Other applicable terms
Links to other websites
Competency to contract
Collection of information
The Company collects two basic types of information from a User in conjunction with a User’s use of the Products i.e. personal information, which is any information that exclusively identifies a User (e.g., the User’s name, email address, telephone number amongst others)and non-personal information, which is information that does not exclusively identify a User but is related to you nonetheless such as, information about a User’s interests, demographics and use of the sites. The Company may also receive personal information regarding a User as shared by third parties who maybe our clients or otherwise avail service from the Company. Please note that in such instances the Company is acting on the instructions provided by such client or user and the Company does not separately verify the right of the client or user to provide User Information to the Company. In case you are not the intended recipient of the services and Products, you should contact the Company at the earliest.
Towards the provision of the services by the Company and the use of the Products, the Company shall in addition to the information described above, collect the following information from a User (“User Information”):
Further, upon registering on the Products, the User may from time to time choose to provide payment related financial information (credit card, debit card, bank account details, billing address etc.) which will be retained by the relevant payment system or payment service provider in accordance with Applicable Laws. The Company ensures that such data/information is only transacted over secure sites of approved payment gateways which employ substantial degree of care available under the technology presently in use.
The Company may use and store some sensitive information including OTPs, secret keys and access keys for document sharing etc. to enable the User to avail the Company’s services.
The Company does not store any kind of biometric information/OTP used for authentication for an Aadhaar eKYC or Aadhaar eSign Transaction. Biometrics required for Aadhaar authentication arecaptured directly by the Certifying Authority, are encrypted right at the time when they are obtained and are processed only for the particular transactions for which they are collected. Strict guidelines laid down by UIDAI for biometric authentication are followed by Certifying Authority. The compliance of the Company’s products with governmental guidelines, as mandatory, is regularly audited by independent third-party information security auditors appointed by CERT-IN, MEITY, Govt. of India.
Usage of User Information
In addition to the uses specified above, User Information is used by the Company that the Company considers necessary for achieving a seamless, efficient and safe experience, customized to a User’s needs and use the personal information to provide services to a User, enhance the operation of the Products, improve the Company’s marketing and promotional efforts, analyse the usage of the Products, improve the Company’s product offerings, to personalise the User’s experience and to provide the User with a better experience.
Storage of User Information
Storage and transfer of User Information is carried out in compliance with all Applicable Laws, including without limitation, the Information Technology Act, 2000 and the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011.
Please note that the Company’s information security practices constitute reasonable security measures, including as mentioned in Information Technology Act, 2000in place to protect the loss or misuse of the User Information. The Company follows ISO/IEC 27001 Information Security Management System Standard to handle and secure the information dealt by us. Compliance with the same is regularly audited by an independent third-party information security auditor appointed by CERT-IN, MEITY, Govt. of India. Within the contours of the Company’s ISO 27001compliant Information Security Policies, the Company follows a strict internal access control policy which is highly controlled and heavily monitored. Any kind of access is only provided after the necessary approvals and on a strict‘ need to know’ basis.
Whenever a User changes or accesses the User’s account information, the Company offers the use of a secure server. However, the User acknowledges that transacting over the internet has inherent risks which can only be avoided by the User following reasonable security practices, such as not revealing account/login related information to any other person and informing the Company’s customer care team about any suspicious activity or where the User’s account has/may have been compromised.
Please note that the Company does not guarantee that there will be no unintended disclosures of the User Information and data provided by a User on account of a data breach, unauthorized access, security failure etc. the Company cannot guarantee, gives no warranties, and shall not be liable for breach of the security of User Information through the services of the Company due to malicious attacks, errors, commission or omissions not wilfully initiated by the Company and any transmission is at the risk of the User.
All kinds of information collected is stored in a completely secure method follow ingpractices such as instance isolation, one way hashing algorithms, symmetric and asymmetric encryption techniques with master. Different Levels of protection and security is followed depending on the nature of information being protected.
Dissemination of User Information
Where any service requested by a User involves a third party, such information as is reasonably necessary by the Company to carry out the User’s service request maybe shared with such third party and the Company may also obtain details and information from the third party on usage. The Company may also engage with other companies/ persons to perform functions such as order fulfilment, delivering packages, analyzing data, providing marketing assistance, providing search results and links (including paid listings and links), processing payments, and providing customer service. The User understand that they have access to personal information needed to perform their functions.
The Company maybe required to disclose any information that is lawfully sought from it by a judicial or other competent body pursuant to applicable laws.
Retention of User Information
The Company may, at its discretion, retain any User Information for as long as it is reasonably required or as required under Applicable Laws or, in case of a Aadhaar base design, as specified by the Controller of Certifying Authorities or the eSign Service Provider. The Company shall not automatically destroy any User Information after the closure or termination of a User’s account with the Company.
When the User sets up an account or receives any request pursuant to the provision of the services, the User is deemed to have opted in to receive emails and messages from the Company and its service providers. While you may opt out of promotional messages, you cannot opt out of receiving certain administrative, financial, technical and legal information from the Company in connection with the services.
Alteration of User Information
In case the User requests any change or deletion of User Information of the User, or permanently delete the User’s, the User must contact the Company at email@example.com or contact the Data Protection and Grievance Officer. Do note that the Company is not obligated to alter or vary or delete any User Information which it is required to maintain under applicable laws or pursuant to contractual requirements of the Company.
A “cookie” is a packet of information stored on a browser by a server so it can be later read back. When you return to the website or application or access it though another website – they recognise these cookies and therefore your browsing device. To improve the user experience of the site or application for the Users, understand how Users use our website, personalize content and show promotional content/ advertisements the Company may use “cookies”, or similar electronic tools to collect information. This information may include the URL that User just came from (whether this URL is on the Company’s website or not), which URL that the User next goes to (whether this URL is on the Company’s website or not), the User’s computer and mobile browser information, the User’s IP address, and other information associated with your interaction with the Products. Note that information and data provided by a User may be collected in a “cookie” if the User has previously provided such information and data.
Local storage policy
To facilitate the provision of services by the Company to the User, the Company may store information locally on the device of the User. The User consents to the local storage of information on the device of the User for the facilitation of the services by the Company.
In case a User has any queries or any discrepancies/ grievances with respect to the User Information provided by a User, please contact the Company’s Data Protection and Grievance Officer by writing at:
Name: Prakhar Agrawal
Address: Plot No. 444, Udyog Vihar Phase 3, Gurugram, Haryana, 122016