Collums Solutions Ltd (“Collums”) is committed to protecting your privacy. Throughout this notice, the terms “we”, “us”, “our” or “ours” refer to Collums. And the terms “you”, “your” or “yours” refer to YOU (as the Data Subject). Subscriber refers to any customer or business that uses or subscribes to any Collums software or services, including but not limited to Subscriber’s employees, advisors, contractors, agents, consultants, or others acting on behalf of the Subscriber. Client refers to our Subscriber’s customer.
This privacy notice (“Privacy Policy”) describes how Collums collects, stores, uses, shares, and otherwise processes information relating to individuals (“Personal Data”). It also describes the rights and choices available to you regarding your Personal Data.

This Privacy Policy applies to the processing of Personal Data collected by us when you (i) visit our websites that display or link to this Privacy Policy; (ii) Receive communications from us, including emails, phone calls or texts; (iii) Use our products and services, including the Collums platform, as an authorised user where we act as a “controller” of your Personal Data as that term is defined under the General Data Protection Regulation 2016/679 (“GDPR”). For the purposes of the GDPR and other applicable data protection legislations, the data controller for Personal Data we collect under this Privacy Policy is Collums.

This Privacy Policy only applies to Collums’ processing of your Personal Data by us or on our behalf. This Privacy Policy does not apply to:
• Personal Data collected by third parties during your communications/dealings with those third parties or your use of their products or services (for example, where you follow links to third party websites over which we have no control).
• Personal Data processed, stored, or hosted by us when we act as a data processor on behalf of our Subscribers in the course of providing our services, in which case the privacy notice of the relevant Subscriber(s) will apply, and our data processing agreement with such Subscribers will govern our processing of your Personal Data.

What personal data do we collect and process?
The Personal Data we collect directly from you includes identifiers, contact information, professional or employment-related information, commercial information, and internet activity information. We collect such information in the following situations:
• If you use our “Contact Us” option on the website; request a demo; sign up for an event, webinar or contest; sign up for a referral program; download certain content such as eBook, case study; enter information in the landing pages used by Marketing teams, we may require that you provide to us your contact information, such as your first name, last name , full name, email, phone, location, country, business name and shipping address.
• If you interact with our websites or emails, we automatically collect information about your device and your usage of our websites or emails (such as Internet Protocol (IP) addresses or other identifiers, which may qualify as Personal Data using cookies, web beacons, or similar technologies.
• If you use and interact with our services, we automatically collect information about your device and your usage of our services through log files and other technologies, some of which may qualify as Personal Data.
• If you communicate with us via a phone call from us, we may record that call.
• If you voluntarily submit certain information to our services, such as filling out a survey about your user experience, we collect the information you have provided as part of that request.
If you provide us with any Personal Data relating to other individuals, you represent that you have the authority to do so, and where required, have obtained the necessary consent, and acknowledge that it may be used in accordance with this Privacy Policy. If you believe that your Personal Data has been provided to us improperly or want to exercise your rights relating to your Personal Data, please contact us via the contact form on our website collums.co.
We also collect information about you from other sources including third parties and from publicly available information. We may combine this information with Personal Data provided by you. This helps us update, expand, and analyse our records and create more tailored advertising to provide services that may be of interest to you.

Subscriber data
Some of our services include processing of data, including the Personal Data of Clients, on behalf of our Subscribers in relation to applications, tools, or software that we provide. The Personal Data we collect and process on behalf of our Subscribers may include the following:
• Demographic & Identity Data: We may collect personal data of the Client (our Subscriber’s Client or customer) such as first name, last name, email, address, contact number, gender, date of birth, photograph, signature, gift card recipient name, gift card recipient address. Additionally, location & device id, are also collected when using mobile apps.
• Financial Data: Data collected from the Client may include name on the card, last 4 digits of the card number, card expiry date, card scheme, card token no. CVV information is also collected but not stored at our end but shared with the payment processor.
• Health and Fitness Data: Data collected from the Client may include patient medical history, skin related details, weight, allergies, medical test reports, photographs of health condition, signatures of patient, signatures of doctor, and any other custom information that may be necessary to be collected for the patient’s treatment.
• Employee Information: We may collect personal data of the Employee (our Subscriber’s employees, advisors, contractors, agents, consultants, or others acting on behalf of the Subscriber) such as first name, last name, email, address, contact number, gender, date of birth, photograph, signature. Additionally, location, device id and IP addresses, are also collected when using mobile apps.
Save for the limited circumstances set out in this Privacy Policy, we are not the data controller of this information as we do not determine the purposes or the means of the processing.

What is the basis of collecting and processing your Personal Data?
We collect and process your Personal Data by relying on one or more of the following bases:
• The processing is necessary for the purpose of performance of the contract we have with you OR our Subscribers on whose behalf we are serving you.
• You have explicitly agreed to/consented to us processing your Personal Data for a specific purpose.
• The processing is necessary for purposes of informing, promoting, and selling our services to you.
• The processing is necessary for Purposes of Employment that you may seek with us.
• The processing is necessary for the purpose of protecting the Collums data from threats, violations, and breaches if any.

How do we use your personal data?
We use your Personal Data for the following purposes:
• To verify your identity
• To deliver our products and services to you and on behalf of our Subscribers
• To communicate with you regarding existing products and services availed by you, including notifications of any alerts or updates
• To evaluate, develop and improve our products and services
• For market analysis, and product analysis and market research
• To send you information about our other products or services which may be of interest to you
• To handle enquiries and complaints
• To comply with legal and/or regulatory requirements
• To investigate, prevent, and/or take action regarding illegal activities, suspected fraud and situations involving potential threats to the safety of any person
• Collums has a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce applicable provisions of the Terms of Use Agreement, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against imminent harm to the rights, property or safety of Collums, its users or the public as required or permitted by law.
If we need to collect and process Personal Data by law, or under a contract we have entered into with you, and you fail to provide the required Personal Data when requested, we may not be able to perform our contract with you.

Who do we share your personal data with?
We DO NOT SELL your personal data.
We share your information only in the ways that are described in this Privacy Policy, and only with parties who adopt appropriate confidentiality and security measures. We may share your Personal Data with the following for the purposes and pursuant to the legal bases described above:
• Sub-processors: We may use third parties in the provision of our products and services to you. We may share your Personal Data with such third parties. Vendors of such third parties / sub-processors may also have access to your information. Contact us through our website Collums.co if you wish to have a list of these.
• Third Parties Involved in a Corporate Transaction: If Collums becomes involved in a merger, acquisition, or any form of sale of some or all its assets, then, in accordance with applicable laws, Collums will use reasonable efforts to notify you of any transfer of Personal Data to an unaffiliated third party.
• Subscribers with whom you are affiliated: If you use our services as an authorised user, we may share your Personal Data with your affiliated Subscriber responsible for your access to the services to the extent this is necessary for verifying accounts and activity, investigating suspicious activity, or enforcing our terms and policies.
• Collums may share with third-parties certain pieces of aggregated, non-personal data, such as but not limited to the number of users who clicked on an advertisement on the Site, the number of users that clicked on any page within the Site or aggregated business performance data across a geographical region.
• We may also share your personal data with Law enforcement authorities, government authorities, courts, dispute resolution bodies, regulators, auditors, and any party appointed or requested by applicable regulators to carry out investigations or audits of our activities.

Cross-border data transfer
All Personal Data we hold about you may be transferred, processed, and stored anywhere in the world, including but not limited to, the United States, India, or other countries, which may have data protection laws that are different from the laws where you live. Our endeavour is to safeguard your personal data consistent with the requirements of applicable laws. Therefore, your Personal Data may be processed outside your jurisdiction, and in countries that are not subject to an adequacy decision by the European Commission or your local legislature or regulator, and that may not provide for the same level of data protection as your jurisdiction, such as the European Economic Area. We ensure that the recipient of your Personal Data offers an adequate level of protection and security, for instance by entering into the appropriate back-to-back agreements and, if required, standard contractual clauses or an alternative mechanism for the transfer of data as approved by the European Commission or other applicable regulator. Where required by applicable law, we will only share, transfer, or store your Personal Data outside of your jurisdiction with your prior consent.

Use of cookies and other tracking mechanisms
We may use cookies, web beacons, pixels, and other tracking mechanisms on our website and other digital properties to collect data about you. When you visit our websites, we, or an authorised third party, may place a cookie on your device that collects information, including Personal Data, about your online activities over time and across different sites. Cookies allow us to track use, infer-browsing preferences, and improve and customize your browsing experience.
We also use web beacons and pixels on our websites and in emails. For example, we may place a pixel in marketing emails that notify us when you click on a link in the email. We use these technologies to operate and improve our websites and marketing emails.
Do Not Track (“DNT”) is a privacy preference that users can set in certain web browsers. Please note that we do not respond to or honour DNT signals or similar mechanisms transmitted by web browsers.

Your privacy rights
You have the following Privacy Rights, and we commit to provide you with the same:
• Right of access: You have the right to get access to your Personal Data that is with us along with other supporting information.
• Right to rectification: You have the right to ask us to rectify your Personal Data that is with us that you think is inaccurate. You also have the right to ask us to complete your Personal Data that you think is incomplete.
• Right to erasure: You have the right to ask us to erase your Personal Data that is with us under certain circumstances.
• Right to restriction of processing: You have the right to ask us to restrict the processing of your Personal Data under certain circumstances.
• Right to data portability: You have the right to ask that we transfer the Personal Data you gave us to another organisation, or to you, under certain circumstances.
• Right to object: You have the right to object to the processing of your Personal Data under certain circumstances.
• Right to not be subjected to automated individual decision-making: you have the right to not to be subjected to automated individual decision-making including profiling. Automated decision-making currently does not take place on our websites or in our services
• Right to lodge a complaint with the supervisory/regulatory authority: you have the right to lodge a complaint with the appropriate supervisory/regulatory authority.
As described above, we may also process Personal Data submitted by or for a Subscriber to our cloud products and services. To this end, if not stated otherwise in this Privacy Policy or in a separate disclosure, we process such Personal Data as a processor on behalf of our Subscriber (and its affiliates) who is the controller of the Personal Data. We are not responsible for and have no control over the privacy and data security practices of our Subscriber, which may differ from those explained in this Privacy Notice. If your Personal Data has been submitted to us by or on behalf of a Subscriber and you wish to exercise any rights you may have under applicable data protection laws, please inquire with them directly. Because we may only access a Subscriber’s data upon their instructions, if you wish to make your request directly to us, please provide us the name of the Subscriber who submitted your Personal Data to us by writing to us at [email protected]. We will refer your request to that Subscriber and will support them as needed in responding to your request within a reasonable timeframe.

Links to other websites
Our website may contain links to websites of other organisations. This privacy notice does not cover how those organisations process your Personal Data. We encourage you to read the privacy policies on the other websites you visit.

Marketing / promotional communications and Opt-out
If we process your Personal Data for the purpose of sending you marketing communications, You may choose to stop receiving these communications by following the unsubscribe instructions included in these emails or by replying back with your unsubscribe request. Please note that opting out of marketing communications does not opt you out of receiving important business communications related to your current relationship with us, such as communications about your subscriptions or event registrations, service announcements or security information.

Retention of personal data
We retain your personal data for as long as it is required for the purposes stated in this Privacy Policy. Sometimes, we may retain your data for longer periods as permitted or required by law, such as if required in connection with a legal claim or proceeding, to enforce our agreements, or to comply with other legal obligations. When we no longer have a legitimate need to process your data, we will delete or anonymise your data from our active databases.

Children
Our websites and online services are not directed at children. We do not knowingly collect Personal Data from children under the age of 16 or such other applicable age of consent for privacy purposes in relevant individual jurisdictions. If you are a parent or guardian and believe your child has provided us with Personal Data, please contact us by using the information in the “Contact Us” section below and we will take steps to delete their Personal Data from our systems.