Our Organisation Privacy Policy

‍
This privacy policy will explain how our organization uses the personal data we collect from you when
you use our website.

‍
Foreword

We at Our Organisation are committed to protecting the information that you share with us and explaining how we collect, process, and share that information online. When you use our services, you’re trusting us with your information. We understand this is a big responsibility and work hard to protect your information and keep it secure.

‍
We provide you with insight into the privacy practices employed here at Our Organisation.

‍
Background

This Policy provides an overview of how Our Organisation’s information of “data subjects” (hereinafter
referred to as “You or your”) personal data is collected, handled, and protected. In this policy, “we”, “us” and “our” may refer to Our Organisation Inc. or its subsidiaries and affiliates.

‍
Services Provided by Our Organisation

Our Organisation platform is designed to help you consistently with our services. We offer the capacity
to provide a platform for all the services required by small and medium enterprises, providing an end-toend solution enabling businesses.

‍
What data do we collect?

Our Company collects the following data:

‍

• Personal identification information (Name & email address)
• Any other type of personal data collected from auditors for auditing purposes will be obtained with the individual’s consent.

‍
How do we collect your data?

PII refers to any data that can identify, locate, or contact an individual directly or indirectly, either on its own or when combined with other data. You or your employer directly provide Our Company with the data we intend to collect. We collect data and process data when you:

‍

• Register online or avail of our products or services.

‍

Our Company may also receive your data indirectly from the following sources:

‍

• None

Internally, we collect PII only at the time of joining the company. This data is stored on Keka, our HR
management platform, and is only shared with a third party for background verification. The data is
collected via Google Forms.
None of the other departments collect any PII.

‍

‍
How will we use your data?

Our Company collects your data so that we can:

‍

• Provide your service, and manage your account to provide the service.
• Email you with special offers on other products and services we think you might like.
• Email you with real-time alerts of your organization.

‍

If you agree, Our Company will share your data with our partners who are also an essential part of the
service we intend to provide.

‍
How do we store your data? (If you are located in the India)

Our Company securely stores your data at a Secure storage location in India. Our Company will keep
your PII data for as long as our service is availed. Once this period has expired, we will delete your data
by scrubbing off all PII within a month of Service Termination.

‍
Data retention period is of 90 days and we store the data in India, our servers are located in the Mumbai
region.

‍
Marketing

Our Company would like to send you information about products and services of ours that we think you
might like. If you no longer wish to be contacted for marketing purposes, you can drop us an email.

‍
What are your data protection rights?

Our Company would like to make sure you are fully aware of all of your data protection rights. Every
user is entitled to the following:

‍
The right to access – You have the right to request Our Company for copies of your personal data.

‍
The right to rectification – You have the right to request that Our Company correct any information you believe is inaccurate. You also have the right to request Our Company to complete information you believe is incomplete.

‍
The right to erasure – You have the right to request that Our Company erase your personal data, under
certain conditions.

‍
The right to restrict processing – You have the right to request that Our Company restrict the processing
of your personal data, under certain conditions.

‍
The right to object to processing – You have the right to object to Our Company’s processing of your
personal data, under certain conditions.

‍
If you make a request, we have one month to respond to you. If you would like to exercise any of these
rights, please contact our Data Protection Officer or
Email us at: support@fundamento.ai
Call us: 9898659878

‍
Data Protection Officer(DPO) and their responsibilities:

DPO Contact Info

‍
Name: Khushil Khatri
Email us at: support@fundamento.ai
Call us: 9898659787

‍
DPO Roles and Responsibilities:

• Create, implement, and supervise the organization's privacy policies and processes, ensuring
  compliance with applicable data protection regulations.
  ‍
• Ensure compliance with data protection laws and regulations.
  ‍
• Act as the organization's primary point of contact for personal data processing issues.
  ‍
• To ensure that the various audits are performed within the required time range.
  ‍
• Conduct frequent audits to monitor data processing processes, identify risks, and conduct Data
  ‍
• Protection Impact Assessments (DPIAs) to evaluate and reduce data protection risks.
  ‍
• To ensure that the records of processing activities (RoPA) are completed whenever the
  organization collects and processes personal data.
  ‍
• To inform and advise the organization and its personnel who process personal data on their obligations under the GDPR or local data protection regulations.
  ‍
• Educate and train employees on data protection policies and practices, fostering a culture of
  awareness and compliance within the organization.
  ‍
• DPO conducts risk assessments related to data processing activities and factors such as the nature, scope, circumstances, and purposes.
  ‍
• To provide quick responses to individuals whose data is processed (workers, clients, or any other data subject) on any problems concerning the processing of their personal data and the exercise of their rights as outlined in the Regulation.

‍

‍
Consent Management

• Obtaining Consent:
  Our privacy policy details transparently the purposes of data processing, the affirmative
  actions required for consent, and the granularity of choices, ensuring individuals have clear
  control over their data.
• Modification of Consent:
  Users can conveniently modify consent preferences through accessible settings, with
  notifications for changes, and comprehensive documentation maintained for all modifications.
• Withdrawal of Consent:
  Clear instructions on withdrawing consent are provided in our privacy policy, ensuring no
  negative consequences, and a detailed record-keeping process is outlined for transparency
  and compliance.

‍

‍
Children’s Privacy:

The site and our product are not intended for use by children, and Our Company does not knowingly
collect personal information from anyone under 13 years of age. Product access is granted only to the employees of our client companies, assuming they are all above 18 years of age. In case of any exceptions, We collect it with parental consent.

‍
What are cookies?

Cookies are text files placed on your computer to collect standard Internet log information and visitor
behavior information. When you visit our websites, we may collect information from you automatically
through cookies or similar technology. For further information, visit the cookie link (wiki).

‍
How do we use cookies?

Our Company uses relevant cookies and a session variable that is to Keeping you signed in to our application

‍

‍
Data Breach Procedure and Reporting Time Period:

In the event of a data breach, we follow a stringent procedure to mitigate and address the incident
promptly. Our response includes identifying the breach, containing its impact, assessing affected data,
notifying relevant authorities, and communicating transparently with affected individuals. We conduct
thorough investigations to understand the extent of the breach and implement corrective measures to prevent recurrence.
Any detected data breach will be reported to relevant authorities and affected individuals within 72 hours
of its identification in compliance with applicable data protection regulations.

‍
Data Subject Rights

‍
1. Right to Access
The right to request access to the personal data Fundamento holds about them. To obtain a copy of this
data, you should contact the DPO. They shall respond to such requests within 2-3 working days.

‍
2. Right to Rectification
If you believe that any personal data held by Fundamento is incorrect or incomplete, you can request that
it be corrected or updated. To make such a request, customers should contact the DPO.

‍
3. Right to Erasure (Right to be Forgotten)
You have the right to request the deletion of their personal data when it is no longer necessary for the
purposes for which it was collected, or if they withdraw their consent on which processing is based. To
request erasure, you should contact the DPO. Fundamento will review the request and inform you of the
action taken.

‍
4. Right to Restriction of Processing
You have the right to request the restriction of processing personal data in certain circumstances, such as when you contest the accuracy of the data or object to its processing. To request a restriction, you should
contact the DPO.

‍
5. Right to Data Portability
If you wish to obtain a copy of your personal data in a structured, commonly used, and machine-readable format, or if you want us to transfer your data to another organization, you can make a data portability request. Requests should be directed to the DPO.

‍
6. Right to Object
You have the right to object to the processing of your personal data based on Fundamento's legitimate
interests or for direct marketing purposes.

‍
Privacy policies of other websites

Our Company website contains links to other websites. Our privacy policy applies only to our website, so
if you click on a link to another website, you should read their privacy policy.

‍
Changes to our privacy policy

Our Company keeps its privacy policy under regular review and places any updates on this web page. This privacy policy was last updated on 15-07-2024.

‍
How to contact us?

If you have any questions about Our Company's privacy policy or the data we hold on you or if you
would like to exercise one of your data protection rights, please do not hesitate to contact us.

‍
Email us at: support@fundamento.ai
Call us: 9770552023

‍
How to contact the appropriate authority?

Should you wish to report a complaint or if you feel that Our Company has not addressed your concern satisfactorily, you may contact the Information Commissioner's Office.

‍
ENFORCEMENT

We expect all employees to comply with this policy and any related policies, standards, processes,
procedures, and guidelines. Failure and/or refusal to abide by this policy may be deemed a violation.
Compliance with the policies will be a matter of periodic review by the Information security officer /
Information Security Team. Any employee found to have violated this policy may be subject t disciplinary action, as deemed appropriate by management and Human Resources policies.

‍

• Monitoring: The company employs appropriate technology solutions to monitor policy/ procedure compliance.
• Self-Assessment: The CEO/CTO are required to conduct self-assessment within their areas of
  control to verify compliance with this policy/ procedure.

‍
SPECIAL CIRCUMSTANCES AND EXCEPTIONS

All exceptions to this policy/ procedure will require a waiver explicitly approved by one of Our
Organisation's CEO/CTO.

‍

‍