WINNGOO MATRIMONY AGENT

                                     PRIVACY POLICY (INDIA)

Last Updated: [INSERT DATE]

1. PREAMBLE, OBJECTIVE AND LEGAL BASIS

1.1 This Privacy Policy (“Policy”) is issued by Winngoo, the owner and operator of the Winngoo Matrimony Agent Platform (“Platform”, “Winngoo”, “Company”, “we”, “us”, “our”).

1.2 This Policy governs the manner in which Winngoo collects, receives, stores, processes, uses, shares, transfers, retains, and protects Personal Data of individuals or entities registered as matrimonial agents (“Agents”, “you”, “your”).

1.3 This Policy is framed in strict compliance with:

• the Information Technology Act, 2000;
• the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”);
• the Digital Personal Data Protection Act, 2023 (“DPDP Act”);
• applicable rules, notifications, circulars, and judicial precedents in force in India.

1.4 This Policy forms an integral part of the Winngoo Matrimony Agent Terms and Conditions and has binding contractual effect.

1.5 By registering as an Agent, accessing the Platform, or providing Personal Data, you expressly acknowledge that you have read, understood, and agreed to this Policy.

2. DEFINITIONS AND INTERPRETATION

2.1 For the purposes of this Policy, unless the context otherwise requires:

(a) “Personal Data” means any data about an individual who is identifiable by or in relation to such data, as defined under the DPDP Act, 2023.

(b) “Sensitive Personal Data or Information (SPDI)” shall have the meaning assigned under Rule 3 of the SPDI Rules, including passwords, financial information, biometric data, and authentication credentials.

(c) “Processing” includes any operation or set of operations performed on Personal Data, whether automated or manual, including collection, recording, storage, use, disclosure, sharing, transmission, erasure, or destruction.

(d) “Data Principal” refers to the Agent whose Personal Data is processed.

(e) “Applicable Law” means all laws, statutes, regulations, rules, guidelines, and governmental orders applicable within India.

2.2 Headings are for reference only and shall not affect interpretation.

2.3 Words importing the singular include the plural and vice versa.

3. APPLICABILITY AND SCOPE

3.1 This Policy applies exclusively to:
(a) individuals registering as matrimonial agents on the Platform;
(b) authorised representatives of agencies registering as Agents;
(c) all Personal Data processed in connection with Agent onboarding, verification, and Platform usage.

3.2 This Policy applies irrespective of whether the Agent operates physically within India or outside India, so long as Personal Data is processed in connection with services offered in India.

3.3 This Policy does not govern the privacy practices of third-party websites, applications, or services linked to the Platform.

4. STATUS OF WINNGOO UNDER INDIAN DATA PROTECTION LAW

4.1 For the purposes of the DPDP Act, Winngoo acts primarily as a Data Fiduciary in respect of Agent Personal Data.

4.2 Winngoo determines the purpose and means of Processing of Personal Data collected from Agents.

4.3 In limited circumstances, Winngoo may act as a Data Processor where Processing is carried out strictly on documented instructions and for defined purposes.

5. CATEGORIES OF PERSONAL DATA COLLECTED

5.1 Winngoo may collect and process the following categories of Personal Data from Agents:

(a) Identity Data: full name, photograph, gender, date of birth, government-issued identification documents (including PAN, Aadhaar where lawfully permitted), and profile details.

(b) Contact Data: residential or business address, email address, mobile number, and communication preferences.

(c) Professional and Agency Data: business name, registration certificates, experience details, service locations, profile descriptions, and credentials uploaded to the Platform.

(d) Financial Data: bank account details, IFSC codes, commission records, payment history, invoices, and tax-related information.

(e) Authentication Data: usernames, passwords (encrypted), OTP records, login credentials, and access logs.

(f) Technical and Usage Data: IP address, device identifiers, browser details, timestamps, activity logs, and system interactions.

(g) Compliance and Risk Data: verification results, complaints, disputes, disciplinary actions, suspension records, and audit logs.

6. SOURCES OF PERSONAL DATA

6.1 Personal Data is collected directly from the Agent during registration, onboarding, verification, and continued Platform usage.

6.2 Personal Data may also be collected from:
(a) identity verification service providers;
(b) payment gateways and banking partners;
(c) publicly available records where lawfully accessible;
(d) government or regulatory authorities, where required.

6.3 The Agent represents and warrants that all data provided is accurate, lawful, and not misleading.

7. PURPOSES OF PROCESSING

7.1 Winngoo processes Agent Personal Data strictly for lawful and legitimate purposes, including but not limited to:

(a) onboarding, registration, and account creation;
(b) identity verification and due diligence;
(c) enabling matrimonial intermediary services;
(d) commission calculation, payouts, and financial reconciliation;
(e) fraud detection, misuse prevention, and platform security;
(f) compliance with legal, regulatory, and tax obligations;
(g) dispute resolution, enforcement of rights, and internal audits;
(h) communication regarding platform updates, policies, and compliance matters.

7.2 Personal Data shall not be processed in a manner inconsistent with the purposes stated herein.

8. LEGAL BASIS FOR PROCESSING

8.1 Winngoo processes Personal Data on one or more of the following lawful grounds:
(a) consent provided by the Agent;
(b) performance of contractual obligations;
(c) compliance with legal obligations under Indian law;
(d) legitimate business interests of Winngoo, where not overridden by Agent rights.

8.2 Consent may be obtained electronically and shall be deemed valid under Applicable Law.

9. CONSENT MANAGEMENT AND WITHDRAWAL

9.1 Agents may withdraw consent by submitting a written request to Winngoo, subject to Applicable Law.

9.2 Withdrawal of consent may result in:
(a) suspension of Agent account;
(b) restriction of Platform access;
(c) termination of the Agent relationship, where necessary.

9.3 Winngoo shall not be liable for consequences arising from withdrawal of consent.

10. ACCURACY, UPDATES AND AGENT RESPONSIBILITIES

10.1 Agents shall ensure that all Personal Data provided to Winngoo is accurate, complete, and up to date.

10.2 Agents must promptly update any changes to their Personal Data through the Platform.

10.3 Winngoo shall not be responsible for any loss, damage, or liability arising from inaccurate or outdated Personal Data provided by the Agent.

11. DISCLOSURE AND SHARING OF PERSONAL DATA

11.1 Winngoo shall disclose Agent Personal Data strictly on a limited, lawful, and need-to-know basis.

11.2 Personal Data may be disclosed to the following categories of recipients:

(a) Internal Personnel: authorised employees, officers, directors, and contractors of Winngoo for operational, compliance, audit, and administrative purposes;

(b) Service Providers: third-party vendors engaged for identity verification, cloud hosting, data storage, payment processing, analytics, customer support, messaging, or security services;

(c) Professional Advisors: legal counsel, auditors, tax consultants, accountants, and compliance advisors;

(d) Regulatory and Government Authorities: courts, tribunals, law enforcement agencies, statutory bodies, or regulators where disclosure is mandated or lawfully requested under Applicable Law.

11.3 All third parties receiving Personal Data shall be bound by contractual obligations to:
(a) maintain confidentiality;
(b) implement reasonable security practices;
(c) process data only for authorised purposes.

11.4 Winngoo does not sell or rent Agent Personal Data to any third party.

12. CROSS-BORDER TRANSFER OF PERSONAL DATA

12.1 Winngoo may transfer Agent Personal Data outside India in accordance with:
(a) the DPDP Act, 2023;
(b) notifications issued by the Central Government;
(c) reasonable safeguards ensuring data protection.

12.2 Cross-border transfers may occur for:
(a) cloud infrastructure;
(b) technical support;
(c) business continuity and disaster recovery.

12.3 By using the Platform, the Agent expressly consents to such cross-border transfers where legally permitted.

13. DATA RETENTION AND STORAGE

13.1 Winngoo shall retain Agent Personal Data only for as long as necessary to fulfil the purposes stated in this Policy or as required under Applicable Law.

13.2 Retention periods may vary based on:
(a) statutory requirements;
(b) contractual obligations;
(c) ongoing disputes or investigations;
(d) audit and compliance needs.

13.3 Upon expiry of the retention period, Personal Data shall be securely deleted, anonymised, or archived in accordance with Winngoo’s internal data retention policies.

14. REASONABLE SECURITY PRACTICES AND SAFEGUARDS

14.1 Winngoo implements reasonable security practices and procedures as required under the IT Act and SPDI Rules, including:

(a) administrative safeguards;
(b) technical controls such as encryption, access control, and firewalls;
(c) physical security measures;
(d) regular system monitoring and vulnerability assessments.

14.2 Access to Personal Data is restricted to authorised personnel only.

14.3 Despite best efforts, no system can be completely secure, and Winngoo does not guarantee absolute security.

15. DATA BREACH MANAGEMENT AND INCIDENT RESPONSE

15.1 Winngoo maintains documented procedures for detecting, responding to, and mitigating data breaches.

15.2 In the event of a Personal Data breach that is likely to cause significant harm, Winngoo shall:
(a) take prompt remedial measures;
(b) notify relevant authorities where required;
(c) inform affected Agents in accordance with Applicable Law.

15.3 Winngoo shall not be liable for breaches arising from:
(a) Agent negligence;
(b) force majeure events;
(c) unauthorised access beyond Winngoo’s reasonable control.

16. AGENT RIGHTS UNDER INDIAN DATA PROTECTION LAW

16.1 Subject to Applicable Law, Agents have the right to:
(a) access their Personal Data;
(b) request correction or updating of inaccurate data;
(c) withdraw consent;
(d) request erasure of Personal Data where legally permissible;
(e) grievance redressal.

16.2 Requests must be submitted in the manner prescribed by Winngoo and may be subject to verification.

17. LIMITATIONS AND EXCEPTIONS TO AGENT RIGHTS

17.1 Winngoo may refuse or restrict requests where:
(a) disclosure would violate Applicable Law;
(b) data is required for legal compliance;
(c) requests are frivolous or vexatious;
(d) disclosure would prejudice rights of third parties.

18. GRIEVANCE REDRESSAL MECHANISM

18.1 Winngoo appoints a Grievance Officer in accordance with Applicable Law.

18.2 Agents may submit grievances related to Personal Data Processing through designated communication channels.

18.3 Grievances shall be addressed within timelines prescribed under Applicable Law.

19. CHILD DATA AND PROHIBITED PROCESSING

19.1 The Platform is intended exclusively for adults eligible to act as matrimonial agents.

19.2 Winngoo does not knowingly process Personal Data of minors.

20. MONITORING, AUDIT AND COMPLIANCE

20.1 Winngoo reserves the right to monitor, audit, and review Agent accounts and data processing activities for compliance with this Policy.

20.2 Agents agree to cooperate with audits and compliance checks as required.

21. AGENT OBLIGATIONS AND COMPLIANCE DUTIES

21.1 The Agent shall comply at all times with this Policy and all Applicable Laws relating to data protection, privacy, confidentiality, and information security.

21.2 The Agent shall not misuse, disclose, copy, store, or process any Personal Data accessed through the Platform except as expressly permitted by Winngoo.

21.3 The Agent shall implement reasonable security practices to protect access credentials and devices used to access the Platform.

21.4 Any unauthorised access, suspected breach, or compromise of Personal Data shall be immediately reported to Winngoo.

22. CONFIDENTIALITY AND NON-DISCLOSURE

22.1 All Personal Data and related information accessed by the Agent shall be treated as strictly confidential.

22.2 Confidentiality obligations shall survive suspension, termination, or expiry of the Agent relationship.

22.3 The Agent shall not disclose Personal Data to any third party without prior written authorisation from Winngoo, except where required by law.

23. INDEMNITY

23.1 The Agent agrees to indemnify, defend, and hold harmless Winngoo, its directors, officers, employees, and affiliates from and against any losses, claims, damages, penalties, fines, costs, or expenses arising out of:
(a) breach of this Policy by the Agent;
(b) unauthorised disclosure or misuse of Personal Data by the Agent;
(c) violation of Applicable Law attributable to the Agent;
(d) negligence, fraud, or wilful misconduct of the Agent.

23.2 This indemnity shall be in addition to any other remedies available to Winngoo under law or contract.

24. LIMITATION OF LIABILITY

24.1 To the maximum extent permitted under Indian law, Winngoo shall not be liable for:
(a) indirect, incidental, consequential, or punitive damages;
(b) loss of profits, business, reputation, or data;
(c) actions of third parties beyond Winngoo’s reasonable control.

24.2 Winngoo’s aggregate liability, if any, shall not exceed the amount paid or payable to the Agent in the preceding twelve (12) months.

25. DISCLAIMER OF WARRANTIES

25.1 The Platform and all data processing activities are provided on an “as is” and “as available” basis.

25.2 Winngoo makes no warranties, express or implied, regarding uninterrupted access, error-free processing, or absolute data security.

26. TERMINATION AND DATA CONSEQUENCES

26.1 Upon suspension or termination of the Agent account:
(a) access to the Platform shall cease immediately;
(b) Personal Data shall be retained or deleted in accordance with Applicable Law and retention obligations.

26.2 Termination shall not affect Winngoo’s right to retain data required for legal, regulatory, audit, or dispute purposes.

27. FORCE MAJEURE

27.1 Winngoo shall not be liable for failure or delay in performance caused by events beyond its reasonable control, including natural disasters, cyberattacks, governmental actions, or infrastructure failures.

28. AMENDMENTS AND UPDATES

28.1 Winngoo reserves the right to amend this Policy at any time to reflect legal, regulatory, or operational changes.

28.2 Continued use of the Platform after amendments constitutes acceptance of the revised Policy.

29. GOVERNING LAW AND JURISDICTION

29.1 This Policy shall be governed by and construed in accordance with the laws of India.

29.2 Courts located in India shall have exclusive jurisdiction, subject to any arbitration clause contained in the Agent Terms.

30. SEVERABILITY AND WAIVER

30.1 If any provision of this Policy is held invalid or unenforceable, the remaining provisions shall remain in full force and effect.

30.2 Failure by Winngoo to enforce any provision shall not constitute a waiver of such provision.

31. NOTICES AND COMMUNICATIONS

31.1 All notices, requests, and communications under this Policy shall be made electronically through the Platform, registered email address, or any other mode prescribed by Winngoo.

31.2 Electronic notices shall be deemed valid and legally effective under the Information Technology Act, 2000.

31.3 The Agent is responsible for ensuring that contact details remain accurate and active.

32. GRIEVANCE OFFICER AND CONTACT DETAILS

32.1 In accordance with Applicable Law, Winngoo shall appoint a Grievance Officer to address data protection complaints.

32.2 Grievance Officer details shall be published on the Platform and updated as required.

32.3 Complaints shall be resolved within statutory timelines.

33. DATA PROTECTION GOVERNANCE

33.1 Winngoo maintains internal governance mechanisms to ensure compliance with Indian data protection laws.

33.2 Policies, procedures, and training programs are periodically reviewed and updated.

34. AUTOMATED DECISION-MAKING AND PROFILING

34.1 Winngoo may use automated systems for:
(a) fraud detection;
(b) risk assessment;
(c) compliance monitoring.

34.2 Automated decisions shall not produce legal effects without appropriate safeguards.

35. LOGGING, MONITORING AND RECORD KEEPING

35.1 Winngoo maintains logs and records of Processing activities for audit and compliance purposes.

35.2 Such records may be retained for extended periods as required by law.

36. BUSINESS TRANSFERS AND RESTRUCTURING

36.1 In the event of a merger, acquisition, restructuring, or sale of assets, Personal Data may be transferred as part of the transaction.

36.2 Such transfers shall be subject to equivalent data protection safeguards.

37. THIRD-PARTY LINKS AND INTEGRATIONS

37.1 The Platform may contain links to third-party services.

37.2 Winngoo shall not be responsible for privacy practices of third parties.

38. SURVIVAL OF OBLIGATIONS

38.1 Provisions relating to confidentiality, indemnity, liability, and compliance shall survive termination.

39. ENTIRE POLICY

39.1 This Policy constitutes the entire agreement with respect to privacy matters between Winngoo and the Agent.

40. ACCEPTANCE AND ACKNOWLEDGEMENT

40.1 By registering or continuing to use the Platform, the Agent acknowledges acceptance of this Policy.

40.2 Acceptance may be recorded electronically and shall be legally binding.

41. DATA MINIMISATION AND PURPOSE LIMITATION

41.1 Winngoo shall ensure that only such Personal Data as is reasonably necessary for the purposes specified in this Policy is collected and processed.

41.2 Personal Data shall not be retained or used in a manner incompatible with the stated purposes, except where required by Applicable Law.

42. TRANSPARENCY AND FAIR PROCESSING

42.1 Winngoo shall process Personal Data in a transparent, fair, and lawful manner.

42.2 Agents shall be informed of material changes to Processing activities through notices or policy updates.

43. RECORD OF CONSENTS AND PROCESSING ACTIVITIES

43.1 Winngoo shall maintain records of:
(a) consents obtained from Agents;
(b) Processing activities undertaken;
(c) disclosures and transfers of Personal Data.

43.2 Such records may be produced before regulatory authorities or courts where required.

44. COMPLIANCE WITH DPDP ACT ENFORCEMENT MECHANISMS

44.1 Winngoo shall comply with directions, inquiries, and enforcement actions issued by competent authorities under the DPDP Act, 2023.

44.2 Agents acknowledge that regulatory disclosures may be made without prior notice where legally mandated.

45. NO ASSIGNMENT BY AGENT

45.1 The Agent shall not assign or transfer any rights or obligations under this Policy without prior written consent of Winngoo.

46. INTERPRETATION CONSISTENT WITH INDIAN LAW

46.1 This Policy shall be interpreted in a manner consistent with Indian statutory provisions, judicial precedents, and regulatory guidance.

46.2 In the event of conflict between this Policy and Applicable Law, Applicable Law shall prevail.

47. LANGUAGE AND GOVERNING VERSION

47.1 This Policy is drafted in English.

47.2 In the event of translation, the English version shall prevail.

48. ELECTRONIC EXECUTION AND VALIDITY

48.1 This Policy may be executed electronically and accepted through click-wrap or digital consent mechanisms.

48.2 Electronic acceptance shall be valid and enforceable under the Information Technology Act, 2000.

FINAL DECLARATION

1.This Privacy Policy is issued under the authority of Winngoo and is effective from the date mentioned above.

2. Continued access or use of the Platform constitutes unconditional acceptance of this Policy.