42Gears Mobility Systems Private Limited and its affiliates and subsidiaries (“We”) respects its users’

(“User”/“You”/”Customer”/”Your”) privacy and appreciates Your concern to protect Your privacy. This Privacy Notice has been adopted by us to inform You of how we handle the information that You share with us. Unless otherwise defined in this Privacy Notice, the terms used in this Privacy Notice have the same meanings as in our Terms and Conditions.

GDPR Statement:

The European Union (EU) General Data Protection Regulation (GDPR), enforceable as of May 25, 2018, imposes additional requirements upon companies to enhance the protection of personal data of EU residents. 42Gears Mobility Systems has a dedicated, core-functional team overseeing 42Gears' GDPR readiness. We discuss our efforts and commitment to GDPR below.

42Gears’ Commitment to General Data Protection Regulation:

GDPR regulates the governance of personal data for European Union citizens with a prominence on data security and data privacy. The GDPR not only applies to companies that operate in the European Union (EU) but also impacts companies operating outside of the EU, if they process any personal data of any of its customers in the EU.

42Gears has established its information security and data privacy principles to protect the privacy and information rights of its customers. We are strenuously committed to GDPR compliance.

Personal Data:

Personal data is the information relating to an individual who can be directly or indirectly identified from that data. Identification of personal data can be through reference to the information itself, or in conjunction with any other information in our possession or is likely to come into such possession. The processing of personal data in the EU is governed by the General Data Protection Regulation.

Privacy Notice:

The purpose of this Privacy Notice is to outline how we have established measures to protect Your privacy rights in accordance with the GDPR (EU General Data Protection Regulation), California Consumer Privacy Act as well as the laws of India (together “Applicable Laws”) where 42Gears Mobility Systems Private Limited (the Parent Company) is incorporated.

Customer Data:

We may receive, store or process certain information including personally identifiable information on behalf of our customers. Under the GDPR Data Controller means the natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information are, or are to be, processed.

For the purpose of this Privacy Notice, we are a Data Controller of Your Personal Data as and when You directly use/purchase our products and services.However, in case You entrust any of Your data including Your customers or employees data through any of our structured means such as Resellers, Partners or distributers, we manage such data as a data processor or sub processor (as defined under GDPR provisions) whatever the case may be.

The data You entrust to us for processing is called Customer Data.

This Customer Data may include information from devices or other systems that the Customer manages and monitors using our services or products. It could also include end user data related to an individual’s activities on Customer’s network and systems including, but not limited to, email address, IP address, device information, CPU usage and any other data related to addressing a support or service request. Under GDPR we are primarily a data processor for Customer Data.

We do not sell or intend to sell or rent any personal data of Yours being collected, processed or stored in our systems in any manner whatsoever.

Data collected:

We collect some information to conduct our regular business operations and administration that may include some personal information such as name, email address and contact details. We outline this below as:

• Data collected from website users;
• Data collected through the use of our products and services; and
• Other data

Data collected from website users:

When You visit our website or seek to conduct business with us You may be prompted to provide certain personal information such as name, email address, mobile number, and geographic location etc. This information is used by us in the following ways:

• Help us connect with You or to establish communication at Your request.
• Collect Your Email address to subscribe to our newsletters.
• Register for webinars.
• Enquire about our products and services.
• Register or apply to our Partner Program

Generally, the personal information You provide to us is necessary to provide You with the information You have requested for and to resolve a complaint or address Your query.

We may also collect the personal information disclosed by You on our forums, blogs and testimonials or to any platforms to which You are able to post information and materials including third party services (such as social media channels) and through our any other Offerings.

We may also collect billing and transactional details of the Customer during their purchase of our products or services. We work with industry-standard payment providers to collect payment.

Please note that providing personal information to us is voluntary on Your part. If You choose not to provide us certain information, we may not be able to offer You certain products or services , and You may not be able to access certain features provided on our website.

Our servers automatically collect certain information when You visit our website. This information does not necessarily reveal Your identity directly but it may include information about the specific device used, such as the hardware model, operating system version, web-browser software (such as Firefox, Safari, or Internet Explorer) and the Internet Protocol (IP) address/MAC address/device identifier. In some countries, including the European Economic Area, this information may be considered personal information under the GDPR. We do not use this information to identify You, and do not process this information actively. The collection is a by-product of using the website. 

Data Collected through the use of our Products and Services:

Usage Data: Where our customers subscribe to our products and services we collect certain technical information obtained from software, systems hosting the services or products and devices accessing these products and services which do not directly identify the end user herein referred to as Usage Data. We collect this information for business analytics to identify how our products and services are used by our Customers. The extent of this collection is configurable by our customers, but as an indication, our collection of technical information that constitutes personal data includes (but is not limited to):

• IP Address
• Email address
• Company name
• Mobile number
• Device Time
• Device Model
• RAM Information
• Storage Information
• Bluetooth Information
• Data Usage details
• Password Strength
• Device Notes
• Other usage statistics

We do not collect usage details about Customer’s end users, except as necessary for support or to provide the Services requested by Customers (in which case we are a data processor of such data).  The information is only processed to provide the service requested by the Customer.

Other Data:

Cookies

Our website uses "cookies", which are files in text format placed on Your (User's) computer, to help the website analyze how Users use the site. The cookie provides information about Your use of the website (including Your IP address) for the purpose of evaluating and compiling reports on website activity and internet usage. You may refuse the use of cookies by selecting the appropriate settings on Your browser, however, please note that if You do this You may not be able to use the full functionality of this website.

Examples of Cookies we use:

For analytics and performance: These cookies help us understand how you use our services and use that data to optimize and improve our services. For example we use Google Analytics cookies to understand how visitors arrive at our website, which content they read or spend their time on, identify areas such as website navigation, user experience and marketing campaigns.

Targeting Cookies or Advertising Cookies: These cookies collect information about your browsing habits in order to make advertising relevant to You and Your interests. They remember the websites You have visited and that information is shared with other parties such as advertising technology service providers and advertisers.

In addition to our own cookies, We use some third-party cookies to report usage statistics of the service, deliver advertisements on and through the service, and so on.

How to opt-out

To opt-out from the cookies, you can configure your browser through appropriate settings. However, you will not be able to opt-out from cookies which are “absolutely necessary” for our services. Links to third-party cookie providers and their privacy/opt-out pages:

• Google Analytics: Google Analytics
• LinkedIn: LinkedIn Cookie Policy. and LinkedIn Ads
• Intercom: Intercom
• Facebook: Facebook Cookie Policies
• Google AdWords Conversion: AdWords

“Do Not Track” Signals under California Online Protection Act (CalOPPA)

Some internet browsers have enabled Do Not Track (DNT) features, which sends out a signal (called the DNT signal) to the website that you visit indicating that you don't wish to be tracked. This is different from blocking or deleting cookies, as browsers with a Do Not Track feature enabled may still accept cookies. No industry standard currently exists on how companies should respond to Do Not Track signals, although one may develop in the future. Our website is not currently designed to recognize and respond to Do Not Track signals.

California Residents

If You are a California resident, You are entitled to certain rights with respect to personal information that We collect about You. Learn more about these rights and how to exercise them in our California Privacy Notice.

Use of Personal Information: 

Following is an overview of the core purpose for using the personal information collected by us.

Data collected from website users

For Customers in the European Union, our processing (i.e use) of Your personal information is justified on the following legal basis:

• the processing is necessary to perform a contract with You or take steps to enter into a contract at Your request; this is the primary basis of our processing.
• the processing is in our legitimate interests, subject to Your interests and fundamental rights, and notably our legitimate interest in using applicable data to conduct and develop our business activities; or
• You have clearly consented to the processing of Your personal data for a specific purpose.

The personal data we collect is used for the following purposes:

• conduct and develop our business with You and with others;
• engage You about events, promotions, the websites and our products and services;
• provide You with documentation or communications which You have requested;
• correspond with Users to resolve their queries or complaints;
• provide You with any Services You request;
• send You marketing communications, where You have subscribed and consent to receive such marketing communications or where it is lawful for us to do so;

Data collected through the use of our products and services

For Customers in the European Union, our processing (use) of Your personal information is justified on the following legal basis:

• the processing is necessary to perform a contract with You or take steps to enter into a contract at Your request; This is the primary basis of our processing.

The personal data we collect is used for the following purpose:

• conduct and develop our business with You and with others;
• process, evaluate and complete certain transactions involving our products and services;
• maintain our internal business and accounting records;
• provide You with any Services You request;
• manage, protect against and investigate fraud, risk exposure, claims and other liabilities, including but not limited to violation of our contract terms or laws or regulations.

Other data

For Customers in the European Union, our processing (i.e use) of Your personal information is justified on the following legal basis:

the processing is in our legitimate interests, subject to Your interests and rights, and notably our legitimate interest in using applicable data to conduct and develop our business activities; or You have clearly consented to the processing of Your personal data for a specific purpose.

The personal data we collect is used for the following purpose:

• operate, evaluate, maintain, improve and develop our products and services or our websites (including by monitoring and analysing trends, access to, and use of the website for advertising and marketing);
• customize our websites, products or services to users' needs;

Disclosure of Personal Data to Service Providers:

We engage third parties to support the services we deliver to You. These third parties assist us in providing information, products or services to You, in conducting and managing our business, or in managing and improving our products/Services or our websites.

We share Your personal data with these third parties to render services for which they have been engaged by us to perform on our behalf, subject to appropriate contractual restrictions and security measures, or if we believe it is reasonably necessary to prevent harm or loss, or we believe that the disclosure will further an investigation of suspected or actual illegal activities or if required to do so by law or in response to a valid requests by public authorities (eg. a court or a government agency)

The third parties may include:

• Cloud infrastructure providers such as Amazon Web Services (AWS).
• Cloud application and productivity providers to support our internal office operations such as email and document management.
• Administration and support: to enable customer support and assist in sales management.
• Marketing and Newsletter: To manage our email communication with our customers for marketing purpose such as newsletters etc.
• Payment Gateways: We work with commercial payment gateways such as PayPal, Stripe, Chargify and BlueSnap. Customers can select the payment gateways; upon selection You are transferred to systems controlled by these service providers to complete the payment. The payment gateways render the payment services as a data controller and comply with all the obligations for processing the data under the applicable data protection laws and their respective Privacy Notice. We do not store or collect Your payment card details in any manner whatsoever.

That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, MasterCard, American Express and Discover. PCI-DSS requirements help ensure the secure handling of payment information.

The payment processors we work with are:

• Stripe

Their Privacy Policy can be viewed at https://stripe.com/us/privacy

• PayPal: https://www.paypal.com/en/webapps/mpp/ua/privacy-full
• Plimus: https://home.bluesnap.com/privacy-policy/

We do not share, sell, rent, or trade any of Your personal information to third parties, other than as necessary to deliver the services we provide You or to administer our business. These third parties don't have any independent right to share or sell any of Your personal information.

International Transfer:

Personal information collected by us, including any and all the personal information of EU customers, may therefore be processed by our service providers in the United States. However, where You are using 42Gears UEM SureMDM - Software as a Service solutions, You can select whether processing of device specific information takes place in the EU or in the United States when You first register for such service. Your consent to this Privacy Notice followed by Your submission of such information represents Your agreement to that transfer.

We will protect the personal information in accordance with this Privacy Notice. We take appropriate contractual or other measures to protect the personal information in accordance with the applicable laws pertaining to Data Protection and ensure that no transfer of Your personal information will take place to an organization or a country unless there are adequate controls in place including security of Your data and other personal information

Where processing takes place in the United States, we ensure that the service providers have subscribed to the EU-US Privacy Shield Framework. Further details can be found at: 

https://aws.amazon.com/compliance/eu-us-privacy-shield-faq/ and https://aws.amazon.com/compliance/gdpr-center/

Security:

The nature of our services is such that we share a responsibility with our customers for the security of data.

We aim to safeguard and protect Your personal data from unauthorized access, improper use or disclosure, unauthorized modification or unlawful destruction or accidental loss, and have adopted reasonable technical and organizational security measures. In line with 42Gears commitment to ensure protection of Your privacy and establish good business practices we have been certified by industry- standards such as ISO 27001:2013.

It is nevertheless important that our customers recognise their responsibility in maintaining effective security in the use of our services. While we will use all reasonable efforts to safeguard Your personal data, You acknowledge that the use of the internet is not entirely secure and for this reason we cannot guarantee the security or integrity of any personal data that transferred from You or to You via the internet.

Retention of Personal Data:

We retain Your personal data for as long as required to fulfil the purposes for which it was collected. A summary of our approach to retention is outlined below:

Data collected from website users:

We retain this information for the duration of our relationship with the Customer.  Once You have initiated and, where appropriate consented to our communication, you have the right to request us to stop communication (see the ‘Rights’ section below).

Data collected through the use of our products and services:

1. At the outset of User to unsubscribe or non-renewal or termination of active license the data remains for 6 months on our live system and subsequently the data is retained for further 3 months in the secured AWS (Amazon Web Services) backup system which gets permanently deleted thereafter.
2. In case the User initiates request for the deletion of the active license, we delete all the data held within two weeks of obtaining the request until and unless to the extent required by any applicable law to retain some or all of the data for further period. Further, We retain this data for 3 months in the secured and encrypted backup system which gets permanently deleted thereafter. Active license herein includes both the trial and paid licenses.

However, data relating to our commercial arrangement (billing information) will be held as long as necessary for us to fulfil our statutory record-keeping obligations.

Other data:

We store other data for as long as needed to fulfil its purpose.  We have a default retention period defined and take what we consider are reasonable measures to remove the data once this has expired.

In some circumstances, we may retain personal data for other periods of time, for instance where we are required to do so in accordance with legal, tax and accounting requirements, or if required to do so by a legal process, legal authority, or other governmental entity having authority to make the request, for so long as required.

In specific circumstances, we may also retain Your personal data for longer periods of time corresponding to a statute of limitation, so that we have an accurate record of Your dealings with us in the event of any complaints or challenges. However, the actual retention periods may vary significantly in context of different products and their underlying purpose.

When we have no on-going legitimate business need to process Your personal data, we will either securely destroy, erase or delete it, or if this is not possible (because Your personal data has been stored in backup archives), then we will securely store Your personal data and isolate it from any further processing until deletion is possible.

However, we continue to evolve our controls, schedules and practices for information and records retention and destruction which apply to Your personal information.

We also use “Intercom”, a live chat platform that connects Users with our customer support team and during this process we collect some personal information such as name, email address and contact number with the express consent of the Users in order to start the conversation. The messages and data exchanged are stored within the Intercom application and Freshdesk. For more information on the privacy practices of Intercom and Freshdesk, please visit https://www.intercom.com/terms-and-policies#privacy and https://www.freshworks.com/privacy/1-jan-2020/ respectively.

We are not making use of these messages or data other than to follow up on Users registered issues or inquiries. Your personal data will be processed and transmitted in accordance with the General Data Protection Regulation (GDPR) and You can also request us to delete the stored data as provided in this Privacy Notice.

Your Rights:

For Customers in the European Union, Your rights under the GDPR are outlined below.  For Customers outside the European Union, You may have some or all of the following rights available to You in respect of Your personal data, depending on the reason for processing this data:

Right to be informed- You have the right to obtain a copy of Your personal data together with information about how and on what basis that personal data is processed.

Right of access: You have the right to access Your personal data and supplementary information provided.

Right of Rectification: You have the right to rectify inaccurate personal data (including the right to have incomplete personal data completed).

Right to Erasure: You have the right to erase Your personal data (in limited circumstances, such as where it is no longer necessary in relation to the purposes for which it was collected or processed).

Right to restrict processing: You have the right to request to cease the processing of your personal data and we have to consider whether we still have a legitimate interest to process it.

Right to data portability: You have the right to port Your data in machine-readable format to a third party (or to You) when we justify our processing on the basis of Your consent or the performance of a contract with You;

Right to Object:  You have the right to object, on grounds relating to Your particular situation, at any time to any processing of Your personal data for which we have justified on the basis of a legitimate interest, including profiling (as opposed to Your consent) or to perform a contract with You. You also have the right to object at any time to any processing of Your personal data for direct marketing purposes, including profiling for marketing purposes.

Right to lodge a complaint to Your local Data Protection Authority: You may have the right to lodge a complaint with Your National Data Protection Authority or Equal Regulatory Body.

In some cases, We may demonstrate that We have compelling legitimate grounds to process Your information which override Your rights and freedom.

Automated decision making:

We do not employ solely automated decision making, as a matter of course, that results in automated decisions being taken (including profiling) that legally affect You or similarly significantly affect You. Automated decisions mean that a decision concerning You is made automatically on the basis of a computer determination (using software algorithms), without our human review. If You are to be subjected to automated decision making, We will make it clear at that time and You have the right to contest the decision, to express Your point of view, and to require a human review of the decision.

Policy towards minors or children:

We do not knowingly collect or solicit personal information from anyone under the age of 18 or knowingly allow such persons to register for the Services. It has also been provided in our Terms and Conditions for using our website.

Contact Details:

We recognize that You may have questions on how we process Your data, or You may want to change either the data we hold or how we communicate with You in the future.

If You have given consent for processing, You are free to withdraw the consent. In this case You may write us at dpo@42gears.com.

You may unsubscribe from receiving marketing or commercial communications about 42Gears or 42Gears products and services by clicking the unsubscribe link at the end of the marketing or commercial communication from 42Gears or by writing us at dpo@42gears.com apprising us what particular types of marketing or commercial communications You no longer wish to receive. 

You can request deletion of Your personal information at any time and we will consider Your request in accordance with applicable laws.  Please contact us at dpo@42gears.com.

If You have any questions in respect to this Privacy Notice, or would like to exercise Your right please write to us at dpo@42gears.com

Time limit to respond

We try to respond to all legitimate requests within one month. Occasionally it takes us longer than a month if Your request is particularly complex or You have made several requests. In this case, We will notify You and keep You updated.

If You are a European Customer and You are unhappy towards Your response to a query or You have a further complaint, the Information Commissioner’s Office can be contacted at https://ico.org.uk.

Our ongoing Efforts to be transparent

We continue to make available necessary information to help our Users better understand 42Gears processing of personal information and how to exercise choices regarding the use of Your personal information through various channels including this Privacy Notice and any other relevant information that may be made available timely on our website or on Your devices.

Further Information:

This Privacy Notice applies to all the products/services offered by us. Each of our third-party service providers have their own privacy policies/notice. You acknowledge that Your visit to any third-party service provider website will solely be at Your own discretion and risk. We do not claim knowledge of or ownership of any content in any third-party websites nor do we endorse any third-party website.

Updates to this Notice:

This Privacy Notice may be updated from time to time to bring in new security measures (if required) or to comply with applicable laws . You should review  this page periodically to ensure that You accept and are compliant with the amended Privacy Notice. Your continued use of this website will constitute Your agreement to this Privacy Notice and any amendments thereto.

If  You have any questions or concerns about this Privacy Notice, please feel free to email us at legal@42gears.com.