At InSync Tech-Fin Solutions Ltd., (“InSync”, “Company”, “Corporation”, “Us” or “We”), we respect and protect the privacy of visitors to our website, https://insync.co.in/ and the other websites under InSync (collectively, the “Sites”), and our customers who use our application integration platform, tools, mobile applications and related services (together with the Sites, the “Service/s”). This Privacy Notice(“Notice”) explains how we collect, use, disclose, and protect visitors’ and customers’ (“Users”) information as part of the Service. Any discussion of your use of the Service in this Notice is meant to include your visits and other interactions with the Sites and Services, whether or not you are a user of InSync ’s application integration platform.

DEFINITIONS

GDPR KEY DEFINITIONS:

REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of NATURAL PERSONS with regard to the processing of PERSONAL DATA and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), hereinafter referred to as “GDPR”.

1. Consent

CONSENT means a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the website user’s agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement.

2. Data Controller

A DATA CONTROLLER is a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data for which and the manner in which any personal data are, or are to be, processed.

3. Data Processor

DATA PROCESSOR is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

4. General Data Protection Regulation (GDPR)

Predominant objective of this protection is as follows:

• The processing of personal data should be designed to serve mankind.
• Natural persons should have control of their own personal data;
• The right to the protection of personal data is not an absolute right; it must be considered in relation to its function in society and be balanced against other fundamental rights, in accordance with the principle of proportionality.

5. Legitimate Interest

   Processing shall be lawful only if and to the extent that at least one of the following applies:

• the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
• processing is necessary for the performance of a contract to which the legal/ natural person, whose data has been collected (data subject), is a party, or; in order to take steps at the request of the data subject prior to entering into a contract;
• processing is necessary for compliance with a legal obligation to which the controller is subject;
• processing is necessary in order to protect the vital interests of the data subject or of another natural person;
• processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
• processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third-party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.

6. Online Identifier

Natural persons may be associated with online identifiers provided by their devices, applications, tools and protocols, such as internet protocol addresses, cookie identifiers or other identifiers such as radio frequency identification tags. This may leave traces which, in particular when combined with unique identifiers and other information received by the servers, may be used to create profiles of the natural persons and identify them.

7. Personal Data

Personal data means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

OTHER DEFINITIONS

8. InSync

For the purposes of this Notice and all matters incidental here from and ancillary hereto, “InSync ” shall mean  InSync Tech-Fin Solutions Ltd., having its physical address at DLF Galleria, DGK – 912, Action Area 1B, New Town, Kolkata, West Bengal 700156,  and shall include all its successors, acquirers, wholly owned subsidiaries, administrators and executors etc.

9. Licensee

Licensee means a legal / natural person including but not limited to an end customer, or a prospect obtaining trial version of INSYNC product or services, or partners; to whom any license has been granted specifically by  INSYNC , to use  INSYNC  product, services, or Intellectual Properties, or any part thereof, with or without any consideration; for whatsoever purposes. Hereinafter referred to as the “Licensee” and shall include but not limited to all its acquirers, successors, administrators and executors.

10. Partner

Means partner of INSYNC for different purposes like development of new connectors or adapters for INSYNC  SaaS product  InSync , implementation Partners, referral and reseller partners having different kind of limited right licenses specifically granted for specific purposes to use of  INSYNC  product, services, Intellectual Properties. Partners are independent contractors and shall not be construed as an agent, or employee or a JV partner unless such relationship has been explicitly, and publicly defined to be of such nature and listed on INSYNC website.

11. Person

• Artificial/ Juristic/ Legal Person:
  An entity such as a corporation, created by law and given certain legal rights and duties of a human being; a being real or imaginary, who for the purpose of legal reasoning is treated more or less as a human being, but is not a citizen.
• Natural Person:
  A human being.

12. Service Data

Service Data is any and all electronic data, text, media, messages or other materials, including Personal Data pertaining to Natural Persons, that is collected by any third-party being the Data Controller and submitted to the InSync  platform, to avail or in the course of availing the  InSync  iPaaS solution and the services related to it. In other words, Service Data is data obtained by INSYNC , as a Data Processor, from any third-party and  InSync  does not have any control over what, why, and how it is being collected or used.

13. Websites

Shall mean all websites as they may exist from time to time, of INSYNC including but not limited to https://insync.co.in/.  

___________________________________________________

WHAT IS THE SCOPE OF THIS PRIVACY Notice?

1. This Notice is applicable to whosoever visits any of InSync  websites and any Licensee of  InSync  being a free trial customer, end customer or a partner.
2. However, specific legally enforceable rights under the applicable data protection and privacy legislations across jurisdictions, such as GDPR, CCPA, PIPEDA and many more, can only be exercised by the citizens/residents subject to those respective legislations.
3. GDPR specific rights can be enforced only for PERSONAL DATA collected of NATURAL PERSONS* (not a company, partnership or any other kind of Legal Entity)
4. This Notice is applicable for all InSync Products, Services and its associated brands like  InSync , which has been linked to this Privacy Notice or otherwise does not provide for any specific Privacy Notice thereof.
5. This Notice shall be legally binding on you and on InSync , on different activities on our websites including but not limited to browsing through our websites, on obtaining different services whether paid or free, raising queries, consultations for whatsoever purposes, as a click-wrap contract between you and  INSYNC .

___________________________________________________

HOW DO WE COLLECT INFORMATION?

When you visit our Websites, Browser Applications etc.; or participate in our events, blogs, contribution pages, social networking pages, surveys;  INSYNC  may collect information, which may include your Personal Data. For the purposes of General Data Protection Regulation (GDPR),  INSYNC  is the controller for personal data collected through  INSYNC  owned systems and not for data collected on a platform owned by any third-party.

Different means through which we may collect your personal data for the following legitimate business purposes:

1. Enquiry

When you enquire about any Product or Service(s) or Partnership we may collect your (i) contact information such as name, e-mail address, mailing address, IP address, geographic location, or phone number, software environment etc. or any combination of such information.

Subject to this Notice and the Terms, we will use such data, including without limitation, (i) send you communication for the Service(s); (ii) assess needs of your business to determine or suggest suitable Service(s); (iii) send you requested information about the Service(s); (iv) respond to customer service requests, questions and concerns.

2. Sign-up, Billing and Account information.

When you subscribe and sign-up to any of our Products/ Service(s)/ Trials, we may collect your (i) contact information such as name, e-mail address, mailing address, IP address, geographic location, or phone number, of the Account admin; (ii) billing information, such as credit card number and billing address; (iii) name and email address when Account admin/Agent(s) provide feedback from within the Service(s); and (iv) unique identifiers, such as username, account number or password.

Subject to this Notice and the Terms, we will use such data, including without limitation, to (i) grant software license and other Service(s); (ii) send you communication from the Service(s); (iii) assess needs of your business to determine or suggest suitable Service(s); (iv) send you requested information about the Service(s); (v) respond to customer service requests, questions and concerns; (vi) administer your Account; (vii) send you promotional and marketing communications (where you have requested us to do so).

3. Support Interactions

When a customer/ Prospect interacts with an INSYNC support professional, we collect Device/ System and Usage data or error reports to diagnose and resolve problems.

When a customer receives communications from INSYNC, we use data to personalize the content of the communication.

When a customer engages with  INSYNC  for professional services, we collect the name and contact data of the customer’s designated point of contact and use information provided by the customer to perform the services that the customer has requested and preserve all telephonic and written conversations for future reference, and such data, calls, chats or e-mails may be used for training and development purposes for  INSYNC  professionals.

4. When you attend an event conducted by us, including webinars or seminars, we may collect your contact information such as name, e-mail address, designation and company name.

 Subject to this Notice, we will use such data, including without limitation, to (i) assess needs of your business to determine or suggest suitable Service(s); (ii) send you requested information about the Service(s); (iii) send you promotional and marketing communications (where you have requested us to do so); and (iv) respond to your questions and concerns.

5. Apart from the aforementioned information collected by us, we automatically receive and record certain Personal Data of yours when you visit our websites. This includes the device model, IP address, the type of browser being used, usage pattern through cookies and browser settings, query logs, and product usage logs. We also collect clicks, scrolls, conversions, and drop-offs on our Websites and Service(s) to render user journeys in real-time. Subject to this Notice, we will use such data, including without limitation, to (i) assess the needs of your business to determine or suggest suitable Service(s); (ii) send you requested information about the Service(s); (iii) respond to customer service requests, questions and concerns; and (iv) for analytical purposes.
6. We may post your testimonials/comments/reviews on our websites which may contain your Personal Data. Prior to posting the testimonial, we will obtain your consent to post your name along with the testimonial. If you want your testimonial removed, please contact us at support@insync.co.in anonymously.
7. Marketing communications.

We may use your email address, collected which may fall into the category of Personal Data, to send our newsletters and/or marketing communications about our products and services. Where you have so requested, we will also send you marketing communications about our third-party partners. If you no longer wish to receive these communications, you can opt-out by following the instructions contained in the emails you receive or by contacting us at support@insync.co.in

8. Job Portal/ Partnership Forms

We may use and store your personal data required for the selection of your candidature for any job opening at our organization and may use the same to contact you for such purposes only as it will be specified at the time of filling up any candidature form.

___________________________________________________

DO WE COLLECT CHILDREN’S PERSONAL DATA?

 INSYNC does not knowingly collect any Personal Data from children under the age of 16. If you are under the age of 16, please do not submit any Personal Data through our Websites or Service(s). If you have reason to believe that a child under the age of 16 has provided Personal Data to us through our Websites or Service(s), please contact us and we will delete such personal information and terminate the child’s account from our databases.

___________________________________________________

WHAT KIND OF INFORMATION DO WE COLLECT?

1. USE OF COOKIES

When you use the INSYNC  Service we may store some information on your computer. This information will be in the form of a “cookie” or similar file. Cookies are small pieces of information stored on your hard drive, not on the INSYNC  website. We do not use cookies to spy on you or otherwise invade your privacy. They cannot invade your hard drive and steal information. We use cookies to help you navigate the INSYNC  website and Service as easily as possible and to remember information about your current session. These are the Session Cookies and they are removed from your system when you close the web browser or turn off the computer. You must enable cookies on your web browser to use the INSYNC  Service.

Various categories of cookies are used in the INSYNC  website and Service. These are listed below along with the options to manage them.

1. Essential Cookies:

These cookies are essential for the basic functionalities offered by the Service. This class of cookies helps in keeping a user logged in to the Service and remember relevant information when they return to the Service.

2. Insight Cookies:

These are used for tracking the user activities within the Service, which in turn helps us in improving your user experience.

3. Marketing Cookies:

We also use some marketing cookies provided by third parties to collect and analyze various information about the visitors to the INSYNC  website and users of the service. No personal or intrusive information is collected in this process though. You have the choice of accepting or declining the use of cookies through your web browser. For more information on controlling cookie settings in your browser, please refer to the following methods:

• More information on “Incognito” mode and cookie setting in Google Chrome
• More information on “InPrivate” and cookie setting in Microsoft Edge
• More information on “Private Browsing” and cookie setting in Firefox
• More information on “Private Browsing” and cookies setting in Safari

Please note that if you wish to turn off the cookies in your web browser, you might not be able to take advantage of many features of our Service.

Examples of Cookies:

• Google Analytics – Web Analytics Service to track and generate reports on website traffic
• Google AdWords Retargeting (using Global Site Tag) – For tracking and remarketing purpose in Google Ads
• Google AdWords Conversion Tracking – For tracking conversions from Google Ads
• Facebook Pixel – For Facebook Analytics and conversion tracking
• Twitter Conversion Tracking – For tracking Twitter conversions from Twitter Ads
• LinkedIn Insight Tag – For LinkedIn Analytics and generating reports
• LinkedIn Conversion Tracking (Matched Audience) – For tracking LinkedIn Conversions
• Email Marketing Cookie – For tracking and generating reports on Emails

For more details on our use of cookies, read our Cookie Policy.

1. DATA WE PROCESS ON BUSINESSES’ BEHALF: SERVICE DATA

As we have a B2B model, most of our customers are other businesses. We only process Service Data as per our Customer’s instructions. For purposes of the GDPR, we are the processor and not the controller of the Service Data. Service Data, as defined above, means all electronic data, text, messages or other materials, including Personal Data of Natural Persons, submitted to the  InSync  platform by our Customers through Customer’s Account in connection with Customer’s use of the iPaaS solution. Our Customers are the “controllers” of that data and are responsible for compliance with the applicable data protection law. We work with our customers to help them provide notice to their customers concerning the purpose for which Personal Data is processed by INSYNC .

If you are our Customer, then in your role as a controller for the purposes of GDPR, you are authorizing, on behalf of yourself and your authorized agents, End-Users, and representing that you have the authority to provide such authorization to the processing and transfer of Personal Data in and to India and other countries which may have different privacy laws from your or their country of residence. We will take all steps reasonably necessary to ensure that the Service Data is treated securely and in accordance with this Notice.

We do not own, control or direct the use of Service Data, and in fact we are largely unaware of what information is being stored on our platform and only access such information as reasonably necessary to provide the Service(s) (including to respond to support requests), as otherwise authorized by Customers or as required by law. Unless we explicitly agree otherwise in writing, you will not process sensitive personal data (such as health data) on our platform.

As the controller, it shall be your responsibility to inform the End-Users about the processing, and, where required, obtain the necessary consent or authorization for any Personal Data that is collected as part of the Service Data through your use of the Service(s). As the processors of Personal Data on behalf of our customers, we follow the Customer’s instructions with respect to the Service Data to the extent consistent with the functionality of our Service(s). In doing so, we implement technical, physical, and administrative measures against unauthorized processing of such information and against loss, destruction of, or damage to, Personal Data.

1. DATA COLLECTED FOR EXECUTION OF ENFORCEABLE CONTRACTS/ GRANT OF SOFTWARE LICENSE AND OTHER LICENSE OF INSYNC INTELLECTUAL PROPERTIES

You authorize InSync  and its service providers to perform analytics on such collected data, to (i) improve, enhance, support and operate the Websites; and (ii) compile statistical reports and record insights into usage patterns.

We collect data of the end users and Partners of our products and/ or services, you being a member of a legal entity for the specific purpose of entering into legally enforceable contracts and associated enterprise data to provide a comprehensive, smooth user experience and such data does not fall into the domain of Personal Data.

1. AGGREGATED PERSONAL DATA

In an ongoing effort to better understand and serve the users of the InSync  Services,  InSync  often conducts research on its customer demographics, interests and behavior based on the Personal Data and other information provided to us. This research may be compiled and analyzed on an aggregate basis, and InSync  may share this aggregate data with its affiliates, agents and business partners. This aggregate information does not identify you personally.  InSync  may also disclose aggregated user statistics in order to describe our services to current and prospective business partners, and to other third parties for other lawful purposes.

1. THIRD PARTY INTEGRATION

Our Service allows you to integrate and create commands for various online third-party services (“Third-Party Services”). In order to take advantage of this feature, you may need to authenticate, register for or log into Third-Party Services through the Service or on the websites of their respective providers. When you enable linking between or log in to Third-Party Services through the Service, we will collect relevant information necessary to enable the Service to access that Third-Party Service and your data and content contained within that Third-Party Service (“Login Credentials”). We store your Login Credentials long enough to enable linking to the Third-Party Service.

When you enable the Service to link content and data between Third-Party Services, the Third-Party Services will provide us with access to certain information that you may have provided to the Third-Party Services, and we will use, store and disclose such information in accordance with this Privacy Notice and the instructions that you give us while exercising your rights under this Notice and relevant data protection and privacy laws, to govern the linking. In addition, you can use the Service to share content and Personal Data amongst the Third-Party Services you integrate with the Service. Please remember that the manner in which Third-Party Services use, store and disclose your information is governed by the policies of such Third-Party Services, and InSync  shall have no liability or responsibility for the privacy practices or other actions of any Third-Party Services that may be enabled within the Service.

We may retain certain personally non-identifiable information related to the data or content linked between Third-Party Services (for example, date sent, link configuration, names of the Third-Party Services), for the purpose of improving our Services and as described above in the “Aggregated Personal Data” section.

___________________________________________________

HOW DO WE USE YOUR PERSONAL DATA AND OTHER INFORMATION

 InSync will not sell or rent to any third party any of the personal information or data that you provide to us.  InSync  uses the Personal Data you provide in a manner that is consistent with this Privacy Notice. If you pro. e Personal Data for a certain purpose, we may use the Personal Data in connection with the purpose for which it was provided. For instance, if you contact us by email, we will use the Personal Data you provide to answer your question or resolve your problem. Also, if you provide Personal Data in order to obtain access to the InSync  Services, we will use your Personal Data to provide you with access to such services and to monitor your use of such services.  InSync and its subsidiaries and affiliates (the ” InSync  Related Companies”) may also use your Personal Data and other personally non-identifiable information collected through the Services to help us improve the content and functionality of the Services, to better understand our users and to improve the  InSync  Services.  InSync and its affiliates may use this information to contact you in the future to tell you about services we believe will be of interest to you. If we do so, each communication we send you will contain instructions permitting you to “opt-out” of receiving future communications. In addition, if at any time you wish not to receive any future communications or you wish to have your name deleted from our mailing lists, please contact us as indicated in the “GRIEVANCES” section of this Notice.

___________________________________________________

WHEN MAY WE DISCLOSE YOUR PERSONAL DATA AND OTHER INFORMATION?

 InSync is not in the business of selling your information. We consider this information to be a vital part of our relationship with you. There are, however, certain circumstances in which we may share your Personal Data with certain third parties without further notice to you, as set forth below:

Business Transfers: As we develop our business, we might sell or buy businesses or assets. In the event of a corporate sale, merger, reorganization, dissolution or similar event, Personal Data may be part of the transferred assets.

Legal Requirements:  InSync may disclose your Personal Data if required to do so by law or in the good faith belief that such action is necessary to 

1. comply with a legal obligation;
2. protect and defend the rights or property of InSync ;
3. act in urgent circumstances to protect the personal safety of users of the Services or the public; or 
4. protect against legal liability.

___________________________________________________

WHAT IS OUR LEGAL BASIS FOR PROCESSING PERSONAL DATA?

If you are a visitor from the European Economic Area, our legal basis for collecting and using the Personal Data described above will depend on the Personal Data concerned and the specific context in which we collect it.

However, we will normally collect Personal Data from you only where we need the Personal Data to perform a contract with you, or where the processing is in our legitimate interests or rely upon your consent where we are legally required to do so and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect Personal Data from you or may otherwise need the Personal Data to protect your vital interests or those of another person.

If we ask you to provide Personal Data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Data is mandatory or not (as well as of the possible consequences if you do not provide your Personal Data).

Similarly, if we collect and use your Personal Data in reliance on our legitimate interests (or those of any third-party), we will make clear to you at the relevant time what those legitimate interests are.

If you have questions about or need further information concerning the legal basis on which we collect and use your personal data, please email us at legal@insync.co.in.

 ___________________________________________________

HOW DO WE STORE AND SECURE YOUR PERSONAL DATA AND OTHER INFORMATION?

The INSYNC  website and Service has industry standard security measures in place to protect the loss, misuse, and alteration of the information under our control. While there is no such thing as “perfect security” on the Internet, we will take all reasonable steps to ensure the safety of your information. Additionally, you retain all rights of ownership to the data you have stored on the INSYNC  Service. We will not sell or share this data with any third parties or use this data to compete with you or advertise to your clients. Your privacy and the privacy of your clients are of utmost importance to us. Some general measures that we have taken for the security of your personal data are as follows:

• Industry Standard 2048- bit SSL V3 certificate for our product website InSync ;
• Two-factor authentication when you log in to our product portal.
• Code- Signing Certificate
• AES – 256 is used to encrypt data at Rest.
• Storage is secure by role-based access control
• Client-side encryption over HTTPS or SMB 3.0.
• Review our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems.
• Restricted access to personal information to INSYNC agents/ employees/ partners/ contractors strictly based on the requirement to share your personal data in order to process and complete any transaction, contract, obligations, services while collecting such data; and all  INSYNC  agents/ employees/ partners/ contractors are subject to strict confidentiality obligations. They may be disciplined, or their contract terminated if they fail to meet these obligations.
• Obtain your specific consent to share your personal data in a different country other than India and your own economic zone for the specific purpose of performance of the contract, as it may require from time to time.

___________________________________________________

HOW LONG DO WE RETAIN YOUR DATA?

We will retain your information for as long as your account is active or as needed to provide you services, and additionally, 3 months upon the suspension/expiration of your subscription. However, we may retain and use your information as necessary to comply with our legal obligations, resolve disputes, use in legal claims, and enforce our agreements.

___________________________________________________

CROSS-BORDER DATA TRANSFER AND PROTECTION

• Where personal data is transferred to countries or international organizations outside the European Economic Area (EEA), Insync Tech-Fin Solutions will ensure that such transfers comply with the General Data Protection Regulation (GDPR). Transfers may occur to countries deemed by the European Commission to provide an adequate level of data protection under Article 45(3) of the GDPR.
  
  
• • Where a transfer is made to a country without an adequacy decision, we will ensure that appropriate safeguards are implemented, as required under Article 46 of the GDPR. These safeguards include:
    • Standard Contractual Clauses (SCCs): We use GDPR-approved standard contractual clauses that ensure your data is protected to the same standards as within the EEA.
    • Binding Corporate Rules (BCRs): For intra-group transfers, we may rely on Binding Corporate Rules approved in accordance with Article 47 of the GDPR, ensuring a high level of data protection within our corporate group.
    • Legally Binding and Enforceable Instruments: Where applicable, legally binding and enforceable instruments will be established with recipients in third countries.
    • Approved Codes of Conduct and Certification Mechanisms: Data transfers may also occur under GDPR-approved codes of conduct (Article 40) or certification mechanisms (Article 42), along with binding commitments from third-country processors to apply GDPR-level safeguards.
      
      
  • Insync Tech-Fin Solutions will further ensure:
    • Data Minimization and Security: We follow the principles of data minimization (Article 5) and implement appropriate technical and organizational measures to secure personal data during transfer, in accordance with Article 32 of the GDPR (security of processing).
    • Non-Disclosure Agreements (NDAs): All parties involved in data handling, both within and outside the EEA, are required to sign non-disclosure agreements to maintain confidentiality and prevent unauthorized access.
      
      
  • In accordance with Articles 12–23 of the GDPR, you retain rights in relation to your personal data, regardless of its location. For detailed information on your rights, please refer to the “WHAT RIGHTS DO YOU HAVE?” clause in our Privacy Policy.
    
    
  • We ensure that enforceable rights and effective legal remedies are available for data subjects. You have the right to lodge a complaint with a supervisory authority in the EEA, particularly in the Member State of your habitual residence, place of work, or place of the alleged infringement (Article 77). For further assistance, you may contact our Data Protection Officer at legal@insync.co.in.
    
    
  • Insync Tech-Fin Solutions regularly reviews and updates its data transfer procedures to ensure ongoing compliance with the GDPR and other relevant data protection regulations.
    
    

___________________________________________________

WHAT RIGHTS DO YOU HAVE?

The following rights correspond to the rights conferred upon data subjects, our visitors and licensees under the GDPR, PIPEDA, CCPA and various other data protection legislations across the world. If you are aware of any other right conferred upon you by your national/territorial legislations, with respect to us processing your data, and you do not see that here, kindly let us know by writing to us on legal@insync.co.in.

Should you wish to exercise any of these rights herein, you may fill the Data Subject Access Request (DSAR) form. Please note this section and the rights mentioned herein, only applies to the personal data and personally identifiable data of natural persons.

1. RIGHT TO ACCESS PERSONAL DATA

If you are a Customer / Partner/ an interested party, providing your personal data to  INSYNC  through its Website, applications or social media connects, blogs, corporate events, etc.; such data being collected for specific purposes mentioned hereunder; you have the right to have access to your personal data provided to  INSYNC . Specifically you can make a request the following information about your personal data:

• A copy of your personal data stored in our systems
• The purpose for which we have stored and processed or continue to process your personal data
• The categories of data that we are processing
• The third parties (our subsidiaries, affiliates, partners etc.) who may receive your personal data
• The categories of your personal data that is shared with the aforementioned third-parties

You can request the above-mentioned information regarding any collection/processing of your personal data, done by us in the past 12 months through the Data Subject Access Request Form.

2. RIGHT TO RECTIFY

Further, if you feel that any of the personal data stored with us is not accurate, you may raise a request to rectify such personal data, subject to verification of the such rectified data; other clauses of this Notice; without affecting the continuity of INSYNC ’s business.

3. RIGHT OF ERASURE/ OF DELETION/ TO BE FORGOTTEN

You have the right to contact us for deletion of your personal data, subject to other clauses of this Notice; without affecting continuity of INSYNC ’s business.

Thus, deleting the User does not delete business-specific organization-owned data created and contributed to; by the User including without limitation, knowledgebase articles, notes, forum topics/comments, support calls, surveys, canned responses, ticket templates, contacts, companies, tags, conversations in the tickets, comments or details provided on any third-party platform such as social media etc.

Notwithstanding the foregoing, we will retain Service Data that may include your personal data as necessary to comply with our legal obligations, for litigation/defense purposes, maintain accurate financial and other records, resolve disputes, and enforce our agreements.

4. RIGHT TO RESTRICT PROCESSING

You might want us to stop the processing of your personal data by us without erasing this data altogether, in the following cases:

• You think your personal data in our records is not accurate and want us to restrict the processing until we verify the accuracy;
• When the processing is unlawful, but you oppose the deletion of your personal data;
• We no longer need to process your data, but you require its storage to establish, exercise or defend any legal claim;
• You exercise your right to object to the processing of your personal data and we are yet to establish if our legitimate grounds for processing override your rights.

5. RIGHT TO OBJECT

If you feel our processing of your personal data is a mistake, you have the right to object to the same, upon which we shall verify whether our processing activity is aligned with the purposes and manner established under this Notice as well as applicable data protection and privacy laws.

When this objection is with respect to the use of your personal data for direct marketing purposes, your objection is absolute, and we shall delete all your personal data which is used for the purposes of direct marketing.

However, in all other matters, we may resume the use and processing of your data once we establish our legitimate interest in doing so.

6. SHARING PERSONAL DATA

You have full control over your personal data provided to InSync  through various means. We share your personal data with your consent or as necessary to complete any transaction or provide any product/ services you have requested or authorized. We also share data with InSync  Partners; with vendors working on our behalf with your consent; when required by law or to respond to legal process; to protect our customers; to protect lives; to maintain the security of our products; and to protect the rights or property of  InSync  and its brand.

In the event  InSync  goes through a business transition, such as a merger or acquisition by another company; or sale of all or a portion of its assets, the Customer’s Account, all collected data, and Service Data that may include your personal data; will likely be among the assets transferred. A prominent notice will be displayed on our websites to inform you of any such change in ownership or control, and Customers will be notified via an email from support@insync.co.in.

7. RIGHT OF PORTABILITY

You have the right to request a copy of your personal data stored on our records, in a usable electronic form. Should you wish to transmit your personal data stored with us, to another entity, you may request us to do so. However, we do not make any warranties regarding the accuracy, seamlessness and efficiency of this transmission or the storage and processing of your personal data by such other entities.

8. RIGHT TO APPEAL*

In case your grievances are not resolved within the stipulated time-frame under this Notice or such extended time-frame, as is intimated to you or you do not receive any intimation regarding the extension, you have the right to appeal to the High Court in Kolkata, India. If you are a citizen of EU or EEA, then you have the right to appeal to the Data Protection Authority (DPA) in your local jurisdiction.

* This right is only available to the citizens of India and EU.

___________________________________________________

AMENDMENTS TO THIS NOTICE

Amendments to this Notice will be directly updated on this page and will be effective as may be notified. If we make any material changes, we will notify you by means of a notice on this Website 30 days prior to the change becoming effective and if you are our Licensee/ Partner, via e-mail (specified in your Account). Provided we will not be notifying you if we amend the Notice to make additions, deletions or modifications to the list of cookies from time to time to keep the list of cookies current and accurate. You should frequently visit this Notice to check for amendments. Your continued use of our Websites or the Service(s) following the posting of any amendment, modification, or change to this Notice shall constitute your acceptance of the amendments to this Notice. You can choose to discontinue the use of the Websites or Service(s), if you do not accept the terms of this Notice, or any modified version of this Notice.

___________________________________________________

GRIEVANCES

If you face any difficulty in availing any of the data control features, need assistance with filling the DSAR form, have questions regarding this Notice, or have any other related grievances, you may reach to our

Privacy Grievance Officer:

Bikramjit Chatterji
legal@insync.co.in

___________________________________________________