YOU AND THAT ENTITY OR AGENCY TO THE TERMS OF SERVICE. IN THAT EVENT, “YOU” AND “YOUR” WILL REFER AND APPLY TO YOU AND THAT ENTITY OR AGENCY.
1. DATA PROTECTION PRINCIPLES
Gritsa has adopted the following principles to govern its collection, use, retention, transfer, disclosure and destruction of personal data:
a) Lawfulness, Fairness, and Transparency. Personal data shall be processed lawfully, fairly, and in a transparent manner in
relation to the data subject. This means that Gritsa must tell the data subject what processing will occur (transparency), the processing must match the description given to the data subject (fairness), and it must be for one of the purposes specified in the applicable data protection regulation (lawfulness).
b) Purpose Limitation. Personal data shall be collected for specified, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes. This means Gritsa must specify exactly what the personal data collected will be used for and limit the processing of that personal data to only what is necessary to meet the specified purpose.
c) Data Minimisation. Personal data shall be adequate, relevant, and limited to what is necessary for relation to the purposes for which they are processed. This means Gritsa must not store any personal data beyond what is strictly required.
d) Accuracy. Personal data shall be accurate and kept up to date. This means Gritsa must have processes in place for identifying and addressing out-of-date, incorrect, and redundant personal data.
e) Storage Limitation. Personal data shall be kept in a form that permits identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed. This means Gritsa must wherever possible, store personal data in a way that limits or prevents identification of the data subject.
f) Integrity & Confidentiality . Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorized or unlawful processing, and against accidental loss, destruction, or damage. Gritsa must use appropriate technical and organizational measures to ensure the integrity and confidentiality of personal data are maintained at all times.
g) Accountability. The Data Controller (Board of Gritsa Tech (India) Private Limited) shall be responsible for, and be able to demonstrate compliance. This means Gritsa must demonstrate that the six data protection principles (outlined above) are met for all personal data for which it is responsible.
2. COLLECTION OF YOUR PERSONAL INFORMATION
2.1. We collect personal information from the individuals who want to register on our website www.gritsa.com. This information is not accessible to the visitors using Gritsa’s website, either directly or by submitting a request. Individuals are required to create an account to be able to access certain portions of our Website, Individuals, if and when they create and use an account with Gritsa need to register on the website, they will be required to disclose and provide to Gritsa information including personal contact details like name and email address. In some cases, additional details like billing information including name, GST, address, PAN, etc. may be required. Such information gathered shall be utilized to ensure greater customer satisfaction and help a customer satiate their needs.
2.2. Our website may include social media features, which are available on Twitter, Facebook, and Instagram. The features may include a “like” button and widgets, such as the “share this” button. These features may collect your personal information and track your use on the website.
2.3. We also automatically collect certain computers, devices, and browsing information when you access the website or use Gritsa Services. This information is aggregated to provide statistical data about our users’ browsing actions and patterns, and does not personally identify individuals. This information may include:
● Computer or mobile device information, including IP address, operating system,
network system, browser type, and settings;
● Website usage information.
We may use one or more third-party Service providers, to assist us in better understanding the use of our Site. Our Service provider(s) will place cookies on the hard drive of your computer and will receive information that we select that will educate us on such things as how visitors navigate around our Site, what products are browsed, and general Transaction information. Our Service provider(s) will analyze this information and provide us with aggregate reports. The information and analysis provided by our Service provider(s) will be used to assist us in better understanding our visitors’ interests in our Site and how to better serve those interests. The information collected by our Service provider(s) may be linked to and combined with information that we collect about you while you are using the Platform. Our Service provider(s) is/are contractually restricted from using the information they receive from our Site for any other purpose than to assist us.
If you want to avoid using cookies altogether, you can disable cookies in your browser.
However, disabling cookies might make it impossible for you to use certain features of our website or Services, such as logging in to your Gritsa Account or making Transactions.
Your use of our website or Service with a browser that is configured to accept cookies constitutes acceptance of our and third-party cookies.
3. HOW GRITSA USES THE INFORMATION WE COLLECT
3.1. We collect your personal information and aggregate information about the use of our Website and Services to better understand your needs and to provide you with a better Website experience.
Specifically, we may use your personal information for any of the
● To provide our Services to you, including registering you for our Services, verifying your identity and authority to use our Services, and to otherwise enable you to use our Website and our Services;
● For customer support and to respond to your inquiries;
● For internal record-keeping purposes;
● To process billing and payment, including sharing with third-party payment gateways in connection with Website and/or Gritsa’s products and Services;
● To improve and maintain our Website and our Services (for example, we track information entered through the “Search” function; this helps us determine which areas of our Website users like best and areas that we may want to enhance; we also will use for trouble-shooting purposes, where applicable);
● To periodically send promotional emails to the email address you provide regarding new products from Gritsa, special offers from Gritsa or other information about Gritsa that we think you may find interesting;
● To contact you via email, or, where requested, by text message, to deliver certain services or information you have requested;
● For Gritsa’s market research purposes, including, but not limited to, the customization of the Website according to your interests;
● We also may compare personal information collected through the Website and Services to verify its accuracy with personal information collected from third parties; and
● We may combine aggregate data with the personal information we collect about you.
3.2. We may collect Gritsa services usage information in order to improve function or UI, but will only use this information in an aggregated, anonymized fashion, and never in association with your name, email, or other personally-identifying information.
4. DATA RETENTION
4.1. To ensure fair processing, personal data will be retained by the Board of Gritsa (who shall at all times be considered as the “Data Controller” under this Policy) until a customer has an active account on the website and undertakes transactions therefrom.
4.2. The Board of Gritsa shall maintain all records relevant to administering this policy and procedure in electronic form on our computers, servers, cloud storage, etc.
4.3. We will retain records of all such information for five years after the account has been closed.
4.4. All personal data should be deleted or destroyed as soon as possible where it has been confirmed that there is no longer a need to retain it.
5. DATA PROTECTION
5.1. We employ procedural and technological security measures, which are reasonably designed to help protect your personal information from unauthorized access or disclosure. Gritsa may use encryption, passwords, and physical security measures to help protect your personal information against unauthorized access and disclosure. No security measures, however, are 100% complete. Therefore, we do not promise and cannot guarantee, and thus you should not expect, that your personal information or private communications will not be collected and used by others.
5.2. You should take steps to protect against unauthorized access to your password, phone, and computer by, among other things, signing off after using a shared computer, choosing a robust password that nobody else knows or can easily guess, and keeping your log-in and password are private. Gritsa is not responsible for the unauthorized use of your information or any lost, stolen, compromised passwords, or for any activity on
your Account via unauthorized password activity.
6. DATA PROTECTION RIGHTS
We would like you to be completely aware of your data protection rights. Every customer is
entitled to the following:
● Information access.
● Objection to processing.
● Objection to automated decision-making and profiling.
● Restriction of processing.
● Data portability.
● Data rectification.
● Data erasure.
If a customer makes a request relating to any of the rights listed above, the Board of Gritsa will consider each such request in accordance with all applicable data protection laws and regulations. No administration fee will be charged for considering and/or complying with such a request unless the request is deemed to be unnecessary or excessive in nature. Requests shall be made in writing/email to firstname.lastname@example.org.
We may share the information that we collect about you, including your personal information, as follows:
a) Information Disclosed to Protect Us and Others-
b) Information Disclosed to Third Party Service Providers and Business Partners-
We may contract with various third parties for the provision and maintenance of the Website, Services, and our business operations, and Gritsa may need to share your personal information and data generated by cookies and aggregate information (collectively, “information”) with these vendors and service agencies. The vendors and service agencies will not receive any right to use your personal information beyond what is necessary to perform its obligations to provide the Services to you. If you complete a survey, we also may share your information with the survey provider; if we offer a survey in conjunction with another entity, we also will disclose the results to that entity.
c) Disclosure to Non-Affiliated Third Parties in Furtherance of Your request-
Your request for services may be shared with third-party websites with whom we have a contractual relationship in order to provide your request with maximum exposure. The post on the third party website will include the details of your request, including your location, and other contact details. Interested bidders, however, will be able to click on your request on such third-party site, and will be directed to our Website where they will have access to your contact details (Partial or complete), as would any other service provider on our Website interested in bidding on your request.
d) Links to External Websites -
We may send periodic promotional or informational emails to you. You may opt-out of such communications by following the opt-out instructions contained in the email. Please note that it may take up to 10 business days for us to process opt-out requests. If you opt-out of receiving emails about recommendations or other information we think may interest you, we may still send emails on a case to case basis.
9. BREACH REPORTING
Any individual who suspects that a personal data breach has occurred as a result of the theft or exposure of personal data must immediately notify the Board of Gritsa immediately at by providing a description of what occurred. They will investigate all reported incidents to confirm whether or not a personal data breach has occurred. If a personal data breach is confirmed, Gritsa will follow the relevant authorized procedure based on the criticality and quantity of the personal data involved. For severe personal data breaches, Gritsa’s senior management will initiate and chair an emergency response team to coordinate and manage the personal data breach response.
THIS POLICY IS CURRENT AS OF THE EFFECTIVE DATE SET FORTH ABOVE. GRITSA MAY, IN ITS SOLE AND ABSOLUTE DISCRETION, CHANGE THIS POLICY FROM TIME TO TIME BY UPDATING THIS DOCUMENT. GRITSA WILL POST ITS UPDATED POLICY ON THE WEBSITE ON THIS PAGE. GRITSA ENCOURAGES YOU TO REVIEW THIS POLICY REGULARLY FOR ANY CHANGES. YOUR CONTINUED USE OF THIS WEBSITE AND/OR CONTINUED PROVISION OF PERSONAL INFORMATION TO US WILL BE SUBJECT TO THE TERMS OF THE THEN-CURRENT POLICY.