Data Processing Policy

01.Overview

This Data Processing Policy governs how Europa Technosoft Pvt. Ltd. ("UROSECURE") processes personal data on behalf of client organisations ("Data Controllers") who use our entry security platform. UROSECURE acts as a Data Processor under applicable data protection laws including the Digital Personal Data Protection Act, 2023 (India).

02.Categories of Data Processed

• Visitor identity: full name, photograph, contact number, government ID type and number.
• Visit metadata: date, time, entry point, purpose of visit, host name, duration, and exit time.
• Behavioural data: visit frequency, access patterns, and AI-generated risk scores.
• USOP Passport data: persistent visitor profile linked across multiple registered organisations.
• Staff and host data: names, designations, and contact details of personnel using SecureMe.
• Device and access logs: IP addresses and timestamps from UroCloud dashboard access.

03.Processing Purposes

• Visitor registration and identity verification at UROGuard entry consoles.
• Real-time host notification and visitor approval via SecureMe.
• Generation of entry logs, attendance records, and security reports.
• AI-powered anomaly detection and behaviour pattern analysis.
• Long-term record storage for compliance, audit, and investigation purposes.
• Cross-organisation visitor identity verification via USOP Passport (only where enabled).

04.Data Retention

Data is retained based on the following schedule: • Visitor entry records: 10 years (configurable by organisation) • Photographs: 5 years from date of visit • AI behaviour profiles: 3 years from last visit • Dashboard access logs: 1 year • Deleted accounts: purged within 30 days of termination request Organisations may configure shorter retention periods from the UroCloud dashboard at any time.

05.Sub-Processors

• Cloud infrastructure: Secure data centre providers operating within India.
• SMS gateway: For SecureMe OTP and notification delivery.
• Email service: For dashboard alerts and report delivery.
• All sub-processors are bound by data processing agreements with equivalent protections to this policy.

06.Data Transfers

All data is stored and processed within India by default. Cross-border transfers are not performed unless explicitly enabled by the client organisation and compliant with applicable law. UROSECURE will notify clients before implementing any change to data residency.

07.Security Measures

• AES-256 encryption at rest for all stored visitor and organisational data.
• TLS 1.3 for all data transmitted between UROGuard, SecureMe, and UroCloud.
• Multi-factor authentication for UroCloud administrator accounts.
• Role-based access control — staff see only data relevant to their role.
• Automated anomaly detection on data access patterns.
• Annual third-party security audits and penetration testing.

08.Data Subject Rights

When a visitor requests access to, correction of, or deletion of their data, the client organisation is the Data Controller responsible for responding. UROSECURE will assist by providing tools in UroCloud to locate, export, or delete individual visitor records within 5 business days of a verified request.

09.Breach Notification

In the event of a data breach affecting client data, UROSECURE will notify the affected organisation within 72 hours of becoming aware, including the nature of the breach, categories of data affected, estimated number of individuals affected, and measures taken or proposed.

10.Contact

Data Protection queries: Europa Technosoft Pvt. Ltd. Office No. G02, C-30, C Block Road, Sector 63, Noida 201309 Email: support@urosecure.com | Phone: +91-9717050201