Privacy Policy
General
This Privacy Statement (‘Statement’) is an elaborative description of how CtrlS collects, shares and/or processes the personal data that is shared by individuals or organizations and also serves as an explainer on the privacy related rights pertaining to personal data. CtrlS, its affiliates and subsidiaries (hereinafter collectively referred to as ‘CtrlS’) understand and value the importance of protecting the personal data that the User shares with CtrlS. This Statement is applicable to all users of the CtrlS website, CtrlS’s Customers who avail CtrlS’s services, its Vendors, persons/individuals who participate in any marketing/recruitment activities, events etc. hosted by CtrlS and also to all persons/stakeholders who are involved in any transaction with CtrlS where there is any use/collection/sharing of personal information (hereinafter collectively referred to as the ‘User’).The personal data that CtrlS collects about the User:
CtrlS does not and will not collect any personal data about the User unless such User provides it to CtrlS voluntarily. CtrlS collects information during User’s interactions with CtrlS, whether through business related interactions or online, including through CtrlS’s websites that is necessary to conduct its business, to provide the services to the customers, as part of business operations and optimisation of its service offerings.
CtrlS may collect, use, store and transfer different kinds of personal data which have been grouped together as follows:
- Identity Data: including first name, last name.
- Contact Data: including address, email address, and telephone numbers.
- Marketing and Communications Data: including User’s preferences in receiving marketing from CtrlS (including authorised third parties) and User’s communication preferences.
- Public PII is easily accessible from public sources like phonebooks, the Internet, and corporate directories Visiting Cards, Business telephone number and Business mailing or email address.
How is the User’s personal data collected?
Generally, CtrlS collects personal information related to employees, customers and representatives when they decide to interact with us, or avail services or express an interest or apply for a position. The kind of data that CtrlS collects and/or has visibility/access to, depends solely on the context and the nature of User’s interaction with CtrlS and in case of CtrlS’s customers, the nature service offering that such customer avails from CtrlS. CtrlS do not solicit and/or collect any sort of personal information that is irrelevant/not necessary for the provision of services to the User. CtrlS further declare that it does not participate in any sort of data mining activities whatsoever, with any third parties.Purposes for which CtrlS may use the personal data belonging to the User:
CtrlS may use personal information for the following purposes only:
- To engage in activity in relation to CtrlS’s member services. This may include sending updates, meeting invite and other information that may be of important.
- where anyone has applied for a position with CtrlS, to review and process job application
- To comply with legal or regulatory obligations that CtrlS are obliged to discharge.
- To verify identify and entitlements to CtrlS’s products and services when the User contacts CtrlS or access its services.
- To supply services and manage payments.
- To send statements and invoices, and collect payments.
- To provide commercial quotes.
- To provide technical and customer support.
- To obtain feedback on CtrlS’s services.
- To provide improved website and product experience and communications informed by product subscriptions and/or data collected.
Purposes for which CtrlS may collect the personal data belonging to the User and the rationale behind such collection:
CtrlS uses personal information only where required for specific purposes. The following table serves as an explainer for the purpose for which CtrlS collects/uses of the personal data belonging to the User and the rationale behind such collection/use:
Purpose/Instance | Rationale |
Managing CtrlS’s contractual and/or employment relationship with the User. | Necessary for the performance of a contract to which User is a party. |
Recruitment. | As an employer, CtrlS collects User’s personal information in order to manage and carry out the recruitment process and User’s employment with CtrlS. |
Facilitating communication with the User (including in case of emergencies, and to provide User with requested information). | To ensure proper communication and emergency handling within the organization. This kind of collection includes collection of basic contact information of relevant stakeholders. |
Operating and managing CtrlS business operations. | To ensure the proper functioning of CtrlS business operations and optimise CtrlSservice offerings. |
Complying with legal requirements. | This is a legitimate purpose as CtrlS is bound by and is subject to all applicable laws and legal mandates. |
Monitoring User’s use of CtrlS systems (including use of CtrlS website ). | To avoid compliance related issues and protecting the standards of CtrlSservice offerings, ensuring that they meet the legal requirements and industry standards. |
Improving the security and functioning of CtrlS website, networks and information. | To ensure that User receives an excellent user experience and CtrlS networks and information are secure. |
Undertaking data analytics, i.e. applying analytics to business operations and data to describe, predict and improve business performance within CtrlS and/or to provide a better user experience. | To ensure the proper functioning of CtrlS business operations and optimise CtrlS service offerings. |
Marketing CtrlS products and services to User. | To ensure the proper functioning and growth of CtrlS business operations. However, any kind of collection for this purpose will be subject to User’s consent and privacy rights. |
Customers billing address, email address, and telephone numbers and prospective clients information | For performance of contract. |
Purposes for which CtrlS may share personal data belonging to the User:
CtrlS shares the User’s personal data with the User’s consent and/or to carry out any transaction and/or provide any service that the User has authorized or requested. CtrlS also shares any such personal data with its wholly owned subsidiaries and affiliates whenever necessary, to optimize CtrlS’s service offerings. Further, CtrlS may also share User’s personal data with its vendors/suppliers/third parties wherever necessary on strict need to know basis, ensuring that such parties are bound by the privacy principles detailed herein and are bound by strict confidentiality obligations. Lastly, CtrlS shares personal data when required by applicable laws/legal mandates and/or in order to respond to any legal process, including but not limited to protection of the rights and property of CtrlS and its customers.How CtrlS protects personal data belonging to the User:
CtrlS is committed to protecting its User’s personal data. CtrlS has put in place safeguards including appropriate technologies, policies, and contractual arrangements, so that the data that CtrlS possesses about the Users is protected from unauthorized access and improper use. The safeguards CtrlS have put in place to protect User’s personal data include the following Technical and Organizational Measures:- Organizational management is responsible for the development, implementation, and maintenance of CtrlS’s Privacy program.
- External Audits will be conducted annually once. Any gaps identified in the audit, will be addressed with corrective action for information security and the cloud operations.
- Maintain Information security policies and make sure that policies and measures are regularly reviewed and where necessary, improve them
- Communication with CtrlS applications utilizes cryptographic protocols such as TLS to protect information in transit over public networks.
- Data security controls which include logical segregation of data, restricted (e.g. role-based) access is used.
- Logical access controls designed to manage electronic access to data and system functionality based on authority levels and job functions.
- Password controls designed to manage and control password strength, and usage including prohibiting users from sharing passwords.
- Physical Access Control:
- Unauthorized persons shall be prevented from gaining physical access to premises, buildings or rooms where data processing systems are located which process and/or use Personal Information.
- Measures: All Datacentres adhere to strict security procedures enforced by guards, surveillance cameras, access control mechanisms and other measures to prevent equipment and Datacentre facilities from being compromised. Only authorized representatives have access to systems and infrastructure within the Datacentre facilities. To ensure proper functionality, physical security equipment (e.g. cameras, etc.) are maintained on a regular basis. In detail, the following physical security measures are implemented at all Datacentres:
- CtrlS protects its assets and facilities using the appropriate means based on a security classification conducted by security department.
- In general, buildings are secured through access control systems (smart card access system).
- Change management procedures and tracking mechanisms designed to approve and monitor all changes to CtrlS technology and information assets.
- Incident / problem management procedures design to allow CtrlS investigate, respond to, mitigate and notify of events related to CtrlS technology and information assets.
- Vulnerability assessment, patch management, and threat protection technologies and scheduled monitoring procedures designed to identify, assess, mitigate and protect against identified security threats, viruses and other malicious code.
Network and Information Security
CtrlS maintains a variety of physical, electronic, and procedural safeguards to protect personal information. Also, uses encryption technologies to protect account information when customers viewing the bill on Website or via email. Customers should be aware that CtrlS has no control over the security of other sites on the Internet that they might visit, interact with to buy the products or services. Customers should keep the user name, password or other access information safe to protect against unauthorized access to account information and services. And customers must adopt strong passwords that others may not guess easily. User’s rights pertaining to its personal data and privacy: Subject to applicable laws, all Users have the following rights:- Right to obtain information regarding the processing of personal information and access to the personal information which CtrlS holds.
- Please note that there may be circumstances in which CtrlS are entitled to refuse requests for access to copies of personal information as per applicable laws. In particular, information that is subject to legal professional privilege will not be disclosed other than to CtrlS affiliates/subsidiaries and as authorised by such affiliates/subsidiaries.
- Right to request CtrlS to correct any personal information if it is inaccurate or incomplete.
- Right to request CtrlS to erase personal information in certain circumstances. Please note that there may be circumstances where CtrlS may erase personal information but CtrlS is legally entitled to retain it.
- Right to object to and request that CtrlS restricts, its processing of personal information in certain circumstances. Again, there may be circumstances where the User objects to, or asks CtrlS to restrict, it’s processing of personal information but CtrlS is legally entitled to refuse that request.
- Right to withdraw consent, although in certain circumstances it may be lawful for CtrlS to continue processing without User consent if permissible under law.
- And any other rights that User may hold as the owner of such data as per applicable laws.
Content
All hosting services provided by CtrlS may be used for lawful purposes only. Transmission, storage, or presentation of any information, data or material in violation of any Indian law is prohibited. This includes, but is not limited to copyrighted material, trade secret, material in our opinion is obscene, not in public interest, opposed to public policy or is an invasion of privacy of any person or entity. All pornographic content and sex-related merchandising is prohibited on all CtrlS servers. This includes sites that may infer sexual content or links to adult content elsewhere. CtrlS will be the sole arbiter in determining violations of this provision. Also prohibited are sites that promote any illegal activity or present content that may be damaging to CtrlS servers or any other server on the internet. Links to such materials are also prohibited. Examples of unacceptable content or links: Pirated software Hacker programs or archives Warez sites, CtrlS will be the sole arbiter as to what constitutes a violation of this provision. Materials and Products- We will exercise no control whatsoever over the content of the information passing through the network or on the Customer’s websites.
- We make no warranties or guarantees of any kind, whether expressed or implied for the service provided and also disclaims any warranty of merchantability or fitness for particular purpose and will not be responsible for any damages that may be suffered by the Customer, including loss of data resulting from delays, non- deliveries or service interruptions or gaps by any cause or errors or omissions of the Customer.
- CtrlS is not responsible for any loss, erasure, or corruption of Customer’s data or files whatsoever unless agreed otherwise
- Use of any information obtained by way of CtrlS is at the Customer’s own risk, and we specifically deny any responsibility for the accuracy or quality of information obtained through our services.