Terms Of Ose 1

Privacy Policy

Privacy Policy

1. INTRODUCTION

This policy (“Privacy Notice") is applicable to Tanla Platform Limited and all its subsidiaries (hereinafter “Tanla”, “We" or “Us”) and/or branch offices in India and United Arab Emirates.

Tanla is Data Fiduciary of your personal data as described in this Privacy Notice, unless otherwise specified.

At Tanla, we prioritize your privacy and the protection of your personal data. We want you to feel confident that your personal data are well-protected when you interact with Tanla.

2. OBJECTIVE

This Privacy Notice is designed to inform you about how Tanla collects, defines, and uses your personal data (PII) when you interact with our websites, social media platforms, or utilize our services. It aims to provide clarity on:

a. The types of information we collect from you.
b. The sources of your information, including instances where data is collected indirectly.
c. The purposes for which we collect your information.
d. How your information is collected, stored, used, and processed.
e. Your rights concerning your personal data.

Tanla is dedicated to safeguarding your personal data and respecting your privacy. This notice provides comprehensive details on how we handle your personal data (PII) in accordance with regulations such as the GDPR, DPDPA.

3. SCOPE

This Privacy Notice outlines how we handle your personal data (PII) in compliance with GDPR, DPDPA, IT Act 2000 & SPDI Rule 2011 of India. It applies to any personal information collected directly from you or from third parties in various contexts, including:

a. Visiting our public websites and online services, including social media platforms;
b. Sending or receiving communications with us via email, phone, or text;
c. Using our products and services (e.g., as an employee of our customer with access to our offerings) where we act as a data controller. Please note that processing personal data is essential for accessing certain products or services;
d. Participating in our events, webinars, training sessions, campaigns, or contests;
Visiting our offices;
e. Accessing, using, or downloading our content (such as newsletters, whitepapers, reports, etc.);
f. Providing information over the phone, which we may record and retain.

Our websites and services are intended for use by individuals in their business or professional capacities and are not aimed at children under 18. We do not knowingly collect or market personal data online from children under 18. If you are a parent or guardian and believe your child has provided us with personal data without your consent, please contact us as detailed below so we can delete their information from our systems.

For any concerns or inquiries about this Privacy Notice, or if you wish to exercise your rights regarding your personal data, please contact us at the address provided below.

4. BASIC TERMS
SI No Terms Definition

1

Personal Data/Personally Identifiable Information (PII)/Personal Information Personal data/PII means any information relating to an identified or identifiable natural person (‘data subject/PII Principal’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person

2

Law/Act

Act shall mean;

Digital Personal Data Protection Act, 2023 (DPDPA), General Data Protection Regulation (GDPR), UAE, Information Technology Act, 2000, SPDI Rule 2011 and additional legislations that confer powers or obligations upon us.

3

Information “Information” shall mean and include Personal Information and Sensitive Personal Data and Information as may be collected by Tanla

4

Data Subject/PII Principal/Data Principal A data subject/PII Principal/ Data Principal is the individual whose personal information is being collected, held or processed.

5

IP Address An Internet Protocol address (IP address) is a logical numeric address that is assigned to every single computer, printer, switch, router or any other device that is part of a TCP/IP-based network.

6

Data/PII Controller/Data Fiduciary A data fiduciary is a person, company, or other body that determines the purpose and means of personal data processing (this can be determined alone, or jointly with another person/company/body).

7

Machine Readable Format Machine-readable data, or computer-readable data, is data in a format that can be easily processed by a computer. Machine-readable data must be structured data. E.g.: word document, pdf document, excel sheet, etc.

8

Data/PII Processor Data Processor/PII means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the data fiduciary .
 
5. ABBREVIATIONS
Abbreviation Meaning
DPO Data Protection Officer
TCP/IP Transmission Control Protocol/ Internet Protocol
PII Personal Identifiable Information
 
6. ROLES & RESPONSIBILITIES
  • Data Fiduciary detail: Tanla Technology Centre, Hi-Tech City Road, Madhapur, Hyderabad 500081, India
  • Data Protection Officer (DPO) Contact Details: We envisage protecting and safeguarding your personal data and in lieu of the same, our nominated representative can be reached at dpo@karix.com
 
7. WHAT PERSONAL DATA DO WE PROCESS?

Depending on how you interact with us, we may collect various types of information about you. This can include business contact details such as your name, job title, company, email address, country, designation, industry, product interests, or telephone number. We also gather the content of your communications with us, details about how you use our website and services, your feedback, interests in our products and services, and any publicly available information relevant from a business perspective. Additionally, we may collect information about your computer and your visits to and usage of our site, such as your Internet Protocol (IP) address, your computer’s operating system, browser type, and data gathered through cookies.

We collect information about you, your use of our services, your interactions with us, and information regarding the devices you use to access our services (such as computers, mobile devices, tablets, and other viewing devices). This information may include, but is not limited to:

a. Activities on our website, such as types of pages viewed, time spent on pages, and search queries;
b. Advertising identifiers, such as Cookie IDs found on browsers;
c. Information collected via cookies and other technologies.

To enhance the user experience on our website, we may use cookies or similar electronic tools to collect information, assigning each visitor a unique, random User Identification (“User ID”) to understand individual interests based on the identified computer. Unless you voluntarily identify yourself (for example, through registration), we will not know who you are, even if we assign a cookie to your computer. The only personal information a cookie can hold is information you provide. A cookie cannot read data from your hard drive. We process certain types of information whenever you interact with us through our website or via your electronic devices. For more details, please refer to our Cookie Policy.

8. PURPOSES AND LAWFULNESS OF PROCESSING

We use the personal data we collect from you for various business purposes, based on different legal grounds for processing. Below is a summary of how and on which legal bases we use your personal data:

We may use personal data to:

  1. Respond to your inquiries and fulfil your requests, such as sending you newsletters or marketing materials.
  2. Send you administrative information, including updates about our services, changes to our terms and conditions, and policy updates.
  3. Facilitate social sharing functionality.
  4. Enhance and improve the services we offer.
  5. Provide a more personalized service experience.
  6. Process reports on adverse events.
  7. Fulfil our contractual obligations related to your personal data.

Additionally, we may process personal data as we deem necessary or appropriate to:

  1. Comply with applicable laws, including laws outside your state or country of residence.
  2. Adhere to legal processes and prevent, detect, or suppress abuse, fraud, or criminal activities.
  3. Respond to requests from public and governmental authorities, including authorities outside your state or country of residence.
  4. Enforce our terms and conditions.
  5. Protect our operations, assets, or interests, or those of our affiliates.
  6. Safeguard the rights, privacy, safety, or property of our affiliates, you, or others.
  7. Pursue available remedies or limit potential damages.

Consent: We may process your personal data based on your consent. This means we will obtain your consent before processing your personal data for specific purposes.

9. RETENTION AND STORAGE

We will retain your personal data for as long as necessary to fulfil the purposes outlined in this privacy notice, unless a longer retention period is required or permitted by law.

After the retention period, your data will be deleted, destroyed, or archived according to our data destruction protocols, which comply with applicable laws, industry best practices, regional sectoral guidelines, and contractual requirements.

If complete deletion of personal data from our systems is not possible, we will implement appropriate measures to secure the information and prevent any further use.

10. YOUR RIGHTS

You have certain rights regarding your personal data under applicable data protection laws (e.g., India’s DPDPA 2023, the General Data Protection Regulation or based on your use of our offerings. These rights include:

Access. You can request confirmation of whether we are processing your personal data, details about such processing, and a copy of your personal data.

Erasure. You can ask us to erase your personal data if certain conditions are met. We are not required to comply with your request to erase your personal data if the processing of your personal data is necessary for compliance with a legal obligation or for the establishment, exercise, or defense of legal claims.

Objection. You can object in writing to any processing of your personal data, which is done on the basis of our “legitimate interests,” if you believe your fundamental rights and freedoms outweigh our legitimate interests. If you object in writing to our processing of your personal data, we shall then have an opportunity to demonstrate that we have compelling legitimate interests which override your rights and freedoms. In addition, you can object to the processing of your personal data for direct marketing purposes, which includes profiling to the extent that it is related to such direct marketing. We will then cease the processing of your personal data for direct marketing purposes.

Portability. You can ask us to provide your personal data to you in a structured, commonly used, machine-readable format, or you can ask to have it ‘ported’ directly to another data controller, but only where our processing is based on your consent and the processing is carried out by automated means.

Rectification. You can ask us to update or correct certain information; we may verify the accuracy of the data before rectifying it.  For certain information you may be able to update or correct information by updating your personal setting within the Offerings.

Restriction. You can ask us to restrict (i.e., keep but not use) your personal data, but only where: its accuracy is contested (see “Rectification" above), to allow us to verify its accuracy; the processing is unlawful, but you do not want it erased; it is no longer needed for the purposes for which it was collected, but we still need it to establish, exercise, or defend legal claims; or you have exercised the right to object, and verification of any overriding grounds is pending. We can continue to use your personal data following a request for restriction where we have your consent to establish, exercise, or defend legal claims, or to protect the rights of another.

Withdrawal of Consent. You can withdraw your consent where processing is based on a consent you have previously provided.  Your withdrawal of consent will not affect the lawfulness of the processing done prior to your withdrawal of consent taking effect.  If you have questions about how to withdraw a consent you had provided, please contact Data protection officer at dpo@karix.com

Right to Nominate. A Data Principal shall have the right to nominate, in such manner as may be prescribed, any other individual, who shall, in the event of death or incapacity of the Data Principal, exercise the rights of the Data Principal in accordance with the provisions of The digital personal data protection act 2023.

Right of GRIEVANCE redressal. In accordance with the Digital personal data protection act 2023, Information Technology Act, 2000 read with SPDI Rules, 2011 and its rules thereof, if User faces any grievance with respect to this Privacy Notice, User may contact Data protection officer at dpo@karix.com

The DPO will address any discrepancies and grievances of the User with respect to processing of information as per the timelines prescribed under the applicable law or in its absence within a period of 27 (twenty-seven) days.

Exercise of Rights. To exercise your rights, please write to dpo@karix.com We do not discriminate based on whether you choose to exercise your choices and rights and will not, based on your exercise of rights, deny the Offerings to you; charge you different rates (including through penalties or discounts/benefits); provide a different level or quality of Offerings.  We will process any requests in accordance with applicable laws within a reasonable period of time.  In order to properly process a request, we may need to verify your identity before taking any request-related actions. If needed, we will contact you via email with reasonable instructions to verify your identity before processing your request.

11. SECURITY OF PERSONAL DATA

Please be assured that all information you provide to us is secured using strict procedures and security measures to prevent unauthorized access, breaches, or leaks. We implement a variety of security measures to protect your personal data from unauthorized or unlawful access, loss, disclosure, or alteration. These measures include technical, organizational, and physical safeguards. Our controls, policies, and procedures adhere to industry best practices and information security standards, such as ISO 27001, ensuring the security of personal data throughout its lifecycle.

However, no system can be entirely secure. If you have any concerns about the security of your personal information or believe that the information, we hold about you is no longer secure, please contact us immediately using the contact details provided in this Privacy Notice.

12. DISCLOSURE

We may disclose your information to any of our employees, officers, insurers, professional advisers, agents, partners, suppliers or subcontractors in so far as reasonably necessary for the purposes set out in this privacy Notice and for the purpose of providing services to you.

We may disclose your personal data to any member of our group, which means our subsidiaries, our ultimate holding company and its subsidiaries.

  • We may disclose your personal data to third parties if we are under a duty to disclose or share your personal data in order to comply with any legal obligation, or in order to enforce or apply our terms of use and other agreements; or to protect the rights, property, or safety of the Companies, our customers, or others.
  • To our third-party service providers who provide services such as website hosting and webinars. The information we provide to third parties service providers is subject to confidentiality obligations and is intended to be used solely for the purpose(s) permitted thereby.
  • To identify you to anyone to whom you send messages through the Services. You may also choose to disclose your Personal data on chat, social media, blogs, and other services to which you are able to post information and materials. Please note that any information you post or disclose through these services will become public and may be available to other users and the general public. We urge you to be very careful when deciding to disclose any information on the Services.
  • To a third party, in the event of any reorganization, merger, sale, joint venture, assignment, transfer, or other disposition of all or any portion of our business, assets, or stock (including in connection with any bankruptcy or similar proceedings.

laws outside your state or country of residence; (b) to comply with legal process and to prevent, detect, or suppress abuse, fraud, or criminal activity; (c) to respond to requests from public and government authorities and self-regulatory organizations, including public and government authorities and self-regulatory organizations outside your state or country of residence; (d) to enforce our terms and conditions; (e) to protect our operations, assets, or interests or those of any of our affiliates; (f) to protect our rights, privacy, safety, or property, and/or that of our affiliates, you, or others; and (g) to allow us to pursue available remedies or limit the damages that we may sustain.

13. CROSS BORDER DATA TRANSFER

The data that we collect or are provided with may be transferred to and stored at a destination outside the base location. It may also be processed by staff operating outside the base location who work for us or for one of our related companies and affiliates.

We will ensure that a legitimate transfer of your personal data takes place to a location abroad keeping in mind the transfer mechanisms mandated by applicable laws.

14. Changes to this Privacy Policy

We may update this Privacy Notice periodically. If we make significant changes, we will revise the “Effective Date” at the top of the Privacy Notice. Additionally, we may notify you of these changes by posting a notice on our website or, where required by law, by providing you with direct notice before the updates take effect

15. Questions and Queries

Questions, comments and requests regarding this privacy Notice are welcomed and should be addressed to dpo@karix.com