Phone: +91 9810278224

Search Our Site

Trending Now

Women Men New

For customised orders, connect with us here.

Bulk Orders customized orders Query as per MP Store Purchase Rule

← Go back to ONDC Policies

A7. It & Data Security Policy

Effective Date: October 1, 2025  |  Last Updated: October 1, 2025

A Purpose

This policy sets out the principles, rules, and measures adopted by ‘Earthifactz Artizanz Pvt. Ltd.’ and the brand ‘Etthnovistta’ (“Company,” , “Brand”, “we,” “us”) to ensure confidentiality, integrity, and availability of information technology systems, customer data, and business information processed through our e-commerce platform, including integrations with the ONDC network.

B. Scope

This policy applies to:

  • All Members including employees, associates, retainers, contractors, and interns of the Company.
  • All Partners including vendors, suppliers, and sellers connected to our systems.
  • All IT assets: servers, applications, APIs, databases, cloud services, and end-user devices.
  • All customer data (personal, payment, transaction, behavioral, or otherwise).

C. Guiding Principles

  • Compliance with Indian laws: IT Act 2000, SPDI Rules 2011, RBI guidelines for payments, and ONDC Data Governance Framework.
  • Data Minimization – only data strictly necessary for business is collected.
  • Security by Design – security is embedded into system development and operations.
  • Privacy First – customer personal information is protected at all times.

D. Access Control

  • Unique user IDs & passwords for all staff with system access.
  • Multi-Factor Authentication (MFA) for admin and privileged accounts.
  • Role-based access: users access only data/functions necessary for their role.
  • Vendor access controls: external parties given only limited, monitored access.

E. Data Protection & Privacy

  • All customer personal data (names, contact details, addresses, payment info) is classified as Sensitive Personal Data.
  • Encryption:
  • Data in transit → secured using TLS/SSL.
  • Data at rest → encrypted in databases/cloud storage.
  • Anonymisation/Masking used wherever possible (e.g., analytics).
  • Data Retention: Customer data stored only as long as necessary for legal/business reasons, then securely deleted.

F. Network & System Security

  • Firewalls, intrusion detection/prevention systems (IDS/IPS), and antivirus software deployed.
  • Regular patch management: security updates applied to servers and applications.
  • Cloud services used must comply with ISO 27001 / SOC 2 / equivalent standards.
  • API integrations with ONDC and third parties secured via digital signatures and encryption.

G. Incident Response

  • Any suspected data breach, malware attack, or system compromise must be reported immediately to the IT Security Officer.
  • An Incident Response Team (IRT) investigates within 24 hours.
  • If personal data is compromised, affected users and regulators will be notified within 72 hours (per ONDC Data Governance rules).
    ‘Etthnovistta’ will also maintain explicit CONSENT LOGS for all users, and ensure that data subject rights (access, correction, deletion) are respected as per DPDP Act and ONDC Data Governance.

H. Business Continuity & Disaster Recovery

  • Daily backups of all critical systems and databases.
  • Backups stored securely in encrypted form at a separate location.
  • Disaster Recovery Plan (DRP) tested at least once annually.

I. Member Responsibilities

  • Use company IT assets only for authorized business purposes.
  • Protect login credentials and never share passwords.
  • Report phishing, suspicious emails, or unusual system activity.
  • Complete mandatory annual IT Security & POSH training.

J. Vendor & Seller Responsibilities

  • Vendors, suppliers, and sellers must comply with this policy.
  • No unauthorized access to company/customer data permitted.
  • Any third-party IT services must follow equivalent security standards.
  • Breach by vendor/seller may result in termination of partnership.

K. Monitoring & Audits

  • The Company reserves the right to monitor, log, and audit all IT activities.
  • Regular security audits conducted internally and by external auditors.
    In compliance with ONDC Handbook and DPDP Act, ‘Etthnovistta’ commits to conducting ANNUAL third-party ISMS audits (ISO/IEC 27001 or equivalent), including Vulnerability Assessment & Penetration Testing (VAPT). Findings will be documented & corrective actions tracked.
  • ONDC network compliance checks carried out as per their Technology Governance Policy.
    ‘Etthnovistta’ will maintain API COMPLIANCE records to demonstrate alignment with ONDC specifications and ensure interoperability. Version control and patch management of APIs will be strictly audited.

L. Enforcement

  • Members violating this policy may face disciplinary action including suspension or termination.
  • Vendors/sellers in breach may face blacklisting, suspension, or legal action.

M. Review & Updates

  • This policy will be reviewed at least annually or sooner if required by changes in technology, law, or ONDC guidelines.

Fast Shipping

Money Back Guarantee

24/7 Support

High Quality

At Etthnovistta, we honor culture and tradition through artisanal handloom, exquisite art, and elegant home décor.
We are a “Brand” of Earthifactz.

Information

Artisan Story Contact Us Terms & Conditions Privacy Policy Read all ONDC Policies Cancellation, Returns and Refund Policy

Our Contacts

Shiksha Mandal, Huzur, Bhopal – 462011, Madhya Pradesh. +91 9810278224 contact@earthifactz.com 10:00 am - 5:00 pm

Copyright 2025 | Owner ‘Earthifactz Artizanz Pvt. Ltd.’ | Designed by Twinkle.

Product was successfully added to your cart!
Continue () View Cart
Home
Search

Search Our Site

Trending Now

Women Men New
Shop
Phone