This Data Protection and Data Privacy Policy (“Policy”) outlines the principles and procedures that Virtual Team FinServ Pvt. Ltd. (“Company”) adheres to protect and handle personal data responsibly, in compliance with the Data Protection and Data Privacy Act, 2025 (DPDP Act, 2025). The Policy ensures alignment with the provisions of the DPDP Act, fostering trust and transparency with customers, employees, and stakeholders.
This Policy applies to all personal data processed by the Company, including data of customers, employees, business partners, and third parties, whether stored electronically or in physical form. It governs data collection, usage, storage, disclosure, and disposal in accordance with the DPDP Act, 2025.
VirtualTeam FinServ Pvt. Ltd. adheres to the following principles as outlined in the DPDP Act, 2025:
Lawfulness, Fairness, and Transparency: Data is processed lawfully, fairly, and transparently.
Purpose Limitation: Data is collected for specified, explicit, and legitimate purposes only.
Data Minimization: Only data necessary for the intended purpose is collected.
Accuracy: Personal data is kept accurate and up to date.
Storage Limitation: Data is retained only as long as necessary for the specified purpose.
Integrity and Confidentiality: Data is processed securely to prevent unauthorized access, loss, or damage.
Accountability: The Company is accountable for compliance with the DPDP Act, 2025.
The Company collects personal data through lawful and transparent means, including but not limited to:
Direct interactions (e.g., account registration, service requests)
Automated technologies (e.g., website usage data, cookies)
Third-party sources, where applicable and legally permissible
Types of data collected may include:
Identification data (e.g., name, contact details)
Financial data (e.g., account information)
Transaction data (e.g., service usage records)
Technical data (e.g., IP address, browser type)
Consent is obtained prior to data collection where required by the DPDP Act, 2025.
Personal data is processed for legitimate business purposes, including:
Delivering and managing services
Communicating with stakeholders
Complying with legal obligations
Improving products and services
The Company does not sell or share personal data for unauthorized marketing purposes. Processing of sensitive personal data is conducted only with explicit consent or as required by law, as mandated by the DPDP Act, 2025.
Personal data may be shared with:
Authorized employees and contracts Regulatory authorities, where legally required
Trusted third-party service providers, under strict confidentiality agreements
The Company ensures that data shared with third parties is adequately protected and used only for specified purposes, in compliance with the DPDP Act, 2025.
Personal data may be shared with:
Authorized employees and contractors
Regulatory authorities, where legally required
Trusted third-party service providers, under strict confidentiality agreements
The Company ensures that data shared with third parties is adequately protected and used only for specified purposes, in compliance with the DPDP Act, 2025.
The Company implements robust security measures to protect personal data, including:
Encryption of sensitive data
Access controls and authentication mechanisms
Regular security audits and vulnerability assessments
Employees are trained in data protection practices to ensure compliance with the DPDP Act, 2025.
Personal data is retained only for as long as necessary to fulfill the purposes outlined in this Policy or as required by law. Secure disposal mechanisms are employed for data no longer required, in alignment with the DPDP Act, 2025.
In accordance with the DPDP Act, 2025, individuals have the following rights regarding their personal data:
Right to access and obtain a copy of their data
Right to rectification of inaccurate data
Right to erasure (“Right to be Forgotten”)
Right to data portability
Right to restrict or object to processing
Right to withdraw consent at any time
Right to lodge a complaint with a regulatory authority
Requests to exercise these rights can be submitted via email to info@vtfinserv.com.
In compliance with the DPDP Act, 2025, in the event of a data breach, the Company will:
Notify affected individuals promptly, where required
Report on the incident to the appropriate regulatory authorities
Take immediate corrective measures to mitigate risks
This Policy may be updated periodically to reflect changes in legal requirements or business practices, in accordance with the DPDP Act, 2025.
For questions or concerns regarding this Policy or data privacy practices, please contact:
Data Protection Officer (DPO)
Virtual Team FinServ Pvt. Ltd.
Email: Anoop@vtfinserv.com
Phone: 011 40050087