DATA PROTECTION AND PRIVACY POLICY
Preamble
Wesmarc (“we”, “us”, “our”, “Wesmarc”) is always committed to protect the privacy. This Data Protection and Privacy Policy (“Policy”) describes our practices in connection with information privacy on Personal Data we process through individual use of the following services, products, and related mobile applications (collectively, the “Products”):
Purpose
The Policy aims at maintaining the privacy and protection of the confidential information including personal information of Suppliers, Customers, Consumers and business partners (“you”, “your”, “individual”, “stakeholder”) of the Company and simultaneously complying with all the laws and regulations. The Company has framed this policy to:
- provide protection of the privacy of stakeholders related to their personal data,
- specify the flow and usage of personal data, create a relationship of trust between
individuals and entities processing the personal data, - protect the rights of Individuals whose personal data is processed and retained by the Company, and
- create a framework for organisational and technical measures in processing and
storage of data
Scope and Applicability
This policy is applicable to all the employees, contractors, vendors, interns, associates, customers and business partners including all such third party/ies who may receive personal information, have access to personal information collected or processed, or who provide information to the organization, regardless of geographic location. The Company expects its employees, contractors, vendors, interns, associates, customers and business partners including third party/ies to support and abide by this policy and principles with respect to the data that they collect and / or handle, or are involved in the process of maintaining or disposing. This policy aims at protecting the data of the stakeholders. No third party may access personal information held by the organization without having first entered into a confidentiality agreement.
Nature of Data
The Company and the third party/ies shall have access to various kinds of data of the stakeholders including key contact names, addresses, phone number, mail address, username, and login credentials, nickname, profile picture, country code, language preference, address or time zone information into the individual account, and such other data that the Company or the third party/ies shall have access to. We may collect various kinds of personal and sensitive information from you including but not limited to your:
- Name, contact details, details of past employment (where relevant)
- Various financial details such as the name of your bank name, bank account details;
- Your physical, physiological and mental health condition;
- Your biometric information. (Collectively “Personal Data”)
Data Protection and Privacy Principle:
In order to obtain/ process/ utilize any data, this policy expects employees to follow certain principles.
Scope and Applicability
This policy is applicable to all the employees, contractors, vendors, interns, associates, customers and business partners including all such third party/ies who may receive personal information, have access to personal information collected or processed, or who provide information to the organization, regardless of geographic location. The Company expects its employees, contractors, vendors, interns, associates, customers and business partners including third party/ies to support and abide by this policy and principles with respect to the data that they collect and / or handle, or are involved in the process of maintaining or disposing. This policy aims at protecting the data of the stakeholders. No third party may access personal information held by the organization without having first entered into a confidentiality agreement.
Intimation
The Company shall at all times inform the Individual to whom the data concerns, the
following:
- The purpose for which the data is requested, utilized, processed or disclosed.
- The rights of the Individual to give dissent to such disclosure.
- The process of accessing, monitoring, enforcement, disclosure etc. of such data.
- Consequences of not disclosing or assenting to such disclosure.
However, the data that is already available in the public domain or known to the third party prior to such disclosure, then the Company shall not be under any obligation to protect such data.
Purpose of Collection/Use
The Company uses the personal data of the Individuals only for valid legal purpose. The said data is used only upon consent of the Individuals. The personal data collected is necessary to fulfil a contract, protect vital interests of the Individuals or those of other persons, or to comply with law. This enables the Company to provide relevant and related products or services. It is not compulsory to provide personal data, but in some cases, the non-provision of certain personal data will cause the inability to provide information relating to best deals for related products or services. The data is processed for legitimate interests, taking into consideration interests, rights, and expectations of the Individuals. Personal Data shall be collected, used, transferred or otherwise processed for various purpose including the following:
a) provide effective services
b) improve products and services
c) execution of agreements with Customers, Suppliers and Business Partners;
d) to record and financially settle delivered services, products and materials to and from Wesmarc
e) marketing/non-marketing communication
f) account management;
g) finance and accounting;
h) research and development and data analysis
i) purchasing
j) internal management and control
k) external communications;
l) business operation efficiency
m) alliances, ventures, mergers, acquisitions, and divestitures or
n) intellectual property and managing company assets
o) conducting internal audits and investigations,
p) implementing business controls
q) to comply with applicable laws and regulations
r) to comply with legal process
s) to respond to requests from public and government authorities
t) to enforce our terms and conditions
u) to protect our operations, business and systems
v) Contractors – To capture relevant employment details, conduct background and/or
reference checks, salary and payroll processing etc.
w) to protect our rights, privacy, safety or property, and/or that of other users including you and
x) to allow us to pursue available remedies or limit the damages that we may sustain.
How the data is collected
The Company obtains the data from the individual by taking details during subscription, purchase of the product/service offline or through applications or software, through surveys or such other legal and valid mode.
Information voluntarily Provide to us
- Account or Profile Data: During registration of account with us, we may collect name and contact details of individuals, such as email address, phone number, username, and login credentials. During the interaction with our Products, we may further collect nickname, profile picture, country code, language preference or time zone information about the individual’s account.
- Feedback: When using feedback and suggestion features in our Products, we will collect email address, mobile phone number and the feedback content to address problems and solve device failures on a timely basis.
However, the Individuals can unsubscribe or request the removal of data in writing from the Company or its affiliates/third party records. The Company undertakes to protect the data obtained by it at all times and the Company shall ensure that upon the request for removal of data from the record of the Company or its aƯiliates/third party, the data is deleted from such record. Wesmarc uses cookies and other technologies to ensure that website works correctly and to improve user experience.
Accessing Rights
We respect your rights and control over your Personal Data. If individual decides to email us, in the request, please make clear what information you would like to have changed, whether you would like to have your Personal Data deleted from our database or otherwise let us know what limitations you would like to put on our use of your Personal Data. Please note that we may ask you to verify your identity before taking further action on your request, for security purposes.
Individual may:
- Request access to the Personal Data that we process
- Request that we correct inaccurate or incomplete Personal Data;
- Request deletion of Personal Data;
- Request restrictions, temporarily or permanently, on our processing of some or all Personal Data
- Request transfer of Personal Data to you or a third party where we process the data based on your consent or a contract with you, and where our processing is automated and
- Opt-out or object to our use of Personal Data where our use is based on your consent
or our legitimate interests.
Data Storage and retention
The data is stored in electronic as well as physical form. The personal data is collected only to the extent that is necessary for the purposes of processing of such personal data.
We process your Personal Data for the minimum period necessary for the purposes set out in this Policy, unless there is a specific legal requirement for us to keep the data for a longer retention period. We determine the appropriate retention period based on the amount, nature, and sensitivity of your Personal Data, and after the retention period ends, we will destruct your Personal Data. When we are unable to do so for technical reasons, we will ensure that appropriate measures are put in place to prevent any further use of such Personal Data.
Links to Third-Party Websites, Products, and Services
Wesmarc websites, application software, products, and services may contain links to third- party websites, products, and services. Wesmarc products and services may also use or provide products or services from third parties, for example, third-party apps released on Wesmarc app. All links to third-party websites, products, and services are provided for users’ convenience only. You need to determine your interaction with such links on your own. Before submitting your personal data to third parties, please read and refer to these third parties’ privacy policies.
Data Security
The data collected and stored online is secured with passwords, pins, antivirus, etc. to protect from any viruses/spam/malware attack. Whereas the data collected and stored offline is secured by keeping it in a safe place/room with appropriate security i.e. CCTV surveillance, maintaining register/record of the person accessing/visiting the data room. The Company takes necessary measures to prevent the data from any kind of fraud and to comply with all applicable laws at all times. Staff shall be provided access to Personal Data only to the extent necessary to serve the applicable Business Purpose and to perform their job. Staff who access Personal Data shall meet their confidentiality obligations.
We use commercially reasonable physical, administrative, and technical safeguards to preserve the integrity and security of your Personal Data. Wesmarc provides various security strategies to effectively ensure data security of user and device. Such as for device access, Wesmarc proprietary algorithms are employed to ensure data isolation, access authentication, applying for authorization, and for data communication, communication using security algorithms and transmission encryption protocols and commercial level information encryption transmission based on dynamic keys are supported, for data processing, strict data filtering and proper validation and complete data audit are applied. For data storage, all confidential information of users will be safely encrypted for storage. If you have reason to believe that your interaction with us is no longer secure (for example, if you feel that the security of any account you might have with us has been compromised), you could immediately notify the problem to us by emailing namaste@wesmarcdoors.com This Data Security policy shall also apply to the Third Party/ies (hereinafter defined) having access to such data.
Information Sharing:
Trusted Partners: We may share your information with trusted partners and service providers involved in order authentication, payment processing, and shipping.
Legal Requirements: Personal information may be disclosed if required by law, regulation, or in response to legal processes, to protect our rights, or address security or technical issues.
Data Transfer
Personal data is not shared with other companies, organisations and individuals in general unless consent is provided to share information with specified third parties or categories of third parties, under laws, business partners, affiliates, service providers, technical support and to meet request of the government. Wesmarc, may when it believes it appropriate, disclose your data to prevent physical harm or financial loss, or in relation with an investigation of suspected or actual illegal activity. The Company may share the data with various service providers, partners, affiliates, developers, publishers, etc. (collectively or individually known as “Third Party/ies”). The Third Parties are expected to use the data only for legitimate business purposes and not for any other unlawful business. The Company at all times ensures that the data is not misused or used for any unlawful purpose. The Company shall be at all times responsible for protection of the data transferred/disclosed/processed.
This policy also binds the Third Party/ies and failure to comply with the same shall have consequences unfavourable to the Third Party/ies. The accuracy of the data is the responsibility of the provider and you need to ensure that all personal data submitted to Wesmarc is true and authentic. You may seek de-registration, restriction, withdrawal and deletion on use of your personal data from Wesmarc database by submitting a request at namaste@wesmarcdoors.com.
Monitoring of Compliance
The Data Protection Officer (DPO) of the Company shall be responsible to monitor the
compliance of this policy. In order to ensure compliance of this policy, the DPO may conduct survey to obtain feedback from the Individuals with respect to their data. The DPO shall with the use of the feedback take steps to ensure the compliance.
Grievance Redressal
Any Individual aggrieved under this policy shall report the same to the Grievance Redressal Committee. As per the Information Technology Act, 2000, every Company needs to have a Grievance OƯicer for redressing the grievances of the aggrieved. Therefore, the Company has a designated Grievance Officer who shall be responsible for handling the grievances of the Individuals. The aggrieved Individual may report the issue/grievance to the Grievance Officer in writing. Upon receipt of the complaint, the Grievance Officer shall investigate the matter and take appropriate action against the person. The Grievance Officer shall also ensure that the identity of the complainant is discreet and the complainant is not victimized by any level of management or Third Party/ies.
Update to Data Protection and Privacy Policy
Wesmarc reserves the right to update this policy at any time. Wesmarc will release the change notice via various channels, for example, posting the latest version on our official website: http://wesmarcdoors.com.
Training and Awareness:
The Company shall conduct training and awareness sessions for all the employees periodically. The Company shall ensure appropriate communication of this policy to all the employees.
2. How We Use Your
Information:
Contact Us:
Wesmarc has set up a personal data protection department (or data protection officer). If you have any questions, comments, or suggestions, please contact us by visiting the http://wesmarcdoors.com