Last Updated: 10-08-2021
Welcome to Shaastra, published by Indian Institute of Technology Madras (hereinafter referred to as "Platform"), a website owned and operated by Indian Institute of Technology Madras, a statutory body constituted by Institutes of Technology Act 1961 having its office at Sardar Patel Road, IIT P.O., Chennai - 600 036, Tamil Nadu, India (hereinafter referred to as "IITM", "We", "Us" or "Our").
This Policy is published and shall be construed to be in accordance with the provisions of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data of Information) Rules, 2011 under the Information Technology Act, 2000 and other applicable laws that require publishing of the privacy notice for collection, usage, storage, disclosure and transfer of sensitive personal data or information.
1. INFORMATION COLLECTED BY US
When You create an Account with Us, access Our Platform and/or use the Services provided by Us, We shall collect certain information from You, the details of which are provided hereinafter. The categories and sources of the Information collected by Us are as follows:
- Personal Information
Any Information that relates to You as a natural person, which, either directly or indirectly, in combination with other information available or likely to be available to a body corporate, is capable of identifying You and any further information, including, without limitation, provided by You to Us such as Your name, nationality, state/city of residence, residential address, e-mail address, date of birth, age, gender, contact number/mobile number, social media login credentials, username, passwords and such other information as defined under Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data of Information) Rules, 2011.
- Usage Information:
Any information that is not Personal Information, but information collected in relation to Your use of the Platform or information required for the proper functioning and development of Platform, including, without limitation: (i) time, date and extent of Your usage of the Platform; (ii) Your usage and search history within the Platform, (iii) device keyboard settings; (iv) time zone, language, screen resolution, and other usage preferences You select when using the Platform; (v) the URL or advertisement that may have directed You to the Platform; (vi) other device and Platform access information viz Your IP address, operating system, browser type, referring/exit pages, and other unique device identifiers, as well as Your push notification token.
- Behavioral Information:
We shall collect information which is connected with Your activity on the Platform across all Your devices using Your email or social media log-in details, as well as Services that You search, and opt-ins and communication preferences.
- Location Data:
Information about Your location when accessing and/or using the Platform if You chose to opt-in. With Your permission, We may collect Global Positioning System (GPS) data and mobile device location information. If You do not wish to share Your precise location with Us, You can switch off location services via the settings on Your mobile device.
- Transaction and Payment Information:
We collect information such as billing address, credit/debit card number, its expiration date or any other payment instrument details and transaction details or any other third-party payment information of the Users while subscribing to Our fee-based Services.
- Device Information:
We collect information about computers, phones, and other connected devices with a web connection and the presence of Our Platform and Services and integrate this information with the various devices You use. This information includes: device features such as information about operating system, hardware and software versions, battery status, signal availability, available storage space, browser type, app or file names and types, and plug-ins, device activities such as information about the activity and behavior of the device, for example in the background or in front of a window or with mouse movements (which help to distinguish humans from bots), unique identifiers, device ID, games, apps, or accounts You use, Bluetooth signals and information about nearby WiFi access points, beacons and cell towers, Information that We are permitted to collect by turning on access in device configuration, as well as providing access to GPS location, information such as Your mobile operator's name or ISP, language, time zone, mobile phone number, IP address, connection speed, and other devices near Your device or on the network so that We can help You with the streaming of the Services on Your device.
- Third party Information
Information about You that We may receive from third parties services, such as advertising partners, payment gateway providers, data providers, and analytics providers.
- We may collect Your third-party social media networks information including Your contact lists for these services and information relating to your use of the Platform in relation to these services, if You choose to link or sign up using a third-party social network or login service (such as Facebook, Twitter, Instagram, or Google). If you link your Account in our Platform to another service, We may receive information about Your use of that service.
2. USAGE OF YOUR INFORMATION
- We generally use the information We collect:
- to fulfill requests for services, Platform functionality, support and information for internal operations, including troubleshooting, data analysis, testing, research, statistical, and survey purposes;
- to communicate with You, including to notify You about changes in Our services;
- quality assurance purposes
- to improve and develop Our Platform and conduct service development;
- to customize the Service You see when You use the Platform ;to enforce Our terms, conditions, and policies;
- to prove Your identity in order to use certain features,
- to combine all the information We collect or receive about You for any of the foregoing purposes;
- to maintain security and help Us detect abuse, fraud, and illegal activity on the Platform;
- to understand how You use the Platform, including across Your devices;
- to make suggestions and provide a customized ad experience;
- to send promotional materials from Us or on behalf of Our affiliates and trusted third parties;
- to measure and understand the effectiveness of the advertising We serve to You and others and to deliver advertising;
- consistent with Your permissions, to provide You with location-based services, such as advertising and other personalized content;
- for any other purposes disclosed to You at the time We collect Your information or pursuant to Your consent.
- We shall not sell or rent Your Personal Information to anyone, for any reason, at any time. We assure that We will always seek Your consent to process certain types of information where it is legally required to do so.
3. SHARING YOUR INFORMATION
We want You to understand when and with whom We may share the information We collect for business purposes. Your information is shared with others in the following ways:
- Legal Reasons:
We may disclose any of the information We collect to respond to summons, court orders, legal process, law enforcement requests, legal claims, or government inquiries, and to protect and defend the rights, interests, safety, and security of Us, the Platform, Users, or the public. We may also share any of the information We collect to enforce any terms applicable to the Platform, to exercise or defend any legal claims, and comply with any applicable law.
- Service Providers, Business Partners:
We share the categories of Personal information listed above with service providers to help Us perform business operations and for business purposes, including research, payment processing and transaction fulfillment, database maintenance, administering contests and special offers, technology services, deliveries, sending communications, advertising, analytics, measurement, data storage and hosting, disaster recovery, search engine optimization, marketing, and data processing. These service providers may include:
- advertising, marketing, and analytics vendors, who may receive the information You choose to provide, the information We obtain from other sources, and the information We collect automatically but would not receive Your payment information or message data.
- Payment processors and transaction fulfillment providers, who may receive the information You choose to provide, the information We obtain from other sources, and the information We collect automatically but who do not receive Your message data.
- Cloud providers, who may receive the information You choose to provide, the information We obtain from other sources, and the information We collect automatically.
- Research providers, who may receive the information You choose to provide, the information We obtain from other sources, and the information We collect automatically but would not receive Your payment information or message data.
- Customer and technical support providers, who may receive the information You choose to provide, the information We obtain from other sources, and the information We collect automatically.
- Third Parties:
We may share aggregated usage information and may otherwise disclose non-Personal Information that We collect to third parties. However, absent Your prior consent, We will share Your Personal Information with third parties only in the ways that are described in this Policy, including but not limited to, We may use third parties to outsource one or more aspects of Our business and/or Platform operations (such as email or customer service functions, data processing, web analytics, maintenance, online advertising, and security execution and clearing services), in which case, We may provide Your Personal Information to such third parties in connection with the performance of such activities. Such third parties will only use Your Personal Information to the extent necessary to perform their functions and will be contractually bound to process Your Personal Information only on Our behalf and in compliance with Our requests.
4. YOUR RIGHTS
- In certain circumstances, You have the right to access the Personal Information that We hold about You and to correct, update, or request deletion Your Personal Information. Prior to the fulfilment of Your request concerning Your Personal Information, We will ask You to verify Your identity before We can act upon Your request. You have the following rights:
- The right to request proper rectification, removal or restriction of Your Personal Information;
- The right to require free of charge (1) confirmation of whether We process Your Personal Information and (2) access to a copy of the Personal Information retained;
- The right to take legal actions in relation to any breach of Your rights regarding the processing of the Personal Information, as well as to lodge complaints before the competent data protection regulators.
- The right not to be subject to any automatic individual decisions which produces legal effects on You or similarly significantly affects You;
- Where the processing of Your Personal Information is based on Your consent, the right to withdraw Your consent at any time without impact to data processing activities that have taken place before such withdrawal or to any other existing legal justification of the processing activity in question;
- Where processing of Your Personal Information is either based on Your consent or necessary for the performance of a contract with You and processing is carried out by automated means, the right to receive the Personal Information concerning You in a structured, commonly used and machine-readable format or to have Your Personal Information transmitted directly to another company, where technically feasible (data portability);
- As far as We process Your Personal Information on the basis of Our legitimate interests, You can object to processing at any time. You can find a detailed description of Our processing activities and the legal basis in the sections above. If You object to such processing, We ask You to state the grounds of Your objection in order for Us to examine the processing of Your Personal Information and decide whether to adjust the processing accordingly.
- We follow generally accepted standards to protect the Personal Information submitted to Us, both during transmission and once We receive it. Since no method of transmission over the Internet, or method of electronic storage, is 100% secure, therefore, We cannot guarantee its absolute security. If You have any questions about security on Our Website, You can contact Us at firstname.lastname@example.org.
- We use a combination of firewalls, encryption techniques and authentication procedures, among others, to maintain the security of Your online session and to protect Our online accounts and systems from unauthorized access.
- When You register for the service, We require a password from You for Your privacy. We transmit information such as Your login credentials for Platform or account credentials securely.
- Our servers are in secure facilities where access requires multiple levels of authentication, including an identity card and biometrics recognition procedures. Security personnel monitor the facilities 7 days a week, 24 hours a day.
- Our databases are protected from general employee access both physically and logically.
- We enforce physical access controls to Our buildings. No employee can put Personal Information on any insecure machine (i.e., nothing can be taken from the database and put on an insecure laptop). We permit only authorized employees who are trained in the proper handling of customer information, to have access to aforesaid Personal Information.
6. STORAGE AND TRANSFER OF INFORMATION
- We will endeavor to take reasonable measures to keep up an adequate level of data protection also when sharing Your Personal Information with such countries.
- We make no representation or warranty with respect to any duty to permanently store any information You may provide or that We otherwise collect about You except as required by the laws in India.
- We strive to keep Our processing activities with respect to Your Personal Information as limited as possible. In the absence of specific retention periods set out in this Policy, Your Personal Information will be retained only for as long as We need it to fulfil the purpose for which We have collected it and, if applicable, as long as required by statutory retention requirements. Typically, this means We retain Your Personal Information for as long as Your Account is active and for up to 180 days following deletion of Your Account. Please note that statutory storage obligations or the need for legal actions that may arise from misconduct within the Platform can lead to a longer retention of Your Personal Information. By using the Platform and providing Us with information (including Personal Information), You waive any claims that may arise under Your own or any other local or national laws, rules or regulations or international treaties. We may from time-to-time transfer or merge Your information collected off-line to Our online databases or store off-line information in an electronic format. This Policy applies to Your information for as long as Your information is in Our possession, even if You terminate or discontinue Your use of the Platform.
- In the event that We undergo re-organization, are sold to, or merged with a third party, or sell all or substantially all of Our assets, any Personal Information We hold about You may be transferred to that re-organized entity or third party in compliance with applicable law.
- In the unlikely event of Our bankruptcy, insolvency, reorganization, receivership, or assignment for the benefit of creditors, or the application of laws or equitable principles affecting creditors’ rights generally, We may not be able to control how Your Personal Information is treated, transferred, or used.
7. LINK TO THIRD PARTY WEBSITES
8. INTIMATION BY YOU REGARDING CHANGE IN PERSONAL INFORMATION
If Your Personal Information provided to Us when You had registered/subscribed yourself in Our Platform changes, You must update it as soon as possible. To review and update Your Personal Information through the "Edit" option in Our Platform.
Note: We will retain Your information for as long as Your Account is active or as needed to provide You Services. If You wish to cancel Your Account or request that We no longer use Your information to provide You Services, You can delete the Account through the "Delete" option in our Platform. However, We will retain and Use Your information as necessary to comply with Our legal obligations, resolve disputes, and to enforce Our agreements.
9. EMAIL NOTIFICATIONS AND OPT-OUT
10. CONFIDENTIALITY OF YOUR LOGIN ID AND PASSWORD
11. CHANGES TO POLICY
We may update this Policy from time to time. When We update the Policy, We will notify You by updating the "Last Updated" date at the top of this Policy and posting the new Policy and providing any other notice required by applicable law. We recommend that You review the Policy each time You visit the Platform to stay informed of Our privacy practices.
12. CONTACT US