Addendum to Privacy Policy

Addendum to Privacy Policy (EU)

Addendum To Privacy Policy - (IND)

Addendum to Privacy Policy (EU)

Aurigin Inc, a Delaware Corporation, including its subsidiaries (Aurigin Pte. Ltd., Singapore and Window West Technologies Private Limited, India), affiliates and licensors (collectively "Aurigin", "we", "us" or "our") take privacy and data protection seriously. When you use our Website and Services, you (the "subscriber", "Customer", "user", "you" or "your") trust us with your data and information. This addendum to the Privacy Policy (“Addendum”) is meant to help you understand how we Process personal data and information.

1. INTRODUCTION

1.1

This Addendum applies to the transactions or business conducted in the European Union (EU) and doing business or sharing data and information with Aurigin in connection therewith. This Addendum is published in compliance with the provisions of EU Data Protection Directive, EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and the rules framed thereunder.

1.2

The protection of Personal Data is of critical importance to Aurigin and the following terms of this Addendum set out the minimum requirements of Aurigin with respect to all of its Customers.

1.3

This Addendum applies to all of the Services you acquire from us.

1.4

This Addendum is incorporated into and forms part of the Privacy Policy. Capitalized terms used but not defined in this Addendum shall have the meaning attributed to it in our Terms of Service.

2. DEFINITIONS

2.1

In this Agreement, the following words and expressions shall bear the meaning assigned to them below:

2.1.1

"Agreement" means: (i) the Terms of Service; or (ii) such other agreement entered into between Aurigin and the Customer in connection with the provision of the Services;

2.1.2

"Customer Personal Data" means any EU individual Personal Data Processed by Aurigin and/or its Subprocessor, on behalf of and under the instructions of Customer in connection with the provision of the Services under the Agreement;

2.1.3

"Data Subject" has the meaning ascribed to such term under the GDPR;

2.1.4

"Data Protection Laws" means GDPR and to the extent applicable, the data protection or privacy laws of any other country;

2.1.5

"GDPR" means the EU Data Protection Directive, EU General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) and the rules framed thereunder;

2.1.6

"Services" has the meaning ascribed to such term in the Terms of Service or (where applicable) means the services and other activities to be supplied to or carried out by Aurigin on behalf of Customer under the Agreement;

2.1.7

"Subprocessor" means any person (including any third party, but excluding an employee of Aurigin or any of its consultants or sub-contractors);

2.1.8

"Parties" means, collectively, Aurigin and the Customer;

2.1.9

"Personal Data" has the meaning ascribed to such term under the GDPR;

2.1.10

"Personal Data Breach" has the meaning ascribed to such term under the GDPR; and,

2.1.11

"Processing" has the meaning ascribed to such term under the GDPR.

3. YOUR CONSENT

3.1

When you access and/or use the Website and the Services, you specifically accept this Addendum.

3.2

By accessing, browsing and/or using the Website and Services, you are specifically consenting to Aurigin processing the Customer Personal Data in accordance with this Addendum. If you do not agree to the Processing of the Customer Personal Data in this way, please do not use the Website and the Services or otherwise provide us with your Personal Data.

3.3

You acknowledge that this Addendum is a part of the Terms of Service, and you unconditionally agree that becoming a user of the Website and its Services signifies your: (i) assent to this Addendum; and (ii) consent to us Processing the Customer Personal Data in the manner and for the purposes set out in this Addendum. Your visit to the Website and use of the Services is subject to this Addendum and the Terms of Service.

3.4

Collection, use and Processing of Personal Data under the Data Protection Laws require your express consent. By affirming your assent to this Addendum, you provide your express consent to such Processing of the Customer Personal Data as required under the Data Protection Laws.

4. PROCESSING OF CUSTOMER PERSONAL DATA

4.1

Aurigin and the Customer will comply with their respective obligations under Data Protection Laws in the provision and receipt of the Services under the Agreement entered into between the Parties and this Addendum.

4.2

In the provision of the Services, the Customer is the data controller and Aurigin is a data processor (or subprocessor) acting on Customer's behalf. Accordingly, Aurigin will not Process Customer Personal Data other than on Customer's consent and instructions, including as provided under the Agreement and the terms hereof and for such other purposes as the Customer may define in writing, from time to time, unless Processing is required by Data Protection Laws to which Aurigin (or its Sub processor) is subject.

4.3

The Customer:

4.3.1

instructs Aurigin (and authorises Aurigin to instruct each Sub-processor) to: (a) Process Customer Personal Data; and (b) in particular, transfer Customer Personal Data to any country or territory, as reasonably necessary for the provision of the Services and consistent with your Agreement; and

4.3.2

warrants and represents that it is and will at all relevant times remain duly and effectively authorised to give the instruction set out in Section 4.3.1, including on behalf of any Customer affiliate.

4.4

The type of Customer Personal Data which will be processed by Aurigin is set out in Annexure 1 to this Addendum.

4.5

The purpose for which Aurigin processes Customer Personal Data and matters related thereto are set out in Annexure 2 to this Addendum.

5. AURIGIN’S PERSONNEL

5.1

Aurigin will take reasonable steps to ensure that any of its (or its Sub-Processor's) employees, consultants, agents or contractors who have access to Customer Personal Data are subject to confidentiality undertakings or professional or statutory obligations of confidentiality.

6. SECURITY

6.1

Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of Processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, Aurigin will in relation to the Customer Personal Data, use best endeavours to implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk, including, as appropriate, the measures as prescribed under the GDPR. The security measures adopted by Aurigin are set out in Annexure 3 of this Addendum.

6.2

In assessing the appropriate level of security, Aurigin will take account in particular of the risks that are presented by Processing, in particular from a Personal Data Breach.

6.3

Aurigin will implement and maintain (and will ensure that each Sub-processor) implements and maintains the technical and organisational measures as prescribed under the GDPR.

6.4

Customer represents, undertakes and warrants that all Customer Personal Data Processed by Aurigin (and its Sub-processors) has been and will be collected and processed by the Customer in accordance with all Data Protection Laws and, without limitation to the foregoing, Customer will take all steps necessary, including without limitation providing appropriate fair collection notices and ensuring that there is a lawful basis for Aurigin (and its Sub-processors) to process Customer Personal Data, to ensure that the processing of Customer Personal Data by Aurigin (and its Sub-processors) in accordance with your Agreement is compliant with, and in accordance with, all Data Protection Laws .

7. SUB-PROCESSING

7.1

Customer authorises Aurigin to appoint (and permit each Sub-processor appointed in accordance with this Section 7 to appoint) Subprocessors in accordance with this Section 7.

7.2

Aurigin may continue to use those Sub-processors already engaged by Aurigin as at the date of this Policy.

7.3

Aurigin will provide to the Customer prior written notice of the appointment of any new Subprocessor, including known details of the processing to be undertaken by the Subprocessor. If, within thirty (30) calendar days of receipt of that notice, Customer notifies Aurigin in writing of any objections (on reasonable grounds) to the proposed appointment, Aurigin will not appoint (or disclose any Customer Personal Data to) that proposed Subprocessor until it has taken reasonable steps to address the objections raised by Customer and provided Customer with a written explanation of the steps. Where the Customer is not satisfied with the remediation supplied, the Customer may terminate Agreement without penalty upon providing Aurigin with written notice. Aurigin will not appoint (nor disclose any Customer Personal Data to) the proposed Subprocessor except with the prior written consent of Customer.

7.4

With respect to each Subprocessor, Aurigin will:

7.4.1

before the Subprocessor first processes Customer Personal Data (or, where relevant, in accordance with Section 7.3 above), carry out adequate due diligence to ensure that the Subprocessor is capable of providing the level of protection for Customer Personal Data required by your Agreement;

7.4.2

ensure that the arrangement between, on the one hand (a) Aurigin, or (b) the relevant intermediate Subprocessor; and on the other hand the Subprocessor, is governed by a written contract including terms which are not less protective of Customer Personal Data than those set out in this Policy.

8. PERSONAL DATA BREACH

8.1

Aurigin will, as soon as practical, upon becoming aware of a Personal Data Breach affecting Customer Personal Data, provide Customer with information (as and when available) to assist Customer in the Customer's endeavours to meet any obligations to report or inform Data Subjects of the Personal Data Breach under the Data Protection Laws.

8.2

Aurigin will co-operate with Customer and take such reasonable commercial and practicable steps as are directed by Customer to assist in the investigation, prevention (as applicable), mitigation and remediation of each Personal Data Breach.

9. DATA SUBJECT RIGHTS

9.1

Aurigin will:

9.1.1

promptly (and in any event within 14 (fourteen) days notify Customer if it or any Sub- processor receives a request from a Data Subject under any Data Protection Law in respect of Customer Personal Data;

9.1.2

not (and use best endeavours to procure its Sub-Processor will not) respond to that request except on the documented instructions of Customer or as required by Data Protection Laws, in which case Aurigin will to the extent permitted by Data Protection Laws inform Customer of that legal requirement before responding to the request; and

9.1.3

not be responsible for non-delivery of notification, if the Customer has not kept their email contact details up to date.

10. ACCESS, RECTIFICATION, DELETION OR RETURN OF CUSTOMER PERSONAL DATA

10.1

You may, under the Data Protection Laws, have the right to access, correct, update or delete the personal information Aurigin holds about you. In order to exercise your rights, to the extent permitted and required of Aurigin under applicable law, please contact us at privacy@aurigininc.com.

10.2

If you wish to cancel your account or request that we no longer use your information to provide you Services, contact us at privacy@aurigininc.com. Aurigin may retain Customer Personal Data to the extent that the obligations of the Customer, including the payment obligations of the Customer, under the Agreement are outstanding. Further, Aurigin may retain your information for as long as your account with the Services is active and as needed to provide you the Services and for such other purposes as set out herein. We will not retain such information for longer than is required for the purposes for which the information may lawfully be used or is otherwise required under any other law for the time being in force. Aurigin will ensure the confidentiality of all such Customer Personal Data and will ensure that such Customer Personal Data is only processed as necessary for the purpose(s) specified in the Data Protection Laws requiring its storage and for no other purpose.

11. AUDIT RIGHTS

11.1

Aurigin will make available to Customer, on request, all information necessary to demonstrate compliance with this Addendum, in relation to the processing of the Customer Personal Data by the Aurigin and/or its Subprocessors.

12. CHANGES IN DATA PROTECTION LAWS

12.1

This Addendum may be varied and updated from time to time by Aurigin as a result of a change in Data Protection Laws.

13. SEVERANCE

13.1

Should any provision of this Addendum be invalid or unenforceable, then the remainder of this Addendum will remain valid and in force. The invalid or unenforceable provision will be either: (i) amended as necessary to ensure its validity and enforceability, while preserving the parties' intentions as closely as possible or, if this is not possible, (ii) construed in a manner, as if, the invalid or unenforceable part had never been contained in this Addendum.

14. DATA PRIVACY OFFICER

14.1

Should you have questions about this Addendum, please reach out to the Data Privacy Officer designated by Aurigin to hear any complaints relating to your personal data and information. The details of the Data Privacy Officer are as under:

Name: Puneet Maheshwari

Registered Address: Ground floor, IndiQube Penta, New No.51 (Old No.14),

Richmond Road, Bengaluru, Karnataka 560025

Email: privacy@aurigininc.com

Contact Number: +91 9739901373

15. Miscellaneous

15.1

The general provisions as outlined in the Terms of Service shall be applicable to this Addendum as well.

ANNEXURE 1

THE TYPES OF CUSTOMER PERSONAL DATA TO BE PROCESSED

Data relevant to the client relationship with an individual, including without limitation:

Full name (first and last name, where applicable);

Personal contact information (for example, phone number, email address);

Business contact information (for example, phone number, email address, billing address);

Technical ID data (such as IP addresses, type of device, location and movements);

Financial/billing data (including bank account numbers);

Usage data;

LinkedIn public profile (if Signed in via LinkedIn.com); and

Skype ID (if shared by the user).

The categories of Data Subject to whom the Customer Personal Data relates are as under:

Individual users; and

Users belonging to a corporation or organization or who are affiliated together in some way.

ANNEXURE 2

PURPOSE OF PROCESSING CUSTOMER PERSONAL DATA

Aurigin will only use the Customer Personal Data when the law allows it to do so. Aurigin uses the Customer Personal Data for the following purposes:

1.1

for the provision of Services to the Customer, including customised Services in accordance with the Customer’s preference, i.e. for performing Aurigin’s obligations towards the Customer;

1.2

verify the Customer’s identity;

1.3

enable the Customer to access and use the Services;

1.4

to provide the Customer with necessary details pertaining to the Customer’s Account and the Customer’s license to use the Services, including for sending notifications for termination of contract;

1.5

process and complete transactions, and send the Customer related information, including purchase confirmations and invoices;

1.6

send messages, including responses to the Customer’s comments, questions, and requests to Aurigin or other users;

1.7

contact the Customer at any telephone number, by placing a voice call or through text (SMS) or email messaging, as authorized by the Customer under the Terms of Service;

1.8

bill for the Services and to collect fees or monies owed;

1.9

sending the Customer business messages such as those related to payments;

1.10

to do such activities for which the Customer have explicitly given us consent;

1.11

to comply with applicable laws, rules and regulations, as updated from time to time;

1.12

to inform the Customer about Aurigin’s new products and/or services;

1.13

manage and protect Aurigin’s information technology infrastructure;

1.14

manage risk, or to detect, prevent, and/or remediate fraud or other potentially prohibited or illegal activities and crimes;

1.15

detect, prevent or remediate violations of the Terms of Service and Aurigin’s other policies;

1.16

provide customer service and support;

1.17

respond to the Customer’s customer support inquiries and to facilitate resolution of any customer support problems that may arise;

1.18

send the Customer technical notices, updates, security alerts, and support and administrative messages;

1.19

advertise, promote and market Aurigin’s products and services and undertake all other types of business development activities;

1.20

send promotional communications, such as providing the Customer with information about products and services and other events;

1.21

perform analysis, research, business and operational analysis;

1.22

to determine the behaviour of users, including how users use the Website, including google analytics;

1.23

to determine user interaction/messages with counterparties or other clients on the Website to ensure that users are getting responses from counterparties;

1.24

to track user activity on the Website;

1.25

provide, maintain and improve Aurigin’s products and services;

1.26

measure the performance of the Services and improve their content and layout;

1.27

generate reports about Aurigin’s user base and service usage patterns, analyze the accuracy, effectiveness, and popularity of the Services;

1.28

to conduct data analytics studies to review and better understand customer satisfaction and needs;

1.29

to protect the Customer’s (or someone else’s) interest;

1.30

to deal with legal disputes, if any;

1.31

to protect the public interest or for official purposes, if formally requested by any investigative or other governmental authority; and/or

1.32

sending the Customer information about Aurigin.

Aurigin shares Customer Personal Data with Aurigin’s employees, agents, representatives, sub-contractors, service providers and business partners to enable them undertake, perform and deliver the Services.

Aurigin shares Customer Personal Data with Aurigin’s third-party service providers that Aurigin uses to provide hosting for and maintenance of the Websites, application development, backup, storage, payment processing, analytics, market Aurigin’s services, comply with audits, perform web analysis and other services for us. These third-party service providers may have access to or process Customer Personal Data for the purpose of providing these services for us. Aurigin do not permit its third-party service providers to use the Customer Personal Data that Aurigin shares with them for their marketing purposes or for any other purpose than in connection with the services they provide to us. Please note that third party service providers have their own privacy policies, and Aurigin is not responsible for their actions, including their information protection practices.

Aurigin will only use the Customer Personal Data for the purposes for which Aurigin collected it, unless Aurigin reasonably considers that Aurigin needs to use it for another reason and that reason is compatible with the original purpose. In the event Aurigin needs to use the Customer Personal Data for an unrelated purpose, Aurigin will notify the Customer and Aurigin will explain the legal basis which allows Aurigin to do so.

ANNEXURE 3

SECURITY MEASURES ADOPTED BY AURIGIN

Access to infrastructure is restricted using two-way authentication and multiple access control levels. Aurigin uses virtual private network to restrict access to infrastructure components, with the exception of public-facing applications

The flow of data between application components is restricted using separate virtual private networks and firewalls

The flow of data between components occurs over private network endpoints

Aurigin’s public-facing applications are fully encrypted with SSL certificates

A strictly restricted application portal administration is implemented to only allow access to the Aurigin Network via authentication

Aurigin has a strict backup policy to handle any data loss incidents

Addendum To Privacy Policy - (IND)

Aurigin Inc, a Delaware Corporation, including its subsidiaries (Aurigin Pte. Ltd., Singapore and Window West Technologies Private Limited, India), affiliates and licensors (collectively "Aurigin", "we", "us" or "our") take privacy and data protection seriously. When you use our Website and Services, you (the "subscriber", "Customer", "user", "you" or "your") trust us with your data and information. This addendum to the privacy policy (“Addendum”) is meant to help you understand what data and information we collect, why we collect it, and what we do with it.

1. INTRODUCTION

1.1

This Addendum applies to users, the transactions or business conducted in India and doing business or sharing data and information with Aurigin.

1.2

This Addendum is published in compliance with, inter alia: (i) the Information Technology Act, 2000; (ii) Regulation 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011 (“Data Security Rules”); and (iii) Regulation 3(1) of the Information Technology (Intermediaries Guidelines) Rules, 2011.

1.3

This Addendum describes your privacy rights regarding our collection, use, storage, sharing and protection of your personal information. This Privacy Policy applies to personal information collected by us in connection with the Services.

1.4

This Addendum is incorporated into and forms part of the Privacy Policy. Capitalized terms used but not defined in this Addendum shall have the meaning attributed to it in our Terms of Service.

1.5

This Addendum states the following: (i) the type of information collected from the Users, including Personal Information (as defined below) and Sensitive Personal Data or Information (as defined below); (ii) the purpose, means and modes of collection, usage, processing, retention and destruction of such information; and (iii) how and to whom we will disclose such information.

1.6

The information collected from you by Aurigin may constitute ‘personal information’ or ‘sensitive personal data or information’ as defined under the Data Security Rules. “Personal Information” is defined under the Data Security Rules to mean any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available to a body corporate, is capable of identifying such person. The Data Security Rules further define “Sensitive Personal Data or Information” of a person to mean such personal information about that person which consists of information relating to: (i) passwords; (ii) financial information such as bank accounts, credit and debit card details or other payment instrument details; (iii) physical, physiological and mental health condition; (iv) sexual orientation; (v) medical records and history; (vi) biometric information; (vii) any detail relating to the above clauses as provided to body corporates for providing services; and (viii) any of the information received under the above clauses by body corporates for processing, stored or processed under lawful contract or otherwise.

2. YOUR CONSENT

2.1

You specifically accept this Addendum when you access and/or use the Website or the Services.

2.2

By accessing, browsing and/or using the Website or the Services, you are specifically consenting to Aurigin collecting, using and disclosing your Personal Information and Sensitive Personal Data or Information in accordance with this Addendum. If you do not agree to the collection, use and disclosure of your Personal Information and Sensitive Personal Data or Information in this way, please do not use the Website, the Services or otherwise provide us with your Personal Information and Sensitive Personal Data or Information.

2.3

You acknowledge that this Addendum is a part of the Terms of Service and you unconditionally agree that becoming a user of the Website and its Services signifies your: (i) assent to this Addendum, and (ii) consent to us collecting, processing and/or disclosing your Personal Information and Sensitive Personal Data or Information in the manner and for the purposes set out in this Addendum. Your visit to the Website and use of the Services is subject to this Addendum and the Terms of Service.

2.4

Collection, use and disclosure of information which has been designated as Personal Information or Sensitive Personal Data or Information under the Data Security Rules require your express consent. By affirming your assent to this Addendum, you provide your consent to such use, collection and disclosure as required under applicable law.

3. MISCELLANEOUS

3.1

The provisions of Sections 3 (Collection and Use of Data), 4 (Protection of Your Data), 5 (Data Retention), 6 (Accessing and Deleting Your Information and Opting Out), 7 (Links to Third Party Sites and Services), 8 (Disclaimer), 9 (Children's and Minor's Privacy) and 10 (Changes to Privacy Policy) shall mutatis mutandis apply to this Addendum.

3.2

The general provisions as outlined in the Terms of Service shall be applicable to this Privacy Policy as well.

4. ADDRESS FOR PRIVACY QUESTIONS

4.1

Should you have questions about our Privacy Policy or this Addendum or our information collection, use and disclosure practices, you may contact the Grievance Officer appointed by Aurigin in accordance with the provisions of the Data Security Rules. We will use reasonable efforts to respond promptly to any requests, questions or concerns, which you may have regarding our use of your personal information. If you have any grievance with respect to our use of your information, you may communicate such grievance to the Grievance Officer mentioned below:

Name: Puneet Maheshwari

Registered Address: Ground floor, IndiQube Penta, New No.51 (Old No.14),

Richmond Road, Bengaluru, Karnataka 560025

Email: privacy@aurigininc.com

Contact Number: +91 9739901373

Go to Top

BUY SIDE

SELL SIDE

Addendum to Privacy Policy

Addendum to Privacy Policy (EU)

Addendum To Privacy Policy - (IND)

Addendum to Privacy Policy (EU)

1. INTRODUCTION

2. DEFINITIONS

3. YOUR CONSENT

4. PROCESSING OF CUSTOMER PERSONAL DATA

5. AURIGIN’S PERSONNEL

6. SECURITY

7. SUB-PROCESSING

8. PERSONAL DATA BREACH

9. DATA SUBJECT RIGHTS

10. ACCESS, RECTIFICATION, DELETION OR RETURN OF CUSTOMER PERSONAL DATA

11. AUDIT RIGHTS

12. CHANGES IN DATA PROTECTION LAWS

13. SEVERANCE

14. DATA PRIVACY OFFICER

15. Miscellaneous

ANNEXURE 1

THE TYPES OF CUSTOMER PERSONAL DATA TO BE PROCESSED

ANNEXURE 2

PURPOSE OF PROCESSING CUSTOMER PERSONAL DATA

ANNEXURE 3

SECURITY MEASURES ADOPTED BY AURIGIN

Addendum To Privacy Policy - (IND)

1. INTRODUCTION

2. YOUR CONSENT

3. MISCELLANEOUS

4. ADDRESS FOR PRIVACY QUESTIONS

BUY SIDE

SELL SIDE

LOGIN USING YOUR EMAIL ACCOUNT

Addendum to Privacy Policy

Addendum to Privacy Policy (EU)

Addendum To Privacy Policy - (IND)

Addendum to Privacy Policy (EU)

1. INTRODUCTION

2. DEFINITIONS

3. YOUR CONSENT

4. PROCESSING OF CUSTOMER PERSONAL DATA

5. AURIGIN’S PERSONNEL

6. SECURITY

7. SUB-PROCESSING

8. PERSONAL DATA BREACH

9. DATA SUBJECT RIGHTS

10. ACCESS, RECTIFICATION, DELETION OR RETURN OF CUSTOMER PERSONAL DATA

11. AUDIT RIGHTS

12. CHANGES IN DATA PROTECTION LAWS

13. SEVERANCE

14. DATA PRIVACY OFFICER

15. Miscellaneous

ANNEXURE 1

THE TYPES OF CUSTOMER PERSONAL DATA TO BE PROCESSED

ANNEXURE 2

PURPOSE OF PROCESSING CUSTOMER PERSONAL DATA

ANNEXURE 3

SECURITY MEASURES ADOPTED BY AURIGIN

Addendum To Privacy Policy - (IND)

1. INTRODUCTION

2. YOUR CONSENT

3. MISCELLANEOUS

4. ADDRESS FOR PRIVACY QUESTIONS