Data Retention Policy

GMOXX ECOM PVT LTD

At GMOXX ECOM PVT LTD, we prioritize the privacy and security of the data we collect, especially when it involves financial transactions managed through our accounts. Our data retention policy is designed to comply with applicable legal standards, industry best practices, and to support our commitment to transparency and customer trust.

This policy outlines our practices for collecting, storing, using, and disposing of data.

1. Scope of Data Collection

GMOXX ECOM PVT LTD collects various types of data to facilitate transactions, comply with regulatory requirements, and ensure the efficient operation of our services. This includes:

  • Personal Identification Information (PII): Customer name, address, contact details, date of birth, government-issued ID numbers, and other identification documents.
  • Financial Information: Bank account details, credit card information, transaction histories, and payment verification details.
  • Transactional Data: Details related to specific transactions, including the parties involved, amounts, purposes of transactions, and terms agreed by the transacting parties.
  • Compliance Data: Information collected to meet legal and regulatory requirements, such as anti-money laundering (AML) and Know Your Customer (KYC) checks.

2. Retention Duration and Policy

Data is retained only for as long as necessary to fulfill the purposes for which it was collected and to comply with legal, regulatory, and operational requirements.

Retention Periods:

  • Personal Data: Retained for a minimum of seven (7) years following account closure, transaction completion, or last engagement with GMOXX ECOM PVT LTD, whichever is later.
  • Financial Records: Retained for seven (7) years post-transaction to comply with financial regulations and for audit and legal purposes.
  • Transactional Data: Retained for a minimum of seven (7) years post-completion of the transaction or as required by applicable law.
  • Compliance Data: Retained for up to ten (10) years following data collection, or in accordance with regulatory standards for anti-money laundering (AML) and KYC requirements.

3. Data Security and Storage Measures

GMOXX ECOM PVT LTD implements advanced security protocols to ensure data is protected from unauthorized access, use, or disclosure. Security measures include:

  • Data Encryption: Personal and financial data is encrypted in transit and at rest to protect against unauthorized access.
  • Access Control: Restricted access is maintained for sensitive data, ensuring only authorized personnel, who are required to maintain strict confidentiality, can access relevant information.
  • Regular Audits and Monitoring: Routine audits, vulnerability assessments, and real-time monitoring of data systems are conducted to ensure compliance with security standards.

4. Data Disposal and Anonymization

Once the retention period has ended, data is securely disposed of through industry-standard methods, including:

  • Permanent Deletion: Data is deleted from all primary and backup systems, making it unrecoverable.
  • Anonymization: In cases where full deletion is not required or feasible, data is anonymized so it can no longer be associated with individual identities.

Disposal practices adhere to regulatory standards, including requirements under data protection laws such as the General Data Protection Regulation (GDPR) and India’s IT Act.

5. Data Subject Rights

GMOXX ECOM PVT LTD recognizes the rights of data subjects regarding their personal data. As provided by applicable data protection laws, individuals have the right to:

  • Access: Request a copy of their personal data held by GMOXX ECOM PVT LTD.
  • Rectification: Request corrections to any inaccurate or incomplete data.
  • Deletion: Request deletion of personal data, subject to retention requirements.
  • Restriction of Processing: Request limitation on the processing of their data.
  • Data Portability: Request transfer of their data to another service provider where feasible.
  • Objection: Object to the processing of personal data under certain circumstances.

To Exercise Your Rights: Contact our Data Protection Officer at privacy@antiqshop.co.in with your request. We will respond within the timeline stipulated by relevant laws and regulations.

6. Legal and Regulatory Compliance

GMOXX ECOM PVT LTD’s data retention practices comply with legal and regulatory obligations, including but not limited to:

  • Indian Information Technology Act and IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules.
  • RBI Guidelines for transaction documentation.
  • Anti-Money Laundering (AML) and Know Your Customer (KYC) guidelines.
  • Global Data Protection Regulations (GDPR) where applicable for international data subjects.

7. Policy Review and Updates

This policy is periodically reviewed to remain compliant with evolving legal requirements and industry standards. Changes to this policy will be posted on our website, and affected individuals will be notified where appropriate.

For further questions or clarification on this Data Retention Policy, please reach out to GMOXX ECOM PVT LTD’s Data Protection Officer at privacy@antiqshop.co.in