Remzo Privacy Policy

LAST UPDATED: OCTOBER 24, 2025EFFECTIVE DATE: OCTOBER 24, 2025GOVERNED BY: INDIAN LAW AND DPDP ACT 2023

Remzo Technologies Private Limited ('Remzo', 'we', 'us') is committed to protecting your personal data. This policy outlines our standards for collection, use, and protection for our clients, employees, and website visitors.

Legal Disclaimer

Have this reviewed by qualified Indian legal counsel before publishing. DPDP Act full enforcement: May 13, 2027.

Compliance Readiness 75%

Who We Are

Entity Name

Remzo Technologies Private Limited

Registered under the Companies Act, 2013

Regulatory Role

Data Fiduciary

Under India's DPDP Act 2023

Data Protection Officer

privacy@remzo.co

Fortified Security

Our systems are built on "The Digital Vault" philosophy, ensuring your data is structurally isolated and encrypted.

What Personal Data We Collect

We categorize data collection based on your relationship with Remzo. We only collect what is necessary to provide our services and maintain compliance.

Employees & Contractors

Identity & Verification

Aadhaar, PAN, Passport details, and background verification records.

Financial & Statutory

Bank account details, UAN (Provident Fund), and ESIC information.

Employment History

Performance records, attendance, and previous work experience.

Clients & Authorised Users

Company Information

GST details, corporate address, and registered business name.

User Identity

Names, corporate email addresses, and professional roles.

Billing Data

Invoicing history, payment confirmation, and contact details.

Website Visitors

We automatically collect technical info including IP addresses, browser types, device identifiers, and page interaction data to improve your experience and ensure site security.

Legal Basis for Processing

Performance of Contract

Necessary for fulfilling payroll obligations, salary processing, and statutory filings as per employment agreements.

Legal Obligation

Mandatory compliance with Indian laws including TDS, Provident Fund (PF), and ESIC regulations.

Consent

Data processed based on your explicit authorisation, which can be withdrawn at any time via the user portal.

Legitimate Use

Processing for specified purposes under Section 7 of the DPDP Act to ensure operational integrity.

How We Use Personal Data

Your data is utilized strictly for the administration of employment-related services.

Salary Disbursement

Processing monthly wages and bonuses in INR via integrated banking channels.

PRIMARY

Statutory Filings

Reporting and remittance for statutory deductions for local tax and social security.

Employment Documents

Generation of Form 16, digital payslips, and on-boarding statements.

Leave & Portal Operations

Managing attendance, time-tracking, and access control across logs.

Data Retention Standards

8 YEARS

Employment records

Statutory retention required under Indian labor and corporate laws.

BASIS: INDIAN STATUTORY LAW

7 YEARS

TDS records

Retention starting from the relevant assessment year end.

INCOME TAX ACT

+3 YEARS

Background verification

Duration of employment plus an additional three years.

INTERNAL POLICY

12 MONTHS

Website interactions & logs

Standard telemetry and usage data is purged or anonymised automatically after 12 months of inactivity.

DATA MINIMIZATION

Your Rights under the DPDP Act 2023

The Digital Personal Data Protection Act grants you unprecedented control over your digital footprint. Remzo provides a seamless portal to exercise these rights immediately.

privacy@remzo.co

Right to Access

Obtain a summary of the personal data currently being processed by Remzo and the activities carried out with it.

Right to Correction

Update or complete any inaccurate or misleading data. We ensure data integrity through periodic validation.

Right to Erasure

Request deletion of personal data that is no longer necessary for the purpose it was collected, unless legal holds apply.

Right to Withdraw Consent

At any point, withdraw consent for non-essential processing activities without affecting core service security.

Right to Grievance Redressal

Direct access to our Grievance Officer. We guarantee a comprehensive response within a strict 30-day window.

Cookie Architecture

Strictly necessary

Mandatory tokens required for session management, MFA verification, and secure routing.

Analytics

Performance tracking to optimize system speed and detect architectural bottlenecks.

Marketing

Used exclusively for measuring effectiveness of educational security outreach.

Security & International Transfers

Fortified Surface implements enterprise-grade technical and organizational measures to ensure the security of your data. We treat information security as a foundational structural requirement.

ENCRYPTION STANDARDS

Data is encrypted at rest using AES-256 and in transit via TLS 1.3, ensuring a cryptographic vault for all platform assets.

PRIMARY RESIDENCY

All core production data is hosted within sovereign data centers located in India, ensuring localized data sovereignty.

GCC SECURE ACCESS

Transfers are governed by strict Data Processing Agreements (DPAs) mirroring our primary residency security posture.

Changes to This Policy

We may update our Privacy Policy from time to time to reflect changes in our practices or regulatory requirements. We maintain a policy of proactive disclosure for all material changes.

30-Day Notice

If we make significant changes, we will provide at least 30 days' notice before the new terms take effect via email or a prominent banner on our platform.

Implied Acceptance

Your continued use of Fortified Surface after the effective date of any changes constitutes your formal acceptance of the updated Privacy Policy.

Questions regarding privacy?

Our legal and security teams are available for direct consultation.

info@remzo.co