New Page 1

Introduction

This Privacy Statement explains how IDRBT CA protects the personal data you may have supplied as part of applying for your IDRBT CA digital certificate. This summary describes processing carried out by IDRBT CA to provide the IDRBT CA Certification Services. It covers IDRBT CA's obligations under The Information Technology Act, 2000 by Government of India and other applicable Indian laws.

IDRBT CA will ensure that the following aspects are satisfactory addressed:

the data held is accurately recorded as supplied;
the data is processed legally, fairly, securely and only for the purpose(s) for which it was originally collected with the consent of the applicant/subscriber;
the applicant/subscriber is aware of the purposes to which his/her information are put and with whom it is shared;

This Privacy Statement applies to IDRBT CA's site.
Please note that our site contains links to other sites. IDRBT is not responsible for the privacy practices, privacy statements, or content regarding these other sites.

What Information is covered?

Privacy is of great concern to most users, and is a critical part of a pleasant and satisfactory user experience. We at IDRBT are intensely aware of and responsive to the privacy concerns of our subscribers and other visitors to our Web site. Whether you are a subscriber of our certification services or a visitor to our site, we assure you that we do not collect personal information from you unless you provide it to us. If you are enrolling for an IDRBT CA digital certificate, you may be asked to provide certain personal information. Please note, however, that we are asking for this information for the limited purposes of creating your Digital Certificate, providing the services that may be part of your Digital Certificate, and authenticating your identity in order to issue you a Digital Certificate. You should also be guaranteed that we do not provide or sell information about our subscribers or site visitors to vendors that are not involved in the provision of IDRBT CA's certification services. If you would like to read more about the practices related to the issuance of Digital Certificates, see our Legal Disclaimer Statement at http://idrbtca.org.in/legal.html and our CPS at http://idrbtca.org.in/cps.html

What Happens to This Information?

IDRBT CA makes use of the information supplied in the following ways:

Binding some of the information into the certificate itself.

For example, a personal e-mail address and certificate 'name' field form part of the certificate and identify it to other parties.

Using the information to establish certain facts about the individual or company.

Any processing undergone by this data will be at the instruction of IDRBT CA and will be carried out by Registration Authorities in the IDRBT CA PKI hierarchy. Processing will be legal, fair and confidential.

Where data needs to be transported it will be carried in a secure manner.

For further details regarding exactly what processing is carried out for specific IDRBT CA certificates, see the Certification Practice Statement at: http://idrbtca.org.in/cps.html

Data will be retained by IDRBT CA for a period of minimum 7 years after termination of any specific certificate due to the possible need to verify old documents signed with a private key that corresponds to the public key in a certificate, which may have lapsed some time before.

IDRBT CA does not send unsolicited, advertising e-mails. However should you request information about our products and services we will provide it via e-mail.

With whom is the Information shared?

In the course of validating the certificate application information, and issuing the certificate, IDRBT CA may need to communicate personal information with the Registration Authorities.

All of the Registration Authorities are bound by agreements with IDRBT CA to observe the same or a substantially equivalent privacy policy. This means that, neither IDRBT CA nor any of the RAs operating under IDRBT CA in providing this service will disclose either personal nor Company details to other parties except as specifically authorised and where similar privacy obligations will be observed.

If we are required to reveal by law

If we are required by law to disclose certain information to local, national or international government or law enforcement authorities, we will do so according to the discretion of the Controller of Certifying Authorities, Ministry of Information Technology, Government of India.

IDRBT CA's policy on correcting personal Information

IDRBT CA cannot update the information contained within a digital certificate without destroying its integrity. IDRBT CA digitally signs each subscriber's certificate. If any attempt is subsequently made to amend the information in the certificate, the digital signature would no longer verify its content. The certificate would then no longer be capable of being relied upon by someone else wishing to verify signatures created with the private key portion related to the public key bound into that certificate.

IDRBT CA can update information which is on our records but which is not bound into the certificate itself. If you would like to correct or update any such information please e-mail IDRBT CA at caservice@idrbt.ac.in for information.

Our Security Procedures

We consider the protection of all personally identifiable information we receive from our Web site visitors and subscribers as critical to our corporate mission. We have security measures in place to protect against the loss, misuse, and alteration of any information we receive from you. As with any transmission over the network, however, there is always some element of risk involved in sending personal information. In order to try to minimize this risk, we encrypt all information that you submit in ordering one of our products or services using the Secure Sockets Layer (SSL) protocol. Our security procedures are also subject to an annual audit by an auditor empanelled by Controller of Certifying Authorities (CCA).

How you can revoke (suspend) your Digital Certificate?

When a third party wants to rely on a Digital Certificate, it is important for the relying party to know its status (for example, whether it is valid, suspended (where available) or revoked). The third party can do this by accessing our repository and querying for the status of the Digital Certificate. The Digital Certificates containing your information will be in our Directory Server so that the relying parties can check the status of the certificate. There are various reasons to suspend or revoke the Digital Certificate as stated in the IDRBT CA CPS. A revoked Digital Certificate will still appear in our repository (in the Certification Revocation List) with an indication that it has been revoked. If you are a Digital Certificate subscriber and would like to have your Digital Certificate revoked (suspended) from our database, please visit our site at https://services.idrbtca.org.in/ and follow the listed instructions or contact your Registration Authority.