Remzo Privacy Policy
Remzo Technologies Private Limited ('Remzo', 'we', 'us') is committed to protecting your personal data. This policy outlines our standards for collection, use, and protection for our clients, employees, and website visitors.
Legal Disclaimer
Have this reviewed by qualified Indian legal counsel before publishing. DPDP Act full enforcement: May 13, 2027.
Compliance Readiness 75%
Who We Are
Entity Name
Remzo Technologies Private Limited
Registered under the Companies Act, 2013
Regulatory Role
Data Fiduciary
Under India's DPDP Act 2023
Data Protection Officer
privacy@remzo.coFortified Security
Our systems are built on "The Digital Vault" philosophy, ensuring your data is structurally isolated and encrypted.
What Personal Data We Collect
We categorize data collection based on your relationship with Remzo. We only collect what is necessary to provide our services and maintain compliance.
Employees & Contractors
Identity & Verification
Aadhaar, PAN, Passport details, and background verification records.
Financial & Statutory
Bank account details, UAN (Provident Fund), and ESIC information.
Employment History
Performance records, attendance, and previous work experience.
Clients & Authorised Users
Company Information
GST details, corporate address, and registered business name.
User Identity
Names, corporate email addresses, and professional roles.
Billing Data
Invoicing history, payment confirmation, and contact details.
Website Visitors
We automatically collect technical info including IP addresses, browser types, device identifiers, and page interaction data to improve your experience and ensure site security.
Legal Basis for Processing
Performance of Contract
Necessary for fulfilling payroll obligations, salary processing, and statutory filings as per employment agreements.
Legal Obligation
Mandatory compliance with Indian laws including TDS, Provident Fund (PF), and ESIC regulations.
Consent
Data processed based on your explicit authorisation, which can be withdrawn at any time via the user portal.
Legitimate Use
Processing for specified purposes under Section 7 of the DPDP Act to ensure operational integrity.
How We Use Personal Data
Your data is utilized strictly for the administration of employment-related services.
Salary Disbursement
Processing monthly wages and bonuses in INR via integrated banking channels.
Statutory Filings
Reporting and remittance for statutory deductions for local tax and social security.
Employment Documents
Generation of Form 16, digital payslips, and on-boarding statements.
Leave & Portal Operations
Managing attendance, time-tracking, and access control across logs.
Data Retention Standards
Employment records
Statutory retention required under Indian labor and corporate laws.
BASIS: INDIAN STATUTORY LAW
TDS records
Retention starting from the relevant assessment year end.
INCOME TAX ACT
Background verification
Duration of employment plus an additional three years.
INTERNAL POLICY
Website interactions & logs
Standard telemetry and usage data is purged or anonymised automatically after 12 months of inactivity.
DATA MINIMIZATION
Your Rights under the DPDP Act 2023
The Digital Personal Data Protection Act grants you unprecedented control over your digital footprint. Remzo provides a seamless portal to exercise these rights immediately.
privacy@remzo.coRight to Access
Obtain a summary of the personal data currently being processed by Remzo and the activities carried out with it.
Right to Correction
Update or complete any inaccurate or misleading data. We ensure data integrity through periodic validation.
Right to Erasure
Request deletion of personal data that is no longer necessary for the purpose it was collected, unless legal holds apply.
Right to Withdraw Consent
At any point, withdraw consent for non-essential processing activities without affecting core service security.
Right to Grievance Redressal
Direct access to our Grievance Officer. We guarantee a comprehensive response within a strict 30-day window.
Cookie Architecture
Strictly necessary
Mandatory tokens required for session management, MFA verification, and secure routing.
Analytics
Performance tracking to optimize system speed and detect architectural bottlenecks.
Marketing
Used exclusively for measuring effectiveness of educational security outreach.
Security & International Transfers
Fortified Surface implements enterprise-grade technical and organizational measures to ensure the security of your data. We treat information security as a foundational structural requirement.
ENCRYPTION STANDARDS
Data is encrypted at rest using AES-256 and in transit via TLS 1.3, ensuring a cryptographic vault for all platform assets.
PRIMARY RESIDENCY
All core production data is hosted within sovereign data centers located in India, ensuring localized data sovereignty.
GCC SECURE ACCESS
Transfers are governed by strict Data Processing Agreements (DPAs) mirroring our primary residency security posture.
Changes to This Policy
We may update our Privacy Policy from time to time to reflect changes in our practices or regulatory requirements. We maintain a policy of proactive disclosure for all material changes.
30-Day Notice
If we make significant changes, we will provide at least 30 days' notice before the new terms take effect via email or a prominent banner on our platform.
Implied Acceptance
Your continued use of Fortified Surface after the effective date of any changes constitutes your formal acceptance of the updated Privacy Policy.
Questions regarding privacy?
Our legal and security teams are available for direct consultation.