Effective from 25th May 2018
GDPR KEY DEFINITIONS:
REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of NATURAL PERSONS with regard to the processing of PERSONAL DATA and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
CONSENT means a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the website user’s agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement.
- Data Controller
DATA CONTROLLER is a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data for which and the manner in which any personal data are, or are to be, processed.
- Data Processor
DATA PROCESSOR is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.
- General Data Protection Regulation (GDPR)
Predominant objective of this protection is as follows:
- The processing of personal data should be designed to serve mankind.
- Natural persons should have control of their own personal data;
- The right to the protection of personal data is not an absolute right; it must be considered in relation to its function in society and be balanced against other fundamental rights, in accordance with the principle of proportionality.
- Legitimate Interest
Processing shall be lawful only if and to the extent that at least one of the following applies:
- the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
- processing is necessary for the performance of a contract to which the legal/ natural person, whose data has been collected (data subject), is a party, or; in order to take steps at the request of the data subject prior to entering into a contract;
- processing is necessary for compliance with a legal obligation to which the controller is subject;
- processing is necessary in order to protect the vital interests of the data subject or of another natural person;
- processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
- processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third-party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
- Online Identifier
Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.
- Personal Data
Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- InSync Tech – Fin Solutions Ltd. (INSYNC)
INSYNC means InSync Tech-Fin Solutions Ltd., a Company incorporated under the Companies Act, 1956 in India and having its registered office at 5/2 Russel Street, 6th floor, Poonam Building, Kolkata – 700071, West Bengal, India and shall include all its successors, acquirers, administrators and executors etc.
Licensee means a legal / natural person including but not limited to an end customer, or a prospect obtaining trial version of INSYNC product or services, or partners; to whom any license has been granted specifically by INSYNC, to use INSYNC product, services, or Intellectual Properties, or any part thereof, with or without any consideration; for whatsoever purposes. Hereinafter referred to as the “Licensee” and shall include but not limited to all its acquirers, successors, administrators and executors.
Means partner of INSYNC for different purposes like development new connectors or adapters for INSYNC SAS product APPSeCONNECT, implementation Partners, referral and reseller partners having different kind of limited right licenses specifically granted for specific purposes to use of INSYNC product, services, Intellectual Properties. Partners are independent contractors and shall not be construed as an agent, or employee or a JV partners unless such relationship has been explicitly, and publicly defined to be of such nature and listed on INSYNC website.
- Artificial/ Juristic/ Legal Person:
An entity such as a corporation, created by law and given certain legal rights and duties of a human being; a being real or imaginary, who for the purpose of legal reasoning is treated more or less as a human being, but is not a citizen.
- Natural Person:
A human being.
- Artificial/ Juristic/ Legal Person:
- Service Data
Service Data is any Personal Data shared by a third-party with INSYNC, to avail INSYNC’s services or during the course of availing INSYNC services; pertaining to citizens/ residents of any EU based country, that is collected by any third-party being the Data Controller. In other words, Service Data is data obtained by INSYNC, as a Data Processor, from any third-party and does not have any control over what, why, and how it is being collected or used.
Shall mean all websites as it may exist from time to time of INSYNC including but not limited to www.insync.co.in and product website www.appseconnect.com.
- This Policy is applicable to whosoever visits any of INSYNC websites and any Licensee of INSYNC being a free trial customer, end customer or a partner.
- GDPR specific rights can be enforced only for PERSONAL DATA collected of NATURAL PERSONS* (not a company, partnership or any other kind of Legal Entity)
- GDPR specific privacy measures and features will be available to all INSYNC licensees or visitors of INSYNC websites.
- However, shall not create any legal right for data collected of any LEGAL / ARTIFICIAL PERSON who is not a human being by INSYNC. (Example of such data: name and the form of the legal person and the contact details of the legal person);
- Nothing contained in this policy shall create any right for citizens or residents outside of EU countries regarding data control features like right to obtain collected Personal Data, Right to be Forgotten, Right to update or modify their Personal Data, Right to give consent for collection ore share of Personal /Service Data and similar rights which are not explicit rights provided under the Information Technology Act, 2000 of India (IT Act).
- All Data control and protection rights for subjects of all other countries except for EU countries shall be governed by IT Act and will be subject to reasonable security measures compliant to industry standard practices.
- This Policy shall be legally binding on you and on INSYNC, on different activities on our websites including but not limited to browsing through our websites, on obtaining different services whether paid or free, raising queries, consultations for whatsoever purposes as a click-wrap contract between you and INSYNC.
RIGHT OF A VISITOR / LICENSEE
- RIGHT TO ACCESS, RECTIFY and/or DELETE PERSONAL DATA
If you are a Customer / Partner/ an interested party, providing your personal data to INSYNC through its Website, applications or social media connects, blogs, corporate events, etc.; such data being collected for specific purposes mentioned hereunder; you have the right to have access to your personal data provided to INSYNC; and further you have the right to contact firstname.lastname@example.org for rectification or deletion of your personal data, subject to other clauses of this policy; without affecting continuity of INSYNC’s business.
Thus, deleting the User does not delete business-specific organization-owned data created and contributed to; by the User including without limitation, knowledgebase articles, notes, forum topics/comments, support calls, surveys, canned responses, ticket templates, contacts, companies, tags, conversations in the tickets, comments or details provided on any third-party platform such as social media etc.
Notwithstanding the foregoing, we will retain Service Data that may include your personal data as necessary to comply with our legal obligations, for litigation/defence purposes, maintain accurate financial and other records, resolve disputes, and enforce our agreements.
- SHARING PERSONAL DATA
- You have full control over your personal data provided to INSYNC through various means. We share your personal data with your consent or as necessary to complete any transaction or provide any product/ services you have requested or authorised. We also share data with INSYNC Partners; with vendors working on our behalf with your consent; when required by law or to respond to legal process; to protect our customers; to protect lives; to maintain the security of our products; and to protect the rights or property of INSYNC and its brand.
- In the event INSYNC goes through a business transition, such as a merger or acquisition by another company; or sale of all or a portion of its assets, Customer’s Account, all collected data and Service Data that may include your personal data; will likely be among the assets transferred. A prominent notice will be displayed on our Websites to intimate you of any such change in ownership or control; and Customers will be notified via an e-mail from email@example.com.
WHAT KIND OF PERSONAL DATA DO WE COLLECT?
When you visit our Websites, Browser Applications etc.; or participate in our events, blogs, contribution pages, social networking pages, surveys; INSYNC may collect information, which may include your Personal Data. For the purposes of General Data Protection Regulation (GDPR), INSYNC is the controller for personal data collected through INSYNC owned systems and not for data collected on a platform owned by any third-party.
When you enquire about any Product or Service(s) or Partnership we may collect your (i) contact information such as name, e-mail address, mailing address, IP address, geographic location, or phone number, software environment etc. or any combination of such information.
Subject to this Notice and the Terms, we will use such data, including without limitation, (i) send you communication for the Service(s); (ii) assess needs of your business to determine or suggest suitable Service(s); (iii) send you requested information about the Service(s); (iv) respond to customer service requests, questions and concerns.
- Sign-up, Billing and Account information.
When you subscribe and sign-up to any of our Products/ Service(s)/ Trials, we may collect your (i) contact information such as name, e-mail address, mailing address, IP address, geographic location, or phone number, of the Account admin; (ii) billing information, such as credit card number and billing address; (iii) name and e-mail address when Account admin/Agent(s) provide feedback from within the Service(s); and (iv) unique identifiers, such as username, account number or password.
Subject to this Notice and the Terms, we will use such data, including without limitation, to (i) grant software license and other Service(s); (ii) send you communication from the Service(s); (iii) assess needs of your business to determine or suggest suitable Service(s); (iv) send you requested information about the Service(s); (v) respond to customer service requests, questions and concerns; (vi) administer your Account; (vii) send you promotional and marketing communications (where you have requested us to do so).
- Support Interactions
When a customer/ Prospect interacts with an INSYNC support professional, we collect Device/ System and Usage data or error reports to diagnose and resolve problems.
When a customer receives communications from INSYNC, we use data to personalise the content of the communication.
When a customer engages with INSYNC for professional services, we collect the name and contact data of the customer’s designated point of contact and use information provided by the customer to perform the services that the customer has requested and preserve all telephonic and written conversations for future reference, and such data, calls, chats or e-mails may be used for training and development purposes for INSYNC professionals.|
- When you attend an event conducted by us, including webinars or seminars, we may collect your contact information such as name, e-mail address, designation and company name.
Subject to this Notice, we will use such data, including without limitation, to (i) assess needs of your business to determine or suggest suitable Service(s); (ii) send you requested information about the Service(s); (iii) send you promotional and marketing communications (where you have requested us to do so); and (iv) respond to your questions and concerns.
- Apart from the aforementioned information collected by us, we automatically receive and record certain Personal Data of yours when You visit our Websites. This includes device model, IP address, the type of browser being used, usage pattern through cookies and browser settings, query logs and product usage logs. We also collect clicks, scrolls, conversion and drop-off on our Websites and Service(s) to render user journey in real-time. Subject to this Notice, we will use such data, including without limitation, to (i) assess needs of your business to determine or suggest suitable Service(s); (ii) send you requested information about the Service(s); (iii) respond to customer service requests, questions and concerns; and (iv) for analytical purposes.
- We may post your testimonials/comments/reviews on our Websites which may contain your Personal Data. Prior to posting the testimonial, we will obtain your consent to post your name along with the testimonial. If you want your testimonial removed, please contact us at firstname.lastname@example.org. anonymous
- Marketing communications.
We may use your e-mail address, collected which may fall into the category of Personal Data, to send our newsletters and/or marketing communications about our products and services. Where you have so requested, we will also send you marketing communications about our third-party partners. If you no longer wish to receive these communications, you can opt out by following the instructions contained in the e-mails you receive or by contacting us at email@example.com .
- Job Portal/ Partnership Forms
We may use and store your personal data, required for selection of your candidature for any job opening at our organization and may use the same to contact you for such purposes only as it will be specified at the time of filling up any candidature form.
- Essential Cookies:
These cookies are essential for the basic functionalities offered by the Service. These class of cookies helps in keeping a user logged in to the Service and remember relevant information when they return to the Service.
- Insight Cookies:
These are used for tracking the user activities within the Service, which in turn helps us in improving your user experience.
- Marketing Cookies:
We also use some marketing cookies provided by third parties to collect and analyse various information about the visitors to the INSYNC website and users of the service. No personal or intrusive information is collected in this process though.
- More information on “Incognito” mode and cookie setting in Google Chrome
- More information on “InPrivate” and cookie setting in IE
- More information on “Private Browsing” and cookie setting in FireFox
- More information on “Private Browsing” and cookies setting in Safari
Please note that if you wish to turn off the cookies in your web browser, you might not be able to take advantage of many features of our Service.
CHILDREN’S PERSONAL DATA
INSYNC does not knowingly collect any Personal Data from children under the age of 16. If you are under the age of 16, please do not submit any Personal Data through our Websites or Service(s). If you have reason to believe that a child under the age of 16 has provided Personal Data to us through our Websites or Service(s), please contact us and we will delete such personal information and terminate the child’s account from our databases.
SECURITY AND STORAGE
The INSYNC website and Service has industry standard security measures in place to protect the loss, misuse, and alteration of the information under our control. While there is no such thing as “perfect security” on the Internet, we will take all reasonable steps to ensure the safety of your information. Additionally, you retain all rights of ownership to the data you have stored on the INSYNC Service. We will not sell or share this data with any third parties or use this data to compete with you or advertise to your clients. Your privacy and the privacy of your clients are of utmost importance to us. Some general measures that we have taken for the security of your personal data are as follows:
- Industry Standard 2048- bit SSL V3 certificate for our product website APPSeCONNECT;
- Two-factor authentication when you log in to our product portal.
- Code- Signing Certificate
- AES – 256 is used to encrypt data at Rest.
- Storage is secure by role-based access control
- Client-side encryption over HTTPS or SMB 3.0.
- Review our information collection, storage and processing practices, including physical security measures, to guard against unauthorised access to systems.
- Restricted access to personal information to INSYNC agents/ employees/ partners/ contractors strictly based on the requirement to share your personal data in order to process and complete any transaction, contract, obligations, services while collecting such data; and all INSYNC agents/ employees/ partners/ contractors are subject to strict confidentiality obligations. They may be disciplined or their contract terminated if they fail to meet these obligations.
- Obtain your specific consent to share your personal data in a different country other than India and your own economic zone for specific purpose of performance of the contract, as it may require from time to time.
DATA COLLECTED FOR EXECUTION OF ENFORCEABLE CONTRACTS/ GRANT OF SOFTWARE LICENSE AND OTHER LICENSE OF INSYNC INTELLECTUAL PROPERTIES
You authorize INSYNC and its service providers to perform analytics on such collected data, to (i) improve, enhance, support and operate the Websites; and (ii) compile statistical reports and record insights into usage patterns.
We collect data of the end users and Partners of our products and/ or services, you being member of a legal entity for specific purpose of entering into legally enforceable contracts and associated enterprise data to provide a comprehensive, smooth user experience and such data does not fall into the domain of Personal Data.
WHAT IS OUR LEGAL BASIS FOR PROCESSING PERSONAL DATA
If you are a visitor from the European Economic Area, our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it.
However, we will normally collect Personal Data from you only where we need the Personal Data to perform a contract with you, or where the processing is in our legitimate interests or rely upon your consent where we are legally required to do so and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect Personal Data from you or may otherwise need the Personal Data to protect your vital interests or those of another person.
If we ask you to provide Personal Data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Data is mandatory or not (as well as of the possible consequences if you do not provide your Personal Data).
Similarly, if we collect and use your Personal Data in reliance on our legitimate interests (or those of any third-party), we will make clear to you at the relevant time what those legitimate interests are.
If you have questions about or need further information concerning the legal basis on which we collect and use your personal data, please e-mail us at firstname.lastname@example.org .
DATA WE PROCESS ON YOUR BEHALF: SERVICE DATA
We only process Service Data as per our End Customer’s instructions. For purposes of the GDPR, we are the processor and not the controller of the Service Data. Service Data, as defined in the Terms, means all electronic data, text, messages or other materials, including Personal Data of Users and End-Users, submitted to the Service(s) by our Customers through Customer’s Account in connection with Customer’s use of the Service(s). Our EU based Customers are the “controllers” of that data and are responsible for compliance with the applicable data protection law. We work with our Customers to help them provide notice to their customers concerning the purpose for which Personal Data is processed by INSYNC.
If you are our Customer from EU, then in your role as a controller, you are authorizing, on behalf of yourself and your authorized agents, End-Users, and representing that you have the authority to provide such authorization to the processing and transfer of Personal Data in and to India and other countries which may have different privacy laws from your or their country of residence. We will take all steps reasonably necessary to ensure that the Service Data is treated securely and in accordance with this Notice.
We do not own, control or direct the use of Service Data, and in fact we are largely unaware of what information is being stored on our platform and only access such information as reasonably necessary to provide the Service(s) (including to respond to support requests), as otherwise authorized by Customers or as required by law. Unless we explicitly agree otherwise in writing, you will not process sensitive personal data (such as health data) on our platform.
As the controller, it shall be your responsibility to inform the End-Users about the processing, and, where required, obtain necessary consent or authorization for any Personal Data that is collected as part of the Service Data through your use of the Service(s). As the processors of Personal Data on behalf of our Customers, we follow Customer’s instructions with respect to the Service Data to the extent consistent with the functionality of our Service(s). In doing so, we implement technical, physical and administrative measures against unauthorized processing of such information and against loss, destruction of, or damage to, Personal Data.
LINKS TO THIRD-PARTY SITES
Our Websites contain links to other websites that are not limited to but may be of our end customers, Technology Partners, Sales Partners, Implementation Partners etc. that are not owned or controlled by INSYNC. Please be aware that we are not responsible for the privacy practices of such other websites or third parties. We encourage you to be aware when you leave our Websites and to read the privacy policies of that third-party website to understand their data collection, retention and process policy.
Amendments to this Notice will be directly updated on this page and will be effective as may be notified. If we make any material changes, we will notify you by means of a notice on this Website prior to the change becoming effective and if you are our Licensee/ Partner, via e-mail (specified in your Account). Provided we will not be notifying you if we amend the Notice to make addition, deletions or modifications to the list of cookies from time to time to keep the list of cookies current and accurate. You should frequently visit this Notice to check for amendments. Your continued use of our Websites or the Service(s) following the posting of any amendment, modification, or change to this Notice shall constitute your acceptance of the amendments to this Notice. You can choose to discontinue use of the Websites or Service(s), if you do not accept the terms of this Notice, or any modified version of this Notice.
DATA RETENTION POLICY
We will retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
RIGHTS OF EUROPEAN UNION COUNTRY-SPECIFIC CITIZENS/ RESIDENTS
- If you are a citizen of European Union (EU); then you have the right to ask INSYNC for your personal data collected by INSYNC, by contacting the Data Protection Officer, credentials provided hereunder.
- You have the right to raise tickets for objection or grievance redressal if there is any collection of data by INSYNC, which is believed to be in nature of Personal data and not serving any justifiable purpose for which you have been requested to provide the same.
- You have the right to delete or modify any part or all of your personal data collected by INSYNC.
- You have the right to be forgotten, with all your personal data footprints kept with INSYNC in what so ever manner, if so opted by you. However, no data required for enforcement of our legal rights, obligations, legal proceedings, protection of our IP rights or protection against any claims shall be deleted and such purposes of data retention shall be clarified by INSYNC if requested for.
- Third-Party Data Processor of INSYNC: INSYNC may share your personal data with third-party organization which has cleared and declared to be GDPR compliant, including but not limited to https://mailchimp.com/ ; twillio.com etc. with your consent.
These rights are exclusively available for EU country-specific subjects either being a Citizen/ Resident of such countries and not for citizens/ residents of any other country not protected under GDPR guidelines.