Compliance
Privacy Policy
Updated and Effective Date: September 2023
This Online Privacy Policy (this “Policy“) sets forth how Sappho Consultancy Services Private Limited and its subsidiaries (“Sappho Consultancy Services Private Limited“, “we“, “us”, or “our”) gathers and uses information when you: access or use our Sappho Consultancy Services Private Limited or subsidiary websites, mobile applications, and other online products and services, including but not limited to: https://sapphocs.com; contact our customer service team; engage with us on social media; or otherwise interact with us (collectively, our “Services“).
This Policy does not apply to any third-party website to which the Services may link.
Please read this Policy carefully and consult our Terms and Conditions for more information about the general terms and conditions regarding your use of the Services.
In some circumstances, we may provide you with additional or supplemental privacy notices to the extent they apply to you because of the products and services you obtain from us or different laws that may apply to you. If you are a California resident, please refer to Section 13 (Your California Privacy Rights) below. If you are a European Resident, please refer to Sections 11 and 12 below.
To learn about the Sappho Consultancy Services Private Limited Complaint Policy, please click here.
- THE TYPES OF PERSONAL INFORMATION WE COLLECT ABOUT YOU
We collect the following categories of personal information from you in different ways, including from you directly, from you automatically through your use of the Services, and from third parties. The personal information we collect is used and shared as described below.
Personal Identifiers:
We collect certain personal information including your name, company name, postal address, e-mail address, telephone number, fax number, content stored on your device, such as photos and videos, and investor status when you access certain features of the Services or request certain information regarding Sappho Consultancy Services Private Limited directly from the company via the Services.
We may collect this information from various sources, including from you directly, from your device, through your use of the Services, recruiting agencies, financial institutions, service providers and other individuals.
Characteristics of Protected Classifications: If you choose to provide it, we may collect personal and protected classification characteristics and similar information, including ethnicity and citizenship. You can choose not to provide this information, but then you might not be able to gain access to such information and services.
Commercial Information:
We may collect commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies, from you directly, or through third parties, including data brokers.
Internet or other electronic network activity information:
We may also collect information about you through technology. For example, when you visit the Services, we may collect your IP address (an IP address is often associated with the portal through which you enter the Internet, like your ISP (Internet Service Provider), or your company) or other information you choose to explicitly share or submit to us. At times, we use IP addresses to collect information regarding the geolocation and frequency with which visitors browse various parts of our Services and combine this information with other information about you.
The Services also use Cookies. Cookies are small data files stored on your hard drive or in device memory that help us improve our Services and your experience, see which areas and features of our Services are popular, and count visits. For more information about the processing of information we obtain by automated means and how to change your Cookie settings, please visit our Cookie Policy. To the extent required by applicable law, we will obtain your consent before using Cookies or similar tools.
Our Services also use other technical methods to track visitor usage, including web beacons (“web beacons” are small pieces of data that are embedded in images on the pages of a website). We use these technical methods to analyze the traffic patterns on our Services, such as the frequency with which our users visit various parts of our Services. These technical methods may involve the transmission of information either directly to us or to another party authorized by us to collect information on our behalf. We also use these technical methods in HTML e-mails that we may send visitors to our Services to determine whether such visitors have opened those e-mails and/or clicked on links in those e-mails. Information we collect using these technologies is never combined with the information you provide (e.g., name, email, etc.).
We collect this information through your use of the Services and from our service providers.
Professional or Employment Information:
When you register on for Services, we may collect professional and employment information such as information about your employers, awards, and associations.
We may collect this information from various sources, including from you directly, through your use of the Services, educational institutions, financial institutions, service providers and other individuals.
Audio, electronic, visual, thermal, olfactory, or similar information:
When you visit some of our physical locations, our CCTV cameras may capture your image. If you call Sappho Consultancy Services Private Limited, your calls may be recorded.
We may collect this information from various sources from you directly.
Educational Information:
When you register for our Services, we may collect educational information such as information about schools you attended, degrees awarded, and academic status.
We may collect this information from various sources, including from you directly, through your use of the Services, financial institutions, service providers, and other individuals.
- HOW WE USE PERSONAL INFORMATION WE COLLECT ABOUT YOU
For each category of personal information above, we use your personal information as permitted by applicable laws to carry out the following purposes:
Provide you with Services:
We use your personal information to carry out our obligations arising from any contracts entered into between you and us and to provide you with the information, products, and services that you request from us.
Improve the Services:
We use your personal information about you to improve our Services. We might use your personal information to deliver the Services and/or customize your experience with us. For example, we may use your personal information to improve the Services and our other internal business purposes.
Security and Fraud Prevention and Detection:
We use your personal information for security purposes. We may use personal information to enforce our rights, for fraud prevention and detection, or to protect our company, affiliates, our customers, or our Services, or a third-party website or platform.
Compliance with Laws and to Protect Ourselves:
We use your personal information to support auditing, legal and compliance purposes, including responding to court orders or subpoenas. We may also share your personal information if a government agency or investigatory body requests. We may also use your personal information when we are investigating potential fraud or other areas of concern or if we believe in good faith that disclosure is legally required or otherwise necessary to protect our rights and property, or the rights, property or safety of others.
Marketing:
We use your personal information to provide you with information about other products and services we offer that are similar to those that you have already purchased or enquired about. We use your personal information to make suggestions and recommendations to you and other users of our Services about products or services that may interest you or them. We use your personal information to measure or understand the effectiveness of advertising we serve to you and others, and to deliver relevant advertising to you. We use your personal information to provide you, or permit selected third parties to provide you, with information about products or services we feel may interest you, where you have consented to being contacted for such purpose.
Communications:
We use your personal information to communicate with you about your account or our relationship. We may contact you about your use of our Services. We may contact you about your account, feedback, or changes to our service. We might also contact you about this Privacy Policy or the Services’ Terms of Use.
Debug and Identify Errors:
We use your personal information to debug and identify and repair errors that impair existing intended functionality on our Services.
Statistical Analysis and Research:
We may use your personal information for statistical analysis and research purposes, including analyzing performance.
Aggregate and de-identified information:
We may de-identify personal information and create anonymous and aggregated data sets and reports to assess, improve, market, and develop our business, products, and services, prepare benchmarking reports on our industry and for other research, marketing and analytics purposes. This information is not generally subject to the restrictions in this Policy, provided it does not identify – and could not be used to identify – a particular individual.
We may also use your personal information in other ways for which we provide specific notice at the time of collection and obtain your consent to the extent required by applicable law. We may combine information we obtain about you (such as offline through our services or from third parties) for the purposes described above.
- WAYS WE SHARE PERSONAL INFORMATION WE COLLECT ABOUT YOU
We do not disclose personal information we collect about you, except as described in this Privacy Policy. For each of the personal information categories listed above, we may share this information with third parties and affiliates for business or commercial purposes.
Sappho Consultancy Services Private Limited Companies and Affiliates:
We may share your personal information within the Sappho Consultancy Services Private Limited family of companies and with our affiliates.
Service Providers:
We share personal information with service providers who perform services on our behalf based on our instructions. We do not authorize these service providers to use or disclose the information except as necessary to perform services on our behalf or comply with legal requirements.
Comply with the Law:
We also may disclose personal information (a) if required by law, including, for example, to comply with a court order or subpoena, or (b) to enforce our Terms of Use; protect your safety or security, including the safety and security of property that belongs to you; and/or, protect the safety and security of our Services, databases, and/or third parties, including the safety and security of tangible and/or intangible property that belongs to us or to third parties.
Information You Elect to Share:
- We may share your information with third parties when you engage in certain activities on our Services that are sponsored by third parties, such as electing to receive information or communications from a third party. When you participate in such activities, you will either be required or requested to agree that the sponsor or business associate may use your personal information (including, in some cases, your e-mail address) in accordance with the sponsor or business associate’s privacy practices. If you provide a product review or otherwise share content on our Services, we may share this information publicly/with other users of our Services. If you choose to use integrations we offer on our Services, including for reporting purposes, locking rates, and returning diligence results, we may share certain information with the integration partners.
Business Transfers:
In some cases, we may choose to buy, sell, or merge parts of our business or our assets. In these types of transactions, user information is typically one of the transferred business assets. Moreover, if we, or substantially all of our assets, were acquired, or if we go out of business or enter bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. We reserve the right to transfer personal information we have about you, as necessary, in the event that we sell or transfer all or part of our business or assets (including in the event of a merger, acquisition, joint venture, reorganization, divestiture, dissolution or liquidation). You acknowledge that such transfers may occur, and that any acquirer of us or our assets may continue to use your personal information as set forth in this Privacy Policy.
Aggregate and de-identified information:
We may share aggregate or de-identified information, which cannot reasonably be used to identify you.
- THE SECURITY MEASURES WE TAKE TO SAFEGUARD YOUR PERSONAL INFORMATION
The security and confidentiality of your personal information is important to us. We maintain reasonable technical, administrative, organizational and physical security measures to protect personal information from accidental, unlawful, or unauthorized destruction, loss, alteration, access, disclosure or misuse. From time to time, we review our security procedures in order to consider appropriate new technology and methods. Please be aware though that, despite these efforts, no security measures are perfect or impenetrable.
- HOW LONG WE RETAIN PERSONAL INFORMATION
To the extent permitted by applicable law, we retain your personal information for the duration of our relationship (but no longer than reasonably necessary to fulfil the purposes for which we collected such information), plus a reasonable period in order to be able to run regular deletion routines or to consider the applicable statute of limitation period or to comply with mandatory applicable law.
We may retain your personal information for a longer period due to legal or regulatory requirements, including in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect of our relationship with you.
- YOUR RIGHTS AND CHOICES
We will provide you an opportunity to update your contact information and/or modify your communication choices by sending you an e-mail or other communication that invites your response, or by providing a means to update that information via our Services. You also may opt out of receiving text messages or e-mail marketing communications by following the instructions in those communications. If you opt out, we may still send you non-promotional emails, such as those about your account or our ongoing business relations. To the extent provided by the law of your jurisdiction, you may at any time request, in writing, access to the personal information we maintain about you, request how we collect, use and process your personal information, or request that we correct, update, amend, or delete your information, or restrict the processing of such information by contacting us as indicated below, or object to the processing of your personal information in certain circumstances.
Subject to applicable law, you also have the right to receive, in a structured, commonly used, and machine-readable format, the personal information that you have provided to us about you, with your consent or based on a contract to which you are party. You have the right to have this information transmitted to another company, where it is technically feasible.
Where provided by law, you may withdraw any consent you previously provided to us or object at any time on legitimate grounds to the processing of your personal information, and we will apply your preferences going forward.
To ask us to remove your information from our mailing lists, exercise your rights or submit a request, please contact us as indicated in the “How to Contact Us” section of this Privacy Policy.
- CHILDREN
Our products and services are not directed to minors under the age of 18 and we do not knowingly collect or sell the Personal Information of minors. Your use of our Services constitutes a representation that you are 18 years of age or older.
- DATA TRANSFERS
Sappho Consultancy Services Private Limited is headquartered in the Chennai, Tamilnadu, India. We may share personal information we obtain about you with our affiliates and suppliers in the India or Globally in accordance with this Policy.
If Sappho Consultancy Services Private Limited is going to transfer personal data to a third party that is acting as an agent, it will enter into a written agreement with such third party requiring that the third-party provide at least the same level of privacy protection as is required by the data protection laws applicable to the transferring Sappho Consultancy Services Private Limited legal entity. Under certain circumstances, we may remain liable for the acts of our third-party agents or service providers who perform services on our behalf for their handling of your personal information that we transfer to them.
- INTERNATIONAL DATA TRANSFERS
Your personal information may be transferred to, and processed in, countries other than the country in which you are resident. These countries may have data protection laws that are different from the laws of your country (and, in some cases, may not be as protective).
We have taken appropriate safeguards to require that your personal information will remain protected in accordance with this privacy notice.
Sappho Consultancy Services Private Limited recognizes its obligation to comply with the requirements of European Union’s General Data Protection Regulation (“GDPR”) and the United Kingdom’s GDPR (“UK GDPR”), and, accordingly, any transfer of personal data outside the European Economic Area (“EEA”) or the United Kingdom will only be performed in accordance with these requirements, through data transfer agreements or any other mechanism recognized as adequate by the DPAs, including by executing Standard Contractual Clauses, and only to the extent necessary to the performance of its contractual obligations as an employer or service provider. Where such transfers are accomplished by use of Standard Contractual Clauses, you may request a copy of these Standard Contractual Clauses by contacting us at [email protected].
- OTHER ONLINE SERVICES AND THIRD-PARTY FEATURES
We may provide links on our Services to third parties. In addition, third parties may also provide links to our Services. These companies may have their own privacy notices or policies, which you are encouraged to review. We do not control such third-party websites and are not responsible for the privacy practices of any non-Sappho Consultancy Services Private Limited websites, apps or services (whether or not such site is linked on or to our Services). These links are provided to you for convenience purposes only, and you access them at your own risk.
The providers of third-party apps, tools, widgets, and plug-ins on our Services, such as Facebook and Twitter buttons, also may use automated means to collect information regarding your interactions with these features. This information is collected directly by the providers of the features and is subject to the privacy policies or notices of these providers. To the extent permitted by applicable law, we are not responsible for these providers’ information practices.
- ADDITIONAL DISCLOSURES FOR INDIVIDUALS IN EUROPE
If you are located in the EEA, the United Kingdom, or Switzerland, you have certain rights and protections under the law regarding the processing of your personal data, and this section applies to you.
Legal Basis for Processing
When we process your personal data, we will do so in reliance on the following lawful bases:
- To perform our responsibilities under our contract with you (e.g., processing payments for and providing the products and services you requested).
- When we have a legitimate interest in processing your personal data to operate our business or protect our interests (e.g., to provide, maintain, and improve our products and services, conduct data analytics, and communicate with you).
- To comply with our legal obligations (e.g., to maintain a record of your consents and track those who have opted out of marketing communications).
- When we have your consent to do so (e.g., when you opt in to receive marketing communications from us). When consent is the legal basis for our processing your personal data, you may withdraw such consent at any time.
Data Subject Requests
Subject to certain limitations, you have the right to request access to the personal data we hold about you and to receive your data in a portable format, the right to ask that your personal data be corrected or erased, and the right to object to, or request that we restrict, certain processing. Individuals in the EEA and UK may submit queries related to the processing of their personal information by Sappho Consultancy Services Private Limited by contacting us directly at [email protected].
- RESOLUTION OF DISPUTES AND COMPLAINT MECHANISM
Sappho Consultancy Services Private Limited commits to resolve complaints about our collection or use of your personal information in accordance with data protection laws applicable to us for the applicable collection or use.
Individuals in the EU and UK may submit queries related to the processing of their personal information by Sappho Consultancy Services Private Limited by contacting us directly at [email protected].
While you may make a direct complaint at any time to the applicable DPA about our collection or use of your personal information, we would appreciate the chance to deal with any of your queries, concerns or complaints in the first instance.
- YOUR CALIFORNIA PRIVACY RIGHTS
The California Consumer Privacy Act or “CCPA” (Cal. Civ. Code § 1798.100 et seq.) affords consumers residing in California certain rights with respect to their personal information. If you are a California resident, this section applies to you.
The rights for California residents set forth in this section do not extend to (i) personal information that is already protected under the Gramm-Leach-Bliley Act (“GLBA”) as set forth in our GLBA privacy notice (ii) personal information processed solely in the business-to-business context, or (iii) other data that is exempt from certain requirements of the CCPA.
California Consumer Privacy Act
You may have rights under the California Consumer Privacy Act of 2018 (“CCPA“), as described in this section of our Privacy Policy.
In the preceding 12 months, we have collected and shared the following categories of personal information: personal identifiers; characteristics of protected classifications; commercial information; professional or employment information; and educational information.
Category of Personal Information | Examples | Categories of Recipients | Do We Collect This Information? |
Identifiers | real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers. | Loan Management System, Payroll provider, Benefits portal, Recruitment Platform, HR Management System and Cloud Storage provider, Apps, Websites, and Third -Party Integrations on or Using our Products. | YES |
Characteristics of protected classifications under California or U.S. federal law. | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability , sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | Cloud Storage provider | YES |
Commercial information, including records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | Records of Products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies | Loan Management System | YES |
Professional or employment-related information. | Current or past job history or performance evaluations. | Recruitment Platform, HR Management System and Cloud Storage provider | YES |
Education information, defined as information that is not publicly available personally identifiable information as defined in the Family Educational Rights and Privacy Act (20 U.S.C. Sec. 1232g; 34 C.F.R. Part 99). | Education records related to a student maintained by education institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification, student financial information, or disciplinary records | Recruitment Platform, HR Management System and Cloud Storage provider | YES |
Biometric Information | Genetic, Physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information such as, fingerprints, faceprints, and voice prints, iris or retina scans, keystroke, gait, or other physical patterns | NO | |
Sensory Data | Audio information collected for calls, memos, or voicemails | NO | |
Internet or other Similar Network Activity | Browsing history, search history, information on a consumer’s interaction with a website, application or advertisement | NO | |
Inferences drawn from other personal information | Profile Reflecting a person’s preferences, including taste preferences, color preferences, and purchasing preferences | NO |
We do not sell your personal information.
Consumer Rights Requests
Subject to certain limitations and as we explain further below, you have the right to (1) request to know more about the categories and specific pieces of personal information we collect, use, and disclose, (2) request deletion of your personal information, (3) opt out of any “sales” of your personal information that may be occurring, and (4) not be discriminated against for exercising these rights. You may make these requests by contacting us at [email protected].
Your Rights to Request Disclosure of Information We Collect and Share About You
We are committed to ensuring that you know what information we have collected and shared about you over the 12-month period preceding the request. You can submit a request to us for the following information:
- The categories of Personal Information that we have collected about you.
- The categories of sources where we collected the Personal Information.
- The business or commercial purposes for why we collected and/or sold the Personal Information.
- The third parties with whom we shared the information.
- The specific pieces of information we collected.
- The categories of Personal Information, if any, we have sold about you, categories of third parties to whom we sold that Personal Information, and the category or categories of Personal Information sold to each category of third party.
- The categories of Personal Information that we’ve shared with third parties for business or commercial purposes.
Your Right to Request the Deletion of Personal Information We Have Collected from You
Upon receiving and verifying such request as described below, we will delete the Personal Information that we have collected about you, except for situations when that information is necessary for Sappho Consultancy Services Private Limited to: provide you with a good or service that you have requested; perform a contract we have entered into with you; maintain the functionality or security of our systems; comply with or exercise rights provided by the law; or use the information internally in ways that are compatible with the context in which you provided the information to us or that are reasonably aligned with expectations based on the your relationship with us.
Our Process for Responding to Consumer Rights Requests for Access or Deletion
We will verify your consumer rights request by asking you to provide information related to your recent interactions with us, as described below.
Requests for Household Information
Please note that certain types of Personal Information may be associated with a household, meaning a group of people living together in a single home. Each member of the household must make requests for access or deletion of household Personal Information. We will then verify each member of the household using verification criteria. If we are unable to verify the identity of each household member to the degree of required certainty, we will not be able to respond to the request. We will notify you to explain the basis of our denial.
If you are legally entitled to such rights, you may designate an agent to submit a request on your behalf. The agent can be a natural person or a business entity that is registered with the California Secretary of State. If you would like to designate an agent to act on your behalf, you and the agent will need to comply with our agent verification process. You will be required to verify your identity by providing us with certain personal information, depending on the nature of the information you require, which we will endeavor to match with information we may maintain about you. Additionally, we will require that you provide us with written confirmation that you have authorized the agent to act on your behalf, and the scope of that authorization. The agent will also be required to provide us with proof of the agency relationship, which may be a declaration attesting to the agent’s identity and authorization by you to act on their behalf, signed under penalty of perjury. If the agent is a business entity, it will also need to submit evidence that it is registered and in good standing with the California Secretary of State. Information to identify and verify your agent can be submitted through the same mechanism and at the same time that you submit information to verify your identity. Please note that this subsection does not apply when an agent is authorized to act on your behalf pursuant to a valid power of attorney. Any such requests will be processed in accordance with California law pertaining to powers of attorney.
Requests for specific pieces of personal information
To respond to these requests, we will ask you for at least three pieces of personal information and will endeavor to match those to information we maintain about you. Additionally, we require that you provide a declaration attesting to your identity, signed under penalty of perjury.
If we are unable to verify your identity with the degree of certainty required, we will not be able to respond to the request. We will notify you to explain the basis of the denial. In addition, we will treat the request as one seeking disclosure of the categories of personal information we have collected about you and endeavor to verify your identity using the less-stringent standards applicable to such requests.
Requests for categories of personal information
To respond to these requests, we will ask you for at least two pieces of personal information and endeavor to match those to information we may maintain about you. If we are unable to verify your identity with the degree of certainty required, we will not be able to respond to the request. In that case, we will notify you to explain the basis of our denial.
Requests for deletion of personal information
To respond to these requests, we will ask you for at least two pieces of personal information and endeavor to match those to information we may maintain about you. If we are unable to verify your identity with the degree of certainty required, we will not be able to respond to the request. In that case, we will notify you to explain the basis of our denial.
Non-Discrimination
You have a right not to be discriminated against for the exercise of the privacy rights conferred by the CCPA.
Do Not Track Signals
Our Services currently do not respond to “Do Not Track” (“DNT”) signals and operates as described in this Privacy Policy whether or not a DNT signal is received. If we do so in the future, we will describe how in this Privacy Policy.
- ENFORCEMENT
Sappho Consultancy Services Private Limited privacy practices are subject to the jurisdiction of the India, and as such Sappho Consultancy Services Private Limited is subject to the investigatory and enforcement powers of the India’s Law Regulation.
- AMENDMENTS TO THIS ONLINE PRIVACY POLICY
This Privacy Policy may be updated periodically to reflect changes in our personal information processing practices. We will indicate at the top of the Policy when it was most recently updated.
- CONTACT US
To ask us to remove your information from our mailing lists, exercise your rights or submit a request, or have any questions or comments about this Privacy Policy, please email us at [email protected].