SADGURU FACILITY SERVICES PVT. LTD.

Last Updated: 03/09/2020

________________________________________

This Privacy Policy document explains our privacy practices regarding the collection, use, disclosure and transfer of your Personal Data by Sadguru Facility Services Pvt Ltd and/or its subsidiary(ies) and/or affiliate(s) (collectively referred to as the "SFSPL" or “We” or “Us”, “Our”).

This Privacy Policy (“Policy“) is published in accordance with the provisions of Rule 3(1) of the Information Technology (Intermediaries Guidelines) Rules, 2011. The Policy is an ‘electronic record’ as contemplated under section 2(t) of the Information Technology Act, 2000 and the rules. This Policy being an electronic record is generated by a computer system and does not require any physical or digital signature.

THIS PRIVACY POLICY IS A LEGALLY BINDING DOCUMENT BETWEEN YOU AND SADGURU FACILITY SERVICES (BOTH TERMS DEFINED ABOVE). THE TERMS OF THIS PRIVACY POLICY WILL BE EFFECTIVE UPON YOUR ACCEPTANCE OF THE SAME (DIRECTLY OR INDIRECTLY IN ELECTRONIC FORM, BY CLICKING ON THE I ACCEPT TAB OR BY USE OF THE WEBSITE OR BY OTHER MEANS) AND WILL GOVERN THE RELATIONSHIP BETWEEN YOU AND SFS FOR YOUR USE OF THE WEBSITE (DEFINED BELOW).

THIS DOCUMENT IS PUBLISHED AND SHALL BE CONSTRUED IN ACCORDANCE WITH THE PROVISIONS OF THE INFORMATION TECHNOLOGY (REASONABLE SECURITY PRACTICES AND PROCEDURES AND SENSITIVE PERSONAL DATA OF INFORMATION) RULES, 2011 UNDER INFORMATION TECHNOLOGY ACT, 2000; THAT REQUIRE PUBLISHING OF THE PRIVACY POLICY FOR COLLECTION, USE, STORAGE AND TRANSFER OF SENSITIVE PERSONAL DATA OR INFORMATION.

The domain name https://www.sadgurufacility.com/ ("Website") of the platform is owned and operated by Sadguru Facility Services Pvt. Ltd. (“We”, “Us”, “Our” “Company”) which is a Company registered under the Indian Companies Act, 2013, having its corporate address at Shop No. 1, Madhu Jeevan Jyoti Chsl, Kasturba Cross Road No. 1, Opp Abhyudaya Bank, Borivali East, Mumbai, Maharashtra 400066, where such expression shall, unless repugnant to the context thereof, be deemed to include its respective representatives, administrators, employees, directors, officers, agents and their successors and assigns.

This policy DOES NOT apply to the information that you provide to, or that is collected by, any third-party(ies). We encourage you to consult directly with such third-parties about their privacy practices.

This policy may change from time to time, your continued use of our Services after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.

1. OBJECTIVE

● To demonstrate a set of privacy and Personal Data protection standards that govern SFSPL’s procedures to collect, store and process Personal Data in a lawful manner;

● To provide consistent treatment of Personal Data throughout SFS entities;

● To ensure Personal Data is protected from data security risks;

● To ensure Personal Data is transferred or processed in a manner consistent with the applicable data protection laws and regulations.

2. SCOPE

This policy shall apply to SFSPL, its operations and business units and supersedes any other policy relating to Personal Data protection. This means that this Policy shall apply to all employees, contractors, working partners and businesses carried on by SFSPL and any other Affiliates of SFSPL except to the extent, if any, stated under exemptions below, must comply with it.

3. POLICY GUIDELINES

● SFSPL shall as a data controller or processor, establish the specific purposes for which Personal Data is being collected and that its collection and processing of Personal Data is done in a manner consistent with those stated purposes;

● SFSPL shall collect and process only such Personal Data as is adequate, relevant and limited in scope to the requirement and for a length of time that is necessary for the stated purposes of its use;

● SFSPL shall utilize IT systems and applications that have the ability to comply with Data Protection Laws and Regulations including providing appropriate security for storage and transmission of Personal Data;

● SFSPL shall Perform Data Protection Impact Assessments as per GDPR requirements;

● SFSPL shall report breaches promptly and in line with the Personal Data breach notification process.

● SFSPL shall record, investigate, analyze and report data protection-related complaints; and

● SFSPL shall ensure that data protection training is undertaken by all concerned employees.

4. DATA COLLECTION, TRANSFER AND PROCESSING

SFSPL may collect, store, use and disclose information about individuals which may constitute Personal Data (including Sensitive Personal Data) under various applicable data protection laws (including but not limited to Information Technology Act 2000 (IT Act), Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011 (IT Rules), for lawful, explicit and legitimate purposes and for further processing of Personal Data consistent with those purposes.

The Personal Data may be processed for purposes including without limitation:

● Administering relationships services

● Operational purposes

● Conducting market research

● Providing individuals with information concerning products and services which SFSPL believes to be of interest

● Compliance with any requirement of law, regulation, associations, codes that SFSPL decides to adopt

● For the detection, investigation, monitoring and prevention of fraud and other crimes or malpractice

● For the purpose of, or in connection with, any legal proceedings for obtaining legal advice or for establishing, exercising or defending legal rights or any other purpose connected to or incidental to the purposes stated above

● Personal Data collected at website - cookies may be used in website to track user behavior, etc., and/or user name, address, email, phone number may be collected for marketing or research purposes

SFSPL shall specifically mention the purpose and obtain free consent from the data subject prior to collecting, storing and processing of Personal Data.

SFSPL shall not utilize an individual’s Personal Data in its control, beyond the scope for which it was collected without prior written consent from the individual. Individual’s Personal Data shall not be provided or otherwise disclosed to third parties other than SFSPL, investigators, or law enforcement personnel where consent has been obtained from the concerned individual or when disclosure is legally mandated.

SFSPL may record and monitor electronic and voice communications, to the extent permitted by applicable laws, to ensure compliance with the legal and regulatory obligations, internal policies and for the purposes outlined above in this policy.

Any transfer of Personal Data to a third party shall take place only if adequate levels of protection of Personal Data in accordance with applicable data protection laws is guaranteed by such third party. Data shall be encrypted and anonymized wherever necessary.

5. CONFIDENTIALITY AND SECURITY

SFSPL shall take prudent steps to safeguard the confidentiality and security of all Personal Data including taking procedural and organizational steps to protect Personal Data from accidental or unlawful destruction and disclosure. These steps include entering into written agreements to protect Personal Data with all its vendors, subcontractors who process Personal Data.

In addition, SFSPL strives to protect personally identifiable information that it maintains or disseminates so that it is not accessed or obtained by unauthorized individuals or used in unauthorized ways.

6. DATA SUBJECT ACCESS, CORRECTION AND DELETION

SFSPL recognizes that data subjects have a right to request a copy of the Personal Data held by SFSPL. If any Personal Data is found to be incorrect, the individual concerned has the right to file a request to amend, update or delete it, as appropriate. Individuals also have a right to object to the processing of their Personal Data as per the prevailing laws.

If SFSPL undertakes transactions or other services that involves the processing or disclosure of Personal Data on behalf of any of our client or counterparty, it shall be the responsibility of such client or counterparty to ensure that it has all necessary authority to permit SFSPL to process and disclose the Personal Data accordingly.

Privacy consent can be withdrawn by the data subject by informing the appropriate authority within SFSPL as mentioned in the access revocation process.

The privacy data shall be deleted from the system on request or when it has served its purpose, only after a complete evaluation of compliance with any applicable legal obligations or business processes.

7. PRIVACY BY DESIGN

Privacy controls shall be considered while designing and implementing new or existing systems or processes, based on the technologies available, cost of implementation, scope, context and purposes of collecting, storing and processing Personal Data. SFSPL shall implement appropriate data-protection principles, technical and organizational measures, such as pseudonymisation, data minimization, data encryption, etc. to ensure that Personal Data is secure.

8. DATA PROTECTION AND IMPACT ASSESSMENT

All SFSPL personnel handling Personal Data have a responsibility to report any data privacy breach related incidents and any violations of this policy and/or its Annexures immediately to ___________

● A systematic description of the system or purpose.

● Assessment of the risks to the rights and freedoms of data subjects.

● The measures to address the risks, including safeguards, security measures and mechanisms to ensure the protection of Personal Data and to demonstrate.

9. MINOR

SFSPL does not knowingly collect or use any personal information from Minors i.e below the age of 18 . We do not allow the usage of our website to those who are not Competent to Contract under section 11 of the Indian Contract Act, 1872. If you are a parent and/or relative become aware that someone has provided us the information, please contact us using one of the methods specified below, and we will work with you to address this issue at the earliest.

10. DEFINITIONS

● SFSPL shall mean and include its Affiliates and group entities.

● Affiliates mean SFSPL and

a. any persons or entities that, now or in the future, directly or indirectly, control, are controlled by them, or are under common control, or

b. any persons or entities that are acquired, managed, or operated by them, whether by membership, stock ownership, joint operating agreement, or other substantial relationship. “Control” means, with respect to a corporation, the direct or indirect control of more than fifty percent (50%) of the voting power to elect directors thereof, or any other entity, the power to direct the management or management policies of such entity.

● Data Protection Laws and Regulations means, Article 21 of the Constitution of India, Information Technology Act, 2000, the (Indian) Contract Act, 1872, Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, Information Technology (Procedures and Safeguards for Interception, Monitoring and Decryption of Information) Rules, 2009 and Information Technology (Procedures and Safeguards for Blocking for Access of Information) Rules, 2009.

● European Union – means the current EU Member State countries of: Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and the United Kingdom.

● Personal Data under GDPR means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person;

● ‘Personal information’ under Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011 (Privacy Rules) means any information that relates to a natural person, which either directly or indirectly, in combination with other information that is available or likely to be available to a corporate entity, is capable of identifying such person

● Processing means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;

● Specified purpose means being clear from the outset about why we are collecting Personal Data and are transparent about our purposes with the individuals concerned.

● Sensitive personal data or information under Privacy Rules — means such personal information which consists of information relating to:

a. Password;

b. financial information such as Bank account or credit card or debit card or other payment instrument details;

c. physical, physiological and mental health condition;

d. sexual orientation;

e. medical records and history;

f. Biometric information;

g. any detail relating to the above clauses as provided to body corporate for providing service; and

h. any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise: provided that, any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data or information for the purposes of these rules.

14. FURTHER ACKNOWLEDGMENT

You hereby acknowledge and agree that this Privacy Policy:

● is clear and easily accessible and provide statements of Our policies and practices with respective to the Information;

● provides for the various types of personal or sensitive personal data of information to be collected;

● provides for the purposes of collection and usage of the Information;

● provides for disclosure of Information; and

● provides for reasonable security practices and procedures.