Aim of Data Protection and Privacy Policy
When the User chooses to use the platform and/ or the application truMe, of the Company, the User expresses trust and faith in the Company by providing requisite information. Company is in the clear understanding that it entails a huge responsibility, and endeavours hard to protect such information shared by the User whilst making sure to put the User in control of the information furnished by him. For Company, the protection of personal rights and privacy of its users is the foundation of trust on which all its business relationships stand.
1. Definitions
i. Central Server: refers to the server managed by the Company on which the identity of User is hosted, to be made available to the Location Server in the course of an access transaction.
ii. Company: refers to Mobico Comodo Private Limited, a company duly incorporated under the Companies Act, 1956 having its corporate office at 1122 Tower B4 Spaze iTech Park, Sector 49, Gurugram, Haryana – 122018. The Company has developed and owns the application truMe.
iii. Consent: is the voluntary, legally binding agreement to data storage and processing.
iv. Location Server: refers to the server of a particular client location with which Central Server interacts inter alia for authorization/ facilitating access. The Company has no access to this server.
v. Personally Identifiable Information: means and includes any information that either on its own or when combined with certain other information can identify a natural person and for the purpose of this Policy is usually limited to the Users’ mobile phone number, email IDs, profile picture, date of birth, gender and documentary proof of identity.
vi. truMe: includes the application truMe as well as the truMe platform.
vii. User: includes—(i) an individual,(ii) a Hindu undivided family,(iii) a company,(iv) a firm,(v) an association of persons or a body of individuals, whether incorporated or not,(vi) the State, and(vii) every artificial juridical person, not falling within any of the preceding sub-clauses, who create a profile on truMe after downloading truMe on a mobile and/ or entering Personally Identifiable Information in a form, sent by another User, opened on truMe in any electronic device or who uses truMe to regulate access of anyone, including employees, visitors and vendors to its premises or whose relevant information like name, mobile number, email address etc has been uploaded on truMe by his/her employer.
2. Application of National Laws
This Data Protection and Privacy Policy have been framed in consonance with the internationally accepted data protection and privacy policies without replacing the existing national laws. This Policy aims only to supplement national data privacy laws. The contents of this Data Protection and Privacy Policy shall be observed in the absence of the corresponding national legislation.
3. Information Collection
(i) Company vides truMe aims to collect information only to provide better services and support system to its Users. It is understood that the information so shared by its Users is subjected to data security. It is further understood that such information shared by its Users, including images and files, for the purposes of using truMe is secured by using suitable organizational and technical-architectural measures to prevent any unauthorised access, illegal processing or distribution as well as any accidental loss, modification or destruction.
(ii) That the information so shared by Users for the purposes as mentioned herein above are hereinafter referred to as Personally Identifiable Information as defined above.
(iii) truMe may obtain the following types of information from or concerning its User or its Users’ mobile device, which may include personal information that can be used to identify its User as specified below:
(a) User-Provided Information: The User provides certain Personally Identifiable Information, such as the User mobile phone number, email IDs, name, gender and date of birth, IP Address and mobile device information to truMe when choosing to participate in the use of the application and its services, such as registering as a user, inviting other truMe users, scanning their profile at truMe enabled kiosk or using a truMe feature. In order to enable truMe to provide and render smoothly its Services, the Users of truMe allow it to have access to the information contained in its User’s contact list and/or address book too. By permitting the Company vide truMe to collect such information, including images and files, the User consents to provide truMe right to use such information for providing its Services and at the same time ensure and warrant that its User has all requisite rights in their favour to share this information with the application truMe.
(b) truMe may receive data whenever the User operates truMe and this data may include the date and the time of User operating truMe, IP address information, and if the User uses authentication tokens on any Location Server, such User authentication tokens may be saved on the Central Server for the sole purpose of authenticating the User during future use of truMe services.
(c) truMe does not collect emails, addresses or other contact information from the mobile address book of the User other than mobile phone numbers and names associated with such mobile phone numbers of the persons in such users’ contact lists and/or address books. truMe will associate whatever name the user has assigned to the mobile telephone number in his/her mobile address book. truMe, in order to improve its services, may collect the location data of its User and also truMe allows its User to voluntarily share their location with other User by sending an invite.
(d) If the recipient can be messaged via the truMe , the message is delivered to that recipient via data service routed through the Central Server. Any messages that are undelivered are held in the Central Server until they can be delivered or for a period of 30 days, whichever is earlier. Messages and files that are sent through the Service temporarily reside on the Central Server for a short period of time until delivery of such messages or files to the intended recipient are complete. The pass issued to a User is retained in the Central Server until the pass expires and is thereafter deleted. The aforementioned pass and the related information will be retained in the Location Server specific to a client of the company even after the same is deleted from the Central Server and the Company exercises no control over the Location Server(s) of the clients wherever they may be located.
(e) Any profile image updates or new identity document posted by the Users is stored on the Central Server to keep the profile updated.
(f) truMe may retain date and time stamp information associated with the successfully delivered messages and the mobile phone numbers involved in the messages, as well as any other information which the application truMe is under a legal obligation to accordingly collect in sync with the national legislation with regard to Data Protection and Privacy.
(g) The Internet Protocol (IP) address of the User.
4. Use of the Information Collected:
Company may use the information so provided by the User for the purposes of successful provision of services on truMe, improving our services and for other legitimate purposes permitted by the applicable laws of the land.
(i) Company may share the User’s Personally Identifiable Information to deliver the services desired by the User to the extent it is necessary to maintain or further develop and enhance truMe, its services and to ensure the functionality and security of the Services and to prevent and investigate any fraud and any other misuse.
(ii) Company may share non-Personally-Identifiable Information (such as anonymous user usage data, referring / exit pages and URLs, platform types, asset views, number of clicks, etc.) with third-parties to better understand usage patterns for certain content, services, advertisements, promotions, and/or functionality related to truMe.
(iii) Company does not share or sell User’s Personally Identifiable Information, including images and files, for use for commercial, advertising and or similar marketing purposes without User’s consent. However, In the future as a part of a specific promotion or feature, the User may specifically choose to opt-in/opt-out for any specific product and or service which may allow/seek access to the Users’ personal information to be used for such purposes. However, at no point any Personally Identifiable Information, including images and files, in respect of any User will be shared with a third party without User’s express consent.
Once the User successfully un-lists his/her personal device number from truMe, such User’s name shall no longer be displayed vide truMe.
(iv) The Users have further been provided with an option of not using their Personally Identifiable Information, including images and files, on truMe for access to any location and/or building other than the one to access which they had created their truMe profile, in which case such a User or Users may not be able to access part or full services in connection with truMe. In the event of any User or Users not being agreeable with the terms of Data Protection and Privacy Policy, such User/Users are free to delete their account/s or not use truMe. Upon deletion of such User account, their Personally Identifiable Information and any associated Contents, except to the extent required to be retained by the Company under applicable laws of the land, will be deleted from the servers. Similarly, a User can also not be linked to a location as an employee of that location without User’s consent. When the employer uploads the data of all employees on the truMe platform, the user gets a notification and has a right to not consent to the same. Only after the user gives her/ his consent, will she/ he become the employee of that particular location on truMe platform.
(v) Company may disclose the Personally Identifiable Information and available user content as required pursuant to applicable laws, upon a directive or order of a government entity or statutory authority or any judicial or regulatory authority or to law enforcement agencies in any official investigation including but not limited to cyber incidents, prosecution and punishment of offences. It has been consented to by the Users of truMe that the truMe has the right to monitor truMe electronically from time to time and to disclose any such information as may be necessary to satisfy any law, regulation or other governmental request, to operate truMe properly for justified purposes that are relevant for the features and functionalities of truMe and related services opted by the User, or to protect itself or its subscribers. Company may transfer the Users’ Personally Identifiable Information or other information collected, stored, processed by truMe to any other entity or organization located in India or outside India only in case it is necessary for providing services to the Users’ in connection with truMe. Except with the consent of the Users’ including under this Agreement for specified purposes, truMe will not disclose any Personally Identifiable Information to any third party. Company will cooperate with the appropriate law enforcement authorities in investigating claims of any illegal activity.
(vi) Upon use of truMe, the User authorizes the Company to contact the User regarding any promotions / notifications pertaining to truMe, not with standing that User’s number may be registered in the respective Do not Call Registry in User’s jurisdiction.
(vii) User’s name and User’s mobile phone number (hashed) may be displayed when a User is searching for the host who is an employee at a truMe powered location or building or office, for which the User is requesting for a pass.
5. Principles for processing Personal Data/Information Collected:
It is clearly envisaged that the Company vide truMe ensures that the processing of the information, including the personal data and the personally identifiable information, including images and files, shall be conducted in a fair and legal manner. It is understood that the personal data and or personally identifiable information, including images and files, provided to the Company by the Users will be processed (for the purposes of enhancing and providing a more user friendly experience of truMe) only for the purposes that have been defined and entailed in Clause 4 of this Policy and including the purposes that were defined and understood before such data and or information was collected. Further any subsequent changes to the purpose are only permissible or possible to a limited extent permitted by law and requires substantiation from the Users by way of an express consent. In the interest of protecting the privacy of its Users and for security measures, it is ensured that reasonable steps will be taken to identify and authorise the Users as well before registering their mobile phone numbers and granting users the access and use of the truMe.
6. Changes by User to Information Collected:
Company vide truMe allows the User to update or change the information, including images and files, so provided at the time of being given access to truMe. The User can add or delete information that he/she chooses to share or not share with truMe. However, in the event of the User deciding not to share certain information through truMe , Company may not be able to give access to part or full services in connection with truMe. It is understood that the User has been provided with the option of either sharing his/her profile with another similarly situated User of truMe or not share his/her profile with another User of truMe. The User also has been given the option to opt out of receiving emails, or other promotional notifications and materials containing notifications pertaining to truMe.
7. Keeping the information collected secure:
truMe has been built with such strong security features that it enables the Company to continuously protect the information so collected from the User. The Company endeavours to protect the information collected from the User, including images and files, from any unauthorised access, alteration, unauthorised disclosure or destruction of information so provided by the Users in order to avail the services of truMe and in doing so the Company follows various best industry standards and practices for the security of data in transit and data at rest. It is understood that the Company employs the following security protocols:
(i) AES 256 Bit Encryption and Data On Secure Cloud behind a Firewall.
(ii) End to End Encryption is used to ensure that the data shared between the application, the Central Server, the Location Server and the IoT controller, at all times travels in encrypted form and is readable only by truMe.
(iii) Data and document if any, including images and files on the Users’ phone is also encrypted and is not transferable to any other application/platform and/or device.
(iv) Company has no access to the access history of a User and the said access history is the property of the Location Server which has processed that particular access event. A pass/ invite is stored on the Central Server only till the validity period of that particular pass. Once a pass/ invite is past its validity period/ has expired, it is automatically deleted from the Central Server by end of the day on which such pass/invite has expired.
8. Sharing the Information collected:
Company may share the Information collected from the User with related entities to maintain or further develop and enhance truMe, its services and to ensure the functionality and security of truMe for the User and to prevent and investigate any fraud and other misuse. Company may share non-Personally-Identifiable Information (such as anonymous user usage data, referring / exit pages and URLs, platform types, asset views, number of clicks, etc.) with third-parties to better understand usage patterns for certain content, services, advertisements, promotions, and/or functionality related to truMe. Company shares the information collected from the User in accordance with his Policy and any other appropriate confidentiality and security measures. Company may share the information collected from the User with law enforcement agencies and Courts and Tribunals in order to cooperate with an investigation or pursuant to an order of the Court.
9. Retention of Information Collected:
Company will retain User’s information collected as needed to fulfil the purposes for which it was collected. Company will retain and use the personal information of the User as necessary to comply with business requirements, legal obligations, resolve disputes, protect our assets, and enforce our agreements.
10. Transfer of Information Collected:
Subject to the consent of the User, the Company may transfer User’s Information collected including Personally Identifiable Information, to its affiliates or to third parties and business partners located in various countries around the world. The information so shared or intended to be shared by the Company does not include the access history of the User since the same is not accessed by the Company. By using truMe and/ or providing any personal information to Company, where applicable law permits, the User consents to the transfer, processing, and storage of such information outside of the country of residence of the User where data protection standards may be different.
11. Data Audits and Compliance with Applicable Laws:
Compliance with the Data Protection and Privacy Policy and the applicable data protection laws is checked regularly with data protection audits and other controls. The performance of these controls is the responsibility of the Data Protection Officer.
12. Updates to this Data Protection and Privacy Policy:
Company may update this Policy from time to time. As and when it is modified, the same will be posted on the website of the truMe application, with an updated revision date. The User agrees to visit these pages periodically to be aware of and review any such revisions. If Company makes any material changes to this Policy, it may also notify the User by other means prior to the changes taking effect, such as by posting a notice on our websites or sending the User a notification. By continuing to use truMe after such revisions are in effect, User accepts and agrees to the revisions and to abide by them.
13. Grievance Redressal:
If the User has any unresolved privacy concern related to personal data processed or transferred by Company that has not been addressed satisfactorily, please contact Company at info@mobicomodo.com