1.2 We may collect your personal information in the following ways:
(a) Information you give us: When you use or access our Services, we may prompt you to share information with us. For instance, we may ask for your name or address when you sign up for any of our Services.
(c) Information we receive from third-parties: When you use or access our Services, we may receive personal information about you from third parties through authorization that you may have provided to such third parties for sharing the information with us.
1.4 We do not sell or share your data to third parties. We only disclose your personal information with the following categories of third parties, on a need-to-know basis.
(a) Other users: We may share your personal information with other users of the service. For example. if you view a catalogue created using our Services, we may share information such as your email id and your interaction with the catalogues with our users who create such catalogues.
(b) Service providers: We may disclose your personal information with our service providers, vendors, consultants, agents, or others, who assist us in our business operations.
(c) Business transfers: We may share your personal information with another business entity if we (or our assets) plan to merge with or be acquired by that business entity – in the event of a re-organization, amalgamation, or restructuring of business.
(e) Legal purposes or law enforcement authorities: We may share your personal information when required by law, such as in response to a court order, subpoena, or law enforcement investigation, or to establish or exercise our legal rights or defend against legal claims.
(f) Other third-Parties: We may share your personal information with other third parties, on a need-to-know basis, such as our accountants, lawyers, auditor, etc.
2. How We Store, Secure & Transfer Your Data
Section Highlights: Briefly, we use industry best practices to protect your personal information.
2.1 We use appropriate technical and organizational security measures to ensure a level of protection for personal information appropriate to the risk:
- We maintain a security and authorisation policy for access to our systems and update it from time to time.
- The transfer of personal information between your end device and us is generally carried out in an encrypted form over secured HTTPS connection. You can identify an encrypted connection for example by the lock symbol in the address line of your browser.
- We maintain strict access controls to prevent unauthorized access to personal information.
- If you communicate with us by e-mail, access by third parties cannot be ruled out. In the case of confidential information, we recommend using the physical mail or encrypted e-mail communication (PGP).
- All our systems responsible for handling user data are equipped with firewalls to prevent unauthorized access and breach.
However, do note that no method of transmission over the internet, or method of electronic storage is entirely secure and reliable, and we cannot guarantee its absolute security.
2.2 We do not generally transfer your personal information outside your jurisdiction of residence. In the event that we do so, we do it in compliance with applicable law. Transfers of data to these third-party processors are done under contract in compliance with applicable law. If you reside in Europe, we do not transfer your personal information outside Europe except in compliance with the General Data Protection Regulation.
2.3 In the event that any information under our control is compromised as a result of a breach of security, we will take reasonable steps to investigate the situation and where appropriate, notify those individuals whose information may have been compromised and take other steps, in accordance with any applicable laws and regulations.
3. Your Rights
Section Highlights: Simply put, our use, access, collection, and sharing of your data, depends largely on you. We respect and abide by your preferences to extent possible, without affecting the ability to meet our legal obligations.
3.1. Data Access and Portability:
You have the right to request a copy of your personal information being processed and/or retained by us. In certain instances (mentioned below), you also have the right to request copies of personal information that you have provided to us in a structured, commonly used, and machine-readable format and/or request us to transmit this information to another service provider (where technically feasible). The instances where you may request a copy of your personal information include:
3.7. Appeal / Lodging Complaints:
3.1.1. Where you have provided personal information to us;
3.1.2. Where processing of your personal information has been done by automated means; and
3.1.3. Where the processing was based on your consent or for the performance or a contract.
You have the right to ask us to correct inaccurate or incomplete personal information about you (and which you cannot update yourself within your account).
3.3.1. We generally retain your personal information for the reasons and time periods specified under Clause 4 (How Long We Keep Your Data) below.
3.3.2. You have the right to ask us to delete your personal information, subject to data retention requirements under applicable laws, and for us to meet our legal obligations. Please note that multiple legal bases for may exist for retention of data. If you ask us to delete your personal information, we will not be able to provide you some or all of our Services, depending on the nature of data requested for deletion.
3.4. Withdrawing Consent:
You can withdraw your consent at any time by changing your account settings or by sending a communication to us specifying which consent you are withdrawing. Please note that the withdrawal of your consent does not affect the lawfulness of any processing activities based on such consent before its withdrawal.
3.5. Restriction of Processing:
You have the right to limit the ways in which we use your personal information, in particular where (i) you contest the accuracy of your personal information; (ii) the processing is unlawful and you oppose the erasure of your personal information; (iii) we no longer need your personal information for the purposes of the processing, but you require the personal information for the establishment, exercise or defence of legal claims; or (iv) you have objected to the processing pursuant to Section 3.6. (Objection to Processing) and pending the verification whether our legitimate grounds override your own.
3.6. Objection to Processing
3.6.1. You have the right to object to the processing of your personal information based on grounds specific to your situation if such processing is for direct marketing or is for a purpose based on a legitimate interest or public interest. If you object to processing based on legitimate or public interests, we will no longer process your personal information for these purposes unless we can demonstrate compelling legitimate grounds for such processing or where the processing is otherwise required for the establishment, exercise or defence of legal claims.
3.6.2. Where your personal information is processed for direct marketing purposes, you may, at any time ask us to cease processing your data for these direct marketing purposes by sending an e-mail to email@example.com
If you are dissatisfied with our response on your grievance, then you can raise an appeal by sending an e-mail to firstname.lastname@example.org. You also have the right to lodge complaints about our data processing activities by filing a complaint with the appropriate regulatory authority .
You have the right to opt-out of receiving marketing communications from us. This includes communications on offers and promotions based on your use of Services and preferences. In certain circumstances, you also have a right to opt-out of selling, sharing, profiling, or targeting advertisements.
3.9. Do Not Track:
Finally, because there is no common understanding on what a “Do Not Track” signal is supposed to mean, we don’t respond to those signals in any particular way.
4. How Long We Keep Your Data
We retain personal information for as long as needed or permitted in light of the purpose(s) for which it was obtained and consistent with applicable law. The criteria used to determine our retention periods include, without limitation:
4.1. The length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have an account with us or keep using Services);
4.2. Whether there is a legal obligation to which we are subject (for example, certain laws require us to keep records of your transactions for a certain period of time before we can delete them); and/or
4.3. Whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).
5. Our Communications
5.1. We may from time to time send you Services-related announcements when we consider it necessary to do so (such as when we temporarily suspend the Services for maintenance, or security, privacy, or administrative-related communications). We send these to you via SMS or email, as we deem fit. You may not opt-out of such Service-related communications.
5.2. The Services are made available by Oritur Technologies Pvt. Ltd., having its registered office Company address- 24/20 Punjabi Bagh Extension, New Delhi, 110026. Our grievance officer is Vikas Garg, accessible via email at: email@example.com (“Grievance Officer”). You can contact them confidentially by email to enquire about the treatment of your data, including the deleting of your personal information as identified in this document.
6. Children's Data
6.1. Our Services, are not directed at individuals below the age of 18 years (“Minors”). Minors are not permitted to sign up by themselves to the Services. We do not knowingly collect or solicit personal information from Minors.
6.2. In the event that we learn that we have collected personal information from a Minor without verification of parental consent where this is required, we will delete that information as quickly as possible.
6.3. If you believe that we might have any information from or about a Minor, please contact our Grievance Officer as per Clause 6 (Our Communications).