Effective Date: 31 October 2023
For Prior version, please click here
At Greytip Software Pvt. Ltd., our subsidiaries and affiliated companies ('we' or 'us' or 'our', "The Company", "Greytip", "greytHR", "greytHR mobile application", "Service", "Site", "Product"), we collect and process personal information ("Customer Data"). We are committed to protecting your privacy. This Privacy Policy sets forth Greytip's policy with respect to the Personal Data and other information that is collected from visitors ("you", "your", "visitors") to the Site.
Please note that your use of the Site and any of our Services is subject to our Terms of Service which you may access at the homepage. Our Privacy Policy and Terms of Use are integral to your use of our Site. Your continued use of the Site will constitute your acceptance of the Terms of Service and this Privacy Policy.
Scope of the Privacy Policy
The Privacy Policy applies to Greytip's clients (individuals or entities who have subscribed to our services and have agreed to those applicable Terms of our Service for the subscription) "Customers" and individuals or entities who have gained access to this Service through our Customers. If you are a user of our Services as an employee of Our Customer, we recommend you clarify your queries with your employer.
Information that we collect
Customers use the Service to host data and information of their organization, and among others, its employees or the people they work with ("Customer Data").From a GDPR (General Data Protection Regulation) perspective, we will be classified as a "Processor" and Customer would be a "Controller".
Information that our Customer's update
In the normal course of operations, Customers use the Service to store and manage Customer Data. This could include personally identifiable information ("PII") and non-personally identifiable information ("Non-PII").
We do not own, control or direct the use of Customer Data, and in fact we are mostly unaware of what information is being stored on Service.
As our Customer, in your role as a Controller, you are authorizing, on behalf of you and your authorized agents and End-Users, and representing that you have the authority to provide such authorization to the storage and processing of Customer Data on Service.
As the Controller, it shall be your responsibility to inform the End-Users about the processing, and, where required, obtain necessary consent or authorization for any Data that is collected as part of the Customer Data through your use of the Service.
We may provide you an option to use our referral service to tell a friend about our Service. In such case, we will ask you for your colleagues'/friend's name, organization, email address and telephone number.
Information we collect automatically
Cookies - When you visit Greytip, we send one or more cookies - a small file containing a string of characters - to your computer / mobile device that uniquely identifies your browser. We use cookies primarily for user authentication but may also use them to improve the quality of our service by storing user preferences and tracking user trends.
The data automatically collected from cookies and web beacons may include information from your Web browser (such as browser type and browser language) and details of your visits to our Website, including traffic data, location data and logs, page views, length of visit and website navigation paths as well as information about your computer and internet connection, including your IP address and how you interact with our Product. We collect and store this data in order to help us improve our Website, the Product and the user experience with our Website and Product.
On most web browsers, you will find a "help" section on the toolbar. Please refer to this section for information on how to receive notification when you are receiving a new cookie and how to turn cookies off. However if you disable cookies you may find this affects your ability to use certain parts of our Services.
Log information - In addition to the above, when you access Greytip services, our servers automatically record and store information that a browser typically sends whenever you visit a website. These server logs may include information such as your web request, Internet Protocol address, browser type, browser language, browser settings, the date and time of your request, device model, the device identifier (or "UDID"), query logs, product usage logs, usage pattern through cookies and one or more cookies that may uniquely identify your browser.
We also collect clicks, scrolls, conversion and drop-off on our Service.
Location Information: If you are using Our Services through greytHR mobile app or web app as an employee of Our Customer, we will capture your geolocation for marking your attendance and timekeeping purposes. If you are using our mobile app your employer may enable GPS to capture geo-location for time keeping purposes.We will require access to your device camera to mark your attendance by facial recognition / selfie recognition to provide the subscribed Services. We may require your mobile device storage access to facilitate seamless data management. This includes the capability to save, retrieve, and upload various forms of data, such as files, photos, and documents, ensuring your experience remains efficient and data-rich. The legal basis for processing this information is Our contractual obligation with your employer (Our Customer) to perform the attendance marking and other subscribed Services.
Analytics Information - We and our third party partners use technologies such as web beacons / clear-gifs in administering the Service, tracking users' movements around the site, analyzing trends and gathering demographic information about our visitors. We may receive reports from these Partners on an individual and aggregated basis. For this purpose, we may also share anonymous data about your actions on our Websites with these third-party partners.
Single Sign-on service - You may have an option to access / register for our Services using sign-in services such as Google, LinkedIn and Facebook Connect. These services will authenticate you and provide you the option to share certain Personal Data with us such as your name and email address. By authorizing us to connect with these sign-in services, you authorize us to access, and we may, store your name, email address(es) and other information that they make available to us.
How we use your information
Greytip will not review, share, distribute, or reference any such Customer Data except as provided in the Terms of Service, this Privacy Policy, or as may be required by law.
Individual records of Customer Data may be viewed or accessed only for the purpose of resolving a problem, support issues, responding to Customer instructions or suspected violation of the Terms of Service, or as may be required by law.
We may use your email address or other information to contact you for service-related announcements.
We may also use Customer Data to contact you and to tell you about services, updates, promotions and events which we believe will be of interest to you. For example, we may use information to contact you to further discuss your interest in greytHR, the Service, and to send you information regarding the Company and its partners, such as information about promotions or events.
If you have shared information with us through our Referral service, then, subject to this Privacy Policy, we will use this Information, including without limitation, to (i) assess needs of the Referral's business to determine or suggest suitable Service (ii) send them promotional and marketing communications and (iii) respond to their questions and concerns. In case we send them a communication, we will also send them instructions enabling them to "opt-out" of receiving future communications. In addition, if at any time they wish not to receive any calls, future communications or you wish to have their name deleted from our mailing lists, they can contact us as indicated below and indicate to us to stop the communication. We will stop communicating with them.
We may also use your anonymized Data and other personally non-identifiable information collected through the Services to help us improve the content and functionality of the Services, to better understand our users, to improve our Services and develop new products, services, features, functionality and recommend how our product and services could serve you better.
We may obtain and aggregate technical and other data that is non-personally identifiable ("Aggregate Anonymous Data"), and we may use the Aggregate Anonymous Data to improve, support, operate the Service or to produce aggregate insights. For clarity, You or Customer are not identified as the source of any Aggregate Anonymous Data. We may also disclose aggregated user insights in order to describe our services to current and prospective business partners, clients and to other third parties for other lawful purposes.
Legal Basis for Processing Personal Information
We have a contractual obligation with the Customer to provide the Services as per our Terms of Use. If you are a visitor from the European Economic Area (EEA) and from a GDPR Compliance perspective, we are processing this information on behalf of Customer ("Controller") who has a legitimate interest in maintaining his employee information for the purpose of managing his business and adhering to his statutory compliance requirements.
Data Security
We take privacy seriously and take robust and reasonable security assures to protect Personal data from unauthorized access, maintains data accuracy, prevent alteration, disclosure and help ensure the appropriate use of the data. The measures we take include:
- When the service is accessed using modern web browsers, Transport Layer Security ("TLS") technology protects customer data using both server authentication and data encryption. These technologies help ensure that the data is safe, secure and only available to the Users to whom the information belongs and those to whom the User has granted access.
- We follow security best practices (OWASP) for developing our applications and in our deployment / system administration.
- We host our websites in a secure server environment that use firewalls and other advanced technology to prevent interference or access from intruders.
- We encrypt the data at rest and transit.
- We restrict access to only authorized personnel through password and two-factor authentication processes.
- We offer enhanced security features within the service that permits customers to configure security settings to the level they deem necessary.
- We do periodic third party vulnerability assessments for our applications.
If we learn of a security systems breach, then we may attempt to notify you electronically through our Site or by email so that you can take appropriate protective steps.
Information Sharing
Greytip only shares Customer Data with other companies or individuals outside of Greytip in the following limited circumstances:
- Related Entities: We may provide such information to our subsidiaries, affiliated companies for purposes consistent with this Privacy Policy.
- Third Parties (Sub-Processors): We may provide this information to other trusted businesses for the purpose of processing Client Data on our behalf.Examples of these are functions including mailing information, maintaining databases, hosting, analyzing data, maintenance and other services for us. When we employ such companies, we only provide them either anonymized information or information that they need for their specific function and we require that these parties agree to process such information based on our instructions and in compliance with this Privacy Policy.
- Legal Requirements: We may provide this information when we have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request, (b) enforce applicable Terms of Service, including investigation of potential violations thereof, (c) detect, prevent, or otherwise address fraud, security or technical issues, or (d) protect against imminent harm to the rights, property or safety of Greytip, its users or the public as required or permitted by law.
- Business Transfers: If Greytip becomes involved in a merger, acquisition, or any form of sale of some or all of its assets, then the Client Data may become part of that transferred asset.
- Unrestricted information: Any information that you voluntarily choose to include in a Public Area of the Service or share with us through any other means, will be considered as "Unsolicited Information". This information will be available to any User or Visitor who has access to that content and shall be deemed to be non-confidential and we shall be free to reproduce, use, disclose, and distribute such Unsolicited Information to others without limitation or attribution.
Links to third Party site
Greytip's Services may contain hyperlinks to websites owned and operated by third parties. These third-party websites have their own privacy policies and we encourage you to review them. We do not accept any responsibility or liability for the privacy practices of such third-party websites and your use of such websites is at your own risk.
Age Restriction and Children's Privacy Protection
Any visitor who provides information through the Site represents that they are 18 years of age or older. We do not knowingly collect information from anyone under the age of 18. Our Site and Service are not designed for users under 18. If you are under 18 years, please do not access or use this Site.
If you have reason to believe that a child under the age of 18 has provided Personal Data to Greytip through the Service, please contact us, and we will take appropriate steps to delete that information from our Service.
Your Rights accessing & updating your Information
We only process Customer Data under the instruction of Customer.
From the perspective of GDPR, we are the Processor and not the Controller of the Customer Data. Customer is responsible for complying with any applicable regulations or laws prior to or during the period of storing Customer Data in the Service.
As the Processor of Client Data on behalf of our Customers, we follow Customer's instructions with respect to the Customer Data to the extent consistent with the functionality of our Service.
We may work with our Customers to help them provide notice to their employees concerning the purpose for which Personal Data is processed by Greytip. We provide Customers with an extensive range of capabilities including from role-based access control, extensive audit logs, data encryption and from tools to communicate corporate policies, These capabilities enable Customer to access, rectify and restrict processing of Customer Data.
Any request directed to us, regarding - access to, wishing to correct, update, modify or delete Customer Data or wanting us to stop contacting you, will be directed to the customer and we will assist the customer in fulfilling any obligation to respond to these requests. As indicated above, our Customers have extensive capabilities built into the Service to complete these activities on their own. Beyond this, If the customer requests Greytip assistance to comply with data protection regulations, Greytip will respond to their request within 30 business days.
Retention of Data
Customer data will be retained as long as Customer has a valid subscription agreement with Greytip. After expiry of the Subscription Agreement, unless otherwise agreed upon with Customer, the data will be retained on our Servers for a period of 3 months after expiry / termination of the Subscription Agreement, post which it will be deleted.
Data from the Backups will be removed within 30 days from the date the Customer Data is deleted from our Servers.
In case Customer has not fulfilled their obligations under the Terms of Service or in case of any disputes, we will retain Customer Data as necessary to comply with our legal obligations, for litigation/defense purposes, maintain accurate financial and other records, resolve disputes and enforce our agreements.
Changes to this Policy
Greytip regularly reviews its compliance with this Privacy Policy. We reserve the right to change or update the Privacy Policy at any time, and will notify users of the Service by posting such changed or updated Privacy Policy on this page prior to the change becoming effective. Under certain circumstances, we may also elect to notify you of changes or updates to the Privacy Policy by additional means, such as by posting a notice on the homepage of the Service or by sending you an email.
Any changes or updates will be effective from the time of posting to the Site and will be reflected by the Effective Date. Continued use of the Site following any changes shall indicate your acknowledgement of such changes and agreement to the Privacy Policy and any future revisions. We encourage you to periodically review this page for the latest information on our Privacy Policy.
How to Contact Us
If you have any questions or complaints about this Privacy Policy or how we collect or process your personal information or would like us modify, correct or erase any Personal Data or would like us to stop communicating with you, please contact us at privacy@greytip.com. You may also contact us by mail at:
Privacy Matters
c/o Greytip Software Pvt. Ltd.
Grape Garden,
#29 & 30, 17th Main,
6th Block Koramangala,
Bangalore - 560095.
India.
Email: privacy@greytip.com
Effective Date: 31 October 2023