Scope: This Data Protection and Information Security Policy applies to synapseconclave.in and all digital platforms operated by Lucid Lines Productions Private Limited, including synapseconclave.com. This policy outlines our commitment to protecting your personal information and maintaining the highest standards of data security.
1. Purpose and Commitment
Our Uncompromising Commitment to Data Protection
Lucid Lines Productions Private Limited is committed to:
NEVER selling your personal data to third parties
NEVER sharing your information for marketing purposes without explicit consent
Maintaining strict confidentiality of all participant data
Implementing robust security measures to protect against unauthorized access
Ensuring transparency in all data processing activities
Respecting your privacy rights at all times
This policy demonstrates our adherence to:
The Information Technology Act, 2000 (as amended)
The Personal Data Protection Bill (DPDP Act, 2023)
Industry best practices for data security and privacy
International standards including ISO 27001 principles
2. Governance and Accountability
2.1 Data Protection Officer (DPO)
Lucid Lines Productions has designated a Data Protection Officer responsible for overseeing data protection strategy and implementation
Contact: privacy@synapseconclave.in
2.2 Organizational Responsibility
All employees, contractors, and partners are bound by confidentiality agreements
Regular training on data protection and security practices
Clear accountability structures for data handling
Annual data protection audits and assessments
3. Data Collection and Processing Principles
3.1 Lawfulness, Fairness, and Transparency
We collect data only for specified, explicit, and legitimate purposes
Data collection is transparent, with clear communication about what we collect and why
Processing is based on lawful grounds (consent, contract, legal obligation, or legitimate interest)
3.2 Data Minimization
We collect only the minimum data necessary for event registration and management
Unnecessary or excessive data collection is prohibited
Regular reviews to ensure we're not retaining data we don't need
3.3 Purpose Limitation
Data is collected for specific purposes and not used for incompatible purposes without additional consent
Clear documentation of processing purposes
3.4 Accuracy
We take reasonable steps to ensure personal data is accurate and up-to-date
Participants can update their information at any time
Inaccurate data is corrected or deleted promptly
4. Categories of Personal Data Processed
Data Category
Purpose
Legal Basis
Retention Period
Identity Data (name, title, ID)
Event registration, entry verification
Contract, Legal obligation
3 years post-event
Contact Data (email, phone)
Communication, updates
Contract, Consent
Until consent withdrawal
Financial Data (payment info)
Transaction processing
Contract, Legal obligation
7-10 years (tax law)
Professional Data (company, role)
Networking, event customization
Contract, Legitimate interest
3 years post-event
Health Data (dietary, accessibility)
Accommodation provision
Explicit consent
Deleted after event
Technical Data (IP, cookies)
Website functionality, analytics
Consent, Legitimate interest
Variable (see Cookie Policy)
5. Information Security Framework
5.1 Technical Security Measures
Encryption and Secure Transmission
All payment transactions encrypted using TLS 1.2+ protocol
Data at rest encrypted using AES-256 encryption
Secure Socket Layer (SSL) certificates on all web pages
End-to-end encryption for sensitive communications
Access Controls
Role-based access control (RBAC) limiting data access to authorized personnel only
Multi-factor authentication (MFA) for administrative access
Regular access reviews and user permission audits
Principle of least privilege enforced across systems
Infrastructure Security
Secure hosting with reputable cloud providers (AWS, Azure, or equivalent)
Regular security patches and system updates
Firewalls and intrusion detection systems (IDS)
DDoS protection and rate limiting
Regular vulnerability assessments and penetration testing
5.2 Organizational Security Measures
Data Protection Training: Mandatory training for all staff handling personal data
Confidentiality Agreements: All employees and contractors sign NDAs
Clear Desk/Clear Screen Policy: Physical and digital security protocols
Incident Response Plan: Documented procedures for security breaches
Regular Audits: Internal and external security audits
5.3 Network Security
Secure VPN access for remote work
Network segmentation to isolate sensitive systems
Regular monitoring and logging of network activity
Automated threat detection and response systems
5.4 Application Security
Secure coding practices following OWASP guidelines
Regular code reviews and security testing
Input validation and sanitization to prevent injection attacks
Session management and CSRF protection
6. Payment Security
6.1 PCI DSS Compliance
We use PCI DSS compliant payment gateways (Razorpay, Cashfree, Stripe)
We do NOT store complete credit card information on our servers
Payment data is tokenized and processed through secure third-party processors
6.2 Transaction Security
3D Secure authentication for card transactions
Real-time fraud detection and prevention
Encrypted payment pages with SSL certificates
Regular security audits of payment flows
7. Data Sharing and Third-Party Processing
7.1 No Sale of Data
Absolute Commitment: We will NEVER sell, rent, or trade your personal information to any third party for any purpose.
7.2 Limited Third-Party Sharing
We share data only with trusted service providers who assist in:
All third-party processors sign Data Processing Agreements (DPAs)
Processors are contractually bound to protect data
Regular audits of processor security practices
Right to audit processor compliance
8. Data Retention and Disposal
8.1 Retention Principles
Data retained only as long as necessary for specified purposes
Clear retention schedules for different data categories
Annual reviews of retained data
8.2 Secure Disposal
Data deleted beyond retention period is permanently destroyed
Secure deletion methods preventing recovery
Physical media destruction for hardware disposal
Certificates of destruction maintained
9. Rights of Data Subjects
9.1 Right to Access
Request copies of personal data we hold
Understand how data is being processed
Response time: Within 30 days
9.2 Right to Rectification
Correct inaccurate or incomplete data
Update personal information
9.3 Right to Erasure (Right to be Forgotten)
Request deletion of personal data
Subject to legal retention requirements
9.4 Right to Restriction
Limit how we use your data
Temporarily suspend processing
9.5 Right to Data Portability
Receive data in structured, machine-readable format
Transfer data to another service provider
9.6 Right to Object
Object to certain processing activities
Opt out of marketing communications
9.7 Right to Withdraw Consent
Withdraw consent at any time
Does not affect lawfulness of processing before withdrawal
10. Data Breach Response
10.1 Incident Detection
24/7 monitoring systems for security incidents
Automated alerts for suspicious activities
Regular log analysis and threat detection
10.2 Breach Response Procedure
Containment: Immediate action to contain the breach
Assessment: Evaluate scope and impact
Notification: Notify affected individuals within 72 hours (if high risk)
Reporting: Report to relevant authorities as required
Remediation: Implement fixes and preventive measures
Documentation: Maintain detailed incident records
10.3 User Notification
Transparent communication about any breach affecting user data
Detailed information about what data was affected
Guidance on protective measures users can take
11. International Data Transfers
Primary data storage and processing in India
If data transferred internationally, appropriate safeguards in place
Compliance with cross-border data transfer regulations
Standard contractual clauses with international processors
12. Children's Data Protection
Services intended for adults 18 years and older
We do not knowingly collect data from minors
If we learn we've collected data from a minor, it's deleted immediately
13. Cookies and Tracking Technologies
Clear disclosure of cookie usage on website
Cookie consent mechanism before non-essential cookies are set
User control over cookie preferences
Regular review and minimization of tracking technologies
14. Vendor and Partner Security
Due diligence on all third-party vendors handling data
Contractual security requirements for vendors
Regular vendor security assessments
Right to audit vendor security practices
15. Physical Security
Restricted access to offices and data centers
Visitor logs and security badges
CCTV surveillance in sensitive areas
Secure disposal of physical documents
16. Business Continuity and Disaster Recovery
Regular data backups (daily and weekly)
Offsite backup storage
Disaster recovery plan with defined RTOs and RPOs
Regular testing of backup and recovery procedures
17. Monitoring and Compliance
Regular privacy impact assessments (PIAs)
Compliance monitoring and reporting
Internal audits and external certifications
Continuous improvement of security practices
18. Employee and Contractor Obligations
Background checks for employees with data access
Mandatory security and privacy training
Clear policies on acceptable use of systems
Consequences for policy violations
19. Transparency and Accountability
Public disclosure of privacy practices
Regular updates to this policy
Accessible contact information for privacy queries
Commitment to regulatory cooperation
20. Policy Review and Updates
Annual review of this policy
Updates in response to regulatory changes
Continuous improvement based on industry best practices
Communication of material changes to users
21. Contact Information
Data Protection Inquiries
Data Protection Officer
Lucid Lines Productions Private Limited
Email: privacy@synapseconclave.in
Security Issues: security@synapseconclave.in
Website: synapseconclave.in | synapseconclave.com
Response time: Within 30 days for all legitimate requests
22. Regulatory Compliance
This policy demonstrates our compliance with:
Information Technology Act, 2000 (and amendments)
Digital Personal Data Protection Act, 2023 (DPDP Act)
Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
ISO 27001 Information Security Management principles
Our Promise: We are committed to maintaining the trust you place in us by protecting your personal information with the highest standards of security, transparency, and ethical data handling. Your privacy is not just our policy—it's our principle.