Privacy Policy

Overview:

At OneAssist, we maintain the highest levels of security standards. Digital Personal Data Protection & Privacy is crucial as it safeguards sensitive information from unauthorized access, misuse, or disclosure. It allows individuals to control how their Personal Data is collected, used, and shared, thereby protecting their privacy and maintaining control over their personal information. With our commitment to digital personal data privacy, individuals can be assured that our systems and the company comply with applicable data protection laws of India.

We collect Personal Data so that we can serve better services for the OneAssist Plans availed. We are fully committed to ensuring the privacy, confidentiality and integrity of any personal information. We protect this information by maintaining lawful physical, electronic, and procedural security means. Besides, we train our employees in the proper handling of personal information at all times.

The ways in which we will use Personal Data collected during the course of plan membership are contained in this Digital Personal Data Protection & Privacy Policy and Plan Terms & Conditions - we recommend you read these carefully; they are available online and will also be sent to you in your welcome communication.

Information Security Standards & Compliances:

OneAssist as an organization is audited and certified by Cert-In empanelled auditing organizations for ISO/IEC 27001 Information Security Management Systems (ISMS), and Payment Card Industry Data Security Standard (PCI-DSS).

(ISO/IEC 27001 Information Security Management System (ISMS): ISO/IEC 27001 ISMS is an international standard that provides a framework for establishing, implementing, maintaining, and continually improving an information security management system within an organization. It focuses on ensuring the confidentiality, integrity, and availability of information assets, including personal data.

PCI-DSS (Payment Card Industry Data Security Standard): PCI-DSS is a set of security standards designed to ensure that all companies that accept, process, store, or transmit credit card information maintain a secure environment. It aims to protect cardholder data from theft and misuse. Compliance with PCI-DSS is mandatory for any organization that handles credit or debit card payments.)

Applicable Statutory & Regulatory Compliances, and Business Partner’s Contractual Obligations:

OneAssist as an organization is audited or assessed by Cert-In empanelled auditing organizations as per the applicable statutory & regulatory compliances, and applicable information security compliance requirements.

Digital Personal Data Protection & Privacy Policy :

Digital Personal Data Protection & Privacy Policy forms part of the arrangement (“Plan Terms & Conditions”) between OneAssist and its Customer for products or services (“Services”) and in which this Digital Personal Data Protection & Privacy Policy is referenced.

Basic Terms:

“Applicable Law” means the applicable laws of India.

“Data Fiduciary” means any person who alone or in conjunction with other persons determines the purpose and means of processing of Personal Data.

“Data Principal” means the individual to whom the Personal Data relates and where such individual is -

(i) a child, includes the parents or lawful guardian of such a child;

(ii) a person with disability, includes his/her lawful guardian, acting on his/her behalf.

“Data Processor” means any person who processes Personal Data on behalf of a Data Fiduciary.

“Hardware Identifiers” means the Make and Model Number, Serial Number of a Device, the IMEI number, MAC address etc as applicable.

“Location Data” means Device’s Internet Protocol (IP) Address, GPS Latitude & Longitude coordinates etc as applicable.

“Personal Data” means any data about an individual who is identifiable by or in relation to such data as per Digital Personal Data Protection Act, 2023, India.

“Processing” in relation to Personal Data and/or Hardware Identifiers and/or Location data and/or Mobile Application Data, means a wholly or partly automated operation or set of operations performed on digital Personal Data and/or Hardware Identifiers and/or Location Data, and includes operations such as collection, recording, organisation, structuring, storage, adaptation, retrieval, use, alignment or combination, indexing, sharing, disclosure by transmission, dissemination or otherwise making available, restriction, erasure or destruction.

Scope of Processing Personal Data:

This Digital Personal Data Protection & Privacy Policy applies to the processing of Personal Data of Customers (the Data Principal) by OneAssist (as a Data Fiduciary). Processing of Personal Data will be governed by this Digital Personal Data Protection & Privacy Policy, in particular, OneAssist will process the Personal Data only on consent given by the Data Principal with a clear affirmative action.

The subject matter of the processing is the Personal Data provided in respect of the Services under the Plan Terms & Conditions. The duration of the processing is the duration of the provision of the Services under the Plan Terms & Conditions until disposal of the Personal Data in accordance with the applicable laws. The nature and purpose of the processing is in connection with the provision of the Services. The types of Personal Data processed are those submitted to OneAssist by or at the direction of the Customer as part of the Services.

The Plan Terms & Conditions, including this Digital Personal Data Protection & Privacy Policy, along with Customer use and configuration of the Services, are the complete and final documented instructions to OneAssist for the processing of the Personal Data. Additional or alternate instructions must be agreed upon separately by the parties.

Sharing of Personal Data with Third Parties:

OneAssist does not publish, sell, lease or share data to any third parties, except for performance of its service obligations or as may be required by law, or pursuant to the order of a court or regulatory authority, or in order for OneAssist to enforce its rights, or as expressly stated by this Digital Personal Data Protection & Privacy Policy.

Sub-Processing:

Customer hereby provides OneAssist with general authorisation to engage other Processors for the processing of Personal Data in accordance with this Digital Personal Data Protection & Privacy Policy. OneAssist will maintain a list of such Processors. In general, this Processors are:

Sr No. Processor Description of Data Purpose
1. Cloud Hosting Service Providers Personal Data, Hardware Identifiers, Location Data as applicable OneAssist’s Website, Applications, Databases
2. Insurance Companies Personal Data, Hardware Identifiers, as applicable To cover the risk under various plans of OneAssist
3. Service Centres Personal Data, Hardware Identifiers, as applicable To provide repair and replacement services
4. Logistic Partners Personal Data, Hardware Identifiers, as applicable To provide pick and drop services of the products
5. Call Centers / Contact Centers Personal Data, Hardware Identifiers, as applicable To provide customer services
6. Communication Service Providers (eg.emails, sms, push notifications on mobile applications etc) Personal Data as applicable To provide transactional, informational and promotional messages about the products and services
7. Statistical & Analytics Service Provider Personal Data as applicable To analyze customer behavior, preferences, and purchasing trends, for valuable perspectives and insights into customer requirements and anticipations. And to customize the products, services, and marketing approaches to adeptly address customer demands.

Where OneAssist engages another Processor for carrying out specific processing activities, the data protection obligations will be imposed on that other Processor.

Rights of the Data Principal:

OneAssist enables its customers to comply with their requests to exercise the Rights of the Data Principal as given below:

i. The Data Principal shall have the right to obtain from the Data Fiduciary upon making to it a request-

ii. A Data Principal shall have the right to correction, completion, updating and erasure of Personal Data for the processing.

iii. Data Principal shall have the right to have readily available means of grievance redressal in respect of any act or omission regarding the performance of obligations in relation to the Personal Data.

iv. A Data Principal shall have the right to nominate any other individual, who shall, in the event of death or incapacity of the Data Principal, exercise the rights of the Data Principal.

v. Data Principal shall have the right to withdraw the consent given for processing of personal data. The consequences of the withdrawal shall be borne by the Data Principal, and such withdrawal shall not affect the legality of processing of the Personal Data based on consent before its withdrawal.

OneAssist will, to the extent legally permitted, promptly assist Customer of any requests received by OneAssist and reasonably cooperate with Customer to fulfil its obligations under the Data Protection Laws in relation to such requests. Customer will be responsible for any reasonable costs arising from OneAssist providing assistance to Customer to fulfil such obligations.

Customer or Data Principal can raise requests or any queries related to their personal data on email id happytoassist@oneassist.in

Duties of Data Principal:

A Data Principal shall perform the following duties, namely:

i.comply with the provisions of all applicable laws for the time being in force while exercising his/ her rights;

ii. to ensure not to impersonate another person while providing Personal Data for a specified purpose;

iii.to ensure not to suppress any material information while providing Personal Data for any document, unique identifier, proof of identity or proof of address issued by the government or any of its instrumentalities;

iv.to ensure not to register a false or frivolous grievance or complaint with a Data Fiduciary or the government authorities; and

v.to furnish only such information as is verifiably authentic, while exercising the right to correction or erasure.

Confidentiality:

OneAssist will endeavour to ensure that persons authorised to process the Personal Data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.

Security of Processing:

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Customer and OneAssist will implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk including inter alia as appropriate:

i.the masking and encryption of Personal Data;

ii.the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;

iii.the ability to restore the availability and access to Personal Data in a timely manner in the event of a physical or technical incident

In assessing the appropriate level of security, account will be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to Personal Data transmitted, stored or otherwise processed.

Customer and OneAssist will take steps to ensure that any natural person acting under the authority of Customer or OneAssist who has access to Personal Data does not process data except on instructions from Customer unless he or she is required to do so by applicable law.

Notwithstanding any provision to the contrary, OneAssist may modify or update its security measures at its discretion provided that such modification or update does not result in a material degradation in the protection offered.

Termination of Service:

Upon the expiration membership or termination of Customer’s use of the Services, unless any business partner’s contractual obligations / agreements or applicable law requires storage of the Personal Data.

Personal Data Purging:

OneAssist will irrevocably scramble or purge the Personal Data in accordance with the Personal Data Protection Act, 2023, India or its contractual obligations.

Cross Border Transfer:

OneAssist will ensure that, to the extent that any Personal Data is transferred by OneAssist to another country (outside India) such transfer will be subject to appropriate safeguards that provide an adequate level of protection in accordance with the applicable laws.

Personal Data Breach:

OneAssist will notify Customer without undue delay after becoming aware of a Personal Data breach involving Personal Data processed under this Digital Personal Data Protection & Privacy Policy and will reasonably respond to Customer’s request for further information.

OneAssist Website & Mobile Applications:
OneAssist has developed website and mobile applications, targeted at Indian consumers, and specifically the customers of OneAssist. The website and mobile applications can be used to activate a subscription plan, renew the subscription, interact with OneAssist chat support and contact center and avail various other value-added services extended to the customers of OneAssist. Main objective of OneAssist’s website and mobile applications is to deliver a delightful experience to its users.

Updates to this Digital Personal Data Protection & Privacy Policy:

The Organization reserves the right to modify this Digital Personal Data Protection & Privacy Policy periodically. All changes will be published on this page, and in the event of significant changes, we will ensure to give prominent notification (e.g., by adding a statement to the website's landing page, displaying notice via the login screen, or by sending an email). Below, you can find the date of the most recent version of this Digital Personal Data Protection & Privacy Policy.

This Policy Last Updated Date:

24 July 2024

V: 1053
×
Popup background

Browser not supported. Please use Microsoft Edge or Google Chrome to access this website.