||"Act" means the Information Technology Act, 2000 (21 of 2000);
||"Automated means" means any equipment capable of operating automatically in response to
instructions given for the purpose of processing data.
||"Biometrics" means the technologies that measure and analyse human body characteristics,
such as 'fingerprints', 'eye retinas and irises', 'voice patterns', "facial patterns', 'hand
measurements' and 'DNA' for authentication purposes.
||"Body corporate" means any company and includes a firm, sole proprietorship or other
association of individuals engaged in commercial or professional activities.
||"Child" means a data provider below the age of eighteen years
||"Cyber incidents" means any real or suspected adverse event in relation to cyber security
that violates an explicitly or implicitly applicable security policy resulting in
unauthorised access, denial of service or disruption, unauthorised use of a computer
resource for processing or storage of information or changes to data, information without
||"cyber security" means protecting information, equipment, devices, computer, computer
resource, communication device and information stored therein from unauthorised access, use,
disclosure, disruption, modification or destruction.
||"Data" means a representation of information, knowledge, facts, concepts or instructions
which are being prepared or have been prepared in a formalised manner, and is intended to be
processed, is being processed or has been processed in a computer system or computer
network, and may be in any form (including computer printouts magnetic or optical storage
media, punched cards, punched tapes) or stored internally in the memory of the computer.
||"Data provider" means the natural person to whom the personal data relates to.
|"Data protection & Security"
||Anyone collecting personal & customer information must fairly & lawfully process it only for
limited, specifically stated purposes and use the information accurately and in a way that
is adequate, relevant and not excessive, and retain the information/records no longer than
absolutely necessary, process the information in accordance with law and keep the
information secure and never transfer the information outside the country without adequate
||"Password" means a secret word or phrase or code or passphrase or secret key, or encryption
or decryption keys that one uses to gain admittance or access to information.
||"Personal information" means any information that relates to a natural person (individual),
which, either directly or indirectly, in combination with other information available or
likely to be available with a body corporate, is capable of identifying such person, i.e.,
Name, Address, mobile Number, email id, Date of birth etc.,.
||"Data processor" means any person, including the State, a company, any juristic entity or
any individual who processes personal data on behalf of a data fiduciary, but does not
include an employee of the data fiduciary.
||"Processing" in relation to personal data, means an operation or set of operations performed
on personal data, and may include operations such as collection, recording, organisation,
structuring, storage, adaptation, alteration, retrieval, use, alignment or combination,
indexing, disclosure by transmission, dissemination or otherwise making available,
restriction, erasure or destruction.
|"reasonable security practices and procedures"
||"reasonable security practices and procedures" means security practices and procedures
designed to protect such information from unauthorised access, damage, use, modification,
disclosure or impairment, as may be specified in an agreement between the parties or as may
be specified in any law for the time being in force and in the absence of such agreement or
any law, such reasonable security practices and procedures, as may be prescribed by the
Central Government in consultation with such professional bodies or associations as it may
|"Sensitive personal data or information"
||Sensitive personal data or information of a person means such personal information which
consists of information relating to; -
Provided that, any information that is freely available or accessible in public domain or
furnished under the Right to Information Act, 2005 or any other law for the time being in
force shall not be regarded as sensitive personal data or information.
- financial information such as Bank account or credit card or debit card or other
payment instrument details ;
- physical, physiological and mental health condition;
- sexual orientation;
- medical records and history;
- Biometric information;
- any detail relating to the above clauses as provided to body corporate for
- providing service; and
- any of the information received under above clauses by body corporate for
processing, stored or processed under lawful contract or otherwise;
||All external parties, i.e. contractors, interns, trainees, vendors, users etc., who have
accessed to Studydekho information assets or information systems.