Privacy Policy

1.1 Introduction and Scope

CapsiQueue ("we," "us," or "our") operates www.capsiqueue.com (Platform). We are committed to protecting your privacy and the security of your personal data. This Privacy Policy outlines how we, as a Data Fiduciary, collect, process, and protect the personal data of our users (“Data Principles”).

1.2 Lawful Basis for Processing

Under the DPDPA 2023, we process your data based on your Consent or through Legitimate Use cases, which include:

• Specified Purpose: Processing data you voluntarily provide to facilitate your placement in a digital queue.
• Legal Compliance: Disclosing data to comply with any order under India law or for the prevention of fraud.
• Employment: Managing data for recruitment or verifying the identity of business owners using our platform.
• Emergencies: Processing data to provide medical services or safety alerts during a threat to life or public health.

1.3 Data We Collect

We collect data necessary to provide a seamless queue management experience:

• Identity & Contact Data: Full name, email address, mobile number (verified via OTP), physical address, gender, and date of birth.
• Technical Data: IP address, device metadata, login timestamps, and browser type for security monitoring.
• Transactional Data: Information about how you interact with the queue, including the businesses you visited, queue timestamps, and service duration.

1.4 Consent Mechanism

We utilize a Clickwrap Consent model. By checking the box “I agree to Privacy Policy” and clicking “Join Queue” or “Register”, you provide free, specific, informed, and unconditional consent.

• Notice: This policy serves as the notice required under Section 5 of the DPDPA.
• Withdrawal: You may withdraw consent by contacting our Grievance Officer. Upon withdrawal, we will cease processing within 72 hours, though this may result in the termination of your access to the Platform.

1.5 How We Collect Data

• Direct Interaction: When you register, join a virtual queue, or contact support.
• Automated Technologies: Through cookies and server logs when you visit our Platform.
• Third Parties: If you log in via integrated business portals or SSO providers.

  1.5.1 Business Account Deletion

  • Business users may request account deletion through the dashboards. We maintain a 21-Day Cooling-Off period, during which the account is suspended and inaccessible. After 21 days, data is permanently purged to comply with the data minimization principle.

1.6 Data Breach Reporting

In the event of a personal data breach:

• Notification: We will notify the Data Protection Board of India (DPBI) and the affected Data Principals without undue delay.
• Incident Reporting: Cybersecurity incidents will be reported to CERT-In within 6 hours of discovery, as per the 2022 Cyber Security Directions.

1.7 Data Storage and Localization

Your data is stored on secure servers located within India. We do not transfer personal data outside of India unless the destination country provides an equivalent level of protection as mandated by the Government of India.

1.8 Disclosure of Your Information

We may share your data with:

• Partner Businesses: The specific store or office you are queuing for.
• Service Providers: Cloud hosting (e.g., AWS/Azure India) and SMS gateway providers.
• Regulatory Authorities: When required by law or a court order.

1.9 Your Rights as a Data Principal

In India, you have the right to:

• Right to Correction: Update or correct inaccurate data.
• Right to Erasure: Request deletion of data once the service is complete.
• Right of Grievance Redressal: A dedicated channel to resolve complaints.
• Right to Nominate: Nominate an individual to exercise your rights in case of death or incapacity.

1.10 Grievance Redressal

In accordance with the IT Act 2000, we have appointed a Grievance Officer to address your concerns: