KOMRISK PRIVACY AND SECURITY POLICY
DEFINITIONS
“Client Data ”means and includes without limitation (i) any proof of compliance such as scanned copies of forms, internal memos, statutory documents, reports, filings, applications, notices, etc. uploaded by you through the Portal (defined below); and (ii) Password.
“Lexplosion ”, or “Us ”or “We ”shall mean and include Lexplosion Solutions Private Limited, its authorized employees, and affiliates.
“Processing ”shall mean and include without limitation any operation or set of operations which is performed upon Client Data, such as alteration, retrieval, disclosure, dissemination, blocking, erasure or destruction.
“Password ”shall mean the password used by You (defined below) to access the Komrisk portal.
“Portal ”shall mean the web portal which is to be used to access Komrisk.
“Third Party Vendors ”shall mean and include without limitation any third party vendor and hosting partner of Lexplosion engaged in developing, managing, maintaining and hosting the Portal where Client Data is stored.
“You ”means and includes any person such as a natural person, company, organization or legal entity, submitting information, in the capacity of a client or customer, to Lexplosion.
BACKGROUND
Lexplosion respects the privacy rights of its users and is strongly committed to protecting their privacy. This privacy policy applies to Client Data submitted by You through the Komrisk application and identified in writing as confidential. It does not apply to any other products or services or to information collected in any other way (whether offline or online), by Lexplosion, its affiliates or representatives.
In this Privacy Policy, We have referred to any information or document collected by Us or submitted by You, as "Client Data ”(defined under the definition section). This policy applies to anyone who is using the Komrisk Portal and uploading any data, irrespective of whether the data belongs to that person or any other person or organization and irrespective of whether the data is identified in writing as confidential so long as such data may be reasonably understood to be confidential due to the nature of information.
By using the Portal and submitting information (including any personal information), You confirm that You have read this Privacy Policy and the Terms of Service as available on the Portal, You have the right to submit such information and give Us Your consent to the receipt and use of the data and information in the manner stated in this Privacy Policy or as per applicable laws. You also represent that if You upload personal data or information of any third party such as employees, consultants, agents, You will take due prior written authorization/ consent from such third party for the submission of such personal data or information (including sensitive personal data or information) on the Portal and its use by Us in the manner stated in this policy. Neither We, nor any other person or organization will be responsible for any failure on Your part to comply with such requirement and You will be solely responsible for the consequences.
COLLECTION AND USE OF DATA
Lexplosion or Third Party Vendors receives Client Data as and when it is uploaded into the servers of Lexplosion or Third Party Vendors through the Portal, by You.
Lexplosion and the Third Party Vendors shall have the right to access the Client Data. Such right shall however be exercised by Lexplosion and/ or the Third Party Vendors only to process your requests for technical assistance and/or providing You with any Client Data that you may request.
You are hereby informed that Lexplosion uses Third Party Vendor ’s servers to host the ‘Komrisk ’application. Please refer to Annexure A for the links to the privacy policy and security controls of such Third Party Vendor to understand the terms and conditions relating to access, use and storage of Your data on their servers
DISCLOSURE OF CLIENT DATA
Lexplosion and Third Party Vendors shall not share Client Data with any other party under any circumstances, except upon express written instruction by You or for the purposes of or in relation to providing you access to Komrisk. This restriction shall, however, not apply to the transfer of the Client Data from one server of Lexplosion to another either within or outside the country or the transfer from Lexplosion ’s server to the server of Third Party Vendors or vice versa or the transfer from the server of one Third Party Vendor to the server of another Third Party Vendor within or outside the country. Lexplosion however shall ensure that the Third Party Vendors in whose server the Client Data is stored shall not have access to such data. Although Lexplosion owns all rights to the software, code, databases, and other applications related to providing of services, You retain all rights to the Client Data.
Lexplosion may disclose Client Data to unaffiliated third parties if it believes in good faith that such disclosure is necessary (i) pursuant to law, regulatory requirements or the order of any court or governmental authority or (ii) in order to comply with or avoid violation of any request by a regulatory authority, or (iii) to prevent fraud or abuse of other Komrisk users; or (iv) protect Lexplosion ’s rights, property, safety, or interest; or (v) perform a task carried out in the public interest . Lexplosion shall, however, give prompt notice to You of such order so that You may (1) interpose an objection to such disclosure, (2) take action to assure confidential handling of the Client Data or (3) take such other action as it deems appropriate to protect the Client Data, unless prohibited by law from doing so.
SECURITY OF CLIENT DATA
Any Client Data collected by/ shared with Lexplosion shall be kept on secure servers. Lexplosion uses all reasonable administrative, technical, personnel, and physical measures to protect Client Data on such servers. The servers on which information is stored are kept in a controlled environment with limited access.
Lexplosion and the Third Party Vendors have implemented technical and organizational measures to ensure the security and confidentiality of Client Data in order to prevent, among other things, accidental, unauthorized or unlawful Processing of Client Data. The security measures taken are in compliance with applicable data protection regulations and shall be adapted to the risks presented and the nature of the Client Data to be Processed, having regard to the state of the art and the cost of implementation.
For measures taken by the Third Party Vendor, please refer to their security control document (refer to Annexure A below).
While We take reasonable efforts to guard information We knowingly collect directly from You, no security system is impenetrable.
YOUR CONSENT
By using the Komrisk and uploading Client Data, You consent to the collection, possession, storage, handling and use of the Client Data by Us as stated herein.
You have the option of withholding Your consent to the collection of any sensitive personal data and information by Us through the Portal. You may also after giving Your consent to us to receive and process Your sensitive personal data and information on the Portal, withdraw such consent at a subsequent stage. Withdrawal of consent shall be sent in writing to Us. If You choose not to provide Client Data or subsequently withdraw your permission, We will not be able to provide You access to the Portal and/ or the agreed services may not be fully available to You and/or We shall have the option to completely stop providing You with access to the Portal and/or the services for which the said information was sought.
ACCURACY OF DATA AND CORRECTION
You shall be permitted, as and when requested by You, to review the Client Data which You had provided. If You find any inaccuracy or deficiency, You may ask for corrections to be made and Lexplosion will try to accommodate Your request to the extent feasible. We shall at no point in time be responsible for any inaccurate information provided by You.
NAME AND ADDRESS OF THE ENTITY COLLECTING AND RETAINING YOUR INFORMATION
Name and address of the entity collecting and retaining Your Client Data shall be the as stated below:
Name and address of the entity collecting Your Client Data - Lexplosion Solutions Private Limited, Office HQ: Office No. 12ES14, 12th Floor, Mani Casadona, Plot No. IIF, Action Area IIF/04, Newtown, Rajarhat, Kolkata –700135.
Name and address of the entity retaining and hosting Your Client Data –
Amazon Web Services, Inc.
Hosting Client Data at AWS Asia Pacific (Hyderabad and Mumbai) Region
GRIEVANCE OFFICER
In accordance with Information Technology Act 2000 and rules made there under, the name and contact details of the grievance officer are specified below for redressing Your grievances regarding Client Data. The grievance officer shall redress the grievances regarding Client Data within one month from the date of receipt of grievance.
Name of Grievance Officer: Mr. Sovan Das
Phone number of Grievance Officer: 9830382381/ 033-40618083
Email – sovan.das@lexplosion.in
TRANSFER OF CLIENT DATA
Some of the uses and disclosures mentioned in this privacy policy may involve the transfer of Client Data within as well as outside India from one server to another, whether owned by Lexplosion or Third Party Vendors, only for the purpose of storage. We will make commercially reasonable efforts that the jurisdiction where data gets transferred requires at least the same level of data protection as applicable to Us. Client Data will be transferred only if it is necessary or required for the performance of Our lawful contractual obligation towards You. It should be noted in this connection that different jurisdictions may have different requirements of privacy of data. By submitting Client Data through the Portal, You consent to such transfers and compliance with data privacy requirements.
MODIFICATIONS TO THIS PRIVACY POLICY
If Lexplosion decides to change this privacy policy, it will post those changes on this page so that You are always aware of how Lexplosion uses Client Data and under what circumstances it can be disclosed. Any changes to the privacy policy will be communicated to You in advance of implementation.
LINKS TO OTHER THIRD PARTY SOFTWARE
The Portal has a link to a web-form (“Customer Support Centre ”), which is hosted by Third Party Vendors, for collecting information related to issues encountered by You during usage of Komrisk (known as “User Cases ”). If You generate User Cases using the Customer Support Centre, You agree to submit User Case related information to such Third Party Vendors who will use the logged data to assign the User Case to the authorized support agents for resolution. You hereby acknowledge that such transmission of information is not a breach of any terms and conditions of this Privacy Policy.
QUESTIONS REGARDING THIS PRIVACY POLICY
If you have questions regarding this privacy policy, please contact Us at Komrisk@lexplosion.in .
RETENTION OF DATA
Upon termination of Your Komrisk subscription or upon Your earlier request, Lexplosion shall purge any Client Data from all computer and other data storage systems within 45 days of termination or request, and certify to You in writing that it has done so; provided, however, that Lexplosion shall not be required to purge any Client Data that it is required to retain pursuant to law or regulatory requirements or to resolve disputes, or enforce our agreements .
VALIDITY
This privacy policy shall be valid for the entire duration during which You store Client Data using the Portal, unless modified by a subsequent privacy policy.
ANNEXURE A
The privacy policy and security controls of the Third Party are provided on their websites, including the ones listed below: