← Back to Home
This document explains your rights regarding your personal data on Karuna Nidhan and our data handling practices in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act), and Information Technology Act, 2000.
1. Your Fundamental Rights Under DPDP Act 2023
The DPDP Act 2023 grants you the following fundamental rights over your personal data:
1.1 Right to Access Your Data
You have the absolute right to access all personal data Karuna Nidhan holds about you.
- What You Can Access: All personal information, communication records, rescue reports, photos, login history, and any data processed
- Format: Data provided in structured, commonly-used, machine-readable format (CSV, JSON, XML)
- Scope: Includes historical data from account creation to present
- Frequency: You can request access as often as reasonably needed
- Cost: Absolutely free
- Timeline: Provided within 30 days of request
1.2 Right to Correction
You have the right to correct inaccurate or incomplete personal data.
- Corrigible Data: Email, phone number, address, profile information, rescue report details
- Correction Process: Submit corrected information; we verify and update within 7 days
- Timestamp Updates: Correction records include timestamp and reason
- Notification: You're notified when corrections are completed
- Third-Party Notification: When correction affects shared data, we notify relevant recipients
1.3 Right to Erasure (Right to be Forgotten)
Under certain circumstances, you can request deletion of your personal data.
- Valid Erasure Grounds: Data no longer necessary; consent withdrawn; object to processing; unlawful processing
- Non-Erasable Data: Data legally required to be retained; data needed for rescue operations already in progress
- Erasure Process: Request submitted; reviewed for legal compliance; executed within 30 days
- Irreversibility: Erasure is permanent; data cannot be recovered
1.4 Right to Data Portability
You can request your data in portable format to use elsewhere.
- Format: Machine-readable, commonly-used format (CSV, JSON, PDF)
- Scope: All personal data you provided directly
- Transmission: You receive copy directly and can transmit to other organizations
- Cost: Free
- Timeline: Within 30 days of request
1.5 Right to Restrict Processing
You can request limitation of how your data is used.
- Restrict to Essential Only: Data processing limited to account maintenance, legal compliance
- Duration: Until underlying issue is resolved
- Marketing Restrictions: Stop use of data for notifications, recommendations, analytics (except essential)
1.6 Right to Object
You can object to specific types of data processing.
- Marketing Communications: Opt-out of promotional messages
- Behavioral Analytics: Opt-out of usage pattern analysis (except security purposes)
- Third-Party Sharing: Object to data sharing with NGOs for rescue operations
1.7 Right Against Automated Decision-Making
You have rights regarding automated decisions affecting you.
- Transparency: If automated decisions made, we inform you
- Human Review: You can request human review of automated decisions
- Clarification: We explain reasoning behind automated decisions
2. How to Exercise Your Rights
2.1 Submitting Data Subject Requests
To exercise any of your rights, submit a request to:
Email: ezioauditore.as12.as@gmail.com
Subject Line: "DPDP Request: [Access/Correction/Deletion/Portability]"
Include in Request:
- Your registered email address
- Your username
- Type of request (Access/Correction/Deletion/etc.)
- Detailed description of your request
- Reason for request (if applicable)
- Your signature (email signature is sufficient)
2.2 Verification Process
We verify your identity before processing requests:
- Confirmation email sent to registered address
- You confirm identity by replying from registered email
- For high-risk requests, additional verification may be requested
- Typically completed within 48 hours
2.3 Processing Timeline
| Request Type |
Standard Timeline |
Maximum Allowed |
| Data Access |
7 days |
30 days |
| Data Correction |
3 days |
30 days |
| Data Deletion |
7 days |
30 days |
| Data Portability |
7 days |
30 days |
| Restriction Request |
5 days |
30 days |
2.4 Fees
All data subject rights requests are provided completely free of charge. We do not charge for:
- Processing requests
- Verifying identity
- Providing data copies
- Correcting or deleting data
- Multiple requests
3. Data Retention Policy
3.1 How Long We Keep Different Types of Data
| Data Type |
Retention Period |
Legal Basis |
| Account Profile Data |
Duration of active account + 90 days after deletion |
Contract performance; user convenience on re-registration |
| Rescue Reports |
7 years from report creation |
Legal compliance; audit trail; impact analysis |
| Photos/Media |
As long as associated report exists; 7 years max |
Rescue documentation; evidence preservation |
| Communication Records |
3 years from creation |
Legal compliance; dispute resolution |
| Login/Access Logs |
90 days |
Security; fraud prevention |
| Deleted Account Data |
90 days (then permanent deletion) |
GDPR compliance; data recovery options |
| CSAM-Related Records |
Indefinite (never deleted) |
Law enforcement cooperation; prevention |
| Error Logs & Diagnostics |
30 days |
System maintenance; bug fixing |
3.2 Legal Hold
If you're subject to legal proceedings or law enforcement request, your data may be retained longer than normal periods to comply with legal obligations.
3.3 Automatic Deletion
- Account deletion occurs 90 days after your deletion request is processed
- This 90-day period allows account recovery if you change your mind
- After 90 days, data is permanently and irreversibly deleted
- Automatic deletion is scheduled and confirmed via email
4. Account Deletion Process
4.1 How to Request Account Deletion
Method 1: In-App Deletion (Quickest)
- Log in to your Karuna Nidhan account
- Go to Settings → Account Management
- Click "Delete Account"
- Confirm you understand deletion is permanent
- Verify via email link sent to registered address
- Account deletion request is submitted
Method 2: Email Request
Send email to: ezioauditore.as12.as@gmail.com
Subject: "Account Deletion Request"
Include:
- Your registered email
- Your username
- Statement: "I request permanent deletion of my Karuna Nidhan account and all associated data"
4.2 Deletion Timeline
- Day 0: You submit deletion request
- Day 1: Verification email sent; you confirm from registered email
- Day 3: Your account is deactivated (you cannot log in)
- Day 3-90: Data retained; you can request recovery
- Day 90: Automatic permanent deletion executed
- Day 91+: Data permanently irrecoverable
4.3 What Gets Deleted
When your account is deleted, the following data is permanently removed:
- Account profile (name, email, phone, address)
- Password and authentication credentials
- Profile picture and personal photos
- All personal messages and communications
- All rescue reports you submitted (unless required by law)
- Preference settings and configurations
- Account history and activity logs
4.4 What Is NOT Deleted
The following data may be retained despite account deletion:
- Legal Evidence: If data is evidence in legal proceedings, it's retained
- Law Enforcement Holds: Data subject to police investigation
- Financial Records: Legally required accounting records (anonymized)
- CSAM Reports: Child exploitation records never deleted
- Aggregated/Anonymized Data: Statistical data with no identifying information
- Backup Archives: May be retained for disaster recovery (encrypted, separate storage)
4.5 Recovery During Grace Period
During the 90-day deletion grace period, you can recover your account:
- Email recovery request to: ezioauditore.as12.as@gmail.com
- Subject: "Account Recovery Request"
- We'll reactivate your account within 48 hours
- All data restored to pre-deletion state
- Only possible during 90-day grace period
5. Data Breach & Security Incidents
5.1 Breach Notification Requirement
If Karuna Nidhan experiences a data breach or security incident affecting your data, you will be notified:
- Timing: Without unreasonable delay, typically within 48 hours
- Method: Email to registered address; SMS to registered phone; in-app notification
- Content: Description of breach, data affected, actions taken, steps you should take
- Transparency: Honest assessment of risk and recommended actions
- Compliance: MEITY, NCMEC, and law enforcement notified as required
5.2 Your Actions After Breach
If your data is breached, we recommend:
- Change your Karuna Nidhan password immediately
- Change passwords on other accounts if same password used
- Monitor email and phone for suspicious activity
- Report to authorities if criminal activity suspected
- Contact us if you have questions
5.3 No Liability for Certain Breaches
Karuna Nidhan is not liable for breaches caused by:
- Your negligence in securing passwords/access
- Third-party breaches we are not responsible for
- Government surveillance or seizure
- Force majeure events beyond our control
6. International Data Transfers
6.1 Data Storage Location
Karuna Nidhan data is primarily stored in India or India-compliant regions:
- Primary Location: Indian servers operated by Karuna Nidhan or certified providers
- Backup Location: Secondary storage in certified Indian data centers
- No International Transfer: We do not intentionally transfer data outside India without your explicit consent
6.2 CDN and Infrastructure
Some data (photos via Cloudflare R2, API calls) may traverse international infrastructure:
- Encryption in Transit: All data encrypted during transmission using TLS 1.3
- No Storage Abroad: Data not stored long-term outside India
- Compliance: International providers comply with data protection standards
6.3 EU/GDPR Users
If you're in EU, additional GDPR protections apply:
- Right to lodge complaints with data protection authorities
- Additional transparency requirements
- Data localization preferences
- Contact: ezioauditore.as12.as@gmail.com
7. Data Processing for Different User Types
7.1 Individual Users (Reporters/Volunteers)
- Data Shared: Location, photos, report content with assigned NGOs/rescuers
- Contact Info: Email/phone NOT shared without your consent
- Retention: 7 years for rescue coordination records
7.2 NGO/Organizational Users
- Public Profile: Organization name, address, contact published
- Performance Data: Response rates, rescue statistics maintained
- Compliance Records: Registration verification data retained
- Deletion:: Cannot delete organization until formal de-registration
7.3 Government/Official Users
- Official Records: All government user activity logged
- Authority Access: Can access anonymized aggregate data
- Long Retention: Government records retained per legal requirements
8. Appeals & Disputes Regarding Data Handling
8.1 If We Deny Your Request
If we cannot fulfill your data request, we'll provide:
- Clear written explanation of why request cannot be fulfilled
- Legal basis for denial
- Timeline for reconsideration
- Appeal process details
8.2 Appeal Process
- Email appeal to: ezioauditore.as12.as@gmail.com
- Subject: "Appeal: Data Request Denial"
- Include: Original request, denial reason, why you disagree
- Senior review conducted within 15 days
- Appeal decision within 20 days total
8.3 Data Protection Authority Complaint
If dissatisfied after appeal, you can file complaint with:
- Data Protection Board: Established under DPDP Act 2023
- Ministry of Electronics & IT (MEITY): For statutory violations
- Local Police Cyber Crime Cell: For data abuse
9. Contact & Support
For All Data-Related Inquiries:
Data Protection Officer Email:
ezioauditore.as12.as@gmail.com
Subject Line Suggestions:
- "Data Access Request"
- "Data Correction Request"
- "Account Deletion Request"
- "Data Portability Request"
- "Data Breach Report"
- "DPDP Rights Exercise"
Response Time: Within 7 business days for inquiries; 30 days for formal requests
10. Policy Compliance & Updates
10.1 Regulatory Compliance
This policy ensures full compliance with:
- Digital Personal Data Protection Act (DPDP), 2023
- Information Technology Act, 2000
- Information Technology (Reasonable Security Practices) Rules, 2006
- General Data Protection Regulation (GDPR) - for EU users
- Data Protection Laws of India
10.2 Annual Review
This policy is reviewed annually and updated as needed. Material changes will be communicated to all users via email and in-app notification at least 30 days before taking effect.
10.3 Questions or Clarifications
If you have questions about this policy, contact us at ezioauditore.as12.as@gmail.com with subject "Data Policy Question".