Effective Date: 15.05.2022
Last Updated: 07/07/2025
Document Version: 1.0.1
Professional DigiSign Private Limited (“ProDigiSign”, “Company”, “we”, “us”, or “our”) is committed to safeguarding the privacy of individuals and organizations whose data we process while providing Digital Signature Certificates (DSC), SSL certificates, DSC Tokens, biometric devices, software solutions, and associated services.

This Privacy Policy outlines how we collect, use, disclose, and protect personal information in connection with our products, services, website, and other digital assets.

1. Information We Collect

A. Personal Information

• Full Name
• Contact Details (Email, Phone Number)
• Government-issued Identification (PAN, Aadhaar, Passport, etc.)
• Address Proof
• Photograph and Signature Image
• Biometric Information (if applicable for authentication)
• Organization Name and Details
• Digital Certificates and Public Key Infrastructure (PKI) details

B. Device and Technical Data

• IP Address
• Browser type and version
• Operating system
• Device identifiers
• Usage logs

C. Third-Party Data

We may receive KYC verification and identity authentication data from government agencies or authorized Business Partners etc.

2. Purpose of Data Collection

We collect personal and technical data to:

• Issue, renew, and revoke Digital Signature Certificates (Class 3, DGFT, Document Signer, Foreign DSCs)
• Enable Aadhaar/PAN-based paperless DSC processing
• Process SSL certificate issuance and domain validation
• Manage mToken and biometric device logistics and issuance
• Ensure compliance with Certifying Authority (CA) rules and IT Act guidelines
• Authenticate and authorize users for eSign and eKYC services
• Conduct audits and regulatory reporting
• Deliver personalized client service and support
• Prevent fraudulent activities and ensure system integrity

3. Legal Basis for Processing

We process personal data under the following legal grounds:

• Performance of a contract (DSC issuance, service provisioning)
• Compliance with legal obligations under the Indian IT Act, 2000
• Consent, where applicable
• Legitimate interest in improving services and ensuring digital security

4. Information Sharing and Disclosure

We do not sell or rent personal information.

We may share data with:

• Licensed Certifying Authorities (e.g., eMudhra, Capricorn, etc.)
• Government regulatory bodies (e.g., CCA, NIC, MCA, etc.)
• Technology vendors for software development and DSC lifecycle management
• Courier partners for delivery of physical tokens/devices
• Cloud or infrastructure providers, under strict contractual and confidentiality terms

Data sharing is always limited to the minimum necessary for intended purposes.

5. Data Retention

We retain personal data:

• As long as the certificate is valid and for a minimum of 7 years post expiry or revocation (as mandated by CCA)
• In alignment with legal obligations and internal data retention schedules

6. Data Security

We implement stringent physical, digital, and organizational safeguards to protect user data, including:

• End-to-end encryption (SHA-256 and above)
• PKI based Tokens
• Multi-factor authentication
• Secure server environments and firewalls
• Internal data access controls with audit logs

7. User Rights

Subject to applicable laws, users may exercise the following rights:

• Right to access and review personal data
• Right to correct inaccurate or incomplete information
• Right to revoke consent (where applicable)
• Right to lodge a complaint with the data protection authority (if under GDPR jurisdiction)

Requests can be initiated by contacting us at info@prodigisign.com

8. Cookies and Tracking

Our website may use cookies for:

• Improving user experience
• Session management and authentication
• Analytics and site performance

You can disable cookies through your browser settings. However, this may impact functionality.

9. Cross-Border Data Transfers

Where applicable, data may be processed outside India in compliance with prevailing data protection frameworks, subject to adequate safeguards and data localization norms under Indian law.

10. Children’s Privacy

Our services are not intended for individuals under the age of 18. We do not knowingly collect or process minors’ data.

11. Changes to This Policy

We may update this Privacy Policy periodically. Any material changes will be communicated via website notice or email. Continued use of our services constitutes acknowledgment of the revised terms.

12. Contact Us

Professional DigiSign Pvt. Ltd.
Registered Office: 238, 2nd Flr Patil Plaza, Mitramandal Chowk, Swargate, Pune, Maharashtra 411009
Email: info@prodigisign.com
Phone: 020 49105678
Website: www.prodigisign.com

Directors: Mr. Devendra Singh & Mrs. Deepika Singh
Email: devendra.singh@prodigisign.in

13. Support and Order Approval Timing

Our support and order approval services are available daily from 9:00 AM to 9:00 PM (Indian Standard Time). For any queries or order approvals outside these hours, requests will be processed on the next working day.