Privacy Policy
Pirafy provides this Privacy Policy to inform you, the user (hereinafter referred to as “you” or the “User”), of our policies and procedures regarding the collection, use and disclosure of personally identifiable information received by us from you through your use of our services (referred to, individually, as a “Service” and, collectively, as the “Services”) this website including mobile applications, owned, controlled or offered by 'Pirafy' and all content offered as a part of our services. This Privacy Policy may be updated or amended at any time at our sole discretion. We will notify you of any material changes to our Privacy Policy by posting the new Privacy Policy on our Website. You are advised to consult this Privacy Policy regularly for any changes. By using or accessing the Website, or any of the Services, you signify your absolute and unconditional acceptance of the provisions and practices set out in this Privacy Policy and consent to us processing your information as set forth in this Privacy Policy (as amended from time to time)
Personal Data: As part of our Services, we may require you to share with us your personal data when you voluntarily choose to register with us or as may subsequently be required. We use this personal data to provide and improve our Services and as otherwise set forth in this Privacy Policy and our Terms of Service.
Use of Personal Data: We use the personal data that you provide in a manner that is consistent with this Privacy Policy or with any applicable service-specific agreement, without being limited, however, by the purposes for which such personal data was initially provided to us. For instance, we may also contact or communicate with your clients to inform them of products and services offered by third parties, and/or to promote our business and services. We will, however, provide such recipients the opportunity to opt out of receiving further communications from us. We may also share your personal data or Third Party Personal Data information collected through the Website, with our affiliates and/or partners to help us improve the content and functionality of the Website.
Personally Non-Identifiable Information: We may collect personally non-identifiable information from you at the time of registration, when you choose to use a Service, or at any subsequent time. This information is not, by itself, sufficient to identify or contact you or your clients. We may store such information, or it may be included in databases owned and maintained by our affiliates, partners, agents or service providers. This Website may use such information and pool it with other information.
Cookies: This Website may make use of cookies. Our cookies help provide additional functionality to the Website and help us analyze Website usage more accurately. Certain functions of the Website necessarily require the use of cookies. Your use of any such functions shall be construed as express consent to the use of cookies.
Sharing of Information: We won't share you or your clients' Third Party Personal Data with anyone except as enumerated below or as provided elsewhere in this Privacy Policy, unless we specifically inform you and give you an opportunity to opt out of such sharing or disclosure.
We may share your personal information with:
Authorized service providers: These are persons who will provide certain services on our behalf. These services may include, but not be limited to, fulfilling orders, processing credit card payments and other payment transactions, delivering packages, providing customer service and marketing assistance, performing business and sales analyses, supporting the Website's functioning, and managing/supporting contests, surveys and other features we may offer. We may give these service providers access to your clients' or your personal information to the extent reasonably required to perform their functions, but we do not allow them to further share or to use any of such personal information for any other purpose.
Business partners: We may share your clients or your personal information with the merchants offering products, services, promotions, contests and/or sweepstakes. We won't share your personal information with these businesses unless you choose to participate in their offer or program. When you choose to engage in a particular offer or program, you authorize us to share your email address and other information with the relevant merchant.
Other Situations: We may also disclose your clients' or your information
'Personal information' means any information that relates to a natural person which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person.
Sensitive personal data or information of a person means such personal information which consists of information relating to;--
- password;
- financial information such as Bank account or credit card or debit card or other payment instrument details
- physical, physiological and mental health condition;
- sexual orientation;
- medical records and history;
- Biometric information;
- any detail relating to the above clauses as provided to body corporate for providing service; and
- any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise: Provided that any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data or information for the purposes of these rules.
While collecting information directly from the person concerned, the body corporate or any person on its behalf shall take such steps as are, in the circumstances, reasonable to ensure that the person concerned is having the knowledge of --
- the agency that is collecting the information; and
- the agency that will retain the information.
Body corporate or any person on its behalf holding sensitive personal data or information shall not retain that information for longer than is required for the purposes for which the information may lawfully be used or is otherwise required under any other law for the time being in force.
The information collected shall be used for the purpose for which it has been collected. Body corporate or any person on its behalf shall permit the providers of information, as and when requested by them, to review the information they had provided and ensure that any personal information or sensitive personal data or information found to be inaccurate or deficient shall be corrected or amended as feasible.
Body corporate or any person on its behalf shall, prior to the collection of information including sensitive personal data or information, provide an option to the provider of the information to not to provide the data or information sought to be collected. The provider of information shall, at any time while availing the services or otherwise; also have an option to withdraw its consent given earlier to the body corporate. Such withdrawal of the consent shall be sent in writing to the body corporate. In the case of provider of information not providing or later on withdrawing his consent, the body corporate shall have the option not to provide goods or services for which the said information was sought. Body corporate shall address any discrepancies and grievances of their provider of the information with respect to processing of information in a time bound manner. For this purpose, the body corporate shall designate a Grievance Officer and publish his name and contact details on its website. The Grievance Officer shall redress the grievances of provider of information expeditiously but within one month from the date of receipt of grievance. The body corporate or any person on its behalf shall not publish the sensitive personal data or information. The third party receiving the sensitive personal data or information from body corporate or any person on its behalf under sub-rule (1) shall not disclose it further.
To make sure we are able to provide a service to our users and customers, we need to make sure our pages are accurate and up-to-date. To help us do so, you agree to: i. Keep your registration data and contact information accurate and up-to-date. ii. Keep your account IDs and account information confidential and to not share your login information or account IDs, let anyone else access your account, or do anything else that might jeopardize the security of your account.
Reasonable Security Practices and Procedures
- A body corporate or a person on its behalf shall be considered to have complied with reasonable security practices and procedures, if they have implemented such security practices and standards and have a comprehensive documented information security programme and information security policies that contain managerial, technical, operational and physical security control measures that are commensurate with the information assets being protected with the nature of business. In the event of an information security breach, the body corporate or a person on its behalf shall be required to demonstrate, as and when called upon to do so by the agency mandated/under the law, that they have implemented security control measures as per their documented information security programme and information security policies.
- The international Standard IS/ISO/IEC 27001 on 'Information Technology -Security Techniques - Information Security Management System - Requirements' is one such standard referred to in sub-rule (1).
- Any industry association or an entity formed by such an association, whose members are self-regulating by following other than IS/ISO/IEC codes of best practices for data protection as per sub-rule(1), shall get its codes of best practices duly approved and notified by the Central Government for effective implementation.
- The body corporate or a person on its behalf who have implemented either IS/ISO/IEC 27001 standard or the codes of best practices for data protection as approved and notified under sub-rule (3) shall be deemed to have complied with reasonable security practices and procedures provided that such standard or the codes of best practices have been certified or audited on a regular basis by entities through independent auditor, duly approved by the Central Government. The audit of reasonable security practices and procedures shall be carried cut by an auditor at least once a year or as and when the body corporate or a person on its behalf undertake significant upgradation of its process and computer resource.