GESSUP LOGISTICS AND FINANCE PRIVATE LIMITED

Privacy Policy

This Privacy & Cookies Policy (“Policy”) explains how GESSUP LOGISTICS AND FINANCE PRIVATE LIMITED uses the personal information that it collects or generates in the course of carrying on commercial activities. The list below sets out what is covered in this Policy and you can click on the headings below to go to a specific section.

Background

› 1.1 GESSUP LOGISTICS AND FINANCE PRIVATE LIMITED with its registered office at 806, Devika Tower 6 Nehru Place, New Delhi South Delhi DL 110019 IN,West Bengal, India collects and uses certain Personal Data. GESSUP is responsible for ensuring that it uses that Personal Data in compliance with data protection laws.
› 1.2 GESSUP is not responsible for the provision of microfinance services or for the processing of Personal Data of the clients of such services. If you are interested in receiving or learning more about our microfinance services, please contact.
› 1.3 We use the following definitions in this Policy:
› “GESSUP LOGISTICS AND FINANCE PRIVATE LIMITED”, “GESSUP” “our”,
“we”,or “us” means GESSUP LOGISTICS AND FINANCE PRIVATE LIMITED”,
› “Personal Data”

When we collect Personal Data

› 2.1 This Policy concerns the protection of:
› information we receive through our website at https://the-umgroup.com and systems and services made available on it (the “GESSUP Website”); and
› Information we receive when we interact with you in relation to investments in, or lending to, our business (“Financing Activities”).

This Policy concerns the protection of:

› 3.1 In relation to the GESSUP Website, we may collect and process the following Personal Data about you:
› Information that you provide to us. We may collect your first name, family name, and email address in connection with the delivery of newsletters and marketing material relating to our business.
› We use “cookies” and similar web technologies to support certain features of the GESSUP Website. A cookie is a piece of code deployed on your device. We use two types of cookies: “session cookies” and “persistent cookies”.
› A session cookie expires after you close your browser. We use session cookies to:
› a) identify you during your browsing session by assigning a randomly generated unique identification number to your device;
› b) record when you have viewed certain disclaimers of liability displayed on the GESSUP Website ;
› c) to verify your identity when you provide your name and email address to us through the GESSUP Website ;
› d) to prevent Cross-Site Request Forgery attacks (where we receive unauthorised commands which appear to originate from an authenticated user of the GESSUP Website ); and
› e) for certain content management and editing purposes.
› f) Persistent cookies do not expire when you close your browser. We use persistent cookies to:
› i. record when a visitor to the GESSUP Website gives consent to our use of cookies; and
› ii. for certain content management and editing purposes.
› If you do not wish to receive cookies, you may set your browser to reject cookies or to alert you when a cookie is placed on your device. You may also delete cookies as soon as you leave the GESSUP Website. Although you are not required to accept cookies when you visit the GESSUP Website, if you set your browser to reject cookies, you may not be able to use all of the features and functionality of the GESSUP Website.
› 3.2 In relation to Financing Activities, or other enquiries that we receive through the GESSUP Website (such as in relation to opportunities for employment with us), we may collect and process basic Personal Data that you provide to us, such as: first name; family name; position in the company; company name; company email address; business phone number; business address; city; postcode; country.

How we use your information:

› 4.1 Your Personal Data may be stored and processed by us in the following ways and for the following purposes:
› in relation to Financing Activities, to assess potential investment or lending activity in relation to our business;
› for ongoing review and improvement of the information and services provided on the GESSUP Website to ensure they are user friendly and to prevent potential disruptions or cyber attacks;
› to understand and process feedback on the GESSUP Website:
› to communicate with you in order to provide you with information about our business in the GESSUP Website ;
› for the management and administration of our business;
› in order to comply with and in order to assess compliance with applicable laws, rules and regulations, and internal policies and procedures, including in relation to know your client (KYC), anti- money laundering (AML), and counter-terrorist financing procedures;
› for the administration and maintenance of databases storing Personal Data; and/or
› to manage any enquiries or other communications we receive in relation to our business, including from prospective investors or lenders, or from individuals interested in opportunities for employment with us.
› 4.2 However when we use Personal Data, we make sure that the usage complies with law and the law allows us and requires us to use Personal Data for a variety of reasons. These include where:
› we need to do so in order to perform our contractual obligations owed to you;
› we have obtained your consent;
› we have legal and regulatory obligations that we have to discharge;
› we need to do so in order to establish, exercise or defend our legal rights or for the purpose of legal proceedings;
› the use of your Personal Data as described is necessary for our legitimate business interests, such as:
- allowing us to effectively and efficiently manage and administer the operation of our business;
- maintaining compliance with internal policies and procedures;
- monitoring the use of our copyrighted materials; and
- offering optimal, up-to-date security solutions for our ITsystems.
› 4.3 We will take steps to ensure that the Personal Data is accessed only by our employees that have a need to do so for the purposes described in this Policy.

Disclosure of your information to Third Parties:

› 5.1 By using our website You agree that we may share your Personal Data within GESSUP LOGISTICS AND FINANCE PRIVATE LIMITED for the purposes described above.
› 5.2 By using our website You agree that we may also share your Personal Data outside of the GESSUP for the following purposes:
› with lenders of our business and other business partners. Personal Data will only be transferred to a lender or business partner who is contractually obliged to comply with appropriate data protection obligations and the relevant privacy and confidentiality legislation;
› with third party agents and contractors for the purposes of providing services to us (for example, our accountants, professional advisors, IT and communications providers and debt collectors). These third parties will be subject to appropriate data protection obligations and they will only use your Personal Data as described in this Policy;
› to the extent required by law, for example if we are under a duty to disclose your Personal Data in order to comply with any legal obligation (including, without limitation, in order to comply with tax reporting requirements and disclosures to regulators), or to establish, exercise or defend our legal rights;
› if we sell our business or assets, in which case we may need to disclose your Personal Data to the prospective buyer for due diligence purposes; and
› if we are acquired by a third party, in which case the Personal Data held by us about you will be disclosed to the third party buyer

International transfer of Personal Data:

› 6.1 Where we transfer your Personal Data to a country outside India, we will ensure that they are protected and transferred in a manner consistent with legal requirements. In relation to data being transferred outside of India, for example, this may be done in one of the following ways:
› the country to which we send the data would be offering an adequate level of protection for Personal Data;
› in other circumstances the law may permit us to otherwise transfer your Personal Data outside India.
› 6.2 You can obtain more details of the protection given to your Personal Data when it is transferred outside India (including a copy of the standard data protection clauses which we have entered into with recipients of your Personal Data) by contacting us as described in paragraph 10 below.

How we safeguard your information

› 7.1 We have extensive controls in place to maintain the security of our information and information systems. Customer files are protected with safeguards according to the sensitivity of the relevant information. Appropriate controls (such as restricted access) are placed on our computer systems. Physical access to areas where Personal Data is gathered, processed or stored is limited to authorised employees.
› 7.2 As a condition of employment, our employees are required to follow all applicable laws and regulations, including in relation to data protection law. Access to sensitive Personal Data is limited to those employees who need it to perform their roles. Unauthorised use or disclosure of confidential client information by an GESSUP employee is prohibited and may result in disciplinary measures.
› 7.3 When you contact our employee about your Personal Data records, you may be asked for some Personal Data. This type of safeguard is designed to ensure that only you, or someone authorised by you, has access to your file.

How long we keep your personal data

› 8.1 The period we will hold your Personal Data will vary and will be determined by the following criteria:
› the purpose for which we are using it – GESSUP will need to keep the data for as long as is necessary for that purpose; and
› legal obligations – laws or regulation may set a minimum period for which we have to keep your Personal Data.

Your rights:

› 9.1 In all the above cases in which we collect, use or store your Personal Data, you may have the following rights and, in most cases, you can exercise them free of charge. These rights include:
› the purpose for which we are using it – GESSUP will need to keep the data for as long as is necessary for that purpose; and
› the right to obtain information regarding the processing of your Personal Data and access to the Personal Data which we hold about you;
› the right to withdraw your consent to the processing of your Personal Data at any time. Please note, however, that we may still be entitled to process your Personal Data if we have another legitimate reason for doing so. For example, we may need to retain Personal Data to comply with a legal obligation;
› in some circumstances, the right to receive some Personal Data in a structured, commonly used and machine-readable format and/or request that we transmit those data to a third party where this is technically feasible. Please note that this right only applies to Personal Data which you have provided directly to us; › the right to request that we rectify your Personal Data if it is inaccurate or incomplete;
› the right to request that we erase your Personal Data in certain circumstances. Please note that there may be circumstances where you ask us to erase your Personal Data but we are legally entitled to retain it;
› the right to object to, or request that we restrict, our processing of your Personal Data in certain circumstances. Again, there may be circumstances where you object to, or ask us to restrict, our processing of your Personal Data but we are legally entitled to refuse that request; and › the right to lodge a complaint with the relevant data protection regulator if you think that any of your rights have been infringed by us.
› 9.2 You can exercise your rights by contacting us using the details listed in paragraph 10 below.

Questions and concerns:

› 10.1 If you have any questions or concerns about GESSUP’s handling of your Personal Data, or about this Policy, [email protected]
› 10.2 We are usually able to resolve privacy questions or concerns promptly and effectively. If you are not satisfied with the response you receive from us, you may escalate concerns to the applicable privacy regulator in your jurisdiction. Upon request, we will provide you with the contact information for that regulator.