1. Introduction & Scope
PN Annsetu Network Private Limited ("AnnSetu", "we", "us", or "our") operates the AnnSetu Cold Storage Dashboard. We are committed to protecting the privacy and security of your digital personal data. This Privacy Policy outlines how we collect, process, share, and protect personal data and Sensitive Personal Data or Information (SPDI) in compliance with Section 43A of the Indian Information Technology (IT) Act, 2000, the IT (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 ("SPDI Rules"), and the Digital Personal Data Protection (DPDP) Act, 2023.
Under the DPDP Act 2023, the Cold Storage Operator acts as a "Data Fiduciary" for the onboarding of farmers and vendors, and AnnSetu acts as a "Data Processor" processing data on behalf of the Data Fiduciary. For the operator's account details, AnnSetu acts as the "Data Fiduciary".
2. Personal Data We Collect
We only collect digital personal data that is necessary for the performance of our services. This includes:
• Basic Identity Details: Name, Father's name, gender, category, and photograph.
• Contact Information: Mobile number, alternative mobile number, and email address.
• Address Details: Village, town, tehsil, city, district, state, and pin code.
• Sensitive Personal Data or Information (SPDI): Aadhaar number, PAN number, and detailed Bank Account information (Bank Name, branch, account number, IFSC code, and UPI IDs).
• Operational Data: Commodity details, quantities (packets, weights), room/rack assignments, and ledger/billing movements.
3. Purpose and Lawful Basis of Processing
All processing of digital personal data is carried out strictly based on your explicit, informed, and unambiguous consent under Section 6 of the DPDP Act 2023. The purposes of processing are:
• Onboarding: Setting up and verifying accounts for operators, farmers, and vendors.
• Operations: Generating Amad (inbound) receipts, assigning rack spaces, issuing Nikasi (outbound) dispatches, and recording Sauda (deals).
• Financials: Billing storage rent, computing interest, tracking loans, and adjusting ledger balances.
• Communications: Sending automated updates, transaction summaries, and legal notices via SMS or email.
4. Security Practices & SPDI Safeguards
In accordance with Section 43A of the IT Act 2000, we maintain reasonable security practices and procedures (RSPP).
• Encryption: All Sensitive Personal Data (including Aadhaar, PAN, and Bank Details) is encrypted at rest using strong AES-256-GCM encryption before storing in our database.
• Session Control: Active portal sessions expire automatically after 30 minutes of inactivity to prevent unauthorized access.
• Access Restrictions: Downstream database access is restricted and audit logs trace all profile views and modifications.
5. Rights of Data Principals
As a Data Principal (Farmer, Vendor, or Operator) under the DPDP Act 2023, you have the following statutory rights:
• Right to Access: You can download a structured summary of all personal data held about you in a machine-readable JSON format directly from your profile settings.
• Right to Correction and Deletion: You can update inaccurate records or request erasure of your data.
• Right to Withdraw Consent: You can withdraw consent at any time. Upon request, we will anonymize your identity (replacing your name with "Erased") and purge PAN, Aadhaar, bank records, and contact details from active databases.
• Right to Grievance Redressal: You can resolve concerns via our Grievance Officer.
6. Data Retention & Erasure Policy
We retain personal data only as long as necessary to fulfill the operational purpose or comply with statutory requirements under Indian law (e.g. agricultural storage records, tax, and accounting audits).
If you request consent withdrawal or erasure, we anonymize personal fields to preserve the integrity of historic cold storage ledgers and stock logs (retaining transaction volumes, weights, and dates for auditing consistency while breaking links to your identity).
7. Grievance Redressal Officer
In compliance with the DPDP Act 2023 and the SPDI Rules, 2011, we have appointed a Grievance Officer to address data protection queries and complaints:
• Name: Grievance Redressal Officer, AnnSetu
• Email: grievances@annsetu.in
• Address: PN Annsetu Network Private Limited, Registered Office, India.
• Response Timeline: We will investigate and respond to all valid grievances within 30 days of receipt.