.4. Right to Data Portability

You have the right to request your personal data in a structured, commonly used, and machine-readable format, or to transfer it to another data fiduciary.

6.5. Right to Withdraw Consent

You may withdraw your consent for processing sensitive personal data at any time by notifying us, and we will cease processing activities related to the withdrawn consent.

6.6. Right to Grievance Redressal

You have the right to file a complaint regarding any grievances related to the processing of your personal data. Details for submitting a complaint are provided in Section 11 of this Policy.

7. Data Retention and Security Practices


7.1. Data Retention

Personal data will be retained only for as long as it is necessary to fulfill the purposes for which it was collected, or as required by law. We will securely delete or anonymize personal data that is no longer needed.

7.2. Data Security Measures

We implement reasonable security practices to protect personal data from unauthorized access, modification, disclosure, or destruction, including:

  • Encryption and data masking;
  • Access controls and authentication;
  • Secure storage environments;
  • Regular audits and monitoring of data processing activities.

7.3. Data Breach Notification

In the event of a data breach, we will notify affected Data Principals and the Data Protection Board of India as required under the DPDP Act.

8. Cookies and Tracking Technologies


8.1. Use of Cookies

We use cookies and similar tracking technologies to collect and store information about your interaction with the Website. This helps us enhance the Website’s functionality and improve the user experience.

8.2. Types of Cookies Used

  • Essential Cookies: Necessary for the operation of the Website.
  • Performance Cookies: Collect information about how you use the Website.
  • Functionality Cookies: Remember your preferences.
  • Targeting/Advertising Cookies: Track browsing habits to show relevant ads.

8.3. Managing Cookies

You may manage or disable cookies through your browser settings. However, disabling cookies may affect the Website's functionality.

9. Disclosure of Personal Information


9.1. Legal Requirements

We may disclose personal data as required by law, such as compliance with a subpoena, court order, or regulatory request.

9.2. Service Providers

We may share personal data with service providers who perform functions on our behalf, including payment processing, data analytics, customer support, and marketing.

9.3. Business Transfers

In the event of a merger, acquisition, or sale of assets, personal data may be transferred as part of the transaction.

9.4. Protection of Our Rights

We may disclose personal data to protect our rights, enforce our policies, prevent fraud, and ensure the security of our systems.

10. Cross-Border Data Transfers


10.1. Transfer Mechanisms

We may transfer personal data to jurisdictions outside India, ensuring that such transfers comply with Applicable Law, including the DPDP Act's requirements for adequate protection.

10.2. User Consent

Where required, we will obtain your consent before transferring your data to a jurisdiction outside India.

11. Grievance Redressal Mechanism


11.1. Grievance Officer

The Grievance Officer is responsible for addressing complaints regarding the processing of personal data. The contact details are as follows:

11.2. Complaint Handling Procedure

We aim to acknowledge all complaints within 10 working days and resolve them within one month. If you are dissatisfied with the response, you may escalate the matter to the Data Protection Board of India.

12. Data Protection Officer (DPO)

If required under the DPDP Act, we will appoint a Data Protection Officer to oversee compliance with data protection laws and act as a point of contact for Data Principals regarding personal data processing.

13. Amendments to this Privacy Policy


13.1. Notification of Changes

We reserve the right to amend this Privacy Policy at any time. Any changes will be posted on this page with the "Last Updated" date revised accordingly.

13.2. User Acceptance

Your continued use of the Website and Services following any changes constitutes your acceptance of the revised Privacy Policy.

14. Contact Information

For any queries or concerns regarding this Privacy Policy, please contact the Grievance Officer at help@bimasamadhan.in


Subscribe to: Posts (Atom)