Privacy Policy

1. Introduction

EMS Online ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Election Expense Management System ("the System").

2. Information We Collect

2.1 Personal Information

When you register and use our System, we collect:

• Identity Information: Full name, date of birth, gender
• Contact Information: Email address, phone number, postal address
• Account Credentials: Username, password (encrypted)
• Candidate Details: Nomination ID, party affiliation, constituency, election type
• Financial Information: Transaction details, expense records, bank details for brokers
• Government IDs: As required for verification purposes

2.2 Payment Information

When you make a payment, Razorpay (our payment gateway partner) collects:

• Card details (securely handled by Razorpay)
• UPI ID or Net Banking credentials
• Billing information

Important: We do not store complete card details on our servers. All sensitive payment information is handled securely by Razorpay.

2.3 Automatically Collected Information

• Usage Data: Pages visited, features used, time spent on the System
• Device Information: IP address, browser type, operating system
• Cookies and Tracking: Session cookies, analytics cookies
• Log Data: Access times, error logs, performance data

2.4 Information You Provide

• Expense entries and categorizations
• Daily activity logs
• Fund sources and allocations
• Reports and documents generated
• Communications with support team

3. How We Use Your Information

4. Legal Basis for Processing (GDPR Compliance)

We process your personal data under the following legal bases:

• Contract Performance: Processing necessary to provide the service you've subscribed to
• Consent: When you've given explicit consent for specific processing
• Legal Obligation: Compliance with applicable election laws and regulations
• Legitimate Interest: Fraud prevention, security, and service improvement

5. Data Sharing and Disclosure

5.1 We Share Data With:

• Razorpay: For secure payment processing
• Service Providers: Hosting services, analytics providers (with data protection agreements)
• Brokers: Only for candidates associated with them, limited to necessary information
• Law Enforcement: When required by law or to protect rights and safety
• Election Authorities: As required by election commission regulations

5.2 We DO NOT:

• Sell your personal information to third parties
• Share your data with political parties or competitors
• Use your information for marketing without consent
• Disclose financial details publicly

6. Data Security

6.1 Security Measures

• Encryption: All data transmission uses SSL/TLS encryption
• Password Protection: Passwords are hashed using industry-standard algorithms
• Access Control: Role-based access with minimum necessary permissions
• Regular Audits: Security assessments and penetration testing
• Secure Hosting: Data stored on secure servers with backup protocols
• PCI DSS Compliance: Payment data handled according to PCI standards through Razorpay

6.2 Your Responsibilities

• Keep your password secure and confidential
• Log out after using shared devices
• Report any suspected security breaches immediately
• Use strong, unique passwords

7. Data Retention

We retain your personal data for as long as necessary to:

• Provide the service (duration of active account)
• Comply with legal obligations (typically 7 years for financial records)
• Resolve disputes and enforce agreements
• Meet election commission requirements

7.1 Data Deletion

After account termination, we will:

• Delete or anonymize personal data within 90 days, except data we're required to retain by law
• Maintain financial records as required by accounting and tax laws
• Keep de-identified data for analytics and research

8. Your Rights

8.1 You Have the Right To:

• Access: Request a copy of your personal data
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your data (subject to legal requirements)
• Portability: Receive your data in a structured, machine-readable format
• Restriction: Limit how we process your data
• Objection: Object to certain types of processing
• Withdraw Consent: Revoke consent for specific processing activities

8.2 Exercising Your Rights

To exercise any of these rights, contact us at privacy@emsonline.in or through your account settings. We will respond within 30 days.

9. Cookies and Tracking Technologies

9.1 Cookies We Use:

• Essential Cookies: Required for system functionality (session management, authentication)
• Analytics Cookies: Help us understand usage patterns and improve the service
• Preference Cookies: Remember your settings and customizations

9.2 Managing Cookies

You can control cookies through your browser settings. Note that disabling essential cookies may affect system functionality.

10. Third-Party Links and Services

Our System may contain links to third-party websites or services (e.g., Razorpay payment pages). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

10.1 Razorpay

Payment processing is handled by Razorpay. Their privacy policy is available at: https://razorpay.com/privacy/

11. Children's Privacy

Our System is not intended for individuals under 18 years of age. We do not knowingly collect personal information from minors. If you believe we have collected information from a minor, please contact us immediately.

12. International Data Transfers

Your data is primarily stored and processed in India. If data is transferred internationally, we ensure appropriate safeguards are in place, including:

• Standard Contractual Clauses (SCCs)
• Adequacy decisions by relevant authorities
• Certification schemes (e.g., Privacy Shield successor)

13. Data Breach Notification

In the event of a data breach that affects your personal information, we will:

• Notify you within 72 hours of becoming aware of the breach
• Inform relevant authorities as required by law
• Provide details about the breach and steps being taken
• Offer guidance on protecting yourself from potential harm

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

• Update the "Last Updated" date at the top
• Notify you via email or system notification
• Post the new policy on this page
• Require re-acceptance for significant changes

Your continued use of the System after changes constitutes acceptance of the updated policy.

15. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your personal data:

• Company: Shree IT Solutions, Nanded
• Email: emsonline2025@gmail.com
• Support: emsonline2025@gmail.com
• Website: emsonline.in
• Address: Shyam Nagar Road, Kailas Nagar, Nanded, Maharashtra, 431605, India

16. Compliance and Regulatory Information

16.1 Applicable Laws

This Privacy Policy complies with:

• Information Technology Act, 2000 (India)
• Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011
• General Data Protection Regulation (GDPR) - for EU users
• Payment Card Industry Data Security Standard (PCI DSS)

16.2 Supervisory Authority

If you're not satisfied with our response to your privacy concerns, you have the right to lodge a complaint with the appropriate data protection authority in your jurisdiction.

17. Consent

By using the Election Expense Management System, you consent to the collection, use, and processing of your personal information as described in this Privacy Policy.