Privacy policy

LEGASIS GROUP - DATA PRIVACY POLICY

About Legasis Group:

Legasis Private Limited (“LPL”) is a company incorporated under the provisions of the Companies Act, 1956 of India, having its registered office situated at 12A/09, 13th Floor, Parinee Cresenzo, G-Block, BKC, Bandra East, Mumbai - 400051, India, and its Delivery Centre located at B-105, International Convention Centre, Senapati Bapat Road, Pune 411016, India. Legasis Partners Advocates and Solicitors (“LP”), Legasis Consulting Services Private Limited (“LCSPL”) and Ethics Research and Consulting Private Limited (“Ethics India”), are the group entities with the same addresses as those of LPL. Comply Global Pte Ltd (“CGPTE”), a wholly owned subsidiary of LSPL, is a company incorporated in Singapore with its registered office at 583, Orchard Road, #06-01, FORUM, Singapore 238884 and Comply Global Cloud Solutions Private Limited (“CGIndia”) is a subsidiary of LSPL incorporated in India having its registered office at # 102, Eden Park 20, Vittal Mallya Road, Bangalore 560001, India. LSPL, LP, LCSPL, Ethics India, CGPTE and CGIndia will be hereinafter collectively referred to as “Legasis Group.”

1.Introduction:

This Document sets out Legasis Group’s Data Privacy Policy, that makes clear that personal data protection and data security is respected and compliant with Indian Digital Personal Data Protection Act, 2023 (hereinafter referred to as “Indian DPDP Act”.

The intention of the Indian DPDP Act is to protect the personal data of EU citizens wherever it is held; there are strict requirements governing where personal data can be transferred to and the measures that must be in place for such as transfer to be legal. The penalties for contravening the Indian DPDP Act are significant and care must be taken by Legasis Group employees to ensure that they remain within the law at all times.

1. Interpretation and Definitions

Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Privacy Policy:

a. “Account” means a unique account created for you to access our service or parts of our Serviceservice.
b. “Company” (referred to as either "the Company", "We", "Us" or "Our" in this Agreement) refers to Legasis Group.
c. “Cookies” are small files that are placed on Your computer, mobile device, or any other device by a website, containing the details of Your browsing history on that website among its many uses.
d. Country refers to: India.
e. “Device” means any device that can access the Service, such as a computer, a mobile phone or a digital tablet or a smartphone.
f. “Personal Data” is any information that relates to an identified or identifiable individual.
g. “Service” refers to the Website and the Solutions provided by Us.
h. “Usage Data” refers to data collected automatically, either generated using the Service or from the Service infrastructure itself (for example, the duration of a page visit).
i. “Website” refers to Comply global, accessible from www.complyglobal.com
j. “You” mean the individual accessing or using the Service, or the company, or other legal entity on behalf of which such individual is accessing or using the Service, as applicable.

2. Collection of Personal Data:

a. Which Personal Data do we collect?
Type of data that Legasis Group collects for specified purposes are:

i. Your name.
i. Your work/personal email id.
i. Your phone number which may include your work landline number and/or mobile number.
i. The name and address of your employer organisation.
ii. Your Photograph, if needed
iii. Account login credentials, such as usernames and passwords, password hints and similar security information
iv. Comments, feedback, and other information you provide to us, including search query data and questions or information you send to customer support; and/or interests and communication preferences, including preferred language.
v. Usage Data

Usage Data is collected automatically when using the Service or Solutions.

Usage Data may include information such as Your Device's Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our Service that You visit, the time and date of Your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

When You access the Service by or through a mobile device, We may collect certain information automatically, including, but not limited to, the type of mobile device You use, Your mobile device unique ID, the IP address of Your mobile device, Your mobile operating system, the type of mobile Internet browser You use, unique device identifiers and other diagnostic data.

We may also collect information that Your browser sends whenever You visit our Service or when You access the Service by or through a mobile device.

Legasis Group collects, records, stores, organises, structures and upon requested so by the data principle alters, restricts, erases, or destructs the personal data.

a. Purpose of collection of personal data:

The personal data referred to in sub-clause 3(a) is collected and used by Legasis Group for any or all the following purposes:

i. Approaching you while marketing the variety of legal services offered by Legasis Group.

i. Creating your role-based user access in the IT enabled legal solutions that have been agreed to be implemented for your employer organisation in accordance with the principal contract signed between Legasis Group and your employer organisation.

ii. To manage Your registration as a user of the Service. The Personal Data You you provide can give You access to different functionalities of the Service that are available to You as a registered user.

i. Rendering effective legal services to you as may be agreed under the principal agreement signed between Legasis Group and yourself and/or your employer organisation for the purpose of such services.

i. Sending you the periodic knowledge-based issues such as newsletters, knowledge- posts or magazines issued by Legasis Group.

i. Inviting you to the professional events conducted by Legasis Group from time to time, for example, compliance 10/10 hosted by Legasis Group every year.

i. Processing your job application in Legasis Group for any suitable position

i. Engaging your employer organisation for the professional services outsourced on behalf of our clients as per the principal agreement signed between Legasis and your employment organisation.

ii. To contact You by email, telephone calls, SMS, or other equivalent forms of electronic communication, such as a mobile application's push notifications regarding updates or informative communications related to the functionalities, products, or contracted services, including the security updates, when necessary or reasonable for their implementation.

iii. To provide You with news, exclusive offers and general information about other IT based solutions, services, and events which we offer that are similar to those that you have already subscribed or enquired about unless You have opted not to receive such information.

iv. For other purposes: We may use Your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Service, products, services, marketing, and your experience.

Legasis Group does not use the personal data for any other purposes than mentioned in sub-clauses (i) to (xi) above. Legasis Group does not sell, rent, or provide any information to any third-party entities.

We may share Your personal information in the following situations:

i. With Service Providers: We may share Your personal information with Service Providers to monitor and analyse the use of our Service, to contact You.
ii. For business transfers: We may share or transfer Your personal information in connection with, or during negotiations of, any merger, sale of Company assets, financing, or acquisition of all or a portion of Our business to another company.
iii. With business partners: We may share Your information with Our business partners to offer You certain products, services, or promotions.
iv. With Regulators and Law Enforcement Agencies: We may have to share Your information to fulfil the regulatory requirements and to comply with legal obligations.

a. Sources of collection of personal data:

Personal data referred to in sub-clause (a) may be collected by Legasis Group from one or more of the following sources for the purposes mentioned in sub-clause (b).

i. Yourself directly, or
i. Your employer organisation, or
i. Any common professional networking platforms for example, LinkedIn or the website of your organisation, or
i. Any publicly accessible government owned databases, for example, Ministry of Corporate Affairs.

1. Retention of personal data:

The personal data collected as and in the manner of clause (3) will be stored and retained by Legasis Group in accordance with the applicable laws and regulations, more specifically for the period as mentioned below for each purpose:

a. For not more than 5 years, unless otherwise intimated to Legasis Group in writing, for the purpose described in clause 3(b)(i).
b. For such period as long as the principal agreement referred to in clause 3(b)(ii) or any renewal thereof is enforceable, unless removal of such role-based user access is intimated to Legasis Group, for the purpose described in clause 3(b)(ii).
c. For such period as long as the principal agreement referred to in clause 3(b)(iii) or any renewal thereof is enforceable for the purpose described in clause 3(b)(iii).
d. Until any intimation of un-subscription is received by Legasis Group either by you or your employer organisation for the purpose described in clause 3(b)(iv).
e. Until any intimation of un-subscription is received by Legasis Group either by you or your employer organisation for the purpose described in clause 3(b)(v).
f. In case of making, you a successful job offer, for the period as may be agreed in your employment contract and in case of rejecting your job application, for the period of not more than 2 years for the purpose described in clause 3(b)(vii).
g. For such period if the principal agreement referred to in clause 3(b)(vii) or any renewal thereof is enforceable for the purpose described in clause 3(b)(vii).

Company will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods.

1. Transfer of Your Personal Data

Your information, including Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, country, or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction.

Your consent to this Privacy Policy followed by Your submission of such information represents Your agreement to that transfer.

The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information.

2. Rights with respect to Your Personal Data:

By virtue of being a data subject under INDIAN DPDP ACT or Data principal under the Digital Personal Data Protection, Act 2023, you have the following rights with respect to the personal data collected by Legasis Group:

a. You have the right to request Legasis Group to erase your personal data from our records for opting out of any of the purposes mentioned in the clause 3(b). You may exercise your right by writing to us at dpr-consent@legasis.in directly. Legasis Group will process your request within one (1) month of receiving such request from you unless Legasis Group requires to process the personal data to comply with compelling legal obligation.

b. You have the right to request Legasis Group to update, rectify, edit, complete your personal data in our records by writing to us at dpr-support@legasis.in. Legasis Group will process your request within ten (10) working days of receiving such request from you.

c. You have the right to request Legasis Group to provide access to and/or obtain details of your personal data in our records by writing to us at dpr-support@legasis.in. Legasis Group will process your request within seven (07) working days of receiving such request from you. You have the right to receive your personal data in a structured, commonly used, and machine-readable format in case the processing is conducted by Legasis Group by automated means. Such access will be provided to you free of charge unless such requests are manifestly unfounded or excessive, in particular because of their repetitive character.

d. You have the right to request Legasis Group to restrict further processing of your personal data in our records for any of the reasons as stated below:

I. Accuracy of personal data is contested by you.
II. Lawfulness of processing of personal data is contested and erasure is opposed by you.
III. The processing of personal data is no longer required by the Legasis Group but is required by you for the establishment, exercise, or defence of legal claims.
IV. Processing has been objected by you pending the verification of legitimate grounds of Legasis Group.

You may exercise this right by writing to us at dpr-consent@legasis.in directly or using a Consent Form on our website. Legasis Group will process your request within one (1) month of receiving such request from you unless Legasis Group requires your personal data for the establishment, exercise, or defence of legal claims or for the protection of the rights of another natural or legal in such cases, Legasis Group will keep you informed.

e. With respect to data portability, you have the right to request Legasis Group to transmit your personal data to any other data fiduciary or processor or controller, as the case may be, in cases where the processing is conducted by automated means by Legasis Group. You may exercise this right by writing to us at dpr-support@legasis.in. Legasis Group will process your request within fifteen days of receiving such request from you, where technically feasible, unless processing is necessary in the public interest, or it adversely affects the rights and freedoms of others.

f. You have the right to register a complaint with the Data Protection Board of India for breach of your privacy or for non-compliance of security measures for the Company.

1. Security of Your Personal Data

The security of Your Personal Data is important to Us but remember that no method of transmission over the Internet, or method of electronic storage is 100% secure. While We strive to use commercially acceptable means to protect Your Personal Data, we cannot guarantee its absolute security.

2. Legal Basis for processing:

In keeping with the provisions of Article 6 of the INDIAN DPDP ACT and the provisions of Digital Personal Data Protection Act, 2023 it will be lawful for Legasis Group to process your personal data after obtaining your consent for data collection as mentioned in clause 3 of this Policy and/or as per the principal agreements referred to in clause 3(b) to fulfil our obligations under such agreements.

1. Children's Privacy-

Our Service does not address anyone under the age of 18. We do not knowingly collect personally identifiable information from anyone under the age of 18.

2. Review and Amendment of the Policy:

Legasis Group reserves the right of reviewing and amending the Policy in keeping with the expansion of its business and changes in the business processes. In such cases, the amended policy will be updated on our website and will be emailed to you provided your email address is in our records.

You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

Contact us:

In case of any queries or concerns with respect to the Policy, you may write to us at dpr-support@legasis.in .