Privacy Notice

Last updated: 06 April 2026

This Privacy Notice describes how Boon Internet Services Private Limited ("we", "our", or "us") collects, uses, stores, and protects your personal data when you use our internet services. We are committed to compliance with the Digital Personal Data Protection Act, 2023 and the rules made thereunder.

1. Who we are

Boon Internet Services Private Limited is a licensed internet service provider operating in India. You can reach us at:

• Address: Office No. 302, BKC Annexe Building, Plot 45, G Block, Bandra Kurla Complex, Bandra East, Mumbai, Maharashtra 400051
• Email: billing@booninternet.in
• Phone: +91-22-48001234

2. Personal data we collect

We collect the following categories of personal data to provide our services:

Category	Examples	Why we collect it
Identity	Name, date of birth, photograph	KYC verification (mandated by DoT)
Government IDs	Aadhaar, PAN, GSTIN	Statutory KYC and tax compliance
Contact	Email, phone, billing address, installation address	Service delivery and billing
Service	Plan details, usage data, IP allocation, IPDR records	Service operation and DoT/lawful interception compliance
Financial	Bank/UPI details, payment history, invoice records	Billing and accounting
Technical	Device MAC addresses, modem/router serial, signal logs	Provisioning, troubleshooting, network operations

3. Purposes of processing

We process your personal data for the following specific purposes:

• Service delivery — provisioning your connection, maintaining your service, and resolving technical issues.
• Billing and accounting — invoicing, payment collection, tax filing, and financial reporting.
• Identity verification (KYC) — verifying your identity per the Department of Telecommunications guidelines and the Prevention of Money Laundering Act, 2002.
• Regulatory compliance — IPDR retention (DoT-mandated Internet Protocol Detail Records), tax compliance, and lawful interception assistance to authorised government agencies.
• Customer support — responding to your requests, complaints, and grievances.
• Service improvement — analysing aggregated usage patterns to improve our network and services (no individual targeting).

4. Retention periods

We retain your personal data for the following periods:

• Account data — for the duration of your service plus 2 years after account closure (for tax and regulatory audit).
• Billing records — 8 years (Income Tax Act requirement).
• IPDR logs — 1 year minimum (DoT mandate).
• KYC documents — 5 years after account closure (PMLA requirement).
• Support interactions — 3 years from the date of resolution.

After the retention period elapses, we will erase or anonymise your personal data, except where retention is required by law.

5. Your rights as a Data Principal

Under the DPDP Act 2023, you have the following rights:

• Right to access — obtain a copy of the personal data we hold about you.
• Right to correction — request correction of inaccurate or incomplete data.
• Right to erasure — request deletion of your personal data, subject to our legal retention obligations.
• Right to portability — receive your data in a machine-readable format.
• Right to grievance redressal — raise a complaint with us, which we will resolve within 90 days.
• Right to nominate — designate a nominee to exercise your rights in case of incapacity or death.
• Right to withdraw consent — withdraw your consent for optional processing purposes at any time via our consent management portal, subject to ongoing legal obligations.

To exercise any of these rights, please use our online request form, manage consent preferences via the consent management portal, or contact our Data Protection Officer (details below).

6. Data sharing

We may share your personal data with:

• Government and regulatory authorities — including the Department of Telecommunications, lawful interception agencies, tax authorities, and the Data Protection Board, as required by law.
• Service providers (Data Processors) — payment gateways, SMS/email gateways, cloud hosting providers, and telecom infrastructure partners. All processors are bound by written Data Processor Agreements requiring them to protect your data.
• Successor entities — in the event of a merger, acquisition, or restructuring of Boon Internet Services Private Limited.

We do not sell your personal data to advertisers or third parties for marketing purposes.

7. Security safeguards

We implement reasonable security safeguards as required by Rule 6 of the DPDP Rules, including encryption of sensitive identifiers (Aadhaar, PAN), access controls, audit logging, regular backups, and contractual security provisions with all processors.

8. Children's data

We do not knowingly process the personal data of children below 18 years of age without verifiable parental consent. If you believe we have inadvertently collected such data, please contact our DPO immediately for erasure.

9. Cross-border transfers

Your personal data is stored within India. We do not transfer your personal data outside India except where the Central Government permits such transfer under the DPDP Act.

10. Contact us

For any privacy-related questions, requests, or grievances, please contact:

• Data Protection Officer: Priya Patel
• Email: nodal@booninternet.in
• Phone: +91-98765-10004

If you are not satisfied with our response, you may file a complaint with the Data Protection Board of India via www.dataprotection.gov.in.

11. Updates to this notice

We will update this Privacy Notice from time to time to reflect changes in our practices or legal obligations. The version label and publication date above will tell you when this notice was last revised. Material changes will be communicated to you via email or SMS.

---

This notice is published by Boon Internet Services Private Limited in compliance with the Digital Personal Data Protection Act, 2023 and the rules made thereunder. For the official text of the Act, visit www.meity.gov.in.