PRIVACY POLICY

---

This Privacy Policy covers the information we collect about you when you use our products or services or websites, or otherwise interact with us (for example, by attending our events), unless a different policy is displayed. VIPL, we and us refers to Violet InfoSystems Private Limited as Controllers and any of our corporate affiliates that have been appointed as Processors.

We refer to our products, together with our services and websites as “Services” in this policy.

This Privacy Policy describes how VIPL collects and uses the personal information you provide. It also describes the choices available to you regarding the use of, your access to, and how to update and correct your personal information.

VIPL is responsible for the processing of personal data it receives, under Information Technology (Amendment) Act (2008). VIPL complies with the Information Technology (Amendment) Act (2008) for all onward transfers of personal data.

With respect to personal data received or transferred pursuant to the Information Technology (Amendment) Act (2008) and General Data Protection Regulation (GDPR). VIPL is subject to the regulatory enforcement powers of the IT Rules framed under Section 43A of the IT Act of Indian Ministry of Communication & Technology and General Data Protection Regulation (GDPR). In certain situations, VIPL may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Personal Identification Information

We may collect personal identification information from Users in multiple ways, including, but not limited to, when Users visit our site, voluntarily subscribe to the newsletter, fill out a form, and in connection with other activities, services, features or resources we make available on our Site. Users may be asked for, as appropriate, name and email address. Users may, however, visit our Site anonymously. We will collect personal identification information from Users only if they voluntarily submit such information to us. Users can always refuse to supply personal identification information; however, User may not be able to access certain Site related activities.

Non-Personal Identification Information

We may collect non-personal identification information about Users whenever they interact with our Site. Non-personall identification information may include the browser name, the type of computer and technical information about Users means of connection to our Site, such as the operating system and the Internet service providers utilized and other similar information that does not identify the User.

Information We Collect

Customer Data

Customer Data may be processed by us as a result of customer’s use of the Services when our customers, or their end-users, input or upload information into the Service. For example, customers who use our VIPL application may upload Customer Data about themselves or their employees.

This data includes name, email address, etc, we collect for providing the services.

Other Data

Customers provide data that is necessary to create user accounts. For creation of user accounts, you provide your name, email address and password. You also provide billing details for invoicing purposes.

We also collect data when you use our applications and websites:

• Log Data – Our servers automatically collect information when you access or use our applications and services. This data is recorded in log files. Examples of such data include IP Address
• Mobile Application – When you download and use our Services, we automatically collect information on the type of device you use, and operating system version.
• Subscription Data – You provide personal data to us as part of signing up for our newsletter on our websites. We may also collect personal information from you when you use interactive features of the Websites, promotions, requesting customer support, or otherwise communicating with us.
• Contact Us Data – When you enquire about our products and services, we collect and store this data to communicate with you and respond to your enquiry.

How Personal / Non-Personal Information is Collected:

• We collect information about you when you input it into the Services or otherwise provide it directly to us.
• We collect information about you when you register for an account, create or modify your profile, set preferences, sign-up for or make purchases through the Services.
• We collect content that you submit to websites owned or operated by us when you may choose to fill up contact forms or when you participate in any interactive features, surveys, promotions, activities or events.
• We collect information regarding a problem you are experiencing with the Services when you may choose to submit them to our customer support included in the Services.
• We collect information about you when you use our Services, including browsing our websites and taking certain actions within the Services.
• We collect information about your computer, phone, tablet, or other devices you use to access the Services.

How We Use Your Data

How we use your personal data will depend on which Services you use and how you use those Services.

Customer Data will be used by VIPL in accordance with Customer’s instructions, including any applicable terms in the Customer Agreement and as required by applicable law.

How we use Customer data

We use your data to authenticate you and authorize access to our services

We only process Customer Data on behalf of our customers and in accordance with their instructions provided in the applicable Services agreement with us. We use the data that we have about you to provide our services and provide support to you. In each case, VIPL collects such information only in so far as is necessary or appropriate to fulfil the purpose of the interaction with our services.

• To send emails and other communications. We may send you service, technical and other administrative emails, messages and other types of communications. We may also contact you to inform you about changes in our Services and our Services offerings. These communications are considered part of the Services and you may not opt out of them.
• Customer Support. If you send us a request (for example via a support email or via one of our feedback mechanisms), we respond to your request or to help your issues.
• For any other purpose as provided for in the Services Agreement between us and the customer, or as otherwise authorized by the customer;
• In accordance with or as may be required by law.

Lawful bases for processing

We have lawful bases to process your personal data. We also use your consent as bases for lawfully processing your personal data.

We process your personal data only when we have a lawful basis. Presently, we use the Performance of Contract (i.e. to deliver the services to our customers) and consent as the lawful basis for processing. For certain processing, we may also use legitimate interests as provided under the Data Protection Regulations.

In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests or those of another person.

Where you have consented to a particular processing, you have a right to withdraw the consent at any time.

Security of your Personal Information:

We implement security controls to prevent breaches and unauthorised access to your data.

We maintain reasonable and appropriate security measures to protect Customer Data from loss, misuse, and unauthorized access, disclosure, alteration, and destruction.

• The security of your personal information is of critical important to VIPL; We adhere to generally accepted security standards and have adopted commercially reasonable security measures to protect your personal data against accidental or unlawful destruction, loss, alteration, or unauthorized disclosure or access.
• We may use third-party products and services to secure or store your information.
• By using the Services or providing personal information to us, you agree that we can communicate with you electronically regarding security, privacy, and administrative issues relating to your use of the Services.
• Due to any reasons or circumstance if you believe that your interactions with the Services is not secure, please notify us immediately at privacy@violetinfo.com
• In case of any queries or concerns regarding the Security, you can write to us at privacy@violetinfo.com

Protection of personal information

Our Sites and Services uses commercial efforts to maintain safeguards for the protection of your Personal Information

VIPL takes all measures reasonably necessary to protect against the unauthorized access, use, alteration or destruction of potentially personally-identifying and personally-identifying information.

Sharing Personal Information:

We will and may disclose your personal information as and when required by the Law only in common interests and good faith of you and ours that disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.

If VIPL is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our website, of any change in ownership, uses of your personal information, and choices you may have regarding your personal information. We may also disclose your personal information to any other third party with your prior consent.

Disclosure/Disclaimers specific to VIPL Services:

• Usage of information that is collected by VIPL through its service will be limited to the purpose of providing services effectively for which the Client has engaged or subscribed with VIPL.
• Information collected by VIPL is solely under your discretion or under the direction of its Clients. VIPL has no direct relationship with the individuals whose personal data is collected.
• VIPL may transfer your information to Partner(s), Affiliate(s), Subordinate(s) and 3rd Party) that help us provide our services; such transfer of information is under the direction and rules of the Non-Disclosure & Service Agreements signed between VIPL & Partner/Affiliate/Sub-ordinate/3rd Party and Clients respectively.

Data Retention Policy

We will retain your personal information for as long as is needed to fulfil the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law (such as tax, accounting or other legal requirements).

We retain your information for as long as you have an active Services account. We may also retain your personal information for extended period under applicable statutory laws.

VIPL will retain Customer Data in accordance with a Customer’s instructions, including any applicable terms in the Customer Agreement and as required by applicable law. When you decide to close your account, we delete all personal information about you.

VIPL may retain Other Information pertaining to you for as long as necessary for the purposes described in this Privacy Policy

To Comply with Laws. – If we receive a request for information, we may disclose if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process.

Reasonable Security Safeguards

We shall protect all personal data in our possession or under our control by taking reasonable security safeguards as required under the Digital Personal Data Protection Act, 2023, along with any applicable rules, amendments, and notifications (“Applicable Data Protection Law”), to prevent any personal data breach.

We shall maintain reasonable security practices and procedures to protect Personal Data and Sensitive Personal Data through measures such as encryption, obfuscation, masking, or the use of virtual tokens mapped to such personal data, preventing unauthorised access, damage, use, modification, disclosure, or impairment.

We shall take reasonable measures to implement systems that enable appropriate logging for monitoring and reviewing visibility on the access of such personal data, and systems that support the detection of unauthorised access, its investigation, and remediation to prevent recurrence.

We shall conduct security audits and assessments at intervals required under Applicable Data Protection Law to identify vulnerabilities and ensure compliance with established industry security protocols, including ISO/IEC 27001 or any other equivalent information security framework, as applicable.

We shall adopt reasonable measures to ensure continued processing of personal data in the event its confidentiality, integrity, or availability is compromised due to destruction, loss of access, or any other cause, including the use of appropriate data backups.

We shall take all necessary steps to implement systems that enable detection of unauthorised access, its investigation, remediation to prevent recurrence, and continuation of processing even in the event of such compromise. We shall retain such logs and personal data for a period of 1 (one) year, unless any other Applicable Law requires a different retention period.

• We shall implement appropriate technical and organisational measures to ensure effective observance of security safeguards, including encryption, secure authentication, firewalls, logging, and periodic security reviews.

Cross-Border Data Transfers

We shall ensure that any personal data that comes into our possession or over which we have access or control, and any traffic data pertaining to its flows, shall be used only for the agreed purpose only. We shall further ensure that such personal data or traffic data is not transferred outside the territory of India.

Your Rights to Control Data

User agrees that any information it provides is voluntary and knowingly made in accordance with the laws and protection of User’s locale. Any personal information is collected lawfully, fairly and transparently, with a limited and specific purpose and only to the extent that the information is useful and relevant, in a manner that ensures proper and appropriate security, while maintaining accuracy, and for a time period only as long as is necessary.

It is the intention of VIPL to comply with all provisions of the General Data Protection Regulations (“GDPR”). VIPL does not collect racial, ethnic, political, religious or other “special” categories of personal data as outlined under the laws, rules, regulations and controlling GDPR.

In the event that you are located within a region or country in which the GDPR has been enacted you have rights that may not exist elsewhere.

In the event you are protected under the GDPR you have the following rights:

1. The Right to Information – The data subject has the right to be informed about the collection and use of their personal information.
2. The Right of Access – The data subject have the right to access their personal information and supplementary information.
3. The Right to Rectification – The data subject shall have the right to obtain without undue delay the rectification of inaccurate personal information concerning him or her.
4. The Right to Erasure – The data subject shall have the right to ask for erasure of personal information concerning him or her without undue delay.
5. The Right to Restriction of Processing – The data subject shall have the right to ask to restrict the processing of personal information.
6. The Right to Data Portability – The right to data portability gives data subject the right to receive the personal information they have provided in a structured, commonly used and machine readable format, and have right to transmit the same.
7. The Right to Object – The data subject have the right to object the processing of personal information.
8. The Right to Avoid Automated Decision-Making – The data subject shall have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects concerning him or her.

In the event that you have protections under the GDPR and wish to contact VIPL to make a request pursuant to the GDPR, you may contact VIPL at privacy@violetinfo.com

Please be advised that in certain circumstances and in accordance with the GDPR there are instances in which VIPL must maintain personal data and are allowed to retain personal data even after a request has been made in order to ensure the request has been fulfilled, in compliance with territory, county, federal, state or local laws, in accordance with any audit or review policies and regulations and for other lawful purposes. Personal data may also need to be maintained pursuant to legal processess, litigation holds, discovery requests or other requirements.

VIPL is committed to ensuring compliance with the GDPR and with the laws governing and addressing data security.

Contact Information

You can contact us about this privacy policy or use of our services. If you have questions or complaints regarding this Policy, you may contact us through email at privacy@violetinfo.com or by phone at +91-9967037744. You may contact us at our mailing address (privacy@violetinfo.com)

Your acceptance of these terms

Use of this Site and transmission of information to VIPL is acceptance of the terms of this policy unless otherwise prohibited by law. Your continued use of the Site following the posting of changes to this policy will be deemed your acceptance of those changes.

Privacy policy change

VIPL may change this Privacy Policy from time to time, at our sole discretion with an advance intimation to the users.

VIPL encourages visitors and customers to frequently check this page for any changes to its Privacy Policy. We will notify you of material changes in advance by email or by notice when you log in to the Sites and Services or both. You confirm that your continued use of our services after any change in this Privacy Policy will constitute your acceptance of such changes and agree to be subject to the revised privacy policy.

1. VIPL reserves the right to amend the entire or part of this Privacy Policy from time to time.
2. The version published on VIPL website/services is the version currently in force. Any and every change to the Privacy Policy is communicated via a notice on the Website of VIPL. The Notice shall state “The Privacy Policy has been Updated request you to ACCEPT / DECLINE, to Proceed”
3. Changes to VIPL’s Privacy Policy will be effective immediately once published on the Sites unless otherwise noted.
4. Your usage of VIPL’s services/ Website post amendments indicates your consent to the practices described in the revised Privacy Policy.
5. VIPL invites you to periodically review its Privacy Policy.