VTF

DATA PROTECTION AND DATA PRIVACY POLICY (DPDP)
Issued by VirtualTeam FinServ Pvt. Ltd.
1. Purpose

This Data Protection and Data Privacy Policy (“Policy”) outlines the principles and procedures that Virtual Team FinServ Pvt. Ltd. (“Company”) adheres to protect and handle personal data responsibly, in compliance with the Data Protection and Data Privacy Act, 2025 (DPDP Act, 2025). The Policy ensures alignment with the provisions of the DPDP Act, fostering trust and transparency with customers, employees, and stakeholders.

2. Scope

This Policy applies to all personal data processed by the Company, including data of customers, employees, business partners, and third parties, whether stored electronically or in physical form. It governs data collection, usage, storage, disclosure, and disposal in accordance with the DPDP Act, 2025.

3. Principles

VirtualTeam FinServ Pvt. Ltd. adheres to the following principles as outlined in the DPDP Act, 2025:
 Lawfulness, Fairness, and Transparency: Data is processed lawfully, fairly, and transparently.
 Purpose Limitation: Data is collected for specified, explicit, and legitimate purposes only.
 Data Minimization: Only data necessary for the intended purpose is collected.
 Accuracy: Personal data is kept accurate and up to date.
 Storage Limitation: Data is retained only as long as necessary for the specified purpose.
 Integrity and Confidentiality: Data is processed securely to prevent unauthorized access, loss, or damage.
 Accountability: The Company is accountable for compliance with the DPDP Act, 2025.

4. Data Collection

The Company collects personal data through lawful and transparent means, including but not limited to:
  Direct interactions (e.g., account registration, service requests)
  Automated technologies (e.g., website usage data, cookies)
  Third-party sources, where applicable and legally permissible
Types of data collected may include:
  Identification data (e.g., name, contact details)
  Financial data (e.g., account information)
  Transaction data (e.g., service usage records)
  Technical data (e.g., IP address, browser type)

Consent is obtained prior to data collection where required by the DPDP Act, 2025.

5. Data Usage

Personal data is processed for legitimate business purposes, including:
 Delivering and managing services
 Communicating with stakeholders
 Complying with legal obligations
 Improving products and services

The Company does not sell or share personal data for unauthorized marketing purposes. Processing of sensitive personal data is conducted only with explicit consent or as required by law, as mandated by the DPDP Act, 2025.

6. Data Sharing and Disclosure

Personal data may be shared with:
  Authorized employees and contracts Regulatory authorities, where legally required
  Trusted third-party service providers, under strict confidentiality agreements
The Company ensures that data shared with third parties is adequately protected and used only for specified purposes, in compliance with the DPDP Act, 2025.

6. Data Sharing and Disclosure

Personal data may be shared with:

  Authorized employees and contractors

  Regulatory authorities, where legally required

  Trusted third-party service providers, under strict confidentiality agreements

The Company ensures that data shared with third parties is adequately protected and used only for specified purposes, in compliance with the DPDP Act, 2025.

7. Data Security

The Company implements robust security measures to protect personal data, including:
  Encryption of sensitive data
  Access controls and authentication mechanisms
  Regular security audits and vulnerability assessments
Employees are trained in data protection practices to ensure compliance with the DPDP Act, 2025.

8. Data Retention

Personal data is retained only for as long as necessary to fulfill the purposes outlined in this Policy or as required by law. Secure disposal mechanisms are employed for data no longer required, in alignment with the DPDP Act, 2025.

9. Data Subject Rights

In accordance with the DPDP Act, 2025, individuals have the following rights regarding their personal data:
  Right to access and obtain a copy of their data
  Right to rectification of inaccurate data
  Right to erasure (“Right to be Forgotten”)
  Right to data portability
  Right to restrict or object to processing
  Right to withdraw consent at any time
  Right to lodge a complaint with a regulatory authority
Requests to exercise these rights can be submitted via email to info@vtfinserv.com.

10. Breach Notification

In compliance with the DPDP Act, 2025, in the event of a data breach, the Company will:
  Notify affected individuals promptly, where required
  Report on the incident to the appropriate regulatory authorities
  Take immediate corrective measures to mitigate risks

11. Updates to the Policy

This Policy may be updated periodically to reflect changes in legal requirements or business practices, in accordance with the DPDP Act, 2025.

12. Contact Information

For questions or concerns regarding this Policy or data privacy practices, please contact:

  Data Protection Officer (DPO)
  Virtual Team FinServ Pvt. Ltd.
  Email: Anoop@vtfinserv.com
  Phone: 011 40050087

Published by Virtual Team FinServ Pvt. Ltd.
Effective Date: January 16, 2025
© 2025 Virtual Team FinServ Pvt. Ltd. All Rights Reserved.

Our Partners & Clients