Privacy Policy

Aim of Data Protection and Privacy Policy

When the User chooses to use the platform and/ or the application WhizHack, of the Company, the User expresses trust and faith in the Company by providing requisite information. Company is in the clear understanding that it entails a huge responsibility, and endeavours hard to protect such information shared by the User whilst making sure to put the User in control of the information furnished by him. For Company, the protection of personal rights and privacy of its users is the foundation of trust on which all its business relationships stand.

1. Definitions

i. Central Server: refers to the server managed by the Company on which the identity of User is hosted, to be made available to the Location Server in the course of an access transaction.

ii. Company: refers to WhizHack Technologies Pvt. Ltd, a company duly incorporated under the Companies Act, 1956 having its corporate office at 4th Floor, Empire Square, M.G.Road, Gurugram, Haryana 122001. The Company has developed and owns the application WhizHack.

iii. Consent: is the voluntary, legally binding agreement to data storage and processing.

iv. Location Server: refers to the server of a particular client location with which Central Server interacts inter alia for authorization/ facilitating access. The Company has no access to this server.

v. Personally Identifiable Information: means and includes any information that either on its own or when combined with certain other information can identify a natural person and for the purpose of this Policy is usually limited to the Users’ mobile phone number, email IDs, profile picture, date of birth, gender and documentary proof of identity.

vi. WhizHack: includes the application WhizHack as well as the WhizHack platform.

vii. User: includes—(i) an individual,(ii) a Hindu undivided family,(iii) a company,(iv) a firm,(v) an association of persons or a body of individuals, whether incorporated or not,(vi) the State, and(vii) every artificial juridical person, not falling within any of the preceding sub-clauses, who create a profile on WhizHack after downloading WhizHack on a mobile and/ or entering Personally Identifiable Information in a form, sent by another User, opened on WhizHack in any electronic device or who uses WhizHack to regulate access of anyone, including employees, visitors and vendors to its premises or whose relevant information like name, mobile number, email address etc has been uploaded on WhizHack by his/her employer.

2. Application of National Laws

This Data Protection and Privacy Policy have been framed in consonance with the internationally accepted data protection and privacy policies without replacing the existing national laws. This Policy aims only to supplement national data privacy laws. The contents of this Data Protection and Privacy Policy shall be observed in the absence of the corresponding national legislation.

3. Information Collection

(i) Company vides WhizHack aims to collect information only to provide better services and support system to its Users. It is understood that the information so shared by its Users is subjected to data security. It is further understood that such information shared by its Users for the purposes of using WhizHack is secured by using suitable organizational and technical-architectural measures to prevent any unauthorised access, illegal processing or distribution as well as any accidental loss, modification or destruction.

(ii) That the information so shared by Users for the purposes as mentioned herein above are hereinafter referred to as Personally Identifiable Information as defined above.

(iii) WhizHack may obtain the following types of information from or concerning its User or its Users’ mobile device, which may include personal information that can be used to identify its User as specified below:

(a) User-Provided Information: The User provides certain Personally Identifiable Information, such as the User mobile phone number, email IDs, name, gender and date of birth, IP Address and mobile device information to WhizHack when choosing to participate in the use of the application and its services, such as registering as a user, inviting other WhizHack users, scanning their profile at WhizHack enabled kiosk or using a WhizHack feature. In order to enable WhizHack to provide and render smoothly its Services, the Users of WhizHack allow it to have access to the information contained in its User’s contact list and/or address book too. By permitting the Company vide WhizHack to collect such information, the User consents to provide WhizHack right to use such information for providing its Services and at the same time ensure and warrant that its User has all requisite rights in their favour to share this information with the application WhizHack.

(b) WhizHack may receive data whenever the User operates WhizHack and this data may include the date and the time of User operating WhizHack, IP address information, and if the User uses authentication tokens on any Location Server, such User authentication tokens may be saved on the Central Server for the sole purpose of authenticating the User during future use of WhizHack services.

(c) WhizHack does not collect emails, addresses or other contact information from the mobile address book of the User other than mobile phone numbers and names associated with such mobile phone numbers of the persons in such users’ contact lists and/or address books. WhizHack will associate whatever name the user has assigned to the mobile telephone number in his/her mobile address book. WhizHack, in order to improve its services, may collect the location data of its User and also WhizHack allows its User to voluntarily share their location with other User by sending an invite.

(d) If the recipient can be messaged via the WhizHack , the message is delivered to that recipient via data service routed through the Central Server. Any messages that are undelivered are held in the Central Server until they can be delivered or for a period of 30 days, whichever is earlier. Messages and files that are sent through the Service temporarily reside on the Central Server for a short period of time until delivery of such messages or files to the intended recipient are complete. The pass issued to a User is retained in the Central Server until the pass expires and is thereafter deleted. The aforementioned pass and the related information will be retained in the Location Server specific to a client of the company even after the same is deleted from the Central Server and the Company exercises no control over the Location Server(s) of the clients wherever they may be located.

(e) Any profile image updates or new identity document posted by the Users is stored on the Central Server to keep the profile updated.

(f) WhizHack may retain date and time stamp information associated with the successfully delivered messages and the mobile phone numbers involved in the messages, as well as any other information which the application WhizHack is under a legal obligation to accordingly collect in sync with the national legislation with regard to Data Protection and Privacy.

(g) The Internet Protocol (IP) address of the User.

4. Use of the Information Collected:

Company may use the information so provided by the User for the purposes of successful provision of services on WhizHack, improving our services and for other legitimate purposes permitted by the applicable laws of the land.

(i) Company may share the User’s Personally Identifiable Information to deliver the services desired by the User to the extent it is necessary to maintain or further develop and enhance WhizHack, its services and to ensure the functionality and security of the Services and to prevent and investigate any fraud and any other misuse.

(ii) Company may share non-Personally-Identifiable Information (such as anonymous user usage data, referring / exit pages and URLs, platform types, asset views, number of clicks, etc.) with third-parties to better understand usage patterns for certain content, services, advertisements, promotions, and/or functionality related to WhizHack.

(iii) Company does not share or sell User’s Personally Identifiable Information for use for commercial, advertising and or similar marketing purposes without User’s consent. However, In the future as a part of a specific promotion or feature, the User may specifically choose to opt-in/opt-out for any specific product and or service which may allow/seek access to the Users’ personal information to be used for such purposes. Once the User successfully un-lists his/her personal device number from WhizHack, such User’s name shall no longer be displayed vide WhizHack.

(iv) The Users have further been provided with an option of not using their Personally Identifiable Information on WhizHack for access to any location and/or building other than the one to access which they had created their WhizHack profile, in which case such a User or Users may not be able to access part or full services in connection with WhizHack. In the event of any User or Users not being agreeable with the terms of Data Protection and Privacy Policy, such User/Users are free to delete their account/s or not use WhizHack. Upon deletion of such User account, their Personally Identifiable Information and any associated Contents, except to the extent required to be retained by the Company under applicable laws of the land, will be deleted from the servers. Similarly, a User can also not be linked to a location as an employee of that location without User’s consent. When the employer uploads the data of all employees on the WhizHack platform, the user gets a notification and has a right to not consent to the same. Only after the user gives her/ his consent, will she/ he become the employee of that particular location on WhizHack platform.

(v) Company may disclose the Personally Identifiable Information and available user content as required pursuant to applicable laws, upon a directive or order of a government entity or statutory authority or any judicial or regulatory authority or to law enforcement agencies in any official investigation including but not limited to cyber incidents, prosecution and punishment of offences. It has been consented to by the Users of WhizHack that the WhizHack has the right to monitor WhizHack electronically from time to time and to disclose any such information as may be necessary to satisfy any law, regulation or other governmental request, to operate WhizHack properly for justified purposes that are relevant for the features and functionalities of WhizHack and related services opted by the User, or to protect itself or its subscribers. Company may transfer the Users’ Personally Identifiable Information or other information collected, stored, processed by WhizHack to any other entity or organization located in India or outside India only in case it is necessary for providing services to the Users’ in connection with WhizHack. Except with the consent of the Users’ including under this Agreement for specified purposes, WhizHack will not disclose any Personally Identifiable Information to any third party. Company will cooperate with the appropriate law enforcement authorities in investigating claims of any illegal activity.

(vi) Upon use of WhizHack, the User authorizes the Company to contact the User regarding any promotions / notifications pertaining to WhizHack, not with standing that User’s number may be registered in the respective Do not Call Registry in User’s jurisdiction.
(vii) User’s name and User’s mobile phone number (hashed) may be displayed when a User is searching for the host who is an employee at a WhizHack powered location or building or office, for which the User is requesting for a pass.

5. Principles for processing Personal Data/Information Collected:

It is clearly envisaged that the Company vide WhizHack ensures that the processing of the information, including the personal data and the personally identifiable information shall be conducted in a fair and legal manner. It is understood that the personal data and or personally identifiable information provided to the Company by the Users will be processed (for the purposes of enhancing and providing a more user friendly experience of WhizHack) only for the purposes that have been defined and entailed in Clause 4 of this Policy and including the purposes that were defined and understood before such data and or information was collected. Further any subsequent changes to the purpose are only permissible or possible to a limited extent permitted by law and requires substantiation from the Users by way of an express consent. In the interest of protecting the privacy of its Users and for security measures, it is ensured that reasonable steps will be taken to identify and authorise the Users as well before registering their mobile phone numbers and granting users the access and use of the WhizHack.

6. Changes by User to Information Collected:

Company vide WhizHack allows the User to update or change the information so provided at the time of being given access to WhizHack. The User can add or delete information that he/she chooses to share or not share with WhizHack. However, in the event of the User deciding not to share certain information through WhizHack , Company may not be able to give access to part or full services in connection with WhizHack. It is understood that the User has been provided with the option of either sharing his/her profile with another similarly situated User of WhizHack or not share his/her profile with another User of WhizHack. The User also has been given the option to opt out of receiving emails, or other promotional notifications and materials containing notifications pertaining to WhizHack.

7. Keeping the information collected secure:

WhizHack has been built with such strong security features that it enables the Company to continuously protect the information so collected from the User. The Company endeavours to protect the information collected from the User from any unauthorised access, alteration, unauthorised disclosure or destruction of information so provided by the Users in order to avail the services of WhizHack and in doing so the Company follows various best industry standards and practices for the security of data in transit and data at rest. It is understood that the Company employs the following security protocols:

(i) AES 256 Bit Encryption and Data On Secure Cloud behind a Firewall.

(ii) End to End Encryption is used to ensure that the data shared between the application, the Central Server, the Location Server and the IoT controller, at all times travels in encrypted form and is readable only by WhizHack.

(iii) WhizHack and document if any, on the Users’ phone is also encrypted and is not transferable to any other application/platform and/or device.

(iv) Company has no access to the access history of a User and the said access history is the property of the Location Server which has processed that particular access event. A pass/ invite is stored on the Central Server only till the validity period of that particular pass. Once a pass/ invite is past its validity period/ has expired, it is automatically deleted from the Central Server by end of the day on which such pass/invite has expired.

8. Sharing the Information collected:

Company may share the Information collected from the User with related entities to maintain or further develop and enhance WhizHack, its services and to ensure the functionality and security of WhizHack for the User and to prevent and investigate any fraud and other misuse. Company may share non-Personally-Identifiable Information (such as anonymous user usage data, referring / exit pages and URLs, platform types, asset views, number of clicks, etc.) with third-parties to better understand usage patterns for certain content, services, advertisements, promotions, and/or functionality related to WhizHack. Company shares the information collected from the User in accordance with his Policy and any other appropriate confidentiality and security measures. Company may share the information collected from the User with law enforcement agencies and Courts and Tribunals in order to cooperate with an investigation or pursuant to an order of the Court.

9. Retention of Information Collected:

Company will retain User’s information collected as needed to fulfil the purposes for which it was collected. Company will retain and use the personal information of the User as necessary to comply with business requirements, legal obligations, resolve disputes, protect our assets, and enforce our agreements.

10. Transfer of Information Collected:

Subject to the consent of the User, the Company may transfer User’s Information collected including Personally Identifiable Information, to its affiliates or to third parties and business partners located in various countries around the world. The information so shared or intended to be shared by the Company does not include the access history of the User since the same is not accessed by the Company. By using WhizHack and/ or providing any personal information to Company, where applicable law permits, the User consents to the transfer, processing, and storage of such information outside of the country of residence of the User where data protection standards may be different.

11. Data Audits and Compliance with Applicable Laws:

Compliance with the Data Protection and Privacy Policy and the applicable data protection laws is checked regularly with data protection audits and other controls. The performance of these controls is the responsibility of the Data Protection Officer.

12. Updates to this Data Protection and Privacy Policy:

Company may update this Policy from time to time. As and when it is modified, the same will be posted on the website of the WhizHack application, with an updated revision date. The User agrees to visit these pages periodically to be aware of and review any such revisions. If Company makes any material changes to this Policy, it may also notify the User by other means prior to the changes taking effect, such as by posting a notice on our websites or sending the User a notification. By continuing to use WhizHack after such revisions are in effect, User accepts and agrees to the revisions and to abide by them.

13. Grievance Redressal:

If the User has any unresolved privacy concern related to personal data processed or transferred by Company that has not been addressed satisfactorily, please contact Company at info@www.whizhack.com.