DPDPA Compliance
Our commitment to protecting personal data under the Digital Personal Data Protection Act, 2023 (DPDPA) of India.
1. Data Fiduciary
TECHIMPACE INNOVATIONS PRIVATE LIMITED (CIN: U62099WB2025PTC280498), developer and operator of GYMBIM, acts as a Data Fiduciary for personal data processed through our platform.
Registered office: RBC Road, Lakurdi, Bardhaman- 713102, West Bengal. Grievance contact: office@techimpace.com, +91 86955 11929.
2. Consent & Notice
We process personal data only for lawful purposes with the Data Principal's consent or under permitted grounds under the DPDPA (e.g., employment, medical emergency, legal obligation).
Clear, itemized privacy notices are provided at the point of data collection — during member registration, biometric enrollment, and account creation — specifying what data is collected, why, and how long it is retained.
Consent may be withdrawn at any time through the gym operator's admin panel or by contacting us directly. Withdrawal is as easy as giving consent.
3. Data We Process
Personal data includes member names, contact details, membership and attendance records, payment information, biometric identifiers (with explicit consent), and staff account information.
Children's data (under 18) is processed only with verifiable parental or guardian consent, as required under the DPDPA.
4. Rights of Data Principals
Right to access information about personal data being processed.
Right to correction and erasure of personal data.
Right to grievance redressal through our designated contact and the Data Protection Board of India.
Right to nominate another individual to exercise rights in the event of death or incapacity.
Requests can be submitted to office@techimpace.com. We aim to respond within 30 days.
5. Data Processors & Cross-Border Transfer
We engage trusted Data Processors (cloud hosting, payment gateways, SMS/email providers) under binding contracts requiring DPDPA-compliant handling.
Cross-border transfers occur only to jurisdictions notified by the Government of India or under contractual safeguards approved under the DPDPA.
6. Security & Breach Notification
We implement reasonable security safeguards including encryption, access controls, regular backups, and incident response procedures.
In the event of a personal data breach, we will notify the Data Protection Board and affected Data Principals as required under the DPDPA.
7. Retention & Deletion
Personal data is retained only for the period necessary to fulfill the purpose of collection or as required by applicable law. Data no longer needed is securely deleted or anonymized.