PRIVACY

Last Updated March 9, 2018

This Privacy Policy sets forth the policy of HumLab Private Limited, a company incorporated under the laws of India, (“HumLab”) in regard to the collection and usage of personal or corporate information that you may provide to us through using this website, or by using any product or service provided by HumLab (the “Website”). This Privacy Policy is incorporated into and made a part of our Terms of Use, and by accepting these during registration and / or by using the Website, you agree to the use of your information in accordance with this Privacy Policy. We may revise this policy from time to time, and will post the most current version on the Website. If a revision meaningfully reduces your rights, we will notify you using the email provided by you.

This Privacy Policy has been drafted in accordance with the provisions of the Information Technology Act, 2000 and the Rules thereunder, including, without prejudice to the generality of the foregoing, the Information Technology “Reasonable security practices and procedures and sensitive personal data or information” Rules, 2011. Furthermore, the contents of this Policy are in compliance with the recommendations of the Report of the Group of Exports on Privacy, chaired by Justice A.P. Shah, dated October 16, 2012. The Report made certain recommendations and articulated nine ‘National Privacy Principles’, which are in line with the aforesaid Information Technology Act, 2000 and the Information Technology “Reasonable security practices and procedures and sensitive personal data or information” Rules 2011. A copy of the Report is available at http://planningcommission.nic.in/reports/genrep/rep_privacy.pdf, and we would urge you to read the Report if you so wish. For the purposes of convenience, the nine National Privacy Principles are reproduced here; should you feel that this Policy does not meet any of the standards set out in the National Privacy Principles, please contact us at: sachin [at] humlab.in, and we will take the necessary steps to correct the mismatch between this Policy and the National Privacy Principles, if any.

The Nine National Privacy Principles:

Principle 1: Notice

Principle: A data controller shall give simple-to-understand notice of its information practices to all individuals, in clear and concise language, before any personal information is collected from them. Such notices should include:

  1. During Collection

    • What personal information is being collected;

    • Purposes for which personal information is being collected;

    • Uses of collected personal information;

    • Whether or not personal information may be disclosed to third persons;

    • Security safeguards established by the data controller in relation to the personal information;

    • Processes available to data subjects to access and correct their own personal information;

    • Contact details of the privacy officers and SRO ombudsmen for filing complaints.

  2. Other Notices

    • Data breaches must be notified to affected individuals and the commissioner when applicable.

    • Individuals must be notified of any legal access to their personal information after the purposes of the access have been met.

    • Individuals must be notified of changes in the data controller’s privacy policy.

    • Any other information deemed necessary by the appropriate authority in the interest of the privacy of data subjects.

Principle 2: Choice and Consent

Principle: A data controller shall give individuals choices (opt-in/opt-out) with regard to providing their personal information, and take individual consent only after providing notice of its information practices. Only after consent has been taken will the data controller collect, process, use, or disclose such information to third parties, except in the case of authorised agencies. The data subject shall, at any time while availing the services or otherwise, also have an option to withdraw his/her consent given earlier to the data controller. In such cases the data controller shall have the option not to provide goods or services for which the said information was sought if such information is necessary for providing the goods or services. In exceptional cases, where it is not possible to provide the service with choice and consent, then choice and consent should not be required. When provision of information is mandated by law, it should be in compliance with all other National Privacy Principles. Information collected on a mandatory basis should be anonymised within a reasonable timeframe if published in public databases. As long as the additional transactions are performed within the purpose limitation, fresh consent will not be required.

Principle 3: Collection Limitation

Principle: A data controller shall only collect personal information from data subjects as is necessary for the purposes identified for such collection, regarding which notice has been provided and consent of the individual taken. Such collection shall be through lawful and fair means.

Principle 4: Purpose Limitation

Principle: Personal data collected and processed by data controllers should be adequate and relevant to the purposes for which they are processed. A data controller shall collect, process, disclose, make available, or otherwise use personal information only for the purposes as stated in the notice after taking consent of individuals. If there is a change of purpose, this must be notified to the individual. After personal information has been used in accordance with the identified purpose it should be destroyed as per the identified procedures. Data retention mandates by the government should be in compliance with the National Privacy Principles.

Principle 5: Access and Correction

Principle: Individuals shall have access to personal information about them held by a data controller; shall be able to seek correction, amendments, or deletion of such information where it is inaccurate; be able to confirm that a data controller holds or is processing information about them; be able to obtain from the data controller a copy of the personal data. Access and correction to personal information may not be given by the data controller if it is not, despite best efforts, possible to do so without affecting the privacy rights of another person, unless that person has explicitly consented to disclosure.

Principle 6: Disclosure of Information

Principle: A data controller shall not disclose personal information to third parties, except after providing notice and seeking informed consent from the individual for such disclosure. Third parties are bound to adhere to relevant and applicable privacy principles. Disclosure for law enforcement purposes must be in accordance with the laws in force. Data controllers shall not publish or in any other way make public personal information, including personal sensitive information.

Principle 7: Security

Principle: A data controller shall secure personal information that they have either collected or have in their custody, by reasonable security safeguards against loss, unauthorised access, destruction, use, processing, storage, modification, deanonymisation, unauthorised disclosure (either accidental or incidental) or other reasonably foreseeable risks.

Principle 8: Openness

Principle: A data controller shall take all necessary steps to implement practices, procedures, policies and systems in a manner proportional to the scale, scope, and sensitivity to the data they collect, in order to ensure compliance with the privacy principles, information regarding which shall be made in an intelligible form, using clear and plain language, available to all individuals.

Principle 9: Accountability

Principle: The data controller shall be accountable for complying with measures which give effect to the privacy principles. Such measures should include mechanisms to implement privacy policies; including tools, training, and education; external and internal audits, and requiring organizations or overseeing bodies extend all necessary support to the Privacy Commissioner and comply with the specific and general orders of the Privacy Commissioner.

Please note that this Policy is only applicable to our online users and data gathered on our website humlab.in and not to any other information or website.

PLEASE READ THE POLICY CAREFULLY TO FULLY UNDERSTAND THE NATURE AND PURPOSE OF GATHERING INFORMATION, USAGE, DISCLOSURE, SECURITY PROCEDURE AND SHARING OF SUCH INFORMATION.

  1. Information we Collect

    We collect “Non-Personal Information” and Personal Information.” Non-Personal Information includes information that cannot be used to personally identify you, such as anonymous usage data, general demographic information we may collect, referring/exit pages and URLs, platform types, preferences you submit and preferences that are generated based on the data you submit and number of clicks. “Personal Information” is information which can be used to identify you as an individual; this may include your email, address, company and identity information and any other information which you submit to us through the Website.

    1. Information Collected via Technology: To view our Website you do not need to submit any Personal Information. In an effort to improve the quality of the Website, we track information provided to us by your browser or by our software application when you view or use the Website, such as the website you came from (known as the “referring URL”), the type of browser you use, the device from which you connected to the Website, the time and date of access, and other information that does not personally identify you. We track this information using cookies, or small text files which include an anonymous unique identifier. Cookies are sent to a user’s browser from our servers and are stored on the user’s computer hard drive. Sending a cookie to a user’s browser enables us to collect Non-Personal information about that user and keep a record of the user’s preferences when utilising our services, both on an individual and aggregate basis. For example, Humlab may use cookies to store the following information: session data, email address, username, and preferences. Humlab may use both persistent and session cookies; persistent cookies remain on your computer after you close your session and until you delete them, while session cookies expire when you close your browser.

    2. Information you Provide us by Registering for an Account: In addition to the information provided automatically by your browser when you visit the Website, to become a subscriber to the Website you may need to provide us with Personal information we use to populate that profile. By registering, you are authorising us to collect, store, and use your email address, and other such information you provide during registration, in accordance with this Privacy Policy. If you use an external application account (like Google) to sign in to the Website, we will collect and store your user ID. The privacy practices of these external applications are set forth in their respective privacy policies, and Humlab has no control over the uses of your ID by such parties.

    3. Information you Provide by Using the Website: You may submit User Content (as defined in the Terms of Use) to the Website, including certain information via online forms. We will not sell the information obtained in any User Content.

    4. Information you Send to Other Users: This Privacy Policy only addresses the use and disclosure of information we collect from you. If you disclose your information to other parties using the Website, or visit other websites linked through the Website, different rules may apply to their use or disclosure of the information you disclose to them. Since Humlab does not control the privacy policies of third parties, or other individuals’ actions, you are subject to the privacy policies of that third party or those individuals. We encourage you to be sure the recipients are authenticated to your satisfaction before you send them any documents or sensitive information.

  2. How We Use and Share Information

    Except as otherwise stated in this Privacy Policy, we do not sell, trade, rent, or otherwise share for marketing purposes your Personal Information with third parties without your consent.

    We may share Personal Information and User Content with vendors who are performing services for Humlab, (such as the servers for our email communications who are provided access to user’s email address for purposes of sending emails from us; authentication systems, and fraud detection). We may share Personal Information such as your name, billing address, and credit card number with vendors who assist us with payment processing. Our vendors are contractually obligated to use your Personal Information obtained from us, only at our direction and in a manner that is consistent with our Privacy Policy.

    In general, the Personal Information you provide to us is used to help us communicate with you. For example, we use Personal Information to contact users in response to questions, solicit feedback from users, provide technical support, and inform users about promotional offers.

    Humlab will offer individuals the opportunity to choose (opt out) whether their personal information is to be used for any purpose other than what it was collected for.

    We also may be required to disclose an individual’s personal information in response to a lawful request by public authorities, including to meet national security or law enforcement requirements. In response to a verified request by law enforcement or other government officials relating to a criminal investigation or alleged illegal activity, we can (and you authorise us to) disclose your name, city, state, telephone number, email address, UserID history, fraud complaints, and usage history, in connection with an investigation of fraud, intellectual property infringement, piracy, or other unlawful activity.

    In the event we undergo a business transaction such as a merger, acquisition by another company, or sale of all or a portion of our assets, your Personal Information may be among the assets transferred or examined during the due diligence process. You acknowledge and consent that such transfers may occur and are permitted by this Privacy Policy, and that any acquirer of our assets may continue to process your Personal Information as set forth in this Privacy Policy. If our information practices change at any time in the future, we will post the policy changes to the Site so that you may opt out of the new information practices. We suggest that you check the Website periodically if you are concerned about how your information is used.

  3. How We Protect Information

    1. Security: We implement security measures designed to protect your information from unauthorised access. Your account is protected by your account password and we urge you to take steps to keep your personal information safe by not disclosing your password and by logging out of your account after each use. We further protect your information from potential security breaches by implementing certain technological security measures including encryption, firewalls, and secure socket layer technology. However, these measures do not guarantee that your information will not be accessed, disclosed, altered or destroyed by breach of such firewalls and secure server software. In addition, while we take reasonable measures to ensure that other entities who provide us with payment processing services keep your information confidential and secure, such entities’ practices are ultimately beyond our control. By using our Website, you acknowledge that you understand and agree to assume these risks.

    2. Data Integrity: Humlab will use personal information and User Content only for purpose of delivering the services made available in the Website, the services agreed with subscribers or members to its various services, and within the confines of, and to facilitate the services you request related thereto.

    3. Access: Humlab will allow individuals to access their personal information. Further, Humlab will allow the individual to correct, update, or delete information. Individuals who wish to make an access request or remove personal information from our records, or if you have any questions in regard to this policy or believe that Humlab has not complied with the provisions of this policy, should direct such a request to our Privacy Officer at the address provided below or by sending an email to us at:-

      Sachin Malhan 
      info@humlab.in