The following information is provided to you to inform you of Sodexo SVC India Private Limited commitments in terms of Personal data protection. Sodexo SVC India Private Limited belongs to Pluxee Group (herein after referred as “Pluxee”).
Pluxee builds strong, lasting relationships with its customers, partners and consumers based on mutual trust: making sure that their Personal data is safe and remains confidential is an absolute priority for Pluxee.
Pluxee is committed to comply with all applicable regulatory and legal provisions governing the Protection of Personal data.
- Users remain in control of their own data. The data is processed in a transparent, confidential, and secure manner.
- Pluxee is committed to a continuing quest to protect its users’ Personal data in accordance with the Information Technology Act, 2000, The Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 and all the applicable laws as may be notified by the government from time to time.
- Pluxee has a Global Data Protection Office dedicated to data protection, supported by a network of local data protection single points of contact or data protection officers.
PURPOSE OF THIS POLICY
Pluxee takes the protection of your personal data very seriously.
We have developed this policy to inform you of the conditions under which we collect, process, use and protect your Personal data on our Sites and in the context of the services provided by Sodexo SVC India Pvt, Ltd (the “Services”). This policy covers all users, including those who use the Site and the Services without being registered or subscribing to a specific service or account (hereinafter collectively, the “Users”).
Please read it carefully to familiarize yourself with the categories of Personal data that are subject to collection and processing, how we use this Personal data and with whom we are likely to share it. This policy also describes your rights and how you can get in touch with us to exercise these rights or to ask us any questions you might have concerning the protection of your Personal data.
This policy may be amended, supplemented, or updated, in particular to comply with any legal, regulatory, case law or technical developments that may arise. However, your Personal data will always be processed in accordance with the policy in force at the time of the data collection, unless a compulsory legal prescription determines otherwise and must be enforced retroactively.
IDENTITY AND CONTACT DETAILS OF THE CONTROLLER
The data Controller is Sodexo SVC India Pvt. Ltd is a Private Limited Company registered under the Companies Act, 1956 with its CIN No U74140MH2008FTC182494 and having its registered office at B Wing, 503/ 504, Hiranandani Fulcrum, Sahar Road, Andheri (East), Mumbai – 400 092
|“Account”||The User’s dedicated personal area within the Site, which he or she accesses when he or she registers and connects to the Site. It enables the User to access the Services.|
|“Controller”||The Pluxee entity which, alone or jointly with other Pluxee entities or third parties (i.e., its processor Zeta) determines the purposes and means of the processing of personal data.|
|“Personal data”||Means any information relating to an identified natural person or one that can be directly or indirectly identified by reference to an identification number or to one or more factors specific to this person.|
|“Processing”||Any operation or set of operations which is performed on Personal data or on sets of Personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.|
|“Processor”||A legal person which processes personal data on behalf of the controller.|
|“Site”||The website of Sodexo SVC India Pvt. Ltd available at the address www.pluxeegroup.in|
|“us” “we” or “our”||Sodexo SVC India Pvt. Ltd] (hereinafter Pluxee”), acting as controller|
|“you” or “Users”||Any Site user/visitor.|
COLLECTION AND SOURCE OF PERSONAL DATA
We will most likely collect your Personal data directly (in particular via the data collection forms on our Site) or indirectly via our service providers and/or technologies on our Site.
We undertake to obtain your consent and/or to allow you to refuse the use of your data for certain purposes whenever necessary.
TYPES OF PERSONAL DATA COLLECTED AND USED BY US
We may specifically collect and process the following types of personal data:
- the information that you provide when filling in the forms on the Site (for example, for subscription purposes, to participate in surveys, for marketing purposes, when downloading the application, etc.) the information that you provide for authentication purposes;
- the information that you provide for order fulfillment or to provide a service
- to provide issuance of pre-paid cards, activating consumer cards and approval of KYC
- the data relating to your purchases such as products, quantity, price, billing and delivery about you only where you volunteer and consent to this;
- the transaction data such as payment information and credit/debit card information that is transmitted directly to third parties who process your requests; the information provided via “posts”, comments or other content that you post on the website .the information from you when you use the chat function on our Sites.
- the information you provide for the purposes of managing your job application and, where applicable, your recruitment process (e.g.: CV, information relating to your education, your professional experience, awards, diplomas, certificates, attestations, languages spoken, salary expectations, etc.);
- your preferences in receiving marketing from us and our third parties and your communication preferences
Personal data identified by an asterisk in the data collection forms are compulsory as these are necessary to fulfill any orders placed. In the absence of this compulsory information, these transactions cannot be processed.
Please find details of the different data collected for the various purposes in the chart (Annex 1).
PERSONAL DATA THAT WE AUTOMATICALLY COLLECT
Personal data may be collected for the following general purposes (a more precise description of the processing of your data can be found in the Annex 1 below):
- Account creation and management
- Customer Relationship Management
- Marketing Management
- Complying with statutory requirement
- Other legitimate purpose as may be required
In addition, please note that you have the option to click on the dedicated icons of social networks such as Twitter, Facebook, LinkedIn, etc. that appear on our Sites.
When you click on these icons, we may have access to the Personal data that you have made public and accessible via your profiles on the social networks in question. We neither create nor use any separate databases from these social networks based on the Personal data that you have published there, and we do not process any Personal data relating to your private life through these means.
If you do not want us to have access to your Personal data published in the public spaces of your profile or your social accounts, then you should use the procedures provided by the social networks in question to limit access to this information.
LEGAL BASIS FOR THE PROCESSING OF PERSONAL DATA
We process your Personal data as part of the performance and management of our contractual relationship with you, in our legitimate interest to improve the quality and operational excellence of the Services we offer to you or in compliance with certain regulatory obligations depending on the purpose of processing as identified in the chart in Annex 1.
Your Personal data may also be processed based on your prior consent in the event that under certain circumstances, your consent would be requested (e.g regarding health data or for certain types of Cookies).
Please find more information about the legal basis for each of our processing in the Annex 1 below.
DISCLOSURE OF PERSONAL DATA
The security and confidentiality of your Personal data is of great importance to us. This is why we restrict access to your Personal data only to members of our staff only to the extent strictly necessary to process your orders or to provide the requested Services. We ensure that persons authorized to process the Personal data have committed themselves to confidentiality or are under an appropriate statutory obligation of confidentiality.
We will not disclose your Personal data to any unauthorized third parties. We may, however, share your Personal data with entities within Pluxee and with authorized service providers (for example: technical service providers [hosting, maintenance], consultants, etc.) whom we may call upon for the purpose of providing our Services.
We ensure that every disclosure of your Personal data to an authorized service provider is framed by a data processing agreement, reflecting the commitments laid out in this policy. We do not authorize our service providers to use or disclose your data, except to the extent necessary to deliver the Services on our behalf or to comply with legal obligations. Furthermore, we may share your Personal data (i) if the law or a legal procedure requires us to do so, (ii) in response to a request by public authorities or other officials or (iii) if we are of the opinion that transferring these data is necessary or appropriate to prevent any physical harm or financial loss or in respect of an investigation concerning a suspected or proven unlawful activity.
STORAGE PERIOD OF YOUR PERSONAL DATA
We will store your Personal data only for as long as necessary to fulfill the purposes for which it was collected and processed. This period may be extended, if applicable, for any amount of time prescribed by any legal or regulatory provisions that may apply. To determine the retention period of your Personal data, we take into consideration several criteria such as:
- The purpose for which we hold your Personal data (e.g., when you purchase products on our Sites, we keep your Personal data for the duration of our contractual relationship);
- Our legal and regulatory obligations in relation to that Personal data (e.g., accounting reporting obligations);
- Whether you are an active user of our Services, you continue to receive marketing communications, or you regularly browse or purchase off our Sites or whether you do not open our emails or visit our Sites; For instance, if you have agreed to receive marketing communications, we keep your Personal data until you:
- (i) unsubscribe from receiving marketing communications
- (ii) request we delete your Personal data, or
- (iii) after a period of inactivity (i.e. where you have not interacted with us for a period of time). This period is defined in accordance with local regulations and guidance.
- Any specific requests from you in relation to the deletion of your Personal data or Account.
- Any statutory limitation periods allowing us to manage our own rights, for example the defence of any legal claims in case of litigation; and
- Any local regulations or guidance (e.g., regarding cookies).
Please find more information about the storage period of your Personal data in Annex 1 below
SENSITIVE PERSONAL DATA
As a general rule, we do not collect sensitive Personal data via our Sites. “Sensitive Personal data” refers to any information concerning a person’s racial or ethnic origins, political opinions, religious or philosophical beliefs, union membership, health data or data relating to the sexual life or the sexual orientation of a natural person. This definition also includes personal data relating to criminal convictions and offenses.
In the event that it would be strictly necessary to collect such data to achieve the purpose for which the processing is performed, we will do so in accordance with local legal requirements for the protection of Personal data and, in particular, with your explicit prior consent and under the conditions described in this policy.
PERSONAL INFORMATION AND CHILDREN
Our Site is for use by adult persons who have the capacity to conclude a contract under the legislation of the country in which they are located.
Children users under the age of [18 years or without legal capacity must obtain consent from their legal guardians prior to submitting their Personal data to the Site.
TRANSFER OF PERSONAL DATA
In compliance with the Data protection regulation described above, there is no transfer of personal data outside of India.
In case, a transfer outside of India is necessary, Pluxee will perform it in compliance with the Data protection regulation described above and will take all necessary measures to ensure that this data receives adequate protection.
Pluxee is committed to ensure protection of your rights under applicable laws. You will find below a table summarizing your different rights:
|Right of access and rectification||You can request a copy of the Personal data we hold about you. You may also request rectification of inaccurate Personal data, or to have incomplete Personal data completed.|
|Right to erasure||
Your right to be forgotten entitles you to request the erasure of your Personal Data in cases where:
|Right to restriction of Processing||
You may request that processing of your Personal Data be restricted in the cases where:
|Right to data portability||
You can request, where applicable, the portability of your Personal data that you have provided to Pluxee, in a structured, commonly used, and machine-readable format you have the right to transmit this data to another Controller without hindrance from Pluxee where:
You can also request that your Personal data be transmitted to a third party of your choice (where technically feasible).
|Right to object to Processing||You may object (i.e. exercise your right to “opt-out”) to the processing of your Personal data particularly in relation to profiling or to marketing communications. When we process your Personal data on the basis of your consent, you can withdraw your consent at any time.|
|Right not to be subject to automated decisions||You have the right not to be subject to a decision based solely on automated processing, including profiling, which has a legal affect upon you or significantly affects you.|
|Right to lodge a Complaint||You can choose to lodge a Complaint with the Data Protection Supervisory Authority in the country of your habitual residence, place of work or place of the alleged infringement, regardless of whether you have suffered damages. You have also the right to lodge your Complaint before the courts where [the Pluxee entity] has an establishment or where you have your habitual residence.|
You may, at any time, exercise any of the above rights or contact us with any data protection related queries or concerns by completing the request form and sending it to email@example.com as indicated in the privacy notices and/or the privacy policies provided to you at the time of the collection of your Personal Data or sending it to the local Data Protection Single Point of Contact at 022 -4321 4321; or, by completing and submitting the dedicated request webform.
For more details, please consult the Local Data Protection Rights Management Policy
We implement all possible technical and organizational security measures to ensure security and confidentiality in processing your Personal data.
To this end, we take all necessary precautions given the nature of the Personal data and the risks related to its processing, in order to maintain data security and in particular to prevent distortion, damage or unauthorized third-party access (physical protection of the premises, authentication procedures with personal, secured access via identifiers and confidential passwords, a connection log, encryption of certain data, etc.).
In addition, if we contract with Processors for all or part of the Processing of your Personal data, we require a contractual agreement from our service providers to guarantee the security and confidentiality of the Personal data that we transmit to them or that they collect on our behalf, in accordance with the applicable regulations on the protection of Personal data.
We regularly conduct audits to verify the proper operational application of the rules relating to the security of your Personal data.
Nevertheless, you also have a responsibility to ensure the security and confidentiality of your Personal data so we invite you to remain vigilant, especially when using an open system such as the Internet.
LINKS TO OTHER SITES
We may update or amend this policy as and when needed. In this case, amendments will only become applicable after a period of 30 business days from the date of the amendment. Please consult this page from time to time if you want to be informed of any possible changes.
If you have subscribed to certain services via our Site and you no longer want to receive emails, please consult the “unsubscribe” page corresponding to the Service you are subscribed to.
HOW TO CONTACT US
If you have any questions or comments with regard to this policy, please do not hesitate to contact us at the following address firstname.lastname@example.org.
Last updated: 20th June 2022
INFORMATION ABOUT THE PROCESSING OF YOUR PERSONAL DATA
|General purpose||Purpose of the Processing||Personal data collected||Legal basis of the Processing||Retention of the Personal data|
|Account creation and Management||Send an initial communication via email to invite you to register and use our Sites and Services||
|In order to take steps at the request of the data subject prior to entering into a contract Consent||
If you are one of our customers, these communications may be sent to you for the duration of our commercial relationship, then for ten (10) years after the end of this relationship or of the last contact you initiated.
If you are not yet sure whether you want to benefit from our products and Services, and you are still in the prospecting phase, we can send you communications on our offers and products for a period of three (3) years from the last contact you initiated.
|Register you as a user and create an account for you on our Site||
user and Password
|Performance of a contract to which the data subject is party||We will keep your Personal data in your customer account (s) until you delete your account.|
|Customer Relationship Management||Manage and monitor our relationships with existing and potential customers||
|Contract and legitimate interest||
We will keep your Personal data for the duration of our commercial relationship and thereafter for a period of 10 years as required by our regulator RBI under Payment and Settlement Systems Act, 2007, after which only the data necessary for pre-litigation or litigation purposes will be archived until the legal prescription is acquired.
The usual limitation period in civil and commercial matters is three (3) years. In the event of a dispute, this data is kept for the duration of the procedure and until the expiration of ordinary and extraordinary remedies.
|Respond to your requests for information, searches, newsletter and other content.||
|Legitimate interest and consent||We will send you our newsletter until you unsubscribe.|
|Access whether you are eligible for certain products and Services||
|Contract Legitimate interest||We will keep your Personal data for the period necessary to carry out those checks|
|Process and deliver your order||
Information on your order
We will keep your Personal data for the duration of our commercial relationship and thereafter for a period of 10 years as required by our regulator RBI under Payment and Settlement Systems Act, 2007,, after which only the data necessary for pre-litigation or litigation purposes will be archived until the legal prescription is acquired.
The usual limitation period in civil and commercial matters is Three (3) years. In the event of a dispute, this data is kept for the duration of the procedure and until the expiration of ordinary and extraordinary remedies.
|Comply with legal obligations||Legal obligations||We will keep your Personal data for the duration of the procedure, plus the period of acquisition of legal requirements. If there is statutory requirement, we will retain your data as may be required to comply the laws of land. The usual limitation period in civil and commercial matters is three (3) years from the end of the contract.|
|Marketing Management||Conduct surveys and gather statistics||
|Legitimate interest||We will keep your data for a period of three (3) years from the last contact you initiated|
|Manage, organize and improve of the competitions and related promotional operations||
|Consent||Consent We will keep your data for a period of three (3) years after the end of the competition or the draw.|
|Send commercial communications about products and services that may be of interest to you||
If you are one of our customers, these communications may be sent to you for the duration of our commercial relationship, then for three (3) years after the end of this relationship or of the last contact you initiated.
If you are not yet sure whether you want to benefit from our products and services, and you are still in the prospecting phase, we can send you communications on our offers and products for a period of three (3) years from the last contact you initiated.
|Profile your Personal data to use internally to help us understand your motivations, values and needs||Consent Legitimate interest||If you are one of our customers, these communications may be sent to you for the duration of our commercial relationship, then for three (3) years after the end of this relationship or of the last contact you initiated. If you are not yet sure whether you want to benefit from our products and services, and you are still in the prospecting phase, we can send you communications on our offers and products for a period of three (3) years from the last contact you initiated.|
|Recruitment||Assess your skills, qualifications, and suitability for the role,||In order to take steps at the request of the data subject prior to entering into a contract||We will keep your data for a period of two (2) years after we received your job application|
|Carry out background and reference checks||Legitimate interest||We will keep your data for the period necessary to carry out those checks|