GAVS Technologies Private Limited, its subsidiaries and any other directly controlled entities as may exist from time to time, hereinafter referred to as ‘GAVS, ‘we’, ‘us’ or ‘our’ is committed to respect your privacy and choices.
This document uses the term GAVS, we, us, our, which means the GAVS as an organization, its people (employees or contractors), vendors, sub-contractors, and the processes.
By agreeing to avail the services and by submitting your personal data and information, you consent to the collection, transfer, processing, storage, disclosure, and other uses thereof as described in this Privacy Policy.
This document outlines the data privacy protection policy of the organization GAVS. It describes in detail how GAVS collects, processes, and discloses information, and what choices you have with respect to the information. While GAVS had always been diligent in protecting corporate and personal data, this policy is an amendment to the existing protection in light of the GDPR and DPDP compliance’s requirements. This policy is also amended to bring better readability and clarity, in order to prevent any ambiguity in terms of its content and/or intentions.
APPLICABILITY OF THIS PRIVACY POLICY
This Privacy Policy applies to GAVS as an organization, including its information technology infrastructure, premises, and all geographical work locations.
This Privacy Policy also applies to the third-party vendors who may or may not process the data while providing their services or products to GAVS. It also applies to the online presence (website) of GAVS.
PRINCIPLES RELATING TO PROCESSING OF PERSONAL DATA\
Personal Data and Information that are collected by or shared with or accessible to us shall be:
- Processed lawfully, fairly and in a transparent manner;
- Collected for specified, explicit and legitimate purposes as may be required by us;
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- Accurate and, where necessary, kept up to date for which reasonable step shall be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- Kept in a form which permits identification of data subjects / data principals for no longer than is necessary for the purposes for which the personal data are processed; provided that personal data may be stored for longer periods if so for any scientific or historical research purposes or statistical or any other legitimate purposes subject to implementation of appropriate technical and organizational measures to safeguard the rights and freedoms of the data subject/data principal;
- Processed in a manner that ensures appropriate security of personal data, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.
ACCURACY OF INFORMATION
Please make sure that any Personal Data and Information you share with us is accurate and up to date information. If you are sharing any Personal Data and Information on behalf of a third person, you should ensure that you are authorized to do so.
INFORMATION WE COLLECT
For the purposes of this privacy policy, ‘Information’ is any personal data which relates to an individual who may be identified from that data, or from a combination of a set of data, and other information which is in possession of GAVS.
GAVS may collect and receive customer data and other information in a variety of ways:
PERSONAL DATA
Personal data means any information relating to an identified or identifiable natural person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person and includes but not limited to, for the purpose of this policy document: First name, Last Name, Address, birth date, personal email address, Job title, workplace, Citizenship records, Background check details from law authorities or investigating agencies, in respect of employee, contractor, customer or any other person or entity having business relation with GAVS. We shall not verify or authenticate such Personal Information as provided by you. We shall not be held responsible for getting access to Personal Information as a part of providing the Services.
CUSTOMER DATA
GAVS may also collect and/or generate and/or receives and/or process data as below:
- Authentication login details to sign into systems to perform duties and/or provide services to the customer.
- Log data gathered while catering services to the customer. This log data may include data elements as defined by the customer. Examples are (but not limited to) device information, location information, IP addresses etc.
- Cookie Information. GAVS uses cookies for websites. Cookies may include tracking information which shall let GAVS know the location of the user.
- Additional information provided to GAVS. We receive other Information when submitted to our websites or if you participate in a focus group, contest, activity, or event, apply for a job, request support, interact with our social media accounts or otherwise communicate with GAVS.
- As the note referencing above data, while working or dealing or communicating with GAVS, no one is under a statutory or contractual obligation to provide any customer data.
SOURCES OF INFORMATION
We may collect the aforementioned Personal Information through various sources, such as mentioned below:
- Submitted by yourself, through our website forms, applications on our portals, or by contacting/emailing our official contacts
- Shared to GAVS employees, such as our sales or marketing representatives.
- Shared with or by GAVS’s affiliates.
- Shared by the employers of the visitors and contractors, where applicable.
- Sourced from public websites and social media, including your publicly accessible profiles.
- Shared by our suppliers, vendors, and service providers.
CONSENT AND WITHDRAWAL
GAVS ensures to obtain the consent from the entity or subject, either in written form or electronic form. While we rely on your consent to process the personal information, you have the right to withdraw or decline your consent at any time. Please note that this does not affect the lawfulness of the processing based on consent before its withdrawal. If you choose not to provide your Personal Information that is mandatory to process your request, we may not be able to fulfill the relevant purpose of processing, including provision of any services to you, if applicable.
HOW WE USE INFORMATION
To the extent permitted by applicable laws, Customer Data will be used by GAVS in accordance with Customer’s instructions, including any applicable terms in the customer agreement and customer’s use of services functionality, and as required by applicable law. Depending upon the nature of business, services, and tasks to be performed as a part of service agreements, GAVS may either be a data processor or data controller. Below are various reasons that may prompt GAVS either to be a processor or a controller of the collected data.
- To provide services and business operations.
- To improve services and develop business operations.
- To adhere to the law, legal processes, or regulations.
- To communicate with you by responding to your requests, comments, and questions, either as a part of formal communication or the support.
- To send emails and other electronic communications, inter alia, for billing, finance, legal and all other administration related tasks.
- To investigate and help prevent security issues and abuse.
- To provide better usability, troubleshooting and site maintenance.
- To understand which parts of the website are visited and how frequently.
- To create your login credentials, where applicable.
- To identify you once you register on our website.
- To perform data analytics for providing a better user experience, enhance website performance and achieve business objectives.
- To manage and maintain our relationship.
- To protect your data and GAVS’s assets from information security threats and to secure against any unauthorized access, disclosure, alteration, or destruction.
- And for any other legitimate purpose.
LEGAL BASIS OF THE PROCESSING
Processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
The applicable privacy and data protection laws provide for certain justifiable grounds for collection and processing of personal data, commonly referred to as legal basis of processing. We primarily rely on the following legal bases:
- We process your Personal Information when it is necessary for the performance of a contract to which you are the party or in order to take steps at your request prior to entering into a contract, e.g., when you would engage with us for receiving our services and offerings, or when managing the data of our employees for ensuring the performance of their employment contract.
- We process your Personal Information when it is necessary for the purposes of a legitimate interest pursued by us or a third party (when these interests are not overridden by your data protection rights), e.g., when we need to understand your usage of our website and interaction with the same, for generating your secure login credentials, or to optimize our processes.
- We process your Personal Information with your consent. Where we process Personal Data based on consent, your consent is revocable at any time, e.g., when registering and inviting you for events organized by us, or for sharing our marketing related communications with you.
- We may process your personal Information to comply with any Legal obligations on us, including to applicable laws and protecting our legal rights, seeking remedies, and defending against claims.
- We process your Personal Information by implementing appropriate technical and organizational measures, such as, pseudonymization, while determining the means for processing in an effective manner and to integrate the necessary safeguards into the processing to meet the requirements of applicable data protection laws and to protect the rights of data subjects/data principals.
PROCESSING IN CONTEXT OF EMPLOYMENT
- We ensure the protection of the rights and freedoms in respect of the processing of employees’ personaldata in the employment context, in particular for the purposes of the recruitment, the performance of the contract of employment, including discharge of obligations laid down by law or by collective agreements, management, planning and organisation of work, equality and diversity in the workplace, health and safety at work, protection of employer’s or customer’s property and for the purposes of exercise and enjoyment of rights and benefits related to employment, and for the purpose of the termination of the employment relationship.
- We take suitable and specific measures to safeguard the data subject’s human dignity, legitimate interests and fundamental rights, with particular regard to the transparency of processing, the transfer of personal data within a group of undertakings, or a group of enterprises engaged in a joint economic activity and monitoring systems at the workplace whenever applicable.
DATA RETENTION
Personal Information will not be retained for a period longer than necessary to fulfill the purposes outlined in this privacy statement unless a longer retention period is required by law or for directly related legitimate business purposes, subject to the rights of the data subjects/data principals to restrict use and/or to delete Personal Information or any specific portion thereof. Personal Data that is no longer required to be retained as per legal and business requirements will be disposed of in a secure manner.
This information may include keeping your various data elements, even after the customer discontinues services and makes the contract void. This is because GAVS finds it essential to comply with various information security audits, comply with legal obligations, resolve disputes and work with law enforcement agencies.
HOW WE SHARE AND DISCLOSE INFORMATION
This section describes how GAVS may share and disclose Information. We share and disclose personal information subject to the consent of the data subjects/data principals and/or in accordance with applicable data protection laws. Wherever applicable, we share personal information in anonymized or pseudonymized manner.
Customers determine their own policies and practices for the sharing and disclosure of the data, and GAVS does not control how they or any other third parties choose to share or disclose Information.
GAVS may solely share and disclose customer data in accordance with a customer’s instructions, including any applicable terms in the customer agreement and customer’s use of services functionality, and in compliance with applicable law and legal process.
GAVS may engage third party companies or individuals as service providers or business partners to process the obtained information, as a part of business functionality. In such cases GAVS shall treat these third-party companies as sub-processors and shall impose continuance of data privacy and security on them, via a formal contract and clear communication.
To the extent permitted by law, we may share your Personal Information with agents, contractors, consultants, or partners of the Company in connection with services that these individuals or entities perform for, or with, the Company. These agents, contractors or partners are restricted from using such Personal Information in any way other than to provide services for the Company, or services for the collaboration in which they and the Company are engaged.
EMAIL DISCLAIMER
Confidentiality Notice and Disclaimer: This email (including any attachments) contains information that may be confidential, privileged and/or copyrighted and intended solely for the use of the individual or entity to whom they are addressed. If you are not the intended recipient, please notify the sender immediately and destroy this email and you should not disseminate, distribute, or copy this e-mail. Any unauthorized use of the contents of this email in any manner whatsoever is strictly prohibited. If improper activity is suspected, all available information may be used by the sender for possible disciplinary action, prosecution, civil claim or any remedy or lawful purpose.
Email transmission cannot be guaranteed to be secure or error-free, as information could be intercepted, lost, arrive late, or contain viruses. The sender is not liable whatsoever for damage resulting from the opening of this message and/or the use of the information contained in this message and/or attachments. Expressions in this email cannot be treated as opined by the sender company management – they are solely expressed by the sender unless authorized.
SECURITY
GAVS is committed to lawful, fair, and transparent processing of all personal information about its employees, customers, suppliers and other third parties during the course of business activities. GAVS takes security of data very seriously and works very hard steps to protect it. These steps take into account the sensitivity of the data we collect, process and store, and the current state of technology. GAVS has deployed the latest and standardized electronic equipment, an information technology network, computing hardware and software for data protection that is monitored on a continuous basis to achieve round-the-clock information security assurance.
However, it is practically not possible to guarantee that during transmission through the Internet or while stored on our systems or otherwise in our care, such information will be absolutely safe from intrusion by others, despite having the appropriate firewalls and protection security system in place. Data pilferage, due to unauthorized hacking, virus attacks, technical issues, AI impact, is possible, and we assume no liability or responsibility for it. You are required to be careful to avoid “phishing” scams, where someone may send you an e-mail that looks like it is from us asking for your Personal Information.
INTERNATIONAL DATA TRANSFERS
As a part of service delivery, GAVS may transfer your personal data to countries other than the one in which you live. The level of protection for personal information is not the same in all countries, however we shall take reasonable and appropriate steps in line with applicable laws while executing such transfer.
DATA PROTECTION OFFICER
GAVS takes data privacy and its security very seriously. GAVS will always comply with any applicable data protection legislation and will ensure that collection and use of personal information is carried out in accordance with applicable data protection laws. To that end, authoritative personnel shall always be designated as a Data Protection Officer (DPO) who shall be given an authority and responsibility of information security and data privacy. The objective of such designation shall be to have a single point of contact that shall be answerable for any information security related incident which compromises confidentiality, integrity, availability, and privacy.
To communicate with our Data Protection Officer, please email dpo@gavstech.com
YOUR RIGHTS
Individuals located in certain countries, including the European Union and India, have certain statutory rights in relation to their personal data. Subject to any exemptions provided by law, you may have the right to request access to Information, as well as to seek to update, delete or correct this Information. Where the data processing is based on your consent, you may withdraw your consent to the processing of any Personal Data at any time. This will not affect the lawfulness of any processing operation before your withdrawal. You may contact GAVS DPO or the Customer service contact, for additional help in this matter.
LINKS TO OTHER WEBSITES
Our website may contain links to other websites/applications of your interest. The Services may also include aspects or features which can be accessed through third party platforms or websites. Please note that we do not have any control over such third party websites/applications, and you will be accessing these websites/applications at your own risk. Therefore, we cannot be held responsible for the protection and privacy of any information which you provide whilst visiting such websites/applications and those are not governed by this Privacy Policy. You should exercise caution and look at the privacy policy applicable to such websites/applications.
CHILDREN’S PRIVACY
GAVS website, its associated products or services and hosted contents, are not intended for the use by children.
As such we do not knowingly solicit or collect personally identifiable information online from children without prior verifiable parental consent. If GAVS learns that a child has submitted personally identifiable information online without parental consent, it will take all reasonable measures to delete such information from its databases and to not use such information for any purpose (except where necessary to protect the safety of the child or others as required or allowed by law). If you become aware of any personally identifiable information we have collected from children, please email us at dpo@gavstech.com.
GOVERNING LAWS & DISPUTES
This Privacy Policy shall be construed and governed by the laws of India without regard to principles of conflict of laws. Any dispute arising, between you and us shall be submitted to the arbitration to be conducted in Chennai, India in English language, in accordance with the rules of Arbitration and Conciliation Act of 1996, including modification and/or reenactment thereof, by a sole arbitrator (appointed mutually by the parties), and the award made in pursuance thereof shall be binding on you and us. Subject to the arbitration provisions, you agree that the courts in Chennai, India shall have an exclusive jurisdiction over such disputes. For any EU residents, this Privacy Policy shall be governed by the provisions of the GDPR.
COMPLIANCE
GAVS is in compliance with all applicable data privacy laws, including the General Data Protection Regulation (GDPR), Data Protection Laws of USA, and Digital Personal Data Protection Act, 2023 (DPDP) of India. We are committed to protecting your personal data and processing it in a lawful, transparent, and accountable manner.
CHANGES TO THIS POLICY
GAVS may, at its sole discretion, change this Privacy Policy from time to time, with a sole purpose to cope up with changing business nature and/or data severity and/or customer’s demand. This can also be due to the changes in laws, regulations and industry standards which may make those changes necessary. GAVS will continue to update the same on the website to ensure that the privacy policy is up to date and is being clearly communicated. Customers and users of GAVS website are highly encouraged to review our privacy policy to stay informed.
This Privacy Policy was last modified: April 2024.
CONTACT US
For any kind of queries, questions, concerns or complaints about our processing operations and our commitment to this Privacy Policy should be addressed to GAVS DPO.
You can also write to us at: dpo@gavstech.com
GAVS Technologies Private Limited
No.11 and 13, Rajiv Gandhi Salai Old Mahabalipuram Road,
Sholinganallur, Chennai, TN 600119 India
DPDP ANNEX
DPO details to raise any complaints are as follows:
You can also write to us at: dpo@gavstech.com
GDPR ANNEX
DPO details to raise any complaints are as follows:
You can also write to us at: dpo@gavstech.com