Contents

Table of Contents

(A) Privacy Policy

This Policy outlines how RGA may process your Personal Data and may be updated periodically, so please review it regularly for any changes. First published on October 01, 2024.

Issued by Roopali Grover & Associates (RGA), a global firm with offices in Noida, Delhi, Lucknow, and Mumbai, India, this Policy applies to individuals who interact with RGA, including but not limited to individual customers, authorized representatives of customer organizations, visitors to our site, and users of our services (referred to as “you”). Definitions of terms used in this Policy are provided below.

This Policy may be revised to reflect changes in our Personal Data processing practices or applicable laws. We encourage you to read it carefully and check back regularly for updates.

(B) Collection of Personal Data

RGA may collect your Personal Data in various ways: (i) directly from you (e.g., when you contact us); (ii) during our interactions with you (e.g., if RGA provide compliance or business advice); (iii) when you make your Personal Data public (e.g., through social media posts); (iv) when you download, install, or use our applications; (v) when you visit our websites; (vi) when you register for RGA services; or (vii) when you engage with third-party content or advertising on a Site or App. 

RGA may also receive your Personal Data from third parties (e.g., law enforcement agencies).

Sources of Personal Data we may collect include:

We may collect your Personal Data when you voluntarily provide it to us (e.g., through emails, phone calls, or business cards).

We may gather your Personal Data during our ongoing relationship with you (e.g., in correspondence).

We may collect Personal Data that you have made publicly available, including on social media (e.g., from your public social media profile).

Your Personal Data may be collected when you download or use our applications.

We may obtain your Personal Data when you visit our websites or use any features available there.

We may collect your Personal Data when you register or use our Sites, Apps, or services.

If you engage with third-party content or ads on our Sites or Apps, we may receive your Personal Data from those third parties.

(C) Creation of Personal Data

RGA may create Personal Data about you (e.g., records of your interactions with us).

RGA may also create Personal Data about you, such as records of your communications and interactions with RGA, including attendance at events we hold or interviews in the course of applying for a job with us. RGA may record telephone calls, meetings, depositions, and other interactions in which you are involved, in accordance with applicable law.

(D) Categories of Personal Data RGA may Process

RGA may process the following types of data: (i) personal information (e.g., your name); (ii) demographic details (e.g., your age); (iii) contact information (e.g., your address); (iv) matter-related details (e.g., your instructions to RGA); (v) records of your consent to RGA data processing; (vi) payment information (e.g., your billing address); (vii) usage data from RGA’s Sites and Apps (e.g., your device type); (viii) details of RGA’s current employer; (ix) information about your interactions with our content or advertisements; and (x) any opinions or feedback you provide.

RGA may process the following categories of Personal Data:

Given name(s), preferred name, and photograph.

Gender, date of birth/age, nationality, salutation, title, and language preferences.

Passport or national ID number, utility provider details, bank statements, tenancy agreements.

Mailing address, phone number, email address, and public social media profiles.

Data related to individuals instructing RGA, personal data in correspondence, transaction documents, evidence, or other materials processed while providing services or legal advice.

Information on meetings or events organized by or on behalf of RGA that you attended.

Records of any consents RGA has provided, including the date, time, and method of consent, and relevant information (e.g., subject matter).

Billing address, payment method, bank account or credit card number, cardholder/account holder name, card security details, invoice records, payment amounts, dates, and cheque records.

Device type, operating system, browser, IP address, language preferences, usage statistics, usernames, passwords, login information, and other technical communications.

If you engage with RGA as an employee, your employer’s name, address, phone number, and email address as applicable.

Records of your interactions with RGA online content and advertisements, including engagement with forms, clicks, or touchscreens.

Any feedback or opinions you provide or publicly post about us on social media platforms.

(E) Sensitive Personal Data

When RGA needs to process your Sensitive Personal Data for legitimate purposes, it does so in compliance with applicable laws. RGA may need to process your Sensitive Personal Data as part of our regular business activities. 

When such processing is necessary, RGA rely on one of the following legal bases:

RGA processes your Sensitive Personal Data when required or permitted by law (e.g., to meet diversity reporting obligations).

RGA may process your Sensitive Personal Data if it’s necessary for detecting or preventing crime, including fraud.

RGA processes your Sensitive Personal Data when needed to establish, exercise, or defend legal rights.

RGA may process your Sensitive Personal Data with your explicit consent, in line with applicable laws, though this is not used when processing is legally required.

(F) Purposes of Processing and legal bases for Processing

RGA Process Personal Data for the following purposes: providing our Sites, Apps, and services to you; compliance checks; operating our business; communicating with you; managing our IT systems; health and safety; financial management; conducting surveys; ensuring the security of our premises and systems; conducting investigations where necessary; compliance with applicable law; improving our Sites, Apps, and services; fraud prevention; and recruitment and dealing with job applications.

The purposes for which we Process Personal Data, subject to applicable law, and the legal bases on which we perform such Processing, are as follows:

RGA processes data to provide our Sites, Apps, and services, including legal and compliance advice, promotional materials, and communication related to these services.

  • Processing is necessary for fulfilling a contract with RGA or steps prior to entering into a contract; or
  • RGA has a legitimate interest in processing your data to provide these services (as long as this interest doesn’t override your rights); or
  • RGA has obtained your prior consent for voluntary processing.

RGA may process data to meet regulatory obligations, verify identities, perform “Know Your Client” checks, and screen against legal restrictions.

  • Processing is necessary to comply with legal obligations; or
  • Processing is necessary for a contract with RGA or steps prior to entering into a contract; or
  • RGA has a legitimate interest in fulfilling compliance obligations; or
  • RGA has obtained your prior consent for voluntary processing.

Data is processed to manage our Sites, Apps, and services, including providing content, displaying ads, and communicating changes.

  • Processing is necessary for fulfilling a contract with RGA or steps prior to entering into a contract; or
  • RGA has a legitimate interest in providing these services (as long as this interest doesn’t override your rights); or
  • RGA has obtained your prior consent for voluntary processing.

RGA communicate with you about relevant news, update contact information, and record interactions (with your prior opt-in consent, where applicable).

  • Processing is necessary for a contract with RGA or steps prior to entering into a contract; or
  • RGA has a legitimate interest in contacting you (subject to compliance with laws); or
  • RGA has obtained your prior consent for voluntary communications.

Data is processed to manage our IT and communication systems, conduct audits, and ensure security.

  • Processing is necessary to comply with legal obligations; or
  • RGA has a legitimate interest in managing IT systems (as long as this interest doesn’t override your rights).

RGA may process data for health and safety assessments, record-keeping, and maintaining secure premises.

  • Processing is necessary to comply with legal obligations; or
  • RGA has a legitimate interest in ensuring safety; or
  • Processing is necessary to protect an individual’s vital interests.

Data is processed for sales, finance, audits, and vendor management.

  • RGA has a legitimate interest in managing financial operations (as long as this interest doesn’t override your rights); or
  • RGA has obtained your prior consent for voluntary processing.

RGA may contact you for feedback on our Sites, Apps, and services.

  • RGA has a legitimate interest in conducting surveys and research (as long as this interest doesn’t override your rights); or
  • RGA has obtained your prior consent for voluntary participation.

RGA may process data for physical and electronic security, including CCTV recordings and access logs.

  • Processing is necessary to comply with legal obligations; or
  • RGA has a legitimate interest in ensuring security (as long as this interest doesn’t override your rights).

Data is processed to investigate and prevent policy violations and criminal activity.

  • Processing is necessary to comply with legal obligations; or
  • RGA has a legitimate interest in investigating and protecting legal rights (as long as this interest doesn’t override your rights).

RGA process data to establish, exercise, or defend legal rights.

  • Processing is necessary to comply with legal obligations; or
  • RGA has a legitimate interest in defending against policy breaches or legal violations (as long as this interest doesn’t override your rights).

Data is processed to meet our legal and regulatory obligations under applicable laws, including those for business advisory or compliance services.

  • Processing is necessary to comply with legal obligations.
  • RGA has a legitimate interest in defending against policy breaches or legal violations (as long as this interest doesn’t override your rights).

RGA may process data to identify issues, plan improvements, and create new features for our platforms.

  • RGA has a legitimate interest in improving services (as long as this interest doesn’t override your rights); or
  • RGA has obtained your prior consent for voluntary processing.

Data is processed to detect, prevent, and investigate fraud.

  • Processing is necessary to comply with legal obligations; or
  • RGA has a legitimate interest in preventing fraud (as long as this interest doesn’t override your rights).

RGA process data for recruitment activities, job applications, and hiring decisions.

  • Processing is necessary to comply with legal obligations (particularly in relation to employment law); or
  • RGA has a legitimate interest in recruiting (as long as this interest doesn’t override your rights); or
  • RGA has obtained your prior consent for voluntary processing.

(G) Disclosure of Personal Data to third parties

RGA may share your Personal Data with: (i) legal and regulatory authorities; (ii) our external advisors; (iii) our service providers (Processors); (iv) any party involved in legal proceedings; (v) any entity necessary for investigating, detecting, or preventing criminal activities; (vi) any potential buyer of our business; and (vii) third-party providers of advertising, plugins, or content used on our Sites or Apps.

RGA may also disclose your Personal Data to other RGA entities for legitimate business purposes (such as operating our Sites and Apps, and delivering services to you), in compliance with applicable laws and professional confidentiality obligations. Additionally, we may disclose your Personal Data to:

  • Legal and regulatory authorities, as required, or for reporting any actual or suspected violations of law or regulations;
  • Accountants, auditors, legal advisors, and other external professionals working with RGA, under strict confidentiality agreements;
  • Third-party Processors (e.g., data hosting and document review service providers), located globally, as outlined in this section;
  • Any relevant party, law enforcement agency, or court, when necessary for establishing, exercising, or defending legal rights;
  • Any relevant party involved in preventing, investigating, detecting, or prosecuting criminal offenses, including the protection of public security;
  • Potential third-party acquirers, if RGA sells or transfers any part of its business or assets (including during reorganizations, dissolutions, or liquidations);
  • Any third-party provider whose advertising, plugins, or content appears on our Sites or Apps. If you engage with such advertising, plugins, or content, your Personal Data may be shared with that third-party provider. We recommend reviewing their privacy policy before interacting with their content.

If we work with a third-party Processor to handle your Personal Data, they will be required by contract to: (i) only process your Personal Data according to our written instructions; and (ii) implement measures to protect the confidentiality and security of the data, as well as comply with applicable legal requirements.

(H) International transfer of Personal Data

RGA may transfer your Personal Data to recipients in other countries. Where RGA transfer Personal Data from the EEA or the UK to a recipient outside the EEA or the UK that is not in an adequate jurisdiction, RGA does so on the basis of Standard Contractual Clauses.

Because of the international nature of our business, RGA may need to transfer your Personal Data to other RGA entities, and to other third parties as noted in Section above, in connection with the purposes set out in this Policy. 

For this reason, RGA may transfer your Personal Data to other countries that may have different laws and data protection compliance requirements to those that apply in the country in which you are located.

Where RGA transfers your Personal Data from the EEA or the UK to recipients located outside the EEA or the UK who are not in Adequate Jurisdictions, we do so on the basis of Standard Contractual Clauses. You may request a copy of our Standard Contractual Clauses using the contact details provided in Section below.

Data Privacy Officer:
Email: [email protected] 

Please note that when you transfer any Personal Data directly to a RGA entity established outside the EEA, RGA is not responsible for that transfer of your Personal Data (and such transfer is not based on or protected by our Standard Contractual Clauses). RGA will nevertheless Process your Personal Data, from the point at which RGA receives those data, in accordance with the provisions of this Privacy Policy.

(I) Data security

RGA implement appropriate technical and organisational security measures to protect your Personal Data. Please ensure that any Personal Data that you send to RGA are sent securely.

RGA has implemented appropriate technical and organisational security measures designed to protect your Personal Data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, unauthorised access, and other unlawful or unauthorised forms of Processing, in accordance with applicable law.

Because the internet is an open system, the transmission of information via the internet is not completely secure. Although we will implement all reasonable measures to protect your personal data, we cannot guarantee the security of your data transmitted to us using the internet – any such transmission is at your own risk and you are responsible for ensuring that any Personal Data that you send to us are sent securely.

(J) Data accuracy

RGA take every reasonable step to ensure that your Personal Data are kept accurate and up-to-date and are erased or rectified if we become aware of inaccuracies.

RGA takes every reasonable step to ensure that:

  • your Personal Data that RGA Process are accurate and, where necessary, kept up to date; and
  • any of your Personal Data that we Process that are inaccurate (having regard to the purposes for which they are Processed) are erased or rectified without delay.

From time to time, RGA may ask you to confirm the accuracy of your Personal Data.

(K) Data minimisation

RGA takes every reasonable step to limit the volume of your Personal Data that we Process to what is necessary.

RGA takes every reasonable step to ensure that your Personal Data that we Process are limited to the Personal Data reasonably necessary in connection with the purposes set out in this Policy.

(L) Data retention

RGA takes every reasonable step to ensure that your Personal Data are only retained for as long as they are needed.

(M) Your legal rights

Under applicable law, you may have a number of rights, including: (i) the right not to provide your Personal Data to us; (ii) the right of access to your Personal Data; (iii) the right to request rectification of inaccuracies; (iv) the right to request the erasure, or restriction of Processing, of your Personal Data; (v) the right to object to the Processing of your Personal Data; (vi) the right to have your Personal Data transferred to another Controller; (vii) the right to withdraw consent; (viii) and the right to lodge complaints with Data Protection Authorities. We may require proof of your identity before we can give effect to these rights.

Subject to applicable law, you may have a number of rights regarding our Processing of your Relevant Personal Data, including:

  • the right not to provide your Personal Data to us (however, please note that RGA may be unable to provide you with the full benefit of our Sites, our Apps, or our services, if you do not provide us with your Personal Data);
  • the right to request access to, or copies of, your Personal Data, together with information regarding the nature, Processing and disclosure of those Personal Data;
  • the right to request rectification of any inaccuracies in your Personal Data;
  • the right to request, on legitimate grounds:
  • erasure of your Personal Data; or
  • restriction of Processing of your Personal Data;
  • the right to have certain Personal Data transferred to another Controller, in a structured, commonly used and machine-readable format, to the extent applicable; where RGA Process your Personal Data on the basis of your consent, the right to withdraw that consent (noting that such withdrawal does not affect the lawfulness of any Processing performed prior to the date on which we receive notice of such withdrawal, and does not prevent the Processing of your Personal Data in reliance upon any other available legal bases); and
  • the right to lodge complaints with a Data Protection Authority regarding the Processing of your Personal Data by us or on our behalf.

Nothing in this Policy affects any of your other statutory rights.

To exercise one or more of the rights described in this Policy, or to ask a question about these rights or any other provision of this Policy, or about our Processing of your Personal Data, please use the contact details provided in above section. 

Please note that:

  • RGA may require proof of your identity before RGA can give effect to these rights; and
  • where your request requires the establishment of additional facts (e.g., a determination of whether any Processing is non-compliant with applicable law) we will investigate your request reasonably promptly, before deciding what action to take.
  • Any delay or loss, cost shall not be payable, unless RGA has solely caused the delay, beyond reasonable period, without any purposes or cause.

    Create a Safe Workplace: Get Expert POSH Compliance Support Today!

    error: Content is protected !