Privacy Policy
1. Introduction
This Privacy Policy (“Policy”) is issued by Satin Technologies Limited, a company incorporated under the laws of India and having its registered office at Unit Number 002, Tower B, 8th Floor, Emaar Digital Greens Tower, Golf Course Extension Road, Sector 61, Gurugram, 122011, Haryana (“STL”, “we”, “our”, “us”).
STL provides enterprise software-as-a-service solutions designed to facilitate inter alia the human resources management functions of our business clients (“HRMS Platform” or the “Services”). In the course of providing the Services, STL may collect, process, and store certain categories of information, including Personal Data, either in its own capacity as a Data Fiduciary (under the Digital Personal Data Protection Act, 2023, India (“DPDP Act”)), or in its capacity as a service provider acting solely on the instructions of our business clients.
This Policy describes the categories of information we collect, the purposes for which we process such information, the rights available to individuals under applicable data protection laws, and our commitments to security, retention, transfer, and lawful handling of Personal Data.
Group Company Disclaimer: Satin Creditcare Network Limited (“SCNL”) is STL’s group company. For the avoidance of doubt, SCNL is not a party to this Policy, bears no obligations hereunder, and shall not be held liable in any manner whatsoever for STL’s collection, processing, storage, or transfer of Personal Data.
By accessing our HRMS Platform, visiting our websites, or otherwise interacting with STL, you acknowledge that your Personal Data will be processed in accordance with this Policy.
2. Scope
This Policy applies to:
a. Visitors: individuals who access STL’s websites, portals, or mobile applications without registering for a Client account.
b. Clients: organizations (legal entities) that enter into contracts with STL to license the HRMS Platform.
c. Users: employees, contractors, candidates, or representatives of Clients who are provisioned access to the HRMS Platform by such Clients.
d. Prospective customers, business partners, and suppliers who engage with STL for demonstrations, events, or business development purposes.
For avoidance of doubt, where STL processes Client Data in its capacity as a service provider, this Policy supplements, but does not override, the data protection notices and policies issued by the Client acting as the Data Fiduciary. Employees and candidates of STL’s Clients should direct any requests relating to their Personal Data to their employer or prospective employer.
3. Definitions
For the purposes of this Policy:
a. “Applicable Law” means the DPDP Act, and any other relevant data protection legislation, as amended or replaced from time to time.
b. “Client Data” means any Personal Data or information uploaded, stored, or otherwise made available on the HRMS Platform by or on behalf of a Client.
c. “Personal Data” means any information relating to an identified or identifiable natural person, and includes “personal information” and “sensitive personal information” as defined under Applicable Law.
d. “Sensitive Personal Data” includes, without limitation, government identifiers (such as Aadhaar), financial account details, health data, biometric identifiers, and such other categories defined by Applicable Law.
e. “Processing” means any operation performed on Personal Data, including collection, storage, use, transfer, disclosure, or deletion.
4. Information We Collect
STL collects and processes the following categories of information:
a. Client Data (service provider’s role): When Clients deploy the HRMS Platform, STL may process employee identifiers (such as name, email, phone number, employee ID, Aadhaar or other government identifiers where lawful), employment history, payroll data, attendance and leave records, performance evaluations, uploaded documents (including resumes and certificates), financial details such as bank account information, and where integrated, biometric data such as fingerprints or facial recognition records for attendance purposes.
b. Business and Website Data (Controller role): STL collects information necessary to administer accounts, billing, support, and marketing, including names, emails, contact details, organization, payment information, IP addresses, device identifiers, and browsing information gathered through cookies or similar technologies.
c. Communications Data: In the event a person/entity contacts STL for support or queries, we shall process the content of your communication, your contact details, and any associated attachments.
d. Event and Marketing Data: If you register for STL events, webinars, or newsletters, we shall process your name, organization, and contact information.
5. Purposes of Processing
STL processes Personal Data for the following purposes:
a. Service Delivery: To provide, operate, maintain, and improve the HRMS Platform in accordance with Client contracts.
b. Account Administration: To create and manage Client accounts, process billing and payments, and authenticate access credentials.
c. Security and Audit: To ensure secure access, maintain audit logs, enforce role-based access control, and conduct monitoring to detect, prevent, and investigate unauthorized access or fraudulent activity.
d. Support and Communication: To respond to support requests, resolve technical issues, and provide notices of updates, outages, or material changes.
e. Product Improvement: To analyze aggregated usage patterns for purposes of improving system performance, provided that such analysis shall not use identifiable Client Data without consent.
f. Marketing: To provide Clients and prospective customers with information about STL’s Services, subject to applicable consent and optout rights.
g. Legal Compliance: To comply with statutory, regulatory, and judicial obligations under Applicable Law.
6. Legal Basis for Processing
STL relies on one or more of the following lawful bases for Processing:
a. Consent: where required, particularly for Sensitive Personal Data, marketing communications, and optional features.
b. Contractual Necessity: where Processing is required to perform our obligations under an agreement with a Client.
c. Legitimate Interests: including security, fraud detection, business development, and product improvement, provided such interests are not overridden by individual rights.
d. Legal Obligation: where Processing is necessary to comply with Applicable Law.
7. Disclosure of Information
STL may disclose Personal Data:
a. To sub-processors and service providers engaged under written agreements, including AWS (cloud hosting), SMS-email gateways, and analytics providers.
b. To affiliates and subsidiaries of STL for internal administrative purposes, subject to strict confidentiality obligations, provided that SCNL shall not bear liability or obligations for STL’s processing activities.
c. To competent governmental, regulatory, or judicial authorities when legally compelled to do so, after exhausting lawful remedies and, where permitted, providing notice to the Client.
d. To third parties in connection with business transfers, including mergers, acquisitions, or reorganizations, subject to equivalent safeguards.
STL does not sell Personal Data and does not permit sub-processors to sell or use Personal Data for independent commercial purposes.
8. International Transfers
Where Personal Data is transferred across borders, STL implements safeguards consistent with Applicable Law, including execution of the European Union Standard Contractual Clauses (2021), the UK International Data Transfer Addendum, and the Swiss FDPIC Addendum, as relevant. Transfers under the DPDP Act shall comply with restrictions on notified jurisdictions.
9. Cookies and Tracking Technologies
STL uses cookies and similar technologies to provide functionality, secure logins, and perform analytics. Marketing cookies are deployed only with consent. Users may configure cookie preferences through browser settings and consent management tools provided on STL’s websites and applications.
10. Data Subject Rights
Subject to Applicable Law, individuals may exercise rights including the right to access, rectify, erase, restrict, or object to Processing of their Personal Data, to data portability, and to withdraw consent at any time.
Under the DPDP Act, individuals may submit grievances and escalate unresolved complaints to the Data Protection Board of India.
Important: Where STL processes Client Data as a service provider, individuals must direct their requests to the relevant Client (employer). STL shall assist Clients in fulfilling such requests as required under Applicable Law.
11. Retention of Data
STL retains Personal Data only for as long as necessary to fulfil the purposes described in this Policy or as required by law. For Client Data, retention is governed strictly by the Client’s documented instructions. Upon termination of Services, STL may delete or irreversibly anonymize Client Data within ninety (90) days, subject to retention of encrypted backups for disaster recovery purposes not exceeding one hundred eighty (180) days. STL may retain minimal metadata where required by law for audit, taxation, or compliance purposes.
12. Security
STL maintains administrative, technical, and organizational measures appropriate to the sensitivity of Personal Data, including but not limited to encryption of data in transit and at rest, multifactor authentication, access control on a need-to-know basis, audit logging, vulnerability management, and periodic penetration testing. STL’s hosting provider (AWS) complies with ISO 27001 and SOC 2 standards.
13. Breach Notification
In the event of a confirmed Personal Data Breach, STL will notify affected Clients without undue delay and, where required under Applicable Law, within seventy-two (72) hours of becoming aware of the breach. STL may provide details regarding the nature of the breach, categories of data affected, measures taken or proposed to mitigate potential harm, and steps Clients may take to protect their interests.
14. Children’s Data
STL does not knowingly collect Personal Data of children below the age of sixteen (16) years. Where such data is included by Clients in Client Data, the Clients remain responsible for obtaining lawful parental consent as required by Applicable Law.
15. Contact Information
For privacy-related requests, please contact:
a. Data Protection Officer: dpo@satintechnologies.com;
b. Support Queries: info@satintechnologies.com
c. Grievance Redressal: grievance@satintechnologies.com
d. Legal Notices: legal@satintechnologies.com
16. Changes to this Policy
STL reserves the right to update this Policy periodically to reflect changes in legal, technical, or business practices. Updates shall be posted on STL’s official website and product portal, with a revised effective date. Clients may be notified of material changes prior to their effective date, and continued use of the Services thereafter constitutes acceptance of such changes.