The personal data that we collect are:
- Email address
- Name
- Gender
- Email address
- Postal address
- Telephone/mobile number
- Educational qualification records
- Employment history records (If needed we will collect the IT returns)
- PAN
- Aadhaar
- Voter ID
- Passport
- Blood group
- Driving license
- Bank statement (If need arises)
- Credit information (If need arises)
- Medical records and history (If need arises)
By accessing our website or providing data directly to ChainSys through customer website/ portal or through ChainSys internal portal/ any other source, you agree and consent to the collection and use of your personal information and sensitive personal information for specific verification and screening
purposes only.
We collect information in the below ways:
- Online job application form under career option on ChainSys’s website
- Marketing Emails and Communications
- ChainSys prospective customers and stakeholders provide their name, email id and contact
information on the contact us form on ChainSys’s website. Please review each ChainSys’s terms of use and privacy policies carefully before using the services. - Customers for loans who use our services based on the contract entered, shares any kind of personal data that is required to perform the Employee background and credentials verification.
- Information from other sources (We may obtain information, including Personal Data, from
third parties and sources other than the Service, such as our partners, mutual connections,
advertisers, credit rating agencies, and Integrated Services. If we combine or associate information from other sources with Personal Data that we collect through the Service, we will treat the combined information as Personal Data in accordance with this Policy
1.3. How We Use Your Personal Data
ChainSys takes your privacy very seriously and will never disclose, share, or sell your data without
your consent, unless required to do so by law. We only retain your data for as long as is necessary
and for the purpose(s) specified in this notice. Where you have consented to us providing you with promotional offers and marketing, you are free to withdraw this consent at any time. The purposes
and reasons for processing your personal data are detailed below:
- We collect your personal data in the performance of a contract or to provide a service. We use the information to operate, maintain, enhance and provide all features of the Service, to provide the services and information that you request, to respond to comments and questions and to provide support to users of the Service. We process personal data collected in
performance of a contract solely in accordance with the directions provided by the contract. - We will occasionally send you marketing information like updates on promotions and events relating to services offered by us where we have assessed that it is beneficial to you as a
customer and in our interests. Such information will be non-intrusive and processed on the
grounds of legitimate interests. - We may use your email address or other information to contact you for administrative
purposes such as customer service, to address intellectual property infringement, right of
privacy violations or defamation issues related to personal data posted on the Service - Information from other sources (We may obtain information, including Personal Data, from
third parties and sources other than the Service, such as our partners, mutual connections,
advertisers, credit rating agencies, and Integrated Services. If we combine or associate
information from other sources with Personal Data that we collect through the Service, we will
treat the combined information as Personal Data in accordance with this Policy
1.4 Your Rights
- What personal data we hold about you
- The purposes of the processing
- The categories of personal data concerned
- The recipients to whom the personal data has/will be disclosed
- How long we intend to store your personal data for
- If we did not collect the data directly from you, information about the source
If you believe that we hold any incomplete or inaccurate data about you, you have the right to ask us to correct and/or complete the information and we will strive to do so as quickly as possible; unless there is a valid reason for not doing so, at which point you will be notified.
You also have the right to request erasure of your personal data or to restrict processing in accordance with the data protection laws; as well as to object to any direct marketing from us. Where applicable,
you have the right to data portability of your information and the right to be informed about any automated decision-making we may use.
If we receive a request from you to exercise any of the above rights, we may ask you to verify your identity before acting on the request; this is to ensure that your data is protected and kept secure.
Requests to access, change, or remove your information will be handled within thirty (60) days.
1.5 Sharing and Disclosing Your Personal Information
We do not share or disclose any of your personal information without your consent, other than for the purposes specified in this notice or where there is a legal requirement.
A. Unrestricted Information
Any information that you voluntarily choose to include in a Public Area of the Service, such as a public profile page, will be available to any Visitor or User who has access to that content.
B. Service Providers
- System Administration
- Hosting
- Maintenance
- Court Check
- Credit Check
- Drug Check
- Education Check
- Employment Check
- Residential Check
These third parties may have access to, or process Personal Data as part of providing those services for us. We limit the information provided to these service providers to that which is reasonably necessary for them to perform their functions, and our contracts with them require them to maintain the confidentiality of such information.
We may disclose such Information to related third parties outside of the country (such country or countries having same level of data protection as in our country) for the purpose of verification if the subject is a foreign national or employed/being employed outside India.
ChainSys may disclose and transfer such information to a third party who acquires any or all of ChainSys’s business units, whether such acquisition is by way of merger, consolidation or purchase of all or a substantial portion of our assets or by any other permitted method. A prominent notice will be
displayed on our website to intimate you of any such change in ownership or control. Third parties referred to in this section includes our associates, affiliates or related entities
1.6 Safeguarding Measures
ChainSys takes your privacy seriously and takes every reasonable measure and precaution to protect and secure your personal data. We work hard to protect you and your information from unauthorized
access, alteration, disclosure, or destruction and have several layers of security measures in place,
including:
- Encryption of data during transit (HTTPS)
- Encryption of data at rest
- Restricted access to only authorized personnel through authentication and password
mechanisms - Implementation of anti-malware software
- Network protection through firewalls
However, no method of transmission over the Internet, or method of electronic storage, is 100% secure. We cannot ensure or warrant the security of any information you transmit to us or store on the Service, and you do so at your own risk. We also cannot guarantee that such information may not be
accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial
safeguards. If you believe your Personal Data has been compromised, please contact us as set forth in the “Contact Us” section.
Our security management standards are in compliance with ISO 27001:2013 and ISO 27701:2019
which is a widely recognized international security management standard that specifies security management best practices and comprehensive security controls, by way of which we also meet the
requirements of reasonable security practices under the Information Technology Act, 2008. Our compliance with ISO 27001 demonstrates our commitment to information security at every level.
If we learn of a security systems breach, we will inform you of the occurrence of the breach in
accordance with applicable law.
1.7 Consequences of Not Providing Your Data
You are not obligated to provide your personal information to ChainSys, however, as this information is required for us to provide you with our services, we will not be able to offer some/all our services without it.
1.8 Legitimate Interests
As noted in the ‘How We Use Your Personal Data’ section of this notice, we occasionally process your personal information under the legitimate interests’ legal basis. Where this is the case, we have carried out a thorough Legitimate Interests’ Assessment (LIA) to ensure that we have weighed your interests and any risk posed to you against our own interests; ensuring that they are proportionate and
appropriate.
We use the legitimate interests’ legal basis for processing direct marketing emailers / phone calls and
have identified that our interests are to provide you with high quality, best in industry, performance
support system to ease and improve user onboarding, support and training.
1.9 Cookie Notice
A ‘cookie’ is a small piece of data sent from a website and stored on the user’s computer by the user’s
web browser while the user is browsing. When you visit a site that uses cookies for the first time, a cookie is downloaded onto your computer/mobile device so that the next time you visit that site, your device will remember useful information such as visited pages or logging in options.
Cookies are widely used in order to make websites work, or to work more efficiently, and our site relies
on cookies to optimize user experience and for features and services to function properly.
We use automatically collected information and other information collected through our website through cookies and similar technologies to: (i) personalize our service, such as remembering your information so that you will not have to re-enter it during a visit or on subsequent visits; (ii) provide customized advertisements, content, and information; (iii) monitor and analyze the effectiveness of
Service and third-party marketing activities; (iv) monitor aggregate site usage metrics such as total
number of visitors and pages viewed; and (v) track your entries, submissions, and status in any
promotions or other activities on the Service.
These cookies do not collect personal information about you. A persistent cookie remains on your hard drive after you close your browser so that it can be used by your browser on subsequent visits to the Service. Persistent cookies can be removed by following your web browser’s directions. A session cookie is temporary and disappears after you close your browser. You can reset your web browser to refuse all cookies or to indicate when a cookie is being sent. However, some features of the Service may not function properly if the ability to accept cookies is disabled.
Most web browsers allow some control to restrict or block cookies through the browser settings,
however if you disable cookies you may find this affects your ability to use certain parts of our website or services.
1.10 Minors and Children’s Privacy
Protecting the privacy of young children is especially important. Our Service is not directed to children under the age of 16, and we do not knowingly collect Personal Data from children under the age of 16 without obtaining parental consent. If you are under 16 years of age, then please do not use or access
the Service at any time or in any manner. If we learn that Personal Data has been collected on the
Service from persons under 16 years of age and without verifiable parental consent, then we will take the appropriate steps to delete this information. If you are a parent or guardian and discover that your child under 16 years of age has obtained an Account on the Service, then you may alert us at infosec@chainsys.com and request that we delete that child’s Personal Data from our systems.
1.11 How Long We Keep Your Data
ChainSys only ever retains personal information for as long as is necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law (such as tax, accounting, or other legal requirements) and we have strict review and retention policies in place to meet these obligations. Where you have consented to us using your details for direct marketing, we
will keep such data until you notify us otherwise and/or withdraw your consent.
1.12 Marketing
CONSENT
Occasionally, ChainSys would like to contact you with the marketing materials / offers relating to our services that we provide. If you consent to us using your contact details for this purpose, you have the right to modify or withdraw your consent at any time by using the opt-out/unsubscribe options or by
contacting ChainSys directly.
If you consent to us contacting you with the above-mentioned marketing and offers, please tick to say how you would like to be contacted:
LEGITIMATE INTERESTS
ChainSys will occasionally send you marketing material / offers related to our services by email and tele-conversation that have been identified as being beneficial to our customers and in our interests. Such information will be relevant to you as a customer and is non-intrusive and you will always have
the option to opt-out/unsubscribe at any time. Personally identifiable information collected / stored under this legitimate interests’ basis is protected by the same security measures listed in the ‘Safeguarding Measures’ section above.
If you would prefer not to receive above-mentioned marketing and offers, please tick below:
1.13 How to Contact Us
ChainSys only processes your personal information in compliance with this privacy notice and in accordance with the relevant data protection laws. If, however you wish to raise a complaint regarding the processing of your personal data or are unsatisfied with how we have handled your information,
you have the right to lodge a complaint with our CISO/ Data Protection Officer (DPO) at
infosec@chainsys.com.
1.14 Consent (Physical Hard Copy)
ChainSys takes your privacy seriously and will only process your personal data with your consent and in accordance with the terms stated in our Privacy Notice. If you consent to us collecting and processing your personal data, please sign below:
I __________________, (PII Principal’s name) confirm that I have been provided with a copy of
ChainSys’s Privacy Notice & Terms & Conditions prior to giving consent.
Signature __________________________
Name __________________________
Time __________________________
Date __________________________
ChainSys takes your privacy seriously and will only process your personal data with your consent and in accordance with the terms stated in our Privacy Notice. If you consent to us collecting and processing your personal data, please tick the check-box below:
ChainSys has appointed CISO, Balaji Srinivasan as the Chief Privacy Officer/Grievance Officer/ Data Protection Officer. He/She can be reached at Mail:Balaji.srinivasan@chainsys.com. If there is a breach/incident found related to data privacy, an email can be shared to the CISO/ Chief Privacy Officer/Grievance Officer/ DPO in the above set email id. The timeline to attend to resolving minor incidents (incidents which do not cause no/very negligible damage) would be next 24 hours. With
respect to other major/critical incidents – first level would be attended to in the next 24 hours and subsequently would be resolved within a maximum timeline of 72 hours depending on the gravity of the issue.
The two terms are used interchangeably, and there is no universally defined difference. However, some definitions suggest a Privacy Notice is the content presented at the time personal data is obtained (pop-up, on-screen, paper form etc.); whereas the Privacy Policy is a constant poster, website page, link that is always available for visitors/individual to read – both having the same content.
A privacy notice shall be provided to ALL individuals when ChainSys processes their personal data, but the context/content of the notice will vary depending on the legal basis the processing happens. If consent is being used as a lawful basis for processing, the consent section must be kept at the end of the form for each data subject, with an unticked, opt-in box or affirmative action mechanism for each processing activity.
When sending marketing materials to customers, the option to use consent or legitimate interests is available. Legitimate interests for marketing can be used only if ChainSys has assessed that the information being sent is relative and beneficial to the customer, that their interests have been weighed against ChainSys interests, there is little to no risk posed, the method & content is non-intrusive, and the material being sent is something a customer would usually expect to receive.
A double-opt in method can also be used whereby the data subject consents via tick box, then has to follow an email link to make sure that it is the correct person consenting – this double opt-in can also serve as evidence of the consent and must be retained.
