Information about data retention periods and your deletion rights
Welcome to MandalCard. As your dedicated credit card management application, this policy outlines our approach to managing your personal data lifecycle, specifically concerning its retention and deletion. We are committed to processing your information diligently, retaining it only when necessary, and ensuring its secure disposal once it no longer serves its purpose.
For a comprehensive understanding of our data handling practices, please refer to our full Privacy Policy at: https://www.manndalcard.com/privacy-policy.
We maintain various categories of your personal data for defined periods, strictly adhering to legitimate operational requirements and applicable legal frameworks, particularly those relevant in India.
Purpose: Essential for the ongoing functionality of your user account, facilitating service delivery, supporting account recovery, and fulfilling regulatory obligations for user records.
Data Elements: May include your registered mobile number, email address, designated emergency contacts, and unique User/Device Identifiers.
Retention Period: This information is generally kept for the entire period your account remains active. Following account closure, it may be retained for an additional period of three (3) years to comply with legal mandates.
Purpose: To adhere to Indian financial regulations, provide you with an accurate history of your transactions, and enable robust support for any future dispute resolution or audit requirements.
Data Elements: Records pertaining to credit card expenditures, repayment activities, and credit limit details.
Retention Period: Such data is typically held for a period of five (5) years from the date of each respective transaction.
Purpose: To consistently enhance app stability, diagnose technical anomalies, analyze aggregated usage trends for service improvement, and strengthen overall application security.
Data Elements: Encompasses system crash logs and, where applicable, information related to installed applications (solely for security and compatibility assessments, no content accessed).
Retention Period: This type of data, often non-personally identifiable or pseudonymized, may be maintained for a maximum duration of two (2) years from its collection date.
Throughout its entire retention lifecycle, all personal data is protected by industry-standard security measures. These measures include, but are not limited to, robust encryption techniques (such as AES-256) and stringent access controls, designed to prevent unauthorized access, alteration, or disclosure.
You hold the right to control your personal data. We facilitate clear procedures for you to request its removal from our systems.
You can exercise your right to erasure by submitting a formal request to our designated Grievance Officer at service@manndalcard.com. For verification purposes, please ensure your registered mobile number or User ID is included.
Upon receiving a valid and verified request, we endeavor to process it within 15 working days. Your personal data will be securely erased from our operational systems, unless there is a prevailing legal or regulatory requirement compelling us to retain it for a longer duration (e.g., ongoing financial transaction records as per law). We will confirm the completion of your deletion request via your registered email address.
To uphold principles of data minimization, accounts showing continuous inactivity for a period of eighteen (18) months (defined as no logins or substantive service interactions) may be identified for deletion.
A notification will be dispatched to your registered email address approximately 30 days prior to the scheduled deletion. If no response is received from you within this stipulated period, your account and associated personal data will typically undergo automatic and permanent deletion or anonymization, always in compliance with our legal retention duties.
When collaborating with third-party service providers (e.g., payment gateways), we ensure that legally binding Data Processing Agreements (DPAs) are in place. These agreements contractually obligate them to respect and facilitate your data deletion rights.
When your data is removed from our systems, we will also issue corresponding instructions to our partners, requiring them to delete their copies of your data in accordance with our contractual terms and applicable laws.
For any inquiries concerning this policy, or to exercise your data rights, please reach out to our dedicated Grievance Officer. We are committed to addressing your concerns promptly and with full transparency.
Email: service@manndalcard.com
Official Website: https://www.manndalcard.com
We will acknowledge your communication and aim to provide a comprehensive resolution within 10 working days.