Personal Data Policy

January 9, two thousand twenty-three

This Policy defines the Body Сorporate's policy regarding personal information processing and describes the requirements fulfilled by the Body Corporate for the protection of personal information. This Policy applies to all personal information processed using the Service, which the Body Corporate receives or may receive from the User.

GENERAL PROVISIONS

The Body Corporate has defined the following terms and definitions for the purposes of this Policy:

"Personal information", "PI" means any information related explicitly or implicitly to an identified or identifiable individual, which may help solely and (or) in combination with other information available or likely to be available to the Body Corporate, to identify this person.

"Body Corporate" — CMACHINES INDIA PRIVATE LIMITED, CIN: U28253UP2023PTC178362, Unit no-213, Tower-1, ASSOTECH BUSINESS CRESTERRA, Plot no-22, Sector-135, NOIDA, UTTAR PRADESH, INDIA. PIN code: 201305 CIN: U28253UP2023PTC178362, GST 09AAKCC8877C1Z7, which processes personal information, and also defines the purposes of personal information processing, the composition of personal information to be processed, as well as actions (operations) performed with personal information.

"User" is any legally capable individual (personal information subject), including persons acting on behalf of and in the interests of another individual, who may provide the Body Corporate with their personal information when using the Service. In the sense of this Policy, a User also means a person whose personal information is processed by the Body Corporate on behalf of the User.

"Service", "Website" is a web source located on the Internet and used by the Body Corporate to inform Users about the activities of the Body Corporate and the services offered by the Body Corporate, access to which is temporarily provided to Users by the Body Corporate at the following address: http://www.clever-machines.in. The Website is an information source, a collection of information that is accessed via a conventional and publicly available Internet browser (various versions of Internet Explorer, Firefox, Safari, Opera, Flock, Maxthon, Google Chrome, etc.) or in another way using a unified resource identifier consisting of letters, numbers, and other characters allowing to unambiguously determine the Website location on the Internet, including the mobile version of the Website, intranet, and ftp server, as well as its subdomains and versions of other hardware platforms.

The Website includes software, informationbases, program code, know-how, algorithms, design elements, fonts, logos, as well as text, graphics and other content, information, texts, graphic elements, images, photos, audio and video content, as well as other intellectual products. The exclusive rights to the Service and any of its components belong to the Body Corporate being a copyright holder or licensee based on a law, contract or other arrangement.

"Processing of personal information" mean actions (operations) with personal information, including collection, recording, categorization, accumulation, storage, clarification, updating, modification, extraction, use, transfer, anonymization, suspension, deletion, destruction, etc.

"Processor" is an individual or entity, public authority, agency, or other body that processes personal information on behalf of and by order of the Body Corporate.

"Recipient" is an individual or entity, public authority, agency, or other body, which receives personal information, whether or not they are third parties. However, public authorities that may receive personal information during certain investigations under European Union or Member State laws are not considered recipients. Depending on the processing purposes, such information must be processed by such public authorities in compliance with the applicable information protection regulations.

"Third Party" — an individual or entity, public authority, agency, or body other than the personal information subject, Body Corporate, Processor, or parties authorized to process personal information under the direct supervision of the Body Corporate or Processor.

"Distribution of personal information" are actions aimed at the disclosure of personal information to any number of parties.

"Provision of personal information" are actions aimed at the transfer of personal information to a certain party or a certain number of parties.

“Suspension of personal information” means a temporary suspension of processing the personal information (unless such processing is required to revise the personal information).

"Destruction of personal information" are actions leading to the impossibility of restoration of personal information content in the personal information management system and (or) leading to the destruction of physical storage media storing personal information.

“Anonymization of personal information” means the actions which ensure the impossibility to identify the ownership of personal information by a specific User or other subject of personal information without the use of additional information.

"Device", "User device” means a computer, mobile device, or virtual machine running an operating system compatible with the Service and having a compatible web browser installed.

"Applicable law" means the law of the country where the Body Corporate is registered or is a resident of. In some cases, applicable law may be understood as the law of the country where the User lives or resides, if such legislation establishes the priority of its rules over the rules of this Policy.

All other terms and definitions found in the text of this Policy are interpreted by the Parties as per applicable law, the current recommendations (RFC) of Internet standards organizations, as well as the rules for interpreting the relevant terms established on the Internet.
Terms and definitions used in this Policy may be used in a singular or plural form depending on the context, and the spelling of terms may be in lowercase or capitalized.
The titles of the headings (articles), as well as the Policy structure, are intended solely for the convenience of the Policy’s text usage and have no literal legal meaning.
This Policy has been developed following the requirements of international laws, as well as applicable laws.
This Policy defines the procedure and conditions for the processing of personal information by the Body Corporate, including the procedure for transferring personal information to third parties, the procedure for accessing personal information, the system for protecting personal information, the procedure for arranging internal supervision and responsibility for violations in the processing of personal information, as well as other issues.
This Policy comes into force from the moment of approval by the Body Corporate and is valid indefinitely until replaced by a newer policy.
This Policy applies to all processes related to the processing of personal information using the Service. The Body Corporate does not control and is not responsible for the services belonging to third parties, which the User can access by following the links provided in the Service.

LEGAL GROUNDS FOR PERSONAL INFORMATION PROCESSING

The Body Corporate processes the User's personal information following international acts related to personal information protection, as well as acts of applicable law.
The User's personal information is processed based on and in compliance with the arrangements, agreements, or contracts concluded between the User and the Body Corporate, or based on the User's separate consent to such processing.
The User's personal information can be processed by the Body Corporate only if the User has reached 18 years. If the User is under 18 years of age, then the mandatory consent of the User's legal representatives is required. Otherwise, in case a mismatch with the required age is identified, the Body Corporate shall delete the User's information from the Service. If the applicable law requires a lower or higher age, then the provisions of the applicable law shall apply.

PERSONAL INFORMATION COLLECTION PURPOSES

The Body Corporate processes only such personal information that is required for the use of the Service or the execution of arrangements, agreements, and contracts with the User, except for the cases when the norms of applicable law require the mandatory storage of personal information for a specified period, in particular as per the accounting legislation and state archive organization rules.
When processing personal information, the Body Corporate shall not combine informationbases containing personal information, which is processed for incompatible purposes.
The Body Corporate processes the User's personal information for the following purposes:
to process the appeals left by Users via the feedback forms available on the Service;
to consider the possibility of concluding any contracts and agreements by the Body Corporate with the User, to make decisions on the offer of services, to agree on the terms of such contracts and agreements;
to improve the quality of the Body Corporate's service, to arrange the improvement of the Service software;
to promote the Body Corporate's products and services, including the transmission of informational and advertising messages about the Body Corporate's services directly contacting the recipients via communication means, e-mail messages, promotional activities as a part of marketing programs arranged by the Body Corporate and related to the Service;
to comply with the mandatory requirements of applicable law.

SCOPE AND CATEGORIES OF PROCESSED PERSONAL INFORMATION

The Body Corporate may receive the User's personal information from various sources, in particular:
from the Service during its operation;
when the User uses the Service, including when the User fills out any forms included in the Service;
when the User contacts the technical support service.
Personal information allowed for processing as per this Policy and provided by Users (individuals using the Service) by filling out the appropriate forms (input fields) when using the Service may include the following information:
e-mail address;
mobile phone number;
last name;
first name;
patronymic;
other information that the User can specify in the comments to the order;
other information that the User can provide in the attachments to the order;
other information that the User can provide when filling out Service forms.
As per this Policy, the Body Corporate processes the personal information of individuals who use the Service, including individuals who fill out the feedback forms available on the Service.

PROCEDURE AND CONDITIONS FOR PROCESSING PERSONAL INFORMATION

The Body Corporate processes the User's personal information using the Service as per the regulatory acts of applicable law that establish the requirements to ensure the security of personal information during processing and to observe the rights of personal information subjects.
The Body Corporate processes and stores the User's personal information when the User use the Service, as well as for 3 (three) years after the termination of such use to comply with the time allowed for claims or another period, about which the Body Corporate informs Users upon receipt of Users’ consent to the processing of their personal information in another way (in a checkbox text, in a text message, in an e-mail, etc.).
The Body Corporate does not distribute the User’s personal information via public sources.
The Body Corporate does not process User’s sensitive personal information related to race, political views, religious or philosophical beliefs, intimate life, biometric information, health information, criminal record, and other sensitive personal information, as determined in the applicable law.
The confidentiality of the User's personal information is maintained, except in cases where Users voluntarily provide information about themselves for general access to an unlimited number of parties.
The Body Corporate has the right to transfer the User's personal information to the Processor, Recipient, and third parties using modern methods of connection encryption via the secure HTTPS protocol in the following cases:
when the User applies to the Body Corporate with a request for such a transfer;
if the User gave consent to such actions earlier;
if the transfer is required for the User to use certain Service functionality or for the execution of a certain agreement, contract or arrangement with the User, including for arranging the processing of Users’ appeals that they leave when filling out the feedback forms available on the Service;
if the transfer is required by applicable law or other legal norms within the framework of the procedure established by regulatory acts;
in case of Service ownership transfer, personal information shall be transferred to the acquirer simultaneously with the transfer of all obligations to comply with the terms of this Policy in relation to the personal information received by the acquirer;
to ensure the protection of the rights and legitimate interests of the Body Corporate or third parties when the User violates this Policy or other requirements of applicable law.
The Body Corporate takes the necessary administrative and technical measures to protect the User's personal information from unauthorized or accidental access, destruction, modification, suspension, copying, distribution, and other illegal actions made by third parties. In particular, all processed information shall be transmitted using modern methods of connection encryption via the secure HTTPS protocol.
The Body Corporate takes all necessary measures to prevent financial losses or other negative consequences caused by the loss or unauthorized disclosure of the User's personal information.
The Body Corporate has the right to transfer personal information to investigative authorities and other authorized bodies on the grounds stipulated in regulatory acts as per applicable law.
The Body Corporate stops processing the Users' personal information, which is processed with their consent, upon the expiration or withdrawal of the User's consent to the personal information processing, as well as in case of illegal processing of personal information or the liquidation of the Body Corporate.

UPDATING, CORRECTION, DELETION AND DESTRUCTION OF PERSONAL INFORMATION

Users can at any time change, update, supplement, or delete the personal information provided by them or a part of it using the interface of the Service.
If the Body Corporate independently reveals that personal information provided via the Service is incomplete or inaccurate, the Body Corporate shall take all possible measures to update personal information and make appropriate corrections.
If the User’s incomplete or inaccurate personal information can’t be updated, the Body Corporate shall take measures to delete such information.
If the User's personal information is revealed to be illegal, the processing of such information by the Body Corporate shall be stopped, and this personal information shall be deleted.
When the user interface of the Service does not operate or the Service has no available functionality for Users to change, update, supplement, or delete their personal information, as well as in any other cases, Users have the right to demand from the Body Corporate in written form to revise, suspend or destroy their personal information, since their personal information is incomplete, outdated, inaccurate, illegally obtained or not required for the stated processing purpose.
The Body Corporate shall undertake the following within a reasonable timeframe:
change and (or) supplement the User's personal information based on relevant documents confirming the authenticity of personal information, or destroy personal information if it is impossible to change and (or) supplement it;
suspend personal information related to the User, if personal information collection and processing conditions violation is discovered;
destroy personal information in case of confirmation that the collection and processing of personal information violated applicable law, as well as in other cases established by this Law and other regulatory acts;
cancel personal information suspension in case of non-confirmation of the violation of the personal information collection and processing terms.

RESPONSES TO USER REQUESTS FOR PERSONAL INFORMATION ACCESS AND DELETION

Users have the right to receive information free of charge from the Body Corporate regarding the processing of their personal information, including the following:
confirmation that the personal information has been processed by the Body Corporate;
legal grounds and purposes of personal information processing;
personal information processing methods used by the Body Corporate;
the name and address of the Body Corporate, information about parties that have access to personal information or to whom personal information may be disclosed as per the agreement with the Body Corporate or based on regulatory acts in accordance with applicable law;
the processed personal information related to the relevant User, its source, unless a different procedure for the provision of such information is specified in the applicable laws;
personal information processing terms, including storage terms;
the procedure for the User to exercise the rights specified in regulatory acts related to personal information in accordance with applicable law;
information about the performed or proposed cross-border information transfer;
company name or surname, name, patronymic and address of the party that processes personal information on behalf of the Body Corporate, if the processing is or will be entrusted to such party;
other information required by regulatory acts in accordance with applicable law.
On the User’s request, the Body Corporate shall allow the User to review free of charge personal information processed and stored in the Body Corporate’s information management system.
The Body Corporate shall allow the User to send a request for the deletion of personal information, received by the User by sending a request to the Body Corporate's email address specified in this Policy.
On the User’s request, the Body Corporate shall stop processing and delete the User's personal information.

DETAILS ABOUT FULFILLED PERSONAL INFORMATION PROTECTION REQUIREMENTS

The security of personal information during processing in the personal information management system is ensured by a personal information protection system that neutralizes relevant threats.
The Body Corporate applies a personal information protection system that includes legal, administrational, technical, and other measures to ensure personal information safety, which are selected given the urgent threats to the personal information security and information technologies used in information management systems.
Regarding the personal information, in respect of which the User gave consent to it being processed by the Processor, the Body Corporate has the right to involve the Processor as per the agreement that ensures the safety of such personal information during processing in the information management system.
When processing personal information in its information management system, the Body Corporate ensures the following:
taking measures to prevent unauthorized access to the User's personal information and (or) its transfer to parties who do not have the right to access such information;
timely detection of cases of unauthorized access to personal information;
preventing the impact on the technical means used for the processing of personal information, which may disrupt the functioning of such means;
the possibility of immediate recovery of personal information that is modified or destroyed due to unauthorized access;
constant control to ensure the required level of personal information protection.
The Body Corporate shall use technical means and software to process and protect personal information.
All employees of the Body Corporate authorized to work with personal information, as well as those involved in the operation and maintenance of the personal information management system, shall be familiar with the internal documents of the Body Corporate governing the personal information processing procedures.
The internal documents of the Body Corporate state that employees are obliged to immediately inform the relevant executive of the Body Corporate about the loss, damage, or shortage of information storage media containing personal information, as well as about attempts, causes, and conditions of unauthorized access to personal information.

CONSENT TO PERSONAL INFORMATION PROCESSING

Users decide to provide their personal information and give consent to its processing voluntarily, based on their free will and in their best interests.
Consent to the processing of personal information provided by the User is given voluntarily. The User is specific, informed, conscious, meaningful, and unambiguous with the provided consent.
Users give the Body Corporate consent to the processing of their personal information when Users use the Service, as well as within 3 (three) years after the termination of such use to comply with the statute of limitations.
Users also give consent to the Body Corporate to perform the cross-border transfer of personal information to the territory of the Russian Federation.
If the personal information of Users is processed based on their explicit consent to such processing, such consent shall be given explicitly by clicking on the appropriate button when using the Service, by checking a corresponding check-box, or by sending an electronic message using the Service functionality.
Consent to the processing of personal information may be withdrawn by the User as per the procedure established by applicable law.

FINAL PROVISIONS

The User is considered to start using the Service from the acceptance of the terms of this Policy. If the User disagrees with the terms of this Policy, the use of the Service must be immediately stopped.
This Policy and the relationship between the User and the Body Corporate arising in connection with the application of this Policy are subject to applicable law.
This Policy is publicly available on the Service all the time.
Users are entitled to send all suggestions or questions about this Policy to the Body Corporate's user support service by sending email messages to the following address: info@clever-machines.in.

COMPANY DETAILS

CMACHINES INDIA PRIVATE LIMITED, company registration number: CIN: U28253UP2023PTC178362, registered address: Unit no-213, Tower-1, ASSOTECH BUSINESS CRESTERRA, Plot no-22, Sector-135, NOIDA, UTTAR PRADESH, INDIA. PIN code: 201305

Tel: +91-8826682769

E-mail address: info@clever-machines.in.