(Pursuant to Rule 4 of Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 read with Information Technology Act 2000)
Policy Statement [Rule 4(1)(i) read with Rule 5]:
• BBPL or any person acting on its behalf (together referred to as “BBPL”) shall obtain consent in writing through letter or fax or email from the provider of the sensitive personal data or information regarding purpose of usage before collection of such information. The provider of information shall, at any time while availing the services or otherwise, also have an option to withdraw its consent. Such withdrawal of the consent shall be sent in writing to BBPL. In the case of provider of information not providing or later on withdrawing his consent, BBPL shall have the option not to provide its services for which the said information was sought.
• BBPL shall not collect sensitive personal data or information unless:-
i. the information is collected for a lawful purpose connected with a function or activity of; and
ii. the collection of the sensitive personal data or information is considered necessary for that purpose.
• While collecting information directly from the person concerned, BBPL shall take such steps as are, in the circumstances, reasonable to ensure that the person concerned is having the knowledge of —
a. the fact that the information is being collected;
b. the purpose for which the information is being collected;
c. the intended recipients of the information; and
d. the name and address of —
i. the agency that is collecting the information; and
ii. the agency that will retain the information.
• BBPL shall not retain that information for longer than is required for the purposes for which the information may lawfully be used or is otherwise required under any other law for the time being in force.
• The information collected shall be used for the purpose for which it has been collected.
• BBPL permit the providers of information, as and when requested by them, to review the information they had provided, and ensure that any personal information or sensitive personal data or information found to be inaccurate or deficient shall be corrected or amended as feasible. However, BBPL shall not be responsible for the authenticity of the personal information or sensitive personal data or information so provided.
• BBPL shall, prior to the collection of information including sensitive personal data or information, provide an option to the provider of the information to not to provide the data or information sought to be collected.
• BBPL shall not publish the sensitive personal data or information
Personal or sensitive personal data or information [Rule 4(1)(ii) read with Rule 3]:
BBPL, during the course of its business, may collect personal or sensitive personal information/data or documents (together referred to as “Information”).
1. Personal data/Information -Any information/document that relates to a natural person, which either directly or indirectly, in combination with other information available or likely to be available with BBPL, is capable of identifying such person like name, residential address, Guardian's name (if minor), Email address, Domain address, Telephone/mobile number, Date of birth, Job position/Occupation etc
2. Sensitive Personal data/Information: Sensitive personal data or information of a person means such personal information which consists of information relating to:
ii. financial information such as Bank account or credit card or debit card or other payment instrument details, income, assets, investment strategy, investment background etc;
iii. any document provided for identity verification like copies of passport, utility bills, and/or bank statement or your company incorporation details etc
iv. physical, physiological and mental health condition;
v. sexual orientation;
vi. medical records and history;
vii. Biometric information;
viii. any detail relating to the above clauses as provided to BBPL for providing service; and
ix. any of the information received under above clauses by BBPL for processing, stored or processed under lawful contract or otherwise:
Provided that, any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data or information for the purpose of this policy.
Further, BBPL may collect some information automatically such as IP address, information about web browser software and version, general geographic location indicated by your IP address, website that referred the person to BBPL, and similar information.
Use of collected Information [Rule 4(1)(iii)]:
BBPL may use the personal information for the following purposes:
• for processing business related transactions, providing, improving, and marketing services, including site content and performance;
• Responding to requests for information
• To personalize user experience
• To improve the functionality of BBPL’s website
• To send business/marketing communications, periodic marketing emails, newsletters, and exclusive promotions offering special deals
• To participate in sweepstakes, contests, promotions, surveys, and similar promotions and to administer these activities
• Monitoring compliance with any terms and conditions associated with BBPL’s services, including to confirm identity
• Performing such other functions as described to the provider of information, at the time of collection or pursuant to their consent
In addition, certain information collected by BBPL such as the IP address of any computer or other device that the information provider use to access BBPL’s website and any other domains that may be operated by BBPL, will be used to monitor and investigate possible violations of, and enforce any terms and conditions associated with BBPL’s products and services or other applicable agreements between the information provider and BBPL.
Disclosure / Sharing / Transfer of information [Rule 4(1)(iv) read with Rule 6 & 7]:
• Disclosure of information by BBPL to any third party shall require prior permission from the provider unless such disclosure has been agreed to in the contract between BBPL and the provider of information, or where the disclosure is necessary for compliance of a legal obligation.
• When a written request from Government agency or any third party is received, for the purpose of verification of identity, or for prevention, detection, investigation including cyber incidents, prosecution, and punishment of offences, the information shall be shared without obtaining prior consent from provider.
• BBPL may transfer information to any other body corporate or a person in India, or located in any other country, that ensures the same level of data protection that is adhered to by BBPL as provided for under this policy. The transfer may be allowed only if it is necessary for the performance of the lawful contract between BBPL and provider of information or where such person has consented to data transfer.
Disclaimer: BBPL cannot control the privacy practices of the third parties and thus is not responsible for any non-compliance with respect to disclosure of information done by such third parties.
Grievance Officer [Rule 5(9)]:
• BBPL shall address any discrepancies and grievances, with respect to processing of information, of the information provider in a time bound manner, through its designated Grievance Officer.
• Name and contact details of the Grievance Officer are published on the website of BBPL at https://www.bcbbrokerage.com
• The grievances of the information provider shall be redressed expeditiously but within one month from the date of receipt of grievance.
Security / Safeguard Practices and Procedures [Rule 8]:
Among others, following BBPL IT security access policies shall be adhered to for the purpose of security and safeguarding the information of the provider:
• Data disposal & Data Retention Policy
• Information Security policy
• Cryptographic and Encryption Policy
• IT Access Control Policy
• Physical Security Policy
• Network Security Policy
• Internet Access Policy
Review/Amendments to this policy:
This policy has been adopted by the Board of Directors of BBPL. Board may review and amend the terms of this policy as and when required due to regulatory changes or under any other circumstances necessitating revision to this policy