Privacy Policy for our Services

This Privacy Policy ("Policy") describes how We, Kalagato, a company registered in New Delhi (" Kalagato", "We", or "Us") handle Data of natural persons ("You" or "User") collected, information gathered through its integrated SDKs and through 3rd party websites or apps  or otherwise processed by Kalagato.

Purpose

Purpose of this Policy is to set out the manner in which we process data, the information we collect and how we deal with the information.

What Information do we collect?

The information we collect includes:

●        Short Message Service or SMS (A2P or Agent to Person Only; No P2P or person to person communication is collected. These are automatically filtered out)

●        Location [(Coarse Lat / Long) & Dynamic IP Address - these do not allow you to pin point to the users location]

●        Package Data (Installed Apps)

●        Open Rate of Packages

●        Time Spent on Packages

●        Aggregate Intent data

●        Age (where possible)

●        Gender (where possible)

●        Hardware ID

●        Google Advertising ID

All of the above shall be referred to as Information in this Policy. For the purpose of this Policy, “Information” shall refer to the above mentioned information which might include Personal Data or Personal Information as defined in the applicable laws.

“Information” however does not include sensitive data in any manner whatsoever.

What information do we not collect?

We do not store or process any Sensitive Data such as data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.

We also do not collect or store or process information of individuals under the age of 18 years.

How do we collect this information?

We collect information through our Vendors by entering into duly executed Contractual obligations with them wherein both the Vendor and Kalagato are Joint Data Controllers and have pre-defined and well-assessed roles, obligations, and responsibilities.

Through these Joint Data Controller Contracts, the Vendor collects Information, with due and specific consent, on our behalf and we process this information as required. It is the obligation of the Joint Data Controller to Collect this Information with due consent.

If You use a (third-party) mobile application which uses our SDK as an integrated component, we will collect (and the publisher of the relevant app has obtained your opt-in consent thereto) the following information (unless you have followed the opt-out procedures): operating system, SDK version, timestamp, API key (identifier for application), application version Android™ Advertiser ID (on Android only), device model, manufacturer and OS version of device, session time, coarse locale, list of IDs of installed applications (e.g. com.facebook.katana), Short Message Service data, mobile network code/mobile country code, time zone, network status (WiFi, etc.), aggregated audience intent, memory, disk, CPU and battery usage information. The only Personal Information we collect are the Android™ Advertiser ID (on Android only).

For sake of clarity, We do not collect the following Personal Information from an End User: UDID, Android ID, IMEI, MSISDN, name, email address, phone number.

Our Vendors are compliant with all applicable data laws and have their own privacy policies, which we strongly suggest you review if you want more information regarding the collection of information. This Notice does not apply to those sites, even if we link to them or they link to us.

Any publisher of apps using our SDK is obliged to enable You to opt-in for the collection of the information as described above or applying other measures required by local privacy laws applicable to the Service. Therefore, the publisher of Your app must, as a minimum, enable You to opt-in before the collection of information, for instance by integrating an opt-in for the data collection in the starting screen of the app and by providing an opt-out link in the Settings of the app. If You have opted out, the same will be communicated to us and we will delete your data and not continue to collect such information.

Please turn to the publisher of Your app in case You are unable to find the mechanism for such opt-in and opt-out.

Why do we collect this information?

We collect this information through our Vendors to process the Information with the purpose of providing better Consumer Insights to our clients and partners and businesses and help them with market research. Information processed by us helps our partners and clients use better insights and provide better services to their customers.

For example: With superior customer analytics provided by us our partners can provide better user experience, higher quality of service and product offering to users.

We may use the data collected through our SDK for the following purposes:

1)      To provide better Consumer Insights to our partners and businesses and help them with market research.

2)      To help our partners and clients use better insights and provide better services to their customers;

3)      To improve the algorithms used by Kalagato for inferring profile information and other analytics.

4)      For the purpose of market measurement & consumer insights

5)      Aggregates the data in order to create statistics that helps  Kalagato to improve existing services or develop new services.

6)      Provide audience analytics to various mobile application publishers that KalaGato works with.

How do we capture consent?

Specific consent for collection of data is captured at multiple stages, by our Data Partners, who collect Data from Users through their website or App, on our behalf.

We duly execute a Joint Data Controller Agreement with our Data Partners wherein they collect Data with due and specific consent, in compliance with their roles and responsibilities, which are defined in the Joint Data Controller Agreement.

What is the basis of collecting Data?

We have a legal/lawful basis of collecting, processing and storage of Data due to the following -

  • Upon your Consent collected by our Data Partners;
  • We act as Joint Data Controllers and process information for the purpose of providing our Partners better insight, and you improved experience.
  • The Data we process is collected by our Data Partners who take specified and relevant consent from all Data Subjects

How do we process your Data?

Our ways and procedures of processing data which is used, stored and processed by us are varied and dynamic. We use machine learning and natural language processing technologies for processing, usage, storage and servicing of data.

We may also process, receive, possess, store, deal or handle, directly or indirectly, the following personal data or information from the Data Subjects by virtue of their use of our App or our products and services - (i) Short Message Service or SMS  (A2P or Agent to Person Only; No P2P or person to person communication is collected. These are automatically filtered out); (ii) Location [(Coarse Lat / Long) & Dynamic IP Address - these do not allow you to pinpoint to the users' location] (iii) Package Data (Installed Apps); (iv) Open Rate of Packages; (v) Time Spent on Packages (vi) Aggregate Intent & Input; (vii) Age (where possible); (viii) Gender (where possible) (ix) Hardware ID; (x) Google Advertising ID.

Keeping your best interest in mind, we retain, process, and use such Personal Data for a period of three (3) years or as otherwise required to comply with our legal obligation.

Why is your information being collected & processed by us?

We are collecting non personally identifiable information and processing your information in order to provide better Consumer Insights to our partners and businesses and help them with market research. Data processed by us help our partners and clients use better insights and provide better services to their customers.

We share aggregated insights derived from your pseudonymized information with business partners on an as-needed basis to render the Services.

How do we store your Data?

All data collected is first pseudonymized and then aggregated and stored accordingly.

All data stored is first processed and then stored securely on our servers for analysis. Your data is stored in the CSV format in AWS. Only authorized personnel can access the aggregate data. Your information is otherwise securely archived in our database after processing and usage.

How long do we store your information?

We store your processed information with us for a period of three (3) years after which it is deleted and only archival aggregate insight level data is stored. Prior to the completion of this three (3) year period, we only remove your information when we receive a request to actively forget your information or until such time that the purpose for which the data was collected is no longer relevant.

How do we Protect your information?

We convert Data into Aggregate Data which is pseudonymized and subsequently, processed. We use technologies to secure and safeguard all information we process, to the best of our capacity. We are concerned with protecting your data and privacy and take all requisite and reasonable steps for such protection, however, we cannot warrant the security of any information or guarantee that your information with may not be accessed, disclosed, altered, copied or destroyed by breach of any of our industrial standard physical, technical or managerial safeguards.

Data security and privacy are a priority for us, and other trusted business partners, we share aggregate and pseudonymized information with trusted business partners for their analytics and other business purposes, subject to applicable laws. When we receive your Data, we aggregate it and encrypt the information in this data and send it to our servers through a secure connection for programmatic analysis. Data sent to our servers is archived when no longer required. No method of transmission over the Internet or method of electronic storage is 100% secure, therefore, we cannot guarantee its absolute security.

The Security measures we undertake to protect your data

We undertake reasonable security practices and procedures, security practices and procedures designed to protect such information from unauthorised access, damage, use, modification, disclosure or impairment.

How can you contact us to alter or delete your Data?

Upon request, we will inform you in writing as soon as possible whether and which of your personal data is stored with Us. If, despite our efforts to ensure that the data is correct and up to date, incorrect data is stored, it will be rectified by us accordingly.

In addition to this right to correction, you also have the right to request to block and delete personal data we have collected. In addition, you have the right to request that we transmit the data to you as a structured, standard and machine-readable format or, at your express request, forward it to a third party. If you have any further questions regarding the collection, processing and use of personal data or the correction, deletion or blocking of such data, please contact Us by way of e-mail to the following address: contactus@kalagato.co.

In some cases, you can stop or limit the information that is collected. Should you wish to delete your information, You may do so by sending an email to us as specified in the “ Contact Us” section below.

What Information do we collect from Publicly Available Sources

We may collect publicly available data ("Third Party Content") that includes only publicly available information (i.e data that would be freely available to anyone with internet access and that does not require a login). These are used to build MetaData. For example, if we know a product has been sold online and we want to understand what type of good it (Brand/ Vertical/ Category etc.) then we will use such online crawling mechanisms for the same. Please note that we do not collect any user generated content (UGC) of any kind such as comments or posts, reviews, etc Furthermore, our processes and compliance are reviewed annually by our empanelled legal advisors who audit our data management practices.

 

Do we share your Data with 3rd Party entities?

Yes. We may transfer the aggregate data we process to other partner entities or to 3rd party entities (such as market research firms, advertising & media agencies, investment advisors etc) in or across borders to jurisdiction around the world.

We will take appropriate steps to ensure that transfers of Information are in accordance with applicable laws and carefully managed to protect your privacy rights and interests. To this end:

●        We ensure transfers will be covered by an agreement entered into by Kalagato which contractually obliges each signee to ensure that Information receives an adequate and consistent level of protection wherever it is transferred;

●        We obtain contractual commitments to protect your Information;

●        We share/transfer only pseudonymized & aggregated insights with our Clients or 3rd Parties;

 

If we receive requests for information from law enforcement or regulators, we carefully validate these requests before any Information is disclosed.

Subject to applicable laws, You have a right to contact us for more information about the safeguards we have put in place to ensure the adequate protection of your Information when it is transferred as mentioned above.

Who processes your data in our Company?

We have a dedicated team of skilled and expert individuals who work on aggregating and pseudonymisation of your data. Each individual in the team is designated with a specific set of roles and obligations. The information is encrypted and requires multi factor authentication by any member of our team before being accessed.

Are we GDPR compliant?

For EU users or Data Subjects, we comply with the EU Data Protection directive framework as set forth by the EU regarding the processing, use and retention of Data from the European Union member countries. We adhere to the requirements of notice, onward transfer, security, data integrity, access and enforcement. We will take upon the Data breach, notifying the breach to relevant supervisory authority or under some circumstances, notifying the Data breach to the data subjects by complying with applicable laws, including your local data protection legislation.

We respect and comply with the EU General Data Protection Regulations (GDPR); some of the key ways we comply with these regulations are:

Detail of Information being collected - We have provided you with a list of information being collected through our Data Partners from you. Detailed at the beginning of this privacy policy.

Consent - We have explained how our Data Partners collect or capture consent from you.

Breach Notification - In the event of a breach we will notify affected Data Subjects within 72 hours of first having become aware of the breach via our co data collection partners who we work with closely.

Right to Access - Data Subjects can request confirmation as to what type of Data is being processed, where and for what purpose. Further, we shall provide a copy of the information, free of charge, in an electronic format.

Right to be Forgotten - Once we have compared your rights to "the public interest in the availability of the data", we may delete your data upon your written communication of such request to us on the abovementioned id within 72 hours of such request being made to us in the prescribed manner.

Data Portability - We allow you to receive the data concerning you, which we will provide in a 'commonly used and machine readable format' within 72 hours of such request being made to us in the prescribed manner.

Privacy by Design - We implement appropriate technical and organisational measures, in an effective way, in order to meet the requirements of this Regulation and protect the rights of Data Subjects from whom data is collected. We hold and process only the data absolutely necessary for the completion of our duties (data minimisation), as well as limiting the access to Data to those needing to act out the processing.

Do we make changes to this Policy?

We may edit this policy from time to time. Please check this policy regularly for any changes. We will post all changes here, and if we make any substantial changes we may also notify you by email.

Meaning of Terms used in this Privacy Policy

When this Policy uses the term “Applicable Data Laws” we refer to the Indian Information Technology Act, 2000, its rules, and guidelines, GDPR and other related and ancillary laws.

When this Policy uses the term "Personal Information" in capital letters, we mean information that identifies a particular individual, such as your full name, email address, device ID, Other online identifiers, IP Address etc.

When this Policy uses the term " Information" in capital letters, we mean information is aggregate data and is pseudonymized.

When this Policy uses the term "Account", We mean the user interface on the Website where You can register. Such registration is a prerequisite to subscribe to Our Commercial Services.

When this Policy uses the term "SDK", We mean a software development kit or tool which is published by us for the inclusion into applications for mobile devices published by our customers.

When this Policy uses the term "Commercial Services", We mean any Service provided by Us against the payment of fees, when we speak of "Services" we refer to all of what we provide to our Users free of charge or against remuneration, i.e. the Website and our Commercial Services.

When this Policy uses the term "End User", We mean any end user of a Mobile Application where our SDK is integrated into.

When this Policy uses the term “Data Partner”, We mean our Co-Data Controllers or Joint Data Controllers that we enter into Joint-Data Agreements with or App owners with whom we have SDKs integrated and through whom we collect Data;

When this Policy uses the term “Data Subject” We may mean Users whose Data is collected by Our Data Partners and shared with us or any individual whose Data we deal with;

When this Policy uses the term “Aggregate Data”, We mean Data which is categorised or segregated as per a group or set of Data; this type of Data is not personally identifiable information but becomes a “Set of data”;

When this Policy uses the term “Pseudonymized Data”, We mean set of data which have been separated from its direct identifiers, to ensure that linkage to an identity is not possible without additional information that is held separately;

How can you Contact Us?

If you have any question or inquiry relating to Our use of Your data or in case You want to issue a request for access, rectification, restriction on processing, portability, objection to processing, or deletion of personal information, or exercise any other data subject right available to you under the Indian Privacy Laws and EU General Data Protection Regulation (GDPR), You may contact us at: contactus@kalagato.co

Privacy Policy for our website – www.kalagato.co

This Privacy Policy ("Policy") describes how We, Kalagato, a company registered in New Delhi (" Kalagato", "We", or "Us") handle Data of natural persons ("You" or "User") collected or otherwise processed when using Services (as defined below) of  Kalagato through its website www.kalagato.co, information gathered through its integrated SDKs and through 3rd party websites or apps.

If you are located in the European Union or other regions with laws governing data collection and use that may differ from Indian law, your acceptance to this policy is an affirmation and confirmation of your consent for us to process your information in this manner.

What Information do we collect?

We collect information you submit on our website; if you leave your details on our Website which is a prerequisite to subscribe to Our Services, We request your name, surname, company name, industry, phone number, and e-mail address. We collect this Information to be able to connect with you and contact you and to send you information relating to the use of our Services.

Links to Other Sites & Mobile Application: We may provide links to other sites for your convenience and information on our Website.

How do we collect this information?

We collect this information through our contact us forms wherein you provide such details and information to us with due and specific consent and the intent to share such information with us.

How do we Protect your information?

We store your information securely on our secure servers and the same is only accessed by authorised individuals.

Your Choices

In certain cases, you may have choices about how we use and disclose your information. For example, we will ask you before we use your information for any purpose incompatible with those purposes identified in this policy. If we provide you with any marketing messages, we also will give you an opportunity to opt out of receiving further messages.

You can also choose not to give us the information we request, as described in the “What information we collect about you” section of this policy. In some cases, if you decide not to provide information, we will not be able to provide you with access to the site you requested, or we may not be able to provide you with the service, feature or information you requested.

GDPR compliance statement

For EU users or Data Subjects, we comply with the EU Data Protection directive framework as set forth by the EU regarding the processing, use and retention of Data from the European Union member countries. We adhere to the requirements of notice, onward transfer, security, data integrity, access and enforcement. We will take upon the Data breach, notifying the breach to relevant supervisory authority or under some circumstances, notifying the Data breach to the data subjects by complying with applicable laws, including your local data protection legislation.

We respect and comply with the EU General Data Protection Regulations (GDPR); some of the key ways we comply with these regulations are:

Detail of Information being collected - We have provided you with a list of information being collected from you.

Consent - We have explained how we capture consent from you for the Data you share with us.

Breach Notification - In the event of a breach we will notify affected Data Subjects within 72 hours of first having become aware of the breach.

Right to Access - Data Subjects can request confirmation as to what type of Data is being processed, where and for what purpose. Further, we shall provide a copy of the information, free of charge, in an electronic format.

Right to be Forgotten - Once we have compared your rights to "the public interest in the availability of the data", we may delete your data upon your written communication of such request to us on the abovementioned id within 72 hours of such request being made to us in the prescribed manner.

Data Portability - We allow you to receive the data concerning you, which we will provide in a 'commonly used and machine readable format' within 72 hours of such request being made to us in the prescribed manner.

Privacy by Design - We implement appropriate technical and organisational measures, in an effective way, in order to meet the requirements of this Regulation and protect the rights of Data Subjects from whom data is collected. We hold and process only the data absolutely necessary for the completion of our duties (data minimisation), as well as limiting the access to Data to those needing to act out the processing.

Changes to This Policy

We may edit this policy from time to time. Please check this policy regularly for any changes. We will post all changes here, and if we make any substantial changes we may also notify you by email.

Contact Us

Our Data is well defined and categorised. Our Users or Data Subjects can approach us or request us to delete or remove or alter or update their data by contacting us at contactus@kalagato.co.

We understand how important your data is for you. We have attempted to answer all your questions. If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact immediately at contactus@kalagato.co

Please note: Meaning:

When this Policy uses the term “Data Subject” We may mean Users whose Data is collected through our Website;

When this Policy uses the term “Applicable Data Laws” we refer to the Information Technology Act, 2000, its rules, and guidelines, GDPR and other related and ancillary laws.