Privacy Policy
SCOPE AND PURPOSE
This policy is applicable to the Processing of users’ Personal Data at Krutrim SI Designs Private Limited ("Krutrim", “our”, “us” or "we"). The purpose of this policy is to provide our current, former, and potential users (jointly referred to as "users" or "you") with a general understanding of:
- Type of personal information and manner of collection
- Purpose of collection and processing of personal information
- How information is processed
- Sharing/Transfer of Personal Data
- Distribution of responsibility for the Processing of Personal Data between affiliated of Krutrim, and
- Contact details for us so you can receive information about and claim your rights in relation to our processing of your Personal Data.
This policy is updated continuously to reflect the measures taken by us in relation to your Personal Data.
DEFINITIONS
The following definitions are used in this policy. In case of any conflict with respect to interpretation of these definitions between applicable law and these terms, interpretation provided under the applicable law shall prevail.
- Anonymous data or anonymized data: Data not identifiable to a natural person.
- Automated decision making: Making a decision by automated means through algorithms without human involvement.
- Consent: Any freely given, informed, and unambiguous statement which may be given by a clear affirmative action.
- Cookies: Small pieces of data given to a web browser by a web server.
- Data Fiduciary: A natural or legal person that determines the purposes and means of the processing of personal data.
- Data Processor: The natural or legal person who processes personal data on behalf of the data fiduciary.
- Data Principal: The natural person who interacts with us and whose personal data we collect.
- Erasure or Deletion: The irretrievable obliteration or destruction of saved personal data.
- Personal Data: Any information identified or identifiable to a natural person.
- Processing: Any operation performed on personal data, including collection, recording, structuring, alteration, use, disclosure, and analysis.
- Pseudonymization: A processing technique where the processed data is not identifiable to a natural person unless coupled with other information.
- Third Party: A natural or legal person, public authority, agency, or body other than the data principal, data fiduciary, or processor.
DETAILS OF THE DATA FIDUCIARY / JOINT DATA FIDUCIARY
Krutrim SI Designs Private Limited and its subsidiaries and affiliates (the ‘Company’, ‘we’ or ‘us’) having its registered office at 8th Floor, Wing C, Prestige RMZ Startech Block C, Industrial Layout, Hosur Road, Koramangala, Bengaluru, Bengaluru Urban, Karnataka, 560095 is the data fiduciary under this Privacy Policy.
DATA PROTECTION OFFICER
If you have any queries under this Privacy Policy or want clarification about our processing of your personal information, you can connect with our Data Protection Officer at dpo@olakrutrim.com. We will resolve your queries within one calendar month.
TYPE OF PERSONAL INFORMATION AND MANNER OF COLLECTION
User sign-up consent
We will be collecting and storing the following details from you during the sign-up process to create your profile:
- Name
- Phone number
- Primary location
- Email Address
The above-mentioned information will be utilized to create your profile on our platform and will enable us to identify and contact you in case you decide to use our services. They have to be mandatorily provided for the creation of your profile. The information that we collect is stored securely on cloud servers, located in India and abroad, employing state-of-the-art security measures to keep your data secure. This data may also be shared with third parties for analytics purposes to provide you the best user experience, if we have your consent.
Information you provide to us
- Contact and account information, such as your first and last name, email address, and phone number.
- Content and metadata of any messages that you send using our services.
- Communications that we exchange with you, including when you contact us with questions, feedback, or otherwise.
- Other data not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.
Automatic data collection
We may automatically log and combine information about you, your computer or mobile device, and your interaction over time with the Services, online resources, and our communications, such as:
- Device data such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, device type (e.g., phone, tablet), IP address, unique identifiers, language settings, and general location information such as city, state, or geographic area.
- Online activity data such as pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Services, navigation paths between pages or screens, information about your activity on a page or screen, access times, duration of access, and whether you have opened or otherwise engaged with our communications.
We use the following tools for automatic data collection:
- Cookies: Text files that websites store on a visitor‘s device to uniquely identify the visitor’s browser or to store information or settings in the browser.
- Local storage technologies: Like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data.
- Web beacons: Also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.
Personal Information that We may receive from other sources
The third parties from whom We may receive information may include our subsidiaries, affiliates, or parent companies or other third-party companies. For example, you may avail our services by logging in through your ID linked with Ola Cabs account or any other application owned by ANI Technologies Private Limited (“ANI”) and its Group Companies.
In any instance, We will use the Personal Information We obtain from these sources for the purposes as mentioned below. The remaining provisions of this Policy also apply to any Personal Information We obtain from these sources as well.
PURPOSE OF COLLECTION AND PROCESSING OF PERSONAL INFORMATION
Provide our Services: We use personal information to operate, maintain, and provide you with our Services. In particular, we use personal information to perform our contractual obligations under our Terms of Service.
Communicate with you about our Services: - It is in our legitimate business interests to use personal information to respond to your requests, provide user support, and communicate with you about our Services, including by sending announcements, surveys, reminders, updates, security alerts, and support and administrative messages.
Improve, monitor, personalize, and protect our Services: - It is in our legitimate business interests to improve and keep our Services safe for our users, which includes:
- Understanding your needs and interests, and personalizing your experience with the Services and our communications.
- Troubleshooting, testing, and research, and keeping the Services secure.
- Investigating and protecting against fraudulent, harmful, unauthorized, or illegal activity.
Research and development: We may use personal information for research and development purposes where it is in our legitimate business interests, including to analyze and improve the Services and our business. As part of these activities, we may create or use aggregated, de-identified or other anonymized data from personal information we collect. We make personal information into anonymized data by removing information that makes the data personally identifiable to you. We may use this anonymized data and share it with third parties for our lawful business purposes, including to analyze and improve the Services and promote our business.
Compliance and protection: We may use personal information to comply with legal obligations, and to
defend us against legal claims or disputes, including to:
- Protect our, your, or others’ rights, privacy, safety, or property (including by making and defending legal claims).
- Audit our internal processes for compliance with legal and contractual requirements and internal policies.
- Enforce the terms and conditions that govern the Services.
- Prevent, identify, investigate and deter fraudulent, harmful, unauthorized, unethical, or illegal activity, including cyberattacks and identity theft.
- Comply with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities
HOW INFORMATION IS PROCESSED
The information may be processed by our Website. Your Personal Information is processed by us under different circumstances and under a different lawful basis. The same is provided below for your information:
- To provide, administer, maintain and/or analyze the Services;
- To improve our Services and conduct research;
- To communicate with you; including to send you information about our Services and events;
- To develop new programs and services;
- To prevent fraud, criminal activity, or misuses of our Services, and to protect the security of our IT systems, architecture, and networks;
- To carry out business transfers;
- To process your customer account transaction; and
- To comply with legal obligations and legal process and to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or other third parties.
Aggregated or De-Identified Information. We may aggregate or de-identify Personal Information so that it may no longer be used to identify you and use such information to analyze the effectiveness of our Services, to improve and add features to our Services, to conduct research and for other similar purposes. In addition, from time to time, we may analyze the general behavior and characteristics of users of our Services and share aggregated information like general user statistics with third parties, publish such aggregated information or make such aggregated information generally available. We may collect aggregated information through the Services, through cookies, and through other means described in this Privacy Policy. We will maintain and use de-identified information in anonymous or de-identified form and we will not attempt to re identify the information, unless required by law
SHARING/TRANSFER OF PERSONAL DATA
We do not sell or share your personal information with third parties for interest-based advertising purposes. We may disclose your personal information as described below:
Service providers: We may rely on third-party service providers in furtherance of the purposes described above. In these cases, personal information may be accessed by these third-parties and processed or stored on our behalf. These service providers can include hosting services, cloud computing and storage services, maintenance services, security services, and user support services. We also may share hashes of names and phone numbers and limited device data for advertising attribution and measurement services. This means that the recipient can recognize your name and phone number only if they already have that information from another source.
Affiliated: We may disclose Personal Information to our affiliates, meaning an entity that controls, is controlled by, or is under common control with Krutrim. Our affiliates may use the Personal Information we share in a manner consistent with this Privacy Policy.
Authorities and others: If we are legally obliged or otherwise believe it necessary to do so, personal information may be disclosed to regulatory agencies, law enforcement agencies, courts, and other government authorities, including for the compliance and protection purposes described above.
International transfers
We may transfer your Personal Data to recipients in countries outside India that may have differing data protection laws. This includes countries which may not have an adequate level of protection for Personal Data. In those instances, we will ensure that appropriate safeguards are in place for that transfer and storage as required by applicable law. We will ensure there is a legal ground for the transfer in accordance with applicable data protection legislation. You will also be informed about the legal ground, what safeguards were implemented, and where you can obtain a copy of information on these safeguards. In case of sensitive personal data, we will specifically seek your consent before such transfers to other countries, and will also ensure that the conditions as required under law for such international transfer of sensitive data are complied with.
Marketing based on your online web behavior data
When you visit our website(s), and if you consent to the use of cookies, we collect and process your IP address, information on your browsing on our website, e.g. product interest and configuration, device information, unique online identifiers and interaction in relation to our ads on third-party websites (your “Online Web Behaviour Data”). Such data is collected by cookies that we and third parties place on our website and in our app. For more information regarding the cookies used, please consult our cookie policy
The legal ground for placing, collecting and having access to information from cookies is your consent. The purpose of our processing of the Online Web Behaviour Data is to identify you as return visitor to our website, to analyze the behaviour of the visitors to our website, to enhance our communication and structure of our website and to build a profile of your interests to be able to show you relevant adverts for our products and services also on other websites. The profiles we create based on your Online Web Behaviour Data can for example include, “people that visited the product page, started configuration etc.,".
All data that we store about you for these purposes may also be stored in pseudonymised form, meaning that the information stored about you is connected to an online identifier. The data that we use has been collected by cookies and we always ask for your consent to place these cookies before collecting and storing the data. Furthermore, the profiling is always conducted on group level, meaning that you will receive the same type of marketing as other individuals included in that same segment. The profiles we create are also based on a few criteria, such as your behaviour on our website and product interest. To this end, we have a legitimate interest to process your personal data for these purposes. You always have the possibility to object to this processing by withdrawing your consent to the use of cookies. For instructions to do so, please refer to our cookie policy which is accessible at Cookie Policy Section.
If you consent, we may combine this data with your Online Web Behaviour Data for the purposes of sending you targeted marketing through email, or by mobile push notifications including but not limited to text messages and/or WhatsApp. Your email address and contact number will for example be collected when you register on our platform and in such cases the email address and the contact number will be connected to your online identifier. In that manner we will be able to store information regarding your online behaviour and connect it to your pseudonymised email address. By doing this, we will for example be able to send you personalized marketing by email.
RETENTION
We will only retain your Personal Data for as long as it is necessary to fulfill the purposes outlined in this policy or the purposes of which you have otherwise been informed. This means that when you have consented to our Processing of your Personal Data, we will retain the data for as long as the active account lasts (and, where applicable, until the expiry of the warranty period) or until you withdraw your consent. If you have revoked your consent, we may nevertheless retain certain Personal Data for the period required in order for us to meet our legal obligations and defend ourselves in legal disputes. If we have not received your consent for Processing, the Personal Data will only be retained to the extent we are permitted to do so by law.
RIGHTS OF DATA PRINCIPALS
If you live anywhere in India, the law has various rights bestowed on you in relation to your personal data. We will have to confirm your identity, wherever applicable, to ensure that your rights are being exercised appropriately. To exercise these rights you will have to write to us at dpo@olakrutrim.com Except in exceptional circumstances, we will respond to your request within 30 days from the date we receive your email. We may charge a minor sum to comply with your exercise of these rights to aid the cost we incur for this compliance. You will be informed of these charges once you write to us. You have the following rights under applicable laws in your country -
1. Accessing your personal information
You have the right to access and copy your personal information that we hold in a standard form that will be easy and understandable. In rare occasions we may not provide you with a copy of your information in which case we will convey you this message with appropriate reasons. Generally, we can only deny you your right of access if it concerns the right of other individuals or we have another lawful reason to withhold that information and not otherwise. You also have the right to access in one place the identities of the data fiduciaries with whom your personal data has been shared by us together with the categories of personal data shared with them.
2. Verify and rectify
Accuracy is an important principle of data protection and you have the right to verify your information with us and ask us to rectify it if it is inaccurate. You can correct, complete and update your name, address, contact details and other personal information you give us.
3. Withdrawing your consent
You can always withdraw your consent you have given us. We will be bound to stop collecting or processing your data we collect from you solely on the basis of your consent. For instance, there are certain data points for which we take your explicit consent like GPS tracking. You can withdraw from GPS tracking anytime by using the App. However, we will accordingly be unable to offer you other services that are dependent on GPS tracking like navigation. (other mechanisms if they exist for consent withdrawal to be mentioned)
Also, we are legally permitted to continue collecting or processing your personal data if we can rely on
grounds other than consent to process your information.
4. Objecting to our use of your personal information and automated decisions made about you
You have the right to object to the processing of your data if the processing is carried out on a legal basis other than consent. But you will have to provide reasons for such withdrawal. Where your personal data is processed for the purposes of the legitimate interests pursued by us, you may object to such processing by providing a ground related to your particular situation to justify the objection. We will temporarily stop processing your personal data until we have assessed your concerns. If we agree that your objection is justified in accordance with your rights under data protection laws, we will permanently stop using your data for those purposes. Otherwise we will provide you with our justification as to why we may continue using your data.
You may at any time opt to unsubscribe from any of our optional services or make changes in the settings of the website or the application.
You may object to a decision made about you based on automated processing by contacting our data protection officer
5. Erasing your personal information
You have the right to get your information erased from our systems. Unless there is a reason that the law allows us to use your personal information for longer, we will make reasonable efforts to comply with your request.
6. Your right to port your data
You have the right to ask for a copy of information that we collect from you in a structured data file. We will provide this to you electronically in a structured, commonly used and machine-readable form.
You can also ask us to send your personal information directly to another data fiduciary, and we will do so if this is technically possible. We may not provide you with a copy of your personal information if this concerns other individuals or we have another lawful reason to withhold that information.
7. Your right to be forgotten
You may also ask us to restrict or prevent processing your personal information in the following situations:
where you believe it is unlawful for us to do so,
you have objected to its use or withdrawn your consent and our assessment is pending or
Where your data has served the purpose
In these situations, we may only process your personal information whilst its processing is restricted if we have your consent or are legally permitted to do so, for example for storage purposes, to protect the rights of another individual or company or in connection with legal proceedings.
LODGING OF COMPLAINT
If you have any issues with the way we process data or you need any clarification on our privacy practices you can always contact our Data Protection Officer at dpo@olakrutrim.com. Your issues will be addressed by us as soon as possible and within a maximum period of one month.
However, if you are still of the opinion that we are processing your personal data in violation of data protection laws and regulations you have the right to lodge a complaint with the supervisory authority.