PRIVACY POLICY

PURPOSE

This “Privacy Policy” is issued by GIRNAR FINSERV PRIVATE LIMITED (“we/us/our”) to the [user of website/portal] (“you/your”). We are concerned about the privacy of the Data and Information (for the purpose of this Privacy Policy, the term “Data” and “Information” are used synonymously) of the users accessing and availing services provided on our websites including without limitation ‘www.heph.in’, mobile sites, mobile applications, chrome extension or plugins thereof accessible through various internet-enabled devices (individually and collectively referred to as "Platform") or otherwise doing business with us.

SCOPE

This Privacy Policy is issued in accordance with the provisions of the applicable laws, including but not limited to the Digital Personal Data Protection Act, 2023 (“Data Protection Legislation”), Information Technology Act, 2000, the Information Technology (Intermediary Guidelines and Digital Media Ethics Code), Rules, 2021. For avoidance of doubt, ‘Data Fiduciary’, ‘Data Processing’, ‘Sensitive Personal Data’ and ‘Personal Data’ shall have the meaning ascribed to them under the Data Protection Legislation. For the sake of clarity, where unless expressly excluded, the expression “Personal Data” shall mean and subsume “Sensitive Personal Data”.

This Privacy Policy establishes an effective, accountable and transparent framework for ensuring compliance with the requirements of the Data Protection Legislation. This policy applies to all of our employees, our service providers and all third parties responsible for the processing of Personal Data on behalf of our services/entities.

This Privacy Policy applies to us and helps you understand how we collect, use, store, process, transfer, share and otherwise deal with and protect all your information when you visit any of Our Platform(s). THIS PRIVACY POLICY IS AN ELECTRONIC RECORD IN THE FORM OF AN ELECTRONIC CONTRACT IN TERMS OF INDIAN INFORMATION TECHNOLOGY ACT, 2000 AND RULES MADE THEREUNDER (AS AMENDED FROM TIME TO TIME) AND DOES NOT REQUIRE ANY PHYSICAL SIGNATURE OR SEAL.

TERMS AND CONDITIONS:

Acknowledgment:

PLEASE READ THIS PRIVACY POLICY CAREFULLY. YOU INDICATE THAT YOU UNDERSTAND, AGREE AND CONSENT TO THIS PRIVACY POLICY. HENCE BY VISITING OUR PLATFORM OR BY AVAILING ANY OF OUR SERVICES, YOU HEREBY GIVE YOUR UNCONDITIONAL, SPECIFIC AND UNAMBIGUOUS CONSENT OR AGREEMENT TO GIRNAR PRIVATE BROKERS LIMITED AS REQUIRED UNDER THE DATA PROTECTION LEGISLATION FOR COLLECTION, USE, STORAGE, PROCESSING, SHARING AND TRANSFER AND DISCLOSURE OF YOUR PERSONAL DATA (INCLUDING SENSITIVE PERSONAL DATA).

YOU ACKNOWLEDGE THAT YOU HAVE ALL LEGAL RIGHTS AND LAWFUL AUTHORITY TO SHARE THE PERSONAL DATA (INCLUDING SENSITIVE PERSONAL DATA) WITH US AND FURTHER ACKNOWLEDGE THAT BY COLLECTING, SHARING, PROCESSING AND TRANSFERRING PERSONAL DATA (INCLUDING SENSITIVE PERSONAL DATA) PROVIDED BY YOU, SHALL NOT CAUSE ANY LOSS OR WRONGFUL GAIN TO YOU OR ANY OTHER PERSON.

You hereby acknowledge that You have not provided Your consent to this Privacy Policy under the influence of someone and You are well aware that this Privacy Policy shall not be revocable at Your option in future due to any such reasons.

Topics Covered:

This policy is designed to make You understand:

• The type of Personal Data which you share with us or which we collect during your usage of our Platform or availing any Services from Our Platform.
• The purpose of collection, storage, Processing and transferring of Your Personal Data by Us.
• Security measures implemented by us to protect Your Personal Data as mandated by law.
• Disclosure, sharing and transfer of Your Personal Data by Us and purpose of such disclosure, sharing or transfer.

Personal Data may be collected through various ways, including but not limited to the use of cookies. We may store temporary or permanent "cookies" on Your computer. "Cookies" are files situated on Your mobile/computer/devices hard disk that assist Us in providing services. Such use of Cookies shall be in accordance with the “Cookie Policy” available at https://www.heph.in/cookies-policy. Further, there are certain features of the Website that are available only through the use of a "cookie". These "cookies" may be used whether You register on the Website or not. You can erase or choose to block these cookies from Your computer. You can configure Your computer’s browser to alert You when We attempt to send You a cookie with an option to accept or refuse the cookie. Essential cookies will be pre-ticked, all other cookies will require user consent. If You have turned cookies off, you may be prevented from using certain features of the Website.

Your Personal Data will mostly be stored in electronic form however certain Data may be stored in physical form.

Data Fiduciary’s Responsibilities

The Data Fiduciary is responsible for the collection, use, disclosure, retention, and protection of Your Personal Data in accordance with its privacy standards and the Data Protection Legislation.

We are compliant with the [ISO/IEC 27001:2022]

[Further, technical controls are deployed to prevent privacy breach and ensure data security]

Personal Data We Collect (Your Data):

We collect Your Personal Data during Your usage of Platform or when You avail any services available on the Platform, either as a registered user or otherwise when you visit any website pages hosted by Us or other mobile applications hosted by Us. The Personal Data collected may consist of:

• Your Personal Data: Your full name, age, address, email id, phone number, date of birth, gender, financial information any other sensitive Personal Data. We also collect Your Personal Data when You create an account on Our Platform or fill out a form or respond to a survey conducted by Us. We shall seek Your explicit consent for collection, storage, processing and transferring Your Personal Data to third party entities.
• Sensitive Personal Data: Your Aadhar Card Number, health information, salary statement, passwords, passport number, photographs, or other such Sensitive Personal Data. We also collect Your Sensitive Personal Data when You create an account on Our Platform or fill out a form or respond to a survey conducted by Us. We shall seek Your explicit consent for collection, storage, processing and transferring Your Sensitive Personal Data to third party entities.
• Other Personal Data:
  • Usage: How You use Our Platform, such as the types of content that You view or engage with, the features You use, Your searches & results, Your browsing information, the actions You take and the time, frequency and duration of Your activities.
  • Device Information: Information about the computer, mobile, laptop, tablet or any other internet-enabled electronic device (‘Device”) You use to access the Platform. This may include real-time information about the geographic location of Your Device (such processing shall only be based on the permission granted to Us by You, internet connection, Your IP address, operating systems, platforms, browsing information, Device type, Device ID, network information, metadata and other information associated with other files stored on Your Device, last URL visited, Your website search history.
  • Preference: Your preferences will be altered based on the Cookie Policy and setting such as geographical location, time zone and language will also be recorded.
  • Information from third parties: We may collect, process and store Your user ID associated with any social media account (such as Your Facebook and Google account) that You use to sign into the Platform or connect with or use with the services offered by Us. When You sign in to Your account with Your social media account information, or otherwise connect to Your social media account with the Services, We shall seek Your consent to collect, store, and use Your Personal Data, in accordance with this Privacy Policy, based on the information that You make available to Us through the social media interface. This could include, without limitation, any information that You have made public through Your social media account, information that the social media service shares with Us, or information that is disclosed during the sign-in process by You. We urge You to refer to Your social media provider's privacy policy and help center for more information regarding use and processing of Your Personal Data by them. We will also collect information about Your transactions with us for instance during the purchase of any products listed on our Platform or generally offered by us.
  • Cookies and other Electronic Tools: We may use cookies, pixel tags, web beacons, mobile device IDs, 'flash cookies' and similar files or technologies to collect and store information in respect to Your use of the Platform. You can erase or choose to disable / block these cookies through Your Device / browser settings. You can configure Your browser to alert You when we attempt to send You a cookie with an option to accept or refuse the cookie. If You have turned cookies off, You may be prevented from using certain features of the Platform and this may interfere with certain functionality of the Platform.
  • Browser Add-on/Extension: Add-on or Extensions are software programs that can modify and/or enhance the functionality of browsers. You can add extensions to Your browser (Chrome, Firefox etc.) for a more personalised experience. Add-on / Extension can access Your Personal Data on all the websites You visit, the tabs and the browsing activity of the browser. Add-on / Extension is stored locally to provide a better user experience for You. We would capture Your email address so as to notify You with relevant information. We would also capture other details to provide You a better user experience. When You add Us to Google Chrome as Chrome Extension, You explicitly permit Us as well as third parties, to the extent apply, to display notifications, read and change Your browsing history, read and change Your bookmarks, manage Your apps, extensions and themes, detect Your physical locations, read all Your Personal Data on the website and other changes.

Legal Basis for Processing Your Personal Data

We process Your Personal Data (including Sensitive Personal Data) based on consent. Such consent shall be recorded based on Your acceptance of this Privacy Policy. Your consent is revocable at any time.

Linked Websites

You may access third-party websites, portals, applications, PWAs or such services through Our Platform, however, We are not in any manner liable or responsible for the privacy statements, practices, or the contents of such third-party websites, portals, applications, PWAs or such services.

Communication

You hereby consent to being contacted by Us, through email, mobile phone, notices, alerts, text messages, push notifications, or any other such legally permitted mode. You further consent to being contacted with regard to availability of our services, promotional offers, marketing communication or other such services related issues. You may change Your communication preferences at any time. Your consent is revocable at any time.

Manner of storage of Your Personal Data

Your Personal Data will be stored in electronic form however certain Personal Data may be stored in physical form. We shall store, collect, use and process Your Personal Data within Republic of India subject to compliance under applicable laws. We may enter into agreements with third parties within India to store or process Your Personal Data and such third parties may have their own security measures to safeguard Your Personal Data which security standards as comparable with good industry practices.

Purpose of Collection, Storage, Processing of Your Personal Data:

We collect Your Personal Data for the following purpose:

• To inform You about various products and services offered on Our Platform and provide customer support to You.
• To address Your queries and resolve Your concerns pertaining to any product or service that You were looking for.
• To facilitate various programmes and initiatives launched by Us.
• To facilitate Your usage of Platform and improve Our services, or any other content on the Platform (such as by personalizing content to your interests), process and complete Your transactions, and make special offers.
• To review Platform performance, diagnose technical problems and do Data analysis to make Your experience better.
• To protect the integrity of Our Platform.
• To inform You about change in any term and condition of this Privacy Policy or Terms of Use of the Platform.
• To implement information security practices, to determine any security breaches, contaminant or computer virus, to investigate / prevent / take action against illegal activities and suspected fraud.
• To keep You informed about news, events and ideas regarding Your preferences and help You to improve Your knowledge and skills about the preferred content.
• To carry out Our obligations and enforce Our rights arising from any contracts entered into between You and Us.
• To allow You to participate in interactive features offered through Our Platform.
• To produce and share aggregate insights and statistics that do not personally identify You.

Data Retention

To ensure fair processing, Personal Data will not be retained by Us for longer than necessary in relation to the purposes for which it was originally collected, or for which it was further processed. The length of time for which we need to retain Personal Data upto a maximum of 10 (Ten) years, in accordance with the applicable laws.

Transfer of Personal Data

We may transfer Personal Data to internal or third-party recipients located in another country where that country is recognized as having an adequate level of legal protection for the rights and freedoms of the relevant Data subjects. Where transfers need to be made to countries lacking an adequate level of legal protection (i.e. third countries), they must be made in compliance with an approved transfer mechanism. Any transfer by Us, will be based on Your consent.

Disclosure of Personal Data

If required, We may disclose Your Personal Data to external law enforcement bodies or regulatory authorities, in order to comply with legal obligations to which We or our service providers are subject to.

Children’s Data

We do not knowingly solicit or collect Personal Data from children i.e, individuals below the age of 18 years without obtaining verifiable parental consent. If it is revealed to us, that a child under the age of 18 years has submitted their Personal Data without parental consent, We take all reasonable measures to delete such Personal Data from Our Database and to not use such Personal Data for any purpose (except where necessary to protect the safety of the child or others as required or permitted under applicable law). If You are aware of any Personal Data that We have collected from an individual below the age of 18 years, please contact Us at grievance@heph.in.

Security Measures and Force Majeure

We take utmost care to secure Your Personal Data from unauthorised access, usage or disclosure or alteration. We take appropriate steps and security measures to safeguard Your Personal Data and make sure that Your Personal Data is secured as mandated under the Data Protection Legislation. For this purpose We adopt reasonable security practices and procedures, in line with the industry standard, to include, technical, operational, managerial and physical security controls in order to protect Your Personal Data from unauthorized access, or disclosure while it is under Our control.

While We protect Your Personal Data as per industry standards, You acknowledge that the internet or computer networks are not fully secure and that We cannot provide any absolute assurance regarding the security of Your Personal Data. Therefore, You acknowledge that You shall not hold Us responsible in any manner whatsoever for loss of Your Personal Data, or any other data, which You share with Us or which We have in Our possession if such loss or any damage caused to You because of Force Majeure events.

It is clarified that Force Majeure events includes any event which is beyond Our reasonable control which may include but not limited to sabotage, fire, flood, explosion, acts of God, civil commotion, strikes or industrial action of any kind, riots, insurrection, war, acts of government.

Data Principal’s Rights

Change or Correction of Personal Data: We take all endeavors to update Our records with latest Information as provided by You, however if You see any discrepancy in Your Personal Data being, You may edit Your Personal Data or contact Us through Our Data Protection Officer / Grievance Officer to have Your Personal Data updated with Us.

Object to, or Limit or Restrict, Use: You can ask Us to stop using or to limit Our use (in partial or full) of Your Personal Data (past, existing or future).

Deletion: You can ask Us to erase or delete (in partial or full) Your Personal Data (past, existing or future) provided that such deletion shall be subject to applicable regulatory/legal requirements.

Right to Access: You can ask Us for a copy of Your Personal Data.

Account Closure: If You choose to close Your Account, We will delete Your Personal Data or de-identify it so that it is anonymous and not attributed to Your identity. We will retain Your Personal Data after You have closed Your account if reasonably necessary to comply with Our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, enforce Our User Agreement, or fulfil Your request to “unsubscribe” from further messages from Us. We will retain de-personalized information after Your account has been closed.

Withdraw Consent/Opt-out: At any time, you can withdraw consent that You have provided to Us by going to Your account settings, if you have an account with Us or otherwise You may request for Withdrawing Your consent by writing an email to Us at grievance@heph.in. We will only collect and process Personal Data about You where We have lawful basis. Lawful basis includes consent (where You have given consent), and/or “legitimate uses” as specified under the Data Protection Legislation. Where We rely on Your consent to process Personal Data, You have the right to withdraw or decline Your consent at any time and where We rely on legitimate interests, You have the right to object.

You may also contact Us using the contact information below, and We will consider Your request in accordance with applicable laws.

Change in terms of Privacy Policy

We reserve the right to amend or modify this Privacy Policy at any time, as and when the need arises. We request You to regularly check this Privacy Policy from time to time to keep You apprised of changes made. Your continued use of the Platform gives Your unconditional acceptance to such change in terms of Privacy Policy.