Privacy Notice – General users and clients                                                                               Effective from 25^th May’18

Introduction

We appreciate the trust you place in us when sharing your personal data. CSS Corp including its subsidiaries and affiliates respects the privacy of its customers, business partners, and all relevant stakeholders. In this document, we will explain how we collect, use and protect your personal data. We will also explain what rights you have with regard to your personal data and how you can exercise those rights. This document also describes the measures we take to protect the security of the information and how individuals can contact us about our privacy practices.

If you need more information, please contact: privacy.officer@csscorp.com

We take the security of all the data we hold very seriously.  We adhere to internationally recognised security standards and our information security management system relating to client confidential data is independently certified as complying with the requirements of ISO/IEC 27001: 2013.  We have a framework of policies, procedures and training in place covering data protection, confidentiality and security and regularly review the appropriateness of the measures we have in place to keep the data secured. We have developed our Data Privacy policy in line with the requirements of European Union Data Protection Directive (Directive 95/46/EC) and the General Data Protection Regulation (in force from 25 May 2018) and applicable national laws.

1. The information we collect

We collect and use contact details of our customers, clients and their customers in order to manage and maintain our relationship with those individuals. Our policy is to collect only the personal data necessary for agreed purposes and we ask our clients only to share personal data where it is strictly needed for those purposes. The personal data may include Name, email ID, Home address, Work address, phone numbers and job titles. In some cases, we also need invoice details, delivery addresses, payment credit card details and any other information which you provide to process our activity.

IP Addresses

CSS web servers gather your IP address to assist with the diagnosis of problems or support issues with our services, and to monitor the use of our Site, including the monitoring of the location of our users.

2. How we use your information

• Providing professional services

We provide a diverse range of professional services to our clients and customers.  Some of our services require us to process personal data in order to provide maintenance, delivery, advice and troubleshooting services.  For example, we will take customer’s personal details to verify customer credentials in order to ensure delivery of technological troubleshooting services to the right customer. We often need to use personal data to provide travel related services and assistance.

• Quality Assurance management

We monitor the services provided to the clients and customers for improving quality of our services, which may involve processing personal data stored on our or our client’s IT platforms / OS. We have policies and procedures in place to monitor the quality of our services and security risks management.   As part of our process, we also carry out searches using publicly available sources like internet. We record the telephonic conversation with our customers for improvement of quality, training and security purposes, in accordance with our legitimate interests. Our Research and Development team some time use your information to invite you to take part in market research or surveys

• Business administration and management

We process personal data in order to run our business, including managing our relationship with our clients, customers and third party, developing our businesses and services to accommodate customer satisfaction, like identifying client & customer’s needs and improvements in our service delivery, improving technology in our ICT systems, administration and management of our website and client tools. We also use information you provide to personalise (i) our communications to you; (ii) our website; and (iii) products or services for you, in accordance with our legitimate interests;

We may also send you direct marketing in relation to relevant products and services. Electronic direct marketing will only be sent where you have given your consent to receive it, or (where this is allowed) you have been given an opportunity to opt-out. You will continue to be able to opt-out of electronic direct marketing at any time by following the instructions in the relevant communication.

• Legal and regulatory requirements

We need to keep certain personal data to demonstrate that our services are provided in compliance with applicable Legal and regulatory requirements

3. With whom and where will we share your personal data?

We may share your personal data with our subsidiaries to process it for the purposes of inter-group administration and to deliver products or services where elements of these are provided by group companies other than those with which you have directly contracted.

Use of third party:

We are part of a global network of firms and other service providers, we use third parties located in other countries to help us run our business in legitimate way.  As a result, personal data may be transferred outside the countries where we and our clients are located.  These countries may include countries outside the EU/EEA area.   We have taken steps to ensure all personal data is provided with adequate protection and that all transfers of personal data outside the EU are done lawfully.  Where we transfer personal data outside of the EU to a country not determined by the European Commission as providing an adequate level of protection for personal data, the transfers will be under an agreement which covers the EU requirements for the transfer of personal data outside the EU, such as the European Commission approved standard contractual clauses.

We will only share personal data with others when we are legally permitted to do so. When we share data with others, we put contractual arrangements and security mechanisms in place to protect the data and to comply with our data protection, confidentiality and security standards.

We use third parties to support us in providing our services and to help provide, run and manage our internal IT systems.  For example, providers of information technology, cloud based software as a service providers, identity management, website hosting and management, data analysis, data back-up, security and storage services.  The servers powering and facilitating that cloud infrastructure are located in secure data centers around the world, and personal data may be stored in any one of them.

4. How long will you keep my personal data?

We will not keep your personal information for any purpose for longer than is necessary for our processing purposes and will only retain the personal information that is necessary in relation to the purpose. We are also required to retain certain information as required by law or for as long as is reasonably necessary to meet regulatory requirements, resolve disputes, prevent fraud and abuse, or enforce our terms and conditions.

Where you are a customer, we will keep your information for the length of any contractual relationship you have with us and after that for a period of 12 months or as per the data retention policy of CSS Corp.

Where you are a prospective customer and you have expressly consented to us contacting you, we will only retain your data (a) until you unsubscribe from our communications; or, if you have not unsubscribed, (b) while you interact with us and our content; or (c) for 12 months from when you last interacted with us or our content.

In the case of any contact you may have with our customer services team, we will retain those details for as long as is necessary to resolve your query and for two weeks after the query is closed.

We will retain your data for a short time beyond the specified retention period, to allow for information to be reviewed and any deletion to take place. In some instances, laws may require CSS Corp to hold certain information for specific periods other than those listed above.

5. Where is my data stored?

The personal data that we collect from you may be transferred to, and stored outside the EU/EEA area at a safe and secure place.  It may also be processed by staff operating outside the EU/EEA who works for us under strict security contract or for one of our suppliers, in which case the third country’s data protection laws will have been approved as adequate by the European Commission or other applicable safeguards are in place. Further information may be obtained from our Privacy Team.

6. What are my rights in relation to my personal data?

As a data subject you have certain rights over your personal data and data controllers are responsible for fulfilling these rights.  Further information about the rights that individuals have and how to exercise them is given below:

Right of access

You have a right of access to your personal data held by us as a data controller.  This right may be exercised by emailing us at privacy.officer@csscorp.com. We will aim to respond to any requests for information promptly and in any event within the legally required time limits of 30 days from the day of request received by us.

Where you have provided your data to us and it is processed by automated means, you may be able to request that we provide it to you in a structured, machine readable format. If you wish to transmit your personnel data directly from one data controller to another data controller, same will be processed, wherever it is technically feasible.

Right of rectification

At any stage while your data is in our processing and if you want to update same, you may email us at privacy.officer@csscorp.com. We will process your request to the extent it is practically possible for us and we will make corrections based on your updated information.

Right of withdrawal of consent

Where we process personal data based on consent, individuals have a right to withdraw consent at any time.  To withdraw consent to our processing of your personal data please email us at privacy.officer@csscorp.com. We will process your request as early as practically possible.

Right of erasure

Where we process personal data based on consent, individuals have a right to ask erase of his data at any time.  To erase your data from our database please email us at privacy.officer@csscorp.com. We will process your request as early as practically possible.

7. Where can I find more information about CSS Corp’s handling of my data?

If you have a complaint about how we have handled your personal data, you may be able to ask us to restrict how we use your personal data while your complaint is resolved. Should you have any queries regarding this Privacy Notice, about CSS Corp’s processing of your personal data or wish to exercise your rights you can contact CSS Corp’s Privacy Team using this email address: privacy.officer@csscorp.com .

Changes to Our Privacy Policy

CSS Corp reserves the right to update or change this Privacy Statement from time to time and as such, we request you to review our Privacy Statement periodically on our web site for any further updates or changes that we may have made.

A Note to Children and Parents

Children: We do not process young person’s data age below 16 years. If you are below 16 years of age and someone ask you to share information about yourself. Before sending any information about yourself over the Internet to us or anyone else, be sure to ask your parents for permission.

Parents: CSS Corps encourage parents to talk to your children about safe and responsible use of their personal information while using the Internet