Privacy
Policy
INTRODUCTION
This Privacy Policy is a legally binding document between You and Tartanhq Solutions Private Limited (hereinafter referred to as “Tartan”/“Company”/“We”/“Our”/“Us”), which will govern the relationship between You and the Company for Your use of mobile application, software or the website operated by the Company under the name and style “Tartanhq” (hereinafter referred to as “Platform”). This Privacy Policy shall be read along with the Terms and Conditions, which help You understand what information We collect, why We collect it, and how You can update, manage, export, and delete Your information. The terms of this Privacy Policy will be effective upon Your acceptance of the same (directly or indirectly in electronic form, by clicking on the ‘I Accept’ tab or by use of the Platform or by other means).
This Privacy Policy covers both “online” (e.g., web and mobile services, including any websites and mobile applications operated by Us however accessed and/or used, whether via personal computers, mobile devices or otherwise) and “offline” (e.g., collection of data or registration of documents) activities.
This document is published as an electronic contract and shall be construed in accordance with the provisions of the Digital Personal Data Protection (DPDP) Act, 2023, and is subject to the relevant guidelines, directions, circulars, etc. issued by relevant government authorities, from time to time.
Please read this Privacy Policy carefully. By using this Platform, You indicate that You understand, agree and consent to the terms of Our Privacy Policy, to Our processing of information for the purposes given in this Privacy Policy as well as the information on the web and from Third Parties. If You do not agree with the terms of this Privacy Policy, please do not use this Platform. You hereby provide Your unconditional consent or agreement to the Company as required under Section 4 (Grounds for processing personal data), Section 5 (Notice of Consent) and Section 6 (Consent) of the DPDP Act, 2023 and rules made thereunder, as amended from time to time.
This Privacy Policy shall be deemed to be an integral part of the Terms of Service and words not defined herein shall have the meaning ascribed to it in the Terms of Service.
2. SCOPE AND APPLICATION OF POLICY
The Platform regulates the processing of information as Data Processors under the DPDP Act, 2023 relating to You and grants You various rights with respect to Your personal data. This Privacy Policy applies to anyone who is either:
a person who has approached Tartan for access to payroll and other information of the End User basis consent of the End User (“Customer”, “You”, “Your” or “User”); or
a person whose personal data/information is being accessed/transmitted/uploaded/stored by Tartan as Data Processors under the DPDP Act, 2023 subject to these Terms of Use (“End user”, “You”, “Your” or “User”); and
an internet surfer (“You” or “User”).
This Privacy Policy also applies to information we collect from or about Users, Service recipients, Service providers or any other persons, whether resident in India or outside, who use the Platform.
We adhere to the requirements of the data protection laws and regulations (as amended from time to time) established in India. Accordingly, this Privacy Policy is published in accordance with the DPDP Act, 2023 and rules thereunder, and any other applicable law as amended from time to time.
Third Party information/website
This Privacy Policy describes our privacy practices for the Platform and Services that are being provided by Us. However, this Privacy Policy does not apply to those affiliates, agents and partners that have their own privacy policy. We use third party vendors for hardware, software, networking, storage, and/or ancillary technology required to provide the Services like AWS. In such situations, We recommend that You read the privacy policy on the Platform.
If You provide Tartan with Personal Information about someone else, You confirm that they are aware that You have provided their information and they have consented to Tartan’s use of their information according to the Privacy Policy. This Privacy Policy applies to all the current and former visitors, users and others who access our website or use our API for any purpose or use the information obtained using our Services.
If You provide Tartan with Your Personal Information stored at your online account held with someone else, You confirm that You are duly permitted to provide such access and they have consented to Tartan’s use of such information stored on their platform.
3. CONSENT
By using the Platform and by providing Your information to Us or access to the information with the Information Provider (as defined below), You consent to the collection, transmission, storage and use of such information in accordance with this Privacy Policy. You consent that all information is being provided by You voluntarily and with prior knowledge of the usage of the same in a way as specified herein this Privacy Policy. You specifically agree and consent to Us collecting, storing, processing and sharing information (including Personal Information) related to You with Customers (as defined below), third parties, service professionals or to registered business partner/users and in accordance with the terms as set out in this Privacy Policy and the DPDP Act 2023, as amended from time to time.
The Personal Information that is collected by Us from the End Users is done for the benefit and on behalf of Our Customers i.e. Data Fiduciary who are required to take your prior explicit consent before You share any data with Us or before You provide Us any access to Your personal data. The obligation and responsibility of taking necessary consent from the End User is on the Customer. You acknowledge that Tartan will not be liable for any action or omission of the Customer with respect to the Personal Information, failure of the Customer to take due consent for such Personal Information, and the utilization of such Personal Information by the Customer. Tartan shall be entitled to assume that You have provided due consent for providing, processing and usage of Your personal data to the Customer on whose behalf Tartan shall obtain Your Personal Information.
You shall have the right to withdraw the consent at any time by communication in writing addressed at support@tartanhq.com.
4. COLLECTION OF INFORMATION
Information We collect as You access Our Platform
We receive and store certain types of information whenever You interact with Us. You hereby agree to provide Us with express consent in the form of access to Your Account in order to allow Us to extract Your information from that Account. When You use Our Services, We collect information about You in the following general categories:
Automatic Information
We receive and store certain types of information whenever You interact with Us. Our server logs Your activities for various diagnostic and analytical purposes. The Company is taking information, in an automated form, by entering into the account, the access of which is given by You for the purpose that has been described to You on the Platform and the Terms of Use.
Information Collected by Platform
Our Services are primarily provided through the Platform. We may collect and use technical data and related information, including but not limited to, technical information about Your device, system and application software, and peripherals, that is gathered periodically to facilitate the provision of software patches and/ or updates and/ or upgrades, product support and other services to You (if any) related to the Platform. You understand that the data provided by You may be transmitted in the same or different format and that information transmitted shall be covered by this Privacy Policy. We may provide the information one time or continuously on a real time basis, depending on the requirement.
Cookies are files that are placed in your computer’s browser. If You do not want Us to place a cookie on Your device, You may be able to turn that feature off on Your device. Please note that if You delete or choose not to accept cookies from Our Platform, You may not be able to utilize the features of Our Platform to their fullest potential.
Personal Information
“Personal Information” includes all information about the User, including all information about persons recorded in structured filing systems (e.g., personnel files, salary information), etc. essentially the type of information that is identifiable to that particular individual or User. Some Personal Information may be classified as ‘sensitive’ in some jurisdictions and generally, stricter rules apply. We collect such information from the account, of which You provide access to Us, which further helps Us personalize and continually improve Your experience at the Platform.
We only gather information by way of accessing the account for which You consented to give access, such as, when You create or modify Your account, contact customer support, provide consent to access Your salary details or otherwise communicate with Us. We collect only such Personal Information which is for lawful purpose connected with Our Services and necessary to be collected by Us for such purpose.
We may collect personal information of the following nature:
demographic data including but not limited to age, sex, race/ethnicity;
personal details such as name, address, contact information, referral name, etc.;
physical or mental health or condition;
sexual orientation;
commission or alleged commission of any offence;
professional career related information or otherwise;
KYC details including but not limited to Aadhar number, PAN, Voters ID, License and/ or passport details;
insurance details;
salary information and receipts;
nature of Service required to be rendered;
pages you visit, products you have viewed, compared etc. for doing our internal study on improving our service to our customers.
Registration to the Service
Registration to Our Service is done through the Platform and/ or any other medium that the Company may specify from time to time. During registration, We shall collect part or whole of the information as mentioned in this Privacy Policy by logging into the account, the access of which is provided by You.
When You access the Platform, We may automatically collect information such as the type of internet browser and operating system used, domain name of the website from which You came, number of visits, average time spent on the Platform, pages viewed, etc. We use this information to ensure the Platform function properly, monitor the relevancy of the Platform, and improve their performance or content.
5. HOW WE COLLECT
If You provide your third-party account credentials to Us, You understand that access to such platform of the Information Provider may be provided to the Customer through the API as well as content and information in those accounts may be transmitted to the account of the Customer which may be hosted by Us or otherwise transmitted to the Customer. We may also require You to manually upload Your payslip and similar documents which will then be transmitted to the Customer. We may provide the information one time or continuously on a real time basis, depending on the requirement of the Customer and Your consent. We may also collect information through Your communications with Our customer-support team if You contact Us for support. We may use and store Your information obtained from You or the Information Provider only for purposes as have been detailed in this Privacy Policy.
6. LIABILITY
All such information described above, shall be deemed to be transmitted/given access to or uploaded willingly, with Your consent, and without any coercion. No liability of any form pertaining to the authenticity/genuineness/misrepresentation/fraud/negligence, etc. of any information provided by You or as available in the payroll system of the employer, shall be on the Company, nor will the Company be in any way responsible to verify any information obtained from the End User and it shall always be the responsibility of the Customer/End User to verify/review the data. Also, You understand that the use of Your Personal Information by the Customer will depend on Your agreement with the Customer and the same is not controlled by Tartan. The Company shall also not be liable to End User for any action or omission of the Customer or the Information Provider including any non-adherence to the provisions of the DPDP Act and any applicable law as amended from time to time.
The Platform may be linked to third-party websites/apps (“Third-Party Sites”) that may collect Your Personal Information. The Company is not in any manner responsible for the security of such Third-Party Sites or their privacy practices or content. Such Third-Party Sites may have their own privacy policies governing their storage and retention of Your information that You may be subject to. This Privacy Policy does not govern any information provided to, stored on, or used by such Third-Party Sites or third-party providers and We recommend that You review the applicable privacy policy when You enter a Third-Party Site. You agree and acknowledge that the Company is not liable for the information published by any Third-Party Site.
7. SHARING AND DISCLOSURE OF THE INFORMATION
You hereby unconditionally agree and permit that Company may transfer, share, disclose or part with all or any of Your Information, within and outside of the Republic of India to Company and to third party Service providers/ partners/ banks and financial institutions for one or more of the purposes listed above or as may be required by applicable law. In such cases, We will attempt to contractually oblige the receiving third parties of the Information to ensure the same level of data protection that is adhered to as by the Company under applicable law and also ensure that prior consent has been obtained by such third party.
You further agree that such disclosure, sharing, and transfer of Your Personal Information and Non-Personal Information shall not cause any wrongful loss to You or to any third party, or any wrongful gain to us or to any third party.
We disclose the information to the third parties in the method specified below, including, but not limited to the purposes of collection of information as mentioned above.
We are a Data Processor, appointed by the Customer to provide Your Personal Information to the Customer through our Platform, and therefore, we disclose Your Personal Information as obtained from You or the Information Provider to the Customer. At times, we may also host such information on our Platform for review by the Customer and provide them such information in such format as may be required by them. We may disclose the Personal Information one time or continuously on a real time basis, depending on the requirement of the Customer and Your consent as given to the Customer.
We will be disclosing Your information to employees, agents, officers, third party partners, legal advisors or auditors but only on a need to basis and in accordance with the provisions of this Privacy Policy.
DISCLOSE INFORMATION TO THIRD PARTIES
Except as provided for hereinabove, We limit the collection and use of Your Personal Information. We may also make anonymous or aggregate Personal Information and disclose such data only in a non-personally identifiable manner. Such information does not identify You individually. Access to Your account information and any other personally identifiable information is strictly restricted and used only to such information to which You have given consent in accordance with specific internal procedures and for the purposes set out in this Privacy Policy, in order to operate, develop or improve our Services. Following are the situations when information may be shared:
Upon instructions of Customers
The main objective of the collection of Personal Information is to verify Your details to Your third parties such as Your service providers, lenders, etc. with whom You have a direct contractual relationship and have consented to the collection and usage of such Personal Information.
When You agree to receive information from third parties
You may be presented with an opportunity to receive information and/or marketing offers directly from third parties. If You do agree to accept the services provided by such Parties, Your consent will be deemed to be accepted and Your Personal Information will be disclosed to such third parties, and all Your information will be subject to the Privacy Policy and practices of such third parties. We are not responsible for the privacy policies and practices of such third parties and, therefore, You should review the privacy policies and practices of such third parties prior to agreeing to receive such information from them. If You later decide that You no longer want to receive communication from a third party, You will need to contact that third party directly.
Administrative and Legal Reasons
We cooperate with Government and law enforcement officials and private parties to enforce and comply with the applicable law. Thus, We may access, use, preserve, transfer and disclose Your information (including Personal Information, IP address, Device Information or geo-location data), to Government or law enforcement officials or private parties as We reasonably determine is necessary and appropriate: (i) to satisfy any applicable law, regulation, subpoenas, governmental requests or legal process; (ii) to protect and/or defend the Terms and Conditions for Platform or other policies applicable thereto, including investigation of potential violations thereof; (iii) to protect the safety, rights, property or security of the Company, our Services or any third party; (iv) to protect the safety of the public for any reason; (v) to detect, prevent or otherwise address cyber fraud, security or technical issues; and /or (vi) to prevent or stop activity We may consider to be, or to pose a risk of being, an illegal, unethical, or legally actionable activity.
Protection of Company
We release account and other personal and financial information when We believe release is appropriate to complete the rendition of Services to You through the Platform; comply with applicable law; enforce or apply Our Terms of Use and other agreements; or protect the rights, property or safety of Company, Our Users or others. This includes exchanging information with other companies, organisations, Government or regulatory authorities for fraud protection and credit risk reduction. Obviously, however, this does not include selling, renting, sharing or otherwise disclosing personally identifiable information from Users for commercial purposes in a way that is contrary to the commitments made in this Privacy Policy.
When You consent to sharing of information
Personal Information may be collected and shared with third parties if there is content from the Platform that You specifically and knowingly upload to, share with or transmit to a prospective product/ service provider through the Platform, an email recipient, online community, website; e.g., salary slips, insurability details including health records, etc. information about You or Your uploads that You choose to share with others through features which may be provided on Our Platform. This uploaded, shared or transmitted content will also be subject to the privacy policy of the third party to which You upload, share or transmit the content. You hereby consent to Us, storing, transmitting or using the information shared by You with the third party for any internal analysis and any other reasonable use for the development of the Platform or improvement of the Services provided to You by Us.
For Advertising
We may share Personal Information with third parties, including advertisers on Our Platform, in order to help them place more targeted ads. These companies may use information (excluding your name, address, email address, or telephone number) about Your visits to this Platform in order to provide advertisements on this Platform and other third-party websites about goods and services that may be of interest to You.
We use third-party Service providers to serve ads on Our behalf across the internet and sometimes on this Platform. They may collect anonymous information about Your visits to Platform, and Your interaction with Our Services. They may also use information about Your visits to other websites for targeted advertisements for services. This anonymous information is collected through the use of a pixel tag, which is industry standard technology used by most major websites. No personally identifiable information is collected or used in this process. There might be affiliates or other sites linked to the Platform. Personal Information that You provide to those sites is not Our property.
9. STORAGE AND OTHER UTILISATION OF THE INFORMATION
Our Services are aimed at, inter alia, providing the Customers with connectivity to the payroll system, and financial information of the End User through a single API. Our Services, inter alia, enable End Users to connect to payroll systems, financial accounts and related platforms offered by third parties, including but not limited to payroll providers and employers (each an “Information Provider”) and provide user data to our Customers. We may use and store the information provided by You or obtained through the Information Provider or any non-Personal Information for the following purpose:
share the same with third party Service providers to enable them to effectively sell their products/ provide their Services to You;
provide, maintain, and improve upon our business. For example, to introduce and facilitate payments, develop new features, provide customer support to Users, develop features, authenticate users, and send Service updates and administrative messages;
perform internal operations, including, for example, to prevent fraud and abuse of the Platform; to troubleshoot software bugs and operational problems; to conduct data analysis, testing, and research; and to monitor and analyse usage and activity trends;
send or facilitate communications;
send You communications We think will be of interest to You, including information about products, services, promotions, news, and events of the Company and other companies, where permissible and according to local applicable laws; and to process contest, and fulfil any related awards;
personalize and improve the Services, including to provide or recommend features, content, social connections, referrals, and advertisements;
to detect, prevent and protect the Company from any errors, frauds, and other criminal or prohibited activity;
to create aggregate or statistical information that does not directly identify a specific person, and We may share that information with Third Parties;
for any other purpose, for which You have granted consent.
10. DELETION OF INFORMATION
You can always refuse to supply Your Personal Information to Us. However, this may restrict You from using the Services that are being provided by the Customer. Further, We are not liable for the deletion/non deletion of the Personal Information provided to the Customer by Us based on Your consent.
11. CONFIDENTIALITY
The Personal Information and other usage information We collect is securely stored within Our databases, and We use standard, industry-wide, reasonable security practices such as encryption, firewalls and SSL (Secure Socket Layers) for protecting Your information. However, as effective as encryption technology is, no security system is impenetrable. We cannot guarantee the security of our databases, nor can We guarantee that the information You supply won't be intercepted while being transmitted to Us over the internet or wireless communication, and any information You transmit to the Company You do at Your own risk. We recommend that You not disclose Your password to anyone.
11. CHANGES TO THIS PRIVACY POLICY
Our business changes constantly and our Privacy Policy and Terms of Use will also change accordingly. We may e-mail periodic reminders of Our notices and conditions, unless You have instructed Us not to, but You should check Our Platform frequently to see recent changes.
We, at Our sole discretion, reserve the right to update, change or modify this Privacy Policy at any time to reflect any (including but not limited to) changes in the law, the data collection, and practices, the features of the Platform or advances in technology. The amendment to this Privacy Policy shall come into effect from the time of such update, change or modification and the same will be published here.
You are requested to review the Privacy Policy carefully from time to time. Use of information collected is subject to the Privacy Policy in effect at the time such information is used. The changes to this Privacy Policy shall be treated as read, recognized, understood, consented and accepted if You continue to use the Platform post such changes.
Unless stated otherwise, Our current Privacy Policy applies to all information that We have about You and Your Account.
12. DISPUTE RESOLUTION AND GOVERNING LAW
The Privacy Policy shall be governed in all respects by the laws of India and any legal proceeding arising out of the Privacy Policy will occur exclusively in the courts located in Mumbai, India.
If a dispute arises between You and the Company, Our goal is to provide You with neutral and cost-effective means of resolving the dispute quickly. Accordingly, You and the Company hereby agree that We will resolve any claim or controversy at law and equity that arises out of or in relation to the Terms of Use, the Privacy Policy or the Platform in accordance with the provisions contained herein. Prior to resorting to formal ways of dispute resolution, We strongly encourage You to first contact Tartan directly to seek a resolution as per the grievance redressal procedure set out hereinbelow.
If not resolved with Tartan, any further dispute shall be settled amicably by the Parties within 30 (thirty) calendar days of the receipt of the notice of the existence of a dispute. In the event any dispute cannot be resolved within 30 (thirty) calendar days from notice of the dispute, either party may refer the dispute to be finally settled by arbitration in accordance with the Indian Arbitration and Conciliation Act, 1996 and the rules framed thereunder, as amended from time to time. The arbitration proceedings shall be conducted by a sole arbitrator mutually appointed by the parties. The venue and seat of arbitration shall be Mumbai, India and the arbitration proceedings shall be conducted in English language.
14. COOKIES AND OTHER TRACKING TECHNOLOGIES
We use data collection devices such as “cookies” on certain pages of Our Platform.
A cookie is a piece of data stored on the User’s computer tied to information about the User. We may use both session ID cookies and persistent cookies. For session ID cookies, once You close Your browser or log out, the cookie terminates and is erased. A persistent cookie is a small text file stored on Your computer’s hard drive for an extended period of time. Session ID cookies may be used by the Company to track User preferences while the User is visiting the Platform. They also help to minimize load times and save on server processing. Persistent cookies may be used to store whether, for example, You want Your password remembered or not, and other information. Cookies used on the Platform do not contain personally identifiable information.
You may set most browsers to notify You if You receive a cookie, or You may choose to block cookies with Your browser, but please note that if You choose to erase or block Your cookies, You will need to re-enter Your original User ID and password to gain access to all/ certain parts of the Platform.
Tracking technologies may record information such as internet domain and Users names; Internet protocol (IP) addresses; browser software and operating system types; stream patterns; and dates and times that our site is accessed. Our use of cookies and other tracking technologies allows Us to improve Our Platform and Your experience. We may also analyze information that does not contain Personal Information for trends and statistics.
The cookies allow You to take advantage of some of the Platform’s essential features, We recommend that You leave them turned on. For instance, if You block or otherwise reject Our cookies, You may not be able to use any Service that requires You to sign in.
15. DISCLAIMER
We cannot ensure that all of Your private communications and other Personal Information (including sensitive information like credit card information and bank account number) will never be disclosed in ways not otherwise described in this Privacy Policy. Therefore, although We are committed to protecting Your privacy, We do not promise, and You should not expect, that Your Personal Information or private communications will always remain private. As a User of the Platform, You understand and agree that You assume all responsibility and risk for Your use of the Platform, the internet generally, and the documents You post or access and for Your conduct on and off the Platform.
16. SECURITY OF PERSONAL INFORMATION
The Company understands that the confidentiality, integrity, and availability of Your information are vital to Our business operations and Our own success. We employ appropriate technical and organizational security measures at all times to protect the information We collect from You. We use multiple electronic, procedural, and physical security measures to protect against unauthorized or unlawful use or alteration of information, and against any accidental loss, destruction, or damage to information.
The Company is an ISO certified organization and protects Your information as per the International Standard IS/ISO/IEC 27001 on “Information Technology Security Techniques Information Security Management System-Requirements”. However, no method of transmission over the internet, or method of electronic storage, is 100% secure. Therefore, We cannot guarantee its absolute security. Further, You are responsible for maintaining the confidentiality and security of Your login id and password, and may not provide these credentials to any Third Party.
We follow generally accepted industry standards to protect the Personal Information submitted to Us, both during transmission and once We receive it. We host the API in a secure server environment that uses advanced technology to prevent interference or access from outside intruders.
Our security practices and procedures limit access to personal information on a need-only basis.
Tartan will strive to protect information and privacy, however, it takes no guarantee of absolute security when information is transmitted to the Customer. Tartan will not be responsible under any circumstance for any loss or theft of information due to unauthorised access to Your device through which You visit website or use the API or any other reasons not attributable directly to Tartan. Tartan will not be responsible for any breach of security due to any actions or events of any third parties including Customer and Information Provider which are outside its reasonable control including but not limited to computer hacking, government acts, computer crashes etc.
17. CONTROL OF YOUR INFORMATION
You have the ability to control how Your non-Personal Information is collected and used online. You also have the ability to choose what Personal Information, including what sensitive personal information (i.e., your financial information) You provide to Us. However, if You choose not to provide all of the information and data that is requested of You, We may not be able to provide You with the Services that You have subscribed to.
We believe You should be able to choose what kinds of information You receive via email/SMS. If You do not want to receive marketing materials by email/SMS, just indicate Your preference on the contact information for Your account or the ‘opt-out’ or unsubscribe link provided in our marketing emails. Please keep in mind that We will continue to notify You by email /SMS/via phone calls regarding Your services with Us, even after You have opted out.
18. SEVERABILITY
Each paragraph of this Privacy Policy shall be and remain separate from and independent of and severable from all and any other paragraphs herein except where otherwise expressly indicated or indicated by the context of the Privacy Policy.
The decision or declaration that one or more of the paragraphs are null and void shall have no effect on the remaining paragraphs of this Privacy Policy.
19. CONTACT INFORMATION
In case you either have any feedback or comments about this Privacy Policy or any discrepancy with respect to the processing of any of the information/data You provided to the Company, You can send it to the grievance officer mentioned below. We will employ all reasonable efforts to address the same.
Grievance Officer
In accordance with the DPDP Act 2023 and rules made there under, as amended from time to time, the name and contact details of the grievance officer are as follows:
Name of Grievance Officer: Meet Semlani
Email: support@tartanhq.com
Registered address: WeWork, Vaswani Chambers, HD-015, Floor-2, Plot - 264/265, , Dr Annie Besant Road, Worli Colony, Mumbai Mumbai City MH 400030 IN
Process of Grievance Redressal
Any person having a grievance in relation to this Privacy Policy may furnish the grievance, at any time, to the above-mentioned personnel.
An acknowledgement of the grievance will be issued and generated by the Company for the benefit of the complainant within 24 (twenty four) hours of it being furnished for information and record.
We may reach out to You for further information and details on receipt of the complaint/queries/concerns by the Company. We will make all endeavours to resolve the complaint as soon as possible.
The manner of grievance redressal shall have the following arrangement: -
the Company shall address the grievance and inform the complainant of its decision within 15 (fifteen) days of the registration of the grievance;
if the decision of the publisher is not communicated to the complainant within the stipulated 15 (fifteen) days, the grievance shall be escalated to the Meet Semlani, which shall be conducted as per Meet Semlani, handlinggrievance redressal committeeatthe Company.