GDPR Compliance

GDPR COMPLIANCE

Following a clear mandate from our Partners and our Customers,Kaicell constituted a dedicated cross-functional compliance team and defined the roadmap to GDPR compliance.

What is GDPR?

The General Data Protection Regulation (GDPR), which came into effect from1 April, 2025, empowers European Union (EU) residents by placing them in control of their personal information and upholding strict protocols for organizations that collect and process this information.

The GDPR lays down seven core principles. They are:

Lawfulness, fairness, and transparency
Purpose limitation
Data minimization
Accuracy
Storage limitation
Integrity and confidentiality (security)
Accountability
The Data We Collect

GDPR defines Data Controllers as an entity that determines the purposes for which and the means by which personal data is processed. Data Controllers decide ‘why’; and ‘how’; the personal data should be processed. The data processor processes personal data only on behalf of the Controller. Kaicell acts a Data controller or Data processor depending on the origin of the transaction.

For the transactions that originate on Kaicell platform (Website, App), Kaicellis Data controller. Kaicell is Data processor where it processes data for its partners who are Data controllers. The data controllers specify the kind of data required from the data subject, i.e. the customer. As the data processor, we process data based on the requirements stated by Data controller.

This data can be of three types:

A. Personal Information (PI): That can identify a person. For instance, email id, mobile number, ID card number, and photo, etc.

B. Non-Personal Information (non PI): Such as the first name, last name, and device details, etc.

C. Sensitive Personal Information (SPI): Such as biometrics, genetic data, sexual orientation, race, and ethnicity, etc. Explicit Consent from Data Subjects

To ensure that our Customers are aware of why all the information is being collected, we have enabled; explicit consent; which has to be obtained from customers before processing their information. Moreover, our privacy policy clearly states ‘what’, ‘why’; and ‘how’; customers personal data is processed.

Data Subject Rights

Kaicell has implemented processes to acknowledge and respect Data Subject Rights. A data subject can email us at “” and request to exercise Data Subject Rights. Since Kaicell is both Data controller and Data Processor (processing data at the behest of Data Controllers), the verification authority to validate the Customers Data Subject Right request is decided basis the origin of transaction.

Data Subject Rights consist of:

1. The right to be informed
2. The right of access
3. The right to rectification
4. The right to erasure
5. The right to restrict processing
6. The right to data portability
7. The right to object
8. Rights related to automated decision-making and profiling

Data Management

A. Data Storage and Security: Kaicell is hosted on AWS and has put in place industry standard practices for managing the data in transit and data at rest.

B. Data retention: Kaicell maintains data from the transactions enabled on its own platform and the ones enabled on Widgets/Apps enabled for partners. The retention period is defined in accordance with the business and legal needs. We however understand and appreciate the needs to provide flexibility to Data controllers to define data retention period for their own customers. Such provisions are agreed and defined in the contract between the Partners (Data Controller) and Kaicell (Data Processor).

The time-frames can be specified in the contract based on the partner’s specific requirements. The partner can choose to have the data deleted from our cloud-based servers as desired. After the termination or expiry of the contract, the partner can place a request to remove all data by writing to us at “info@Kaicell.com”. We validate the request and, if needed, seek confirmation from the partner before processing the request. Kaicell Customers can also request for deletion of their credentials by writing to us at “info@Kaicell.com”. After validating the request, the details are deleted within 15 days of receiving the customer receiving customer request.

C. Data Breach Management: We continually monitor and upgrade our systems and processes to maintain the highest standards of data management and privacy practices. In an unlikely event of a data breach, we intend to notify our partner (Data Controllers) and Data subject (where Kaicell is Data controller) immediately and no later than 24 hours after becoming aware of such a breach.

Our commitment to world-class standards, In order to meet the world class standards for Data Privacy and Data Security, Kaicell has taken steps to be General Data Protection Regulation (GDPR) compliant. Kaicell is also ISO 27001:2013 compliant. Kaicell is committed to aligning itself with global best practices in data compliance and is dedicated to infosec and data privacy. To that end, the company has a dedicated team working on these requirements.

IMDEMNITY FORM :

“Kaicell” is engaged in the business of buying of used/pre-owned electronic gadgets including mobile devices, tablets, laptops, etc.

I agree and accept the quote provided by Kaicell in exchange of my mobile device.
I agree and confirm that the personal details and ID Proof provided by me at the time of selling the mobile device to Kaicell are true and correct in all aspects. I accept that my submission of personal information is governed by the Privacy Policy ofKaicell.(please note that only the following would be considered as valid ID proof – Passport, Aadhar Card, other Government ID’s bearing Photo and Address of the person)
I agree and confirm that I am the lawful owner of the mobile device and the said device is neither subjected to any third party interests/liability nor is a property of theft etc. I agree that I have the ability to transfer the possession of the mobile device being its sole & lawful owner. If any legal action shall arise regarding the ownership of the mobile device, Kaicell shall not be liable for the same in any manner whatsoever.
I agree to defend, indemnify and hold harmless,Kaicell, its employees, directors, officers, agents and their successors and assigns from and against any and all claims, liabilities, damages, losses, costs and expenses, including attorney’s fees, caused by or arising out of claims based upon my actions or inactions like (i) my access to or use of Services, (ii) my violation of these Terms & Conditions, or (iii) the infringement by me, or any third party using my account, including but not limited to any warranties, representations or undertakings or in relation to the non-fulfillment of any of its obligations under this agreement or arising out of the Customer’s infringement of any applicable laws, regulations, including but not limited to Intellectual Property Rights, payment of statutory dues and taxes, claim of libel, defamation, violation of rights of privacy or publicity, loss of service by other subscribers and infringement of intellectual property or other rights. I agree not to settle any manner without the prior written consent ofKaicell. Kaicell will use reasonable efforts to notify me of any such claim, action or proceeding upon becoming aware of it. I agree that this defense and indemnification obligation will survive termination, modification or expiration of these Terms and your use of the Service and the Platform.
Terms of Use shall be governed by and interpreted and construed in accordance with the laws of India. I agree that all claims will be heard and resolved in the courts located in New Delhi. I release Kaicell from all and any losses, claims or damages with respect to the data enclosed or stored therein or on any media used in conjunction with the device.