Home»Policies»Privacy Policy

Privacy Policy

Effective Date: 1 January 2026  |  Last Reviewed: 15 March 2026

1. Introduction

1.1. The KKD eServices Authority ("Authority," "we," "us," or "our") is committed to protecting the privacy and security of the personal data of all Users who access the KKD eServices Portal ("Portal"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit the Portal and use our digital services.

1.2. This Privacy Policy has been drafted in accordance with the Digital Personal Data Protection Act, 2023 ("DPDP Act"), the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, and any subsequent amendments or regulations thereunder.

1.3. By accessing or using the Portal, you consent to the collection, use, and processing of your personal data as described in this Privacy Policy. If you do not agree with the practices described herein, please discontinue use of the Portal.

2. Information We Collect

2.1. Personal Information Provided by You

When you register for an account, submit applications, or use specific Services on the Portal, we may collect the following categories of personal information:

  • (a) Full name, date of birth, and gender;
  • (b) Contact details, including email address, telephone number, and postal address;
  • (c) Government-issued identification numbers (such as Aadhaar, PAN, or Voter ID), where required for service delivery;
  • (d) Employment or professional information, where applicable;
  • (e) Financial information, including bank account details and payment information, for processing transactions;
  • (f) Any other information you voluntarily provide through forms, correspondence, or feedback mechanisms.

2.2. Information Collected Automatically

When you access the Portal, certain information is collected automatically through server logs and tracking technologies:

  • (a) Internet Protocol (IP) address and browser type;
  • (b) Operating system and device information;
  • (c) Pages visited, time spent on pages, and navigation patterns;
  • (d) Referring website URL and exit pages;
  • (e) Date and time stamps of access.

2.3. Cookies and Tracking Technologies

The Portal uses cookies and similar technologies to enhance user experience, analyse traffic patterns, and improve service delivery. For detailed information about the cookies we use, please refer to our Cookie Policy.

3. How We Use Your Information

3.1. We use the information collected for the following purposes:

  • (a) To provide, operate, and maintain the Portal and its Services;
  • (b) To process your service requests, applications, and transactions;
  • (c) To verify your identity and authenticate access to secure services;
  • (d) To communicate with you regarding service updates, notifications, and responses to your enquiries;
  • (e) To improve the Portal's functionality, content, and user experience through analytics;
  • (f) To ensure compliance with applicable laws, regulations, and legal processes;
  • (g) To detect, prevent, and address fraud, security breaches, and technical issues;
  • (h) To fulfil any other purpose for which you provided the information, with your consent where required.

4. Legal Basis for Processing

4.1. Under the DPDP Act, 2023, we process your personal data on one or more of the following legal bases:

  • (a) Consent: Where you have given clear, informed consent for the processing of your personal data for one or more specific purposes;
  • (b) Legitimate Uses: Where processing is necessary for performing functions authorised by law, compliance with any judgement or order of a court, or for responding to a medical emergency involving a threat to life;
  • (c) Contractual Necessity: Where processing is necessary for the performance of a service or function requested by you;
  • (d) Legal Obligation: Where processing is necessary for compliance with any law in force in India.

5. Information Sharing and Disclosure

5.1. We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

  • (a) Government Departments and Agencies: Your information may be shared with other government departments, agencies, or bodies as necessary for the provision of public services or as required by law;
  • (b) Service Providers: We may engage trusted third-party service providers who assist us in operating the Portal, conducting our operations, or servicing you, provided such parties agree to keep your information confidential and use it only for the purposes for which it is disclosed;
  • (c) Legal Requirements: We may disclose your information when required to do so by law, or in response to valid requests by public authorities, including courts, regulatory bodies, or law enforcement agencies;
  • (d) Protection of Rights: We may disclose information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of these Terms, suspected fraud, or threats to the safety of any person.

6. Data Security Measures

6.1. The Authority implements appropriate technical and organisational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. These measures include, but are not limited to:

  • (a) Encryption of data in transit using Secure Socket Layer (SSL) / Transport Layer Security (TLS) protocols;
  • (b) Encryption of sensitive data at rest using industry-standard encryption algorithms;
  • (c) Implementation of firewalls, intrusion detection systems, and access controls;
  • (d) Regular security audits and vulnerability assessments;
  • (e) Access to personal data restricted to authorised personnel on a need-to-know basis;
  • (f) Employee training on data protection and information security best practices.

6.2. While we strive to protect your personal data, no method of transmission over the Internet or method of electronic storage is entirely secure. We cannot guarantee absolute security and shall not be liable for any breach beyond our reasonable control.

7. Data Retention

7.1. We retain your personal data only for as long as is necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, accounting, or reporting requirements.

7.2. The retention period for specific categories of data is determined based on the nature of the data, the purposes for which it is processed, applicable legal requirements, and the statute of limitations for potential legal claims.

7.3. Upon expiry of the applicable retention period, your personal data shall be securely deleted or anonymised in accordance with our data retention schedule and applicable regulations under the DPDP Act, 2023.

8. Your Rights

8.1. Under the DPDP Act, 2023 and applicable Indian data protection laws, you have the following rights with respect to your personal data:

  • (a) Right to Access: You have the right to obtain confirmation as to whether your personal data is being processed and, where that is the case, to request a summary of such data and the processing activities;
  • (b) Right to Correction: You have the right to request the correction or updating of inaccurate or incomplete personal data;
  • (c) Right to Erasure: You have the right to request the deletion of your personal data where it is no longer necessary for the purpose for which it was collected, subject to applicable legal obligations and legitimate interests;
  • (d) Right to Withdraw Consent: Where processing is based on your consent, you have the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal;
  • (e) Right to Grievance Redressal: You have the right to register a grievance regarding the processing of your personal data through the mechanism described in Section 13 below.

8.2. To exercise any of these rights, you may submit a written request to the Data Protection Officer using the contact details provided in Section 12 of this Policy. We shall respond to your request within thirty (30) days of receipt.

9. Children's Privacy

9.1. The Portal does not knowingly collect personal data from children below the age of eighteen (18) years without verifiable parental or guardian consent, as required under the DPDP Act, 2023.

9.2. If we become aware that we have inadvertently collected personal data from a child without appropriate consent, we shall take immediate steps to delete such data from our records.

9.3. Parents or guardians who believe that their child has provided personal data to the Portal without consent are encouraged to contact us immediately using the details provided in Section 12.

10. Third-Party Links

10.1. The Portal may contain links to third-party websites, portals, and services that are not owned or controlled by the Authority. This Privacy Policy applies solely to the KKD eServices Portal.

10.2. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third-party websites or services. We strongly encourage you to review the privacy policy of every website you visit. Please refer to our Hyperlinking Policy for further information.

11. Changes to This Policy

11.1. The Authority reserves the right to update or modify this Privacy Policy at any time. Any changes will be effective immediately upon posting the revised Privacy Policy on this page, with an updated "Effective Date."

11.2. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the Portal after any modifications to this Privacy Policy shall constitute your acknowledgement of the modifications and your consent to abide by the updated Policy.

12. Data Protection Officer

12.1. In accordance with the DPDP Act, 2023, the Authority has appointed a Data Protection Officer ("DPO") to oversee compliance with this Privacy Policy and applicable data protection laws. You may contact the DPO for any enquiries or requests relating to this Policy:

  • Name: Data Protection Officer, KKD eServices Authority
  • Email: dpo@kkdeservices.com
  • Telephone: 1800-425-3077 (Toll-Free)
  • Postal Address: Data Protection Officer, KKD eServices Authority, Administrative Block, Government Complex, New Delhi – 110001, India

13. Grievance Mechanism

13.1. If you have any grievances, complaints, or concerns regarding the collection, use, or processing of your personal data by the Authority, you may file a complaint with the designated Grievance Officer:

  • Name: Grievance Officer, KKD eServices Authority
  • Email: grievance@kkdeservices.com
  • Telephone: 1800-425-3077 (Toll-Free)
  • Postal Address: Grievance Officer, KKD eServices Authority, Administrative Block, Government Complex, New Delhi – 110001, India

13.2. The Grievance Officer shall acknowledge receipt of the complaint within forty-eight (48) hours and endeavour to resolve the issue within thirty (30) days from the date of receipt.

13.3. If you are dissatisfied with the resolution provided, you may escalate the matter to the Data Protection Board of India, as constituted under the DPDP Act, 2023.