Privacy Policy of Simplifai Cognitive Service Private Limited

Revision: 20th of June 2023

This privacy policy (the “Policy”) has been compiled to better serve those who are concerned with how their personal information is being used, hereunder to inform you (“You” or “Your”) of Your rights as well as our policies and procedures regarding the processing of Your personal information (as defined below).

Where the words «We«, «Us» or «Our» are used in this Policy, this refers to Simplifai Cognitive Services Private Limited, a private limited company incorporated under the Companies Act, 2013, having corporate identification number U74999PN2018FTC175269 and having its registered office at Global Port, Unit No. 602, 6th Floor, Pune Bangalore Highway Pashan exit, Baner, Pune- 411045.

Please note that we are the data fiduciary (as defined below) of Your personal information unless otherwise specified. Instances where We process data on behalf of third-party data fiduciaries have been separately called out under clause 7 of this Policy.

For the purposes of this Policy, the term “Services” means the software services delivered online to Our customers (“Customers”) or partners (“Partners”), including upgrades, updates and any appurtenant services that We may provide, if applicable.

Please read Our Policy carefully to get a clear understanding of how We collect, use, protect or otherwise handle your personal information. Please click on any of the topics below to be directed to the relevant information.

  1. Personal information
  2. Collection
  3. Purpose
  4. Processing
  5. Legal basis
  6. Data fiduciary
  7. What are your rights?
  8. Retention
  9. Third parties
  10. Security
  11. International Transfer
  12. Amendments
  13. Contact & Complaint

1.PERSONAL INFORMATION

1.1 Personal information means information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person.

1.2 This Policy does not cover aggregated data from which the identity of an individual cannot be determined. We retain the right to use aggregated data in any way that We find appropriate.

2.COLLECTION

2.1. We collect personal information when You use Our Services, subscribe to a newsletter, respond to a survey or marketing communication, use our Website or certain Website features, fill out a form, open a support ticket or otherwise enter information on Our Website. If You have engaged one of Our Partners which facilitates Our Services independently or bundled or combined with their own services, they will also provide personal information to Us.

3.PURPOSE

3.1 We process personal information to the extent necessary to enable You to make use of Our Services. We will process personal information for the purposes described herein and in order to offer, monitor, maintain, improve and analyse the Services.

3.2. When You access Our Services, We may also process Your personal information in order to:

a) Analysis: Anonymous analysis to improve Our Services. Such analysis will be conducted using aggregated and anonymised personal data, and this data will not be used to identify You as a person.

b) Dispute: Handle disputes and provide assistance

c) Improvement: Monitor, maintain, improve and analyse the Services.

d) Internal processing: Conduct internal investigations and risk assessments

e) Marketing: If You have consented to online marketing, We may also process Your personal data in order to provide You with information on product updates, offers and news.

f) Notifications: We may use Your personal data to send You service or operating messages, such as updates, security alerts, and account alerts.

g) Order processing: Process orders and transactions and send appurtenant information and updates

h) Sales: We may process Your personal data in order to contract You and propose meeting invitations and/or offer tailored information or offers on how We believe that Our Services or other products or services may be of interest to You and/or Your organisation. You may object to such processing by replying to any inquiry from Us or by contacting Us as specified in Clause 13.

i) Survey: Manage a survey or Your use of the Services.

j) Threat detection: Register and prevent fraud, spam, abuse, technical issues, security incidents and other harmful activities.

k) Tips and offers: We process Your Personal Data in order to offer certain features.

l) Verification: Verify You as a user and facilitate information that You have made available in the Services.

m) Webinars and courses: We process Your personal data in order to register and allow for Your participation in a webinar or course.

3.3. We also carry out anonymous analysis to improve Our Services. Such analysis will be conducted using aggregated and anonymised personal information, and this data will not be used to identify You as a person.

3.4. If You have agreed to online marketing, We may also process Your personal information in order to provide you with information on product updates, offers and news.

4.PROCESSING

4.1 By using the Services, We may process personal data about You, including but not limited to:

a) Billing information which may include bank account or credit card or debit card or other payment instrument details.

b) Details concerning Your use of the Services, e.g. duration, connection information, chat logs and Your questions and answers.

c) Device information.

d) E-mail address

e) Employer

f) IP address

g) Name

h) Phone number

i) Position

j) Username

k) Your name.

5.Additional data collection modalities

5.1 To improve the responsiveness of Our Services for You, We may use electronic tools to collect and store information (through local storage in your browser) about You (only for user sessions) and to understand Your interests and preferences (relating to our Services) from past sessions.

5.2 Unless You voluntarily identify Yourself (by contacting us, for example, or specific other means provided in this Policy), We will have no way of knowing who You are, even if we use electronic tools to collect and store information (through local storage in your browser) to your computer/ electronic system.

6.LEGAL BASIS

6.1 In order to use the Services, You must provide us with certain personal information. If You do not wish to provide Us with such necessary personal information, We cannot grant You access to the requested Services. You will be asked to confirm that You have read and consented to the contents of this Policy and to Our processing of Your personal information. You may withdraw Your consent at any time by contacting us as specified in Clause 14. Please note that such withdrawal may make it impossible for us to continue to deliver our Services to You.

6.2. If You wish to receive offers or newsletters from Us, You may consent to have your personal information processed for the purpose of marketing. You may at any time withdraw Your consent by contacting us as specified in Clause 14.

7.DATA FIDUCIARY

7.1 Unless otherwise specified in the terms and conditions applicable to the Services You have requested, We are the data fiduciary, where the processing of personal information is collected directly from You as a data subject. A ‘data fiduciary’ is a person who determines the purpose of the processing of personal information and the means to be used during such processing. It is the data fiduciary who has the overall responsibility for the processing of Your personal information.

7.2. We are also a separate data fiduciary where personal information has been provided by another separate data fiduciary who is either a Customer or a Partner of Us. In these cases, Our role as a data fiduciary of personal information received from such entities or collected through Our Services shall be limited to the purpose of providing and operating the Services for the benefit of Our Customers, Partners and yourself. Please note that Our Customers and Partners are separate data controllers in regard to their processing of Your personal information through Our Services and otherwise. We strongly encourage You to read the privacy policies and any terms and conditions of the Customers and Partners who process Your personal information and We disclaim any responsibility or liability for the content and activities of these entities.

Additionally, the broad principals of the instances where we process personal information in the role of a data processor for and on behalf of separate data fiduciaries, have been included under Annexure I hereunder. Please read the details of such principles carefully; you may seek additional information in this regard by contacting us as specified in Clause 14.

7.3. If You are consenting to this Policy on behalf of a Customer, Partner or an organisation, You warrant and acknowledge that You:

1. Are solely responsible for ensuring that the relevant data subjects have been provided with all necessary information in respect of this Policy

2.Have a lawful basis to .

a) obtain, access and handle such personal information which includes having appropriate and due consents/permissions for each such action relating to the personal information and

b)transfer the personal information to Us.

3. Have sufficient power of authority to execute such consent.

8.YOUR RIGHTS

8.1. As a data principal or the owner of the personal information, You have the following rights:

  1. Access: You may request a copy of Your personal information that We process.
  2. Data portability: You may request to obtain the personal information that You have provided to Us or to have said data transferred to a third party in a structured, commonly used and machine-readable format.
  3. Erasure: You may demand that we erase all of Your personal information unless We are required by law to keep the data for a certain period of time.
  4. Information: You are entitled to receive information concerning which categories of Your personal information that We process and how they are processed.
  5. Objection: You may object to Our use of Your personal information for the purpose of direct marketing, including profiling for direct marketing purposes. You may also object to being subject to a decision based solely on automated processing, including profiling, which produces legal effects that significantly affect You.
  6. Rectification: You may require Your personal information to be rectified or supplemented.
  7. Restriction: You may request that We restrict the processing of Your personal information.

9.RETENTION

9.1 We keep Your personal information only for as long as it is required for the reasons it was collected from You. The time period for which We store personal information varies, depending on the category and the nature of the personal information.

9.2. When Your personal information is no longer required for Our purposes, We have procedures to destroy, delete, erase or convert it into an anonymous form.

10.THIRD PARTIES

10.1 We may disclose Your personal information to individuals or organisations who are Our service providers and who are involved in database management, maintaining, reviewing and developing our business systems, procedures, and infrastructure, including testing or upgrading our computer systems or who otherwise facilitates Our Services.

10.2. Third parties will only receive access to Your personal information for the purpose of fulfilling Our obligations to You, deliver the Services or if You otherwise have consented to such transfer or access. If We were to disclose personal information to organisations that perform services on Our behalf, We will require those service providers to use such personal information solely for the purposes of providing services to Us and to have appropriate safeguards for the protection of that personal information.

10.3. All third parties who receive personal information from Us are obligated to adhere to Our standards for the processing of personal information, as well as obligations in accordance with the applicable privacy legislation.

10.4. You acknowledge that We cooperate with government authorities and law enforcement officials to enforce and comply with any applicable law. Please note that there are circumstances where the use and/or disclosure of personal information may be justified or permitted or where We are obliged to disclose personal information without Your consent.

10.5. Where personal information may be subject to transfer to another organisation in contemplation of a merger, financing, reorganisation or dissolution transaction of all or part of Us, We will do this only if the involved parties have entered into an agreement under which the collection, use, and disclosure of the personal information is restricted to those purposes that relate to the transaction, including a determination of whether or not to proceed with the transaction, and is to be used by the involved parties to carry out and complete the transaction. If another company acquires Us or Our business or assets, that company will possess the personal information collected by Us and will assume the rights and obligations regarding Your personal information as described in this Policy.

11.SECURITY

11.1 Safeguarding Your personal information is Our highest concern. As such, we endeavor to maintain and employ reasonable measures for the physical, procedural and technical security with respect to the offices and information storage facilities involved with Your personal information, to prevent any loss, misuse, unauthorised access, disclosure, or modification of Your personal information. This also applies to Our disposal or destruction of Your personal information.

11.2. Your personal information is contained behind secured networks and is only accessible by a limited number of individuals who have special access rights to such systems and are required to keep the personal information confidential. We use computer systems with limited access housed in facilities using physical security measures.

11.3. If any of Our employees misuse personal information, this will be considered as a serious offence for which disciplinary action may be taken, including termination of employment. If any individual or organisation misuses personal information – provided for the purpose of providing services to or for Us – this will be considered a serious issue for which action may be taken, including termination of any agreement between Us and that individual or organisation.

12.INTERNATIONAL TRANSFER

12.1. Your Personal information will be transferred to — and maintained on — computers located inside of India as provided under the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011.

13. AMENDMENTS

13.1. The privacy policy may be updated from time to time due to amendments or expansions in the Services, and We will notify You if this requires a new consent from You. In case of any material changes, We will contact You through the available channels such as e-mail or notifications on Our Website.

14.CONTACT & COMPLAINT

14.1 If you wish to utilise Your rights of access, information, rectification, erasure, restriction, data portability or the right to object to the processing of personal information or if You have questions or requests or grievances regarding this privacy policy, Our processing or wish to file a complaint, please contact us at:

Name of grievance officer: Vasim Shaikh

Email: vasim.shaikh@simplifai.ai

14.2. We will investigate all complaints and if a complaint is found justified, We will take all reasonable steps to resolve the issue.

14.3. To guard against fraudulent requests, we may require sufficient information to allow us to confirm that the individual making the request is authorised to do so.