Data Processing Agreement

This Data Processing Agreement explains how WebChekin processes personal data on behalf of organizations using our Service. We act as a data processor, processing data according to your instructions and applicable data protection laws.

Legal Basis for Processing:

• Consent: Explicit consent from visitors for data collection and processing
• Legitimate Interest: Security, fraud prevention, and service delivery
• Legal Obligation: Compliance with applicable laws and regulations
• Contract Performance: Fulfillment of service agreements with organizations

We process the following categories of personal data:

• Identity Data: Name, date of birth, gender, nationality
• Contact Data: Email address, mobile number, address
• Document Data: ID proofs, passports, driving licenses, and other identification documents
• Location Data: GPS coordinates (if location tracking is enabled)
• Visit Data: Purpose of visit, check-in/check-out times, vehicle information
• Technical Data: IP address, device information, browser type

We process personal data for the following activities:

• Collection and storage of visitor information
• Document verification and watermarking
• Check-in and check-out management
• Report generation and analytics
• Data retention and deletion according to policy
• Security monitoring and fraud prevention
• Backup and disaster recovery

4.1 Visitor Data: Personal data and documents are retained for 180 days from the date of check-in, unless a different retention period is required by law or specified by the organization.

4.2 Automatic Deletion: After the retention period, documents are automatically deleted. Summary records may be retained longer for reporting and legal compliance purposes.

4.3 Extended Retention: Data may be retained longer if required by law, court order, or for legitimate business purposes such as dispute resolution.

We implement comprehensive security measures to protect personal data:

• Encryption: Data encrypted in transit (TLS/SSL) and at rest
• Access Controls: Role-based access, authentication, and authorization
• Document Security: Watermarking, secure storage, and access logging
• Network Security: Firewalls, intrusion detection, and monitoring
• Regular Audits: Security assessments and vulnerability testing
• Employee Training: Data protection training for all staff
• Incident Response: Procedures for data breach notification

We may engage third-party sub-processors to assist in providing the Service. These include:

• Cloud hosting and storage providers
• Payment processing services
• Email service providers
• Analytics and monitoring services
• Backup and disaster recovery services

All sub-processors are bound by data processing agreements and security requirements consistent with this agreement.

We assist organizations in responding to data subject rights requests, including:

• Right to access personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten")
• Right to restrict processing
• Right to data portability
• Right to object to processing
• Right to withdraw consent

Requests should be submitted to the organization where the check-in occurred, or directly to us at support@webchekin.com.

In the event of a data breach that may affect personal data, we will:

• Notify affected organizations within 72 hours of becoming aware of the breach
• Provide details of the breach, affected data, and mitigation measures
• Notify relevant data protection authorities as required by law
• Notify affected individuals if the breach poses a high risk to their rights
• Take immediate steps to contain and remediate the breach

Personal data may be transferred to and processed in countries outside your jurisdiction. We ensure appropriate safeguards are in place, including:

• Standard contractual clauses
• Adequacy decisions where applicable
• Binding corporate rules
• Other approved transfer mechanisms

We comply with applicable data protection laws including:

• General Data Protection Regulation (GDPR) - EU/UK
• Digital Personal Data Protection Act (DPDP Act) - India
• Other applicable regional data protection laws

We maintain records of processing activities and may be subject to audits by data protection authorities or organizations.

For questions about data processing or to exercise your rights, please contact:

Email: support@webchekin.com
Data Protection Officer: dpo@hostedminds.com
Phone: +91 81779 79779