Introduction
Your privacy is important to us !!
Empuls is committed to respecting privacy while using our website and products. The Privacy Policy (‘Policy’) outlines how we collect, use, disclose, and protect your personal data in compliance with applicable data privacy laws, including but not limited to the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), the UK’s Data Protection Act 2018, Australia’s Privacy Act 1988 and India’s Digital Personal Data Protection Act 2023 (DPDP Act).
This website is operated by Nreach Online Services Private Limited, a Private Limited Company also referred to as Empuls (“we”, ”us” or “our”). This privacy policy (“Policy”) explains how we collect, use and disclose information about our users when you use our mobile application (the “App”), our Web site (the “Site”), and other online products and services that link to this Policy (collectively, the “Service”). We refer throughout this policy to our users as “user,” “you,” or “your,” and we also refer to users as, “Potential Customers” to denote those visiting or site or requesting information regarding our services, “Customer Company” to denote our organizational customer, and “Employee User” to denote individual employees of customer company who are users of the app, the site, and the service through their employer.
By using the service, you consent to our collection, use, and disclosure of your personal information as described in this policy. Protecting the privacy rights of data subjects and safeguarding their personal data is now being treated as a basic right of an individual and a legal requirement in many parts of the world, being a global organization, respects the privacy of data subjects and is committed to complying with the applicable data privacy laws and legislations (including but not limited to EU General Data Protection Regulation 2016/679, California Consumer Privacy Act, The Privacy Act 1988 (Australia) Data Protection Act 2018 (UK), Information Technology Act 2000 read along with the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 and other applicable privacy laws to the extent that they apply to Empuls data processing and business operations) (the “Data Privacy Laws”).
We take your privacy seriously. If you have any questions about this Policy or about privacy at Empuls, please contact us at [email protected].
This privacy policy describes:
The information We collect, how we do so and the purposes of our collection.
· How We use and with whom We share such information.
· How you can access and update such information.
· The choices you can make about how We collect, use and share your information.
· How We protect the information we store about you
· Aggregate or scrape any content, data, or other information from the Website to be aggregated or shown with material from other sites or on a secondary site without our express written permission.
· If you access our Services from a third-party site, you may be required to also read and accept the third party’s terms of service and privacy policy.
Definitions
The meaning of some of the terms in use in the Policy are explained below:
Personal Data : Any information of “Data Subject” which can reasonably associate or link to an identifiable natural person or could include anyone who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, economic, cultural or social identity of that natural person.
Personal Information (applicable only to California residents):Information pertaining to residents of California that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household, but does not include information that is lawfully made available from federal, state or local government records, nor does it include “deidentifed” or “aggregate customer information” as those terms are defined pursuant to the California Consumer Privacy Act (CCPA).
Sensitive Personal Data : Defined as any information revealing an identified or identifiable natural person’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, and the processing of genetic information, biometric information for the purpose of uniquely identifying a natural person, data concerning health, or information concerning an individual’s sex life or sexual orientation, and data relating to offenses, or criminal convictions. With respect to California residents, in addition to the preceding, the term also includes national origin or ancestry, sexual orientation, sex (including, gender, gender identity, and gender expression), pregnancy, childbirth and medical conditions related to same, age, physical or mental disability, veteran status, genetic information and citizenship.
Process, Processes, Processed or Processing : Means any operation or set of operations which is performed on Personal Data or Personal Information or Sensitive Personal Data or on sets of Personal Data or Personal Information or Sensitive Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Consent : Any freely given, specific, informed, and unambiguous indication of the Data Subject’s wishes by which the Processing of their Personal Data, Personal Information
and/or Sensitive Personal Data via a statement or by a clear affirmative action, signifies agreement to the processing of their Personal Data, Personal Information and/or Sensitive Personal Data.
Data Subject : Relates to a particular natural person (i.e., an identified or identifiable natural person to whom the Personal Data relates. In case of a minor/ individual with mental disabilities, the data subject would be represented by a legal representative (parent/ guardian). For the purpose of clarity of this Policy, “Data Subject” means Empuls current and previous employees, prospective candidates, current, prospective and previous customer personnel, current and previous partner/vendor personnel, website visitors, sub-contractors and visitors. Empuls does not collect Personal Data/ Personal Information and Sensitive Personal Information from Data Subjects that are under the age of 18. For the purpose of CCPA, Data Subject shall include California residents.
Data Principal: Refers to individual to whom the personal data relates, analogous to the term ‘Data Subject’ used in other data protection laws
Data Controller: Means a person or organization who (either alone, or jointly, or in common) determines the purposes for which and the manner in which any Personal Data are, or are to be, Processed. For the purposes of this Policy, references to Data Controller shall mean references to Empuls and its affiliates, where relevant.
Data Processor: Is a person or organization who Processes the Personal Data on behalf of and under the instruction of the Data Controller.
Third Party: In relation to Personal Data or Personal Information or Sensitive Personal Data means any person other than the Data Subject, the Data Controller, or any Data Processor or other person authorized to process data for the Data Controller.
Personal Information we collect and process and how we use it
Information we collect from customer company
When a Customer Company indicates interest in our Service, we collect the following information via our sign-up form: full name, email address, company name and phone number. We collect this information through a landing page which an interested Customer Company might access through forms on various directory services detailed in our Third-Party Provider.
We process personal data based on the following legal grounds:
- Your consent;
- Performance of a contract;
- Compliance with legal obligations;
- Legitimate interests pursued by Empuls, provided they do not override your rights and freedoms
Personal data we collect from employee users
We collect human resource (“HR”) information, and other information about Employee Users, from the Customer Company, and at the Customer Company’s option, such as: full name, email address, phone number or any other information that may be required from time to time. This Data is provided by the Customer Company’s HR department directly or indirectly by allowing Empuls to connect customer systems like HRMS, Single sign on systems etc, and is loaded and maintained in our system to allow for analytics. As noted above, we collect certain HR information about Employee Users directly from the Customer Company.
When Employee Users answer surveys or engage in conversations with peers on the App, Site, or System by voting on surveys or engaging in text conversations between peers, we collect employee opinions from Employee Users. Employee User votes or comments are connected to their authors. When a User visits our Site, we use certain tracking data (“Tracking Information”). We use Google Analytics and Freshdesk for Tracking Information. The following Tracking Information is collected: email address, device ID, IP address. We collect your email address, IP addresses and device information, directly through inclusion of their sdk/pixel or any other information which may be required from time to time. Tracking Information is collected via the Site and our web-applications, as well as via our iOS and android implementations.
We retain personal data for as long as necessary to fulfill the purposes for which it was collected or as required by applicable laws. Once the data is no longer needed, we securely delete or anonymize it, unless retention is required for compliance with legal obligations, resolving disputes, or enforcing our agreements”
Payment information
If a third party is not paying for the service on your behalf, We will collect the billing and financial information necessary to process your charges for Empuls services which require payment, which may include your postal and e-mail addresses. Empuls may also receive the billing and payment information that you provide when your purchase is processed by another party, such as Paypal etc. Our Terms of Service explain our policies and terms relevant to our charges and billing practices. Please note that establishing an account with a third-party payment processor, like PayPal etc, may also be subject to additional policies.
Technical and usage information
When you access our websites or use our Services, we collect -
1. Certain technical information about your mobile device or computer system, including IP Address and mobile device ID; and
2. Usage statistics about your interactions with the Service. This information is typically collected using server log files or web log files (“Log Files”), mobile device software development kits and tracking technologies like browser cookies to collect and analyse certain types of technical information. Some of the cookies the Service places on your computer are linked to your user ID number(s).
Cookies and automated information collection
When you access the Service, we collect certain technical information in order to -
1. Analyze the usage of our sites and services;
2. Provide a more personalized experience; and
3. Manage testimonials.
4. You can set your web browser to warn you about attempts to place cookies on your computer or limit the type of cookies you allow.
Other sources
We may collect or receive information from other sources including third party information providers. This information will be used to supplement your profile - primarily to help you and your friends connect. It will be combined with other information We collect.
How we use the information we collect
In general, we collect, store, and use your information to provide you with a safe, smooth, efficient, and customized experience. For example, we may use information collected from you in any one or more of the following ways:
· Provide, maintain, and improve our Service.
· Provide and deliver the Service Customer Company requests and configures, process transactions and send you related information, including confirmations.
· Investigate system issues that impact our ability to provide the Service to Users.
· Send you technical notices, updates, confirmations, security alerts and support and administrative messages.
· Respond to your comments, questions and requests and provide customer service.
· Communicate to Customer Companies with you about products, services, offers, promotions, rewards, and events offered by Empuls and others, and provide news and information we think will be of interest to you.
· Monitor and analyze trends, usage, and activities in connection with our Service and improve and personalize the Service.
· Personalize and improve the Service, content or features that match user profiles or interests.
· Link or combine with information we get from others to help understand your needs and provide you with better service.
· Connect you with other users in your Contacts.
We will not sell, rent, or share Personal Data with third parties outside of our company without your consent, except in the following ways:
Law enforcement and internal operations
Personal Data may be provided where we are required to do so by law, or if we believe in good faith that it is reasonably necessary.
1. To respond to claims asserted against Empuls or to comply with the legal process (for example, discovery requests, subpoenas or warrants);
2. To enforce or administer our policies and agreements with users.
3. For fraud prevention, risk assessment, investigation, customer support, product development and de-bugging purposes; or
4. To protect the rights, property, or safety of Empuls, its users or members of the general public.
5. We will use commercially reasonable efforts to notify users about law enforcement or court ordered requests for data unless otherwise prohibited by law.
6. However, nothing in this Privacy Policy is intended to limit any legal defences or objections that you may have to any third-party request to compel disclosure of your information.
Data recipients, transfer, and disclosure of Personal Information
Empuls does not share your Personal Information with third parties for their direct marketing purposes
We share your Personal Information within Empuls, Business partners, Service vendors, Authorized third-party agents or Contractors as per the law.
We reserve the right to use or disclose your Personal Information if required by law or if we reasonably believe that use or disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or comply with a law, court order, or legal process.
Business transfer
As a global company, we may transfer personal data to countries outside your jurisdiction. Where such transfers occur, we ensure they are protected by appropriate safeguards, such as standard contractual clauses or equivalent mechanisms, in compliance with applicable data protection laws
Empuls may sell, transfer, or otherwise share some or all of its assets, including your Personal Data, in connection with a merger, acquisition, reorganization or sale of assets or in the event of bankruptcy. Under such circumstances, Empuls will use commercially reasonable efforts to notify its users if their personal information is to be disclosed or transferred and/or becomes subject to a different privacy policy.
Third – parties
We sometimes contract with other companies and individuals to perform functions or services on our behalf, such as software maintenance, data hosting, sending email messages, etc. We necessarily have to share your Personal Data with such third parties as may be required to perform their functions. We take necessary steps to ensure that these parties take protecting your privacy as seriously as we do, including entering into Data Processing Addendum(s), EU Model Clauses and/or ensuring these third-parties have EU-U.S. and Swiss-US Privacy Shield certification.
How is my data protected?
We have implemented reasonable administrative, technical, and physical security measures to protect your personal information against unauthorized access, destruction, or alteration. For example:
· SSL encryption (https) where we deal with personal data. Personal Data is encrypted in transit using https/ssl/tls and encrypted at rest. Our database is encrypted, and data transferred via sftp is encrypted using PGP.
· Password protection on your account.
· Rotating verification codes to access by some parties.
· Data is kept on secure, encrypted servers.
· Restricting staff access to Personal Data, protected by password logs and two-factor authentications.
· Non-Disclosure Agreements with vendors
· Regular staff privacy and security training
Retention and Disposal of Personal Data or Personal Information
How long we continue to hold your Personal Data/ Personal Information will vary depending principally on:
· Purposes identified in this Policy for using the Personal Data/ Personal Information/ Sensitive Personal Information – we will need to keep the information for as long as is necessary for the relevant purpose; and
· Legal obligations – laws or regulation may set a minimum period for which we will have to keep your Personal Data/ Personal Information/ Sensitive Personal Information
· Disposal of Personal Data/ Personal Information/ Sensitive Personal Information shall be handled with utmost care and shall be governed in accordance with reasonable data security practices as detailed by its internal policies governing data disposal.
· Personal Data/ Personal Information/ Sensitive Personal Data shall only be Processed for the period necessary for the purposes for which it was originally collected as per the Empuls Retention Policy.
Children’s Personal Information
Our services are not intended for use by individuals under the agre of 18 (or the applicable age of majority in your jurisdiction). We do not knowingly collect personal data from children. If we become aware that we have collected data from a minor without proper consent, we will take steps to delete such information.
We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce this Policy by instructing their children never to provide personal information through the Websites or Services without their permission. If you have reason to believe that a child under the age of 18 has provided personal information to us through the Websites or Services, please contact us at [email protected], and we will use commercially reasonable efforts to delete that information.
Access & Control Your Personal Data
Individual can review, correct, and remove your Personal Information.
· You can request access, correction, updates, or deletion of your personal information.
· You can object to processing of your personal information, ask us to restrict processing of your personal information or request portability of your personal information.
· If we have collected and process your personal information with your consent, then you can withdraw your consent at any time.
· Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent.
· You have the right to complain to a data protection authority about our collection and use of your personal information.
· Where we rely on your consent to process personal data, you have thr right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal To exercise any of these rights, please email us at [email protected]
Your Rights
As a Data Subject/Principal, you have the following rights:
- Right to access your personal data;
- Right to correction or rectification;
- Right to erasure (right to be forgotten);
- Right to data portability;
- Right to object to processing;
Right to lodge a complaint with a supervisory authority
California Privacy Rights
As per the California Consumer Privacy Act of 2018 (“CCPA”) - If you are a California resident, you have the rights outlined in this section. If you are a California resident and there are conflicts between this section and any other provision of this Policy, the portion that is more protective of your Personal Data shall control. If you have any questions about this section or whether any of the following applies to you, please email [email protected]
Access
You have the right to request certain information about our collection and use of your Personal Data over the past 12 months. We will provide you with the following information:
1. The categories of Personal Data that we have collected about you.
2. The categories of sources from which that Personal Data was collected.
3. The business or commercial purpose for collecting or selling your Personal Data.
4. The categories of third parties with whom we have shared your Personal Data; and
5. The specific pieces of Personal Data that we have collected about you.
If we have disclosed your Personal Data for a business purpose over the past 12 months, we will identify the categories of Personal Data shared with each category of third-party recipient as per CCPA.
Deletion
You have the right to request that we delete the Personal Data that we have collected from you. Under the California Consumer Privacy Act of 2018 (“CCPA”), this right is subject to certain
exceptions. For example, we may need to retain your Personal Data to provide you with the Services or complete a transaction or other action you have requested. If your deletion request is subject to one of these exceptions, we may deny your deletion request.
Exercising Your Rights
To exercise the rights described above, you must send us a request that (1) provides sufficient information to allow us to verify that you are the person about whom we have collected Personal Data (this will require you to send an email from the account in question or login credentials), and (2) describes your request in sufficient detail to allow us to understand, evaluate, and respond to it. Each request that meets both of these criteria will be considered a “Valid Request.” We may not respond to requests that do not meet these criteria. We will only use Personal Data provided in a Valid Request to verify you and complete your request. You may submit a Valid Request by emailing [email protected] You may also authorize an agent (an “Authorized Agent”) to exercise your rights on your behalf. To do this, you must provide your Authorized Agent with written permission to do, and we may request a copy of this written permission from your Authorized Agent when they make a request to exercise your rights on your behalf.
We Will Not Discriminate Against You for Exercising Your Rights Under the CCPA
We will not discriminate against you for exercising your rights under the CCPA. We will not deny you our goods or services, charge you different prices or rates, or provide you a lower quality of goods and services if you exercise your rights under the CCPA. However, we may offer different tiers of our Services as allowed by applicable data privacy laws (including the CCPA) with varying prices, rates, or levels of quality of the goods or services you receive related to the value of Personal Data that we receive from you.
Complaints and Grievances
If you have any questions or concerns regarding this Privacy Policy, your personal data, or wish to exercise your rights, you may contact our Data Protection Officer (DPO): <email address to be updated>
For grievances under India’s DPDP Act, 2023, please contact our designated Grievance Officer at <email address to be updated>, who will address your complaint within the timelines prescribed under applicable laws.
Updates to Our Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or other operational reasons. Material changes will be communicated via email (if applicable) or a prominent notice on our platform.