Privacy Policy

Last Updated on Oct 2021

1. Introduction

Your privacy is important to us. Onetab Corporation and its group companies hereinafter referred as ‘Onetab,’ is committed to respect your privacy while using our website. This Onetab Data Privacy Policy (“Policy”) defines the requirements to ensure compliance with the applicable data privacy laws and regulations applicable to Onetab collection, use, and transmission of Personal Data and Sensitive Personal Data for information collected by us about you.

Protecting the privacy rights of data subjects and safeguarding their Personal Data is now being treated as a
basic
right of an individual and a legal requirement in many parts of world. Onetab, being a global organization,
respects
the privacy of data subjects and is committed to complying with the applicable data privacy laws and
legislations
(including but not limited to EU General Data Protection Regulation 2016/679, California Consumer Privacy Act,
The
Privacy Act 1988 (Australia) including the Australian Privacy Principles (APP), Data Protection Act 2018 (UK),
Information Technology Act 2000 read along with the Information Technology (Reasonable Security Practices and
Procedures
and Sensitive Personal Data or Information) Rules, 2011 and Personal Data Protection Act 2012 (Singapore) and
other
applicable privacy laws to the extent that they apply to Onetab data processing and business operations)
(the “Data
Privacy Laws”).

2. Policy Statement

This Policy is designed to explain and set out Onetab procedures and policies when processing Personal
Data and
Sensitive Personal Data (the meaning of which are set out below) by the organization. This Policy defines the
requirements to ensure compliance with the Data Privacy Laws applicable to Onetab collection, use, and
transmission
of Personal Data and Sensitive Personal Data.

3. Google APIs Policy

Onetab.ai use and transfer of information received from Google APIs to any other app will adhere to Google
API Services User Data Policy, including the Limited use requirements.

4. Scope

The scope of this Policy applies to Onetab, its affiliates, business partners, employees, and Third Parties
providing
services to Onetab (together “Onetab”, “we” or “us”). It covers Processing (including but not limited to
collection,
storage, usage, transmission and destruction) of Personal Data and Sensitive Personal Data of Onetab
current and
previous employees, prospective candidates, current, prospective and previous customers, current and previous
partners/vendors, website visitors, sub-contractors and visitors, (together “you”/ “your”) by Onetab during
the course
of its business activities.

The scope of this Policy applies to Onetab, its affiliates, business partners, employees, and Third Parties
providing
services to Onetab (together “Onetab”, “we” or “us”). It covers Processing (including but not limited to
collection,
storage, usage, transmission and destruction) of Personal Data and Sensitive Personal Data of Onetab
current and
previous employees, prospective candidates, current, prospective and previous customers, current and previous
partners/vendors, website visitors, sub-contractors and visitors, (together “you”/ “your”) by Onetab during
the course
of its business activities.Onetab acts as a Data Controller with respect to any Personal Data or Sensitive
Personal
Data it holds about you.Onetab is responsible for ensuring that it uses your Personal Data in compliance
with the Data
Privacy Laws. The relevant entities that may act as the Data Controller are listed in Section 23 of this
Policy.

This Policy sets out the basis on which any Personal Data, Personal Information and Sensitive Personal Data
about you
that you provide to us, that we create, or that we obtain about you from other sources, will be processed by
us.

5. Scope

The meaning of some of the terms in use in the Policy are explained below:

Term

Description

Personal Data

Any information of Data Subject which can reasonably associate or link to an identifiable natural person
or could
include anyone who can be identified, directly or indirectly, in particular by reference to an identifier
such as a
name, an identification number, location data, an online identifier or to one or more factors specific to
the physical,
physiological, economic, cultural or social identity of that natural person.

Personal Information (applicable only to California residents)

Information pertaining to residents of California that identifies, relates to, describes, is reasonably
capable of being
associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or
household, but
does not include information that is lawfully made available from federal, state or local government
records, nor does
it include “deidentifed” or “aggregate customer information” as those terms are defined pursuant to the
CCPA.Onetab
does not collect Personal Information from California residents that are under the age of 16.

Sensitive Personal Data

Defined as any information revealing an identified or identifiable natural per-son’s racial or ethnic
origin, political
opinions, religious or philosophical beliefs, trade-union membership, and the processing of genetic
information,
biometric information for the purpose of uniquely identifying a natural person, data concerning health, or
information
concerning an individual’s sex life or sexual orientation, and data relating to offenses, or criminal
convictions. With
respect to California residents, in addition to the preceding, the term also includes national origin or
ancestry,
sexual orientation, sex (including, gender, gender identity, and gender expression), pregnancy, childbirth
and medical
conditions related to same, age, physical or mental disability, veteran status, genetic information and
citizenship.

Process, Processes, Processed or Processing

Means any operation or set of operations which is performed on Personal Data or Personal Information or
Sensitive
Personal Data or on sets of Personal Data or Personal Information or Sensitive Personal Data, whether or
not by
automated means, such as collection, recording, organisation, structuring, storage, adaptation or
alteration, retrieval,
consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or
combination,
restriction, erasure or destruction.

Consent

Any freely given, specific, informed and unambiguous indication of the Data Subject’s wishes by which the
Processing of
their Personal Data, Personal Information and/or Sensitive Personal Data via a statement or by a clear
affirmative
action, signifies agreement to the processing of their Personal Data, Personal Information and/or
Sensitive Personal
Data.

Data Subject

Relates to a particular natural person (i.e. an identified or identifiable natural person to whom the
Personal Data
relates. In case of a minor/ individual with mental disabilities, the data subject would be represented by
a legal
representative (parent/ guardian). For the purpose of clarity of this Policy, “Data Subject” means
Onetab current and
previous employees, prospective candidates, current, prospective and previous customer personnel, current
and previous
partner/vendor personnel, website visitors, sub-contractors and visitors.Onetab does not collect
Personal Data/
Personal Information and Sensitive Personal Information from Data Subjects that are under the age of 18.
For the purpose
of CCPA, Data Subject shall include California residents.

Data Controller

Means a person or organization who (either alone, or jointly, or in common) determines the purposes for
which and the
manner in which any Personal Data are, or are to be, Processed. For the purposes of this Policy,
references to Data
Controller shall mean references to Onetab and its affiliates, where relevant.

Data Processor

Is a person or organization who Processes the Personal Data on behalf of and under the instruction of the
Data
Controller.

Third Party

In relation to Personal Data or Personal Information or Sensitive Personal Data means any person other
than the Data
Subject, the Data Controller, or any Data Processor or other person authorized to process data for the
Data Controller.

“Sell,” “selling,” “sale,” or “sold,”

Means selling, renting, releasing, disclosing, disseminating, making available, transferring, or
otherwise communicating
orally, in writing, or by electronic or other means, a consumer’s Personal Data or Personal Information by
the business
to another business or a Third Party for monetary or other valuable consideration.

6. How we collect your Personal Data/ Personal Information / Sensitive Personal
Data

We will collect and process the following Personal Data / Personal Information/ Sensitive Personal Data about
you as
follows:

Data Elements / Categories

How we collect your data

Customer Personal Data or Personal Information in Projects

Directly from you while Onetab providing services to you.

Business Partner/Vendor Personal Data or Personal Information

Directly from you while Onetab is receiving services from you.

Prospective Candidates

From Third Parties or other sources (for example via recruitment agencies or Onetab employee referral
but in each case
only as far as legally permissible and only as far as is necessary to fulfil the position in question),
which may also
include public sources such as professional networking platforms or job portals.

Directly from you in case you have directly applied through the website;

Employee Data

Directly from you during the course of your employment;

Visitor information

Directly from you at the time of visiting our premises

Website Data

Directly from you when you voluntarily fill out your information on the website through specific provided
forms to
receive information from us or contact you. The information that you are required to fill in the website
are your
identity information and contact details (e.g. First Name, Last Name, Work Email, Company Name). In
general, you may
browse our website without providing any Personal Data about yourself. In the website, we do not collect
any of your
Sensitive Personal Information

Website Cookies

Refer to our Cookie Policy for information about our website cookies

Marketing Data, Events and Initiatives

Directly from you when you contact (or you have been contacted) or interact with any Onetab
representative, via
Onetab website or events or conferences or workshops or Surveys that you attend, by telephone, email,
online portal or
in person or from professional networking platforms like Linkedin, Tweeter.

Prospective Customers and business partners/ vendors

Other customer/ business partner and vendor referral. Also refer to “website data”, “Marketing Data,
Events and
Initiatives”.

For California residents only and in addition to the preceding, if such Personal Information is collected from
other
electronic sources, over the internet, using a pen and paper, through an algorithm, or through any other
means.

7. Purpose and Lawful basis of Processing

Your Personal Data may be stored and processed by us in the following ways and for the following lawful
purposes:

  • Where you have applied for a role with us, to review and process your job application with us and (only
    where legally
    permissible and where strictly necessary to assess your suitability for the relevant role) to conduct
    background
    screening checks on you (when permitted or required by the applicable law);
  • To carry out activities relating to your employment contract with us (including, but not limited to,
    processing your
    salary, administering benefits, managing and providing training relevant to your role and managing your
    performance);
  • To provide our products and services to you;
  • To comply with any legal and regulatory obligations that we have to discharge;
  • To establish, exercise or defend our legal rights or for the purpose of legal proceedings;
  • Where you are an employee or visitor to our premises, to record and monitor your use of our premises
    and/or information
    technology systems in order to maintain its security and protect them against fraud or unauthorised entry;
  • Use it for our legitimate business interests, such as operating our website, managing the efficient
    management and
    operation of our business, conducting marketing activities designed to improve the products and services
    we offer to
    you, and administering the security of our business (“Legitimate Business Interests”);
    and improve the
    products and
    services we offer to you, and administering the security of
  • Use it to prevent and respond to actual or potential fraud or illegal activities.
  • Internal Research: We may Process Personal Information for internal research for
    technological
    development and
    demonstration.
  • Transactional: We may transfer Personal Information as an asset through a merger,
    acquisition, bankruptcy or other
    transaction in which a Third Party assumes control of the business in whole or in part. In such event, the
    Third Party
    cannot materially alter how it uses or shares the acquired Personal Information subject to certain
    exceptions.

We are entitled to Process your Personal Data, Personal Information or Sensitive Personal Data in these ways
because of
the following reasons:

  1. Performance of Contract:We may process your Personal Data, Personal Information or
    Sensitive Personal Data, where necessary to enter into a
    contract with you or to perform our obligations under a contract with you. E.g processing of personal data
    for
    employment purposes (such as processing your salary, administering benefits) or providing services to our
    customers
    which are necessary to execute the contract. If you do not provide Personal Data for processing under this
    legal basis,
    we may not be able to perform as per the respective contract.
  2. Consent: Where permitted under applicable local laws, we may (but usually do not)
    process your Personal Data, Personal
    Information or Sensitive Personal Data based on your prior consent. In such cases, you have the right to
    withdraw your
    consent at any time by contacting the details below provided in this Privacy Policy. In certain limited
    circumstances,
    even after withdrawal of Data Subject consent, we may be entitled to continue processing your Personal
    Data where we
    have a lawful reason to do so and as communicated to you.
  3. Legitimate Interests: We may process your Personal Data, Personal Information where it
    is necessary for our Legitimate
    Business Interests as a company, including to manage, which are outlined above.
  4. Legal Obligations: We may process your Personal Data, Personal Information where it is
    necessary in order to comply with
    applicable legal and/or regulatory obligations, establish, exercise or defend our legal rights or for the
    purpose of
    legal proceedings and to prevent and respond to actual or potential fraud or illegal activities.
  5. Other “Public Interest” Grounds: We may process your Personal Data, Personal Information
    (or where relevant, your
    Sensitive Personal Data) on other public interest grounds where it is subject to regulatory requirements
    where
    Processing is necessary by us for the performance of a task mandated by governmental authorities,
    regulatory authorities
    or any other law enforcing authorities in the public interest.

8. Purpose and Lawful basis of Processing

We may, where legally permissible, process your Sensitive Personal Data on the following lawful bases:

  • Explicit Consent is obtained from you where required under applicable local laws or in specific
    circumstances, where you
    are physically or legally incapable of giving consent, but the processing is necessary to protect your
    vital interest
    for example, where emergency medical care is needed.
  • Without explicit consent when such Processing is specifically authorised or mandated by applicable local
    Data Privacy
    Laws including but not limited to circumstances where Onetab is permitted to process Sensitive Personal
    Data.

9. Personal Data of Individuals below 18 years

We may process Personal Data or Sensitive Personal Data of any individuals below the age of 18 years only for
travel and
immigration purposes. If we are required to process Personal Data or Sensitive Personal Data of such
individuals, then
we shall do so by taking explicit written consent from their legal guardians. If it comes to your knowledge
that we have
unintentionally collected or received Personal Data or Sensitive Personal Information about an individual
below the age
of 18 years directly from them, then immediately notify Us in the contact details provided in this Policy and
we will
accordingly delete such information.

Note: If you are below the age of 18 years, then we do not want you to provide any of your Personal Data in
our website.

10. How we will be using your Personal Data/ Personal Information for Direct
Marketing

For direct marketing, we will be using your Personal Data/ Personal Information in the following ways (to the
extent in
compliance with applicable local laws).

  1. Manage and maintain our relationship with you, including responding to an inquiry, question or comment
    made by you.
  2. To engage in marketing and business development activities in relation to improve Onetab products and
    services.
  3. Improve the products and services we offer to you, and administering the security of our business.
  4. To conduct analysis and market research to improve this website
  5. Inform you about our service offerings by communicating through email, SMS, phone and any other similar
    communications
    means
  6. Respond to any legal process or as required by law in response to any court order, subpoena or a law
    enforcement agency,
    defending us in case of legal disputes or to take action against any illegal activity and to address any
    potential
    threat to the physical safety of a person.
  7. California residents who provide Personal Information are entitled to request information about
    themselves that we
    shared with Third Parties for their own direct marketing purposes (if applicable), including the
    categories of
    information and the names and addresses of those businesses. We do not currently share the Personal
    Information of
    California residents with Third Parties for their own direct marketing purposes.

11. Events and Initiatives

We organize and participate in events and initiatives. In such cases this Policy applies to participants and
speakers
together with any other supplementary information that is provided in relation with each event. In the event
we appoint
any Third Parties to conduct or organize such events and initiatives, your Personal Data or Personal
Information shall
be shared to such Third Parties under contractual obligations with such Third Parties in compliance with
applicable Data
Privacy Laws. The processing of Personal Data/ Personal Information by such Third Parties shall however be
governed by
the respective parties’ privacy policies and the contractual obligations entered with us.

12. Retention and Disposal of Personal Data or Personal Information

How long we continues to hold your Personal Data/ Personal Information will vary depending principally on:

  • Purposes identified in this Policy for using the Personal Data/ Personal Information/ Sensitive Personal
    Information –
    we will need to keep the information for as long as is necessary for the relevant purpose; and
  • Legal obligations – laws or regulation may set a minimum period for which we will have to keep your
    Personal Data/ Personal Information/ Sensitive Personal Information
  • Disposal of Personal Data/ Personal Information/ Sensitive Personal Information shall be handled with
    utmost care and
    shall be governed in accordance with reasonable data security practices as detailed by its internal
    policies governing
    data disposal.
  • Personal Data/ Personal Information/ Sensitive Personal Data shall only be Processed for the period
    necessary for the
    purposes for which it was originally collected as per the Onetab Retention Policy.

13. Security of Personal Data/ Personal Information/ Sensitive Personal Data

In order to comply with our data security obligations under applicable Data Privacy Laws, we has adopted the
following physical, technical and organizational security measures to ensure the security of your Personal
Data/ Personal Information and Sensitive Personal Data:

  • That includes the prevention of their alteration, damage, loss, unauthorized processing or access, having
    regard to the nature of the data and the risks to which they are exposed by virtue of human action or the
    physical or natural
    environment.
  • We shall comply with the security safeguards as per our contractual and statutory requirements in
    consultation with its internal I.T department.
  • The Office of Data Privacy and Chief Information Security Officer shall assess the security measures
    implemented to safeguard Personal Data, Personal Information and Sensitive Personal Data on a regular
    basis and update the same, where required.
  • All employees and contractors shall be imparted with mandatory Privacy training (e.g., Training on
    Embedding Privacy in Software Development etc.). Further confidentiality agreements and Non-Disclosure
    Agreements shall be signed by all employees and contractors on or before their joining date with Onetab.
  • We have implemented the following safeguards to ensure the data We collects, stores, processes and shares
    is secure:

  • – Physical Security Controls

    1- Facility Perimeter, HD access reader, Data Centre, Video
    surveillance

  • – IT Infrastructure Controls

    – Encryption, DLP, Data masking, controlled Portable ports, Access
    Control, Unauthorized software check, Data destruction, System Hygiene measures, Monitoring, User Access
    Management, Patch Management,
    Vulnerability Management.

  • We have implemented an incident and breach management procedure to ensure that exceptions in data
    privacy compliance are promptly reported to the Office of the Data Privacy.

    Global Data Privacy Officer for Linkites Corporation:

  • – Email

    – Lisajain@linkites.com

    – avani@linkites.com

  • – Address:

    Data Privacy Office:6th Floor Crystal IT Park, Indore ( M.P),India

    Attention: Lisa Jain

    Phone- +919806719331

  • Data Privacy Officer for Linkites Corporation (US) and European Representative:

    Avani Jain – avani@linkites.com

14. CCTV Surveillance

Where and only as far as permitted by applicable local laws, we may monitor the activities of individuals
including
visitors in our common area premises through CCTV footage. Such data shall be kept in accordance with Onetab
Retention
Policy, after considering other statutory compliance requirements.

15. Policy Revisions and Publication

  • This Policy may be revised and updated from time to time.
  • The most recent version of this Policy will be available in this web page.

16. List of Onetab Entities

We might transfer your personal data to our company Onetab Corporation and its subsidiaries.

17 Google Cloud Plateform

  • Easily visible to all users.
  • Under 500 characters.
  • Clearly calls out that the app complies with the Google API Services User Data Policy, including the
    Limited use requirements
  • Contains a link to the Google API Services User Data Policy so that it is easily accessible to all
    users.