Please read this Policy to understand how we will collect, use, and process your personal data and the rights you have in relation to your personal data. This Policy may be amended from time to time. Please visit this page if you want to stay up to date, as we will post any changes in our approach to data privacy here.
By providing your explicit consent and/ or by your provision of information to us, you acknowledge the terms of this Policy and the use and disclosure of your personal data as set out in this Policy.
This Policy applies to our processing of personal data in relation to the provision of any of our products and/or services, including:
‘Personal Data’ is any information which either directly or in combination with other information availed or likely to be availed by an organization, identifies an individual. Examples of Personal Data could include names, email ids, phone numbers etc. Certain types of Personal Data known as ‘Special Categories of Personal Data or Sensitive Personal Data’ include passwords, financial details, official identifiers, medical information etc.
For the purposes of this Policy, Personal Data includes Sensitive Personal Data.
4.1 We generally collect your personal data directly from you when you are one of our customers. When you enter a contract with us, you will be asked to provide personal data. This information is likely to include your name, address, date of birth, email address, phone number, and financial information (this is not an exhaustive list).
4.2 We may also collect personal data from you when you make transactions or otherwise interact with us, for example by contacting our customer service personnel or reporting a problem on our website. The categories and range of personal data we collect, and hold will vary from customer to customer. However, our policy is to collect only the personal data necessary for the provision of services to You.
4.3 Business Contacts and Suppliers.
We collect certain limited personal data about our business contacts, including subcontractors and individuals associated with our suppliers and subcontractors, and service providers (including professional advisors and individuals associated with our service providers). Personal data collected in this context usually includes (but may not exclusively be limited to) name, employer name, contact title, phone, email, and other business contact details.
4.4 Careers and Recruitment
If you apply for a job or work placement you may need to provide information about your education, employment, nationality, and state of health. Your application will constitute your express consent to our use of this information to assess your application and to allow us to carry out both recruitment analytics and any monitoring activities which may be required of us under applicable law as an employer. We may also carry out screening checks (including reference, background, directorship, financial probity, identity, eligibility to work, vocational suitability and criminal record checks) and consider you for other positions. We may disclose your personal data (including diversity and equal opportunities data) to academic institutions, recruiters, screening check providers, health service providers, professional and trade associations, law enforcement agencies, recruitment analytics and diversity research providers, referees, and your current and previous employers. We may also collect your personal data from these parties in some circumstances. Without your personal data we may not be able to progress considering you for positions with us.
4.5 Visitors to our Offices and Facilities
We have security measures in place at our offices and facilities, including CCTV and building access controls. There are signs in our premises showing that CCTV is in operation. The images captured are securely stored and only accessed on a need-to-know basis (e.g., to investigate an incident). CCTV recordings are typically automatically overwritten after a defined period unless an issue is identified that requires investigation (such as a theft). Our visitor records are securely stored and only accessible on a need-to-know basis (e.g., to investigate an incident). In some cases, we require visitors to our offices or facilities to scan biometrics (e.g., thumbprints) at reception or security guard house and keep a record of the same for. Such records are securely stored and only accessible on a need-to-know basis (e.g., to investigate an incident).
4.6 When you use our online services or visit our website, we may collect the following information from you automatically:
PURPOSE AND USE OF PERSONAL DATA: We may use/process your personal data in the following circumstances:
With reference to above stated purposes the following data elements may be collected as applicable:
|During Registration||During KYC||For Billing||For Support|
|Organisation name||Identification proof||Billing address||First name|
|Primary contact first name||Address proof||Country||Last name|
|Primary contact last name||State|
|Primary email||City||Country code|
|Country code||Postal code||Contact no.|
|Primary contact no.||Taxation type|
|Company website||Taxation ID|
|Primary address||Credit limit|
|Postal code||Billing type|
We (and permitted third parties) may contact you for direct marketing purposes via social media, direct messages, post, telephone, email and SMS/MMS.
This marketing may relate to:
For clarity, any telephone calls that you make to us may be recorded for training or security purposes and may be stored and used to verify your instructions to us.
We may share your personal data with the following categories of recipients:
5.1 Regulatory bodies
We may disclose your personal data:
5.2 Service providers
We may disclose your personal data to third party service providers who require access to such information for the purpose of providing specific services to us. These third parties will generally only be able to access your data to provide us with their services and will not be able to use it for their own purposes.
5.3 Professional advisors and Auditors
We may disclose your personal data to professional advisors (such as legal advisors and accountants) or auditors for the purpose of providing professional services to us.
5.4 Change of Ownership
In the event, we sell or buy any business assets, we may disclose your personal data to the prospective seller or buyer of such business or assets. If Yotta or substantially all its assets are acquired by a third party, personal data held by us about our clients will be one of the transferred assets.
We care about protecting your information and put in place appropriate measures that are designed to prevent unauthorized access to, and misuse of, your personal data. These include measures to deal with any suspected data breach.
We do this by having in place a range of appropriate technical and organizational measures, for example, the protection of passwords using industry standard encryption such as AES 256, measures to preserve system security and prevent unauthorized access and back-up systems to prevent accidental or malicious loss of data.
We will not keep your personal data for longer than is necessary for the purposes for which we have collected it, unless we believe that the law or other regulation requires us to retain it. In determining the appropriate retention period for different types of personal data, the amount, nature, and sensitivity of the personal data in question, as well as the potential risk of harm from unauthorized use or disclosure of that personal data, the purposes for which we need to process it.
Once we have determined that we no longer need to hold your personal data, we will delete it from our systems or render it inaccessible/unusable by Yotta or its third parties. with due regard to protection of privacy of the said personal data.
Services provided by Yotta are intended for general public and are not meant for individuals below 18 years of age.
We do not knowingly or intent to gather personal information from children. If you have any concerns, please contact our Privacy Officer / DPO at DPO@yotta.com .
If you wish to access, rectify, or delete your data, please contact our Privacy Officer / DPO at DPO@yotta.com. We will seek to deal with your request without undue delay, and in any event within one month (subject to any extensions to which we are lawfully entitled) of receipt of your request. Please note that we may keep a record of your communications to help us resolve any issues which you raise.
You may also withdraw your consent previously provided by writing to us on DPO@yotta.com. Please note, that should you withdraw your consent, it may hamper our ability to provide services to you and may result in complete cessation of all services to You. Yotta or any of its authorized third parties will not be liable for any losses suffered by You because of the same.
You are advised to check the Policy periodically.
Next Review Date: 10th July 2024
|Version #||Details||Effective Date||Last Review Date||Created by||Approved By|
|1||Initial Document||1st Nov 2019||1st Nov 2021||Lead – Legal & DPO||Head – Legal & GRC|
|1.0||Doc Number Revised||2nd Apr 2021||2nd Apr 2022||Lead – Legal & DPO||Head – Legal & GRC|
|1.1||Transfer of international personal data point added & doc title amended.||28th Oct 2022||16th Jun 2023||Lead – Legal & DPO||Head – Legal & DPO|
|2.0||Added purpose of data collection table under point 4.6||16th Jun 2023||10th Jul 2023||Lead – Legal & DPO||Head – Legal & DPO|
|2.1||Point 8 – Guideline for children added||10th Jul 2023||NA||Lead – Legal & DPO||Head – Legal & DPO|