KidzCubicle
HomeFAQ'sAbout UsEventsContact Us

KidzCubicle - Privacy Policy & Data Protection Statement

Version: 6.0 (Standalone – DPDP Act 2023/2025 Compliant)

Effective Date: November 21, 2025

Jurisdiction: Republic of India

1. Scope & Applicability

This Privacy Policy applies to all digital personal data processed by KidzCubicle India Pvt Ltd in connection with our facilities, play packages, robotics courses, parties, events, and website/app services. It covers online data (website, app, email, digital forms) and personal data digitised from any offline forms. The policy applies to all Data Principals (individuals/customers) in India, regardless of their location.

This policy is compliant with:

  1. Digital Personal Data Protection Act, 2023
  2. Digital Personal Data Protection (DPDP) Rules, 2025
  3. Consumer Protection Act, 2019
  4. Indian Standards and Industry Best Practices

2. Categories of Data Collected

We collect only the information needed to provide our services:

  1. Identity Information: Name, contact details, residential address, parent/guardian information
  2. Profile Information: Date of birth, age, user profile details (children and adults)
  3. Emergency Information: Emergency contacts, authorised pickup persons
  4. Health Information: Medical conditions, allergies (required for safety)
  5. Account Information: Registration details, play history, and course enrollment
  6. Payment Information: Transaction records (NO card numbers or sensitive payment information retained—Razorpay holds this)
  7. Communications Data: Photographs/videos, customer feedback, service communications
  8. Technical Data: IP address, device information, browsing behaviour, cookies, analytics data

3. Purpose & Legal Basis of Processing

We only process your data for specific and legitimate purposes, such as:

  1. Facility and event booking, management, and safety checks
  2. Registration of children/adults and verification of parental consent for users under 18
  3. Issuing invoices, tax, and regulatory compliance (GST requirements)
  4. Customer support, communication, and user feedback
  5. Marketing communications (with opt-out available)
  6. Facility operations and emergency response

Processing is always based on:

  1. Explicit, unbundled consent from Data Principals
  2. Legal and regulatory obligations
  3. Contract fulfillment
  4. Legitimate business interests (with transparency)

5. Children's Data (DPDP Act Compliance)

  1. We do not knowingly collect personal information directly from children under 18 without parental verification and explicit consent
  2. We do not track, profile, or target advertising to children
  3. All event and play participation is voluntary and does not require children to provide additional data directly
  4. Separate verifiable parental consent is obtained for all users under 18
  5. Children's data is never used for behavioural monitoring, profiling, or targeted communications
  6. For children under 13, COPPA-compliant practices are followed
  7. Children cannot create independent accounts; the parent/guardian must register
  8. Parental consent is required for all data collection involving children

6. Limiting Data Collection & Retention

  1. We only collect what is necessary (data minimisation) for registration, safety, and communication
  2. We keep personal data only as long as required by law (GST rules), business needs, or legal obligations
  3. When no longer required, personal data is securely deleted, de-identified, or anonymised

Retention periods:

  1. Account & booking data: 7 years (GST/tax requirements)
  2. Medical information: 5 years
  3. Payment data: Retained by Razorpay only
  4. Website analytics: 26 months
  5. Marketing emails: Until unsubscribe
  6. Incident reports: 7 years

7. User Rights (Your Rights as Data Principal)

You have the right to:

  1. Access your personal data at any time
  2. Correct or update inaccurate or incomplete data
  3. Erase your personal data (unless needed for ongoing service or required by law)
  4. Withdraw consent at any time (and as easily as you gave it)
  5. Nominate a representative for your data rights in the event of your death or incapacity
  6. Restrict processing or object to marketing uses
  7. Data portability—request your data in machine-readable format
  8. Complain to our DPO or escalate to the Data Protection Board of India if unsatisfied

All verifiable requests are honoured within 30 days.

8. Security & Breach Notification

Data Security Measures:

  1. Encryption of all personal data in transit and at rest
  2. Access control with role-based permissions
  3. Two-factor authentication for admin accounts
  4. Regular security audits and vulnerability scans
  5. Intrusion detection and malware scanning
  6. Annual security certifications are maintained
  7. All service providers are bound by contractual confidentiality obligations

In the event of a data breach:

  1. KidzCubicle will notify affected users and the Data Protection Board of India within 72 hours
  2. Notification will include details of the breach, potential impact, and recommended actions
  3. Incident reported to relevant authorities as required by law
  4. Remedial measures will be implemented to prevent future incidents

9. Data Sharing & Processors

We do not sell or rent personal information.

Information is shared only with:

  1. Authorised payment processors (Razorpay—PCI DSS compliant)
  2. IT/hosting vendors under contractual confidentiality/privacy obligations
  3. Government authorities, as required by Indian law
  4. Insurance providers for incident claims and liability coverage
  5. Emergency services in case of a medical emergency
  6. Shopping mall authorities for facility operations and security

Cross-border Data Transfers:

  1. Any cross-border transfer occurs only to compliant, non-restricted jurisdictions
  2. All transfers comply with the Government of India notifications
  3. Required data protection safeguards implemented for international transfers
  4. Data transfers secured using encryption (SSL/TLS)

Data Processor Contracts:

  1. All third-party processors are bound by Data Processing Agreements
  2. Mandatory data protection and confidentiality clauses
  3. Regular audits and compliance verification

10. Data Protection Officer (DPO) & Grievance Mechanism

Data Protection Officer Details:

Name: Suresh Sounderrajan

Email: dataprotection@kidzcubicle.com

Postal Address: KidzCubicle India Pvt Ltd, 12/3, 2nd Cross Street, 1st Main Road, Natesan Nagar, Virugambakkam, Chennai - 600092

Grievance Redressal Timeline:

  1. Complaints acknowledged within 48 hours
  2. Investigated and resolved within 30 days
  3. If unsatisfied with the response, you may escalate to the Data Protection Board of India

11. Data Principal Duties

  1. Provide only truthful and accurate information
  2. Do not impersonate anyone else
  3. Do not submit false complaints or malicious reports
  4. Maintain confidentiality of account credentials
  5. Notify us immediately of any unauthorised access or suspected breach
  6. Comply with all terms and facility rules

12. Changes to this Policy

This Privacy Policy is updated from time to time to reflect changes in law or regulatory requirements, updates to our business practices, new data processing activities, and emerging security best practices.

Notification of Changes: Substantial changes will be notified on our website and by email. Continued use indicates acceptance of the updated policy. Users always have the right to opt out if new practices conflict with their preferences.

13. Compliance with Indian Laws

  1. Digital Personal Data Protection Act, 2023: Data protection principles, consent requirements, and user rights
  2. Digital Personal Data Protection (DPDP) Rules, 2025: Implementation requirements, DPO appointment, breach notification
  3. Consumer Protection Act, 2019: Consumer rights and dispute resolution
  4. Information Technology Act, 2000: Data security and cybersecurity requirements
  5. GST Laws: Retention of transaction data for compliance

14. Transparency & Accountability

Our Commitment to Transparency:

  1. Clear, plain-language privacy notices
  2. Easy access to privacy settings and preferences
  3. Transparent data processing activities
  4. Regular privacy impact assessments
  5. Documented data processing records
  6. Clear opt-in/opt-out mechanisms

Accountability Measures:

  1. Designated Data Protection Officer
  2. Regular staff training on data protection
  3. Contractual obligations with all processors
  4. Security and compliance audits
  5. Response mechanism for user inquiries and complaints

15. Your Privacy Rights Summary

RightHow to ExerciseTimeline
AccessEmail dataprotection@kidzcubicle.com with "Data Access Request"30 days
CorrectUpdate through account settings or email DPO30 days
DeleteEmail DPO with "Deletion Request" (subject to legal holds)30 days
Withdraw ConsentEmail DPO or use the account dashboardImmediate
Nominate RepresentativeEmail DPO with details and authorisation30 days for acknowledgement
Restrict ProcessingEmail DPO with specific restrictions needed30 days
Data PortabilityEmail DPO with "Data Export Request"30 days
Lodge ComplaintContact DPO or file with the Data Protection BoardInvestigation period varies

16. Contact Information for Privacy Matters

Primary Contact:

Email: dataprotection@kidzcubicle.com

Response within: 48 hours (acknowledgement), 30 days (resolution)

Other Relevant Contacts:

Complaints: complaints@kidzcubicle.com

General Inquiries: info@kidzcubicle.com | Phone: +91-9980680197

Defects Notice: admin@kidzcubicle.com

Data Protection Board of India: For escalation if unsatisfied with the DPO response; file complaints as per DPDP Act procedures

17. Definitions (DPDP Act Terms)

  1. Data Principal: The individual to whom personal data relates (user/customer/parent)
  2. Data Fiduciary: The entity deciding "why" and "how" data is processed (KidzCubicle)
  3. Data Processor: Third-party entity processing data on the fiduciary's behalf (payment provider, cloud host)
  4. Personal Data: Information that identifies or can identify a person
  5. Sensitive Personal Data: Special category data requiring extra protection
  6. Consent: Free, specific, informed, unconditional, and unambiguous permission
  7. Processing: Any operation performed on data (collection, storage, use, deletion, etc.)
  8. Cross-border Transfer: Movement of data outside India

18. Audit & Compliance Verification

Privacy Audits:

  1. Annual security audits are conducted
  2. Compliance verification with DPDP Act requirements
  3. Vulnerability assessments and penetration testing
  4. Audit reports are maintained for regulatory review

Internal Compliance:

  1. Regular staff training on data protection
  2. Privacy impact assessments for new initiatives
  3. Documented data processing records
  4. DPO monthly compliance review

19. Policy Effective Date & Version History

VersionDateKey Changes
6.0Nov 21, 2025Standalone Privacy Policy (separated from Terms & Conditions), DPDP Act 2023/2025 compliance, children's data provisions, breach notification, DPO details
5.0Nov 6, 2025Initial comprehensive privacy policy integrated with Terms

Contact for Privacy Questions or Concerns

If you have any questions about this Privacy Policy or how KidzCubicle handles your personal data, please contact:

Suresh Sounderrajan

Data Protection Officer

KidzCubicle India Pvt Ltd

Email: dataprotection@kidzcubicle.com

Phone: +91-9980680197

Address: 12/3, 2nd Cross Street, 1st Main Road, Natesan Nagar, Virugambakkam, Chennai - 600092

We are committed to protecting your privacy and complying with all applicable data protection laws in India. Your trust is important to us.

End of Privacy Policy & Data Protection Statement

Document Information:

Document Version: 6.0 (Standalone)

Effective Date: November 21, 2025

Last Updated: November 21, 2025

Jurisdiction: Republic of India

Business Address: Chennai, Tamil Nadu

Registered Entity: KidzCubicle India Pvt Ltd

Distribution Rights:

This document is provided for KidzCubicle India Pvt Ltd internal use and customer information. It may be posted on the website (www.kidzcubicle.com), displayed in facilities, and provided to customers during registration and booking processes. All rights reserved.

For questions or concerns, please refer to the Frequently Asked Questions (FAQ) document or contact the Data Protection Officer directly.