Privacy Policy

1. WHO ARE WE?

GoTrust (“GoTrust”) privacy automation tool, including (without limitation) our website www.gotrust.tech is owned, operated and distributed by GoTrust (Tekhsters IT Services (OPC) Private Limited) (referred to in this Privacy Policy as “GoTrust” or “we” and through similar words such as “us,” “our,” etc.).

GoTrust is based out of India and the Netherlands and is focused on solving global privacy requirements. We offer a complete suite to cater to all the privacy compliance and operational needs of organisations.

This Privacy Policy outlines how we collect, use, and protect your information when you visit our website. As an India and Netherlands based company serving clients all across the globe, we comply with the California Consumer Privacy Act of 2018 [1798.100 - 1798.199.100] (‘CCPA’); the Personal Information Protection and Electronic Documents Act of 2010 (S.C. 2000, c. 5) (‘PIPEDA’); General Data Protection Regulation (EU) 2016/679 (‘GDPR’); Digital Personal Data Protection Act, 2023 (Act 22 of 2023) (‘DPDPA’), Privacy and Electronic Communications Directive 2002/58/EC (‘ePrivacy Directive’), Privacy and Electronic Communications Regulations 2003 (‘PECR’) and other applicable data protection laws.

By using our Services, you agree to the collection and use of information in accordance with this policy. If you have any questions or concerns about our privacy practices, please contact us at privacy@gotrust.tech

2. OUR PRIVACY COMMITMENT

GoTrust is deeply committed to protecting your privacy and ensuring the security of your personal information. Our dedication to privacy extends across all aspects of our operations, from the collection and processing of data to its storage and disposal. We adhere to stringent data protection standards and comply with applicable laws and regulations to safeguard your information.

Our practices are designed to ensure transparency, providing you with clear information about how your data is used, and giving you control over your personal information. We continuously review and enhance our privacy measures to adapt to evolving legal requirements and technological advancements, reinforcing our commitment to maintaining the trust you place in us.

We may collect the following types of information:

3. WHAT IS PERSONAL DATA?

Personal Data refers to any information that can identify you either directly or indirectly. This includes details such as your name, address, email address, phone number, payment information, and purchase history. It also encompasses usage data, IP addresses, member IDs, and any other information you provide when using our services or reaching out to us.

4. TERMS USED IN THIS POLICY

In this Privacy Policy, the following terms shall have the meanings ascribed to them below:

4.1. “Adjudicating Authority” shall mean and include the following:

a. The Supervisory Authority for the respective EU member state.

b. The Data Protection Board of India (DPBI) for Data Subjects residing in India.

c. The Office of the Privacy Commissioner of Canada (OPC) for Data Subjects residing in Canada.

d. California Privacy Protection Agency (CPPA) for California consumers.

4.2. “Child” shall mean an individual below the age of 16. In India it shall mean an individual below the age of 18.

4.3. “Consent” shall mean any freely given, specific, informed and unambiguous indication of the Data Subject's wishes by which they, by a statement or by a clear affirmative action, signify agreement to the processing of Personal Data relating to them.

4.4. “Data Controller” or “Controller” refers to a party that determines the purposes and means of processing Personal data.

4.5. “Data Processor” or “Processor” refers to a party that processes Personal data on behalf of the Controller.

4.6. “Data Subject” is the individual to whom the Personal Data related to.

4.7. “Employee” shall mean all the employees of GoTrust including part-time and full-time employees and consultants.

4.8. “Legal Basis for Processing” shall mean the legal basis based on which the processing of Personal Data is considered lawful.

4.9. “Personal Data” or "Personal Information" is any data about an individual identifiable by such data - for example, name, contact information, identification numbers, etc.

4.10. “Processing” means any operation or set of operations which is performed on personal data or on sets of personal data, whether by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

4.11. “Services” refers to all services, features, applications, information, and other offerings provided through our website, customer support and other platforms.

4.12. Third Parties: It shall mean a natural or legal person, public authority, agency or body other than the Data Subject, Data Controller, Data Processor and persons who, under the direct authority of the Data Controller or Data Processor, are authorized to process Personal Data. Contractors and Vendors are also Third Parties under this Policy.

4.13. “Website” refers to www.gotrust.tech which may be accessed by you through web browsers.

5. INFORMATION WE COLLECT

Information you provide to us directly:

5.1. Account Information: Through the registration process, we ask for your work email address, name, job title, work organisation details to create your account. If you create an account through a third-party service (e.g. Google), we may receive personal data that you allow such third-party service to share with us, such as your name and email address.

5.2. Customer Support: When you reach out to us for customer support, we may collect essential information such as your name, email and contact details to provide the assistance you need. We ensure that we only request the information strictly necessary to address your support inquiries effectively and efficiently. This enables us to resolve your issues promptly while respecting your privacy.

6. INFORMATION WE AUTOMATICALLY COLLECT FROM YOU:

6.1. Device Information: When you access our website or Mobile Application using a desktop or mobile device, we may be able to identify your device's unique device identifier, operating system, and your mobile device's advertising ID. We collect this data through the use of cookies. To understand how we process cookie data, please refer to our https://www.gotrust.tech/Privacy-Policy.

6.2. Usage Data: When you use our website, we automatically collect data about how you engage with our Services, such as browsing. This data may include your Internet Protocol (“IP”) address, browser type, domain names, referring and exit URLs, pages viewed and the order of these page views, the date and time you access our servers, and other diagnostic data collected through cookies.

6.3. Location Information: When you use our website, we may infer your location. Specifically, we may use your IP address to infer your general geographic region.

7. COOKIES

We use cookies and similar technologies on our website to help us collect personal data. These technologies help us to better understand user behaviour including for security and fraud prevention purposes, tell us which parts of our website people have visited, and facilitate and measure the effectiveness of web functions. For more details on how we process cookie data and your control over it, please refer to our website https://www.gotrust.tech/Privacy-Policy.

8. CHILDREN’S PERSONAL DATA

We do not knowingly collect personal data from children. If you are a child, then you are not permitted to use our website or to disclose any personal data. If we learn we have collected or received data from a child, we will delete that information. If you believe we might have any information from or about a child, please contact us using the details outlined at the end of this Privacy Policy and we will promptly take measures to delete such information

9. LEGAL GROUNDS FOR PROCESSING

We process your personal data based on several legal grounds to ensure our activities are lawful and your rights are protected.

9.1. Consent: When you provide consent for us to use your data for specific purposes, such as sending the survey form to the participants via email. You can withdraw your consent at any time by contacting us or using the unsubscribe options provided in our correspondences.

9.2. Contractual Necessity: To fulfil our contractual obligations to you such as managing your account and providing customer support.

9.3. Legal Compliance: To comply with legal obligations, such as retaining transaction records for tax and accounting purposes or responding to lawful requests from public authorities.

9.4. Legitimate Interest: We may process your personal information when necessary for our legitimate interests and when these interests do not outweigh your own rights and interests. This covers processing for purposes such as our customer service support, improving or developing our products and services; and security purposes including fraud prevention.

In rare instances, we may need to process your data to protect your vital interests or those of another person, such as in cases of emergency.

We ensure that we have a valid legal basis for processing your data and that your rights are protected throughout our processing activities. If you have any questions about the legal grounds on which we process your data, you may reach out to us using the information provided below in the Contact Us section of this Policy.

In rare instances, we may need to process your data to protect your vital interests or those of another person, such as in cases of emergency.

10. HOW WE USE YOUR DATA

GoTrust uses personal data to power our Services, communicate with you, improve our service, personalise your experience, and comply with the law. The usage of your personal data will depend on the Services you use. In each case, we process such information only in so far as is necessary or appropriate to fulfil the purpose of the interaction with our Services.

10.1. To Provide our Services: When you purchase a service from Website, we collect and process the necessary information to fulfil your request, such as your name, address, and contact details. This information is used to provide you access to such service.

10.2. To Manage your Account: If you create an account on our website, we collect and process the information you provide to manage your account, including maintaining your profile and tracking your surveys.

10.3. To send emails and other communications: We may use your contact information to communicate with you about your surveys, responses, reports and important updates regarding our Services, such as changes to our terms or policies.

10.4. Customer Support: If you send us a request (for example via a support email or one of our feedback mechanisms), we respond to your request to assist you. We may also gain access to any data stored within our application by you to help with your inquiries.

10.5. Financial Information: We do not collect any financial-related information from you when you purchase a service through our website.

10.6. Analytics and Improvement: We may collect and analyse data about how you interact with our website, such as the pages you visit. This information helps us understand your preferences and improve our Website and Services.

10.7. Legal Compliance and Protection: We may process your data to comply with legal obligations, such as tax and accounting requirements, or to protect our rights, property, or safety, as well as those of our customers and others.

We only process your personal data for the purposes described above and ensure that the processing is necessary, proportionate, and limited to what is necessary for the purposes for which it was collected.

11. YOUR INFORMATION SHARED WITH OTHERS

Respecting your privacy is at the core of our values, and we are committed to safeguarding your personal information. To provide you with our services and improve your experience, we may need to share your data with trusted third parties. This section outlines how and why we share your data, ensuring that it is done responsibly and securely.

Data Sharing and Cross-border Data Transfer: We may engage third-party companies to facilitate our services, provide services on our behalf, or assist us in analysing how our services are used. These third parties may have access to your personal information only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose. We ensure that we enter into binding confidentiality agreements with such third parties and that they are compliant with the applicable data protection laws. We will not share your personal/business information with other, third-party companies for their commercial or marketing use without your consent or except as part of a specific program or feature for which you have the ability to opt-in or opt-out. Additionally, we implement added safeguards such as encryption, pseudonymisation, and strict access controls to enhance the security of your data.

Where we transfer personal data outside the EU, we either transfer personal data to countries that provide an adequate level of protection as determined by the European Commission or use alternative safeguards. Standard contractual clauses are used as the appropriate safeguards.

When we transfer Personal Data outside India, we ensure that no data is transferred to a country or territory which has been blacklisted by the Central Government.

12. DATA RETENTION

We retain your Personal data for varying durations based on its category and our relationship with you. We aim for data to be retained only for as long as is strictly necessary to fulfil the purposes as outlined in this Privacy Policy or as required by law. Once data is no longer needed, it is securely deleted or anonymised.

When you choose to close your account with us, we delete your personal data immediately upon the closure of your account. We may only keep your personal data for a longer period of time if there are any legal requirements, if there is an ongoing dispute or if we have a pending transaction with you. For the data we process based on your consent, if you withdraw your consent at any time, we delete your information as soon as your request is verified.

Some information that is necessary for statutory obligations such as records of payment processing and invoicing data may be retained as required under applicable laws. Further details pertaining to the retention period is provided in the Data Retention Policy.

13. SECURITY MEASURES TO PROTECT YOUR DATA

We prioritise the security of your personal data through a robust approach. We implement security controls to prevent breaches and unauthorised access. Our data collection and processing are limited to only the necessary personal data for the intended purposes, minimising the risk of unauthorised access.

To protect your data from loss, misuse, and unauthorised access, we maintain a range of reasonable and appropriate security measures. These measures include physical access controls and digital access controls. We also use industry-standard encryption protocols to secure your data during transmission and at rest, ensuring its confidentiality and protection against unauthorised access. Regular audits of our security measures and systems are conducted to identify and address potential vulnerabilities.

Users are responsible for maintaining the security of any password, user ID or other form of authentication involved in obtaining access to password protected or secure areas of the Service. We may suspend your use of any of the Service, without notice, pending an investigation, if any breach of security is suspected, in order to protect you and your information.

We provide regular training to our employees on data protection and security best practices to ensure they understand their responsibilities in safeguarding your data. In the rare event of a data breach, we have a response plan ready to quickly assess the situation, mitigate any harm, and notify the necessary authorities and affected individuals.

14. EXTERNAL LINKS

Our website may contain links to other websites maintained by third parties. We exercise no control over linked sites and GoTrust shall not be responsible for the privacy practices or the content of these sites. You are requested to view the privacy policies of these other sites before providing any personal/business information to them.

You hereby acknowledge and agree that GoTrust is not responsible for the privacy practices, data collection policies and procedures, or the content of such third-party sites, and you hereby release GoTrust from any and all claims arising out of or related to the privacy practices, data collection policies and procedures, and/or the content of such third-party sites.

15. YOUR DATA SUBJECT RIGHTS

Ensuring the protection and privacy of your personal information is fundamental to our commitment. Under data protection laws, you have specific rights regarding your data. This section details these rights and explains how you can exercise them.

15.1. Know your rights:

S. No.

Data Subject Right

Applicable Jurisdictions

1. Right to be Informed

EU, California, India, Canada

2. Right to Access

EU, California, India, Canada

3. Right to Rectification

EU, California, India, Canada

4. Right to Erasure

EU, California, India, Canada

5. Right to Restrict Processing

EU

6. Right to Data Portability

EU, California

7. Right to Object

EU

8. Right to withdraw Consent

EU, India, Canada

9. Right not to be subjected to Automated Processing/ Decision-Making

EU

10. Right to Grievance Redressal

India

11. Right to opt-out of Sale/sharing of Personal Data

California

12. Right to non-discrimination

California

13. Right to Nominate

India

14. Right to limit the use and disclosure of sensitive personal information

California

a. Right to be Informed: You have the right to be informed about the collection and use of your personal data. This includes information about the purposes for processing your data, the retention periods for that data, and who it will be shared with.

b. Right to Access: You have the right to request access to the personal data we hold about you and to receive a copy of that data.

c. Right to Rectification: If you believe that the personal data, we hold about you is inaccurate or incomplete, you have the right to request that we correct or complete it.

d. Right to Erasure: You have the right to request that we delete your personal data in certain circumstances, such as when it is no longer necessary for the purposes for which it was collected.

e. Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data.

f. Right to Data Portability: Whenever we process your personal data, by automated means based on your consent or based on an agreement, you have the right to receive the personal data you have provided to us in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

g. Right to Object: You have the right to object to the processing of your personal data in certain circumstances, such as when we are processing your data for direct marketing purposes.

h. Right to Withdraw Consent: If we are processing your personal data based on your consent, you have the right to withdraw your consent at any time.

i. Right to Grievance Redressal: You have the right to lodge a complaint with the relevant Adjudicating Authority if you believe that we have infringed your rights under data protection laws. You may also reach out to the relevant authorities depending on the jurisdiction where you are based in.

j. Right not to be subjected to Automated Processing/ Decision-Making: You have the right not to be subject to a decision based solely on automated processing, including profiling, which produces legal effects or significantly affects them, except in certain permitted circumstances.

k. Right to Nominate: You shall have the right to nominate any other individual, who shall, in the event of your death or incapacity, exercise your rights on your behalf.

l. Right to Opt-Out of the Sale of Personal Data: You have the right to opt-out of the sale of your Personal Data to Third Parties.

m. Right to Non-Discrimination: You shall not be discriminated against by the Data Controller on account of exercising any of the consumer rights provided.

n. Right to Limit the use and disclosure of sensitive personal information: You have the right to direct a business (Data Controller) that collects your sensitive personal information to limit its use of the sensitive personal information to what is necessary to perform the services.

15.2. Exercising your Data Subject Rights

Depending on the applicable laws, you may have multiple rights available to you. You can reach out to us anytime if you have any questions or wish to exercise your rights using the information in the "Contact Us" section below or through dsr@gotrust.tech or through email at privacy@gotrust.tech . If you, as a data subject, are unable to reach out to us to exercise any of your rights as listed above, you may nominate a representative who may contact us on your behalf. We may require such a representative to provide adequate proof to confirm the request.

To confirm your identity and ensure the security of your personal information, we may ask you to verify the details we already have on file or provide additional documentation. If we are unable to verify your identity based on the available information, we may request additional details which will be used solely for identity verification and to maintain the security and integrity of our services, as well as to prevent fraud.

16. How to Exercise Your Rights

To exercise any of these rights, please submit a request through [DSR link]. We may require identity verification to process your request. We will respond to your request within the time limits prescribed by applicable laws.

For more details about how we handle your personal data, please review our full Privacy Policy.

17. MONITORING, REVIEW AND UPDATE

Regular monitoring and periodic reviewing of this Policy shall be done to ensure compliance with the latest legal and regulatory requirements and to identify potential vulnerabilities. GoTrust shall modify this policy from time to time to ensure that it accurately reflects the legal requirements. When material changes are made to this policy, we will post the revised policy on our website.

18. CONTACT US

If you have questions or complaints regarding this Policy or the use of our services, you may contact us via email at privacy@gotrust.tech . You may also contact us at our mailing address as provided below. Please mention "Data Privacy" as the Subject in your mail for convenience.