If we learn that we have collected the Personal Information (defined below) from a subscriber who is under the age of 16 that was not provided under the supervision and consent of the minor’s parents or guardians, we will promptly delete such information. If you believe that we have collected Personal Information from someone under the age of 16, please contact us at firstname.lastname@example.org.
This Policy is published and shall be construed to be in accordance with the provisions of the General Data Protection Regulation 2016/679 (“GDPR”), United Kingdom’s Data Protection Act 2018 (“DPA”), UK General Data Protection Regulation (“UKGDPR”), California Consumer Protection Act (“CCPA”), Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data of Information) Rules, 2011 (“SPDI”) under the Information Technology Act, 2000, Personal Data Protection Act, 2012 (“PDPA”), broadly aligning with the Australian Privacy Act 1988 (“Australian Privacy Act”), Privacy Act, 2020 (“NZ Privacy Act”) and the other applicable data protection /data privacy statutes, if any, rules, regulations and other bye-laws in force made thereunder, in the territories of UK, Europe, USA, India, Singapore, Australia and New Zealand (collective referred as “Applicable Laws”) that require publishing of the privacy notice for collection, usage, storage, disclosure and transfer of sensitive personal data or information to the extent we collect and process the personal information as a business and/or service provider.
The capitalized terms used in this Policy shall have the meaning as provided herein below. Other capitalized terms used in this Policy shall have the meaning respectively assigned to them elsewhere in this Policy.
- “Account” means any accounts or instances created by or on behalf of the Subscriber of Kula on the Platform for the access to and use of Platform and Services.
- “Consumer” means a natural person who is a resident of California, U.S.A, whose Personal Data/ Information is collected and processed by the Processor.
- “Controller” means the natural or legal person, public authority, agency, or other body which alone or jointly with others, determines the purposes and means of the processing of Personal Information.
- “Data Subject” means an identified or identifiable natural person who is a resident of the European Union or United Kingdom whose Personal Information is being processed by the Processor and/or the Controller.
- “End user” means any person or entity with whom the Subscriber interacts using the Services.
- “Google Analytics” means a web analytics service provided by Google, Inc.
- “Individual” means a natural person, whether living or deceased who is resident of Singapore whose Personal Information processed by the Processor as per PDPA and/or a natural person, other than a deceased natural person who is resident of New Zealand whose Personal Data/ Information processed by the Processor as per NZ Privacy Act and/or a natural person who is resident of New Zealand whose Personal Information processed by the Processor as per Australian Privacy Act.
- “Process” means any operation or set of operations which is performed on Personal Information or on sets of Personal Information, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
- “Processor” means a natural or legal person, public authority, agency, or other body which processes Personal Information on behalf of the Controller.
- “Services” means the functions, responsibilities, cloud services, activities and/or tasks performed or to be performed by Kula to the Subscriber as mutually agreed under the Master Service Agreement and also as agreed under respective Order Form.
- “Subscriber” means the natural or legal person that has subscribed to avail the Services by signing up to the Platform and our Services.
Is Kula a data processor or a data controller?
A “data controller” is the party that alone or jointly with others determines the purposes and means of the processing of personal data, and processes the personal data for its own purposes. While using Kula to engage with candidates, our customers(Subscribers) are the data controllers because they determine the purpose (e.g. recruiting a candidate) and the means (using Kula) of processing the personal data. Separately, Kula is a data controller for the personal data associated with customers’ Kula account (e.g. your business contact information) because we control the means and purposes of this processing for our use: invoicing, to communicate information about their account and for other administrative functions.
Kula is the “data processor” because we process personal data of candidates on behalf of our customers(Subscribers) under an agreement in which they tell us what data to process, for what purpose(s), how long we can keep that data, and any restrictions they impose on our use of their data.
WHAT KIND OF INFORMATION DO WE COLLECT?
When you create an account with us or access our Platform and/or use the Services provided by us, we shall collect certain information from you, the details of which are provided below.
Any information that relates to you as a natural person, which, either directly or indirectly, in combination with other information available or likely to be available to a body corporate, is capable of identifying you and any further information, including, without limitation, provided by you to us when you
(a) subscribe for any of Kula’s Services/Platform by signing-up such as complete name and address, contact number, email address, social media credentials and any other identifiers and any other sensitive/personal information as defined under the Applicable Laws as amended from time to time;
(b) use or view Kula’s Platform which may result in personal information/data being collected via your browser’s Cookies;
(c) submit web forms on our Platform or as you use interactive features of the Platform, including participation in surveys, contests, promotions, sweepstakes,
(d) request customer support, or otherwise communicate with us; or
(e) when you use the Services, Kula automatically collects information on the type of device you use, and the operating system version, to perform our agreement with you (“Personal Information”).
Usage Information Any information that is not Personal Information, but information collected in relation to your use of the Platform or information required for the proper functioning and development of the Platform, including, without limitation: (i) time, date and extent of your usage of the Platform; (ii) your usage and search history within the Platform, (iii) device settings; (iv) time zone, language, screen resolution, and other usage preferences you select when using the Platform; (v) the URL or advertisement that may have directed you to the Platform; (vii) other device and Platform access information viz., your IP address, operating system, browser type, referring/exit pages, and other unique device identifiers, as well as your push notification token.
Behavioural Information we shall collect information which is connected with your activity on the Platform and opt-ins and communication preferences.
Location Data Information about your location when accessing and/or using the Platform.
Transaction and Payment Information:
We or our authorised payment gateway solution providers, as the case may be, collect information such as billing address, credit/debit card number, its expiration date or any other payment instrument details and transaction details or any other third-party payment information of you.
Third party Information
Information about you that we may receive from third parties services, such as advertising partners, data providers and analytics providers.We may collect your third-party social media networks information including your contact lists for these Services and information relating to your use of the Platform in relation to these Services, if you choose to link or sign up using a third-party social network or login service (such as Facebook, Twitter, Instagram, or Google). If you link your Account in our Platform to another service, we may receive information about your profile information from that service.
HOW DO WE USE YOUR INFORMATION?
WITH WHOM DO WE SHARE YOUR INFORMATION?
When we disclose the Personal Information for a business purpose as mentioned above, we enter into a contract that describes the purpose and requires the recipient to keep both confidential and Personal Information and not use it for any purpose except performing the contract. We want you to understand when and with whom we may share the information we collect for business purposes. Your information is shared with others who have a legitimate purpose for processing or accessing it in the following ways:
Legal Reasons - we may disclose any of the information we collect to respond to summons, court orders, legal process, law enforcement requests, legal claims, or government inquiries, and to protect and defend the rights, interests, safety, and security of us, the Platform, our affiliates, users, or the public. We may also share any of the information we collect to enforce any terms applicable to the Platform, to exercise or defend any legal claims, and comply with any applicable laws.
Sale, Merger, or Other Business Transfer - We may share all of the information we collect in connection with a substantial corporate transaction, such as the sale of a Platform, a merger, consolidation, asset sales, or in the unlikely event of bankruptcy.
Service Providers, Business Partners
We share the categories of Personal Information listed above with service providers and business partners (including those located outside your country) to help us perform business operations and for business purposes, including research, payment processing and transaction fulfilment, database maintenance, administering contests and special offers, technology services, deliveries, sending communications, advertising, analytics, measurement, data storage and hosting, disaster recovery, search engine optimization, marketing, and data processing. These service providers and business partners may include: advertising, marketing, and analytics vendors, who may receive the information you choose to provide, the information we obtain from other sources, and the information we collect automatically but would not receive your payment information or message data. Payment processors and transaction fulfilment providers, who may receive the information you choose to provide, the information we obtain from other sources, and the information we collect automatically but who do not receive your message data.Cloud providers, who may receive the information you choose to provide, the information we obtain from other sources, and the information we collect automatically. Research providers, who may receive the information you choose to provide, the information we obtain from other sources, and the information we collect automatically but would not receive your payment information or message data. Customer and technical support providers, who may receive the information you choose to provide, the information we obtain from other sources, and the information we collect automatically.
We may share aggregated usage information and may otherwise disclose non-Personal Information that we collect to third parties. However, absent your prior consent, we will share your Personal Information with third parties only in the ways that are described in this Policy, including as set forth below.
We may use third parties to outsource one or more aspects of our business and/or Platform operations (such as email or customer service functions, data processing, web analytics, maintenance, online advertising, and security execution and clearing services), in which case, we may provide your Personal Information to such third parties in connection with the performance of such activities. Such third parties will only use your Personal Information to the extent necessary to perform their functions and will be contractually bound to process your Personal Information only on our behalf and in compliance with our requests. We will also share your information with any member, subsidiary, parent or affiliate of our corporate group, to assist in the improvement and optimization of the Platform, in order to prevent illegal uses, increase subscriber numbers, development, engineering and analysis of information or for our internal business purposes.In the unlikely event of our bankruptcy, insolvency, reorganisation, receivership, or assignment for the benefit of creditors, or the application of laws or equitable principles affecting creditors’ rights generally, we may not be able to control how your Personal Information is treated, transferred, or used.
For Gmail users, Kula needs permissions to some restricted scopes and the usage of each are explained below
mail.google.com permission: mail.google.com permission will be used to send and receive Flow emails and also delete Flow emails from the Sender’s mailbox.
gmail.readonly permission: gmail.readonly permission will be used to receive and read the email replies of a candidate to an Flow and update the Flow stages and allow the recruiter to follow-up with the candidate. This permission is used for customers who allow only restrictive control over their mailbox.
gmail.compose permission: gmail.compose permission will be used to send emails to candidates added to an ouFlowtreach. This permission is used for customers who allow only restrictive control over their mailbox.
userinfo.email permission: userinfo.email permission will be used to allow recruiters to sign-in using Google OAuth2.
userinfo.profile permission: userinfo.profile permission will be used to allow recruiters to sign-in using Google OAuth2 and get details like their name from Google.
All the data collected through the Google OAuth restricted scopes will not be shared to any third parties and the association will be removed when the user is deactivated. Kula's use of information received, and App's transfer of information to any other app, from Google APIs will adhere to Google's Limited use Requirements.
Gmail API Disclosure: Kula’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services user Data Policy, including the Limited use requirements.
WHAT LEGAL BASIS DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?
Our legal basis for collecting, using and sharing the Personal Information described above will depend on the Personal Information concerned and the context in which we collect it. However, we will normally collect and/or process your Personal Information pursuant to one or more of the following legal bases:
- The processing is in our legitimate interests which do not override your data protection interests or fundamental rights and freedoms.
- The processing is necessary to perform a contract with you.
- The processing is necessary to comply with our legal obligations.
- We may also seek your consent to process or retain your Personal Information in certain, limited circumstances that we clearly identify to you.
In some limited cases, we may need the Personal Information to protect your vital interests or those of another person; for example, we may need to share your Personal Information with third parties for security reasons (when we believe in good faith that disclosure is necessary to protect our rights, protect your or others’ safety, to investigate fraud, or respond to a related government request). If we ask you to provide Personal Information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and let you know whether the provision of your Personal Information is mandatory or not (as well as the possible consequences if you do not provide it). Similarly, if we collect and use your Personal Information in reliance on our legitimate interests (or those of a third party) that are not listed above, we will make clear to you at the relevant time what those legitimate interests are. If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Information, please contact us using the contact details provided in the “Contact us” section below.
EUROPEAN UNION AND UNITED KINGDOM – RESIDENT SPECIFIC RIGHTS UNDER GDPR, DPA AND UK GDPR
If you are a resident of EU, or UK, you have the following data protection rights regarding your Personal Information collected by us:
Your Right to Access
If you ask us, we will confirm whether we are processing your Personal Information and, if so, provide you access to the following information: the purpose of processing, categories of data processed, the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations, where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period, the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the Data Subject or to object to such processing; the right to lodge a complaint with a supervisory authority; where the personal data are not collected from the Data Subject, any available information as to their source; the existence of automated decision-making, including profiling. A copy of that Personal Information undergoing processing and the same shall be provided in commonly used electronic form unless otherwise requested by you at free of cost. If you require additional copies, we may charge a reasonable fee for producing those additional copies.
Your Right to Rectification
If the Personal Information we hold about you is inaccurate or incomplete, you are entitled to have it rectified. If we have shared your Personal Information with others, we will let them know about the rectification where possible. If you ask us, where possible and lawful to do so, we will also tell you who we have shared your Personal Information with so that you can contact them.
Your right to erasure
Subject to the provisions of the GDPR, DPA and UK GDPR, you can ask us to delete or remove your Personal Information in some circumstances, such as where we no longer need it or where you withdraw your consent (where applicable). If we have shared your Personal Information with others, we will take reasonable endeavours including technical measures to erase the personal data and let them know about the request of erasure from you of any links, copy or replication of Personal Information where possible. If you ask us, where it is possible and lawful for us to do so, we will also tell you who we have shared your Personal Information with so that you can contact them directly. However, you understand that we shall not be obligated to erase the Personal Information to the extent that processing is necessary for (i) exercising the right to freedom of expression and information (ii) for compliance with legal obligation which requires processing by law to which we are subject to and for the performance of a task carried out in public interest (iii) for the establishment, exercise or defence of legal claims.
Your right to restrict processing
You can ask us to “block” or suppress the processing of your Personal Information in certain circumstances such as where you contest the accuracy of that Personal Information, or you object to us processing it for a particular purpose. This may not mean that we will stop storing your Personal Information but, where we do keep it, we will tell you if we remove any restriction that we have placed on your Personal Information to stop us processing it further. If we have shared your Personal Information with others, we will let them know about the restriction where it is possible for us to do so. If you ask us, where it is possible and lawful for us to do so, we will also tell you who we have shared your Personal Information with so that you can contact them directly. However, with your prior consent process the data restricted by you for the establishment, exercise, defence of legal claims for the protection of the rights of another legal person or for the reasons of public interest.
Your right to data portability
You have the right, in certain circumstances, to obtain Personal Information you have provided to us (in a structured, commonly used, and machine-readable format) and to reuse it elsewhere or to ask us to transfer it to your chosen third party.
Your right to object
You can ask us to stop processing your Personal Information, and we will do so, if we are: (i) relying on our own or someone else’s legitimate interest to process your Personal Information, except if we can demonstrate compelling legal grounds for the processing; or (ii) processing your Personal Information for direct marketing purposes.Your rights in relation to automated decision-making and profiling– You have the right not to be subject to a decision when it is based on automatic processing, including profiling, if it produces a legal effect or similarly significantly affects you, unless such profiling is necessary for the entering into, or the performance of, a contract between you and us.
Your right to withdraw consent
If we have collected and processed your Personal Information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information conducted in reliance on lawful processing grounds other than consent.
Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within ten (10) business days of receiving it.
Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue the Services to you and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing in the manner described in clause 9(c)(i) above. Please note that withdrawing consent does not affect our right to continue to collect, use and disclose your Personal Information where such collection, use and disclose without consent is permitted or required under PDPA.
Your right to opt out of marketing communications
You have the right to opt-out of marketing communications we send you at any time. you can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing emails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), please contact us using the contact details provided in the “Contact us” clause below.
Your right to lodge a complaint with the supervisory authority
If you have a concern about any aspect of our privacy practices, including the way we have handled your Personal Information, please contact us using the contact details provided in the “Contact us” clause below. You also have the right to complain to a data protection authority in the member state of your residence or the place of the alleged infringement. You can find a list of contact details for all EU supervisory authorities at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. The UK data protection regulator is the Information Commissioner’s Office and contact details can be found at https://ico.org.uk. If you wish to exercise any of the above-mentioned rights in relation to your Personal Information (hereinafter referred to as a “Request”), you can do so at any time by contacting us using the details in ‘Contact us’ clause below. We will deal with your Request with special care to ensure your rights can be exercised effectively. You understand that we shall only process your Request after we have verified your identity which may mean requesting further information from you. We shall endeavour to respond to your Request and inform you on the actions taken, within one 1 month from your Request or within a reasonable timeframe in accordance with GDPR, DPA or UK GDPR. However, you must be aware that, in particular cases (for instance, due to legal requirements) we may not be able to make your Request effective right away. However, your enforcement of the rights as a Data Subject can be exercised subject to the provisions under the GDPR, DPA or UK GDPR.
CALIFORNIA – RESIDENT SPECIFIC RIGHTS UNDER CCPA
CCPA provides the Consumer with specific rights regarding their Personal Information. Right to Request Access and Data Portability. You have the right to request access to the Personal Information that we collected from you and that we disclose such information to you about our collection and use of your personal information over the past 12 months. You shall submit a verifiable consumer request to access the information. Once such verifiable request form is approved by us, we shall disclose to you the following in a usable format which can be transferred by you to other entities without hindrance.
- The categories of personal information we collected about you and the categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third parties with whom we share that personal information.
- The specific pieces of personal information we collected about you If we sold or disclosed your personal information for a business purpose, two separate lists disclosing: sales, identifying the personal information categories that each category of recipient purchased; and disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
We can provide you the Personal Information at any time but shall not be required to provide Personal Information to you more than twice in a 12-month period according to CCPA. As per CCPA, we are not required to do the following: Retain any personal information about a Consumer collected for a single one-time transaction if, in the ordinary course of business, that information about the Consumer is not retained. Reidentify or otherwise link any data that, in the ordinary course of business, is not maintained in a manner that would be considered personal information. Deletion Request Rights You have the right to delete any of your Personal Information provided to us.
You may submit a verifiable consumer request to delete the Personal Information provided to us and also to direct the service providers with whom we have shared your Personal Information from their records. However, we shall not be required to comply to your request of deletion if is necessary for us or for our service provider to maintain your Personal Information in order to: Complete the transaction for which the personal information was collected, provide a good or service requested by the Consumer, or reasonably anticipated within the context of a business’s ongoing business relationship with the Consumer, or otherwise perform a contract between the business and the Consumer. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity. Debug to identify and repair errors that impair existing intended functionality. Exercise free speech, ensure the right of another Consumer to exercise his or her right of free speech, or exercise another right provided for by law. Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the businesses’ deletion of the information is likely to render impossible or seriously impair the achievement of such research, if the Consumer has provided informed consent. To enable solely internal uses that are reasonably aligned with the expectations of the Consumer based on the Consumer’s relationship with the business. Comply with a legal obligation.Otherwise use the Consumer’s personal information, internally, in a lawful manner that is compatible with the context in which the Consumer provided the information. Personal Information Sales Opt-Out Rights You shall, at any time, have the right to direct us to not to sell your Personal Information to any third parties. we do not sell Your Personal Information and will not sell it without your prior consent. However, You can enforce Your Opt-Out Right by clicking “DO NOT SELL MY INFORMATION” on the homepage of our Platform. Non-Discrimination we shall not discriminate against you for exercising your rights under CCPA. we shall not: Deny you goods or services. Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.Provide you a different level or quality of goods or services. Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services. However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA - permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.
Exercising Access, Portability and Deletion Rights in order to exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by sending an email to email@example.com. A verifiable consumer request related to you can only be made by you or any of your legal representatives. The request for access or data portability can be only made twice within a 12-month period. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. Through the verifiable request form you must provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorised representative and to properly understand, evaluate, and respond to it. Please note that we will not be able to your request or provide you with the Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. It is clarified that you need not create an Account with us to make a verifiable consumer request. we shall endeavour to deliver and disclose to you the required information within forty-five (45) days of receipt of verifiable consumer request. we shall reasonably notify you in case we need more time (up to 90 days) for disclosing information to you. If you have an Account with us, we shall deliver the information to your Account in a readable format which you can transmit to other entities without hindrance.
INDIA – RESIDENT SPECIFIC RIGHTS UNDER SPDI
In certain circumstances, you have the right to access the Personal Information that we hold about you and to correct, update, or request deletion of your Personal Information. Prior to the fulfilment of your request concerning your Personal Information, we will ask you to verify your identity before we can act upon your request. You have the following rights:The right to request proper rectification, removal, or restriction of your Personal Information;The right to require free of charge (1) confirmation of whether we process your Personal Information and (2) access to a copy of the Personal Information retained;The right to take legal actions in relation to any breach of your rights regarding the processing of the Personal Information, as well as to lodge complaints before the competent data protection regulators.The right not to be subject to any automatic individual decisions which produces legal effects on you or similarly significantly affects you;Where the processing of your Personal Information is based on your consent, the right to withdraw your consent at any time without impact to data processing activities that have taken place before such withdrawal or to any other existing legal justification of the processing activity in question;Where processing of your Personal Information is either based on your consent or necessary for the performance of a contract with you and processing is carried out by automated means, the right to receive the Personal Information concerning you in a structured, commonly used, and machine-readable format or to have your Personal Information transmitted directly to another company, where technically feasible (data portability);As far as we process your Personal Information on the basis of our legitimate interests, you can object to processing at any time. You can find a detailed description of our processing activities and the legal basis in the clauses above. If you object to such processing, we ask you to state the grounds of your objection in order for us to examine the processing of your Personal Information and decide whether to adjust the processing accordingly.
AUSTRALIA AND NEW ZEALAND – RESIDENT SPECIFIC RIGHTS UNDER AUSTRALIAN PRIVACY ACT AND NZ PRIVACY ACT
We broadly align Australian and New Zealand Privacy Principles, put forth by the respective governments. Australian and New Zealand Privacy Principles emphasise on appropriate treatment of Personal Information as per the below principles and practices.Right to access and correction of Personal InformationIf you wish to make: an access request for access to a copy of the Personal Information which we hold about you or information about the ways in which we use or disclose your Personal Information, ora correction request to correct or update any of your Personal Information which we hold about you, you may submit your request in writing or via email at the contact details provided in the “Contact us” clause below.You can also make an urgent request to access and/or correct your Personal Information. However, you are required to state the reason why such a request should be treated as urgent. Please note that a reasonable fee may be charged for an access or correction request. If so, we will inform you of the fee before processing your request.We will respond to your request within the timelines prescribed under the Applicable Laws, as the case may be, from the date of receiving your access or correction requestor as soon as reasonably possible. If we are unable to provide you with any Personal Information or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the Australian Privacy Act and NZ Privacy Act).Please note that depending on the request that is being made, we will only need to provide you with access to your Personal Information contained in the documents requested, and not to the entire documents themselves. In those cases, it may be appropriate for us to simply provide you with confirmation of your Personal Information that we have on record, if the record of your Personal Information forms a negligible part of the document.Right to complaintYou shall also have a right to make a complaint to the Commissioner under the Australian Privacy Act and NZ Privacy Act, if you have issues with fee charged by us for an access or correction request or if your access or correction request has not been responded by us or If your access or correction request has been refused by us.Other rightsYou are also entitled to other rights and interest pertaining to your Personal Information under the Australian Privacy Act and NZ Privacy Act. Right to object direct marketing we will only use your Personal Information for direct marketing after obtaining your consent. You shall, at any time, have the right to direct us to not to use your Personal Information for direct marketing under Australian Privacy Act.
SPECIFIC RIGHTS AND PROVISIONS UNDER SINGAPORE – PERSONAL DATA PROTECTION ACT (PDPA) We generally do not collect your Personal Information unless:it is provided to us voluntarily by you directly or via a third party who has been duly authorised by you to disclose your Personal Information to us (your “Authorised Representative”) after:you or your Authorised Representative have been notified of the purposes for which the your Personal Information is collected, and you or your Authorised Representative have provided written consent to the collection and usage of your Personal Information for those purposes, or collection and use of your Personal Information without your consent is permitted or required by the PDPA. Further, if necessary, we shall also seek your consent before collecting any other additional Personal Information.
Deemed consent by notification
We may collect or use your Personal Information, or disclose existing Personal Information for secondary purposes that differ from the primary purpose which it had originally collected for pursuant to clauses 1, 2 and 3 above. If we intend to rely on deemed consent by notification for such secondary purposes, we will notify you of the proposed collection, use or disclosure of your Personal Information through appropriate mode(s) of communication.
Before relying on deemed consent by notification, we will assess and determine that the collection, use and disclosure of the your Personal Information will not likely have an adverse effect on you.You will be given a reasonable period to inform us if you wish to opt-out of the collection, use and disclosure of your Personal Information for such purposes.
After the lapse of the opt-out period, you may notify us that you no longer wish to consent to the purposes for which your consent was deemed by notification by withdrawing your consent for the collection, use or disclosure of your Personal Information in relation to those purposes.
Access and correction of Personal Information
If you wish to make: an access request for access to a copy of the Personal Information which we hold about you or information about the ways in which we use or disclose your Personal Information, ora correction request to correct or update any of your Personal Information which we hold about you, you may submit your request in writing or via email to our Data Protection Officer at the contact details provided below.Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.We will respond to your request as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any Personal Information or to make a correction requested by you, we shall generally inform You of the reasons why we are unable to do so (except where we are not required to do so under the PDPA)Please note that depending on the request that is being made, we will only need to provide you with access to your Personal Information contained in the documents requested, and not to the entire documents themselves. In those cases, it may be appropriate for us to simply provide you with confirmation of your Personal Information that we have on record, if the record of your Personal Information forms a negligible part of the document.Please note that your right to access the Personal Information shall be subject to the provisions under PDPA.
TRANSFER AND INTERNATIONAL TRANSFER
We or our appointed service providers shall collect, use, process, store and disclose your Personal Information outside your home countries, to provide our Services. Such outside countries may have data protection and privacy laws that are different from the laws of your home countries. We only transfer Personal Information to another country in accordance with the Applicable Laws, provided there are legally adequate protections in place for the Personal Information.
Further, transfer of your Personal Information also include:
a) In the event that we undergo reorganisation, are sold to, or merged with a third party, or sell all or substantially all of our assets, any Personal Information we hold about you may be transferred to that re-organized entity or third party in compliance with applicable law;
b) In the unlikely event of our bankruptcy, insolvency, reorganisation, receivership, or assignment for the benefit of creditors, or the application of laws or equitable principles affecting creditors’ rights generally, we may not be able to control how your Personal Information is treated, transferred, or used.
In certain situations, we may be required to disclose your Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We strive to keep our processing activities with respect to your Personal Information as limited as possible.
For EU and UK’s Data Subjects: For your Personal Information transferred from the EU, or UK to us in other countries, and for onward transfers of your Personal Information to our appointed services providers, we and our appointed service providers will protect your Personal Information when it is transferred from the EU, or UK to other countries by: Processing your Personal Information in a territory which the EU and/or UK authorities (or other relevant governmental authority) has determined provides an adequate level of protection for Personal Information or Implementing appropriate safeguards to protect your Personal Information, including through the use of Standard Contractual Clauses(SCCs) or another lawful transfer mechanism approved by the EU and/or UK authorities (or other relevant governmental authority). For other international transfers of your Personal Information from the EU, and the UK, we shall implement such measures as are necessary to ensure that appropriate safeguards are provided to your transferred Personal Information, as agreed with you.
RETENTION OF PERSONAL DATA/ INFORMATION
We shall retain your Personal Information or other information (“Your Data”) for a period of 90 days from the date of deletion of your Account as per our Data Deletion Policy (wherein, the said policy shall be shared only upon the request placed by you to us) and/or for a period as long as we need it to fulfil the purpose for which we have collected it and/or if applicable, as long as required by statutory retention requirements and/or according to the timeframes set forth under the Applicable Laws. Thereafter, Your Personal Information shall be permanently removed (except when required by law to retain). We make no representation or warranty with respect to any duty to permanently store any information you may provide or that we otherwise collect about you except as required under the Applicable Laws. Please note that statutory storage obligations or the need for legal actions that may arise from misconduct within the Platform can lead to a longer retention of your Personal Information. By using the Platform and providing us with information (including Personal Information), you waive any claims that may arise under your own or any other local or national laws, rules or regulations or international treaties. we may from time-to-time transfer or merge your information collected off-line to our online databases or store off-line information in an electronic format.
PROTECTION OF PERSONAL DATA/ INFORMATION
We follow generally accepted standards to protect the Personal Information submitted to us, both during transmission and once we receive it. Since no method of transmission over the Internet, or method of electronic storage, is 100% secure, therefore, we cannot guarantee its absolute security. If you have any questions about security on our Platform, you can contact us at firstname.lastname@example.org. We use a combination of firewalls, encryption techniques and authentication procedures, among others, to maintain the security of your online session and to protect our online accounts and systems from unauthorised access.
When you register for the Services, we require a password from you for your privacy. We transmit information such as your login credentials for Platform or account credentials securely. Our servers are in secure facilities(through our processor, Amazon Web Services).
Our databases are protected from general employee access both physically and logically. we encrypt your Service password so that your password cannot be recovered, even by us. All backup drives also are encrypted.
We enforce physical access controls to our buildings. No employee can put Personal Information on any insecure machine (i.e., nothing can be taken from the database and put on an insecure laptop). We permit only authorised employees who are trained in the proper handling of customer information, to have access to aforesaid Personal Information.
PRIVACY OF CHILDREN
Kula recognizes the importance of children's safety and privacy and is sensitive to these issues. Kula does not request, or knowingly collect, any Personal Data from children under the age of 18. If a parent or guardian becomes aware that his or her child has provided us with Personal Data, they should write to us at the email email@example.com.
LINK TO THIRD PARTY WEBSITES
INTIMATION BY YOU REGARDING CHANGE IN PERSONAL INFORMATION
We generally rely on Personal Information provided by you. In order to ensure that your Personal Information shall be current, complete and accurate.If your Personal Information provided to us when you had registered Yourself in our Platform changes, you must update it as soon as possible. To review and update your Personal Information through the “Edit” option in our Platform.
Note. If you wish to cancel your account or request that we no longer use your information to provide you Services, you can request us to delete the Account. However, we shall retain your information subject to clause 11 of this Policy. For Singapore’s residents:If there are changes to your Personal Information, please update us by informing our Data Protection Officer in writing or via email at the contact details provided below. Further, you also have an option to review and update your Personal Information through the “Edit” option in our Platform.
EMAIL NOTIFICATIONS AND OPT – OUT
CONFIDENTIALITY OF YOUR LOGIN ID AND PASSWORD
PRIVACY OFFICER/ DATA PROTECTION OFFICER
In case of any complaints, or concerns with regards to the use, processing and disclosure of Personal Information provided by you; any enquiries or feedback on our personal data protection policies and procedures; and/or any breach of this Policy or any applicable law should immediately be informed to the designated Privacy Officer / Data Protection Officer, as the case may be mentioned below:
Name - Achuthanand Tanjore Ravi
Email - firstname.lastname@example.org
CHANGES TO POLICY
We may update this Policy from time to time. When we update the Policy, we will notify you by updating the “Last Updated” date at the top of this Policy and posting the new Policy and providing any other notice required by applicable law.