Privacy policy

This Privacy Policy (“Privacy Policy”) is published in compliance with inter alia: Section 43A of the Information Technology Act, 2000 (“IT Act”); Rule 4 of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (“SPDI Rules”); and Rule 3(1) of the Information Technology (Intermediaries Guidelines) Rules, 2011. This Privacy Policy deals with information we collect in relation to our Platform and explains: what information we collect; how we collect and use that information; how you can provide information selectively, and how you can access and update this information; and how we process, share and protect your information.The Platform is owned and managed by osto (“We” or “Us” or “Our”), a firm engaged in the business of developing, testing, marketing and selling a wide variety of cybersecurity software and hardware (“Services”) with our corporate offices at OSTO CYBERSECURITY PRIVATE LIMITED WEWORK DLF FORUM, CYBERCITY, PHASE III, DLF QE, Gurgaon- 122002, Haryana, India amongst other locations in India.

This Privacy Policy applies to all current and former users accessing or using Our Platform, or otherwise engaging with us through email or other means (collectively, “You” or “Your”). The collection and processing of information in the course of our delivery of Services, or other contractual or commercial engagements that we may enter into, will be done in accordance with the specific terms applicable thereto, and not by this Privacy Policy.By accessing or using Our Platform or by otherwise giving Us Your information, You confirm that You have the capacity to enter into a legally binding contract and have read, understood and agreed to the practices and policies outlined in this Privacy Policy. You hereby consent to Our collection, use, sharing, and disclosure of Your information as described in this Privacy Policy. We may modify, add or delete from, this Privacy Policy from time to time, and Your continued access to, or use of the Platform, will be deemed to be an acceptance of the said changes.

If You do not agree with this Privacy Policy at any time, in part or as a whole, do not access/use the Platform or services provided through the Platform, or provide Us with any of Your Information. If You are accessing or using the Platform from any location outside India, You do so at Your own risk, and will be solely liable for compliance with any local laws, as may be applicable.We collect the following types of information about You, both through offline documentation that You may provide, as well as when You use Our Platform: User Information, Demographic Information, Behavioural Information, and Indirect Information, (each of which have been defined below, and collectively, “Information”). We collect Your Information either directly from You through offline documentation and/or the Platform or indirectly by using different technologies.

In order to access Our Platform, You may be required to provide Us with information in the nature of Your name, email address, mobile number, the company/ organization You work for, title, designation, physical addresses (collectively, “User Information”). We may also collect User Information when You visit any of Our offices to enquire about, or avail Our Services or attend any seminars, webinars, conferences or events organised by Us. Further, We may collect User Information that You provide Us with for attending meetings held at Our offices such as accessibility and dietary requirements. Such User Information can imply or suggest a member’s health or other information which may include SPDI (as defined below). You agree and acknowledge that such information is only collected temporarily for the aforesaid limited purposes and consent to Our collection thereof.

We may collect from You, information which is not unique to You and refers to selected population characteristics (“Demographic Information”) including age, gender and current location details.We may also collect information about how You use the Platform and information about Your mobile device and software including usage statistics, traffic data, Your IP address, browser and operating system type, domain names, access times, locations, and details regarding the parts of the Platform that You access (“Behavioural Information”).Your use of certain third-party services on the Platform also requires Us to collect such information as is considered necessary for that purpose (“Indirect Information”). While We may collect Demographic Information, Behavioural Information and Indirect Information when You access or use Our Platform, We collect User Information only from You with Your prior consent unless there are other legal grounds for doing so, as further specified in this Privacy Policy.

Where You provide Us with User Information of third parties, We understand that You have obtained consent of such third parties, and have sufficient rights, approvals and licenses to provide such information to Us.The IT Act and the SPDI Rules regulate the collection, usage, retention and disclosure of personal information, which is defined under the SPDI Rules as any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available to a body corporate, is capable of identifying such person (“Personal Information”). The SPDI Rules further define “Sensitive Personal Data or Information” (“SPDI”) of a person as Personal Information about that person relating to: passwords; financial information such as details of bank accounts, credit cards, debit cards or other payment instruments; physical, physiological and mental health condition; sexual orientation; medical records and history; biometric information; any detail relating to the above categories, as specified in this paragraph, as provided to the body corporate for providing services; and any of the information received under the above categories, as specified in this paragraph, by a body corporate for processing, stored or processed under lawful contract or otherwise.Some of the Information collected by Us may qualify as Personal Information.

We understand that all Personal Information provided by You to Us is voluntarily. Collection, use and disclosure of Personal Information requires Your express consent, unless there are other legal grounds available to us to collect such information as further specified in this Privacy Policy. By using or accessing the Platform or otherwise providing Us with Your Personal Information, where applicable, You are providing Us with Your consent to Our use, collection, retention, transfer and disclosure of the Personal Information in accordance with the terms of this Privacy Policy.In the event of a change in the law applicable to data protection in India, You hereby expressly consent to Our continued use, storage, collection and disclosure of Your Information including Personal Information to the fullest extent permitted under such applicable law.

We may reach out to You for obtaining additional consents and approvals as required under the amended law and You will be required to comply with such requests. Should You choose to not provide Us with such additional consents and approvals, We may have to discontinue your access to the Platform. You may choose to not provide Us with or withdraw any or all information included under Personal Information, but in the event that You do so, We may be unable to allow you to access the Platform or otherwise avail services for the provision of which your information is being collected or processed.

We use Your Information for the following purposes: to operate and improve the Platform in order to foster a positive user experience and to improve Our business as a whole; analysing data, tracking trends, building algorithms, creating databases for rating systems, recommendations engines, etc.; research; for non-targeting reasons such as frequency capping, compliance, information reporting or delivery, market research or product development purposes; to conduct audits and quality assessment procedures; and to analyse the use of Our resources and troubleshooting problems in relation to Our Platform.In addition to the above, We also use Your Information, including Personal Information, for the following purposes: for Our internal operational purpose such as record keeping, accounting and compliance with applicable taxation laws; for the purposes of recording information including dates times and locations at which Our Platform have been accessed by using various tracking technologies and thereby improve Our Platform and Your experience by providing You with relevant information based on the above.

Your disabling of tracking technologies on the Platform by changing settings on Your smartphone and/or web browser may result in Your inability to use the Platform fully or at all; for providing You with regulatory updates which We believe are relevant for You; to invite You for seminars, webinars and workshops conducted by Us which We believe may be of interest to You; to comply with applicable law; to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person, or as otherwise required by law; to respond to any queries that You may have, and to communicate information to You, including notifications of any alerts, any updates to the Platform; and to contact You from time to time to record Your valuable feedback on Our Platform, as they currently stand, and/or any potential services that may be offered in the future. (Collectively, the above constitute “the Purposes”).

If You wish to opt out of receiving communications such as information regarding the Platform and/or any regulatory updates provided by Us, you may do so by emailing Us at  help@osto.one. Further, We may use social media platforms such as LinkedIn, Twitter and Facebook. If You connect with Us through any of these services, then such engagement will be subject to the terms of service and privacy policy of the relevant social media platform and You should review the same before connecting with Us on such social media platform.Our processing of Your Personal Information in the context of Your visit to, and use of Our Platform are based on Our legitimate interests to operate an internet website and blogs for general information and communication purposes, to optimize Our website and blogs, and to protect it from attacks.

Furthermore, our processing of Your Personal Information for providing regulatory updates or conducting other business development activities serves the legitimate interests of the users to receive training in legal matters and know-how and serves Our legitimate interests to develop Our business and promote client relationships.We disclose Your Information including Personal Information, as the case may be, to third parties in the manner specified below: disclosing Your Information including Personal Information to companies and individuals who are acting as our counterparties, consultants and advisors in relation to the Platform; disclosing Your Information including Personal Information to companies and individuals who are authorised by Us to perform certain functions in relation to the Platform and/or Our business, including Our third-party service providers, consultants and professional advisors and insurers; We also share aggregated information about You with partners, other Platform users, and other third parties for the purpose of improving Our Platform; We may transfer Information including Personal Information to third parties, including persons outside India, in furtherance of the above; and We may disclose Your Information, including Personal Information, if legally required to do so, pursuant to an order from a governmental entity or in good faith.

We will disclose the Information to: conform to legal requirements or comply with legal process; protect Our rights or property; prevent a crime or protect national security; or protect the personal safety of users or the public.Such third parties may include: any of Our agents, contractors or third-party service providers that process or will be processing Your Information, on Our behalf, including but not limited to those which provide administrative or other services to Us such as mailing houses, telecommunication companies, information technology companies and data centres; and third parties, such as service providers, to whom disclosure by Us is for one or more of the Purposes and such third parties would in turn be collecting and processing Your Information including Personal Information for one or more of the Purposes.

The Platform may contain links to third party websites and services (“Third Party Services”). We have no control over such Third-Party Services, which are provided by persons or companies other than Us. We are not responsible for any collection or disclosure of Your information by such companies or persons thereof. Further, we are not liable for any loss or damage which may be incurred by You as a result of the collection and/or disclosure of Your information via Third Party Services. We shall not be liable for any disputes arising from or in connection with such transactions between You and the aforementioned third parties. Such third-party websites, and external applications or resources, accessible via the Platform may have their own privacy policies governing the collection, storage, transfer, retention and/or disclosure of Your information that You may be subject to. We recommend that You exercise reasonable diligence, as You would in traditional offline channels and practice judgment and common sense before committing to any transaction or exchange of information, including but not limited to reviewing the third-party website or application’s privacy policy.

You may review, correct, update, or change Your Personal Information on the Platform by emailing Us at help@osto.one. You may also request Us to delete Your Personal Information, and We will comply with such requests within a reasonable time, unless We are required to keep certain information for legal purposes. Should You choose to delete Your Personal Information, or modify it in a way that is not verifiable by Us, or leads to such Personal Information being incorrect, We will be unable to provide You with access to Our Platform, and such a deletion or modification may be regarded as the user seeking to discontinue access to Our Platform.

We reserve the right to verify and authenticate Your identity and Your Personal Information in order to ensure accurate delivery of services through the Platform. Access to, or correction, updating or deletion of Your Personal Information may be denied or limited by Us if it would violate another person’s rights and/or is not otherwise permitted by applicable law.We endeavour to maintain physical, technical and procedural safeguards that are appropriate to protect Your Information against loss, misuse, copying, damage or modification and unauthorized access or disclosure. Some of the security measures adopted by Us are: We review Our information collection, storage and processing practices, including physical security measures, to guard against unauthorized access to systems; and We restrict access to Personal Information, to Our employees, agents and service providers who need to know that information in order to process it for Us, and who are subject to strict contractual confidentiality obligations, and who may be disciplined or whose relationship with Us may terminate, if they fail to meet these obligations.

Further, We shall not be responsible for any breach of security or for any actions of any third parties or events that are beyond Our reasonable control including but not limited to acts of government, computer hacking, unauthorised access to computer data and storage device, computer crashes, breach of security and encryption, etc.We will put in place measures such that Your Personal Information, which is in Our possession or under Our control, is destroyed and/or anonymized as soon as and in any case, within 5 (five) years of it being reasonable to assume that (i) the Purpose for which that Personal Information was collected is no longer being served by the retention of such Personal Information; and (ii) retention is no longer necessary for any other reason including applicable law. If You wish that We no longer use Your Personal Information in accordance with the terms of this Privacy Policy, contact Us at connect@osto.one. We, however, reserve the right to retain, store and use Your Information including Personal Information for Our business purposes, whether such Information has been deleted or not.

After a period of time, Your data may be anonymized and aggregated, and then may be held by Us as long as necessary for Us to provide Our Services effectively. Please note that Your withdrawal of consent to use Your Personal Information may result in Us not being able to provide You with access to the Platform, or terminate any existing relationship that We may have with You.We cannot ensure that all of Your Information including Personal Information will never be disclosed in ways not otherwise described in this Privacy Policy. Therefore, although We are committed to protecting Your privacy, We do not promise, and You should not expect, that Your Information or private communications will always remain private.

As a user of the Platform, You assume all responsibility and risk for Your use of the Platform, the internet generally, and the information You post or access and for Your conduct on and off the Platform.You agree and undertake to indemnify Us in any suit or dispute by any third party arising out of disclosure of information by You to third parties either through Our Platform or otherwise, and Your use and access of websites, applications and resources of third parties.

We assume no liability for any actions of third parties concerning Your Information or Personal Information that You may have disclosed to them.In accordance with the IT Act and the rules made thereunder, the name and contact details of the Grievance Officer are provided below: grievance@osto.one.You may also write to him at the following address: OSTO CYBERSECURITY PRIVATE LIMITED WEWORK DLF FORUM, CYBERCITY, PHASE III, DLF QE, Gurgaon- 122002, Haryana.