Privacy Policy
I. OBJECTIVE AND OVERVIEW
Ubifly Technologies Private Limited (“Company” or “we” or “our”) takes obligations related to the collection, use, transfer, and disclosure of personal data capable of identifying a person (including sensitive personal data or information) (“Personal Data“), including our employees, very seriously. We are committed to protecting the privacy of our employees. This Data Protection and Privacy Policy (“Privacy Policy”) incorporates the requirements under the Information Technology Act, 2000, the Digital Personal Data Protection Act, 2023 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 and shall be amended from time to time to be aligned with applicable data privacy laws in India that govern Personal Data.
For the purposes of this Privacy Policy, “Sensitive Personal Data or Information” or “Sensitive Data” means Personal Data, that consists of the (i) password, (ii) financial information (including information such as bank account, debit or credit card details or other payment instrument details), (iii) physical, psychological and mental health condition, (iv) sexual orientation, (v) medical records and history, (vi) biometric information, (vii) any detail relating to the above as provided to the body corporate for providing a service, and (viii) any of the information received under each of the aforesaid heads by the body corporate for processing, or to be stored or processed under a lawful contract.
This Privacy Policy shall apply to all our employees, contractors, vendors, interns, associates and business partners who receive Personal Data from the Company, who have access to Personal Data collected or processed by the Company, or who provide Personal Data to the Company. All employees of the Company are required to comply with this Privacy Policy when they collect and/or handle Personal Data or are involved in the process of maintaining or disposing of Personal Data collected directly by the Company or its agents and contractors.
Our Privacy Policy is subject to change from time to time and we will make all reasonable efforts to inform and update you of any changes. For any further clarifications related to our Privacy Policy, please reach out to our Grievance Officer at grievance@eplane.ai.
II. SCOPE
This Privacy Policy is in place for (i) the coverage of the type of information collected by the Company including Personal Data or information; (ii) the protection and appropriate use of Personal Data at the Company; (iii) governing the purpose, means and modes of usage, collection, disposal and transfer of Personal Data; and (iv) how and to whom such information which has been collected will be disclosed. as specifically provided by this Privacy Policy or as required by applicable laws:
a. Consent Requirements
The Company shall only collect Personal Data after obtaining the consent of the data subject after providing the data subject with information as to how we collect, use, retain, and disclose the Personal Data. Consent shall be obtained from the data subjects in writing or electronically before or at the time of collecting the Personal Data by us.
b. Rights of Data Subject
The Company shall, wherever possible, provide to data subjects, the right to control their Personal Data, which includes the right to access, modify, erase, restrict, transmit, or object to certain uses of their Personal Data. The data subject may at any time withdraw consent to prevent the Company from processing their Personal Data if they wish to do so, provided that withdrawal of consent is sent in writing to the Company. The data subjects shall also have the right to a grievance redressal.
c. Collection of Personal Data
We shall collect Personal Data from data subjects only for lawful purposes specifically identified at the time of collecting Personal Data from the data subject, under an agreement or statement of work, and only to provide products or services requested or for the maintenance of statutory records, or fulfilment of statutory reporting requirements.
Set out below is an indicative list of the Personal Data that the Company may collect from the data subjects:
| Category | Examples |
| Identifiers | This category may include name, postal address, unique personal identifiers (such as employee ID number), online identifiers, email address, account name, Government Issued ID number, passport number, other similar identifiers. |
| Personal Information | This category may include name, signature, address, telephone number, passport number, insurance policy number, education or employment information, financial account numbers (such as your banking information and payment card information), medical information. Some Personal Data included in this category may overlap with other categories. |
| Classification Characteristics | This category may include age, national origin, citizenship, marital status, medical condition, sex and gender information |
| Geolocation Data. | This category may include physical location or movements to the extent captured by our internal badging and security system(s). |
| Professional or Employment-related Information. | This category may include current or past job history, performance evaluations, income and wage information, job title, emergency contacts, dependents’ personal information, beneficiaries’ personal information, personal references, timesheets, and references related to your previous employment. |
| Non-public Education Information | This category may include education records directly related to a student maintained by an educational institution or party acting on its behalf. Such records may include grades, transcripts, schedules, and student ID numbers. |
| Category | Examples |
| Identifiers | This category may include name, postal address, unique personal identifiers (such as employee ID number), online identifiers, email address, account name, Government Issued ID number, passport number, other similar identifiers. |
| Personal Information | This category may include name, signature, address, telephone number, passport number, insurance policy number, education or employment information, financial account numbers (such as your banking information and payment card information), medical information. Some Personal Data included in this category may overlap with other categories. |
| Classification Characteristics | This category may include age, national origin, citizenship, marital status, medical condition, sex and gender information |
| Geolocation Data. | This category may include physical location or movements to the extent captured by our internal badging and security system(s). |
| Professional or Employment-related Information. | This category may include current or past job history, performance evaluations, income and wage information, job title, emergency contacts, dependents’ personal information, beneficiaries’ personal information, personal references, timesheets, and references related to your previous employment. |
| Non-public Education Information | This category may include education records directly related to a student maintained by an educational institution or party acting on its behalf. Such records may include grades, transcripts, schedules, and student ID numbers. |
The Company uses the Personal Data identified above to process job applications, make and review employment decisions, perform background screenings, onboard new employees, set up and administer payroll, process and administer benefits (including perks or incentives), conduct performance evaluations, for tax reporting and filings, manage disciplinary matters and grievances, maintain an internal employee directory, manage our business and strategic planning, operate and manage IT and communication systems, maintain internal recordkeeping and oversight of Company personnel, for internal recordkeeping and Company oversight, to facilitate communication with you to ensure business continuity and crisis management, and to evaluate or conduct corporate restructuring business.
d. Use, Retention and Disposal of Personal Data
The Company shall only obtain, retain and use the Personal Data for the purposes identified to the data subject. If such Personal Data is required under any statement of work or agreement or for the Company records or in the course of employment of an employee, we shall ensure that the data subject has consented to the use of their Personal Data. We shall not retain Personal Data longer than is necessary to fulfill the purposes for which it was collected and may lawfully be used. We shall dispose of the Personal Data once it has served its intended purpose or as specified by the data subject. The Company will ensure that Personal Data shall be erased (i) if its storage violates any applicable law; (ii) if the Personal Data is no longer required by us to fulfil the purpose for which the Personal Data was collected, or (iii) at the request of the data subject, except where the Personal Data must be retained for compliance with statutory obligations. Notwithstanding anything to the contrary contained in any agreement between the Company and the data subject, the Company has the right to retain the Personal Data for the fulfilment of statutory obligations cast by applicable law.
e. Access to Personal Data
The Company shall allow data subjects to make inquiries regarding their Personal Data held by the Company, and where appropriate and feasible, the Company shall provide reasonable access to the Personal Data for review, and/or update or to rectify the Personal Data where inaccurate or outdated. Such requests from the data subjects must be directed to the Grievance Officer as specified in Part IV below.
f. Security Standards
We endeavour to protect and safeguard Personal Data from unauthorized access, data leaks and misuse and thus, the Company shall implement reasonable physical, administrative, operational and technical safeguards as required under applicable law to help protect Personal Data from unauthorized access, use and disclosure. To protect against the loss, misuse and alteration of the Personal Data in its possession, the Company has established appropriate physical, technical, operational and managerial procedures that are commensurate to the sensitivity of the Personal Data being stored. All Personal Data is stored in India and in accordance with applicable data protection and privacy laws.
g. Data Breach Protocol
In the event of a Personal Data breach, we will, at the earliest instance, intimate the concerned government authority(ies) and you about such breach, in accordance with applicable law. We will oblige with any directions, including urgent remedial or mitigation measures, as provided by the government authority(ies).
h. Monitoring and Enforcement
The Company shall monitor compliance with its Privacy Policy, both internally and with third parties, and establish the processes to address inquiries, complaints and disputes. We shall perform a periodic review of all the complaints related to data privacy to ensure that all the complaints are resolved in a timely manner and resolutions are documented and communicated to the data subjects.
III. DISCLOSURE TO THIRD PARTIES
The Company shall only disclose Personal Data to third parties (i) after obtaining the consent of the data subject under lawful contract or (ii) for the fulfilment of such purpose(s) notified to the data subject either in writing or through an agreement or statement of work or (iii) where the disclosure is necessary for compliance of a legal obligation. Subject to the aforementioned, we may disclose Personal Data to (i) third-party service providers to whom disclosure is necessary for the performance of important functions or provision of services, (ii) our affiliate or associate companies or any other company that we control, and (iii) to any such entity that legally acquires the Company or where the Company is involved in bankruptcy, merger, acquisition, reorganization or sale of assets, your Personal Data may be sold or transferred as part of that transaction. The undertakings in this Privacy Policy shall apply to the Personal Data as transferred to the new entity in a secure manner, with assurances of protection from third parties via valid agreements, and, where needed, with the consent of the data subject. The Company shall communicate the privacy practices, procedures, and standard requirements for data privacy and protection to the third parties/partner firms and shall strive to ensure that the third parties/partner firms treat the Personal Data being disclosed with the same degree of care as adhered to by the Company under the privacy laws of India.
Notwithstanding anything contained elsewhere, any Personal Data may be disclosed by us to any third party as required by a court of law or any other regulatory, governmental or legal enforcement agency established under a statute, as per the prevailing law without the data subject’s consent.
IV. DATA PRIVACY OFFICER (GRIEVANCE OFFICER)
Employees with inquiries or complaints about the processing of their Personal Data may first discuss the matter with their immediate supervisor/manager. If the employee does not wish to raise an inquiry or complaint with an immediate supervisor/manager, or if the manager and employee are unable to reach a satisfactory resolution of the issues raised, the employee may bring the issue to the attention of the Grievance Officer. Any questions, discrepancies, and grievances with respect to the processing of Personal Data and/or any act or omission by the Company regarding the performance of its obligations in relation to the employees’ Personal Data may be made to the Grievance Officer at jenny@eplane.ai In the event of any breach of the Privacy Policy, you may contact the designated Grievance Officer of the Company at:
Name: Jenny J
Mobile/Telephone: +91 9962555549
Email: jenny@eplane.ai
V. GOVERNING LAW AND JURISDICTION
This Privacy Policy will be governed by and construed in accordance with the laws of India and shall be subject to the exclusive jurisdiction of the courts of Chennai.
*****