Get in touch
Legal

DPDP Compliance

Our compliance with the Digital Personal Data Protection Act, 2023

Staffyn complies with the Digital Personal Data Protection Act, 2023 (DPDP Act) of India. This page explains how we implement our obligations under the Act.

Data Fiduciary

Staffyn acts as the Data Fiduciary for all personal data collected through this website and our recruitment services. As Data Fiduciary, we determine the purpose and means of processing personal data and are responsible for ensuring compliance with the DPDP Act.

Data Fiduciary contact: hr@staffyn.in

Lawful basis for processing

We process personal data on the basis of explicit, informed consent obtained at the point of data collection. All consent is:

  • Specific to the purpose stated at the time of collection
  • Freely given — not bundled with other terms or conditions
  • Revocable at any time without affecting the lawfulness of prior processing
  • Documented and stored securely

Purpose limitation

Personal data collected through Staffyn is used exclusively for recruitment and placement purposes. We do not process personal data for any secondary purpose — including advertising, profiling, or sale to third parties — without obtaining fresh, specific consent.

Data minimisation

We collect only the personal data that is necessary for the recruitment process. We do not collect sensitive personal data (as defined under the DPDP Act) unless explicitly required and separately consented to.

Data localisation

All personal data collected by Staffyn is stored and processed within India. We do not transfer personal data to servers or processors located outside India.

Data retention

Personal data is retained for a maximum of 2 years from the date of collection, or until the data principal requests deletion — whichever comes first. After this period, data is permanently and irreversibly deleted from all our systems.

Data security

We implement reasonable technical and organisational security measures to protect personal data from unauthorised access, disclosure, alteration, or destruction. Access to personal data is restricted to authorised Staffyn personnel on a need-to-know basis.

Your rights under DPDP

As a data principal, you have the following rights under the DPDP Act, 2023:

  • Right to access: Request a summary of the personal data we hold about you and the purposes for which it is being processed
  • Right to correction: Request correction of inaccurate, incomplete, or outdated personal data
  • Right to erasure: Request deletion of your personal data from our systems
  • Right to withdraw consent: Withdraw consent at any time; your data will be deleted within 30 days of withdrawal
  • Right to grievance redressal: Lodge a complaint with our Grievance Officer if you believe your rights have been violated

Grievance Officer

If you have any concerns about how your personal data is being handled, you may contact our Grievance Officer:

  • Email: hr@staffyn.in
  • Response time: Within 72 hours on business days
  • Resolution time: Within 30 days of receipt of complaint

Updates to this statement

This compliance statement will be updated as the DPDP Act's implementing rules are notified and as our practices evolve. The last updated date at the top of this page reflects the most recent revision.