1. Summary of the Policy
- Lifafa Tech Services Private Limited located at 175, Kagalwala House, 2nd Floor, Vidyanagri Marg, Kalina, Santacruz (E), Kalina, Mumbai 400098(hereinafter shall be referred to as “Company”, “We”, “Us”, “Our” and terms of similar meaning).
- By using the Service, you consent to our collection, use and disclosure of your personal information as described in this Policy. Protecting the privacy rights of data subjects and safeguarding their Personal Data is now being treated as a basic right of an individual and a legal requirement in many parts of world, being a global organization, respects the privacy of data subjects and is committed to complying with the applicable data privacy laws and legislations (including but not limited to EU General Data Protection Regulation 2016/679, California Consumer Privacy Act/California Privacy Rights Act, The Privacy Act 1988 (Australia) Data Protection Act 2018 (UK), Information Technology Act 2000 read along with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 and other applicable privacy laws to the extent that they apply to the Company (the “Data Privacy Laws”).
- The information we collect, how we do so and the purposes of our collection.
- How We use and with whom We share such information.
- How you can access and update such information.
- The choices you can make about how We collect, use and share your information.
- How We protect the information we store about you.
- Personal Data :
- Any User information which can reasonably associate or link to an “Data Subject” directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, economic, cultural or social identity of that natural person.
- Personal Information (applicable only to California residents) :
- Information pertaining to residents of California that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, but does not include information that is lawfully made available from federal, state or local government records, nor does it include “deidentifed” or “aggregate customer information” as those terms are defined pursuant to the California Consumer Privacy Act/California Privacy Rights Act (CCPA/CPRA).
- Sensitive Personal Data :
- Defined as any “Data Sets” information revealing an identified or identifiable natural person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of genetic information, biometric information for the purpose of uniquely identifying a natural person, data concerning health, or information concerning an individual’s sex life or sexual orientation, and data relating to offenses, or criminal convictions.
- With respect to California residents, in addition to the preceding, the term also includes national origin or ancestry, sexual orientation, sex (including, gender, gender identity, and gender expression), pregnancy, childbirth and medical conditions related to same, age, physical or mental disability, veteran status, genetic information and citizenship.
- Process, Processes, Processed or Processing :
- Means any operation or set of operations which is performed on Personal Data or Personal Information or Sensitive Personal Data or on sets of Personal Data or Personal Information or Sensitive Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- Consent :
- Any freely given, specific, informed, and unambiguous indication of the Data Subject’s wishes by which the Processing of their Personal Data, Personal Information and/or Sensitive Personal Data via a statement or by a clear affirmative action, signifies agreement to the processing of their Personal Data, Personal Information and/or Sensitive Personal Data.
- Data Subject :
- Relates to a particular natural person (i.e., an identified or identifiable natural person who may be represented by a legal representative (parent/ guardian) if required to whom the Personal Data relates. “Data Subject” only refers to current and previous employees, prospective candidates, current, prospective and previous customer personnel, current and previous partner/vendor personnel, website visitors, sub-contractors and visitors of the Company
- Data Controller :
- Means a person or organization who (either alone, or jointly, or in common) determines the purposes for which and the manner in which any Personal Data are, or are to be, Processed. For the purposes of this Policy, references to Data Controller shall mean references to the Individual designated as the “Data Controller” in the Company from time to time
- Data Processor :
- Is a person or organization who Processes the Personal Data on behalf of and under the instruction of the Data Controller.
- Third Party :
- In relation to Personal Data or Personal Information or Sensitive Personal Data means any person other than the Data Subject, the Data Controller, or any Data Processor
3. Personal Information we collect and process and how we use it
- Information we collect from Companies
- When a Customer Company indicates interest in our Service, we collect the following information through the lifecycle of Companies: The company name, company registration and tax information, billing information, payment information (including banking and credit card details), Authorised contact details (Including their email address, name, phone number, designation and cost centre)
- Personal data we collect from Employee users, Users and Potential User
- We may collect the following information about Employee users, Users and Potential Users, depending on the Service and Companies preference: full name, email address, designation, address, phone number, cost centre, payment information gender, (including banking and credit card details), location, Tax identification information (such as PAN, NI number etc,), Unique identification IDs (such as driving license number, adhaar, social security etc.), Passport information, travel preferences (such as frequent flyer numbers) or any other information that may be required from time to time.
- This Data may be provided by you, you company’s HR (including other internal departments), third parties’ directly or indirectly to allow the Company to provide the Service requested by you, your Employer, or an authorised third party on your behalf. When you visit our Site, we use certain tracking data (“Tracking Information”).
- We use Google Analytics, Key Cloak, Drupal and our other in-house systems for Tracking Information.
- Payment information
- If a third party is not paying for the service on your behalf, we will collect the billing and financial information necessary to process your charges for our services which require payment, which may include your postal and e-mail addresses.
- The Company may also receive the billing and payment information that you provide when your purchase is processed by another party, such as Razorpay, PayU, Paypal etc. Our Terms of Service explain our policies and terms relevant to our charges and billing practices.
- Please note that establishing an account with a third-party payment processor, like Razorpay, PayU, Paypal etc, may also be subject to additional policies.
- Technical and usage information. When you access our websites or use our Services, we collect:
- Certain technical information about your mobile device or computer system, including IP Address and mobile device ID.
- Usage statistics about your interactions with the Service. This information is typically collected using server log files or web log files (“Log Files”), mobile device software development kits and tracking technologies like browser cookies to collect and analyse certain types of technical information. Some of the cookies the Service places on your computer are linked to your user ID number(s).
- The following Tracking Information is collected: phone number, email address, device ID, IP address. We collect your email address, IP addresses and device information, directly through inclusion of their sdk/pixel or any other information which may be required from time to time. Tracking Information is collected via the Site and our web-applications, as well as via our iOS and android implementations.
- Cookies and automated information collection in order to:
- Analyse the usage of our sites and services.
- Provide a more personalized experience; and
- You can set your web browser to warn you about attempts to place cookies on your computer or limit the type of cookies you allow.
- Other sources
- We may collect or receive information from other sources including third party information providers. This information will be used to supplement your profile - primarily to help you and your friends connect. It will be combined with other information We collect.
4. How we use the information we collect
- In general, we collect, store, and use your information to provide you with a safe, smooth, efficient, and customized experience. For example, we may use information collected from you in any one or more of the following ways:
- Provide, maintain, and improve our Service.
- Provide and deliver our Service to our you, our customers and other stakeholders.
- Investigate system issues that impact our ability to provide the Service to Users.
- Updates, confirmations, security alerts and support and administrative messages.
- Respond to your questions and requests and provide customer service.
- Communicate to you about products, services, offers and promotions offered by us and others, we think may be of interest to you.
- Monitor and analyse trends, usage, and activities in connection with our Service and improve and personalize the Service.
- Personalize and improve the Service, content or features that match user profiles or interests.
- We will not sell, rent, or share Personal Data with third parties outside of our company without your consent, except in the following ways:
- Law enforcement and internal operations
- Personal Data may be provided where we are required to do so by law, or if we believe in good faith that it is reasonably necessary:
- To respond to claims asserted against the Company or to comply with the legal process (for example, discovery requests, subpoenas or warrants).
- To enforce or administer our policies and agreements with users.
- For fraud prevention, risk assessment, investigation, customer support, product development and de-bugging purposes; or
- To protect the rights, property, or safety of the Company, its users or members of the general public.
- We will use commercially reasonable efforts to notify users about law enforcement or court ordered requests for data unless otherwise prohibited by law.
5. Data recipients, transfer, and disclosure of Personal Information
- The Company does not share your Personal Information with third parties for their direct marketing purposes.
- We reserve the right to use or disclose your Personal Information if required by law or if we reasonably believe that use or disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or comply with a law, court order, or legal process.
6. Business transfer
- The Company may sell, transfer, or otherwise share some or all of its assets, including your Personal Data, in connection with a merger, acquisition, reorganization or sale of assets or in the event of bankruptcy.
7. Third – parties
- We sometimes contract with other companies and individuals to perform functions or services on our behalf, such as software maintenance, data hosting, sending email messages, etc.
- We necessarily have to share your Personal Data with such third parties as may be required to perform their functions. We take necessary steps to ensure that these parties take protecting your privacy as seriously as we do, including entering into Data Processing Addendum(s), EU Model Clauses and/or ensuring these third-parties have EU-U.S. and Swiss-US Privacy Shield certification.
8. Securing and protecting your data
- We have implemented reasonable administrative, technical, and physical security measures to protect your personal information against unauthorized access, destruction, or alteration. For example:
- SSL encryption (https) where we deal with personal data. Personal Data is encrypted in transit using https/ssl/tls and encrypted at rest. Our database is encrypted, and data transferred using secure data transfer protocols.
- Additional OTP requirements for both our internal employees and for you when accessing our systems.
- Password protection on your account.
- Data is kept on secure, encrypted servers.
- Restricting staff access to Personal Data, protected by password logs and two factor authentications.
- Non-Disclosure Agreements with vendors
- Regular staff privacy and security training
9. Retention and Disposal of Personal Data or Personal Information
- User Data: 7 Years from the date of termination of contract
- Audit logs: 1 Year
- c. Other records: 3 Years
10. Your rights in relation to your information
- Access: You have the right to access information about the personal data we hold about you.
- Right to be informed about the data that we collect, process and store.
- Right to object to processing: You have the right to object to processing of your personal data.
- Rectification: You have the right to request rectification of inaccurate personal data held about you.
- Erasure: To the extent permitted by applicable data protection laws, you have the right to request erasure of personal data held about you.
- Request to restriction of processing: This enables you to request to restrict the processing of your personal data in certain circumstances.
- Rights in relation to automated decision-making, including profiling.
- Portability: You have the right to obtain your personal data to enable you to reuse it.
- To exercise any of these rights, please email us at firstname.lastname@example.org
- You have the right to request certain information about our collection and use of your Personal Data over the past 12 months. We will provide you with the following information:
- The categories of Personal Data that we have collected about you.
- The categories of sources from which that Personal Data was collected.
- The business or commercial purpose for collecting or selling your Personal Data.
- The categories of third parties with whom we have shared your Personal Data.
- The specific pieces of Personal Data that we have collected about you.
- If we have disclosed your Personal Data for a business purpose over the past 12 months, we will identify the categories of Personal Data shared with each category of third-party recipient as per CCPA/CPRA.
12. Deletion of your personal data
- You have the right to request that we delete the Personal Data that we have collected from you. Under the California Consumer Privacy Act of 2018/California Privacy Rights Act (“CCPA/CPRA”), this right is subject to certain exceptions. For example, we may need to retain your Personal Data to provide you with the Services or complete a transaction or other action you have requested.
- If your deletion request is subject to one of these exceptions, we may deny your deletion request.
13. Exercising Your Rights
- To exercise the rights described above, you must send us a request as outlined below:
- provide sufficient information to allow us to verify that you are the person about whom we have collected Personal Data (this will require you to send an email from the account in question or login credentials).
- Describe your request in sufficient detail to allow us to understand, evaluate, and respond to it. Each request that meets both of these criteria will be considered a “Valid Request.” We may not respond to requests that do not meet these criteria. We will only use Personal Data provided in a Valid Request to verify you and complete your request.
- You may submit a Valid Request by emailing email@example.com
- We will not discriminate against you for exercising your rights under applicable law. We will not deny you our goods or services, charge you different prices or rates, or provide you a lower quality of goods and services if you exercise your rights under applicable law.
- However, we may offer different tiers of our Services as allowed by applicable data privacy laws (including the CCPA/CPRA) with varying prices, rates, or levels of quality of the goods or services you receive related to the value of Personal Data that we receive from you.
14. Complaints and Grievances
- Any complaints or grievances received about our use of Personal Data, Personal Information or Sensitive Personal Data and any communications regarding enforcement of your privacy rights should be promptly directed to our Data Protection Officer Complaints. On firstname.lastname@example.org
- The invalidity or unenforceability of any part of this Policy shall not prejudice or affect the validity or enforceability of the remainder of this Policy.
- If any provision of this Policy is held to be illegal, invalid or unenforceable in whole or in part in any jurisdiction, this Policy shall, as to such jurisdiction, continue to be valid as to its other provisions and the remainder of the affected provision; and the legality, validity and enforceability of such provision in any other jurisdiction shall be unaffected.
16. Updates to Our Policy