Blog
Privacy Policy
The Privacy Policy was last revised in May 2018.
Background
1.1. UMBO IDTech Private Limited (the “Company”) adheres strictly to information technology
and data protection laws, rules, and regulations, including but not limited to, Digital Personal
Data Protection Act, 2023 (“DPDP Act”), the Information Technology Act, 2000 and the
Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal
Data or Information) Rules, 2011 and other relevant regulations.
In order to ensure compliance with the same, the Company has implemented this privacy
policy which may be amended as and when required by the Company at its ownsole discretion
(the “Privacy Policy”). The Company understands the importance of and prioritizes the
protection of sensitive personal data or information. This Privacy Policy specifies the manner
in which sensitive personal data or information is collected, received, stored, processed,
disclosed, transferred, dealt with, and handled by the Company in relation to your use of the
Riskcovry website (the “Website”) and software application platform for mobile devices (the
“App”) and related services.
Definitions:
- “Personal Data” means any data about an individual who is identifiable by or in relation to such data.
- “Sensitive Personal Data” includes financial information, biometric data, and health data as defined by applicable law.
- “Data Principal” means the individual to whom the Personal Data relates.
- “Data Fiduciary” means a person, company or an entity that determines the purpose and means of processing of personal data .
- “Data Processor” means UMBO IDTech Private Limited or to any third-party processing data on behalf of the Company.
- “Processing” means any operation performed on personal data, such as collection, storage,
Customer Data
2.1. This Privacy Policy governs the Company’s collection, receipt, storage, processing,
disclosure, transfer, dealing with and handling of the Customer Data, which includes but is not
limited to, information the Company: (a) collects from you when you register on the
Website/App for a free or a paid account for use of premium services on the Website/App,when
you convert your free account to a paid account, or when configure your details within the
Company’s systems, such as your name, electronic mail address, password, phone number and
other details; (b) collects from you related to the manner and mode of payment of fees for the
use of the Website/App, such as details of your bank account, creditcard, debit card, net
banking, etc.; (c) stores regarding your content, received or initiated using the Website/App,
including but not limited to, details of the phone numbers that interact with your account, IVR
content and call recordings; and (d) automatically receives and records on its server logs from
your internet browser, including but not limited to, yourlP address, cookie information and
details of the web pages you request.
In order to register on and use the Website/App, you are required to share the Customer Data
for the effective performance of the Website/App.
III. Consent
3.1. By installing or accessing the Website/App and registering for and using the Website/App,
you agree to be bound by and expressly consent to the terms and conditionsof this Privacy
Policy. In the event that you do not agree with and/or consent to the termsand conditions
set out herein, please do not install, use, or access the Website/App. You hereby acknowledge
and agree that by mere installation and use of the Website/App, youexpressly consent to the
Company’s collection, receipt, storage, processing, disclosure, transfer, dealing with and
handling of the Customer Data in accordance with this Privacy Policy.
3.2. You understand that while your account is active to use the Website/App, the Company,
its subsidiaries, affiliates and third parties engaged by it, may retain your Customer Data, and
use it in any manner in order to comply with its contractual obligationsand other obligations
under applicable law.
3.3. In the event that you wish to withdraw your consent to the Company’s collection, receipt,
storage, processing, disclosure, transfer, dealing with and handling of the Customer Data, you
may contact the Company at su*****@*******ry.com, informing the Company of your
withdrawal of consent to its use as aforesaid of your Customer Data. You hereby acknowledge
and agree that in case you withdraw your consent to the Company’s use and disclosure of
your Customer Data as provided for in this Privacy Policy, the Company hereby expressly
reserves the right to discontinue provision of access to the Website/App at its own sole
discretion.
IV. Purpose of Collection and Use of Customer Data
4.1. You hereby acknowledge and agree that the Customer Data is collected by the Company
for a lawful purpose and to facilitate your use of the Website/App. You further acknowledge
and agree that such collection of Customer Data is necessary for the same and that the Company
does not retain any Customer Data for longer than is required for the purposes of your use of
the Website/App. The Company collects and uses the Customer Data for the following
purposes:
4.1.1. The Company uses the Customer Data to provide you with access to its Website/App
and services from its subsidiaries, affiliates and third parties.
4.1.2. The Company uses the Customer Data to monitor your use of the Website/App in
order to provide other value added services, including but not limited to:
(a) provision of real time notifications vide SMS and/or electronic mail regarding various
activities relating to your account; (b) provision of details such as data of social network
friends, phone calls, etc.; and (c) provision of call making facility from the Website/App or
Google Chrome plugin or extension designed/provided by the Company or its subsidiary or
third party providers authorised by the Company that allows you to make calls directly from
your web browser.
4.1.3. You hereby acknowledge and agree that the Customer Data, to the extent consistingof
details related to the manner and mode of payment of fees for the use of premium services
on the Website/App (such as details of your bank account, credit card, debit card, net banking,
etc.), submitted by you while making payment of fees: (a) goes through the safe and secure
transaction process provided by the Company’s payment gateway partners;
4.1.4. The Company uses the Customer Data to resolve complaints raised by you as per the
Company’s policies including but not limited to support and maintenance policies, if any.
4.5. The Company may use the Customer Data to provide you with new products, services
and support and maintenance services. In addition, you hereby acknowledge and agree thatthe
Company may use the Customer Data: (a) to notify you of technical updates or changesin the
Company’s policies, (b) to improve the content and functionality of the Website/App, and (c)
to assist the Company in better understanding its users and/or to deliver other services.
Where automated tools or algorithms are used to analyse data for fraud detection, customer
insights, or personalization, such processing shall be subject to human oversight. Individuals
have the right to request review or clarification of decisions made solely through automated
means
4.1.6. You hereby acknowledge that the Company uses cookies while providing access to the
Website/App and consent to its continued use of the same. For the purpose of clarity, ‘cookies’
are small files that a website or service provider transfers to your computer and/orhard drive
through your web browser, provided you consent to the same, that enables the websites’ or
service providers’ systems to recognize your web browser and capture and retain certain
information. You hereby acknowledge and agree that cookies may be used for the Company’s
implementation and use of display advertising. You may opt out of certain advertising using the
ads preferences manager built on the Website/App. In addition, you acknowledge and agree
that: (a) the Company uses and may continue to use remarketing with Google analytics toadvertise online; and (b) the Company and third party subs, mayuse first party cookies and third
party cookies together to inform, optimize and serve ads based on your and/or others’ use of
the Website/App.
4.1.7. The Company works closely with its subsidiaries, affiliates and third parties engagedby
it during the course of the provision of various services relating to the Website/App.
You hereby acknowledge and agree that the Company may disclose the Customer Data to its
subsidiaries, affiliates and authorized third parties engaged by it, which subsidiaries, affiliates
and authorized third parties may or may not be located within India. However, in any such
cases, the Company shall make reasonable commercial efforts to ensure that suchsubsidiaries,
affiliates and authorized third parties keep such portions of the Customer Data that they may
receive from the Company confidential as per industry standards.
4.2. The Company undertakes that it shall not cause the collection, receipt, storage,
processing, disclosure, transfer, dealing with and handling of the Customer Data provided on
the Website/App or pursuant to the past, current or future use of the Website/App byany of
its subsidiaries, affiliates and other third parties, except as provided in this PrivacyPolicy, or
in accordance with lawful instructions issued by you, or as required under applicable law.
4.3 Lawful Basis for Processing: The Company processes Personal Data based on one or
more lawful grounds, including:
- Obtaining explicit consent from the Data Principal;
- Necessity for performance of a contract or provision of services;
- Compliance with a legal obligation; or
- Legitimate interests pursued by the Company, provided such interests do not override
your privacy rights.
V. Disclosure of Customer Data
5.1. The existing regulatory environment and applicable law may make it necessary for the
Company to disclose the Customer Data in ways not explicitly highlighted in this Privacy Policy.
Accordingly, you hereby acknowledge and agree that the Company may disclose the Customer
Data in the circumstances set out below:
5.1.1. Subsidiaries and affiliates
The Company may share the Customer Data with its subsidiaries, or any entity affiliated to it for
the purposes consistent with this Privacy Policy, provided that the Company shall make
reasonable commercial efforts to ensure that its subsidiaries and affiliates keep the Customer
Data that they may receive from the Company confidential as per industry standards.
5.1.2. Statutory or Legal Obligation
The Company may need to disclose the Customer Data if required to do so by law and ifsuch
action is necessary to: (a) comply with a legal obligation; (b) protect and defend therights or property
of the Company; and (c) protect the Company from incurring any legalliability itself. In addition,the Company may disclose the Customer Data to third partieswithout your consent such as its
attorneys, law enforcement authorities, courts of competent jurisdiction, judicial or
administrative agencies, or legislative bodies as and when such disclosure is deemed necessary
to comply with any applicable law, regulation, or official direction and to protect the Company’s
rights. In the event of a data breach, the Company shall promptly assess the impact and notify
affected individuals and relevant authorities, such as the Data Protection Board of India, within
72 hours as mandated by applicable law.
5.1.3. Business Transfers
As the Company develops its business, the Company may sell or buy businesses and assets. In
the event of a corporate sale, merger, reorganization, dissolution, or similar event, you
acknowledge and agree that Customer Data may form part of the transferred assets. You
further acknowledge that the acquirer or successor of the Company may continue to use the
Customer Data in the manner set forth herein, provided that the Company shall make
commercially reasonable efforts to ensure that the acquirer or successor keeps the Customer
Data that they may receive from the Company confidential as per industry standards.
5.1.4. Third Parties
a. You hereby acknowledge and agree that in cases where you elect to use one or more third
party applications or platforms that interoperate with the Website/ App, those applications
or platforms may, upon your election, be given access to your Customer Data. You further
acknowledge and agree that in such cases, the Company shall not be responsible for the
policies and practices of such third-party application or platform providers and shall not incur
any liability arising out of or in connection with any action orinaction by any such third-party
application or platform provider concerning the Customer Data. All vendors or processors
handling Personal Data on behalf of the Company are subject to contractual data protection
obligations, periodic assessments, and audits to ensure compliance with this Policy and
applicable regulations.
VI. You hereby acknowledge and agree that the Company may engage third parties (whether
located within or outside India) to perform certain business related services, including but
not limited to, maintaining databases and servers, processing SMSs and calls, processing
payments and storing the Customer Data, provided that the Company shall disclose only
that portion of the Customer Data that is necessary for them to perform their specific
services and further make commercially reasonable efforts to ensure that such third parties
keep such portions of the Customer Data that they may receive from the Company
confidential as per industry standards. Notwithstanding anything contained herein, you
hereby acknowledge and agree that this Privacy Policy shall not apply to the use of the
Customer Data by any third parties in violation of the terms and confidentiality obligations
under which the same have been disclosed to them by the Company and that the Company
shall not be liable or responsible for any consequences arising out of or in relation to the
same. Transfer of Personal Data outside India shall occur only where the destination
ensures adequate data protection measures, or under legally binding contracts
incorporating standard data protection clauses approved under applicable law. The
Company maintains records of such transfers for compliance review.
VII. Reasonable Security Practices and Procedures
7.1. The Company has effectively assessed the security threats and risks and implemented
managerial, technical, organizational, administrative, and physical measures to help ensure a
level of security appropriate to the risk to the personal information we collect, use, disclose, and
process. These measures are aimed at ensuring the ongoing integrity and confidentiality of
personal information. The Company integrates privacy and security principles throughout the
design, development, and deployment of its systems, ensuring that Personal Data collection and
processing are limited to what is necessary for intended purposes.
7.2. We have established an effective and continually improving Information security
management system in alignment with global security standards and best practices including
ISO/IEC 27001:2022. We also adapted the best practice guidelines of IRDAI.
7.3. All necessary managerial technical, physical, and operational controls are established and
governed, including regular security and privacy risk assessment and treatment, physical and
logical access controls, surveillance, encryption of critical and sensitive data, secure
communications and so on.
7.4. The Company evaluates our security controls and measures on a regular basis to help
ensure the security of the processing. The Company vide regular internal audits and checks,
ensure that the information security management system and associated
controls/practices are effective and that there is no unauthorized collection, receipt,
storage, processing, disclosure, transfer, dealing with and handling of the Customer Data.
7.5. The Website/App has strict security measures in place which help protect against loss,
misuse, and unauthorized alteration of the Customer Data. In cases where you change or
access the Customer Data, the Company adheres to strict security guidelines, protecting itagainst
unauthorized access.
7.6. In addition, only authorized employees of the Company and its subsidiaries, affiliates and
third parties engaged by it may be given access to the Customer Data where requiredfor the
performance of their obligations in connection with the Website/App.
VIII. Suspension of Account, Removal and Modification of Customer Data
8.1. The Company shall suspend your account and your use of the Website/App upon a
request made by you via electronic mail to su*****@*******ry.com. In such event, your
Customer Data will be deleted as soon as reasonably practicable in accordance with the
Company’s policies and applicable law. However, the Company may retain your Customer Data,
to the extent permitted by applicable law to be used in certain circumstances such as to resolve
disputes, troubleshoot problems and enforce the Company’s applicable policies.
Further, you hereby acknowledge and agree that such Customer Data may never be
completely removed and/or deleted from the Company’s and/or third parties’ databasesdue
to technical and legal constraints.
8.2. If at any time, you wish to review the Customer Data in order to ensure that the Customer
Data is accurate, you may mail the Company at bookings@riskcovry.com_and express your concerns regarding the accuracy of the Customer Data and the Company shallthereafter take
steps to correct and/or amend the Customer Data to the extent feasible, to ensure its accuracy,
provided that the Company, its subsidiaries, affiliates and third partiesshall not be responsible
for the accuracy and/or authenticity of the Customer Data supplied by you and the Company
hereby disclaims any and all liability arising out of or in connectionwith the accuracy and/or
authenticity of the Customer Data. The Company’s services are not directed to or intended for
use by individuals under 18 years of age. The Company does not knowingly collect Personal
Data from minors. If such data is inadvertently collected, it will be deleted promptly upon
discovery.
8.3. Data Principal Rights:
In accordance with applicable data protection laws, you have the right to:
- Access your personal data processed by the Company;
- Correction or Updating of inaccurate or incomplete information;
- Erasure of your data when it is no longer necessary or upon withdrawal of consent;
- Data Portability, where feasible;
- Withdraw Consent at any time without affecting prior lawful processing; and
- Lodge a Grievance with the Company’s Grievance Officer or the designated Data Protection
Board of India. - Requests can be sent to info/su*****@*******ry.com
- and will be acknowledged within 7 working days and resolved within 15 working days.
IX. External Links
9.1. You hereby acknowledge and agree that when you use the Website/App, there may be
certain links which may direct you to other websites or applications not maintained by the
Company (the “Third Party Website”). The manner in which your Customer Data is collected,
received, stored, processed, disclosed, transferred, dealt with, and handled by such Third-Party
Websites is governed by the terms and conditions and privacy policy of therespective ThirdParty Website. You hereby further acknowledge and agree that the Company has no control
over the Customer Data in such an event.
The Company urges you to acquaint yourself with the terms and conditions and privacy policy
of every such Third Party Website and in this regard, the Company hereby expressly disclaims all
liabilities with respect to the manner in which the Third Party Website collectsand/or uses the
Customer Data.
X. Changes and Updates
10.1. This Privacy Policy is subject to change from time to time at the Company’s own sole
discretion. You hereby acknowledge and agree that your continued use of the Website/App
constitutes your agreement to this Privacy Policy and any updates hereto.
If at any time theCompany wishes to alter this Privacy Policy, the changes made will be posted
at this URL foryou to be aware of the sensitive personal data or information that is collected,
received, stored, processed, disclosed, transferred, dealt with, and handled by it.
10.2. The Privacy Policy was last revised in May 2024. The most current version of this Privacy
Policy shall be made publicly available on the Company’s website.
XI. Redressal of Grievances
11.1. If at any time you have questions or concerns with respect to the Privacy Policy, please
feel free to e-mail the Company at in**@*******ry.com. If at any time you have grievances or
complaints with regard to the collection, receipt, storage, processing, disclosure, transfer,
dealing with and handling of Customer Data in a time bound manner or otherwise, you may
contact the “Grievance Officer” of the Company, who shall redress your grievance/complaint
within one (1) month from the date of receipt of the grievance/complaint. While registering a
grievance/complaint, you are kindly requested to quote your account details for the Company’s
reference to enable it to effectively resolve your grievance/complaint.
Grievance Office details below
Grievance Officer: Harsh Mehta
Email ID: in**@*******ry.com
XII. Governing Agreements and Law
12.1. Notwithstanding anything contained herein, this Privacy Policy is subject to any and all
agreements that you execute with the Company and shall further be governed by and construed
exclusively in accordance with the laws of India.
Copyright(c) of UMBO IDTech Private Limited. Send feedback to vi***@*******ry.com