Privacy Policy

1. Background

• Squadrun Solutions Pvt Ltd. ("(“SquadStack”, “we” or “us”) is a subsidiary of SquadRun Inc. and leverages SquadStack, a mobile application platform (“Application”) owned and operated by SquadRun Inc. It provides a service (the “Service”) that allows its customers to deploy SquadStack’s network of geographically distributed workers (“you”, “your” or “user”) to collect, categorize, moderate and verify data requested by such customers. Squadrun also owns and operates the website squadstack.com (“Website”).
• This Privacy Policy covers: (i) the type of information collected from the users through the Website and the Application, including sensitive personal data or information; (ii) the purpose, means and modes of usage of such information; and (iii) how and to whom such information which has been collected, will be disclosed.
• From time to time, we may change our Privacy Policy to reflect changes to our privacy practices and the terms of Service. If we modify this Privacy Policy, we will update the “Last Modified Date” and the changes will be effective as of the date we post the amended version of the Privacy Policy. For material changes, we will notify you by posting a prominent notice on our Services indicating at the top of the Privacy Policy when it was most recently updated or by other appropriate means, such as email through the email address you most recently provided to us. Irrespective of the above, you agree to periodically review the current version of the Privacy Policy as posted on the Website and the Application.

2. Scope

• The Privacy Policy applies to all information you provide to Us through the use of our products (i.e., the Application and the Website). If you submit information to any third parties through our products, we cannot be held responsible for any data collection, privacy policies, or other policies of any third - party websites or applications or services that we may link our products to or that may link to our products over which we do not have full control.
• The Privacy policy is to be read in conjunction with our Terms and Conditions and Services Agreements.

3. Information collected from the User(s)

• Personal Information: The Website advertises certain professional services offered by the Company. For this purpose, the Company may collect the following personally identifying information (“PII”) from the users during their use of the Website, the Application or both:
  1. Name of the User
  2. E-mail address
  3. Phone number
  4. Company Name
  5. User’s location
  6. User’s KYC information: age, gender, marital status, children, PAN, Aadhaar number
  7. User’s educational background/qualification
  8. User’s work experience
  9. Users access to devices
  10. User’s interests such as banking, finance, edtech, FMCG, gaming, etc
  11. User’s employment status such as student, a fresher, a homemaker, part-time employed, full time employed, currently unemployed
  12. All other information as required by us for the purpose of the user’s use of the Website and/or the Application.
  ‍
• Other Data: The Website offers a live pilot/test run for the benefit of the Users such that they can experience and understand the Services offered by the Company. For the live pilot/test run, the Company collects the following information/data from the Users when the live pilot/test run feature of the Website is used:
  1. Guidelines, taxonomy, or any other relevant information that might help us complete the pilot; and
  2. Sample data – could include text, images, audio, video, or a combination of all of these.

4. How the collected information will be used

The information collected by us, shall be used for the purposes and in the manner described below:

• Unless disclosed by the Company as required by law, the individual user PII will not be shared with any third party without prior notification to the user beyond what is outlined in this Privacy Policy. The Company may share anonymous aggregate information to businesses in the form of metrics, cumulative data etc.
• The Other Data collected by the Company is utilized by us for the analysis of the user experience on the Website and thereafter customize the Services offered by us through the Website.
• In order to improve the quality of our Services we may ask you to provide us with information regarding your experiences with our products and/or Services. Users have the option of choosing not to provide us with this information.
• In order to customize the user experience, the Website may use cookies and/or related data from the user’s browsing activities to display advertisements or third party links on the Website, relating to the browsing activities of the user. The Website may also share such cookies and/or related data with third parties to display advertisements or links to the Website on their respective platforms.
• We may collect PII from you to manage and mobilise our user base more efficiently.

5. Disclosure of Personal Information

We reserve the right to disclose any PII

• Pursuant to a requirement of applicable law or a government authority of competent jurisdiction, including for the purpose of complying with a judicial proceeding, court order, or legal process served on our Website, Application or both;
• Subject to applicable law, when we believe, at our sole discretion that disclosure is necessary to protect our rights; and
• When we believe it to be necessary, at our sole discretion, to protect someone from injury.
  

6. Your data rights

• A right of access: You have the right to obtain a copy of the personal information provided to us and a right of confirmation that we are using this data for our products.
• A right to rectification: You have the right to have any inaccurate personal data concerning you being rectified and to have incomplete personal data completed.
• A right to erasure: in some cases, you have the right to obtain the erasure of personal data concerning you. Upon request, we will permanently and irrevocably anonymize your data. However, this is not an absolute right and in certain circumstances we have legal or legitimate grounds for keeping such data.
  
• A right to restriction of processing: in some cases, you have the right to obtain restriction of the processing of your personal data.
  

7. Cookies

• The Website uses cookies, which are files that are placed on your system when you visit a website or application, to store certain information that is not sensitive personal information. The information collected through these cookies is used by us for the technical administration of the Website and the Application, research and development, and to improve the quality of our Services.
• We may use third-party cookies to track visitor behavior and to improve the quality of our Services. However, such cookies will not store any kind of personal information, nor will such information be disclosed to any third party.
• These cookies are intended to be automatically cleared or deleted when the User quits the browser application. You are encouraged to use the “clear cookies” functionality of your browser to ensure such clearing/deletion, since it is impossible for us to guarantee, predict or provide for the behavior of your system.
• The information we collect with cookies is not sold, rented, or shared with any third parties, other than for internal Website and Application development and maintenance.

8. Third Party Links

• We may provide links to websites for the convenience and information of users. These websites may not be owned, controlled, or operated by us. In those cases, we cannot control how information collected by those websites will be used, shared, or secured. If the user visits linked sites, we strongly recommend that the user reviews the privacy notices or policies posted at those sites. We are not responsible for the content of linked sites, the user’s use of them, or the information practices of their operators.
  

9. Security Procedures

• We maintain industry-standard security measures, including policies, rules, and technical safeguards, to protect your personal information from unauthorized access, use, disclosure, alteration, destruction, or loss. For more detailed information about our data security practices, please refer to our Trust Portal trust.squadstack.com

10. Retention of Information

• Data Retention: We retain the data and content you provide while you use our Services, and for a reasonable period afterward, in accordance with applicable laws and regulations. We will not retain your sensitive personal data, including personally identifiable information, financial and payment details, authentication information, and device location data, once you stop using our Services. We may retain anonymized or aggregated data for statistical or analytical purposes, subject to legal limitations. For specific retention periods related to certain data types, please contact us.
  

11. Choice/Opt-Out

• You have the right to control your communication preferences. If you wish to opt out of receiving non-essential (promotional, marketing-related) communications from us after creating an account, you can do so by emailing us at dpo@squadstack.com or by using the unsubscribe link included in our marketing emails. If you wish to remove all your contact information from our systems and close all accounts, you may do so by emailing us at dpo@squadstack.com. We will process your request in accordance with applicable laws and regulations.
  

12. Transference of Services

• If the Company or its assets are acquired, user PII would be one of the assets that will be transferred or acquired by a third party.

13. Governing Law

• This Privacy Policy shall be governed by and construed in accordance with Indian law. Competent courts at New Delhi shall have exclusive jurisdiction to determine any disputes arising in relation to, or under, this Privacy Policy. You agree to submit to the jurisdiction of the competent courts at New Delhi and agree to waive any and all objections to the exercise of jurisdiction over the parties by such courts and to venue in such courts.

14. Right to request for Deleting Your Data

• You have the right to request the deletion of all or specific data associated with your account. To initiate the deletion process, please submit a request by emailing us at dpo@squadstack.com We will review and process your request in accordance with applicable laws and regulations.
  
  Upon your request, we will take steps to permanently and irrevocably anonymize your data, ensuring that it can no longer be associated with you. This process may take a reasonable amount of time to complete.Please note that in some cases, we may be required to retain certain information to comply with legal obligations and certain data may be exempt from your request if its retention is necessary for legitimate business purposes, such as resolving disputes, enforcing our terms and conditions, or protecting against fraudulent activities.
  
  We are committed to safeguarding your privacy, and any exceptions to the deletion of your data will be communicated transparently in our response to your deletion request
• To submit a request regarding any of the above-mentioned rights by email, please use the contact information provided in this policy. We strive to respond to data subject requests as quickly as possible (within 1 month) or as required by the applicable law.

15. Identity Verification

• Squadrun shall establish and document a reasonable method for verifying the identity of a requestor which shall not require a fee from the consumer.
• The company shall implement reasonable security measures to detect and prevent fraudulent identity-verification activity.
• Where a consumer maintains a password protected account with a company, the company may verify their identity using existing authentication practices.
• Before providing categories of personal information, the company shall verify the identity of requesters to a "reasonable degree of certainty." Before providing specific pieces of personal information or honoring a deletion request, a company shall verify the identity of requesters to a "high degree of certainty," depending on the sensitivity of the personal information or the risk of harm from an unauthorized deletion request.
• A company shall consider the following criteria when determining a verification method:
  
  1. whenever feasible identifying information provided by a requestor should be matched with identifying information already maintained by the company, or use a third-party identification service
  2. avoid collecting unnecessary personal information
  3. consider the sensitivity of information requested, the risk of harm to the consumer, the likelihood of fraud, the manner in which the business interacts with the consumer and the availability of verification technology.
• A company shall avoid personal information unless needed to verify the identity of the requestor. A company shall delete personal information collected for the purpose of verification as soon as possible after processing the request.
• If there is no reasonable method by which a company can verify the identity of the consumer to the degree of certainty required by this section, the business shall state so in response to any request and explain why it has no reasonable method by which it can verify the identity of the requestor. If the company has no reasonable method by which it can verify any consumer, the company shall explain why it has no reasonable verification method in its privacy policy. The company shall evaluate and document whether a reasonable method can be established at least once every 12 months.

Agent Verification

• When a consumer uses an authorized agent to submit a request to know or a request to delete, a business may require the authorized agent to provide proof that the consumer gave the agent signed permission to submit the request. The business may also require the consumer to do either of the following:
  
  1. Verify their own identity directly with the company.
  2. Directly confirm with the company that they provided the authorized agent permission to submit the request

16. Circumstances for denial

• If we cannot verify if you (or your authority to act on behalf of another person), we have the right to deny requests. While verifying your identity we shall generally avoid requesting additional information from you for purposes of verification. If, however, we cannot verify your identity from the information already maintained by us, we may request additional information from you, which shall only be used for the purposes of verifying your identity while you are seeking to exercise your rights, and for security or fraud-prevention purposes. We shall delete any new personal information collected for the purposes of verification as soon as practical after processing your request, except as required to comply with applicable legislation.

17. Data Subject Request (DSAR/SAR) Response Requirements:

• Responses to access requests shall include the following data points as appropriate.
  
  1. Categories of PII collected
  2. Categories of PII sold and disclosed to third parties

SAR when Squadrun is the data controller:

• A DSAR can be made using dpo@squadstack.com
• Where required, the data subject must provide reasonable evidence of their identity in the form of valid identification, for example, email verification.
• The consumer must identify the DSAR type that is being requested, e.g., erasure.
• If a DSAR is submitted by an agent, the submission must include the identification of the data subject as well as a signed authorization from the data subject. Squadrun must make reasonable efforts to verify the identity of the data subject and legitimacy of all requests submitted by authorized agents.
• If a DSAR is received which does not meet Squadrun criteria, the Squadrun shall inform the data subject or agent how to correct the DSAR in order to receive a response from Squadrun

DSAR when Squadrun is the data processor:

• A DSAR can be made using the email dpo@squadstack.com
• Squadrun shall direct the data subject to the relevant Controller in accordance with all contractual commitments.

DSAR requirements:

• Squadrun will acknowledge any manual requests within 10 business days. The acknowledgement will describe the verification process and when the data subject should expect a response.
• Squadrun has thirty (30) days from the initial request date to complete the request. If the company cannot respond within thirty days, it shall provide notice to the data subject. The response time may vary depending on the applicable data privacy regulation.
• The SAR application will be documented and can be audited using Squadrun’s internal processes.
• Squadrun shall ensure that deletion and correction requests are sent to subprocessors as needed

Squadrun as the data controller

• Collect the data specified by the data subject
• Verify the identity of the data subject
• Search all databases and all relevant filing systems (manual files) in Squadrun, including all back up and archived files, whether computerized or manual, and including all email folders and archives. Squadrun maintains a record that identifies where personal data in Squadrun is stored.
• Squadrun will maintain a record of requests for data and of its receipt accessible by Squadrun’s DPO, Privacy Lead, Chief Legal Officer, and/or any other designated Squadrun representatives. Squadrun will also keep a record of processing to include dates.
• Provide data subject an online mechanism for making requests and all such requests will be logged.
• Squadrun will acknowledge the SAR within ten (10) days of the initial request and respond to any SAR within 30 days of the initial request.
• SARs from employees or previous employees will be coordinated with HR and the employees’ current or previous departmental leadership.

18. Grievance Officer

• The name and contact details of the Grievance Officer are provided below:
  ‍
  ‍Name: Zaid Abbasi
  ‍E-mail Address:  dpo@squadstack.com