Phone: +91 9810278224

Search Our Site

Trending Now

Women Men New

For customised orders, connect with us here.

Bulk Orders customized orders Query as per MP Store Purchase Rule

← Go back to ONDC Policies

B5. Data Governance & Technology Policy

(data protection, API compliance, security)

 Effective Date: October 1, 2025  |  Last Updated: October 1, 2025

At ‘Etthnovistta’, we recognize that data integrity, security, and responsible technology practices are the foundation of trust in digital commerce. As a participant in the Open Network for Digital Commerce (ONDC), we are committed to protecting customer and business data, ensuring compliance with ONDC protocols, and maintaining secure, interoperable technology systems.

A. Purpose

This policy establishes the principles and practices for:

  • Data Governance – responsible collection, storage, usage, and sharing of data.
  • API Compliance – maintaining ONDC-compliant, interoperable, and secure APIs.
  • Technology Security – safeguarding systems and data against threats, breaches, or misuse.

B. Scope

This policy applies to:

  • All data assets (customer, seller, transactional, operational).
  • All technology systems, applications, and APIs used by [Your Company Name].
  • All employees, vendors, partners, and third parties who access or process data on our behalf.

C. Policy Provisions

  • Data Governance & Protection
    • Data Minimization: Collect only the data strictly necessary for business purposes.
    • Purpose Limitation: Use data only for stated and lawful purposes.
    • Accuracy & Integrity: Ensure data is accurate, complete, and regularly updated.
    • Retention & Deletion: Retain data only for as long as required by law/business need; securely delete thereafter.
    • Anonymization & Pseudonymization: Apply these measures where feasible to protect personal information.
    • Compliance with Law: Adhere to the IT Act 2000, SPDI Rules, 2011, Digital Personal Data Protection Act 2023 (DPDP Act), and ONDC Data Governance Policy.
    • ‘Etthnovistta’ will also maintain detailed CONSENT LOGS to demonstrate valid user consent for data collection and processing. Users will have the ability to exercise DATA SUBJECT RIGHTS (access, correction, deletion) in accordance with DPDP Act and ONDC Data Governance requirements.
  • API Compliance
    • ONDC Standards: Ensure APIs are fully ONDC protocol compliant for interoperability.
    • Authentication & Authorization: Implement secure access controls (OAuth2.0, token-based authentication).
    • Data Transmission Security: Use end-to-end encryption (HTTPS/TLS 1.2 or higher) for all API calls.
    • Monitoring & Logs: Maintain audit logs of API access and usage for compliance and forensic purposes.
    • API access logs will be retained for a minimum of 180 DAYS, in line with IT Intermediary Rules and ONDC audit requirements.
    • Version Control: Keep APIs updated with ONDC specifications; promptly patch vulnerabilities.
  •  Technology Security
    • Access Control: Enforce role-based access to systems and data; adopt multi-factor authentication.
    • Network Security: Protect infrastructure with firewalls, intrusion detection/prevention systems (IDS/IPS), and regular monitoring.
    • Application Security: Conduct periodic Vulnerability Assessment & Penetration Testing (VAPT).
    • In addition, ‘Etthnovistta’ commits to conducting ANNUAL third-party security audits, including VAPT and ISMS assessments, to ensure continuous compliance with ONDC Handbook, CERT-In, and DPDP Act obligations.
    • Incident Response: Maintain an Incident Response Plan (IRP) for breach detection, reporting, and mitigation.
    • Third-Party Security: Ensure vendors, cloud providers, and partners comply with equivalent security standards.
    • Business Continuity: Maintain disaster recovery and backup mechanisms to ensure data resilience.

D. Roles and Responsibilities

  • Data Protection Officer (DPO) / Grievance Officer: Oversees compliance with data protection laws and grievance handling.
  • IT & Security Team: Ensures system security, API compliance, and continuous monitoring.
  • Employees & Vendors: Must handle data responsibly and comply with this policy at all times.

E. Monitoring & Enforcement

  • Regular compliance audits will be conducted to ensure adherence.
  • Non-compliance may result in disciplinary action, termination of contracts, or legal reporting.
  • Breaches will be reported in line with CERT-In guidelines and ONDC requirements.

F. Review & Continuous Improvement

We will periodically update this policy to reflect:

  • Changes in ONDC protocols.
  • New cybersecurity threats.
  • Updates in Indian and global data protection laws.

Declaration:
At Earthifactz Artizanz Pvt. Ltd. and its brand ‘Etthnovistta’  , we reaffirm our commitment to data responsibility, API interoperability, and technology security. By adopting this policy, we aim to safeguard stakeholder trust, enable seamless participation in ONDC, and uphold the highest standards of digital governance.

 

Authorized Signatory:
Ms. Aparna Awasthi
Managing Director
October 1, 2025

Fast Shipping

Money Back Guarantee

24/7 Support

High Quality

At Etthnovistta, we honor culture and tradition through artisanal handloom, exquisite art, and elegant home décor.
We are a “Brand” of Earthifactz.

Information

Artisan Story Contact Us Terms & Conditions Privacy Policy Read all ONDC Policies Cancellation, Returns and Refund Policy

Our Contacts

Shiksha Mandal, Huzur, Bhopal – 462011, Madhya Pradesh. +91 9810278224 contact@earthifactz.com 10:00 am - 5:00 pm

Copyright 2025 | Owner ‘Earthifactz Artizanz Pvt. Ltd.’ | Designed by Twinkle.

Product was successfully added to your cart!
Continue () View Cart
Home
Search

Search Our Site

Trending Now

Women Men New
Shop
Phone