WHAT PERSONAL DATA DO WE GATHER ABOUT YOU AND HOW DO WE COLLECT IT?
Personal Data means any information that can be used to personally identify you or contact you online or elsewhere.
We may collect and use the following Personal Data about you:
- Your name and contact information, including postal address, e-mail address and telephone numbers.
- Information that enables us to check and verify your identity, e.g. your date of birth
- Your gender information, if you choose to give this to us location data
- Your billing information, transaction and payment card information
- Information that enables us to undertake credit or other financial checks on you Your personal or professional interests, household, lifestyle, habits and preferences
- Information from accounts you link to us, e.g. Facebook information about how you use our website, IT, communication and other systems your responses to surveys, competitions and promotions
- Your IP address and your mobile/tablet/device ID
- Information provided to us for your attendance at events, including which events you attend as well as information about access or dietary requirements.
PERSONAL DATA WE COLLECT FROM YOU
We collect most of this Personal Data directly from you – in person, by telephone or e-mail and/or via our website and apps. This usually occurs when you take part in one of our promotional activities or subscribe to one of our Digital Services, for example:
- Registration or sign-up online: e.g. mobile app, websites, social media or subscribing to a newsletter specific to our Digital Services or creating an account to be a member of a club
- ‘Send to a friend’ marketing communications
- Sweepstake and contest
- Buying products or services online
- When doing e-commerce on certain of our websites
- Using a QR Code displayed on products
- Events (invitation forms or online forms on tablets filled out by our representatives with your input)
- Feedback, questions, enquiries, surveys or comments through ‘Contact us’
- Any other request that requires the submission of Personal Data
The type and amount of information we collect for the features listed above will vary and depends on the activity
PERSONAL DATA WE COLLECT FROM OTHER SOURCES
We may also collect information:
- Directly from a third party, e.g.: “Send to a friend” marketing communications or a third party sign-up form from one of our partners;
- From a third party with your consent, e.g. your bank
- From cookies on our website
- Via door entry systems and reception logs;
- From automated monitoring of our websites and other technical systems, such as our computer networks and connections, CCTV and access control systems, communications systems, e-mail and instant messaging systems; or from one of our BIPL affiliates.
Subject to applicable law requirements, we may use a variety of technologies that collect and provide information about how our Digital Services are accessed and used by you. We may also use demographic information about the users of our Digital Services, which we may obtain from third parties such as Google or social media that you use (“Usage Information”).
HOW AND WHY DO WE USE TRACKING TECHNOLOGIES?
We use tracking technologies such as cookies, IP address recording or log files, to gather technical information such as your web browser type and which operating system you use, the webpage you came from, your path through our website and your Internet Service Provider. This is so we can improve the functionality of our websites and better understand how visitors like you use our Digital Services and the tools they offer. Often, individuals will interact with us in multiple ways and will provide us with personal information in different contexts. We may use your personal information to obtain a profile of your different interactions with us and to understand your preferences.
These tracking technologies help us tailor our Digital Services to your personal needs:
- An IP address is a number that is used by computers on the network to identify your computer every time you log on to the Internet. We may keep track of IP addresses to (among other things): (i) troubleshoot technical concerns, (ii) maintain website safety and security, (iii) restrict access to our Digital Services to comply with applicable law or contractual restrictions, and, (iv) better understand how our Digital Services are used;
- We (or a third party on our behalf) may collect information in the form of a log files that record activity on the Digital Services and gather statistics about users’ browsing habits. These entries are generated anonymously and help us gather (among other things) (i) a user’s browser type and operating system, (ii) information about a user’s session (such as the URL they came from, the date and The time they visited our Digital Services, and which pages they’ve viewed on our Digital Services and for how long), and, (iii) other similar navigational or click-stream data. We also use information captured in log files for our internal marketing and demographic studies, so we can constantly improve and customise the online services we provide you. Log files are used internally only and are not associated with any particular user.
FOR WHAT PURPOSE DO WE USE YOUR PERSONAL DATA AND BASED ON WHICH LEGAL GROUNDS?
Under data protection law, we can only use your Personal Data if we have a proper reason for doing so, e.g.:
- To comply with any legal and regulatory obligations.
- Respond to your request of service or for the performance of a contract:
- When you register or sign-up in our Digital Services (mobile app, websites, social media, etc.), your Personal Data is used to provide you with the relevant features and services you subscribe to, and to offer you the benefits and privileges that typically come along with your registration (e.g. receiving the communications you select at the time of registration, being invited to events, participating in a sweepstake, etc.)
- When you purchase products on our websites: we use your Personal Data to manage your order and deliver your products.
- Send you transactional or administrative communications: (e.g. confirmation e-mail when you sign up for or unsubscribe from, a specific registration or activity), as well as certain service-related announcements (e.g., notices about updates to our privacy notices, discontinued features or programs on our Digital Services, changes to our online services or technical support policies, or other related changes).
- Allow us to send you marketing information when you consent.
- In addition to the purpose for which you submitted your Personal Data, you may also be given the option (through a check box or otherwise) to have your Personal Data used for an activity or service different from the primary activity or service that you are requesting. For example, if you are signing up for a contest or other promotion, you may also be invited to sign up for newsletters or alerts from our Digital Services hosting the promotion or from other websites. If you choose to receive these additional services, we will use your Personal Data to provide them to you.
- When you use the “Send to a friend” feature: this Personal Data is used only once to send the communication and is not further retained by us, as appropriate according to local law;
- When you use a QR Code or equivalent feature displayed on BIPL products: we use your Personal Data to send you more information on the products where the QR code or equivalent feature is displayed or other products;
- Because it is also BIPL legitimate interest to better serve you:
- Subject to your consent when required, we may occasionally combine, update, or otherwise enhance the Personal Data collected through our Digital Services with data we receive from outside records or third parties. For instance, we may combine purely demographic or survey information (e.g. age, gender, household information, and other interests, etc.) not linked to any Personal Data about you with Personal Data collected through our offers (such as during account registration).
We may use the combined above-mentioned information and/or demographic information for our internal marketing and demographic studies and to constantly improve, personalise and customise the products and services we provide to better meet your needs. Some of the tools we use may involve automated individual decision-making subject to applicable law. Feedback, questions, or comments through our “Contact Us” form and our “Tell Us” compliance reporting system: if you contact us via an online contact form, your Personal Data is used to respond to your inquiry or comment.
- We will ensure that your Personal Data remains accurate and up-to-date and avoid duplication in our database, by verifying each of your interactions with us and/or one of our affiliates to ensure your Personal Data is still accurate or needs to be completed or updated with the additional information you will have provided.
We may process Personal Data involving automated decision making, including for the performance of a contract (e.g. avoid fraudulent payment) or subject to your explicit consent, to better serve your needs in accordance with your preferences.
Please note that the automated tools used are regularly checked to ensure that the Personal Data is processed fairly. Specific measures such as data minimisation are implemented when creating profiles. You are invited to express your point of view through the right of access described above. You can also object to the result of the automated decision by sending an email to the contact details in Section 10 below.
WHAT HAPPENS IF YOU DO NOT WISH TO PROVIDE YOUR PERSONAL DATA?
If you choose not to submit any Personal Data when requested, you may not be able to participate in certain activities and personalised features, or the Digital Services and special services offered to you may be limited. For example, if you refuse to share your email address, you will not be able to receive our newsletters or otherwise register on our Digital Services. However, to simply browse our Digital Services and learn more about BIPL and our products, you do not need to give us any Personal Data. In any event, we will always inform you of the Personal Data that is necessary in order to benefit from a service.
WHO DO WE DISCLOSE YOUR PERSONAL DATA TO AND WHY ?
We will never share your Personal Data with any third party that intends to use it for direct marketing purposes unless we have specifically told you and you have given us explicit permission to do this.
- Within BIPL and its affiliates
- We may share your Personal Data for the purposes mentioned in Section 2 and Section 3 within BIPL, including its affiliates worldwide.
- With third parties
BIPL may also share your Personal Data with third parties, but only in the following circumstances:
- For marketing purposes if you gave us your consent.
- For support purposes: We may use service providers, agents or contractors to provide support for the internal operations of our Digital Services and assist us with administering them or the various functions, programs and promotions available on it. Any such third parties shall at all times provide the same levels of security for your Personal Data as BIPL and, where required, are bound by a legal agreement to keep your Personal Data private, secure and to process it only on the specific instructions of BIPL;
- For joint and co-sponsored programs and promotional purposes: When we run a joint or co-sponsored program or promotion on our Digital Services with another company, organisation, or other reputable third parties; and, as a part of this event, collect and process Personal Data, we may share your Personal Data with our partner or sponsor, subject to your consent when required. If your Personal Data is being collected by (or is shared with) a company other than BIPL as part of such promotion, we will let you know this at the time your Personal Data is collected;
- For litigation and safety purposes: We may also disclose your Personal Data if we are required to do so by law, or if in our good faith judgment, such action is reasonably necessary to comply with legal processes, to respond to any claims, or to protect the safety or rights of BIPL, its customers, or the public.
- In the event of a merger or acquisition of all or part of BIPL by another company, or in the event that BIPL were to sell or dispose of all or a part of the BIPL business, the acquirer would have access to the information maintained by that BIPL business, which could include Personal Data, subject to applicable law. Similarly, Personal Data may be transferred as part of a corporate reorganisation, insolvency proceeding, or other similar events, if permitted by and done in accordance with applicable law.
HOW LONG DO WE KEEP YOUR PERSONAL DATA?
We may store the Personal Data that you send to us via our Digital Services in our databases. We will not retain your Personal Data for longer than necessary for the purposes set out in this policy. Different retention periods apply for different types of Personal Data.
We will store the Personal Data that you sent us via our Digital Services in our databases as long as your account is active, for the duration of the contract with you or as needed to provide you with the services you requested or to answer queries or resolve problems, provide improved and new services. We may also retain your Personal Data in accordance with our internal retention procedure as necessary to comply with our legal and regulatory obligations, resolve disputes and enforce our agreements.
We may thus retain your Personal Data after you stop using BIPL services or our Digital Services according to the statute of limitations.
HOW DO WE KEEP YOUR PERSONAL DATA SECURE?
We take all necessary technical and organisational measures to protect the confidentiality and security of your Personal Data collected from this website and/or our applications, including sensitive Personal Data. These efforts include but are not necessarily limited to: (i) storing your Personal Data in secure operating environments that are not available to the public and that are only accessible to authorised bill employees, and our agents and contractors; and, (ii) verifying the identities of registered users before they can access the Personal Data we maintain about them.
We also have procedures in place to deal with any suspected data security breach. We will notify you and any applicable regulator of a suspected data security breach where we are legally required to do so.
WHAT ARE YOUR RIGHTS REGARDING YOUR PERSONAL DATA?
- If your Personal Data has been processed on the basis of your consent, you can withdraw your consent at any time, without impact on the lawfulness of processing based on consent before its withdrawal.
- You can request to access your Personal Data.
- You can request to rectify your Personal Data if it is inaccurate, incomplete or out of date.
- You can request the erasure of your Personal Data (i) if your Personal Data is no longer necessary for the purpose of the data processing, (ii) you have withdrawn your consent on the data processing based exclusively on such consent, (iii) you objected to the data processing, (iv) the Personal Data processing is unlawful, (v) the Personal Data must be erased to comply with a legal obligation applicable to BIPL. BIPL will take reasonable steps to inform the other entities of the BIPL of such erasure.
- You can request the restriction of the processing (i) in the event the accuracy of your Personal Data is contested to allow BIPL to check such accuracy, (ii) if you wish to restrict your Personal Data rather than deleting it despite the fact that the processing is unlawful, (iii) if you wish BIPL to keep your Personal Data because you need it for your defence in the context of legal claims (iv) if you have objected to the processing but BIPL conducts verification to check whether it has legitimate grounds for such processing which may override your own rights (v) if the data processing is based on the legitimate interest of BIPL.
- You can request the portability of the Personal Data you provided to us, in particular, if the Personal Data processing is based on your consent or the performance of a contract.
- You always have the option not to share any of your Personal Data with us. If you choose this option, you may be limited in the activities and features we provide.
HOW DO WE TREAT CHILDREN'S INFORMATION?
HOW CAN YOU CONTACT US OR THE RELEVANT SUPERVISORY AUTHORITY?
Address: First FLoor, no.F/4, A Building, Excelsior Chambers, Opp Kotak Mahindra Bank, M G Road, Panaji, Goa – 403001 or by sending an e-mail to: [email protected]