Last updated 08 July, 2019
THIS POLICY DESCRIBES OUR POLICIES AND PROCEDURES FOR COLLECTION, USE, STORAGE, PROCESSING, DISCLOSURE AND PROTECTION OF ANY INFORMATION, INCLUDING, BUT NOT LIMITED TO, BUSINESS OR PERSONAL DATA PROVIDED BY YOU AS A USER (hereinafter referred to as “YOU” “YOUR” or “USER”) WHILE USING THE KAARVA PRODUCT. USER SHALL MEAN ANY PERSON/ PERSONS, WHO VISITS, USES, DEALS WITH AND/ OR TRANSACTS THROUGH KAARVA PRODUCT.
THIS POLICY CONSTITUTES A LEGAL AGREEMENT BETWEEN YOU, AS THE USER OF KAARVA PRODUCT AND THE COMPANY, AS THE OWNER OF THE KAARVA PRODUCT. YOU MUST BE A NATURAL PERSON, CITIZEN OF INDIA, WHO IS ATLEAST 18 YEARS OF AGE.
BY VISITING/ ACCESSING THE KAARVA PRODUCT AND VOLUNTARILY PROVIDING US WITH INFORMATION (PERSONAL AND/ OR NON-PERSONAL), YOU ARE CONSENTING TO OUR USE OF IT IN ACCORDANCE WITH THIS POLICY. THIS POLICY DOES NOT APPLY TO THIRD-PARTY WEBSITES/ APPLICATIONS THAT ARE CONNECTED VIA LINKS TO THE KAARVA PRODUCT. IF YOU DO NOT AGREE WITH THE TERMS AND CONDITIONS OF THIS POLICY, PLEASE DO NOT PROCEED FURTHER TO USE/ ACCESS KAARVA PRODUCT.
You must periodically review the policy for the latest information on our privacy practices.
1.1. www.kaarva.com (“Website”) and the mobile apps, web interfaces, APIs, documentation, servers and all other Intellectual Property, software, products under the brand name Kaarva and infrastructure (collectively referred to as “Kaarva Product” are owned, Kaarva Services Private Limited ("Company or Us or Kaarva"), a Company, incorporated under the laws of the India and having its corporate office at No. 227, 1st Floor, 15th Main Koramangala 4th Block, Bengaluru - 560034.
For the purposes of this Policy, the key terms are defined as follows:
1. ‘Personal Data’ means any information relating to User or identifiable to User; an identifiable to User is one who can be identified, directly or indirectly, in particular by reference to User such as name, an identification number, government identification numbers, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person, income tax returns, information collected through Facebook, Twitter, LinkedIn or other social media accounts of the Users which have been linked to the account on the Kaarva Product, information that You provide when You write directly to the Company (including by e-mail) or provide Us over telephone; Recordings of telephonic conversations between You and our call centre executives for any query or assistance, information with respect to IMEI code, details on whether Your phone supports dual sim cards, mobile network, name of the device, device operating systems and IP address, information relating to other mobile applications installed on Your device Credit related information that is collected from other sources like the credit bureau, information about Your transaction history like spend data, call history, contact list and other related information through our mobile application and any other information that the Company is required to collect as per specific mandate from any bank or as a requirement under applicable law
2. ‘Processing’ means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction;
3. ‘Processor’ means a Company or third parties engaged by the Company. The Company is a processor for all data entered into Kaarva by Users.
4. ‘Recipient’ means a Company or any legal person, public authority, agency or another body, to which the Personal Data are disclosed, whether a third-party or not.
5. ‘Third-party’ means a natural or legal person, public authority, agency or body other than the User, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process Personal Data;
6. ‘Consent’ of the User means any freely given, specific, informed and unambiguous indication of the User’s wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of Personal Data relating to him or her;
7. ‘Personal Data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, Personal Data transmitted, stored or otherwise processed;
2. Information collected from the User(s)
2.1. Company protects Personal Data in accordance with applicable laws and our data privacy policies. In addition, Company maintains the appropriate technical and organizational measures to protect Personal Data against unauthorized or unlawful processing and/or against accidental loss, alteration, disclosure or access, or accidental or unlawful destruction of or damage thereto. We collect information directly from your employer, as well as automatically through use of our Website, services through the Kaarva Products and, in some cases, from third parties.
2.1.1. Information That You Give is:
1. First and last name;
2. Email address(es);
3. Physical Address;
4. Mobile and other phone number(s);
5. Date of birth;
8. User Profile photos that You upload including but not limited to the selfie you upload
9. Salary information and employer information;
10. Bank Statements to access salary & financial health
11. Any other required account or other information requested by the Company.
2.1.2. Information Collected Automatically: When User use or interact with our Website directly and services through our Kaarva Product, we receive and store information generated by activity, like Usage Data, and other information automatically collected from browser or mobile device. This information may include IP address; browser type and version; preferred language; geographic location using IP address, wireless, or Bluetooth technology on device; operating system and computer platform; the full Uniform Resource Locator (URL) clickstream to, though, and from our Website, including date and time. We also may log the length of time of visit and the number of times User visit and use the services. We may assign User one or more unique identifiers to help keep track of future visits.
2.1.3. Information from Other Sources: If we receive any information about User from other sources, we may add it to the information we already have about User.
2.1.4. Information from our website visitors: Our website visitors contact us for more information or request for product demos. For this purpose, we generally request for name, email, Company name and contact number.
3. How the collected information will be used
3.1. Lawful Basis of processing
We process your Personal Data only when we have a lawful basis. Presently, we use the performance of contract, e-signing and consent as the lawful basis for processing. For certain processing, we may also use legitimate interests as provided under the data protection regulations. In some cases, we may also have a legal obligation to collect Personal Data from You or may otherwise need the Personal Data to protect Your vital interests or those of another person.
3.2. Use of Personal Data – We use the Personal Data that we have about You to provide our services and provide support to You. The information collected by Us when You use the Website and services, shall be used in the manner described below:
1. To conduct KYC for our third-party partners based on the information shared by the User for the provision of services. This would include conducting analysis of Your bank statements and eKYC. The Company may directly or through third parties, conduct the KYC on its Users. In the event the KYC as detailed under this clause is being conducted by its third-party service providers, The Company shares Your relevant information with such third-party service providers for availing the said services;
2. Facilitate use of the Kaarva Product, its upgrades, its replacements and to maintain the Kaarva Product.
3. Contact and communicate with Users with respect to Kaarva Product;
4. Provide technical service and support, including updates and notifications;
5. Respond to legal requirements, exercise our legal rights or defend against legal claims, to protect our interests, fight fraud or illegal activity, to enforce our policies, or to protect third-party rights, property, or safety.
6. Customize and/or tailor the Kaarva Product and user experience, which may include displaying information based on their search or content from other users.
8. Responding to our Users on queries and support issues 9. Use the User information in order to comply with laws and regulations in India.
When You give your consent to us for contacting You for marketing purposes by signing up for our blog, regular updates, demo of Kaarva Products or by providing any information to any of the Kaarva Product’s.
3.4. Users under 16 years of age
Kaarva Product do not knowingly collect Personal Data from Users under the age of 16. If You are under the age of 16, You are not permitted to use Kaarva Product and services.
4. Disclosure of Personal Data
The following categories of recipients will most likely receive Your Personal Data in order for us to provide services to You
• Third-party Data Center Services such as AWS, etc.
• Third-party SMTP Services such as Sendgrid, etc.
• Third-party helpdesk applications/tools for troubleshooting
• Third-party service providers to process Your bank statements and eKYC
• To the financial service providers, banks or NBFCs and our third-party partners for providing the services
• To conduct data analysis in order to serve You better.
Information Sharing and Disclosure
The Company also may in good faith disclose Personal Data and any other additional information available to the Company for any of the following purposes: (i) investigate, prevent or take action regarding actual or suspected illegal activities or fraud, situations involving potential threats to the physical safety of any person, or violations of the Company's policies; (ii) respond to or defend against subpoenas, court orders, or other legal process; (iii) establish or exercise the Company's legal rights; or (iv) otherwise comply with applicable law.
5. User’s Rights with respect to Processing Personal Data
Users are entitled (in the circumstances and under the conditions, and subject to the exceptions, set out in applicable law) to:
• Request access to the Personal Data: This right entitles Users to know whether we hold Personal Data about them and, if we do, to obtain information on and a copy of that Personal Data.
• Request a rectification of Personal Data: This right entitles Users to have Personal Data be corrected if it is inaccurate or incomplete.
• Object to the Processing of Personal Data: This right entitles User to request that Company no longer Processes Personal Data.
• Request the erasure of Personal Data: This right entitles User to request the erasure of Personal Data, including where such Personal Data would no longer be necessary to achieve the purposes.
• Request the restriction of the processing of Personal Data: This right entitles User to request that Company only processes Personal Data in limited circumstances, including with consent.
• Request portability of Personal Data: This right entitles User to receive a copy (in a structured, commonly used and machine-readable format) of Personal Data that employers have provided to Company, or request Company to transmit such Personal Data to another data controller.
As a User, You would need to submit a request via the Website or email to request for deletion, opt-out or to receive a copy of Your Personal Data.
6.2. We may use third-party cookies to track visitor behaviour and to improve the quality of our services. However, such cookies will not store any kind of Personal Data, nor will such Personal Data be disclosed to any third-party. We might also use other technology to track how You interact with Website and employ some third-party agencies to use the data on our behalf for data analysis to determine Your use and journey on the Kaarva Product.
6.3. These cookies are intended to be automatically cleared or deleted when the User quits the browser application. User are encouraged to use the “clear cookies” functionality of browser to ensure such clearing / deletion, since it is impossible for us to guarantee, predict or provide for the behaviour of system. User have a variety of tools to control cookies, web beacons and similar technologies, including browser controls to block and delete cookies and controls from some third-party analytics service providers to opt out of data collection through web beacons and similar technologies. Users browser and other choices may impact experiences with our products.
6.4. The information we collect with cookies is not sold, rented, or shared with any third parties, other than for internal development and maintenance of the Kaarva Product and to retarget and remarket Kaarva Product and our partner products to User.
7. Third-party Links
7.1. We may provide links to websites for the convenience and information of users. These websites may not be owned, controlled, or operated by us. In those cases, we cannot control how information collected by those websites will be used, shared, or secured. If the user visits linked sites, we strongly recommend that the user reviews the privacy notices or policies posted at those sites. We are not responsible for the content of linked sites, the User’s use of them, or the information practices of their operators.
8. Data Security Procedures
8.1. We maintain organizational, physical and technical security arrangements for all the Personal Data we hold. We have protocols, controls and relevant policies, procedures and guidance to maintain these arrangements taking into account the risks associated with the categories of Personal Data and the processing we undertake to protect any kind of personal sensitive information that we have under our control from unauthorized access, improper use or disclosure, unauthorized modification and unlawful destruction or accidental loss. We adopt market leading security measures to protect Personal Data.
8.2. Regarding use of our Websites, User should understand that the open nature of the internet is such that information and Personal Data flows over networks connecting User to our systems without security measures and may be accessed and used by people other than those for whom the data are intended.
9. Retention of Information
9.1. We will retain Personal Data only for as long as is necessary. We maintain specific records management and retention policies and procedures, so that Personal Data are deleted after a reasonable time according to the following retention criteria:
• We retain Personal Data as long as we have an ongoing relationship with You. Once You choose to close their accounts, the information is deleted within 180 days of such closure. When You decide to close your account, we delete all Personal Data about You including any user generated content.
• We will only keep the data while Your account is active or for as long as needed to provide services.
• We can retain data for as long as needed in order to comply with our legal and contractual obligations.
9.2. We store and process Your Personal Data on Microsoft Azure, Amazon cloud servers and other cloud service providers. Some of the safeguards We use are firewalls and data encryption using SSL, and information access authorization controls. We use reasonable safeguards to preserve the integrity and security of Your information against loss, theft, unauthorised access, disclosure, reproduction, use or amendment. To achieve the same, We use reasonable security practices and procedures as mandated under applicable laws for the protection of Your information. Information You provide to Us may be stored on our secure servers located within or outside India.
9.3. However, You understand and accept that there’s no guarantee that data transmission over the Internet will be completely secure and that any information that You transmit to Us is at Your own risk. We assume no liability for any disclosure of information due to errors in transmission, unauthorized third-party access to our Website and data bases or other acts of third parties, or acts or omissions beyond our reasonable control and You shall not be entitled to hold the Company responsible for any breach of security.
10.1. If the User wishes to opt- out of receiving non-essential (promotional, marketing-related) communications from us, after setting up an account, they may choose to do so by making such preference changes within the application or contacting us at firstname.lastname@example.org
11. Governing Law
13. Limitations of Liability
You expressly understand and agree that the Company shall not be liable for any direct, indirect, incidental, special, consequential or exemplary damages, including but not limited to, damages for loss of profits, goodwill, use, data, information, details or other intangible losses (even if the Company has been advised of the possibility of such damages), resulting from: (i) the use or the inability to use the Services; (ii) unauthorized access to or alteration of your Personal Data.
You may contact us at our mailing address below:
45, 18th Main Rd, Sector 3,
HSR Layout, Bengaluru,
Please write to us at email@example.com if:
• Users and visitors have a general question about how Company protects Personal Data.
• Users and visitors wish to exercise rights in relation to Personal Data rights.
• Users and visitors wish to make a complaint about Company’s use of Personal Data.
You can contact our Data Privacy Officer at firstname.lastname@example.org.
If you are a resident of the European Economic Area and we maintain your Personal Data within the scope of the General Data Protection Regulation (GDPR), you have additional rights. If, despite our commitment and efforts to protect Personal Data, You believe that your data privacy rights have been violated, we encourage and welcome Users to come to the Company first to seek resolution of any complaint.
Have a question?
Not sure exactly what we’re looking for or just want clarification? We’d be happy to chat with you and clear things up for you. Anytime!
45, 18th Main Rd, Sector 3, HSR Layout, Bengaluru, Karnataka 560102