Data Protection Policy (Under India's Digital Personal Data Protection Act (DPDP Act) of 2023)
1. Introduction
At NSEPF ASSESSMENTS PVT LTD (NSEPF APL), we are committed to safeguarding the privacy and security of personal data entrusted to us. This Data Protection Policy outlines how we collect, process, store, and protect personal data in accordance with the Digital Personal Data Protection (DPDP) Act, 2023 of India.
2. Scope
This policy applies to all individuals whose personal data is processed by NSEPF APL, including:
- Job candidates undergoing background verification
- Employees and representatives of our corporate clients
- Internal employees and stakeholders
- Third-party vendors and partnersPhysical Inspection
3. Principles of Data Processing
We adhere to the following principles as per the DPDP Act,2023:
- Lawful Processing – We collect and process personal data only with explicit consent or for legitimate purposes outlined under the law.
- Purpose Limitation – Data is processed solely for background verification and related compliance purposes.
- Data Minimization – Only necessary data required for verification is collected and retained.
- Accuracy – We ensure that the data collected is accurate and up to date.
- Storage Limitation – Personal data is retained only for as long as necessary and deleted after the required period.
- Security & Confidentiality – We implement industry-standard security measures to prevent unauthorized access, disclosure, or loss of data.
4. Types of Data We Collect
To conduct background verifications, we collect the following categories of data (as per client requirements and regulatory compliance):
- Personal Identifiable Information (PII): Name, date of birth, contact details, address proof, Aadhaar/PAN/Voter ID, etc.
- Employment Details: Previous employment records, references, and professional certifications.
- Educational Credentials: Degrees, diplomas, and verification of educational institutions attended.
- Criminal & Legal Records: As per client requirements and applicable laws.
- Financial Information: Only if relevant (e.g., credit checks, tax records).
5. Lawful Basis for Data Processing
We process personal data based on the following lawful grounds:
- Consent: Individuals explicitly consent before their data is collected.
- Employment Details: Previous employment records, references, and professional certifications.
- Educational Credentials: Degrees, diplomas, and verification of educational institutions attended.
- Criminal & Legal Records: As per client requirements and applicable laws.
- Financial Information: Only if relevant (e.g., credit checks, tax records).
6. Data Subject Rights
Under the DPDP Act, 2023, individuals have the following rights:
- Right to Access – Individuals can request details of the data we hold about them.
- Right to Correction – Any incorrect or incomplete data can be rectified.
- Right to Erasure – Individuals can request data deletion if it is no longer required.
- Right to Grievance Redressal – Individuals can file complaints regarding data misuse.
- Right to Data Portability – Upon request, data can be shared in a structured format (where applicable).
7. Data Sharing & Third-Party Disclosures
We do not sell or share personal data with unauthorized third parties. However, data may be shared with:
- Government or regulatory authorities, if legally required.
- Employers and institutions for background verification purposes (with consent).
- Third-party service providers who assist in processing verifications, under strict confidentiality agreements.
8. Data Security Measures
To ensure data protection, NSEPF APL implements the following security measures:
- Encryption & Secure Storage – All data is encrypted both in transit and at rest.
- Access Control – Only authorized personnel have access to personal data.
- Regular Audits – Compliance checks and data protection impact assessments (DPIA) are conducted periodically.
- Incident Response Plan – A structured approach is in place to handle data breaches.
9. Data Retention Policy
- Data is retained only for the duration necessary for verification purposes.
- Post-verification, data is securely deleted or anonymized as per DPDP Act guidelines.
- Retention exceptions apply if mandated by legal or regulatory authorities.
10. Cross-Border Data Transfers
If personal data is transferred outside India, it is done in compliance with Indian government regulations, ensuring adequate data protection measures in the recipient country.
11. Compliance & Governance
- NSEPF APL has appointed a Data Protection Officer (DPO) responsible for compliance with the DPDP Act, 2023.
- Employees handling personal data are trained in data protection and privacy best practices.
12. Grievance Redressal & Contact Information
We process personal data based on the following lawful grounds:
- Email: services@nsepfapl.in
- Helpline: +91 8447970701
- Address: NSEPF, 303, H-196, Sector 63, Noida, Uttar Pradesh - 201301
13. Updates to This Policy
We may update this policy periodically to reflect changes in regulations or our business practices. Users will be notified of significant updates.
- Effective Date: 11/02/2025
- Last Updated: 11/02/2025