Privacy Policy

1. Introduction

This Privacy Policy describes the policies and procedures of the Kerala Cricket Association (“KCA,” “we,” “our,” or “us”) on the collection, use, processing, and disclosure of your information when you use the official Kerala Cricket Association mobile application (the “Service”). This policy applies to all users of the Service. By using the Service, you consent to the collection and use of information in accordance with this Privacy Policy.

The Kerala Cricket Association is the “Data Fiduciary” responsible for your personal data under applicable data protection laws, including India’s Digital Personal Data Protection Act, 2023.

2. Definitions

For the purposes of this Privacy Policy, the following terms shall have the meanings ascribed to them below, in alignment with the DPDP Act :

  • Personal Data: Any data about an individual who is identifiable by or in relation to such data.
  • Processing: A wholly or partially automated operation or set of operations performed on digital personal data. It includes collection, storage, use, sharing, and erasure.
  • Data Fiduciary: The entity (in this case, the Kerala Cricket Association) that, alone or in conjunction with others, determines the purpose and means of processing personal data.
  • Data Principal: The individual to whom the personal data relates (in this case, “you,” the user of the Service).
  • Data Processor: Any person who processes personal data on behalf of a Data Fiduciary.

3. Information We Collect and How We Use It

We are committed to the principle of data minimization, collecting only the data that is necessary to provide and improve the Service. The types of information we collect, the purpose of collection, and the legal basis for processing are detailed below.

Personal Data You Provide Directly
  • Phone Number: We collect your mobile phone number when you register for an account on the Service.
  • Purpose of Use: Your phone number is used to create and secure your user account, verify your identity through a One-Time Password (OTP) mechanism, and communicate essential service-related notices. We do not use your phone number for marketing or promotional communications.
  • Legal Basis (DPDP Act): Your explicit consent, which you provide through a clear affirmative action (i.e., entering your number and proceeding with registration) after being presented with a notice about this data collection.6 For users under the age of 18, processing is contingent upon verifiable parental consent as detailed in Section 8.
Data Collected With Your Specific Permission
  • Camera Access: We will request your permission to access your mobile device’s camera.
  • Purpose of Use: This permission is requested and used for the sole and specific purpose of allowing you to scan QR codes from official KCA event tickets to earn Loyalty Points within the App. The App processes the image on your device to read the QR code; the image itself is never stored, saved, or transmitted to our servers or any third party. This is a “just-in-time” permission request, meaning the system prompt will only appear when you actively choose to use the QR scanning feature, not at app launch.
  • Legal Basis (DPDP Act): Your specific and informed consent, provided by you through your mobile operating system’s permission prompt when you first attempt to use the feature.
Automatically Collected Usage and Diagnostic Data
  • Data Points: We may collect certain information automatically when you use the Service. This includes technical information about your device (e.g., device model, operating system version), crash logs, performance data (e.g., app launch time, screen load times), and product interaction data (e.g., features used, screens viewed).
  • Purpose of Use: This data is essential for us to provide, operate, and maintain our Service. We use it to monitor app performance, understand how users interact with the App, identify and fix bugs or crashes, improve the user experience, and for security and fraud prevention purposes.
  • Data Linkage: Where feasible, this data is collected in an aggregated or anonymized form and is not linked to your personal identity (i.e., your phone number).
  • Legal Basis (DPDP Act): We process this data for the “legitimate use” of improving and securing our Service, provided that such processing does not override your fundamental rights.

4. Data Sharing and Disclosure

A common misunderstanding is that an app shares no data. To function, nearly all modern applications rely on specialized service providers. Our commitment is to transparency about this process and to ensuring your data is not misused.

We state unequivocally that we do not sell, rent, or trade your Personal Data. We do not share your Personal Data with any third parties for their own independent marketing or commercial purposes.

However, we do engage trusted third-party service providers, acting as “Data Processors” under the DPDP Act, to perform essential functions on our behalf. These include:

  • Cloud Hosting Providers: To securely store the App’s data, including your account information.
  • OTP Service Providers: To deliver verification codes to your mobile phone number during registration and login.

We enter into legally binding data processing agreements with these providers. These agreements obligate them to maintain reasonable security safeguards, to process your Personal Data only for the specific purposes we dictate, and to adhere to confidentiality requirements, thereby providing a level of data protection that is equivalent to or greater than that outlined in this Privacy Policy.

We may also disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., a court order or a government agency).

5. Data Security

We understand the importance of information security and are committed to implementing “reasonable security safeguards” as mandated by the DPDP Act to protect your Personal Data.6 We employ a variety of technical and organizational measures to prevent data breaches, unauthorized access, alteration, disclosure, or destruction of your information. These measures include, but are not limited to, encryption of data in transit (using TLS/SSL) and at rest.

However, please be aware that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security. You are responsible for the security of your account and should not share your login credentials with anyone.

6. Data Retention and Deletion

We adhere to the principle of storage limitation. We will retain your Personal Data (specifically, your phone number and associated loyalty points balance) only for as long as is necessary for the purposes set out in this Privacy Policy. This means we retain your data for as long as you maintain an active account with our Service.

If you choose to delete your account, or if your account is terminated, we will take steps to erase your Personal Data from our active systems and databases.

Your Right to Account Deletion: In compliance with Apple App Store guidelines and your rights under the DPDP Act, you can permanently delete your account and associated Personal Data at any time from within the App. The account deletion feature is available in the App’s settings menu. Upon receiving your deletion request, we will erase your Personal Data, subject to any retention required to comply with our legal obligations (e.g., for resolving disputes or as required by law) or for data retained in our standard backup archives, which are isolated and secured until they are overwritten in their cycle.

7. Your Rights as a Data Principal (under the DPDP Act, 2023)

As a Data Principal under Indian law, you are granted certain rights regarding your Personal Data. We are committed to facilitating the exercise of these rights. You have:

  • The Right to Access Information: You have the right to obtain a summary of the Personal Data we hold about you and information about its processing.
  • The Right to Correction and Erasure: You have the right to seek the correction of inaccurate or incomplete Personal Data and the erasure of your Personal Data when it is no longer necessary for the purpose for which it was collected (also known as the “right to be forgotten”).
  • The Right of Grievance Redressal: You have the right to an easily accessible means of registering a grievance with us. We have appointed a Grievance Officer to address your concerns.
  • The Right to Nominate: You have the right to nominate another individual who can exercise your rights on your behalf in the event of your death or incapacity.

To exercise any of these rights, please contact our Grievance Officer using the details provided in the “Contact Us” section below.

8. Privacy of Minors

Our Service is intended for users aged 13 and older. The protection of minors’ privacy is of paramount importance. Our policies are designed to comply with applicable laws, including India’s Digital Personal Data Protection Act, 2023 (DPDP Act) and the Children’s Online Privacy Protection Act (COPPA) in the United States.

Users Under 13: The Service is not directed to or intended for use by children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have inadvertently collected Personal Data from a child under the age of 13 without verifiable parental consent, we will take immediate steps to delete that information from our servers.

Users Between 13 and 18 (as per India’s DPDP Act): India’s DPDP Act defines a “Child” as any individual under the age of 18. For users who are between 13 and 17 years of age, the law requires us to obtain “verifiable parental consent” before processing any of their Personal Data.

  • Verifiable Parental Consent: Before a user in this age group can create an account, we must obtain consent from their parent or legal guardian. This process will require the parent or guardian to verify their identity and provide consent for the collection and processing of their child’s data as described in this Privacy Policy.
  • Prohibited Processing: In accordance with the DPDP Act, we will not undertake any data processing that is likely to cause a detrimental effect on the well-being of a child, nor will we engage in tracking, behavioral monitoring, or targeted advertising directed at children.

9. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy within the App and updating the “Effective Date” at the top of this document. You are advised to review this Privacy Policy periodically for any changes.

10. Contact Us / Grievance Officer

If you have any questions, concerns, or grievances regarding this Privacy Policy or our data processing practices, please contact our appointed Grievance Officer:

Grievance Officer

Kerala Cricket Association

Email: [privacy@keralacricketassociation.com] (Example email)

This contact point is established to fulfill our obligations under the DPDP Act for grievance redressal.