Protection Policy

Home / Policies / Protection Policy
Overview

For Vstaarplus Lifestyle Private Limited (The, “Company”) focuses on protecting the confidential data provided by the customers, employee, C&F, Direct sellers. Therefore, company is taking every possible step to protect the interest of Consumer of the Company and ensures to take reasonable interest for the protection of the consumer interest.

Applicability

This policy shall be called Information Technology (Reasonable security practices which must be followed on for protecting the sensitive personal data and information) by the Vstaarplus Lifestyle Private Limited (Herein after referred as “Company”) and applies on sensitive personal data provided by the concerned person.

Objective

The main objective associated with policy is to protect the data, information and personal information which majorly relate either directly or indirectly with the concerned person.

Applicable laws

The Consumer Protection (Direct Selling) Rules, 2021, Consumer Protection Act, 2019, Consumer Protection (E-Commerce) Rules, 2020 and Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011.

Definitions:
  1. "Act" means the Information Technology Act, 2000 (21 of 2000);
  2. “Company” means Vstaarplus Lifestyle Private Limited.
  3. “Concerned person” means direct sellers, customers, C&F, employees of the Company.
  4. "Cyber incidents" means any real or suspected adverse event in relation to cyber security that violates an explicitly or implicitly applicable security policy resulting in unauthorized access, denial of service or disruption, unauthorized use of a computer resource for processing or storage of information or changes to data, information without authorization;
  5. "Data" means representation of information, knowledge, facts, concepts or instructions which are being prepared or have been prepared in a formalized manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network, and may be in any form (including computer printouts magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computer
  6. "Information” includes [data, message, text,] images, sound, voice, codes, computer programmes, software and data bases or micro film or computer-generated micro fiche
  7. "Intermediary with respect to any particular electronic records, means any person who on behalf of another person receives, stores or transmits that record or provides any service with respect to that record and includes telecom service providers, network service providers, internet service providers, web-hosting service providers, search engines, online payment sites, online-auction sites, online-market places and cyber cafes
  8. "Password" means a secret word or phrase or code or passphrase or secret key, or encryption or decryption keys that one uses to gain admittance or access to information;
  9. "Personal information" means any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a Company, is capable of identifying such person.
Sensitive personal data and information

Sensitive personal data or information of a person means such personal information which consists of information relating to; —

  1. password;
  2. financial information such as Bank account or credit card or debit card or other payment instrument details;
  3. physical, physiological and mental health condition;
  4. sexual orientation;
  5. medical records and history;
  6. any detail relating to the above clauses as provided to Company for providing service; and
  7. any of the information received under above clauses by Company for processing, stored or processed under lawful contract or otherwise
Need of your Information

As per the company policy, there is no requirement to provide above mentioned sensitive personal data and information in our general procedures. However, in certain specific circumstances as per law such as placing order, providing commission to direct sellers, requiring personal information related with medical record and history while conducting any routine health check-ups/or to buy a particular product. The company ensures that all the information shall be collected as per the provision of the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011.

Collection of Information
  1. Consent as per your choice
  1. Without your acceptance or permission, we don’t receive any personal/sensitive from your side.
  2. However, Company obtain consent in writing through letter or Mobile OTP or email from the provider of the sensitive personal data or information regarding the use of such information
  1. Collected for lawful purpose
  1. The Company shall not collect any sensitive personal data unless the information has been collected for the lawful purpose, required for the functioning of the company and has been considered necessary for that purpose.
  1. Your information is in your knowledge
  1. The company shall take reasonable steps to ensure that the concerned person, from whom the information is collected, must have the knowledge of
  • The fact that the information is being collected
  • The purpose for which the information is being collected
  • The intended receipts of information
  • The name and address of person who will be collecting and retaining the information.
  1. Not hold information for the longer period of time
  1. The company or any other authorized person not retains the information for longer that it is required under any law for the time being in force.
  1. Information shall be used for the relevant purpose only
  1. The collected information shall be used for the relevant purpose for which it is collected.
  1. Review of information
  1. The company may ask for updation of your collected information or any further information, if any required by company or applicable law. However, the company shall not be considered responsible for the authenticity of the personal information or sensitive personal data provided by any person.
  1. Withdrawal of information

The company before providing the information relate with sensitive personal data provides an option with the provider of the information regarding not providing the information.

  • The provider of information shall at any time while availing the service possess the option to withdraw the consent.
  • The withdrawal of consent shall be in writing.
  • However, in the case provider of information not providing or later on withdrawing the consent, the Company shall possess the option not to provide the goods and services for which the information was sought.
  1. Address discrepancies or grievances
  • The company shall address any discrepancies or grievances of information provider.
  • In accordance with this provision, the company shall appoint a Grievance Officer that shall redress the grievances within 1 month from the date of receiving.
Disclosure of Information
  1. Disclosure of information to Third Party
  • Prior approval: Disclosure of information by Company to any third party will require prior approval from the provider of the information.
  • Sharing of information with parties: The information be shared, without obtaining prior consent from provider of information, with Government agencies mandated under the law to obtain information including sensitive personal data or information for the purpose of verification of identity, or for prevention, detection, investigation including cyber incidents, prosecution, and punishment of offences
  • Not Publish sensitive personal data: The Company shall not publish the sensitive personal data.
  • Information received by third party: The third party after receiving the sensitive personal data or information from the Company shall not disclose it further.
To whom your Personal Data may be disclosed:

We may disclose your Personal Data for the above purposes to other parties including:

  • Other group companies and any subcontractors, direct seller, agents or service providers who work for us or provide services to us or group companies (including their employees, sub-contractors, service providers, directors and officers)
  • Law Enforcement Authorities, Government Authorities, courts, dispute resolution bodies, our regulators, auditors and any party appointed or requested by our regulators to carry out investigations or audits of our activities
  • Statutory and regulatory bodies and authorities (including the government) investigating agencies and entities or persons, to whom or before whom it is mandatory to disclose the Personal Data as per the applicable law, courts, judicial and quasi- judicial authorities and tribunals, arbitrators and arbitration tribunals
  • Overseas regulators
  • Anybody else that we’ve been instructed to share your Personal Data with by you.
Transfer of Information
  1. Transfer the data: The Company or any other authorized person can possess the authority to transfer the sensitive personal data or information including any person, to any other person or company. However, that said party need to ensures same level of data protection that is adhered to by the Company.
  2. Allowed: The transfer of information may be allowed only if it is necessary for the performance of the lawful contract between the Company or any person on its behalf and provider of information or where such person has consented to data transfer.
For Reasonable Security Practices of above mentioned sensitive personal information

Complied with all aspects: We comply and follow international Standard IS/ISO/IEC 27001 on "Information Technology - Security Techniques - Information Security Management System Requirements” for the sensitive personal data and information.

Notification of changes

We keep our sensitive personal information protection policy under regular review to make sure it is up to date and accurate. Any changes we may make to this Policy in the future will be posted on this page. We recommend that you re-visit this page regularly to check for any updates.

For any additional questions or support, reach out to data@vstaarplus.in