Back to Home

Privacy Policy

Last updated: 1 June 2026  ·  BNI Delhi South – BIG LEAP 2026

GDPR Compliant DPDP Act 2023 Compliant BNI No-Spam Policy

Summary (Plain Language)

We collect only what we need to manage your Event registration. We do not sell your data. We do not spam you. You can request deletion of your data at any time. Full details below.

1. Who We Are (Data Controller)

BNI Delhi South is the Data Controller for personal data collected via the BIG LEAP 2026 Event registration platform (this website).

Contact: bigleap@bnidelhisouth.com

BNI Delhi South operates as a chapter group under BNI (Business Network International) India. BNI Global LLC is a separate entity and is not a joint controller of data collected on this platform unless explicitly stated.

2. What Personal Data We Collect

Category Data Points Purpose
Identity Full name, email address, mobile number Registration, check-in, communication
BNI Membership Member / non-member status, Region, Chapter, BNI Category Verify eligibility, allocate pricing, directory listing
Business Company name, address, pincode, GSTIN Stall bookings, GST invoicing
Payment UTR / transaction reference, payment screenshot Payment verification. We do not store card/bank account numbers.
Profile (optional) Photo, bio, LinkedIn URL, website URL Participant directory (opt-in)
Event activity Check-in timestamps (Day 1 / Day 2), QR code Attendance management
Technical Session data, OTP tokens (hashed), IP address (server logs) Security, fraud prevention, portal login

3. Legal Basis for Processing

We process your personal data on the following lawful bases under the GDPR (Article 6) and the Digital Personal Data Protection (DPDP) Act, 2023 (India):

  • Contract performance – processing your registration, stall booking, and event-related services.
  • Legal obligation – GST invoicing, financial record retention as required under Indian tax law.
  • Legitimate interests – event security, fraud prevention, operational communications directly related to the Event.
  • Consent – optional directory listing, marketing communications beyond operational Event updates, and use of non-essential cookies. You may withdraw consent at any time.

4. How We Use Your Data

  • Process and confirm your Event registration.
  • Send you operational communications: registration confirmation, payment status, QR code, event reminders, check-in instructions.
  • Enable the participant directory and 1-2-1 meeting booking feature (BNI Members only, and only if you opt in).
  • Comply with GST and financial reporting obligations.
  • Ensure event security and manage access control (QR check-in).
  • We do NOT use your data for automated profiling or decisions with legal effect.

5. BNI No-Spam Policy

BNI operates a strict No-Spam Policy. We honour it fully.

  • Your contact details will never be shared with third parties for marketing purposes.
  • You will only receive communications that are directly necessary for your registration and participation in BIG LEAP 2026.
  • Post-event communications (e.g., thank-you note, feedback survey) will be sent only once and will include an opt-out mechanism.
  • Your data will not be added to any general BNI marketing mailing list without your separate, explicit consent.
  • WhatsApp messages are sent only to the mobile number you provide, only for Event-related updates, via approved templates on the WATI / Interakt platform.

6. Data Sharing

We share your data only as necessary:

  • Event venue / logistics partners – name and contact details only, for access management.
  • Communication platforms – WhatsApp Business API (WATI / Interakt) for Event notifications; email via SMTP. Both are used only for Event communications.
  • BNI India / BNI Global – aggregate, anonymised attendance statistics only (no individual personal data).
  • Legal / regulatory authorities – if required by law (e.g., GST audit, court order).
  • We do not sell, rent, or trade your personal data to any third party.

7. Data Retention

  • Registration & payment records – retained for 7 years to comply with Indian GST and financial record-keeping requirements.
  • Event check-in logs – retained for 1 year post-Event, then deleted.
  • Participant profile / directory data – retained until you request deletion or 90 days after the Event, whichever is earlier.
  • OTP tokens – deleted immediately upon use or expiry (15 minutes).
  • Payment screenshots – retained for 7 years alongside transaction records, stored in encrypted storage.

8. Your Rights (GDPR & DPDP Act 2023)

You have the following rights regarding your personal data. Requests will be addressed within 30 days.

Right of Access

Request a copy of the personal data we hold about you.

Right to Rectification

Correct inaccurate or incomplete data.

Right to Erasure

Request deletion of your data, subject to legal retention obligations.

Right to Restriction

Ask us to limit processing of your data in certain circumstances.

Right to Data Portability

Receive your data in a structured, machine-readable format.

Right to Object

Object to processing based on legitimate interests or for direct marketing.

Right to Withdraw Consent

Withdraw consent for any consent-based processing at any time.

Right to Grievance Redressal

Under the DPDP Act 2023, raise a grievance with us and escalate to the Data Protection Board of India.

To exercise any right, email bigleap@bnidelhisouth.com with subject line "Data Rights Request – [Your Name]".

9. Data Security

  • All data is transmitted over HTTPS (TLS 1.2+).
  • Passwords are hashed using bcrypt. We do not store plaintext passwords.
  • Portal login uses time-limited OTP (6-digit, 15-minute expiry) — no password stored for participants.
  • Payment screenshots are stored in private server storage (not publicly accessible by URL).
  • Admin access is role-restricted (Admin / Staff / Coordinator).
  • Despite these measures, no internet transmission is 100% secure. You share data at your own risk.

10. Cookies

We use only essential session cookies required for the registration portal to function. See our Cookie Policy for full details.

11. Children's Data

This Event is intended for business professionals. We do not knowingly collect personal data from individuals under 18 years of age. If you believe a minor's data has been submitted, contact us immediately for deletion.

12. International Transfers

Your data is processed and stored on servers in India. If any service provider transfers data outside India (e.g., email delivery), we ensure appropriate safeguards are in place consistent with the DPDP Act 2023 and applicable cross-border data transfer rules.

13. Grievance Officer (DPDP Act 2023)

In accordance with the Digital Personal Data Protection Act, 2023 (India):

Grievance Officer: BIG LEAP 2026 Data Contact

Organisation: BNI Delhi South

Email: bigleap@bnidelhisouth.com

Grievances will be acknowledged within 48 hours and resolved within 30 days of receipt.

14. Changes to This Policy

We may update this Privacy Policy. The "Last updated" date at the top reflects the latest revision. Significant changes will be communicated to registered participants by email.

Terms & Conditions · Privacy Policy · Cookie Policy · Refund Policy