2. SCOPE AND APPLICABILITY OF THIS POLICY
3. TYPES OF PERSONAL DATA OR INFORMATION WE COLLECT
The term “Personal Data or Information”in this Policy refers to personal information which does and/or is capable of identifying You as an individual.The types of Personal Data or Information that We collect consist of personalinformation relating to You:
name, gender, home address, telephone number, date of birth, marital status, email address, emergency contacts or other contact information (including the gender, age, nationality and passport information of any relatives and beneficiaries);
affiliations, interests, work history, technical skills, educational background, professional certifications and registrations, language capabilities.
voicemails, e-mails, password, correspondence and communications;
any detail relating to the above clauses as provided to the Company; and any of the information received under above clauses by the Company for collecting, receiving, possessing, using, processing, recording, storing, transferring, dealing, handling and disclosing under lawful contract or otherwise.
when you browse our Website, we also automatically receive your computer’s internet protocol (IP) address in order to provide us with information that helps us learn about your browser and operating system.
4. YOUR CONSENT
You are providing your consent by providing your details on the Website (“Consent”) with respect to the purpose of usage of such data or information. If You give Your Consent, it means You have done so freely and voluntarily and agree to this Policy. You always have the right to refuse or withdraw Your Consent for the Personal Data or Information sought to be collected or withdraw Your Consent given earlier to us. We will always respect such a refusal or withdrawal, but it might mean that We are unable to perform all services, arrangements or contracts with You and will have the option to discontinue the same. We will inform You of these inabilities, if they occur. However, We reserve the right to retain such Personal Data or Information as may be necessary for providing our pending services to You and in accordance with this Policy. You are aware of the:
fact that the Personal Data or Information is being collected;
purpose for which the Personal Data or Information is being collected;
intended recipients of the Personal Data or Information and name and address of the agency that is collecting the Personal Data or Information and retaining the same.
We respect Your privacy rights, therefore, the Company will observe the following guidelines when collecting, receiving, possessing, using, processing, recording, storing, transferring, dealing, handling, and disclosing:
Personal Data or Information will be collected, received, possessed, used, processed, recorded, stored, transferred, dealt, handled and disclosedin compliance with the local laws/regulations in USA;
Personal Data or Information will be collected for specified, legal and legitimate purposes and shall be used for the purpose for which it has been collected;
Personal Data or Information will be relevant/necessary to/for the purposes for which it is collected and used;
Personal Data or Information will be current and accurate with reasonable steps taken to rectify or delete inaccurate Personal Data or Information;
Personal Data or Information will be kept only as long as necessary for the purposes for which it was collected and processed and Reasonable measures will be taken to prevent unauthorized access or use, unlawful processing, and unauthorized or accidental loss, destruction, or damage to such Personal Data or Information.
If after you opt-in, you change your mind, you may withdraw your consent for us to contact you, for the continued collection, use or disclosure of your information, at anytime, by contacting us at email@example.com
5. PURPOSES FOR COLLECTION, STORAGE AND/OR USE OF PERSONAL DATA OR INFORMATION
The primary purposes for collection, storage and/or use of Personal Data or Information is for:
our business processes, operations and management including but not limited to performance of the business, selling of Products and/or services , entering into or performing any contract, maintaining quality of the Products and/or services , providing support to the Products and/or services You have obtained from us,managing company assets;
processing Your order, corresponding with You, fulfilling Your transaction requests and delivering the programs, information, and Products and/or services requested by You or other Product and/or services related inquiries;
managing Client contacts profiles, administering and providing You with information, Products and/or services that You request from us or which We feel may interest You, record keeping and other general administrative and Product and/or services related processes;
ensuring the safety and protection of the rights or property of the Company or its business;
complying with applicable legal requirements in USA including but not limited to governmental reporting, etc. and fulfilling statutory/legal obligations as a Company under applicable laws, adhering to judicial or administrative orders, compliance with laws;
contacting You via surveys to conduct research about Your opinion of current services or of potential new Products and/or services that may be offered by us;
monitoring or recording of certain calls, chats and other interactions relating to the online transactions which may involve You calling us or us calling You and online chats for staff training or quality assurance purposes or to retain evidence of a particular transaction or interaction.
while conducting daily business/operations such Personal Data or Information may be provided to affiliates and group companies, employees/staff of the Company and Third Party’s for the purpose of processing such Personal Data or Information for or on our behalf including but not limited to helping us to perform statistical analysis, send You email or postal mail, provide Clients and/or prospective Clients the support/support Products and/or services, arrange for deliveries of Products and/or services, programs, information, and services, etc.;
operating Website, improving the content of our Website to offer You better Products and/or services and to ensure that content from our Website is presented in the most effective manner for You and in connection with the business of the Company.
6. DATA COLLECTION DEVICES
session_id, unique token, sessional, Allows Shopify to store information about your session (referrer, landing page, etc).
shopify_visit, no data held, Persistent for 30 minutes from the last visit, Used by our website provider’s internal stats tracker to record the number of visits
shopify_uniq, no data held, expires midnight (relative to the visitor) of the next day, Counts the number of visits to a store by a single customer.
cart, unique token, persistent for 2 weeks, Stores information about the contents of your cart.
secure_session_id, unique token, sessional
storefront_digest, unique token, indefinite If the shop has a password, this is used to determine if the current visitor has access.
We also use logging systems on our internal network to register the use of our computer systems. This is done for the purpose of ensuring the performance, integrity and security of these systems. We may also contract with third party’s to track and analyze anonymous usage and volume statistical information from our visitors and members for research purposes. Such information is shared externally only on an anonymous, aggregated basis. Such third party’s use persistent cookies to help us to improve the visitor experience, to manage our Website content, and to track visitor behavior. All data or information collected by such third party on our behalf is used solely by or on behalf of the Company and is shared externally only on an anonymous, aggregated basis. We use Google analytics to track who visits us and from where. We will make best efforts to do so but do not warrant that any of the websites or any affiliate site(s) or network system linked to our Website is free of any operational errors nor do We warrant that our Website will be free of any virus, computer contaminant, worm, or other harmful components.Our Website contains links to other sites which are not owned or operated by the Company. The Company is not responsible and makes no guarantee for the privacy practices or the content of such websites. These links are provided only as a convenience to You. Neither, the Company nor any of its affiliates are responsible for the availability of such third party websites or their contents. The Company will not be liable for Your Personal Data or Information transmitted over networks accessed by You on these sites or otherwise connected with Your use of the Products and/or services . You understand, acknowledge and agree that neither the Company nor any of its affiliates are responsible or liable, directly or indirectly, for any damage or loss of any sort caused in connection with your use of or reliance on any content of any such site or Products and/or services available through any such site. You acknowledge that the Products and/or services , content, site and/ or any software are provided on an “as is” and “as available” basis, without warranties of any kind, either express or implied, including, without limitation, implied warranties of merchantability, fitness for a particular purpose. Although the Company has taken adequate safeguard and in case of any breach the Company may take action to remedy such breach. In addition to taking all the reasonable precautions as required under law, the Company expressly disclaims any and all warranties, express or implied, including, without limitation: (i) The Products and/or services and/ or software will be free of all viruses and hacking. (ii)The software will work on all mobile phones, will be compatible with all mobile phone networks and/or will be available in all geographical areas. (iii) Any Product and/or services will be uninterrupted, timely, secure or error-free for any reasons whatsoever including but not limited to overload/breakdown of receiving network, servers or applications; system failures out of the Company’s control or due to heavy traffic on network.
7. DISCLOSURES OR TRANSFER OF YOUR PERSONAL DATA OR INFORMATION
The Company will transfer, with Your Consent, the Personal Data or Information to any other Third Party in USA or overseas, that ensures the same level of data protection that is adhered to by the Company as setout herein for fulfilling any contractual obligation.
We will disclose or transfer Your Personal Data or Information in accordance with this Policy and all applicable legal requirements in USA.
Your Personal Data or Information will be disclosed or transferred, as may be required from time to time, as follows:
• For Business Purposes: to (i) the appropriate employees/staff/persons in our offices; (ii) our affiliates and group companies; (iii) from one office within the Company to another office in USA or overseas; (iv) to any third party, in the event of a proposed or actual business transfer; and (v) in connection with our business and services provided by the Company.
• To Third Party’s: working with us or on our behalf in different industries and categories of business. We will disclose, share, transfer Your Personal Data or Information to any Third Party or provide Your Personal Data or Information to any Third Party in connection with our business requirements or for the purposes indicated herein. Such Third Party’s are required to process Your Personal Data or Information they receive from us in a lawful, safe and responsible manner in accordance with this Policy and the prevailing laws and take all appropriate security and confidentiality measures such that they do not use Your Personal Data or Information for their own purposes or disclose Your Personal Data or Information to others. Neither the Company nor any Third Party will publish Your Personal Data or Information.
• For Legal Requirement: to any court of law and/or government agencies/entity as may be required under law and/or statutory authority or in response to a legal process, for the purpose of verification of identity, or for prevention, detection, investigation including cyber incidents, prosecution, and punishment of offences and/or to any third party by an order under the applicable law or if We determine it is necessary or desirable to comply with any applicable law, regulation, legal process or enforceable governmental request or to protect or defend our rights or property including compliance with accounting and tax rules and regulations or to investigate, detect, prevent, or take action regarding illegal activities, suspected fraud, security or technical issues or situations involving potential threats to the physical safety of any person.
• For Centralized Data Processing Activities: We have centralized certain aspects of our data processing and administration in order to allow us to better manage our business. Such centralization may result in the transfer of Your Personal Data or Information: (i) from one country to another; (ii) to our employees/staff of the affiliates/group companies of the Company in other locations, etc. However, whenever Your Personal Data or Information is transferred within the Company, it will be processed in accordance with the terms and conditions of this Policy.
8. REASONABLE SECURITY PRACTICES AND PROCEDURES AND AUDITS
We seek to ensure compliance with the requirements of the US Laws to ensure the protection and preservation of Your privacy, therefore We take reasonable security measures to protect Your Personal Data or Information against unauthorized access, alteration, disclosure or destruction. We have a number of physical, electronic, and procedural safeguards/measures in place to actively protect the confidentiality, security, and integrity of Your Personal Data or Information, including a comprehensively documented information security programme and a strict security policy that contains managerial, technical, operational and physical security control measures for protecting such data or information. We have implemented standard or code of best practices for data or information protection.
We limit access to Your Personal Data or Information to members of our team/employees of the Company/Third Party’s who We believe reasonably need to come into contact with that information for the purpose of performing their duties and rendering services to You. We have strict confidentiality obligations that apply to such members/employees of the Company/Third Party’s. Failure to meet these obligations may result in disciplinary and other actions, including dissolution of a contract, termination of employment and criminal prosecution.
We conduct training to authorized users regarding the lawful and intended purposes of processing Your Personal Data or Information, the need to protect and keep information accurate and up-to-date and the need to maintain the confidentiality of the data or information to which such authorized users have access. Authorized users will comply with this Policy, and We will take appropriate disciplinary actions, in accordance with applicable laws in USA, if Your Personal Data or Information is accessed, processed, or used in any way that is inconsistent with the requirements of this Policy.
9 RETENTION OF YOUR PERSONAL DATA OR INFORMATION
We are aware of the importance of timely destruction of Personal Data or Information. We ensure that Your Personal Data or Information is not stored/retained for a longer period than necessary for the purpose for which it was collected, used or processed or as provided in our contracts except when there is a legal obligation to do so under any law in USA. It is our practice to destroy Your Personal Data or Information as soon as possible after it is no longer necessary for the purpose for which it was collected, used or processed save and except as stated hereinabove.
10. UPDATING OR REVIEWING YOUR PERSONAL DATA OR INFORMATION/ QUESTIONS OR COMPLAINTS
You may by a written request review the Personal Data or Information provided by You. We will ensure that any Personal Data or Information about You which is found to be inaccurate or deficient shall be corrected or amended as may be feasible.
You expressly state that Personal Data or Information provided by You to us is correct and complete in all respects and does not contain any false, distorted, manipulated, fraudulent or misleading facts. We expressly disclaim any liability arising out of the said data or information provided by You to us. Further, You expressly agree that We are not responsible for the accuracy and authenticity of such data or information provided by You to us and You agree to indemnify the Company for all losses incurred by the Company due to any false, distorted, manipulated, defamatory, libelous, vulgar, obscene, fraudulent or misleading facts made by You to the Company.
In case of any discrepancies or grievances with regard to the processing of Your Personal Data or Information, please contact the Privacy Compliance Officer or by mail at – firstname.lastname@example.org
Further on receipt of any concerns or complaints the Grievance Officer will employ all commercially reasonable efforts to address the same within One (1) month of receipt of same.
11. ENFORCEMENT RIGHTS
All the Company’s affiliates/group companies will ensure that this Policy is observed. All employees/staff of the Company and Third Party’s who have access to Personal Data or Information are required to comply with this Policy.
All Third Party’s shall only process the Personal Data or Information in accordance with the Company’s instructions or make decisions regarding such data or information as part of the delivery of their Products and/or services . In either instance, the Company will select reliable Third Party’s who undertake, by contract or other legally binding and permissible means, to put in place appropriate technical and organizational security measures to ensure an adequate level of protection of such data or information. The Company will require Third Party’s to comply with this Policy or to guarantee the same levels of data protection that is adhered to by the Company when handling/processing such data or information. Such selected Third Party’s will have access to such data or information solely for the purposes of providing the Products and/or services specified in the applicable service contract and are legally and contractually bound to maintain the privacy of such data or information shared with them and will not disclose it further. If the Company concludes that a Third Party is not complying with these obligations, it will promptly take appropriate actions to remedy such non-compliance or implement necessary sanctions.
Additionally, our team members/employees/staff are bound by internal confidentiality policies. Any team member/employee/staff found to have violated this Policy or any other policies will be subject to disciplinary action, up to and including termination of employment including penalties under applicable laws in USA.
All Third Party’s and our team members/employees/staff do hereby specifically agree that he/she/it shall, at all times, comply with the requirements of the US Laws, while collecting, receiving, possessing, using, processing, recording, storing, transferring, dealing, handling and disclosing Personal Data or Information. The said Third Party’s and team members/employees/staff do further unequivocally declare that in case he/she/it violates any provisions of the US Laws, he/she/it shall alone be responsible for all his/her/it acts, deeds and things and that he/she/it alone shall be liable for civil and criminal liability there under or under any applicable US laws for the time being in force.
12. MODIFICATIONS TO THE POLICY
The Company reserves the right to update, change or modify this Policy, from time to time, without prior notification. The Policy shall come into effect from the date of such update, change or modification.
We will inform You regarding any such changes by updating this Policy and will post all changes to the Policy on relevant internal and external websites.
Effective with the implementation of this Policy, all existing intra-group agreements and applicable the Company privacy guidelines or practices relating to the processing of Personal Data or Information will be superseded by the terms of this Policy and modified accordingly. All parties to any such agreements will be notified of the effective date of implementation of the Policy.