Last updated October 30, 2019
Privacy is a fundamental right, and at Ketto and its group companies, it is treated as such. This document sets forth our current policy in this regard.
Our business is founded on the principle that people matter. Respect for people is the foundation of our business. Respect for people includes respecting their right to privacy.
We are engaged in the business of using innovative ways to bring health to all in India. Our website seeks to bring cases of those in need of healthcare and other essential services to the attention of those in a position to make a difference and the opportunity to do so. The users of our website are those in need and those seeking to help.
In the conduct of our business, we collect and process personal data of our users and visitors. Personal data is collected in the course of transacting on the website. Personal data is also collected by Ketto and its affiliates outside of website through in-person meetings, participation in conferences and other business forums, transaction or promotion of business, and with respect to job applicants, through job application materials and interviews. Personal data is also collected through social media; from solicited and unsolicited communications; responses to promotional and other materials, among others. If your personal data is available with us, more likely than not, it has been shared by you with us.
Data collection technologies built into our websites, telecommunication systems, digital advertising, social media, etc. are additional sources of personal data collection. In addition to personal data that a user voluntarily furnishes, these electronic systems also collect personal data without the knowledge of the user, including user’s preferences, frequency of access, IP addresses, type of browser, communication device or operating systems used, and geographic location, etc.
Separately, we also collect and process personal data of our employees and independent contractors at the time of, in the course of and following their retention.
We acquire, maintain and process personal data where it is necessary for the pursuit of legitimate business interests, balancing this interest against the data subject’s interests and fundamental rights. Legitimate interests include establishing and maintaining relationships, servicing their anticipated and actual needs, and for administrative purposes. Towards that end, we may use various contact management, analytics and processing software and other tools and techniques, including marketing by use of electronic means.
We may share personal data with entities that provide services to us, including companies that provide web analytics, advertising, email distribution and other services. The use of personal data by such companies is limited to the purpose of rendering the contracted services.
We may share personal data with one or more of our group companies for performance of business functions and for internal analytics. Some of our group companies or service providers may be located in jurisdictions that are outside of the jurisdiction of the personal data subject, or in jurisdictions that offer a lower level of privacy or data protection. In such circumstances, we have put in place appropriate safeguards in accordance with applicable law and in line with this policy.
We may also process personal data where it is necessary for entering into or performing under a contract. Finally, in certain circumstances, we may process personal data on the basis of consent of the data subject for specific purposes.
We may also use or disclose personal data if we are required by law to do so or if we reasonably believe that use or disclosure is necessary to protect our rights and/or to comply with judicial or regulatory proceedings, a court order or other legal process. We do not otherwise disclose or sell to any third party any personal data that we collect or which comes into our possession without the consent of the data subject. The only exception to the foregoing is where any part of our business is sold to a third party, in which case the acquiror of the business will likely also acquire personal data in our possession or control.
You have the right to object to your personal data being used for direct marketing by us. You may opt out by adjusting your communication preferences by logging into your profile and turning off the communication or by writing to [firstname.lastname@example.org]. You also have the right to unsubscribe from electronic communications by utilizing the unsubscribe feature contained in our emails. Note that the unsubscribe feature contained in an email may unsubscribe you from only certain (but not all) kinds of electronic or non-electronic communications originating from us.
As noted above, we process personal data with the consent of the data subject, to enter into or perform under a contract between us and the data subject or a business represented by the data subject, to comply with legal obligations, or where we have a legitimate interest to do so.
Further, as noted above, subject to the exceptions permitted by law, a data subject has the right to access her or his information, rectify or update such information, erase such information (subject to our need to retain certain information for legal or other purposes), receive a copy of the data subject’s information, and to object to or restrict the processing of such subject’s personal data. The data subject may do so by writing to us at [email@example.com].
Unaffiliated third parties, such as Google, Facebook, Twitter, etc. are providers of avenues, content, functionality and services for our web and social media sites. We do not control what and how these and other third parties collect personal data or how they use it. We do know, however, that in addition to using sophisticated technologies such as cookies and web beacons on web and social media sites, including sites such as ours, third parties routinely employ new and innovative tools, techniques and practices to collect, receive, process, buy and sell personal information over extended durations, build sophisticated user profiles and commercially exploit it. We do not control and are not responsible for the privacy and business practices of these third parties. Note here that certain of their activities can potentially be managed by users themselves, as for instance, through Internet browser and handheld app controls.
We do not knowingly collect or store personal data of children unless permitted by law or provided to us under a contract where a child is a beneficiary of a campaign. If we learn that we have collected personally identifiable information from a child without lawful authorization, we will delete that information from our database.
We use physical, technical and administrative measures to protect personal data against loss, theft and unauthorized use, disclosure or modification. We strive to protect the information we maintain; however, we cannot ensure or warrant the security of any information that is transmitted to or held by us because data transmission and storage is neither error-free nor completely secure.
We retain personal data for as long as necessary to fulfil the purposes for which it was collected and processed, including for the purposes of satisfying any contractual, legal, regulatory, accounting or reporting obligations.