- 3.1.1. Section 43A of the Information Technology Act, 2000;
- 3.1.2. Regulation 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011 (“SPI Rules”); and
- 3.1.3. Regulation 3(1) of the Information Technology (Intermediaries Guidelines) Rules, 2011.
- 4.1 Personal information is information related to a visitor, or a combination of pieces of information that could reasonably allow him to be identified. Personal information may consist of full name, personal contact numbers, residential address, email address, gender or date of birth. While information such as date of birth in isolation may not be enough to uniquely identify the visitor, a combination of full name and date of birth may be sufficient to do so.
- 4.2. Sensitive personal data or information is such personal information that is collected, received, stored, transmitted or processed by the Company, consisting of:
- Financial information such as bank account or credit card or debit card or other payment instrument details;
- Physical, physiological and mental health condition;
- Sexual orientation;
- Medical records and history;
- Biometric information;
- Any detail relating to the above personal information categories as provided to the Company for providing service; and
- Any of the information received under above personal information categories by the Company for processing, stored or processed under lawful contract or otherwise.
Please note that any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal information.