Privacy Statement

This Privacy Statement applies to personal information collected by Tsaaro in its capacity as a controller. The aim of this Privacy Statement is to inform you on how we collect, use, disclose, and store information or data that may identify you as an individual (“Personal Information”) when you:

  • Interact or use our website, including downloading materials from our resources page or request for contact, register and/or attend any of our LinkedIn events, webinars, or podcasts we organise or attend (collectively “Events”), and
  • Apply for job with Tsaaro. It is important to note that this website is not intended for children under the age of 16 years and we do not knowingly collect data relating to minors.

This Statement explains our policies around:

1. How does Tsaaro protect your personal data?

2. Which categories of personal data do we collect and how do we process such personal data?

3. For what purposes and based on which legal basis do we use your personal data?

4. With whom do we share your personal data with?

5. What about your Sensitive PersonalData?

6. For how long we store your personal information?

7. How do we secure your data?

8. Do we transfer your Personal Data across International Borders?

9. Which rights do you have with respect to the processing of your personal data?

10. Use of Services by Minors

11. Updates to Privacy Statement

12. Redressal and Contact Information

TSAARO SOLUTIONS – Privacy Policy

Tsaaro Solutions Pvt. Ltd.(also referred to as “Tsaaro”, “we” or “us”) provides services related to Data Protection and associated Regulatory Services, Industry Standard Services (such as ISO/IEC), Information Security Services, Penetration Testing Services, and Security Operation Centre Services to a wide range of organizations. Additionally, we provide subscriptions related to EU Representative as Service, Data Protection Officer as Service, and Privacy Compliance as Service. Tsaaro collects and processes personal data for providing efficient services to its customers. We at Tsaaro understand the importance of your (“Website visitors” or “You” or “data subject”) privacy and are dedicated to securing your personal data.

This Privacy Statement applies to personal information collected by Tsaaro in its capacity as a controller, since it determines the purposes and means of processing personal data. The aim of this Privacy Statement is to inform you on how we collect, use, disclose, and store information or data that may identify you as an individual (“Personal Information”) when you:

  • Interact or use our website, including downloading materials from our resources page or request for contact, register and/or attend any of our LinkedIn events, webinars, or podcasts we organize or attend (collectively “Events”), and
  • Apply for job with Tsaaro.

It is important to note that this website is not intended for children under the age of 16years, and we do not knowingly collect data relating to minors.

Effective Date: 15th July 2022.
Link to previous Privacy Statements: Privacy Statement

1. How does Tsaaro protect your personal data?

  • Tsaaro places a high value on your privacy and the safeguarding of your personal data. We aim to ensure that you feel confident your personal data is well-protected when you engage with Tsaaro.
  • Tsaaro protects your personal data in accordance with applicable laws and our data privacy policies and procedures.
  • In addition, Tsaaro maintains the appropriate technical and organizational measures to protect your personal data against unauthorized or unlawful processing and/or against accidental loss, alteration, disclosure or access, or accidental or unlawful destruction of or damage thereto.

2. Which categories of personal data do we collect and how do we process such personal data?

  • We collect personal data of our employees, potential employees, clients and their current/former/prospective employees/directors, suppliers, business contacts, shareholders and website users.
  • If the data we collect is not listed in this privacy statement, we will give individuals (when required by law) appropriate notice of which other data will be collected and how it will be used.

 

2.1 Information we automatically collect:
When you visit the website, we collect internet activity information, such as your device’s IP address, what pages your device visited, and at what time your device visited our website.

We may also rely on analytics on our website, as further specified in our “Cookie Policy”.

Below chart describes the categories of personal data we collect:

Sr. No.Category of personal informationTypes of personal information captured by category
1Personal details, contact details, and identifiers
  • Name, pronoun, all types of identifiers and contact details (such as e-mail, phone numbers, physical address) and occasionally, when necessary for specific purposes, gender, date of birth, age, place of birth.
2Commercial Information
  • History and records of the services you have obtained from Tsaaro.
  • Correspondence between you and us when it is sent to a dedicated mailbox or via other electronic communication means for the purpose of processing account receivable payments and commercial follow-up.
3Marketing and research information
  • Identifiers – the IP address, social media handle or other online identifiers of a person, e-mail address/mobile number if used for direct marketing, and name and address
  • Demographic data – (e.g. income, family status, age bracket, gender, interests, pets, home ownership, health, current service providers)
  • Browser/web history data and preferences expressed through selection/viewing/purchase of goods, services and content, information about your mobile device including (where available) type of device, device identification number, mobile operating system.
  • Social media content – blogs, posts and anything posted by an individual online or which mentioned/references an individual
  • Analytics and profiles of the individuals based on the data collected on them
  • Voice-enabled services (Speech-to-Text engines for search requests) without being recorded or stored by the mobile device.
4Sensitive data and biometric information
  • Tsaaro may also collect certain types of sensitive information when permitted by local law or with your consent, such as health/medical information (including disability status/access requirements and dietary requirements/allergies in the framework of the events we organize/sponsor) or biometric information, if required.
5

Position and professional or employment-related information

 

  • Professional or employment-related information, such as description of current position, job title, employer, location, and Tsaaro contact(s).
6Cookies and geolocation data
  • As described below, we also may collect geolocation data in some circumstances. Please see our Cookies policy for more details regarding our use of cookies.

3. For what purposes and based on which legal basis do we use your personal data?

Tsaaro uses your personal data only where required for specific purposes. Please view the table below for:

  1. a list of the purposes for which Tsaaro uses your personal data and,
  2. an overview of the legal basis for each such purpose.

Purpose

Legal basis

To administer our website, our events, and for internal operations, including troubleshooting, data analysis, and testing purposes.

Justified on the basis of our legitimate interests in ensuring proper website and event management.

To improve our website to ensure that content is presented in the most effective manner for you and for your computing device.

Justified on the basis of our legitimate interests in enhancing user experience and website functionality.

For trend monitoring, marketing, and advertising.

Based on user consent for direct marketing purposes and our legitimate interests for trend monitoring and advertising.

As part of our effort to keep the website secure.

Justified on the basis of our legitimate interests in ensuring the security of our website.

Analysing job applications and communicating with candidates.

Necessary for the performance of pre-contractual steps (e.g., analysing candidate suitability for a job).

To communicate with you regarding the decision of your job application.

Justified on the basis of our legitimate interests in ensuring effective communication during the recruitment process.

To ensure network and information security.

Justified on the basis of our legitimate interests in maintaining network and information security.

To contact you to offer similar services that you might have bought from us or negotiated for with us.

Justified on the basis of our legitimate interests in business development and customer retention.

We will process your personal information for the purposes mentioned above based on your prior consent(whenever applicable), to the extent such consent is mandatory under applicable laws.

To the extent you are asked to click on/check “I accept”, “I agree” or similar buttons/checkboxes/functionalities in relation to a privacy statement, doing so will be considered as providing your consent to process your personal information, only where such consent is required by mandatory law.

We will not use your personal information for purposes that are incompatible with the purposes of which you have been informed, unless it is required or authorized by law, or it is in your own vital interest (e.g. in case of a medical emergency) to do so.

4. With whom do we share your personal data with?

We may transfer personal data to our service providers, public and governmental authorities, Tsaaro companies/affiliates or third parties in connection with Tsaaro’s operation of its business, including any (potential) corporate or commercial transaction and including clients if the data has been processed to provide client services. Such third parties may be in other countries. Before we do so, we shall take the necessary steps to ensure that your personal data will be given adequate protection as required by relevant data privacy laws and Tsaaro’s internal policies.

We share and disclose information (including personal information) about our customers in the following limited circumstances:

a) Vendors, consultants, and other service providers:

  1. We may share your information with third party vendors, consultants and other service providers who we entrust to perform tasks on behalf of Tsaaro including website analytics companies).
  2. Third party data may also be shared, insofar as reasonably necessary, with any other service used by our marketing and sales teams.
  3. Transaction data is shared with our payment service providers, only to the extent necessary for the purposes of facilitating your payments, processing your refunds, and dealing with complaints/queries regarding such payments and/or refunds.
  4. If Tsaaro receives your personal information in the European Union and subsequently transfers that information to a third-party agent or service provider, it ensures that the third party processes your personal information to the standard required by the applicable privacy laws, including the GDPR. These transfers will be typically based on our legitimate interest or agreed upon in the contract.

 

b) Disclosures for national security and law enforcement:

Under certain circumstances, we may be required to disclose your personal information in response to valid requests by public authorities, based on our legitimate interest or legal obligation. In certain circumstances, we may be required to disclose personal information without your permission.

These circumstances may include, but are not limited to, the following:

  1. To comply with legal or regulatory requirements.
  2. Disclosure for national security
  3. Legitimate interest or legal obligation.

 

c) Transfer of Business:

If we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, personal information could be one of the assets transferred to or acquired by a third party. We will ensure through a contract that the third party ensures the security of the data involved.

5. What about your Sensitive PersonalData?

  • We do not generally seek to collect sensitive data as defined in the second paragraph below (also known as special categories within the EEA) through this site or otherwise. In the limited cases where we do seek to collect such data, we will do this in accordance with data privacy law requirements and/or ask for your consent.
  • The term “sensitive data” refers to the various categories of personal data identified by data privacy laws as requiring special treatment, including the need to obtain explicit consent from you. Kindly refer the ‘Definitions’ for more details.

6. For how long we store your personal information?

Tsaaro will retain your personal data only for as long as is necessary. We maintain specific records management and retention policies and procedures, so that personal data are deleted after a reasonable time according to the following retention criteria:

  • We retain your data as long as we have an ongoing relationship with you (in particular, if you have an account with us).
  • We will only keep the data while your account is active or for as long as needed to provide services to you.
  • We retain your data for as long as needed in order to comply with our global legal and contractual obligations.

7. How do we secure your data?

We maintain organizational, physical and technical security arrangements for all the personal data we hold. We have protocols, controls and relevant policies, procedures and guidance to maintain these arrangements taking into account the risks associated with the categories of personal data and the processing we undertake.

We adopt market leading security measures to protect your personal data. This includes (without being limitative):

  • We hold an ISO27001: 2022 and ISO27001: 2019certifications, which indicates that we adhere to the highest and strictest information security standards. This certification is the only auditable international standard that defines the requirements for an Information Security Management System (“ISMS”) and confirms that Tsaaro’s processes and security controls provide an effective framework for protecting our clients’ and our own information.
  • We have regular penetration testing performed by a third-party provider, which continues to show the strength of our technical defenses.

8.  Do we transfer your Personal Data across International Borders? 

  • Personal information shared by you with us on the website or social media may be sent to India and processed by us there or in other countries, on our service provider’s cloud servers (AWS). We will always take appropriate safeguards and protect your information in accordance with this Privacy Statement wherever it is processed.
  • Tsaaro will inform third parties with whom personal data has been shared of any modification, withdrawal or objections pertaining to the personal data, and implement appropriate policies, procedures and/or mechanisms to do so.

9. Which rights do you have with respect to the processing of your personal data?

You are entitled (in the circumstances and under the conditions, and subject to the exceptions, set out in applicable law) to:

  1. Request access to the personal data we process about you: this right entitles you to know whether we hold personal data about you and, if we do, to obtain information on and a copy of that personal data.
  2. Request a rectification of your personal data: this right entitles you to have your personal data corrected if it is inaccurate or incomplete.
  3. Object to the processing of your personal data: this right entitles you to request that Tsaaro no longer processes your personal data.
  4. Request the erasure of your personal data: this right entitles you to request the erasure of your personal data, including where such personal data would no longer be necessary to achieve the purposes.
  5. Request the restriction of the processing of your personal data: this right entitles you to request that Tsaaro only processes your personal data in limited circumstances, including with your consent.
  6. Request portability of your personal data: this right entitles you to receive a copy (in a structured, commonly used and machine-readable format) of personal data that you have provided to Tsaaro, or request Tsaaro to transmit such personal data to another data controller.

To the extent that the processing of your personal data is based on your consent, you have the right to withdraw such consent at any time by contacting dpo@tsaaro.com. Please note that this will not affect Tsaaro’s right to process personal data obtained prior to the withdrawal of your consent, or its right to continue parts of the processing based on other legal bases than your consent.

If, despite our commitment and efforts to protect your personal data, you believe that your data privacy rights have been violated, we encourage and welcome individuals to come to Tsaaro first to seek resolution of any complaint. You have the right at all times to register a complaint directly with the relevant supervisory authority or to make a claim against Tsaaro with a competent court (either in the country where you live, the country where you work or the country where you deem that data privacy law has been infringed).to exercise any of your rights.

If you would like to exercise your erasure, rectification, or access rights in reference to your data as a job applicant. Any other rights can be exercised by contacting us.

10. Use of Services by Minors

  • As mentioned above, we do not knowingly collect or solicit personal information from anyone under the age of 16.
  • If you are under 16, please do not attempt to register for the Services or send any Personal Information about yourself to us.
  • If we learn that we have collected Personal Information from a child under the age of 16, we will delete that information as quickly as possible.
  • If you believe that a child under the age of 16 may have provided us with Personal Information, please contact us at info@tsaaro.com.

11. Updates to Privacy Statement

We’re constantly trying to improve our Websites and Services, so we may need to change this Privacy Statement from time to time as well. We will inform you regarding material changes, for example, placing a notice on our websites when we are required to do so by applicable law. You can see when this Privacy Statement was last updated by checking the date at the top of this page. You are responsible for periodically reviewing this Privacy Statement.

12. Redressal and Contact Information

In the event that you wish to make a complaint about how your personal data is processed by Tsaaro, email us at info@tsaaro.com. We at Tsaaro respect the personal data and privacy of every user equally, irrespective of their jurisdiction. We promise to abide by this Privacy Statement and secure your privacy. For us, you all are equally valuable, and your trust is our asset. If you are unhappy about how a complaint has been handled by Tsaaro, you have a right to lodge a complaint directly with your local supervisory authority.

DEFINITIONS

  • Associates: It means an employee, officer, director, third party, independent contractors, job –candidate, end customer or any representative of the Company.
  • Consent: Consent of the Data Subjects means any freely given, specific, informed, and unambiguous indication of the Data Subjects wishes by which he or she, by astatement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her;
  • Data Controller: A natural or legal person, public authority, agency, or other body that, alone or jointly with others, determines the purposes and means of processing personal data;
  • Data Subject: It means the individual to whom the personal data relates and where such individual is-
  1. a child, includes the parents or lawful guardian of such a child;
  2. a person with disability, includes her lawful guardian, acting on her behalf;
  3. Patient who are visiting or taking any treatment from the Hospital.
  • Legitimate Interest: Legitimate interest means that Tsaaro has reasonable grounds to process your personal information. Where the above table states that we rely on our legitimate interests for a given purpose, we are of the opinion that our legitimate interests are not overridden by your interests, rights or freedoms, given (i) the transparency we provide on the processing activity, (ii) our privacy by design approach, (iii) our regular privacy reviews and (iv) the rights you have in relation to the processing activity. If you wish to obtain further information on this balancing test approach, please contact info@tsaaro.com
  • Personal Data: It means any information relating to an identified or identifiable natural person (‘data Subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; For Example, full name, personal identification number, driver’s license number, bank account number, Government ID proof, passport number, email address, location data, or one or more of their physical, physiological, intellectual, cultural, or economic characteristics or social identity.
  • Processing: ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, sharing, indexing, restriction, erasure or destruction;
  • Processor: It means a natural or legal person, public authority, agency, or other body which processes personal data on behalf of Tsaaro;
  • Sensitive Personal Information: These categories include racial or ethnic origin, political opinions, religious, philosophical or other similar beliefs, membership of a trade union, physical or mental health, biometric or genetic data, sexual life or orientation, or criminal convictions and offences (including information about suspected criminal activities).