Data Privacy in the GST Era: Aadhaar Biometric Authentication with the GST Suvidha Kendra Appointment Scheduling System

In an age where digital transformation is reshaping governance, the integration of biometric-based Aadhaar authentication for GST registration marks a significant step towards ensuring the authenticity and security of taxpayer’s information. However, as we move forward with such initiatives, it is crucial to address the privacy concerns and data protection measures that come with them.

When applying for GST registration, applicants may be selected for biometric verification as part of the process. The GST Suvidha Kendra (GSK) Appointment Scheduling System helps taxpayers schedule appointments for biometric-based Aadhaar authentication and manual document verification. This system collects Personal Identifiable Information (PII) to facilitate the verification process and ensure compliance with GST regulations. The purpose of this data collection is to validate the details provided by the taxpayer and notify them about their appointment status. The data is handled with strict privacy measures, ensuring it is used only for the intended purposes and not shared with unauthorized third parties.

The GST Suvidha Kendra (GSK) Appointment Scheduling System has been designed to streamline the process for taxpayers to book appointments for biometric authentication and manual document verification. This system adheres strictly to the guidelines set forth by rule 8(4A) of the Central Goods and Services Tax Rules, 2017, and the corresponding State Goods and Services Tax Rules.

GST Suvidha Kendra (GSK) Appointment Scheduling System: Privacy Notice

Purpose:
The GST Suvidha Kendra (GSK) Appointment Scheduling System facilitates taxpayers in booking appointments for biometric-based Aadhaar authentication and manual document verification, as mandated by rule 8(4A) of the Central Goods and Services Tax Rules, 2017, and the relevant State Goods and Services Tax Rules.

A. Personal Identifiable Information (PII) Collection and Use

Data Collection
At the time of booking a slot:
? Temporary Reference Number (TRN)
? Member type [Primary Authorised Signatory (PAS) or Partner Promoter (PP)]
? Member Name
? Email ID of Member
? Mobile Number

At the GSK centre:
? Aadhaar number or Virtual ID (VID)
? Biometrics (for transactional purposes only)

Purpose of Data Collection

The GSK Appointment Scheduling System will:

? Electronically validate details provided by the taxpayer against the details submitted in Part-B of the Registration Application during the GST registration process.
? Use these details to notify the taxpayer about appointment confirmation, including physical validation and biometric-based Aadhaar authentication.
Disclosure to Third Parties
? The GSK staff will have access to the TRN of the selected appointment.
? The GSK Appointment Scheduling System will not share any other details with the GSK staff.
? Data will not be shared with any third-party system or person and will only be used for the stated purpose.

Permitted Disclosures Under Law
? With the taxpayer's consent.
? For purposes directly related to the original data collection purpose.
? To comply with a legal obligation.
? To protect the vital interests of the taxpayer or another person.
? To prevent or investigate crimes or take action against illegal activities, suspected fraud, or potential threats to physical safety.
? To comply with a court order or order of a competent authority.
? To exercise or defend legal rights.

Data Retention
? An electronic audit trail of the taxpayer’s actions will be maintained for future reference.
? Data will be securely stored until the TRN expires (15 days) and will be purged thereafter.

Rights and Obligations of the applicant

Access: The applicant has the right to know what personal information the GST system maintain about him, subject to availability.
Correction: If the personal information is incorrect or incomplete, the applicant has the right to review it and ask for updates.
Objection: The applicant has the right to object to the processing of his personal information.

These rights can be exercised by lodging a request to GSTN through the GRP portal/Helpdesk.

The applicant can contact for queries, comments, or requests to data protection office via email at privacy@gstn.org.in or by logging a helpdesk request to the Data Protection Office.

B. If the applicant does not provide the requested information, they cannot book an appointment or undergo the required biometric and document verification.

C. By understanding the points above, the applicant consents to GSTN collecting and processing their personal data for GST services via the GSK portal.

D. The applicant agrees to GSTN providing these services according to its data management, privacy, and security policies, as well as applicable laws and regulations.

Disclaimer: This material and the information contained herein is intended for clients and other Chartered Accountants to provide updates and is not an exhaustive treatment of such subject. We are not, by means of this material, rendering any professional advice or services. It should not be relied upon as the sole basis for any decision which may affect you or your business.