IDFI Card — Privacy Policy

Effective Date: 18.05.2025

1. Introduction

IDFI Card ("Company", "we", "us", or "our") is committed to maintaining the highest levels of integrity and accountability in protecting the privacy and security of your personal information. This Privacy Policy sets forth our policies and practices regarding the collection, use, storage, disclosure, and protection of your data when you access or use our services, websites, mobile platforms, NFC card products, or any related services (collectively referred to as the "Services").

Jurisdiction: This policy is governed by and construed in accordance with the laws of the Republic of India, subject to local data protection regulations where applicable.

2. Definitions

"Personal Data" refers to any information that relates to an identified or identifiable individual.

"Processing" means any operation or set of operations performed on personal data, whether or not by automated means.

"Controller" refers to the entity that determines the purposes and means of processing personal data.

"User" refers to the individual using our services.

3. Information We Collect

3.1 Information Provided Voluntarily:

  • Full Name
  • Email Address
  • Phone Number
  • Company Name and Designation (optional)
  • Profile Photo
  • Business Details
  • Location & Address
  • Website and Social Media Links

3.2 Automatically Collected Information:

  • IP address
  • Device information
  • Browser type and version
  • Pages visited, time spent, and navigation patterns
  • Location information (if enabled)

3.3 NFC/Digital Card Interaction Data:

  • Card usage timestamps
  • Locations and devices interacting with your card
  • Connection metadata (Bluetooth/NFC/WiFi interactions)

4. Purpose of Collection

We process data strictly for the following lawful purposes:

  • To register and create digital business cards;
  • To personalize your experience;
  • To improve service delivery and customer support;
  • To send transactional and system notifications;
  • To prevent fraud and ensure security;
  • To comply with legal obligations and enforce terms of use.

5. Legal Basis for Processing

We process your data based on:

  • Your explicit consent (Article 6(1)(a) GDPR);
  • Contractual necessity (Article 6(1)(b));
  • Compliance with legal obligations (Article 6(1)(c));
  • Our legitimate interests (Article 6(1)(f)), which include product development, customer support, and anti-fraud measures.

6. Data Storage & Retention

We retain your data only as long as necessary:

  • User profile and contact information: retained until account is deleted or 5 years of inactivity, whichever is earlier.
  • Interaction logs: stored for a maximum of 12 months.
  • Transactional records: retained as per legal and taxation standards (usually 7 years).

All data is securely stored in encrypted servers (AES-256) hosted on 18.05.2025.

7. Data Sharing & Disclosure

We do not sell, rent, or trade personal data.

We may disclose information to:

  • Legal authorities: in response to subpoenas, court orders, or legal process.
  • Service providers: under strict confidentiality and only as necessary for functionality.
  • Business transfers: in case of merger, acquisition, or sale.

Third-party processors are required to uphold equivalent levels of privacy protection.

8. Data Subject Rights

Subject to applicable laws, you have the following rights:

  • Right to Access – Request a copy of your data.
  • Right to Rectification – Correct inaccurate information.
  • Right to Erasure (Right to be Forgotten).
  • Right to Restriction of Processing.
  • Right to Data Portability.
  • Right to Object to certain types of processing.
  • Right to Withdraw Consent at any time, without affecting the lawfulness of processing before withdrawal.

All requests must be sent to:

[email protected]

9. Security Practices

We implement advanced technical and organizational security measures, including:

  • HTTPS and SSL/TLS encryption
  • AES-256 database encryption
  • 2FA (Two-Factor Authentication)
  • Role-based access control (RBAC)
  • Regular penetration testing and vulnerability scanning

In the event of a breach, affected users will be notified within 72 hours as mandated under GDPR Article 33.

10. International Data Transfers

Where necessary, your personal data may be transferred to and processed in countries outside of your country of residence. In such cases, we use Standard Contractual Clauses and ensure adequate data protection measures.

11. Cookies & Tracking

We use essential cookies for performance and security. Optional cookies (for analytics or ads) are used only with user consent. You can modify cookie preferences at any time via the cookie banner.

12. Children’s Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect data from children. If such data is inadvertently collected, it will be promptly deleted.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. You will be notified via email or platform notification. Continued use of our services after updates implies acceptance.

14. Contact Details

For inquiries or complaints, please contact:

IDFI Card Privacy Office

[email protected]

Time: Mon–Fri, 11 AM – 4 PM IST