top of page
  • Instagram
  • Facebook
  • Twitter
  • LinkedIn
  • YouTube

​Data Security and Governance

At billpark, we are committed to maintaining the security, integrity, and confidentiality of the data we collect and process. This Data Security and Governance Policy outlines the protocols and procedures we follow to ensure that all data is handled securely and responsibly.

Scope of the Policy

This policy applies to all employees, contractors, partners, and users who interact with the data collected by [Your Company Name]. It covers all personal, transactional, and activity data gathered through our mobile app, partner systems, or any other associated platforms.

Data Collection and Classification

  • Personal Information: Includes but is not limited to user names, email addresses, mobile numbers, location data, and transaction details.F

  • Financial Data: Refers to payment methods, transaction history, and payment status (successful/failed).

  • User Activity: Includes IP addresses, browsing behavior, and location data for service optimization.

All data is classified based on its sensitivity and criticality. Sensitive data such as financial information and personally identifiable information (PII) are subject to stricter security controls.

Data Encryption and Storage

All data collected is encrypted at rest and in transit using industry-standard encryption technologies. We use secure, encrypted storage systems to protect against unauthorized access, modification, or deletion of data.

  • Data at Rest: Stored securely in encrypted databases and secure servers.

  • Data in Transit: Encrypted using SSL/TLS to ensure secure transmission of data between our app, servers, and any external systems.

Access Control

Access to data is strictly limited based on role and necessity:

  • Employee and Contractor Access: Only authorized personnel with specific roles can access sensitive data. All employees and contractors are required to follow stringent authentication processes.

  • Partner Access: Third-party partners, such as retailers and CRMs, have limited access to data, strictly controlled through secure APIs and governed by contractual obligations.

Data Retention and Disposal

We retain data based on its purpose and in compliance with applicable regulations. The retention period for most data is less than 5 years, but some data may be stored for up to 15 years to comply with legal or business requirements.

  • Data Disposal: When data is no longer needed, it is securely deleted or anonymized to prevent unauthorized recovery.

Security Incident Management

We have robust processes in place to detect, respond to, and mitigate security incidents. In the event of a data breach or security incident:

  • Incident Response Team: An internal team is activated to contain and assess the impact of the breach.

  • Notification: Affected users will be informed within a reasonable timeframe if their data is compromised.

  • Mitigation: Immediate actions are taken to mitigate the breach and prevent future occurrences.

Compliance and Audits

We comply with all relevant data protection laws, including but not limited to Indian data privacy laws and applicable international standards. Regular audits are conducted to ensure that data security protocols are being followed.

Data Governance

Our data governance framework ensures that data is managed consistently and securely throughout its lifecycle. This includes:

  • Data Ownership: Clear assignment of data ownership responsibilities.

  • Data Accuracy: Regular data quality checks to ensure accuracy and relevance.

  • Data Protection Officer: We designate a Data Protection Officer (DPO) responsible for overseeing data security and governance compliance.

User Rights and Transparency

We empower our users by ensuring transparency around how their data is used and their rights to manage it:

  • Access and Correction: Users can request access to their data and correct any inaccuracies.

  • Deletion and Archiving: Users can request their data be deleted or archived through our app.

  • Opt-Out: Users can opt out of non-essential data collection (e.g., marketing communications, cookies) through app settings.

Third-Party Relationships

If and when we integrate third-party services (e.g., payment gateways, CRMs), we ensure that these providers comply with equivalent data security and governance standards. All third-party relationships are governed by data-sharing agreements and regular reviews.

Training and Awareness

All employees, contractors, and partners undergo regular training on data security protocols. We ensure that everyone handling data understands the importance of security and the specific measures in place to safeguard it.

Policy Updates

This Data Security and Governance Policy will be periodically reviewed and updated to reflect changes in regulatory requirements, technologies, or business practices. Users will be notified through our app whenever substantial changes are made to this policy.

Learn More

Blog
Privacy Policy

Contact Us

1_edited.jpg

By continuing past this page, you agree to our Terms of Service, Cookie Policy, Privacy Policy and Content Policies. All trademarks are properties of their respective owners.

2024 © billpark™ Ltd. All rights reserved.

Terms & Conditions
Security
bottom of page