Privacy Policy

Bayasoft is committed to protecting your privacy. This Privacy Notice (“Notice”) describes how Bayasoft processes personal data in connection with our business, including the provision of our website at (https://www.bayasoft.in/) (“Website”) and our Services.

This Notice explains Bayasoft approach to any Personal Data that we might collect from you, or which we have obtained about you from a third party, and the purposes for which we process your Personal Data in our capacity as a Controller (i.e. when Bayasoft determines the purposes and means of the processing of personal data). It also describes your rights in respect of our processing of your Personal Data.

This Notice only applies to the use of your Personal Data by us or on our behalf. It does not apply to:

  • Personal Data collected by third parties during your communications/dealings with those third parties or your use of their products or services (for example, where you follow links to third party websites over which we have no control).
  • Personal Data processed, stored or hosted by us when we act as a Processor on behalf of our Customers in the course of providing our Services, in which case the privacy statement of the relevant Customer will apply, and our data processing agreement with such Customer will govern our processing of your Personal Data.

DEFINITIONS

The capitalized terms used in this Notice are defined in Annex 1.

QUICK LINKS

We recommend that you read this Notice in full to ensure you are fully informed. However, if you only want to access a particular section of this Notice, you can click on the relevant link below to jump to that section.

1. WHO IS THE DATA CONTROLLER?

he Website and our Services are made available by various companies in the Bayasoft group of companies (each a “Group Company”).

Where this Privacy Notice refers to “Bayasoft”, “we”, “us, “our”, this means one or more of the particular Group Companies that provide the particular Website, Mobile Application, Newsletter or Services to you, recruits you, uses testimonials from you, sends marketing communications to you, hosts an event you visit, or organizes a program in which you participate.

For the purposes of the GDPR and LGPD, the following Group Companies act as a data controller when the processing of your Personal Data is governed by the requirements of the GDPR or LGPD.

Bayasoft Private Limited. (company no: _________) is a company established under Companies Act of India, with its registered office at Rupa Solitaire, Millenium Business Park, .

2. WHO WE COLLECT PERSONAL DATA ABOUT

We collect, process and store Personal Data about the following people:

  • Website visitors: If you browse our Website or contact us via our Website (Contact Sales) we will collect, process and store your Personal Data in connection with your interaction with us and our Website.
  • Users of our Services: If you use our Services, whether it is through our Website or our Mobile Applications, we will process your Personal Data for certain data analytics purposes and in order to offer, deliver and improve our Services.
  • Visitors to our Offices: If you visit our office, we may process Personal Data about you that you volunteer in connection with your visit and any enquiries you make. For example, you may volunteer Personal Data when signing in as a guest. CCTV footage may also be collected for security purposes.
  • Recipients of marketing communications from us: If you are a potential lead or existing customer, we may process Personal Data about you in order to send you marketing communications.
  • Event attendees: If you register for, attend or take part in our events, webinars or contests hosted by us we will process Personal Data about you in connection with your attendance at the event. For example, we may ask you to complete a registration or feedback form, or other documents relating to the event.
  • Personnel that work for our Customers, partners and suppliers (including subcontractors and personnel who work for us as freelancers or contractors). If you (or your organization) are:
    • in receipt of services from us;
    • supply products or services to us; or
    • otherwise partner with us;

We may collect, process and store your Personal Data in connection with our provision of those Services to you, our receipt of those Services from you and/or our partnership. This may include Personal Data included in any email or telephone communications or recorded on any document relating to an order for the Services.

  • Job applicants: If you apply for a job with us, whether through our Website or otherwise, we will collect, process and store your Personal Data in connection with your application.
  • Shareholders: If you are a shareholder of our Group Companies, we will process your personal data in relation to your investment and for our reporting obligations.

We also make available a Market Place platform where individuals can download applications developed by Bayasoft or by third parties (the “Applications”). This Notice will apply to our processing of your Personal Data during your use of the Applications when the Applications are provided by us, and the Application shall include a link to this Notice. When Applications are provided by a third party, the privacy statement of the relevant third party will apply.

Hosted Data

Some of our Services include processing of data on behalf of our Customers in relation to applications, tools or software that we provide (“Hosted Data”). Save for the limited circumstances set out in this Notice, we are not the data controller of this Hosted Data as we do not determine the purposes or the means of the processing. If you believe your Personal Data is being processed by us in this way you should refer to the privacy notice of the data controller on whose behalf we are acting.

Cloud API

WhatsApp Infrastructure means WhatsApp Enterprise Client deployment which helps communication between users and the Bayasoft platform.

The Client hereby confirms and agrees that upon sharing the data on the WhatsApp infrastructure, all the data shared by the Client in relation to the WhatsApp messaging will now reside on Cloud API's ("Data Residence"), a Meta Product.

It is further understood and accepted that any Client data previously routed & stored on WhatsApp infrastructure i.e. for the purpose of messaging/notification on WhatsApp, the WhatsApp infrastructure shall henceforward be migrated to the data centers which are currently located in North America and European Union via Cloud API service by Meta.

For the purpose of the provision of services under this Agreement, the Client hereby acknowledges that for the WhatsApp infrastructure data localization is not offered by the Company for any such data shared or obtained by the Company in the process of providing the WhatsApp messaging to the Client.

THIRD PARTY SERVICES, THIRD PARTY APPLICATIONS, WEBSITES & SERVICES

Third Party Services shall mean the third party services made available by the Company under the Solution including but not limited to WhatsApp business platforms and the term “Third Party Service Provider” shall mean the provider of such Third Party Services. The Solution may include links to other websites/applications or any of its sub domains or website/applications of any Third Party Service Providers or may display advertisements from such Third Party Service Providers and other content that links to Third Party Services. Such Third Party Services are governed by their respective privacy policies, which are out of our control. Once you leave our servers, use of any information you provide is governed by the privacy policy of the operators of the Third Party Services you are visiting and such policies may differ from this Privacy Policy. If you can't find the privacy policy of any of the Third Party Service Providers, you must contact the relevant website /application of such Third Party Service Providers directly for more information. We shall not be responsible for the privacy practices or the content of such Third Party Services. We shall not be liable for the services provided by the Third Party Service Providers, on the Solution. You shall assume all risks arising out of or resulting from any transaction undertaken by you with such Third Party Service Providers on the Solution and you agree and acknowledge that the Company shall not be responsible or liable for any losses arising out of your usage of such Third Party Services. We may use third party advertising companies to serve ads when you visit the Solution. Please note that any Third Party Services you access as a part of the Solution, may also collect, use and share information about you and your usage. We cannot control how these Third Party Service Providers collect, use, share or secure this information. These Third Party Service Providers who collects, processes, shares, uses, retains your personal and/or usage related information or with whom such information is shared pursuant to contractual obligations shall be solely responsible for such usage and liability, if any.

3. WHAT PERSONAL DATA DOES BAYASOFT COLLECT, HOW DO WE USE YOUR PERSONAL DATA AND WHAT LEGAL BASIS DO WE RELY ON?

WHAT PERSONAL DATA WE COLLECT AND HOW WE USE YOUR PERSONAL DATA WHAT LEGAL BASIS DO WE RELY ON TO PROCESS YOUR PERSONAL DATA
A) Personal Data we collect directly from you (“Collected Data”)

Purpose: providing you with the Services. We may use, retain and process your Personal Data for the following purposes when providing our Services: to provide the Services. to administer your account (including when you subscribe and sign-up to any of our Services) to assess the needs of your business to suggest suitable Services and respond to service requests, questions or concerns. to facilitate your transactions with other users when you use our Services. to prevent or respond to any misuse of our Services or Applications or any violations of our Terms and any applicable laws. to collect subscription fees. The data processed includes: contact information such as name, e-mail address, mailing address, IP address, geographic location, or phone number of the Account admin; billing information, such as credit card number and billing address details about payments made between you and us; details of Services purchased from us; name and e-mail address when Account admin/Agent(s) provide feedback from within the Service(s); unique identifiers, such as username, account number or password your feedback and survey responses; and the content of any messages you send us, including, without limitation, messages transmitted via the Services, email, telephone, or via the Website (including web-based chat interfaces).

We process your Personal Data for these purposes based on our legitimate interests or a third party’s legitimate interest to ensure we provide our Services in an effective, safe and efficient way. Where we process your Personal Data to administer your account, or to the extent necessary to collect your subscription fees, we do so for the purposes of our contract with you.

Purpose: Recruitment, Bayasoft Careers. When you apply for an open position by either populating the application form, by email or by hard copy and whether submitted directly by you or by a third-party recruitment agency on your behalf, we will use such data to evaluate you for the open position that you have applied for or any position that we consider you suitable for at the time you submit your resume (application?) or at any later date. For the purposes of evaluating you for an open position, you understand that we may internally rate you based on parts of your resume (application?) and your information. If you do not wish to be rated by us, please do not provide us your information. The data processed includes: contact information, such as name, email address, mailing address, phone number, and (subject to local laws) links to your social networking profiles; any other information you volunteer, including during any interview or your interactions with us and contained in the resume that you submit to us; personal data obtained from any third parties we work with in relation to our recruitment activities, including without limitation (and subject to local laws), recruitment agencies, background check providers, credit reference agencies and your referees; and details of your education, qualifications and employment history, any other personal data which is contained in any reference about you that we receive. Such information may also include special categories of personal data (such as information about your health, any medical conditions and your health and sickness records) and information relating to criminal convictions and offences (only if that information is relevant to the role you are applying for and subject to local laws). Subject to local laws, we may also use your personal data for the purposes of reviewing our equal opportunity profile in accordance with applicable legislation. We do not discriminate on the grounds of gender, race, ethnic origin, age, religion, sexual orientation, disability or any other basis covered by local legislation. All employment-related decisions are made entirely on merit. We will retain data from applications for a limited period for record keeping and legal (or, subject to local law, regulatory) purposes. We may (subject to laws in your jurisdiction) also retain your data in order to contact you if a role arises for which we think you would be suitable. Further information about this will be provided during the application process and we will ask for consent where necessary according to local law.

Where we use your Personal Data in connection with recruitment, it will be in connection with us taking steps at your request to enter into a contract we may have with you or it is in our legitimate interest to use personal data in such a way to ensure that we can make the best recruitment decisions. We will not process any special (or sensitive) categories of Personal Data or Personal Data relating to criminal convictions or offences except where we are able to do so under applicable legislation or with your explicit consent.

Purpose: Bayasoft hosting or managing Events and programs. From time to time, we may organize and host events for the purpose of promoting our business or other reasons. The data processed includes: We may process your name, email address, designation and company name to communicate with you about such events where you have specifically requested information about such events or where we have another lawful basis for sending that information to you. When you attend an event conducted by Bayasoft, including webinars or seminars, we may collect your contact information such as name, e-mail address, phone number, designation and company name to record your attendance at the event and for related record-keeping purposes. If you attend any user conferences hosted by us at a physical location where we serve food and other refreshments, we collect information about your food preferences and allergies. You may also feature in photographs taken at our events and such photographs may appear in publications that we make available. When you register for any of our programs through a registration form on our Site, we may collect information such as your name, e-mail address, company name, designation, company website URL, IP address, location and contact information.

It is necessary for us to use your Personal Data in this way to perform our obligations in accordance with any contract that we may have with you where you have signed up to attend an event, or it is in our legitimate interest or a third party’s legitimate interest to use Personal Data in such a way to ensure that the event is operated in a secure and effective way. We may specifically ask your permission to use your photographs, quotes, testimonials, or other content that you make available or publish at the event. Where this is the case, our processing of such Personal Data will be based on consent (or, if we enter into a contract with you for this purpose, on the performance of said contract)

Purpose: Prize draws, prize competitions and other promotions. From time to time, we may run prize draws, prize competitions and other promotions on our Site and/or on our social media accounts. The data processed includes: For the purposes of administering such promotions, we may process: your name, e-mail address, company name, designation, company website URL, IP address, location and contact information, banking details; information about when your current or previous sessions started, IP address; browser type and operating system; geolocation, any other unique numbers assigned to a device and other data that is collected through your interactions with third party websites and services; and any other personal data volunteered by you or that we ask for in relation to your promotion entry. Our promotions are subject to separate terms and conditions, which you may be required to accept as a condition of entry.

It is necessary for us to use your personal data to perform our obligations in accordance with any contract that we may have with you (e.g. the promotion terms and conditions) or it is in our legitimate interest to use your personal data to enable us to administer our promotion fairly and effectively and to ensure that we comply with self-regulatory codes governing the operation of promotions.

Purpose: Participation in Public forums, Community platform, Forms and using of your statements for testimonials. When you visit or register our publicly accessible community forums and blogs or submit any forms on our Site, you should be aware that any information you provide in these areas may be read, collected and used by others who access them. We may post your testimonials/comments/reviews on our Websites which may contain your Personal Data. The data processed includes: contact information such as name, e-mail address, mailing address, or phone number; information about your business, such as company name, company size, business type; and a short bio about you to identify you as the author of the post.

We may post your testimonials/comments/reviews on our Websites which may contain your Personal Data. Where we use your content in connection with Services that we provide via our Website, it is in our legitimate interest to use any Personal Data that you provide to us to ensure that we provide the relevant Services in an effective way. Prior to posting the testimonial, we will obtain your consent to post your name along with the testimonial. If you do not consent we are only allowed to use the testimonial in a fully anonymized way. If you want to revoke your consent and your testimonial to be removed, please contact us at support@bayasoft.in. If we enter into a contract with you for this purpose, our legal basis may be the performance of said contract.

Purpose: Newsletters. When you actively subscribe to our newsletters, we collect and store your e-mail address to share our newsletters with you.

If you have requested content from us, i.e. a newsletter, it is in our legitimate interest to use your Personal Data in such a way to ensure that we process your request in an effective way.

Purpose: Advertising and marketing to our Customers and prospective leads – sending marketing communications by post and/or email. The data processed includes: We use your name, email address, job title; and organization that you represent, social media handle and details of any marketing preferences that you have communicated to us to send you (or the organization you represent) marketing communications by post and/or email. Our marketing will include press releases and information about us, our Website and our Services, any events we may hold and any offers or promotions we offer from time to time. Our marketing communications will include personalized and non-personalized marketing. Personalized marketing has been specifically tailored to you and will include content that we think is most relevant to you, based on what we know about you. We may use technology to do this, but generally all our marketing methods involve human intervention. Non-personalized marketing is marketing that is not tailored to you. Where we are sending you personalized marketing, we may also use other types of Personal Data to help us decide what sort of personalized marketing to send you (please see the “Cookies and Similar Technologies”, “Usage Data” and “Mobile Applications” sections below for more details).

In the UK, EU and Brazil we will rely on your consent when sending marketing communications. Otherwise, it is in our legitimate interest to use your Personal Data for marketing purposes, for example to decide what marketing content we think may appeal to you or for postal or email marketing (except where we are required by applicable law to obtain your consent).

Purpose: Advertising and marketing to our Customers and prospective leads: Online personalized marketing. The data processed includes: We and our third party partners may use your data relating to your behaviors, interests and preferences, including data collected as a result of your browsing activity and/or interaction with our Website and/or our emails, which is obtained through the use of cookies, pixel tags and other similar technologies; information about when your current or previous sessions started, IP address; browser type and operating system; geolocation, any other unique numbers assigned to a device and other data that is collected through your interactions with third party websites and services to provide you with, and analyze the effectiveness of, personalized ads when you visit other websites and/or use other services (including the social media and other platforms described in the “advertising to you on social media and other platforms” section. By “personalized ads”, we mean advertisements for services that you have shown an interest in when you have used our Website or which we or our partners otherwise think you might be interested in based on your browsing habits. Note, our third-party partners may also use the data that is collected to show personalized ads for products and services offered by third parties.

Please see the “Cookies and Similar technologies” section to learn about the legal basis that we rely on to collect data via the use of cookies. https://www.bayasoft.in/list-of-cookies/ Where we use your personal data to display online personal advertising to you, we rely on the consent that you have provided in respect of the collection of such data, or, subject to local law, it is otherwise in our legitimate interests to promote our Website and our Services to you.

Purpose: Advertising and marketing to our Customers and prospective leads – advertising to you on social media and other platforms. We share your email address and other identifiers such as your phone number or device ID (usually in an encrypted or ‘hashed’ form) with third-party providers of social media platforms and other services, such as [Facebook, LinkedIn] and other similar platforms (“Social Platforms”), so that the third party providers can try to “match” your data with the data of their registered users of their Social Platforms. Where there is a successful match, we will display our advertising to you when you use the relevant Social Platform (e.g. on your Facebook newsfeed). This is known as “custom audience” advertising, because we “customize” the audience that we want to reach on the relevant service. Some of the advertising that you see may be personalized to you. The data that we use to personalize our advertising, will include: Data relating to your browsing activity or interaction with our emails, obtained through the use of cookies, pixel tags and other similar technologies; information about when your current or previous sessions started; details about any products you viewed through the Site; and IP address; browser type and operating system; geolocation; any other unique numbers assigned to a device. Such data used to personalize advertising will not be provided to the third-party providers of the Social Platforms for this purpose but please see the “Cookies and Similar Technologies” section for details of where we may share such data. This activity is also subject to the privacy choices you have elected to make on such Social Platforms.

We will only share your Personal Data with the third-party providers of the Social Platforms, so that we can advertise our Services to you when you use those Social Platforms, where you have provided your consent or where it is otherwise in our legitimate interests to do so in order to promote our Services. Where this activity is undertaken through the use of Cookies please see the “Cookies and Similar Technologies” section) to learn about the legal basis that we rely on. You can opt-out of our sharing of your personal information with the third-party providers by exercising your rights as a data subject as set out below.

Purpose: Advertising and marketing to our Customers and prospective leads – advertising to other people who share similar interests and characteristics to you (or if you are someone that sees such advertising). We will provide your Personal Data to third-party providers of Social Platforms as described in the “advertising to you on social media and other platforms” and the “Cookies and Similar Technologies” sections. If you are a user of those Social Platforms, we may ask the third-party providers of those Social Platforms to find other registered users of their services who share similar interests and characteristics to you, which will be based on information that the third party holds about you and its other registered users. This is known as “lookalike” audience advertising because we are trying to show our advertising to people who “look like” you. If you are someone who has seen this advertising on a Social Platform, please note that this activity is based on data that you have provided to the Social Platform (which we do not receive) and is also subject to the privacy choices you have elected to make on such third-party services.

Please see the “advertising to you on social media and other platforms” section for details of the lawful basis that we rely on to share your personal data with the Social Platforms. It is in our legitimate interests to further use your Personal Data to advertise our Services to other individuals that use those Social Platforms and who share similar interests and characteristics with you. If you are someone who has seen this advertising on a Social Platform, it is in our legitimate interests that the Social Platform uses the data that you have provided to it to advertise our Services, although please note that we do not receive this data and you should exercise your rights in respect of such data in accordance with the privacy notice of the relevant Social Platform.

Purpose: Service Analytics. We perform analytics on Personal Data that we process in order to: provide the Services, assess the needs of our Customer’s business to determine or suggest suitable Service(s); send Customers requested information about the Service(s) and improve the quality of this information; respond to customer service requests, questions and concerns and improve the quality of these responses; and for product improvement purposes. The data processed includes: Email addresses; mobile or landline telephone numbers; IP address; chat identifiers and chat content (including the contents of chatbot sessions); widgets. As set out above we are generally not a data controller of any Hosted Data – i.e.. data which we process on behalf of our customers. However, some Hosted Data may be used as part of our analytics for the above purposes.

It is necessary for us to use your Personal Data in this way to perform our obligations in accordance with any contract that we may have with you to provide our Services. It is also in our legitimate interests to process Personal Data in this way in order to perform analytics, train our algorithms, improve, enhance, develop, support and operate the Services and its availability, compile statistical reports and record insights into usage patterns, develop new products and services using machine learning technologies and more generally to better serve our Customers and be able to provide customized content and features.

Purpose: Cookies and Similar Technologies, Mobile Applications, Usage Data, Single Sign on and Social Media. We use commonly used tools to automatically collect information that may contain Personal Data from your computer or mobile device as you visit our Websites, use our application or in general use our Services. a) Cookies and Similar Technologies. We and our third party advertising partners use cookies, web beacons, pixel tags and similar technologies (which we generically refer to as ‘cookies’) to collect data from the devices that you use to access our Website. Data collected via these cookies are used for the purposes of: analyzing trends; administering the Website; to count users who have visited our Site and collect other types of information including insights about visitors’ browsing habits on the Websites; gathering demographic information about our user base as a whole; to learn what parts of our Website are most popular and what kind of features and functionalities our visitors like to see; to help us understand the type of marketing content that is most likely to appeal to our visitors and Customers; and to help us with the selection of future product and service lines, website design and to remember your preferences. We may receive reports from third party companies based on the use of these technologies on an individual and aggregated basis. Most web browsers support cookies and users can control the use of cookies at the individual browser level. Please note that if you choose to disable cookies, it may limit your use of certain features or functions on our Websites and Services. As is true of most websites, we gather certain information automatically and store it in log files. This information may include internet protocol (IP) addresses, browser type, internet service provider (ISP), referring/exit pages, the files viewed on our Websites (e.g., HTML pages, graphics, etc.), operating system, date/time stamp, and/or clickstream data. We link this automatically collected data to other data we collect about you. Please see our Cookies Policy https://www.bayasoft.in/list-of-cookies/ for further information about our use of Cookies and similar technologies.

Cookies and Similar Technologies: Where your data is collected through the use of non-essential cookies, we rely on consent to collect your personal data and for the onward processing purpose. Please see our Cookie Policy https://www.bayasoft.in/list-of-cookies/ for further details.

b) Mobile Applications. When you download, install and use our Mobile Applications, we automatically collect information on the type of device you use, operating system version, and the device identifier (or “UDID”). We use mobile analytics software to allow us to better understand the functionality of our Mobile Software on your phone. This Software may record certain information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. We do not link the information we store within the analytics software to any personal data you submit within the Mobile Applications. When you open the Mobile Applications for the first time, you may be asked for permission to send you push notifications. If you allow this feature, our Mobile Applications will send you push notifications, for example, reminders, alerts, updates and other information. You can configure and turn off push notifications via your device settings at any time.

Mobile Applications: Functionality: It is in our legitimate interest to use the data collected here in order to send error messages (if applicable) and in order to secure our Mobile Applications and to detect and resolve errors and cyberattacks. Mobile Analytics: Where we use mobile analytics software to understand the functionality of our Mobile Software on your phone, we rely on our legitimate interests in order to secure our Mobile Applications and ensure the proper functioning of our Mobile Applications and ensure the effective provision of our Services. Where this involves the use of cookies, please see the “Cookies and Similar Technologies” section) to learn about the legal basis that we rely on. https://www.bayasoft.in/list-of-cookies/ Push notifications: In the UK, EU and Brazil, where we send push notifications about any events or promotions that we may be running and/or update you about new features to our Services we will do so on the basis of your consent. Otherwise, we will rely on our legitimate interests in doing so.

c) Usage Data. In addition to the information mentioned in the Cookies and Similar Technologies https://www.bayasoft.in/list-of-cookies/ section above that we automatically collect, we also collect clicks, scrolls, conversion and drop-off on our Websites and Service(s) to monitor user journey in real-time (“Usage Data”). Subject to this Notice, we will use such Usage Data and Service Data, including without limitation, to (i) assess the needs of your business to determine or suggest suitable Services; (ii) send you requested information about the Services; (iii) respond to customer service requests, questions and concerns; (iv) for any analytical purposes; and (v) to provide and improves the Services. Whenever an email is linked with manually by you, we collect information you filled in the fields From, To, CC, Subject, Thread ID, Message ID and Label ID. We will create a copy of the email thread in the inbox of all your team members. If any team member access is revoked by you, we will delete the created email from the corresponding team member’s inbox. We will never delete the original email which was linked to Bayadesk originally. Your calls will be recorded, subject to the consent of both parties to the call, and this recording will be used for product improvement, including to train our applications to better recognize human speech For Bayasoft customers: you will have the option to opt out of analytics or tracking certain events from within these products. For BayaCRM users only: Your calls made using BayaCRM will be recorded, subject to the consent of both parties to the call, and this recording will be used for product improvement, including to train our applications to better recognize human speech. You will have the option to opt out of analytics or tracking certain events from within BayaCRM. Analytics opt-out for products other than Bayadesk: Customers may opt-out of analytics by writing to dpo@bayasoft.in.

Usage Data: We will rely on our legitimate interests to process Usage Data for the purposes outlined, except for call recording which we base on consent exclusively. Where Usage Data is collected via cookies or similar technologies please see the “Cookies and Similar Technologies” section) to learn about the legal basis that we rely on. https://www.bayasoft.in/list-of-cookies/

d) Single sign-on. You can log in to our Websites using sign-in services such as Google, Facebook Connect and LinkedIn. These services will authenticate your identity and provide you the option to share certain Personal Data with us such as your name and e-mail address. Services like Google, Facebook Connect, Twitter, LinkedIn give you the option to post information about your activities on our Websites to your profile page and to share information with others within your network.

Single sign on: Where you have opted to use single sign on – it is in our legitimate interest to process your Personal Data in order to facilitate the single sign on function.

e) Social media features and third party cookies. Our Websites include social media features, such as the Facebook “Like” button, the “Share This” button or interactive mini-programs. Where you interact with these features, those third parties may collect your IP address, which page you are visiting on our Websites, and may set a cookie to enable the feature to function properly. Social media features and widgets are either hosted by a third party or hosted directly on our Websites. Your interactions with these features are governed by the privacy notice of the company providing them. If the widget is shown on our Websites, our Privacy Notice applies. Please see our Cookies Policy for further information. If you provide us or our service providers with any Personal Data relating to other individuals, including End-User data or your employee’s data, you represent that you have the authority to do so and acknowledge that it will be used in accordance with this Notice.

Social media features: Where this activity is undertaken through the use of Cookies on our Website we rely on consent to collect your personal data and for the onward processing purpose. Please see our Cookie Policy https://www.bayasoft.in/list-of-cookies/ for further details. Where we use social media features we do so in line with the terms and conditions of those providers.

Purpose: Business administration and legal compliance. We may use your Personal Data to: a) respond to lawful requests by public authorities, including meeting national security or law enforcement requirements; b) when we believe that disclosure is necessary to protect our rights and/or to comply with a judicial proceeding, court order, police request or other legal process served on us; c) to protect the rights of third parties; and d) in connection with a business transition such as a merger, reorganization, acquisition by another company, or sale of any of our assets.

Where we use your Personal Data in connection with a business transition, to enforce our legal rights or to protect the rights of third parties, it is in our legitimate interest to do so. For all other purposes described in this section, we have a legal obligation to use your Personal Data to comply with any legal obligations imposed upon us, such as a court order. In some jurisdictions the applicable legal basis will be the exercise of legal rights in judicial, administrative or arbitration proceedings. We will not process any special (or sensitive) categories of Personal Data or Personal Data relating to criminal convictions or offences except where we are able to do so under applicable legislation and/ or with your explicit consent.

Purpose: Receipt of products and services from our suppliers. If we have engaged you or the organization you represent to provide us with products or services (for example, if you or the organization you represent provide us with services such as IT support or financial advice), we will collect and process your Personal Data in order to manage our relationship with you or the organization you represent, to receive products and services from you or the organization you represent and, where relevant, to provide our Services to others. The data processed includes: The Personal Data we collect from you may include your name, email address, telephone number, designation, billing address and any other personal data you volunteer which is relevant to our relationship with you or the organization you represent.

It is necessary for us to use your Personal Data to perform our obligations in accordance with any contract that we may have with you or the organization you represent, or it is in our legitimate interest to use Personal Data in such a way to ensure that we have an effective working relationship with you or the organization you represent and are able to receive the products and services that you or your organization provides, and provide our Services to others, in an effective way.

Purpose: Security. We may process your Personal Data in connection with the administration of our security measures. We have security measures in place at our premises, including CCTV and building access controls. There are signs in place showing that CCTV is in operation. The images captured are securely stored and only accessed on a need to know basis (e.g. to look into an incident). CCTV recordings are typically automatically overwritten after a short period of time unless an issue is identified that requires investigation (such as a theft). We may require visitors to our premises to sign in on arrival and where that is the case we will keep a record of visitors for a short period of time – normally only for as long as is necessary for legitimate security purposes. Our visitor records are securely stored and only accessible on a need-to-know basis (e.g. to look into an incident).

It is in our legitimate interests to process your Personal Data so that we can keep our premises secure and provide a safe environment for our personnel and visitors.

What Personal Data we collect and how we use your Personal Data?

What legal basis we rely on to process your Personal Data?

B) Information that we collect from third parties.

From time to time, we may receive Personal Data about you from third party sources like databases and social media but only where we have checked that these third parties either have your consent to or are otherwise legally permitted or required to disclose your personal information to us. The types of information we obtain from such third parties include your name, e-mail address, postal address, location, designation, telephone number and we use the information we receive from these third parties to maintain and improve customer support experience, improve the accuracy of the records we hold about you and for our sales and marketing purposes.

When processing your Personal Data received by third parties for these purposes, we will rely on the consent that you have given such third party to share data with us. Otherwise, subject to local law, our processing activities will rely on our legitimate interests to improve our customer service and ensure our marketing databases are accurate.

4. WITH WHOM DO WE SHARE PERSONAL DATA?

We process Personal Data in the countries in which we are established, including the United States, the United Kingdom and the European Economic Area (“EEA”) and in other countries where third parties that we may use are based.

When processing your Personal Data, we may need to share it with other third parties (including other entities within our Group of Companies), as set out below. This list is non-exhaustive and there may be circumstances where we need to share Personal Data with other third parties:

  • With third parties assisting Bayasoft in providing our Customers with the Service(s) (“Sub-Processors” listed here). Our Sub-Processors are given access to Customers’ Account and Service Data only as reasonably necessary to provide the Service(s) and will be subject to confidentiality obligations in their service agreements;
  • With third party service providers providing us with services, such as research and analytics, anti-spamming and anti-phishing services, marketing and data enrichment or for them to reach out to you on our behalf;
  • For Freshinbox users: with third parties to permit such third parties to provide services that help us to provide our business activities, which may include assisting us with marketing, advertising our product/service offerings, or providing, maintaining and improving the features and functionality of the Services
  • With third party payment processors who process your credit card and other payment information for Bayasoft but who are otherwise not permitted to store, retain or use such information;
  • With third party partners for the purpose of assisting us in onboarding you and providing any further support needed to use our Services;
  • With sponsors of contests for which you register;
  • With third-party service providers that are assisting us with the operation and administration of events. If we are running an event in partnership with other organizations, we will share your Personal Data with such organizations for use in relation to the event;
  • With third-party social media networks, advertising networks and websites;
  • With external recruiters, and related organizations such as third-party providers that undertake employee background checks on our behalf and on behalf of other entities within our Group of Companies;
  • With auditors, lawyers, accountants and other professional advisers who advise and assist us in relation to the lawful and effective management of our organization and in relation to any disputes we may become involved in;
  • Law enforcement or other government and regulatory agencies and bodies or other third parties as required by, and in accordance with, applicable law or regulation;
  • With Affiliates within Bayasoft and companies that we will acquire in the future when they are made part of the Bayasoft group – this may be for customer support, marketing, technical operations, account management or organizational purposes and to provide, enhance and improve the Services;
  • If we are involved in a merger, reorganization or other fundamental corporate change with a third party, or sell/buy a business unit to/from a third party, or if all or a portion of our business, assets or stock are acquired by a third party, with such third party including at the due diligence stage;
  • Other third parties – Occasionally, we may receive requests from third parties with authority to obtain disclosure of Personal Data, such as to check that we are complying with applicable law and regulation, to investigate an alleged crime, or to establish, exercise or defend legal rights. We will only fulfil requests for Personal Data where we are permitted to do so in accordance with applicable law or regulation.
  • When you connect your Gmail mailbox with your Bayasoft Account (see section 14 (Google API Disclosure) below).

Where necessary (such as when we transfer data to service providers) we put in place appropriate contractual arrangements and security mechanisms to protect the Personal Data shared and to comply with our data protection, confidentiality and security standards and obligations. Further details can be provided upon request.

5. INTERNATIONAL TRANSFER OF DATA

When making any transfers of Personal Data from the EEA, Switzerland and the UK to countries which do not have the same data protection laws as the EEA, Switzerland and the UK we will comply with our legal and regulatory obligations in relation to your Personal Data, including having a lawful basis for transferring Personal Data and putting appropriate safeguards in place to ensure an adequate level of protection for the Personal Data. We will take reasonable steps to ensure the security of your Personal Data in accordance with applicable data protection laws.

When transferring your Personal Data outside the EEA, Switzerland and the UK, we will, where required by applicable law, implement at least one of the safeguards set out below:

Adequacy decisions: We may transfer your Personal Data to countries that have been deemed to provide an adequate level of protection for Personal Data by the UK and/or European Union authorities. For further details, see https://ec.europa.eu/info/law/law-topic/data-protection/data-transfers-outside-eu/adequacy-protection-personal-data-non-eu-countries_en.

Model Clauses: Where we use certain service providers we may use specific contracts approved by the UK and/or European Authorities which give Personal Data the same protection it has in the UK and the EEA. For further details, see https://ec.europa.eu/info/law/law-topic/data-protection/data- transfers-outside-eu/model-contracts-transfer-personal-data-third-countries_en.

This is true whether or not the transfer is within our group, or to a third party.

With respect to Personal Data received or transferred to the United States, Bayasoft Private Limited. is subject to the regulatory enforcement powers of the U.S. Federal Trade Commission.

With respect to Personal Data subject to LGPD’s jurisdiction, Bayasoft Private Limited. will also accomplish LGPD’s requirements for transfers of Personal Data to countries which do not have the same data protection laws.

In certain situations, Bayasoft Private Limited. and/or its Group Companies may be required to disclose Personal Data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, you can contact us at dpo@bayasoft.in or via postal mail at Bayasoft Private Limited., 2950 S. Delaware Street, Suite 201, San Mateo, CA 94403 at the attention of the Data Protection Officer with a copy to dpo@bayasoft.in.

6. HOW DOES BAYASOFT KEEP PERSONAL DATA SECURE?

We use appropriate technical and organizational measures to protect the Personal Data that we collect and process. We have implemented information security policies, rules and technical measures to protect the Personal Data under our control from unauthorized access, improper use or disclosure, unauthorized modification and unlawful destruction or accidental loss. In addition, all our employees and data processors (i.e. those who process your Personal Data on our behalf) are obliged to respect the confidentiality of the Personal Data of all users of our Website and those who purchase our Services. The measures we use are designed to provide a level of security appropriate to the risk of processing your Personal Data.

While information security risks are always evolving, so are the controls. The controls, so implemented, are periodically reviewed as part of internal and external audits. If you have questions about the security of your Personal Data, please contact us using the details in section 18.

7. EEA, UK AND SWISS SPECIFIC RIGHTS

A) Collected Data (excluding Hosted Data)

If you are an individual resident in EEA, UK or Switzerland, you have the following data protection rights regarding Collected Data:

If you wish to exercise any of the following rights in relation to your Personal Data (hereinafter referred to as a “Request”), you can do so at any time by contacting us using the details in section 18:

Your right of access

If you ask us, we will confirm whether we are processing your Personal Data and, if so, provide you with a copy of that Personal Data (along with certain other details). If you require additional copies, we may charge a reasonable fee for producing those additional copies.

Your right to rectification

If the Personal Data we hold about you is inaccurate or incomplete, you are entitled to have it rectified. If we have shared your Personal Data with others, we’ll let them know about the rectification where possible. If you ask us, where possible and lawful to do so, we will also tell you who we’ve shared your Personal Data with so that you can contact them.

Your right to erasure

You can ask us to delete or remove your Personal Data in some circumstances, such as where we no longer need it or where you withdraw your consent (where applicable). If we have shared your Personal Data with others, we will let them know about the erasure where possible. If you ask us, where it is possible and lawful for us to do so, we will also tell you who we have shared your Personal Data with so that you can contact them directly.

Your right to restrict processing

You can ask us to “block” or suppress the processing of your Personal Data in certain circumstances such as where you contest the accuracy of that Personal Data or you object to us processing it for a particular purpose. This may not mean that we will stop storing your Personal Data but, where we do keep it, we will tell you if we remove any restriction that we have placed on your Personal Data to stop us processing it further. If we’ve shared your Personal Data with others, we’ll let them know about the restriction where it is possible for us to do so. If you ask us, where it is possible and lawful for us to do so, we’ll also tell you who we’ve shared your Personal Data with so that you can contact them directly.

Your right to data portability

You have the right, in certain circumstances, to obtain Personal Data you have provided to us (in a structured, commonly used and machine-readable format) and to reuse it elsewhere or to ask us to transfer it to your chosen third party.

Your right to object

You can ask us to stop processing your Personal Data, and we will do so, if we are: (i) relying on our own or someone else’s legitimate interest to process your Personal Data, except if we can demonstrate compelling legal grounds for the processing; or (ii) processing your Personal Data for direct marketing purposes.

Your rights in relation to automated decision-making and profiling

You have the right not to be subject to a decision when it is based on automatic processing, including profiling, if it produces a legal effect or similarly significantly affects you, unless such profiling is necessary for the entering into, or the performance of, a contract between you and us.

Your right to withdraw consent

If we have collected and process your Personal Data with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Data conducted in reliance on lawful processing grounds other than consent.

Your right to opt out of marketing communications

>You have the right to opt-out of marketing communications we send you at any time. You can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing e-mails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), please contact us using the details in section 18.

Your right to lodge a complaint with the supervisory authority

If you have a concern about any aspect of our privacy practices, including the way we have handled your Personal Data, please contact us using the details in section 18. You also have the right to complain to a data protection authority in the Member State of your residence or the place of the alleged infringement. You can find a list of contact details for all EU supervisory authorities at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. The UK data protection regulator is the Information Commissioner’s Office and contact details can be found at https://ico.org.uk.

If you are residing in France: your right to give instructions regarding the processing of your data after your death

You have the right to give instructions regarding the retention, deletion and disclosure of your Personal Data after your death. You may designate a person to carry out these instructions. This person is then entitled to be informed of the directives and to request their implementation from us.

We respond to all Requests we receive from individuals wishing to exercise their data protection rights within a reasonable timeframe in accordance with applicable data protection laws. We can only process requests after we have verified your identity which may mean requesting further information from you.

B) Hosted Data

As explained above, some of our Services including processing data on behalf of our customers in relation to Applications, tools or software that we provide. Save for the limited circumstances set out in this Notice, we are not the Data Controller of this Hosted Data as we do not determine the purposes or the means of the processing.

If you wish to access, correct, update, modify or delete Hosted Data or if you would no longer like to be contacted by one of our Customers you should direct your query to the Customer, who is the Data Controller of your data. If requested by the Customer to action a Request, we will respond within a reasonable timeframe.

If you are a Customer of our Services and wish to raise a Request on behalf of data subjects in connection with Hosted Data, you may raise a ticket on the support portal of the relevant Service. Please note that if a Customer has subscribed to more than one Service, a Request on a particular Service support portal is specific to that Service only and separate Requests need to be raised across other relevant Service support portals.

8. CALIFORNIA-RESIDENT SPECIFIC RIGHTS

Your California Privacy Rights; “Shine the Light” Law

California residents are entitled once a year, free of charge, to request and obtain certain information regarding our disclosure, if any, of certain categories of personal information to third parties for their own direct marketing purposes in the preceding calendar year. We do not share your personal information with third parties for those third parties’ direct marketing purposes.

California Consumer Privacy Act

To the extent you are a ‘consumer’ as defined under the California Consumer Privacy Act of 2018 (“CCPA”) and Bayasoft is a ‘business’ as defined under CCPA, the following applies to you:

Under the CCPA, “personal information” is information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Subject to the provisions of the CCPA, consumers have the rights to receive certain disclosures regarding the collection, use, and disclosure of information about them, as well as rights to know/access, delete, correct, and limit the use and disclosure of sensitive personal information and opt out of the sale or sharing of personal information. You have the right to be free from discrimination based on your exercise of your CCPA rights. To the extent that we collect personal information that is subject to the CCPA, that information, our practices, and your rights are described below.

Notice at Collection Regarding the Categories of Personal Information Collected

You have the right to receive notice of certain information about our data collection, use, and disclosure. Bayasoft does not sell personal information as defined by the CCPA. The following table summarizes the categories of personal information we may collect that may be disclosed to service providers. Bayasoft does share personal information (as defined by the CCPA) as explained below the following table. The categories we use to describe personal information are those enumerated in the CCPA.

We may collect this personal information for the purposes described in the section above titled ‘WHAT PERSONAL DATA DOES BAYASOFT COLLECT, HOW DO WE USE YOUR PERSONAL DATA AND WHAT LEGAL BASIS DO WE RELY ON.’

CATEGORYSOURCE
Identifiers (such as contact information or personal characteristics like name, email address or postal address, or social media handles)You; our social media pages
Health Information (such as protected health information or physical or mental health status)You
Financial Information (such as payment data, bank account information, or credit information)You
Protected Classifications and Other Sensitive Data (such as date of birth or gender)You
Commercial Information (such as transaction information, billing and payment records, or order history)You
Biometric Information (such as fingerprint, voiceprint, facial recognition, or eye recognition)You
Geolocation Information (such as approximate location based on your IP address)You
Internet or Electronic Network Activity Information (such as IP address, device identifier (e.g. Mac), cookie or tracking pixel information, browsing or search history, or diagnostic information)You
Audio, Electronic, Visual, Thermal, Olfactory, or Similar Information (such as call recordings, photographs, or video)You
Professional or Employment-Related Information (such as current employer or job title)You
Education Information (such as education history and level of education) You
Inferences Drawn About You (such as user profile reflecting preferences, characteristics, psychological trends, or predispositions)You
Content of Communications (such as contents of phone calls, emails, text messages, or photos)You
Contacts (such as list of contacts you supply to us or that we may collect from your device with your permission)You

We may share the categories of Identifiers, Geolocation Information (coarse location only), and Internet or Electronic Network Activity Information as described above with advertising partners.

We determine the retention period for each of the categories of personal information listed above based on (1) the length of time we need to retain the information to achieve the business or commercial purpose for which it was obtained, (2) any legal or regulatory requirements applicable to such information, (3) internal operational needs, and (4) any need for the information based on any actual or anticipated investigation or litigation.

Entities to whom we disclose information for business purposes are service providers, which are companies that we engage to conduct activities on our behalf. We restrict service providers from using personal information for any purpose that is not related to our engagement.

We may disclose personal information that we collect or that you provide as described in this privacy notice:

  • To our affiliates, subsidiaries, and other Bayasoft companies.
  • To the following categories of service providers who are bound by law and contractual obligations to keep your personal information confidential. Service providers may use information that we share with them only for the purposes for which we disclose it to them and as otherwise permitted by law.
    • Payroll services providers that assist us in calculating and disbursing your salary and other compensation.
    • Auditing and accounting firms, such as firms that assist us in the creation of our financial records.
    • Professional services consultants, such as firms that perform analytics, assist with improving our business, provide legal services, or supply project-based resources and assistance.
    • Recruitment vendors that assist with the application process, including assessing candidate qualifications and providing the platform through which candidates submit their candidacy.
    • Analytics services, including entities that analyze traffic to and on our website and assist with identifying and communicating with potential customers.
    • Security vendors, such as entities that assist with security incident verification and response, service notifications, and fraud prevention.
    • IT vendors, such as entities that assist with website design, hosting and maintenance; data and software storage; and network operation.
  • To other external parties when required by law or to protect Bayasoft or other persons, as described in this privacy notice.
  • To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of Bayasoft’ assets or capital stock, whether as a going concern or as part of bankruptcy, liquidation or a similar proceeding, in which personal information held by Bayasoft about our employees, workers and contractors is among the assets transferred. If this happens, the recipient of the personal information will continue to honor the promises made in this privacy notice, or else provide you notice of any changes.

Your rights under the CCPA

Know and request access to and correction and deletion of personal information: You have the right to request access to personal information collected about you and information regarding the source of that personal information, the purposes for which we collect it, and the third parties and service providers with to whom we sell or disclose it. You also have the right to request in certain circumstances that we delete personal information that we have collected directly from you or correct information that we have collected about you.

Right to opt out of selling/sharing personal information: You have the right to opt out of the sale of your personal information to, and the sharing of your personal information with, third parties. Please note that the right to opt out does not apply to our sharing of data with service providers, who are parties we engage to perform a function on our behalf and are legally and contractually obligated to use the data only for that function.

In case you would like to exercise this right please go here.

Right to limit the use and disclosure of sensitive personal information: You have the right to limit the use and disclosure of sensitive personal information that we use to infer characteristics about you. If you exercise this right, we may still use and disclose sensitive information about you for limited purposes.

Colorado, Connecticut, Utah, and Virginia

Residents of the States of Colorado, Connecticut, Utah, and Virginia have the following rights:

  • Opt out of “sales” of personal information and use of their personal information for “targeted advertising,” as those terms are defined under applicable law.
  • Opt out of “profiling” under certain circumstances, as defined under applicable law. (Residents of Colorado, Connecticut, and Virginia only.)
  • Confirm processing of and access to personal information under certain circumstances.
  • Correct personal information under certain circumstances. (Residents of Colorado, Connecticut, and Virginia only.)
  • Delete personal information under certain circumstances.

Residents of these states can exercise their rights by contacting us using one of the methods listed below.

How to submit an opt-out, access or deletion request:

If you seek to exercise the foregoing rights to access, correct, or delete Personal Information, please contact us at dpo@bayasoft.in or write to us here. We respond to all requests we receive from you wishing to exercise your rights within a reasonable timeframe in accordance with applicable data protection laws. By writing to us, you agree to receive communication from us seeking information from you in order to verify you to be the consumer from whom we have collected the Personal Information and such other information as reasonably required to enable us to honor your request.

If you are a resident of California, Colorado, or Connecticut, you may, under certain circumstances, authorize another individual or a business, called an authorized agent, to make requests on your behalf. (Authorized agents in California must be registered with the California Secretary of State.) The request should include your contact information and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. In addition, you should provide sufficient information that allows us to reasonably verify that you are the person about whom we collected the personal information or an authorized representative of that person. In order to protect the security of your personal information, we will not honor a request if we cannot verify your identity or authority to make the request and confirm that the personal information relates to you. The method used to verify your identity will depend on the type, sensitivity, and value of the information, including the risk of harm to you posed by any authorized access, correction, or deletion. Generally speaking, verification will be performed by matching the identifying information provided by you to the personal information that we already have.

Any disclosures we provide will only cover the 12-month period preceding our receipt of your request (and will not be made more than twice in a 12-month period). If we cannot comply with a request, or cannot fully comply with a request, the response we provide will also explain the reasons we cannot comply.

Appeals

Residents of Colorado, Connecticut, and Virginia have the right to appeal a denial of their request by contacting us as described in the notice of denial.

9. LGPD

The LGPD grants control and self-determination to data subjects and provides compliance responsibilities for organizations such as Bayasoft in regard to personal data whose data subject is located within Brazilian territory at the moment of data collection or to any offering or providing of goods or service for individuals located within Brazilian territory. The LGPD gives national regulators powers to impose significant fines and indemnification liabilities on organizations that breach this law. All content of this notice and Bayasoft’s processing of personal data are in strict compliance with LGPD, where applicable. At Bayasoft we take a global approach to ensure all members benefit from increased control and clarity, which is in line with our commitment to putting our Customers first and working every day to maintain the trust they put in us.

LGPD grants the following rights to those individuals subject to its jurisdiction:

Confirmation of data processing and accessYou have the right to know and have access to the data we process about you.
Data correctionYou have the right to request a correction of any incomplete, inaccurate or outdated data of yours that we process.
Anonymization, blocking or deletionYou have the right to request anonymization, blocking or elimination of unnecessary or excessive data or of any data being processed contrary to the law.
Data portabilityYou have the right, in certain circumstances, to reuse the Personal Data you have provided to us elsewhere or to ask us to transfer it to your chosen third party.
Information on data sharingYou have the right to be informed about the public and private entities with which we may share your Personal Data.
Withdraw ConsentIf we have collected and processed your Personal Data with your consent, you can withdraw your consent at any time, for all or part of the data. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your personal information conducted in reliance on lawful processing grounds other than consent, in case which (as other applicable situations) you have the right to know what data we can retain. You also have the right to know what the consequences of you withdrawing consent will be (for example, if it will prevent you from receiving a service).
File a complaintYou have the right to file a complaint with a supervisory authority about our collection and processing of your Personal Data. The Brazilian data protection regulator is the Autoridade Nacional de Proteção de Dados and contact details can be found at https://www.gov.br/anpd/pt-br.

10. OPTING OUT PROCEDURE

If you no longer wish to receive marketing communications from Bayasoft, you may click on the “unsubscribe” link located on the bottom of our marketing emails or you can contact us at support@bayasoft.in. When using our Mobile Applications, you also have the option to turn off push notifications.

If you would like to object to the use of your Personal Data for analytics, you can contact us at support@bayasoft.in

To opt out of the use of cookies, please see update your preferences here

11. OTHER COMMUNICATIONS

If you are our Customer, we will send you announcements (email or in product notifications related to the Services) on occasions when it is necessary to do so. For instance, if our Services are temporarily suspended for maintenance, we might send you an e-mail. Generally, you may not opt-out of such communications as they are a key part of delivering our Services to you effectively. If you do not wish to receive them, you may deactivate your Account.

12. RETENTION OF PERSONAL DATA

We will retain Personal Data only as long as is necessary for the purposes for which it is collected, as set out in this Notice. We will also retain it as necessary to comply with our legal obligations, for legal and litigation purposes, to maintain accurate financial and other records, deal with complaints, and enforce our agreements.

Generally, in respect of Personal Data that we process in connection with the supply of our Services, we may retain your Personal Data for up to six years from the date of supply of the relevant Services and in compliance with our data protection obligations. We may then destroy such files without further notice or liability.

Where we process any other Personal Data, we will generally retain relevant Personal Data for up to three years from the date of our last interaction with you (and in compliance with our data protection obligations). We may then destroy such files without further notice or liability.

If any Personal Data is only useful for a short period (e.g., for a specific activity, promotion or marketing campaign), we will not retain it for longer than the period for which it is used by us. If you have opted out of receiving marketing communications from us, we will need to retain certain Personal Data on a suppression list indefinitely so that we know not to send you further marketing communications in the future. However, we will not use this Personal Data to send you further marketing unless you subsequently opt back in to receive such marketing.

Should you apply to work for us, we will retain data from your application for a limited period for record keeping and legal purposes. We may (subject to laws in your jurisdiction) also retain your data in order to contact you if a role arises for which we think you would be suitable. Further information about this will be provided during the application process and we will ask for consent where necessary according to local law.

The above examples may vary in some cases due to local laws, liability periods and mandatory retention requirements. For example, if certain information needs to be retained for longer according to local laws, regulations or because different legal limitation periods apply, then we will keep the Personal Data for these longer periods.​​

13. LINKS TO THIRD PARTY SITES

Our Websites contain links to other websites that are not owned or controlled by Bayasoft. Please be aware that we are not responsible for the privacy practices of such other websites or third parties. We encourage you to be aware when you leave our Websites and to read the privacy policies of each and every website that collects Personal Data.

14. GOOGLE API DISCLOSURE

Bayasoft has developed a functionality that allows its customers to connect their Gmail mailbox using Oauth with our products. Connecting your Gmail mailbox to your Bayasoft account allows Bayasoft to associate your account with your personal information on Google, to see your personal information, including any personal information you have made available, to view your email address and access your emails in order to create them as a ticket in our products, and to transmit the Service Data to third-party applications listed on Bayasoft’ Marketplace that you integrate with your Account. The connection will further allow you to respond to your emails directly from our product and to delete them once they are fetched into our product.

Bayasoft’s use of information received from Google APIs will adhere to Google API Services User Data Policy’s App’s, including the Limited Use requirement.

15. CHILDREN’S PERSONAL DATA

Bayasoft does not knowingly collect any Personal Data from children under the age of 16. If you are under the age of 16, please do not submit any Personal Data through our Websites or Services. We encourage parents and legal guardians to monitor their children’s Internet usage and to help enforce this Notice by instructing their children never to provide Personal Data through our Services or Websites without their permission. If you have reason to believe that a child under the age of 16 has provided Personal Data to us through our Websites or Services, please contact us using the details in section 18 and we will endeavor to delete that information and terminate the child’s account from our databases.

16. AMENDMENTS

Amendments to this Notice will be posted to this URL and will be effective when posted. If we make any material changes, we will notify you by means of a conspicuous notice on this Website or via e-mail or via in-product notification, but we encourage you to review this Notice periodically to keep up to date on how we use your Personal Data. You should frequently visit this Notice to stay fully informed. Your continued use of our Websites or the Service(s) following the posting of any amendment, modification, or change to this Notice shall constitute your acceptance of the amendments to this Notice. You can choose to discontinue use of the Websites or Service(s), if you do not accept the terms of this Notice, or any modified version of this Notice.

17. EFFECT OF MERGER OR ACQUISITION

In the event Bayasoft goes through a business transition, such as a merger or acquisition by another company, or sale of all or a portion of its assets, Customers’ Accounts, Collected Data and Service Data will likely be among the assets transferred. A prominent notice will be displayed on our Websites to notify you of any such change in ownership or control and Customers will be notified via an e-mail.

18. CONTACTING BAYASOFT

If you have any questions about this Privacy Notice or our privacy practices, you can contact us at dpo@bayasoft.in or via postal mail at Bayasoft Private Limited., 2950 S.Delaware Street, Suite 201, San Mateo, CA 94403 at the attention of the Data Protection Officer with a copy to dpo@bayasoft.in.

Annex 1 – Definitions

Controller“, “Data Subject“, “Personal Data Breach”, “Processor” and “Process” shall have the meaning given to them in the GDPR or other applicable law.

Affiliate”: means, with respect to a Bayasoft entity, any entity that directly or indirectly controls, is controlled by, or is under common control with such Bayasoft entity, whereby “control” (including, with correlative meaning, the terms “controlled by” and “under common control”) means the possession, directly or indirectly, of the power to direct, or cause the direction of the management and policies of such person, whether through the ownership of voting securities, by contract, or otherwise.

API”: means the application programming interfaces developed, enabled by, or licensed to Provider that permits a User to access certain functionality provided by the Service(s).

Apps”: mean the software applications listed on the Market Place which are created, developed, licensed, or owned by third-party developers. The term also includes any updates, upgrades and other changes to such software applications and versions thereof.

Documentation”: means any published data sheet provided by Bayasoft detailing the functionalities of the Software.

GDPR” shall mean the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of personal data and on the free movement of such data, and any legislation relating to the processing of personal data effective in the UK and/or Switzerland that is intended to replicate or maintain some or all of the provisions, rights and obligations set out in Regulation (EU) 2016/679, as relevant.

LGPD” means “Lei Geral de Proteção de Dados Pessoais”, which corresponds to the Brazilian data protection law no. 13.709/2018.

Market Place”: means an online marketplace for Apps that interoperate with the Service(s). Its Website(s) is https://www.bayasoft.in/apps/.

Mobile Applications”: mean the software applications created, developed, and owned by Bayasoft to enable access and use of the Service(s) through mobile or other handheld devices (such as apps on iOS or Android devices).

Personal Data” shall mean any information relating to an identified or identifiable natural person as defined by the General Data Protection Regulation of the European Union (“GDPR” EC-2016/679).

Processing”/“To Process”: means any operation or set of operations which is performed upon Personal Data, whether or not by automatic means, such as collection, recording, organization, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction.

Service Data“: means all electronic data, text, messages or other materials, including without limitation Personal Data of Users and End-Users, submitted to the Service(s) by Customer through Customer’s Account in connection with Customer’ use of the Service(s).

Service(s)”: mean and include Bayadesk and/or any new services that Provider may introduce as Service(s) to which Customer may subscribe to and any Updates, modifications or improvements to the Service(s), including individually and collectively, Software, the API and any Documentation, but exclude any Apps or APIs that belong to third parties. Software: means software provided by Bayasoft (either by download or access through the internet) that allows Customer to use any functionality in connection with the Service(s) and includes Mobile Application(s), but excludes any Apps or APIs that belong to third parties.

User”: means an individual who is authorized by Customer to use the Service(s) including an Account administrator, employees, consultants, contractors, and agents of Customer, and third parties with which Customer transacts business.

19 Bayasoft WhatsApp Business Policy

Effective Date: 04/04/2024

Thank you for choosing to communicate with Bayasoft via WhatsApp Business. We value your privacy and want to ensure that your experience with us is safe and secure. Please review the following policy regarding the use of WhatsApp Business for communication with Bayasoft.

1. Purpose of Communication:

Bayasoft may use WhatsApp Business to communicate with you for various purposes, including but not limited to:

  • Providing customer support.
  • Sharing important updates about our products or services.
  • Sending reminders about appointments or events.
  • Conducting surveys or obtaining feedback.

2. Consent:

By initiating communication with Bayasoft on WhatsApp Business, you consent to receive messages from us related to the purposes outlined in this policy. You may opt-out of receiving messages at any time by contacting us or using the provided opt-out mechanism.

3. Data Privacy:

Bayasoft is committed to protecting your privacy and personal information. Any data collected or processed through WhatsApp Business will be handled in accordance with our Privacy Policy, which can be found on our website [insert link to privacy policy]. We may collect and process information such as your WhatsApp phone number, chat history, and other data necessary to fulfill the purposes outlined in this policy.

4. Security:

We take the security of your information seriously. While WhatsApp Business provides end-to-end encryption for messages, please be aware that the security of communications over the platform may also depend on factors such as your device security and network connections. We advise you not to share sensitive personal information or account credentials through WhatsApp Business.

5. Frequency and Timing:

Bayasoft will strive to send messages through WhatsApp Business at reasonable times and frequencies, considering your preferences and the nature of the communication. If you believe you are receiving messages excessively or at inappropriate times, please let us know so we can address your concerns.

6. Contact Information:

If you have any questions, concerns, or requests regarding our use of WhatsApp Business or this policy, please contact us at legal@bayasoft.in.

7. Changes to Policy:

Bayasoft reserves the right to update or modify this WhatsApp Business Policy at any time. We will notify you of any material changes to the policy through WhatsApp Business or other appropriate channels. Continued use of our WhatsApp Business services after such changes constitutes your acceptance of the updated policy.

By communicating with Bayasoft on WhatsApp Business, you agree to abide by the terms and conditions outlined in this policy. Thank you for choosing Bayasoft for your communication needs.

Policy for WhatsApp Commerce Features (including offering goods or services for sale)

The Commerce Policy is used to govern whether businesses can sell their products and services using WhatsApp Business Services, such as WhatsApp commerce product features like catalog and payments. If you use Catalogs, or provide any other commerce experiences to sell goods or services, you must comply with the policies and prohibitions listed in the Meta Commerce Policy as well as all applicable terms, laws and regulations.

  • You are solely responsible for your transactions and providing any sales terms, privacy terms or other terms applicable to your interactions with users.
  • We are not responsible for processing, paying for, or fulfilling any sales relating to your transactions.
  • You are solely responsible for determining, collecting, withholding, reporting, and remitting all applicable taxes, duties, fees and additional charges for sales relating to your transactions.

Usage

We seek this personal information either to (a) validate and process your request for the usage of the Solution; or (b) assist the Company and/or any of its affiliates to handle and fulfill your orders and/or transactions, if any, or (c) to communicate details of any allied products and/or services and/or transaction to any third party; or (d) improve the quality of the Solution; or (e) assist you in determining the services/products best suited for your needs; or (f) facilitate our internal business operations, including the fulfilment of any legal and regulatory requirements; or (g) provide you with recommendation about services/products you may be interested in, based on your participation in the Solution; or (h) provide you with marketing communications and advertising that we believe may be of interest of you; or (i) resolve disputes or troubleshooting problems; or (j) detect and protect us against any error, fraud and other criminal activity; or (h) enforce our terms and conditions; or (i) as otherwise described to you at the time of collection.

Sharing

Bayasoft

04/04/2024