Griphic

About
technologies
Team
Investors
Contact

Griphic Privacy Policy

Griphic Privacy Policy  Effective Date: December 10, 2023  Griphic’s Privacy Policy covers all personal data handled through its websites and services, acting as a processor for Client data and a controller for its own business data. We collect CVs and related details, business contact information, and limited technical data like IP, browser, device, and usage logs, plus information you send in communications. Data is used to provide and improve the platform, support and billing, keep systems secure, and meet legal requirements, with processing based on consent obtained by Clients where required, contracts, legitimate interests, or legal obligations. We do not sell personal information and share it only with the relevant Client, contracted service providers, permitted affiliates, lawful authorities, or a successor in a business transfer, with safeguards for any international transfers. Security measures include encryption, strict access controls, staff training, vendor due diligence, monitoring, and incident response. Data is retained only as needed, then deleted or anonymized, and individuals can request access, correction, deletion, and other rights, which we honor directly or through the Client, with updates to the Policy communicated and reflected by the Effective Date.  Introduction  At Skets Griphic Pvt. Ltd. (“Griphic,” “we,” “our,” or “us”) we respect your privacy and is committed to protecting personal information in accordance with applicable laws and industry best practices. This Privacy Policy explains what personal data we collect, how we use and share it, and the rights and choices you have. Our cloud-based platform and services are business-to-business offerings intended for use by companies and their representatives, not individual consumers. All personal data we handle is treated as relating to individuals in their business capacity and used only for the purposes described below.  If you have any questions about this policy or our data practices, please contact us using the details in the Contact and Grievance Redressal section. We may also provide supplemental privacy notices for certain jurisdictions or services. If any supplemental notice conflicts with this Policy, the supplemental notice will govern for that service or jurisdiction.  Scope and Applicability  This Privacy Policy applies to all personal data processed by Griphic in connection with our websites, products, and services (collectively, the “Services”). It covers personal data we process on behalf of our client companies (“Clients”) as a service provider or data processor, as well as personal data we collect for our own business, such as business contact information of Clients and website visitors. 
  • On behalf of Clients: Our Clients act as data controllers and determine the purposes and means of processing. Griphic acts as a data processor or service provider and processes personal data only on our Clients’ documented instructions. We do not use such data for our own purposes beyond providing and maintaining the Services. If your data is in our platform because a Client provided it, please refer to that company’s privacy policy and direct your requests to them. We will assist our Clients in responding to requests as required by law and our contracts. 
  • Griphic as a data controller: Griphic may collect and use personal data for our own business purposes. Examples include information about visitors to our website, direct business contacts, prospective clients, and job applicants. For such data, Griphic is the data controller or fiduciary, and this Policy describes how we handle it. 
  Personal Data Collected and Methods of Collection  We collect only the personal data that is relevant and necessary for the purposes described in this Policy. Depending on how you interact with us, we may process: 
  • Information provided by Clients or users 
  • CVs and related details: Resumes or profile information of individuals that can include name, email address, phone number, education, work experience, and skills. 
  • Contact information: Names, business email addresses, phone numbers, job titles, and department information of Client representatives and authorized users. 
  • Other customer-provided data: Any personal data a Client directs us to process within the platform, such as notes or evaluation feedback attached to a profile. 
  • Information collected automatically 
  • Technical data: IP address, browser type and version, device identifiers, operating system, and device details. 
  • Usage data: Dates and times of access, pages or features used, clicks and browsing actions, and other log information. 
  • Cookies or similar technologies: Used to remember preferences and improve user experience. You can manage cookie preferences through your browser settings. 
  • Information from communications: If you contact us directly, we collect the information you provide, such as your name, contact information, and message content, to respond and resolve issues. 
Special categories: We do not intentionally collect sensitive personal data unless explicitly required by a Client and handled under their instructions. Our Services are not directed to children, and we do not knowingly collect personal data from individuals under 18 in the context of our B2B offerings.  Legal Basis for Processing  We process personal data only when a valid legal basis applies, which may include: 
  • Consent: Where required, consent is obtained by the Client from the data principal. We process such data on the basis of that consent. 
  • Contractual necessity: Processing needed to provide the Services to a Client under our agreement, or to take steps requested by an individual in connection with the Services. 
  • Legitimate interests: Processing for our legitimate business interests such as service security, improvement, and Client communications. We balance these interests against individual rights. 
  • Legal obligation: Processing required to comply with laws, regulations, court orders, or regulatory requests. 
  • Other permitted uses under applicable law: For example, narrow exceptions recognized by relevant data protection laws. 
Purpose of Processing  We use personal data for the following purposes: 
  • Providing and improving the Services: Hosting and organizing Client data, enabling platform features requested by Clients, facilitating notifications, and improving performance and user experience. We may analyze aggregated, de-identified usage patterns to enhance the Services. 
  • Client support and administration: Responding to inquiries, providing customer support, managing accounts, and handling billing. 
  • Security and fraud prevention: Protecting the platform, detecting and preventing fraud or misuse, monitoring system integrity, and preventing unauthorized access. 
  • Compliance with law: Meeting legal, regulatory, accounting, or reporting obligations and enforcing our agreements. 
  • Business communications in a B2B context: Sending service updates and information about our Services to Client contacts, with the ability to opt out of marketing communications at any time. We do not use Client-provided datasets such as CVs for our own marketing. 
We will not use personal data for any purpose that is incompatible with the purposes for which it was collected without providing notice and obtaining consent when required.  Data Sharing and Disclosure  We do not sell or rent personal information. We share personal data only as described below and with appropriate safeguards: 
  • Clients: Data processed on behalf of a Client is available to that Client according to their configuration and policies. 
  • Service providers (subprocessors): Trusted vendors that provide hosting, storage, email delivery, analytics, support tools, and related services. They access personal data only as needed to perform services for us and are bound by contractual obligations to protect it. We remain responsible for their handling of personal data in line with our agreements. 
  • Affiliates: If applicable, within our corporate group for the purposes described in this Policy and subject to equivalent protections. 
  • Legal and safety: To comply with laws, regulations, legal processes, or governmental requests, to enforce our agreements, or to protect rights, property, or safety. 
  • Business transfers: In connection with a merger, acquisition, or sale of assets, subject to the incoming entity honoring protections consistent with this Policy. 
We do not share personal data with third parties for their independent marketing or advertising purposes.  International Data Transfers and Cloud Hosting  We are headquartered in India and use cloud infrastructure that may store or process data in multiple countries. Personal data may therefore be transferred to and processed in jurisdictions outside your own.  We take steps to ensure that international transfers occur in compliance with applicable requirements. These steps include technical safeguards such as encryption, strict access controls, and contractual safeguards that require recipients to protect personal data to high standards. We monitor applicable laws and avoid transfers to destinations restricted by relevant authorities.  Data Security  We implement technical and organizational measures designed to protect personal data from unauthorized access, alteration, disclosure, or destruction. These include: 
  • Encryption in transit and, where feasible, at rest 
  • Role-based access controls, least-privilege access, and multi-factor authentication for administrative access 
  • Staff training and confidentiality obligations 
  • Vulnerability management, security monitoring, and periodic assessments 
  • Vendor due diligence and contractual security commitments 
  • Incident response procedures and breach notification where required by law 
No method of transmission or storage is completely secure. We continuously improve our safeguards and ask Clients and users to keep credentials confidential, and report suspected unauthorized access promptly.  Data Retention  We retain personal data only for as long as necessary for the purposes described in this Policy or as required by law. 
  • On behalf of Clients: Retention follows our agreement with the Client. We delete or return personal data upon request or upon termination, subject to legal obligations and limited archival backups which are protected and later overwritten. 
  • Direct collection: For personal data we collect directly, we keep it while we have an ongoing legitimate business need. When no longer needed, we delete it or anonymize it. 
  • Legal requirements: We may retain certain information to comply with legal, tax, or audit obligations or to establish, exercise, or defend legal claims. 
Data Subject Rights  Depending on the applicable law, individuals may have rights such as: 
  • Right to be informed about data collection and use 
  • Right of access to personal data 
  • Right to correction of inaccurate or incomplete data 
  • Right to deletion in certain circumstances 
  • Right to withdraw consent where processing is based on consent 
  • Right to data portability, where applicable 
  • Right to restrict or object to processing in certain circumstances 
  • Rights related to automated decision-making, where applicable 
  • Right to grievance redressal and to nominate a representative where permitted by law 
To exercise rights, contact us using the details below. We will verify your identity and respond within the timeframes required by law. If your data is processed on behalf of a Client, we may refer your request to that Client and will assist them as required.  You may also lodge a complaint with your local data protection authority. We encourage you to contact us first so we can address your concerns.  Compliance and Governance  We follow recognized privacy principles including lawfulness, fairness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality, and accountability. Our governance measures include: 
  • Monitoring legal requirements and updating practices accordingly 
  • Assigning internal responsibility for privacy and security 
  • Maintaining internal policies and conducting staff training 
  • Building privacy by design into our Services and limiting default exposure of personal data 
  • Managing vendors through due diligence, contracts, and oversight 
  • Conducting reviews, assessments, and continuous improvement 
  • Maintaining records and assisting Clients with their compliance needs 
We may update this Policy from time to time. The Effective Date at the top will indicate the latest revision. For material changes, we will provide more prominent notice. Your continued use of the Services after an update constitutes your acknowledgment of the revised Policy.  By using Griphic’s Services or providing personal data to us, you acknowledge that you have read and understood this Privacy Policy.  Contact and Grievance Redressal   For any questions or to exercise your privacy rights, please reach out to our Grievance Officer at info@griphic.com  Address: 226 Patparganj Industrial Area, Patparganj, Delhi, 110092 
Scroll to Top
Menu