Rule 3
Notice to seek consent of data principal
u/s 5(1)
| No | Description |
| (1) | Every request for consent made to the data principal shall be accompanied or preceded by a notice given by the Data Fiduciary to such Data Principal, in the following manner, namely:- |
|
(a)The notice shall be so made that it is – (i) an electronic record or document presented independently of any other information that is or may be made available by such data fiduciary; (ii) understandable independently of any other information that is or may be made available by such data fiduciary (iii) storable by the data fiduciary independently of the personal data to which such notice pertains; and (iv) easily storable or preservable by the data principal for future reference and |
|
|
(b) The notice shall inform , in clear and plain language, the details necessary to enable her to give specific and informed consent for the processing of her personal data, which shall include, at the minimum, (i) an itemised description of such personal data (ii) the specific purpose of such processing (iii) a declaration that only such personal data is proposed to be processed as is necessary for the purpose (iv) a description of the goods or services (including the offering of any service) to be provided, or the uses to be enabled, as a result of such processing: (v) the specific duration or point in time till which such personal data shall be processed (vi) a list of the Rights of the Data Principal (vii) the particular communication link for accessing the website or app, or both, of such data fiduciary using which such data principal may withdraw her consent, exercise the rights of the data principal or make a complaint to the Board, and a description of other means, if any , using which she may so withdraw, exercise such rights or make a complaint. |
|
| (2) | Where the Data Fiduciary is the State or any of its instrumentalities and makes a request for consent to the data principal for the processing of her personal data to provide or issue to her any subsidy, benefit, service, certificate, license or permit, the notice to seek consent shall also contain the following, namely:- |
| (a)intimation of such processing | |
| (b) a
statement conveying that such personal data may also be processed by the
State or any of its instrumentalities to provide or issue to her any
other- (i) subsidy, benefit or service provided using public funds (ii)service, certificate, license or permit provided or issued under law; or (iii) certificate issued under government policy, in accordance with the Standards for processing by State and its instrumentalities being followed. |
|
| (3) | The contents of the Notice to seek consent may be modelled on those of the model notice set out in Schedule I |
| (4) | A Data Fiduciary may use a consent artifact for the purpose of giving the notice to seek consent |
| (5) | The Data Fiduciary shall maintain every notice relating to processing of personal data on the basis of consent given by the Data Principal till the expiry of such period, beyond the date of erasure of such personal data, as may be applicable by law to limitation on the institution of any suit, filing of any appeal or making of any application in relation to such personal data. |