Privacy policy

[Essange] (“Essange”, “we”, “us”, “our”) is committed to maintaining the privacy of its clients and users (“User”, “you”, “your”, “yourself”) and the confidentiality of your information, in compliance with applicable law.

We recognize that your privacy is very important and take it seriously. That is why we insist upon the highest standards for secure transactions and User information privacy. Please read the following policy (“Privacy Policy”) to learn about our information collection, processing and dissemination practices. The following Privacy Policy should be read along with Essange’s Terms & Conditions (available here: [Noteinsert link], for a full understanding of Essange’s practices as well as Users’ responsibilities when interacting with the site [www.essange.com] (“Website”) and/or availing our products and services.

This Privacy Policy is published in accordance with the provisions of the Indian Information Technology Act, 2000 (“IT Act”) and the rules made thereunder, more specifically, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. All terms used in this Privacy Policy will have the same meaning and definitions assigned to them in the IT Act and the rules made thereunder, or in our Terms & Conditions.

By visiting the Website, you agree to be bound by the terms and conditions of this Privacy Policy and the Terms & Conditions, as they apply to you. You must be aged 18 years or over to avail of the products and services offered on the Website. If you are aged below 18 years, please ensure your use of the Website is consented to by your parent or legal guardian.

PART A

1. Collection of your personal information and other identifiable information

When you use our Website, we collect and store your personal information as provided by you from time to time.

Personal Information (“PI”) under the IT Act is defined to include any information that relates to a natural person, which, either directly or indirectly, in combination with other information available, or likely to be available, is capable of identifying such person by a body corporate. Further, we may also collect certain information classified as sensitive personal data and information (“SPDI”) which, includes information relating to (i) passwords; (ii) financial information such as bank account/credit card/debit card details; (iii) physical, physiological and mental health condition; (iv) sexual orientation; (v) medical records and history; (vi) biometric information; (vii) any details relating to the above clauses as required for providing you with access to the Website/our services; and (viii) any information received under the above for processing or storing data under lawful contract, or otherwise. SPDI does not include any information that is freely available or accessible in the public domain, or that is furnished under any law.

We may collect and use the following PI and SPDI about you, as required for the provision of products and/or services to you: 

  1. Your name, including your title; 
  2. Your date of birth;
  3. Your contact details including phone number(s), e-mail address and postal address;
  4. Financial data such as card/bank account details;
  5. Information provided when you correspond with us; 
  6. Updates to information you have already provided to us; 
  7. PI we obtain from third-party sources (e.g. APIs, URLs); and/or
  8. Technical and behavioral information about you regarding your use of the Website.

Our primary goal in doing so is to provide you with a safe, efficient, smooth and customized experience, which allows us to provide services and features that strive to meet your needs and make your experience safer and easier. More importantly, while doing so, we only collect PI and SPDI from you that we consider necessary for achieving this purpose. In general, you can browse the Website without providing us with information regarding who you are or without revealing any PI/SPDI about yourself.

You provide us with your PI/SPDI voluntarily. Once you provide your PI/SPDI to us, you are no longer anonymous to us. Where possible and applicable, we indicate which fields are required and which fields are optional for you to fill in. You always have the option to not provide us with your information by choosing not to use a particular service or feature on the Website. We may, however, automatically track desensitized information about you based on your behaviour on the Website. We use this information to do internal research on our User demographics, interests, and behaviour to better understand, protect and serve our Users. This information is compiled and analyzed on an aggregated basis. This information may include the URL that you accessed our Website through (whether this URL is on our Website or not), which URL you next go to (whether this URL is on our Website or not), your internet browser information, and your IP address.

We use data collection devices such as “cookies” on the Website to help analyze our web-page flow, measure promotional effectiveness and promote trust and safety. By continuing to browse our Website, you are agreeing to our use of cookies as more fully set out in Part B of this Privacy Policy. 

If you send us personal correspondence, such as e-mails, messages or letters, or if other Users or third parties send us correspondence about you, we may collect such information into a file specific to you.

We may use the collected data to send you relevant information such as receipts, promotions, information on upcoming events etc.

2. Use of Demographic, Profile Data and Your Information

We may also use your PI to send you personalized marketing communications regarding new services or changes to the existing services and special offers and promotions which we think you may find of interest. To the extent we use your PI for direct marketing purposes, we will provide you with the ability to opt-out of such uses, if you do not wish to receive such communication.

We may use your personal information to resolve disputes, troubleshoot problems, collect money either directly by us or through an authorized payment gateway facility, inform you about updates, detect and protect us against error, fraud and other criminal activity, enforce our terms and conditions, and as otherwise described to you at the time of collection.

In our efforts to spread awareness about our organisation, we may collect and analyze demographic and user data about our Users’ activity on our Website. We identify and use your IP address to help diagnose problems with our server, and to administer our Website. Your IP address is also used to help identify you and to gather broad demographic information related to you.

3. Sharing your personal information

By providing us with your PI/SPDI, you consent to the information being shared with our partner organizations and / or third-party service providers, where it is in our legitimate interest to do so for administrative or business purposes (such as corporate strategy, auditing and monitoring, and quality assurance).

We may share your PI with our other corporate and/or associate entities and affiliates to help detect and prevent identity theft, fraud and other potentially illegal acts and cyber security incidents.

We will not share your SPDI, i.e., your password, biometric or financial information such as bank account or credit card or debit card or other payment instrument details, etc. that is not essential for your continued use of the Website, with any third parties or disclose it to any person other than as required by applicable law. 

Any third parties we share your information with are limited by law and contract in their ability to use your PI for any purpose, other than to provide services for and in connection with us. We will always ensure that third parties with whom we share information about our Users are subject to privacy and security obligations consistent with this Privacy Policy and applicable law.

While transferring your PI/SPDI to another body corporate or natural person, for purposes necessary to perform contractual obligations to you, we will make sure that, as is required by applicable laws, the same level of data protection adhered to by us is adhered to by such entity to whom the data is being transferred. 

We may disclose your PI or SPDI, if required to do so by law or in the good faith belief that such disclosure is reasonably necessary to respond to summons, court orders, or any other legal process. We may disclose your PI to law enforcement offices, third party rights owners, or others as becomes necessary, in the good faith belief that such disclosure is reasonably necessary to: (i) enforce the Terms & Conditions or this Privacy Policy; (ii) respond to claims that an advertisement, posting or other content violates the rights of a third party; or (iii) protect the rights, property or personal safety of our Users or the general public.

Only if it is essential, we may also share your PI/ SPDI with third parties in order to enforce or ensure application of our Terms & Conditions, other terms and conditions for Users, our policies, any other agreement in force, to respond to claims, to protect our rights or the rights of our employees and/or Users and/or a third party, to protect User safety or to prevent any illegal activity. This may include exchanging information with other organizations for fraud protection.

We may also disclose and use anonymized, aggregated reporting and statistics about Users of the Website for marketing purposes. None of these reports or statistics will enable our Users to be personally identified.

Save as expressly stated above, we will never share, sell or rent any of your PI/ SPDI to a third party without notifying you, and where necessary, obtaining your consent. If you have permitted us to use your PI/ SPDI in a certain way, but later change your mind, you can contact our Grievance Officer and we will stop doing so.

4. Retaining your information

We keep your PI and SPDI for no longer than is necessary for the purposes that your PI/SPDI was collected and processed. The length of time for which we retain your PI or SPDI depends on the purpose for which we collect and use it, and/or as is required to comply with applicable law, and to establish, exercise or defend our legal rights.

5. Links to Other Sites

Our Website may link to other websites that may collect personally identifiable information about you. Such other websites are not operated by Essange and are only provided for your convenience.

The links available do not imply Essange’s endorsement of activities of such third-party websites or Essange’s association with its operators. This Privacy Policy applies only to PI or SPDI collected, or PI received from third party sources, by Essange. We are not responsible for PI about you that is collected and stored by third parties.

Third party websites have their own terms and conditions for use and collection and processing of data. You should read the terms of use/service and privacy policies of these websites carefully, before submitting your information to these websites.

Essange is not responsible for the privacy practices or the content of those linked websites and does not other endorse or accept responsibility or liability for content of such third party websites or third party terms and conditions.

6. Changes to our Privacy Policy

We may update our Privacy Policy from time to time at our discretion, and any changes we make to our Privacy Policy will be posted on this page and shall be effective immediately on notice, which we may give by posting the new policy on the Website. Please check back frequently to see changes or updates to our Privacy Policy. By continuing to use the Website and our services without consenting to the changes or opting out, it will be deemed that you have consented to such changes by your conduct.

7. Security Precautions/Breach

Our Website has stringent security measures in place, as required under law, to protect the loss, misuse, and alteration of the information under our control. Once your information is in our possession, we adhere to strict security guidelines, protecting it against unauthorized access. Our web hosts, transaction affiliates etc., all use industry grade and standardized methods to protect your information from any misuse.

We endeavour to protect your information through the measures mentioned above. However, no website or internet transmission is completely secure. We urge you to take steps to keep your personal data safe, such as choosing a strong password and keeping it private, as well as logging out of your account and closing your web browser when finished using the Website. Unauthorized entry or use, hardware or software failures, events outside our control and other factors may compromise the security of your information. We may suspend your use of all or part of the services without notice if we suspect or detect any breach of security.

If any User has sufficient reason to believe their SPDI has been compromised, or there has been a breach of security due to a cyber security incident, you may write to our Grievance Officer immediately at the contact details mentioned below, so that we may take suitable measures to either rectify such a breach and inform the concerned authorities of a cyber security incident.

8. Your Consent

By using the Website and/or by providing your information, you consent to the collection and use of the information you disclose on the Website in accordance with this Privacy Policy, including but not limited to your consent for sharing your information as per this Privacy Policy.

If we decide to change our Privacy Policy, we will post those changes on this page so that you are always aware of what information we collect, how we use it, and under what circumstances we disclose it.

9. Retention of Information

Information provided by you to Essange is processed, stored and retained through our servers and web hosts.

Our web hosts and agency managing your information are compliant with IS/ISO/IEC27001 or an equivalent in standards of Security Techniques and Information Security Management System Requirements.

10. Grievance Officer

In accordance with IT Act and rules made there under, we have appointed a Grievance Officer to handle any arising concerns are grievances. The contact details of the Grievance Officer are provided below:

 

Name: Kritika Patel

Tel: +917208496291

E-mail: info@essange.com

Time: Mon – Sat (11:00 hrs – 19:00 hrs IST)

11. Governing Law and Jurisdiction

This Privacy Policy is governed by laws prevailing in India.

Only the courts in Mumbai, Maharashtra, India will have jurisdiction with regard to disputes arising from this Privacy Policy.

PART B

12. Cookie Policy

We use data collection devices such as “cookies” on the Website to help analyze our webpage flow, measure promotional effectiveness and to promote trust and safety. “Cookies” are small files, placed on your internet browser when you visit our Website, that assist us in providing customized services to you. We use cookies to offer you a more tailored experience in the future, by understanding and remembering your browser preferences. Certain features offered on our Website can only be fully realized through using “cookies”.

Where we use cookies on our Website, and where your internet browser permits, you may block them at any time. However, if you use your browser settings to block all cookies, you may not be able to fully access parts of our Website or realize full functionality of the services we offer.

We do not control the use of cookies by third parties.