Privacy Policy
Effective Date: 1 May 2026 Version: 1.0
Mahamaya Stadium (“Mahamaya“, “we“, “us“, “our“) is operated by the Sports Directorate, Government of Uttar Pradesh. We are committed to protecting your privacy and handling your personal data responsibly, in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act), the Information Technology Act, 2000, and applicable rules.
This Privacy Policy explains what information we collect, why we collect it, how it is used, how it is protected, and the rights you have over your data when you visit our website or use our online booking portal at [https://www.mahamayastadium.com] (the “Website”).
By using the Website, registering for membership, booking a facility, or enrolling in a coaching programme, you acknowledge that you have read and understood this Policy.
1. Information We Collect
We collect personal data only where necessary to deliver our services, comply with legal obligations, or operate the Website securely.
a. Account and Membership Information When you register or enrol in a quarterly membership, we collect: full name, date of birth, gender, contact number, email address, residential address, government-issued ID (for identity verification, where required), passport-size photograph (for membership card issuance), and your selected facility/sport.
b. Children’s Data (Athletes Under 18) Where a minor is enrolled in our coaching programmes, we collect the child’s name, age, school, fitness declaration, and parent/guardian contact details. All processing of children’s data is conducted only with verifiable parental consent, in line with Section 9 of the DPDP Act. We do not engage in behavioural tracking, profiling, or targeted advertising directed at children.
c. Booking and Transaction Information Slot bookings, attendance records, cancellations, invoice and receipt data, and membership renewal history. Payment card details are not stored on our servers; all payments are processed through a PCI-DSS compliant payment gateway.
d. Communication Records Records of your interactions with us — including emails, contact form submissions, support queries, and feedback.
e. Technical Information (Collected Automatically) When you browse or use the Website, we automatically collect:
- Internet domain and IP address from which you access the Website
- Device type, browser, and operating system
- Date and time of access
- Pages and URLs visited within the Website
- Referring website (if any)
This information is used to operate, secure, and improve the Website. It is not used to identify individuals except in cases of suspected security incidents or as required by law.
2. How We Use Your Information
We process your personal data for the following purposes:
- To create and manage your account and quarterly membership
- To process facility slot bookings, payments, and refunds
- To enrol minors in coaching programmes and communicate programme details to parents/guardians
- To send booking confirmations, reminders, schedule updates, and service-related notifications via SMS and email
- To respond to your queries, complaints, or feedback
- To comply with legal, audit, regulatory, and reporting obligations applicable to a Government of Uttar Pradesh entity
- To monitor, secure, and improve the Website and prevent fraud or unauthorised access
- For internal aggregate analytics — always in non-identifiable form
We do not use your personal data for commercial marketing, behavioural profiling, or sale to third parties.
3. Cookies and Similar Technologies
The Website uses cookies and similar technologies to enable core functionality and improve user experience. These include:
- Strictly necessary cookies — required for the booking portal, login, payment, and security; cannot be disabled.
- Functional cookies — remember preferences such as language and facility selection.
- Analytics cookies — help us understand how the Website is used in aggregate (e.g., via Google Analytics, where enabled). These do not identify individual users.
We do not deploy advertising, retargeting, or third-party tracking cookies. You may disable non-essential cookies through your browser settings, though some features of the Website may not function fully as a result.
4. Sharing of Personal Data
We share personal data only where necessary and only with trusted parties, under contractual safeguards consistent with the DPDP Act:
- Payment gateway providers — to process membership and booking payments
- SMS and email service providers — to deliver transactional notifications
- Cloud hosting and IT infrastructure providers — to operate and secure the Website
- Government authorities — where required for audit, regulatory, or law enforcement purposes
- Other Government departments — only if your query specifically relates to that department, or where mandated by law
We do not sell, rent, or trade your personal data to any third party.
5. Data Retention
We retain personal data only for as long as required to deliver our services and meet legal, regulatory, and audit obligations:
- Account and membership data — for the duration of your active membership and 5 years thereafter
- Booking and transaction records — 8 years, in line with audit and tax retention requirements
- Children’s coaching data — for the duration of the programme and 10 years thereafter, or until the parent/guardian requests erasure (whichever is earlier)
- Technical and security logs — 180 days for routine logs; longer where required for ongoing investigation
Once retention periods expire, data is securely deleted or anonymised.
6. Your Rights as a Data Principal
Under the DPDP Act, 2023, you have the following rights in relation to your personal data:
- Right to access information about the data we hold about you
- Right to correction and erasure of inaccurate, incomplete, or no-longer-required personal data
- Right to grievance redressal (see Section 9)
- Right to nominate another individual to exercise your rights in case of death or incapacity
- Right to withdraw consent at any time, where processing is based on consent
To exercise any of these rights, please contact our Grievance Officer using the details in Section 9. We will respond within the timelines prescribed under the DPDP Act and applicable rules.
7. Security of Your Information
We have implemented technical, administrative, and physical safeguards to protect your personal data, including:
- Encrypted transmission (HTTPS/TLS) for all data submitted via the Website
- Role-based access controls and audit logging for backend systems
- Secure, access-controlled hosting environments
- Continuous monitoring for unauthorised access attempts and security threats
- Routine security reviews and patching
For the security of this service and to ensure it remains available to all users, our systems automatically monitor network traffic to identify unauthorised attempts to upload or alter information, or otherwise cause damage. Except in the case of authorised law enforcement investigations, we do not attempt to identify individual users or their usage habits. Unauthorised attempts to upload or alter information on this service are strictly prohibited and may be punishable under the Information Technology Act, 2000, and the DPDP Act, 2023.
8. Data Breach Notification
In the event of a personal data breach affecting your information, we will notify the Data Protection Board of India and affected individuals in accordance with the timelines and procedures prescribed under the DPDP Act.
9. Grievance Officer / Data Protection Contact
If you have any questions, concerns, or complaints regarding this Policy or the processing of your personal data, please contact:
[Name of Officer] Grievance Officer, Mahamaya Stadium Sports Directorate, Government of Uttar Pradesh Email: [gr*******@********************ov.in] Phone: [+91-XXXXXXXXXX] Address: [Mahamaya Stadium, Madhopura, Ghaziabad, Uttar Pradesh – 201009]
We will acknowledge your complaint within [3] working days and aim to resolve it within [30] days.
10. Children’s Privacy (Special Notice)
Mahamaya operates structured coaching programmes for athletes under the age of 18. We process children’s personal data only with verifiable parental or lawful guardian consent, and only to the extent necessary for programme delivery, safety, and communication. We do not track behaviour, build profiles, or use children’s data for advertising or marketing purposes. Parents and lawful guardians may withdraw consent or request erasure of their child’s data at any time by contacting our Grievance Officer.
11. Updates to this Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal obligations. Material changes will be notified via the Website and, where appropriate, by email or SMS to registered users. The “Effective Date” at the top of this Policy indicates when it was last updated.
12. Governing Law and Jurisdiction
This Policy is governed by the laws of India, including the Digital Personal Data Protection Act, 2023, the Information Technology Act, 2000, and applicable rules. Any disputes shall be subject to the exclusive jurisdiction of the courts at Ghaziabad, Uttar Pradesh.

