Home/DPDP Act
Digital Personal Data Protection Act, 2023

Effective Date: January 1, 2024 | Last Updated: December 30, 2025

Aurum CoNexus Private Limited ("Aurum CoNexus", "we", "us", or "our") is committed to protecting your personal data in accordance with the Digital Personal Data Protection Act, 2023 (DPDP Act). This policy explains how we comply with the DPDP Act and protect your rights as a Data Principal.

1. Introduction to DPDP Act Compliance

The Digital Personal Data Protection Act, 2023 is India's comprehensive data protection legislation that governs the processing of digital personal data. As a responsible Data Fiduciary, Aurum CoNexus adheres to all obligations under this Act to ensure your personal data is processed lawfully, fairly, and transparently.

2. Our Role as Data Fiduciary

Aurum CoNexus acts as a Data Fiduciary under the DPDP Act. This means we:

  • Determine the purpose and means of processing your personal data
  • Are responsible for the lawful and fair processing of your data
  • Implement appropriate technical and organizational measures to protect your data
  • Ensure compliance with all obligations under the DPDP Act
  • Enable you to exercise your rights as a Data Principal

3. Data Protection Officer (DPO)

We have appointed a Data Protection Officer to oversee our DPDP Act compliance and serve as your primary point of contact for all privacy-related matters:

Archana Prashar

Data Protection Officer

Aurum CoNexus Private Limited

Email: dpo@aurumconexus.com

For any questions about how we process your personal data or to exercise your data rights, please contact our DPO.

4. Lawful Basis for Processing Personal Data

We process your personal data only when we have a valid lawful basis under the DPDP Act:

  • Consent: We obtain your explicit consent before processing your personal data for specific purposes
  • Contractual Necessity: Processing necessary to fulfill our membership services contract with you
  • Legitimate Interests: Processing for legitimate business purposes that do not override your rights
  • Legal Obligations: Processing required to comply with applicable laws and regulations

5. Your Rights as Data Principal

Under the DPDP Act, you have the following rights regarding your personal data:

Right to Access

You can request a summary of your personal data we process and details about the processing activities.

Right to Correction

You can request correction of inaccurate or incomplete personal data.

Right to Erasure

You can request deletion of your personal data when it is no longer necessary for the purpose it was collected.

Right to Data Portability

You can request to receive your personal data in a structured, commonly used format.

Right to Withdraw Consent

You can withdraw your consent at any time for processing based on consent.

Right to Grievance Redressal

You can file a complaint with our Data Protection Officer or the Data Protection Board of India.

6. Data Security Measures

We implement robust technical and organizational security measures to protect your personal data:

Technical Security Measures:

  • Encryption of data in transit and at rest using industry-standard protocols (TLS 1.3, AES-256)
  • Secure authentication mechanisms including multi-factor authentication where applicable
  • Regular security updates and patch management
  • Firewall protection and intrusion detection systems
  • Secure backup and disaster recovery procedures
  • Regular security audits and vulnerability assessments

Organizational Security Measures:

  • Access control policies limiting data access to authorized personnel only
  • Employee training on data protection and security best practices
  • Confidentiality agreements with all employees and contractors
  • Data breach response and notification procedures
  • Regular privacy impact assessments
  • Vendor due diligence and data processing agreements

Data Minimization:

  • We collect only personal data that is necessary for specified purposes
  • We retain data only for as long as necessary to fulfill the purpose
  • We implement data anonymization and pseudonymization where appropriate

7. Data Breach Notification

In the event of a data breach that is likely to cause harm to you, we will:

  • Notify the Data Protection Board of India as required by law
  • Notify affected Data Principals without undue delay
  • Provide details about the nature of the breach, data affected, and remedial measures taken
  • Take immediate steps to contain and remediate the breach

8. Cross-Border Data Transfers

If we transfer your personal data outside India, we ensure:

  • Compliance with all restrictions and requirements under the DPDP Act
  • Appropriate safeguards are in place to protect your data
  • The receiving country or organization provides adequate level of data protection
  • Standard contractual clauses or other approved transfer mechanisms are implemented

9. Children's Data Protection

We do not knowingly process personal data of children without verifiable parental consent. Our services are intended for business professionals and not directed at children under 18 years of age. If we become aware that we have collected personal data from a child without proper consent, we will take steps to delete such data promptly.

10. Data Retention

We retain your personal data only for as long as necessary to:

  • Fulfill the purposes for which it was collected
  • Comply with legal, regulatory, tax, or accounting requirements
  • Establish, exercise, or defend legal claims
  • Maintain business records for legitimate business purposes

Upon expiry of the retention period, we securely delete or anonymize your personal data.

11. Exercising Your Rights

To exercise any of your rights under the DPDP Act, you can:

  • Contact our Data Protection Officer at dpo@aurumconexus.com
  • Submit a request through your member dashboard (for registered members)
  • Send a written request to our registered office address

We will respond to your request within the timeframe specified under the DPDP Act (typically within 30 days). We may need to verify your identity before processing your request.

12. Grievance Redressal

If you have any concerns about how we process your personal data:

  1. First, contact our Data Protection Officer at dpo@aurumconexus.com
  2. If you are not satisfied with our response, you may file a complaint with the Data Protection Board of India

We are committed to resolving all privacy-related complaints in a fair and timely manner.

13. Updates to This Policy

We may update this DPDP Act Policy from time to time to reflect changes in:

  • Our data processing practices
  • Applicable laws and regulations
  • Our business operations

We will notify you of any material changes through our website or by email. Your continued use of our services after such notification constitutes acceptance of the updated policy.

14. Contact Information

Aurum CoNexus Private Limited

Registered Office: Plot no. 127, Sector 44, Gurgaon, Haryana, India - 122003

Data Protection Officer: Archana Prashar

Email: dpo@aurumconexus.com

Phone: +91-124-499-2121

General Inquiries: connect@aurumconexus.com

15. Compliance Statement

Aurum CoNexus Private Limited is committed to full compliance with the Digital Personal Data Protection Act, 2023 and all related rules and regulations. We regularly review and update our data protection practices to ensure ongoing compliance and best-in-class protection of your personal data.

Related Policies: For comprehensive information about our data practices, please also refer to our Privacy Policy and Terms & Conditions.

© 2026 Aurum CoNexus. All rights reserved.