Overview:
At OneAssist, we maintain the highest levels of security standards. Digital Personal Data Protection & Privacy is crucial as it safeguards sensitive information from unauthorized access, misuse, or disclosure. It allows individuals to control how their Personal Data is collected, used, and shared, thereby protecting their privacy and maintaining control over their personal information. With our commitment to digital personal data privacy, individuals can be assured that our systems and the company comply with applicable data protection laws of India.
We collect Personal Data so that we can serve better services for the OneAssist Plans availed. We are fully committed to ensuring the privacy, confidentiality and integrity of any personal information. We protect this information by maintaining lawful physical, electronic, and procedural security means. Besides, we train our employees in the proper handling of personal information at all times.
The ways in which we will use Personal Data collected during the course of plan membership are contained in this Digital Personal Data Protection & Privacy Policy and Plan Terms & Conditions - we recommend you read these carefully; they are available online and will also be sent to you in your welcome communication.
Information Security Standards & Compliances:
OneAssist as an organization is audited and certified by Cert-In empanelled auditing organizations for ISO/IEC 27001 Information Security Management Systems (ISMS), and Payment Card Industry Data Security Standard (PCI-DSS).
(ISO/IEC 27001 Information Security Management System (ISMS): ISO/IEC 27001 ISMS is an international standard that provides a framework for establishing, implementing, maintaining, and continually improving an information security management system within an organization. It focuses on ensuring the confidentiality, integrity, and availability of information assets, including personal data.
PCI-DSS (Payment Card Industry Data Security Standard): PCI-DSS is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment. It aims to protect cardholder data from theft and misuse. Compliance with PCI-DSS is mandatory for any organization that handles credit or debit card payments.)
Applicable Statutory & Regulatory Compliances, and Business Partner’s Contractual Obligations:
OneAssist as an organization is audited or assessed by Cert-In empanelled auditing organizations as per the applicable statutory & regulatory compliances, and applicable information security compliance requirements.
Digital Personal Data Protection & Privacy Policy :
Digital Personal Data Protection & Privacy Policy forms part of the arrangement (“Plan Terms & Conditions”) between OneAssist and its Customer for products or services (“Services”) and in which this Digital Personal Data Protection & Privacy Policy is referenced.
Basic Terms:
“Applicable Law” means the applicable laws of India.
“Data Fiduciary” means any person who alone or in conjunction with other persons determines the purpose and means of processing of Personal Data.
“Data Principal” means the individual to whom the Personal Data relates and where such individual is -
(i) a child, includes the parents or lawful guardian of such a child;
(ii) a person with disability, includes his/her lawful guardian, acting on his/her behalf.
“Data Processor” means any person who processes Personal Data on behalf of a Data Fiduciary.
“Hardware Identifiers” means the Make and Model Number, Serial Number of a Device, the IMEI number, MAC address etc as applicable.
“Location Data” means Device’s Internet Protocol (IP) Address, GPS Latitude & Longitude coordinates etc as applicable.
“Personal Data” means any data about an individual who is identifiable by or in relation to such data as per Digital Personal Data Protection Act, 2023, India.
“Processing” in relation to Personal Data and/or Hardware Identifiers and/or Location data and/or Mobile Application Data, means a wholly or partly automated operation or set of operations performed on digital Personal Data and/or Hardware Identifiers and/or Location Data, and includes operations such as collection, recording, organisation, structuring, storage, adaptation, retrieval, use, alignment or combination, indexing, sharing, disclosure by transmission, dissemination or otherwise making available, restriction, erasure or destruction.
Scope of Processing Personal Data:
This Digital Personal Data Protection & Privacy Policy applies to the processing of Personal Data of Customers (the Data Principal) by OneAssist (as a Data Fiduciary). Processing of Personal Data will be governed by this Digital Personal Data Protection & Privacy Policy, in particular, OneAssist will process the Personal Data only on consent given by the Data Principal with a clear affirmative action.
The subject matter of the processing is the Personal Data provided in respect of the Services under the Plan Terms & Conditions. The duration of the processing is the duration of the provision of the Services under the Plan Terms & Conditions until disposal of the Personal Data in accordance with the applicable laws. The nature and purpose of the processing is in connection with the provision of the Services. The types of Personal Data processed are those submitted to OneAssist by or at the direction of the Customer as part of the Services.
The Plan Terms & Conditions, including this Digital Personal Data Protection & Privacy Policy, along with Customer use and configuration of the Services, are the complete and final documented instructions to OneAssist for the processing of the Personal Data. Additional or alternate instructions must be agreed upon separately by the parties.
Sharing of Personal Data with Third Parties:
OneAssist does not publish, sell, lease or share data to any third parties, except for performance of its service obligations or as may be required by law, or pursuant to the order of a court or regulatory authority, or in order for OneAssist to enforce its rights, or as expressly stated by this Digital Personal Data Protection & Privacy Policy.
Sub-Processing:
Customer hereby provides OneAssist with general authorisation to engage other Processors for the processing of Personal Data in accordance with this Digital Personal Data Protection & Privacy Policy. OneAssist will maintain a list of such Processors. In general, this Processors are:
| Sr No. |
Processor |
Description of Data |
Purpose |
| 1. |
Cloud Hosting Service Providers
|
Personal Data, Hardware Identifiers, Location Data as applicable
|
OneAssist’s Website, Applications, Databases
|
| 2. |
Insurance Companies
|
Personal Data, Hardware Identifiers, as applicable
|
To cover the risk under various plans of OneAssist
|
| 3. |
Service Centres
|
Personal Data, Hardware Identifiers, as applicable
|
To provide repair and replacement services
|
| 4. |
Logistic Partners
|
Personal Data, Hardware Identifiers, as applicable
|
To provide pick and drop services of the products
|
| 5. |
Call Centers / Contact Centers
|
Personal Data, Hardware Identifiers, as applicable
|
To provide customer services
|
| 6. |
Communication Service Providers (eg.emails, sms, push notifications on mobile applications etc)
|
Personal Data as applicable
|
To provide transactional, informational and promotional messages about the products and services
|
| 7. |
Statistical & Analytics Service Provider
|
Personal Data as applicable
|
To analyze customer behavior, preferences, and purchasing trends, for valuable perspectives and insights into customer requirements and anticipations. And to customize the products, services, and marketing approaches to adeptly address customer demands.
|
Where OneAssist engages another Processor for carrying out specific processing activities, the data protection obligations will be imposed on that other Processor.
Rights of the Data Principal:
OneAssist enables its customers to comply with their requests to exercise the Rights of the Data Principal as given below:
i. The Data Principal shall have the right to obtain from the Data Fiduciary upon making to it a request-
- - a summary of Personal Data which is being processed and the processing activities undertaken with respect to Personal Data
- - identities of all other Data Fiduciaries and Data Processors with whom the Personal Data has been shared, along with a description of the Personal Data so shared.
ii. A Data Principal shall have the right to correction, completion, updating and erasure of Personal Data for the processing.
iii. Data Principal shall have the right to have readily available means of grievance redressal in respect of any act or omission regarding the performance of obligations in relation to the Personal Data.
iv. A Data Principal shall have the right to nominate any other individual, who shall, in the event of death or incapacity of the Data Principal, exercise the rights of the Data Principal.
v. Data Principal shall have the right to withdraw the consent given for processing of personal data. The consequences of the withdrawal shall be borne by the Data Principal, and such withdrawal shall not affect the legality of processing of the Personal Data based on consent before its withdrawal.
OneAssist will, to the extent legally permitted, promptly assist Customer of any requests received by OneAssist and reasonably cooperate with Customer to fulfil its obligations under the Data Protection Laws in relation to such requests. Customer will be responsible for any reasonable costs arising from OneAssist providing assistance to Customer to fulfil such obligations.
Customer or Data Principal can raise requests or any queries related to their personal data on email id happytoassist@oneassist.in
Duties of Data Principal:
A Data Principal shall perform the following duties, namely:
i.comply with the provisions of all applicable laws for the time being in force while exercising his/ her rights;
ii. to ensure not to impersonate another person while providing Personal Data for a specified purpose;
iii.to ensure not to suppress any material information while providing Personal Data for any document, unique identifier, proof of identity or proof of address issued by the government or any of its instrumentalities;
iv.to ensure not to register a false or frivolous grievance or complaint with a Data Fiduciary or the government authorities; and
v.to furnish only such information as is verifiably authentic, while exercising the right to correction or erasure.
Confidentiality:
OneAssist will endeavour to ensure that persons authorised to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
Security of Processing:
Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Customer and OneAssist will implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk including inter alia as appropriate:
i.the masking and encryption of Personal Data;
ii.the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
iii.the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident
In assessing the appropriate level of security, account will be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed.
Customer and OneAssist will take steps to ensure that any natural person acting under the authority of Customer or OneAssist who has access to Personal Data does not process data except on instructions from Customer unless he or she is required to do so by applicable law.
Notwithstanding any provision to the contrary, OneAssist may modify or update its security measures at its discretion provided that such modification or update does not result in a material degradation in the protection offered.
Termination of Service:
Upon the expiration membership or termination of Customer’s use of the Services, unless any business partner’s contractual obligations / agreements or applicable law requires storage of the Personal Data.
Personal Data Purging:
OneAssist will irrevocably scramble or purge the Personal Data in accordance with the Personal Data Protection Act, 2023, India or its contractual obligations.
Cross Border Transfer:
OneAssist will ensure that, to the extent that any Personal Data is transferred by OneAssist to another country (outside India) such transfer will be subject to appropriate safeguards that provide an adequate level of protection in accordance with the applicable laws.
Personal Data Breach:
OneAssist will notify Customer without undue delay after becoming aware of a Personal Data breach involving Personal Data processed under this Digital Personal Data Protection & Privacy Policy and will reasonably respond to Customer’s request for further information.
OneAssist Website & Mobile Applications:
OneAssist has developed website and mobile applications, targeted at Indian consumers, and specifically the customers of OneAssist. The website and mobile applications can be used to activate a subscription plan, renew the subscription, interact with OneAssist chat support and contact center and avail various other value-added services extended to the customers of OneAssist. Main objective of OneAssist’s website and mobile applications is to deliver a delightful experience to its users.
- OneAssist’s Website:
- Securing your personal information
We collect your personal information so that we can serve you better. We are fully committed to ensuring the privacy, confidentiality and integrity of any personal information we seek from you. We protect this information by maintaining lawful physical, electronic, and procedural security means. Besides, we train our employees in the proper handling of your personal information at all times.
If you apply for a membership online, we'll collect personal information about you as you enter it on our website. We may retain such information whenever you provide us at any point on our website. We may use these details to contact you to assist with our services in future.
The ways in which we will use your data collected during the course of your membership are contained within the General and Product Terms & Conditions - we recommend you read these carefully; they are available online and will also be sent to you in your Welcome Kit.
In addition to the above, we will collect information such as the IP address from which visitors login to their account. Besides, details about failed logon attempts for the purpose of possible investigation into misuse or abuse of the website may also be collected.
- Security Precautions on our website: Your access to OneAssist's secure website is based on your login ID and password / otp. Logins to your account are audited in our systems and we maintain adequate checks and balances to ensure that only you have access to your account.
- Collection of certain demographic data: We request you for certain demographic data such as your email id, mobile number, address to serve you better. We use these data to assure you of speedy and reliable services during the currency of your membership. We will use your address to send our Welcome Letter to you and communicate with you from time to time regarding your membership. We record your WAN IP address to administer our website and improve our security continuously.
- Web analytics software: We use web analytics software to show which pages on this website are visited most frequently and how long visitors spend on this website.
- OneAssist’s Mobile Applications:
- The information we collect will be retained by the Company and be used as described in this Digital Personal Data Protection & Privacy Policy. By installing OneAssist app, users agree to receive marketing communication such as emails, SMS & push notifications. The communication will include, but shall not be limited to exclusive promotions, product updates & research programs, and users can be contacted through any marketing channels, including calls. We do not share the data with any third party. Users can opt out anytime by clicking unsubscribe option.
- In order to personalize and improvise user experience, the mobile app collects “Personal Information” such as:
Phone number: the phone number of the user is used to uniquely identify a OneAssist customer.
IMEI: IMEI acts as the primary identifier of the hardware to be protected under this Digital Personal Data Protection & Privacy Policy. It is required for OneAssist to be able to serve the customer. The app may auto read the IMEI number in certain use cases to avoid data entry mistake by users and improve their experience.
Location: to provide certain value add services such as help capture customer address fast where technician can go & visit, for checking service eligibility of customers on certain locations
Phone components: Camera, Bluetooth, sensors, storage, speaker and mic, battery, flash, GPS, Wi Fi, memory. These components are tested for proper functioning and alerting the user in case of malfunction. Moreover, such tests are performed only after explicit action from users.
Technical Information: Mac addresses, IP address and information on wi-fi networks to offer personalized protection plans for your gadgets.
Contact List: “Contact List is required to make it easier for the user to pick a contact from your phone and facilitate the Fraud Detection Flow using a secondary device”
Android advertising ID: As per the terms of Google Play Services version 4.0, the Company shall use the Android advertising ID when available on a device, only for advertising and user analytics purposes. The Company shall not connect the advertising ID to any personally-identifiable information without the explicit consent of Clients. The Company shall abide by reset and “Opt out of Interest-based Advertising” settings of Clients.
- Statistical Data from the Services:
For statistical and analytical purposes, we use the aggregated or anonymized personal information, the data is not shared with third parties unless explicitly approved by the app user.
- Cookies policy:
We use "Cookies" on certain pages of our website to help analyse our web page flow, measure promotional effectiveness, and ensure a safe experience. "Cookies" are small files placed on your browser that assist us in providing our services. By using cookies, our website can acknowledge the details you have permitted for us to know, helping us figure out which sections of the website are most suitable for your interests. Cookies do not contain any of your personal information. Whether you want your web browser to accept cookies or not is up to you. If you haven't adjusted your computer settings, it's likely your browser already accepts cookies. If you decide not to accept cookies, you may be unable to access certain parts of our website. You can also delete or turn off your browser cookies, but keep in mind, it could affect your experience on our website, making some parts not work properly. Hence we suggest you leaving them on for the best experience.
- Inquiries & Complaints for OneAssist’s Mobile Applications:
For any inquiries and complaints related to Mobile Applications, please write to happytoassist@oneassist.in
Updates to this Digital Personal Data Protection & Privacy Policy:
The Organization reserves the right to modify this Digital Personal Data Protection & Privacy Policy periodically. All changes will be published on this page, and in the event of significant changes, we will ensure to give prominent notification (e.g., by adding a statement to the website's landing page, displaying notice via the login screen, or by sending an email). Below, you can find the date of the most recent version of this Digital Personal Data Protection & Privacy Policy.
This Policy Last Updated Date:
24 July 2024
You might not receive OTP on SMS
today. In case you have a registered email id with us, you will receive the OTP in your inbox. Else,
please try after sometime.
New design for a better experience.
Protect your Gadgets, Finances & Appliances. Easily.
Introducing Rewards for new users.
Credit Card Bill Payments with Monthly Reminders.
