This
Privacy Statement explains how IDRBT CA protects the personal data you may have
supplied as part of applying for your IDRBT CA digital certificate. This summary
describes processing carried out by IDRBT CA to provide the IDRBT CA
Certification Services. It covers IDRBT CA's obligations under The Information
Technology Act, 2000 by Government of India and other applicable Indian laws. IDRBT CA will ensure that the following aspects are satisfactory addressed:
This Privacy Statement applies to IDRBT CA's
site.
IDRBT
CA makes use of the information supplied in the following ways:
For example, a personal e-mail address and certificate 'name' field form part of the certificate and identify it to other parties.
Any
processing undergone by this data will be at the instruction of IDRBT CA and
will be carried out by Registration Authorities in the IDRBT CA PKI hierarchy.
Processing will be legal, fair and confidential. Where
data needs to be transported it will be carried in a secure manner. For
further details regarding exactly what processing is carried out for specific
IDRBT CA certificates, see the Certification Practice Statement at: http://idrbtca.org.in/cps.html Data
will be retained by IDRBT CA for a period of minimum 7 years after termination
of any specific certificate due to the possible need to verify old documents
signed with a private key that corresponds to the public key in a certificate,
which may have lapsed some time before. IDRBT
CA does not send unsolicited, advertising e-mails. However should you request
information about our products and services we will provide it via e-mail.
In the
course of validating the certificate application information, and issuing the
certificate, IDRBT CA may need to communicate personal information with the
Registration Authorities. All of
the Registration Authorities are bound by agreements with IDRBT CA to observe
the same or a substantially equivalent privacy policy. This means that, neither
IDRBT CA nor any of the RAs operating under IDRBT CA in providing this service
will disclose either personal nor Company details to other parties except as
specifically authorised and where similar privacy obligations will be observed.
If we are required by law to disclose certain
information to local, national or international government or law enforcement
authorities, we will do so according to the discretion of the Controller of
Certifying Authorities, Ministry of Information Technology, Government of India.
IDRBT
CA cannot update the information contained within a digital certificate without
destroying its integrity. IDRBT CA digitally signs each subscriber's
certificate. If any attempt is subsequently made to amend the information in the
certificate, the digital signature would no longer verify its content. The
certificate would then no longer be capable of being relied upon by someone else
wishing to verify signatures created with the private key portion related to the
public key bound into that certificate. IDRBT
CA can update information which is on our records but which is not bound into
the certificate itself. If you would like to correct or update any such
information please e-mail IDRBT CA at caservice@idrbt.ac.in
for information.
We consider the protection of all personally identifiable information we receive from our Web site visitors and subscribers as critical to our corporate mission. We have security measures in place to protect against the loss, misuse, and alteration of any information we receive from you. As with any transmission over the network, however, there is always some element of risk involved in sending personal information. In order to try to minimize this risk, we encrypt all information that you submit in ordering one of our products or services using the Secure Sockets Layer (SSL) protocol. Our security procedures are also subject to an annual audit by an auditor empanelled by Controller of Certifying Authorities (CCA).
When a third party wants to rely on a Digital Certificate, it is important for the relying party to know its status (for example, whether it is valid, suspended (where available) or revoked). The third party can do this by accessing our repository and querying for the status of the Digital Certificate. The Digital Certificates containing your information will be in our Directory Server so that the relying parties can check the status of the certificate. There are various reasons to suspend or revoke the Digital Certificate as stated in the IDRBT CA CPS. A revoked Digital Certificate will still appear in our repository (in the Certification Revocation List) with an indication that it has been revoked. If you are a Digital Certificate subscriber and would like to have your Digital Certificate revoked (suspended) from our database, please visit our site at https://services.idrbtca.org.in/ and follow the listed instructions or contact your Registration Authority.
|