Privacy Policy and Data Retention policy

Introduction

We at Gro ((“Gro Digital Platforms Limited(”/Company) respect the privacy of its users. The information if any collected will be secured, safeguarded and shall be utilised for providing better and appropriate services to you and for lawful usage and purpose. We are committed to abide by law of the land and shall comply with the Information Technology Act, 2000 (“Act”) and also the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules 2011 (“Rules”) or any other statutes, guidelines and regulatory policies which are in place to govern the Information Technology practice in India.

Users, Scope and Definition

This policy shall govern the Company‘s collection and use of Data and Handling (“usage”) of the Personal Information (“PI”) and the Sensitive Personal Data or Information (“SPDI”) by the Company in accordance with the Rules.

“Personal information” means any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such a person. “Sensitive personal data or information” (SPDI) means any information of a person means such personal information which consists of information relating to:—

  1. password
  2. financial information such as Bank account or credit card or debit card or other payment instrument details
  3. physical, physiological and mental health condition
  4. sexual orientation
  5. medical records and history
  6. Biometric information
  7. any detail relating to the above clauses as provided to body corporate for providing service
  8. any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise
  9. Pictures uploaded by the user while registration
  10. Personal Identification documents such as PAN, Passport, Driving license, etc.

Provided that, any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data or information.

By clicking the accept button below you hereby expressly give consent to use your PI and SPDI as more fully described herein below. Your consent to the same shall be construed as a lawful contract between you and the Company in accordance with the Act and Rules.

PI and SPDI Collection and Usage
The Company may, collect, use, receive, possess, process, store, deal, disclose, transfer or handle Personal Information, Password and Financial Information such as Bank Account Number for the following purpose:-

For authentication of user and his attached trucks, for making payments & deducting TDS (if applicable), for researching and developing new products and services, and in connection with Freight, Insurance & Services Platform of the Company and from time to time.

For providing the services, the Company will collect, use, receive, possess, process, store, deal, disclose, transfer or handle SPDI.

Data Retention
The PI or the SDPI that the Company may collect, use, receive, possess, process, store, deal, disclose, transfer or handle shall be stored till the user account is active and thereafter deleted once the user deletes his profile from the Applications of the Company.

Sharing of PI and SPDI
In addition to the above said purposes, the Company may share your PI and SPDI with the following entities:

  1. Governmental Agency or Courts or Regulators as required under the applicable law
  2. Hinduja Leyland Finance Limited (“HLFL”) for credit assessment
  3. Hindustan Petroleum Corporation Ltd. (“HPCL”) and Indian Oil Corporation Ltd. (“IOCL”) for the user KYC
  4. Any employee, agent, contractor or third party or service provider in connection with the Company‘s business
  5. Any other person under duty of confidentiality to the Company.
We may also disclose information about you if we determine that disclosure is reasonably necessary to enforce our terms and conditions or protect our operations or users. Additionally, in the event of a reorganization, merger, or sale we may transfer any and all personal information we collect to the relevant third party. It may also be necessary for us – by law, legal process, litigation, and/or requests from public and governmental authorities to disclose your personal information. We may also disclose information about you if we determine that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate.

At times we may make certain personal information available to strategic partners that work with us to services, or that help our customers. For example:- With HLFL for credit assessment availing fuel credit or with HPCL/IOCL for creation of virtual fleet cards of the said companies. Personal information will only be shared by us to provide or improve our products, services and advertising; it will not be shared with third parties for their marketing purposes.

Openness and Data Access
The user whose PI and/or SPDI is collected, received, possessed, processed, stored, transferred, dealt or handled may inquire as to the nature of data stored or processed by the Company. The person will be provided reasonable access to the person‘s PI and SPDI held by the Company. If any data is inaccurate or incomplete, such a person may request that the data be amended or modified or updated.

Option to Opt Out
The person has an option to withdraw the consent to use the PI or SPDI by the Company in accordance with this Policy. In that case the person should contact the Data Privacy and Grievance officer designated by the Company below.

Security Measures
We have high regards for the privacy of our end users and hence we take all possible measures to store and secure the PI and SDPI collected by us. We have engaged the services of one of the best ISO certified cloud-based data storage service providers. Our service provider is ISO/IEC 27001:2013, 27017:2015, 27018:2019, and ISO/IEC 9001:2015 and CSA STAR CCM v3.0.1 certified.

We ourselves or through our service providers, systematically evaluate our information security risks, taking into account the impact of threats and vulnerabilities.

We undertake to the following

  1. The usage of PI and SPDI will be in compliance with the Act and the Rules
  2. PI and SPDI will be used for the purposes for which it has been collected or obtained
  3. PI and SPDI will be relevant/necessary to/for the purposes for which it is collected and used
  4. Appropriate reasonable measures will be taken to prevent unauthorized use, processing, and accidental loss, destruction, or damage to such PI or SPDI.

Updates
The Company reserves the right to add, revise, amend, modify or delete any part of this Policy (in part or in full) at its discretion. The updated version of this Policy in force will be posted on the Company‘s website from time to time. In the event of any change in the Act or the Rules or in case of any requirement arising under any of the applicable law, this Policy shall be deemed to be amended or modified to the extent necessary to comply with such amendment to the Act or the Rules or to meet any requirement under the applicable laws.

Data Privacy and Grievance Officer
Any questions, disputes, opt-out requests, grievances with respect to the processing of PI or SPDI can be referred to the Data Privacy and Grievance officer designated by the Company as through legal@letsgro.co

I have read and understood this privacy policy and the same is acceptable to me