Docs
  • Sign In
  • Explore APIs
  • Resources
    • Explore API Setu
    • Utilities
    • API Policy
    • Data Standards
    • Developers
    • DigiLocker
    • Standard Operating Procedure
    • Information Videos
  • Category
    • Banking, Financial Services and Insurance
    • Sports & Culture
    • Identity Docs
    • Defence & Armed Forces
    • Social Welfare & Empowerment
    • Business & Entrepreneurship
    • Skills & Employment
    • Utility
    • Government & Public Sector
    • Public Safety, Law & Justice
    • Agriculture, Rural & Environment
    • Travel & Tourism
    • Housing & Shelter
    • Education & Learning
    • Health & Wellness
    • Science, IT & Communications
    • Transport & Infrastructure
    • Others
  • Blog
  • Join Us
  • API Policy
  • Data Standards
  • Developer
  • Join Us
  • About Us
  • Terms of Use
  • Privacy Policy
  • Contact Us
Sign In Create Account
API Setu Terms of Use
  • Precedence of Policies
  • Definitions
  • Eligibility and Acceptance
  • Permitted Use and Access
  • API Prohibitions
  • Data Protection and Consent Compliance
  • Non-Personal Data Handling
  • Intellectual Property
  • Security and Technical Responsibilities
  • Appropriate Permissions and Third-Party Approvals
  • API Usage Limits
  • User Submissions and Audit Cooperation
  • Suspension and Termination
  • Indemnification
  • Disclaimer
  • Modification of Terms
  • Governing Law and Jurisdiction
  • Grievance Redressal
API Setu Terms of Use
  • »
  • Data Protection and Consent Compliance

Data Protection and Consent Compliance¶

All Users must comply with the Information Technology Act, 2000, and applicable data privacy laws, including applicable rules and guidelines. Users must obtain informed consent from Data Principals before accessing personal data and must inform them of the purpose of such processing. Privacy notices must be provided in clear and accessible terms. Any breach affecting personal data must be reported to API Setu within 24 hours. Data retention must be limited to what is necessary and permitted by law. Where DigiLocker integration is involved, Users must strictly comply with all consent mechanisms defined under the DigiLocker framework as well as the Terms of Use as updated on DigiLocker website (https://www.digilocker.gov.in/web/about/tos). Requesters shall exercise due diligence to ensure that data accessed through the APIs is used lawfully and shall not hold API Setu liable for any misuse or unauthorized access resulting from their failure to exercise such diligence.

For non-personal data, compliance with NDSAP’s open sharing principles shall apply, distinct from personal data consent under applicable data sharing laws. Consent mechanisms shall mirror DigiLocker’s OTP/eSign flows for integrated APIs. Furthermore, API Setu will not provide personal data without legally valid consent signals embedded in the API transaction.

Next Previous

© Copyright 2021, Ministry of Electronics & IT (MeitY), Government of India.

Built with Sphinx using a theme provided by Read the Docs.
  • About Us
  • Explore APIs
  • SOP for API Access
  • Blog
  • Join Us
  • Dashboard
  • Utilities
  • API Policy
  • Data Standards
  • Developers
  • DigiLocker
  • Information Videos

Powered By

Digital India Corporation (DIC) National e-Governance Division (NeGD)
Ministry of Electronics & IT (MeitY)
Government of India

Website designed & developed by National eGovernance Division (NeGD)

Contact Us Terms of Use Privacy Policy