But first, some points to note:
1. The “Section Highlights” in each clause merely provides a highlight of the clause. Reading the highlights is not a replacement for reading the clause. In case of a conflict between the highlights and the clause, the clause will prevail.
Now, let’s dive in!
Section Highlights: In this section, we detail the data we collect from you, how we collect it, why we collect it, and whom we share your data with. We show you how we use each data point we collect/require access to, in this table.
1 . 1 We have listed the data we collect from you, and the purpose for such collection, below:
Payment information (credit/debit card, payment providers account information, GST Number (if applicable), and mode of transfers used and preferred).
Services usage data:
If you view a catalogue created using our Services, we may share information such as your email id and your interaction with the catalogues with our users who create such catalogues.
1.2 We use the services of third party processors such as DigitalOcean and Amazon Web Services to host user data. Transfers of data to these third party processors are done under contract in compliance with applicable law. We do not generally transfer your personal data outside your jurisdiction of residence. In the event that we do so, we do it in compliance with applicable law. If you reside in Europe, all transfers of your personal data outside Europe are done in compliance with the General Data Protection Regulation.
1.3 We may use or share or provide access to your data (as listed above) to meet legal and compliance related requirements. We may use the data we collect to investigate or address claims or disputes relating to use of our Services, or as otherwise allowed by applicable law, or as requested by regulators, government entities, and official inquiries.
1.4 While negotiating or in relation to a change of corporate control such as a restructuring, merger or sale of our assets, we may have to disclose our databases and information we have stored in our course of operations.
Section Highlights: Briefly, we use industry best practices to protect your personal data.
2.1 We use appropriate technical and organizational security measures to ensure a level of protection for personal data appropriate to the risk:
However, do note that no method of transmission over the internet, or method of electronic storage is entirely secure and reliable, and we cannot guarantee its absolute security.
2.2 In the event that any information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and where appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations.
Section Highlights: Simply put, our use, access, collection, and sharing of your data, depends largely on you. We respect and abide by your preferences to extent possible, without affecting the ability to meet our legal obligations
3.1. Data Access and Portability:
You have the right to request a copy of your personal data being processed and/or retained by us. In certain instances (mentioned below), you also have the right to request copies of personal information that you have provided to us in a structured, commonly used, and machine-readable format and/or request us to transmit this information to another service provider (where technically feasible). The instances where you may request a copy of your personal information include:
3.1.1 Where you have provided personal information to us;
3.1.2 Where processing of your personal information has been done by automated means; and
3.1.3 Where the processing was based on your consent or for the performance or a contract.
You have the right to ask us to correct inaccurate or incomplete personal information about you (and which you cannot update yourself within your account).
3.3.1. We generally retain your personal information for the reasons and time periods specified under Clause 4 (How Long We Keep Your Data) below.
3.3.2 You have the right to ask us to delete your personal information, subject to data retention requirements under applicable laws, and for us to meet our legal obligations. Please note that multiple legal bases for may exist for retention of data. If you ask us to delete your personal information, we will not be able to provide you some or all of our Services, depending on the nature of data requested for deletion.
3.4. Withdrawing Consent:
You can withdraw your consent at any time by sending a communication to us specifying which consent you are withdrawing. Please note that the withdrawal of your consent does not affect the lawfulness of any processing activities based on such consent before its withdrawal.
3.5. Restriction of Processing:
You have the right to limit the ways in which we use your personal information, in particular where (i) you contest the accuracy of your personal information; (ii) the processing is unlawful and you oppose the erasure of your personal information; (iii) we no longer need your personal information for the purposes of the processing, but you require the personal information for the establishment, exercise or defence of legal claims; or (iv) you have objected to the processing pursuant to Section 3.6. (Objection to Processing) and pending the verification whether our legitimate grounds override your own.
3.6. Objection to Processing:
3.6.1. You have the right to object to the processing of your personal information based on grounds specific to your situation if such processing is for direct marketing or is for a purpose based on a legitimate interest or public interest. If you object to processing based on legitimate or public interests, we will no longer process your personal information for these purposes unless we can demonstrate compelling legitimate grounds for such processing or where the processing is otherwise required for the establishment, exercise or defence of legal claims.
3.6.2. Where your personal information is processed for direct marketing purposes, you may, at any time ask us to cease processing your data for these direct marketing purposes by sending an e-mail to firstname.lastname@example.org.
3.7. Lodging Complaints:
You have the right to lodge complaints about our data processing activities by filing a complaint with our Grievance Officer as per Clause 5 (Our Communications).
You have the right to opt-out of receiving marketing communications from us. This includes communications on offers and promotions based on your use of Services and preferences.
3.9. Do Not Track:
Finally, because there is no common understanding on what a “Do Not Track” signal is supposed to mean, we don’t respond to those signals in any particular way.
We retain personal information for as long as needed or permitted in light of the purpose(s) for which it was obtained and consistent with applicable law. The criteria used to determine our retention periods include, without limitation:
4.1. the length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have an account with us or keep using Services);
4.2 whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); and/or
4.3 whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
5.1. We may from time to time send you Services-related announcements when we consider it necessary to do so (such as when we temporarily suspend the Services for maintenance, or security, privacy, or administrative-related communications). We send these to you via SMS or email, as we deem fit. You may not opt-out of such Service-related communications.
5.2 The Services are made available by Oritur Technologies Pvt. Ltd., having its registered office Company address- 24/20 Punjabi Bagh Extension, New Delhi, 110026. Our grievance officer is Vikas Garg, accessible via email at: email@example.com (“Grievance Officer”). You can contact our data protection officer confidentially by email to enquire about the treatment of your data, including the deleting of your personal data as identified in this document.
6.1. Our Services, are not directed at individuals below the age of 18 years (“Minors”). Minors are not permitted to sign up by themselves to the Services. We do not knowingly collect or solicit personal information from Minors.
6.2 In the event that we learn that we have collected personal information from a Minor without verification of parental consent where this is required, we will delete that information as quickly as possible.
6.3 If you believe that we might have any information from or about a Minor, please contact our Grievance Officer as per Clause 5 (Our Communications).