Welcome to Rakt and thank you for your interest in our company. In order to make you feel safe when visiting our website and using our app, we want to explain what happens with the data that Rakt accrues when using our App and website.
General Information on the collection of personal data
In the following, we inform you about the collection of personal data when using our website and app.
Personal data is all data that can be related to you personally, e.g. name, address, e-mail addresses, user behaviour.
Being a India based Company, we are required to follow the statutory provisions of the Information Technology Act, 2000 and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. However, to further the security of your personal data we have voluntarily adapted the more stringent EU General Data Protection Regulation 2016/679 and also the California Consumer Privacy Act of 2018.
The responsible party pursuant to Article 4 (7) of the EU General Data Protection Regulation (GDPR) is Rakt Innovations (OPC) Pvt. Ltd., AN-4D, AN-Block, Shalimar Bagh, North-West Region, Delhi, India 110088.
If we use commissioned service providers for individual functions of our offer or would like to use your data for advertising purposes, we will inform you in detail about the respective processes below. In doing so, we will also state the specified criteria for the storage period.
Your rights as a data subject
First of all, we would like to inform you here about your rights as a data subject.
You have a number of ‘Data Subject Rights’ below is some information on what they are and how you can exercise them.
Right to information: You can request information from us as to whether and to what extent we process your data.
Right to rectification: If we process your data that is incomplete or incorrect, you can request that we correct or complete it at any time.
Right to erasure: You may request that we erase your data if we are processing it unlawfully or if the processing disproportionately interferes with your legitimate interests in protection. Please note that there may be reasons that prevent immediate deletion, e.g. in the case of legally regulated retention obligations. Irrespective of the exercise of your right to deletion, we will delete your data immediately and completely, insofar as there is no legal or statutory obligation to retain data in this respect.
Right to restriction of processing: You may request us to restrict the processing of your data if you dispute the accuracy of the data for a period of time that allows us to verify the accuracy of the data, the processing of the data is unlawful, but you object to erasure and request restriction of data use instead, we no longer need the data for the intended purpose, but you still need this data to assert or defend legal claims, or
you have objected to the processing of the data.
Right to data portability: You may request that we provide you with the data you have provided to us in a structured, commonly used and machine-readable format and that you may transfer this data to another controller without hindrance from us, provided that we process this data on the basis of a revocable consent given by you or for the performance of a contract between us, and this processing is carried out with the aid of automated procedures. If technically feasible, you may request us to transfer your data directly to another controller.
Right to object: If we process your data for legitimate interest, you may object to this data processing at any time; this would also apply to profiling based on these provisions. We will then no longer process your data unless we can demonstrate compelling legitimate grounds for the processing which override your interests, rights and freedoms, or the processing is for the assertion, exercise or defence of legal claims. You may object to the processing of your data for the purpose of direct marketing at any time without giving reasons.
Right of complaint: If you are of the opinion that we violate data protection law when processing your data, please contact us so that we can clarify any questions. Of course, you also have the right to contact the supervisory authority responsible for you, the respective state office for data protection supervision. If you wish to assert any of the aforementioned rights against us, please contact us. In case of doubt, we may request additional information to confirm your identity.
Where the processing of your personal information is based on consent, you have the right to withdraw that consent without detriment at any time.
The above rights may be limited in some circumstances, for example, if fulfilling your request would reveal personal information about another person, if you ask us to delete information which we are required to have by law, or if we have compelling legitimate interests to keep it. We will let you know if that is the case and will then only use your information for these purposes. You may also be unable to continue using our services if you want us to stop processing your personal information.
We encourage you to get in touch if you have any concerns with how we collect or use your personal information.
California Specific Rights
If you are a California resident, you have the following rights:
You have the right to:
- request, up to two times each year, access to categories and specific pieces of personal information about you that we collect, use, disclose, and sell.
- request that we delete personal information that we collect from you, subject to applicable legal exceptions.
- “opt out” of the “sale” of your “personal information” to “third parties”
In addition under California’s “Shine the Light” law, California residents who provide personal information (as defined in the statute) to obtain services are entitled to request and obtain from us, once per calendar year, information about the personal information we shared, if any, with other businesses for marketing uses. If applicable, this information would include the categories of personal information and the names and addresses of those businesses with which we shared such personal information for the immediate prior calendar year (e.g., requests made in the current year will receive information about the prior year).
Am i Obliged To Provide Data?
The processing of your data is necessary for the conclusion or fulfilment of the contract you have entered into with us. If you do not provide us with this data, we will usually have to refuse to conclude the contract or will no longer be able to perform an existing contract and consequently have to terminate it. However, you are not obliged to give your consent to data processing with regard to data that is not relevant for the fulfilment of the contract or that is not required by law.
What are the relevant legal bases for processing your data?
In accordance with Art. 13 GDPR the following informs you about the legal basis of us processing your data and unless the legal basis is not specifically mentioned, the following applies:
Consent – This is where we have asked you to provide explicit permission to process your data for a particular purpose. (Art. 6 Para. 1 lit. a and Art. 7 GDPR)
Contract – This is where we process your information to fulfil a contractual arrangement we have made with you. (Art. 6 Para. 1 lit. b GDPR)
Answering your business enquiries – This is where we process your information to reply to your messages, e-mails, posts, calls, etc. (Art. 6 Para. 1 lit. b GDPR)
Legitimate Interests - This is where we rely on our interests as a reason for processing, generally this is to provide you with the best products and service in the most secure and appropriate way. (Art. 6 Para. 1 lit. f GDPR). Of course, before relying on any of those legitimate interests we balance them against your interests and make sure they are compelling enough and will not cause any unwarranted harm.
Legal Obligation – This is where we have a statutory or other legal obligation to process the information, such as for the investigation of crime. (Art. 6 Para. 1 lit. c GDPR)
Automatic Collection of personal data
In the case of merely informative use of the website, i.e. if you do not register or otherwise transmit information to us, we only collect the personal data that your browser transmits to our server. If you wish to view our website, we collect the following data, which is technically necessary for us to display our website to you and to ensure its stability and security (legal basis is Art. 6 para. 1 p. 1 lit. f GDPR):
- IP address
- Date and time of the request
- Time zone difference to Greenwich Mean Time (GMT)
- Content of the request (specific page)
- Access status / HTTP status code
- Amount of data transferred in each case
- Website from which the request came
- Operating system and its interface
- Language and version of the browser software.
In addition to the aforementioned data, cookies are stored on your computer when you use our website. Cookies are small text files that are stored on your hard drive in relation to the browser you are using and which provide the party setting the cookie (in this case, us) with certain information. Cookies cannot execute programmes or transfer viruses to your computer. They serve to make the Internet offer more user-friendly and effective overall.
This website uses the following types of cookies, the scope and functioning of which are explained below:
- Transient cookies
- Persistent cookies
Transient cookies are automatically deleted when you close the browser. These include, in particular, session cookies. These store a so-called session ID, with which various requests from your browser can be assigned to the joint session. This enables your computer to be recognised when you return to our website. The session cookies are deleted when you log out or close the browser.
Persistent cookies are automatically deleted after a specified period of time, which may differ depending on the cookie. You can delete the cookies in the security settings of your browser at any time.
You can configure your browser settings according to your preferences and, for example, refuse to accept third-party cookies or all cookies. Please note that this may prevent you from using all the functions of this website.
The Flash cookies used are not collected by your browser, but by your Flash plug-in. Furthermore, we use HTML5 storage objects that are stored on your end device. These objects store the required data independently of the browser you are using and have no automatic expiry date. If you do not want Flash cookies to be processed, you must install an appropriate add-on, e.g. "Better Privacy" for Mozilla Firefox or the Adobe Flash Killer Cookie for Google Chrome. You can prevent the use of HTML5 storage objects by setting your browser to private mode. We also recommend that you regularly delete your cookies and browser history manually.
Cookies requiring consent
Cookies that are neither technical cookies nor functional or performance cookies will only be used with your consent.
We reserve the right to also use information obtained by means of cookies from an analysis of the usage behaviour of visitors to our websites in order to display specific advertising for certain of our products to you on our own websites. We believe that this benefits you as a user because we display advertising or content that we believe, based on your browsing behaviour, matches your interests and so you are less likely to be shown random advertising or specific content that may be of less interest to you.
Marketing cookies come from external companies (third party cookies) and are used to collect information across websites visited by the user in order to create targeted advertisements for the user. These enable personalised online ads and advanced analysis and evaluation options about the target group and user behaviour.
Below is a list of cookies that we are install and that require your consent
Cookie (Google Analytics): _gat; _gid; _ga;
This website uses Google Analytics. On behalf of the operator of this website, Google will evaluate your use of the website in order to compile reports on website activity and to provide the website operator with further services relating to website activity and internet usage.
In addition, we use Google Conversion Tracking in connection with Google Analytics. This enables us to record the behaviour of our website visitors. We are also shown how many clicks on advertisements from external sources have led to our website. To opt out of being tracked by Google Analytics across all websites visit http://tools.google.com/dlpage/gaoptout.
How Can You Accept, Reject, Delete Or Set Cookies In Your Browser?
When you arrive on the website, the cookie banner allows you to choose whether to accept, reject or set the parameters of the cookies used by the website.
Managing Cookies In Your Browser
You can manage (enable/disable and delete) cookie settings on our websites through the features mentioned above, but also by changing your browser settings. Most browsers (Internet Explorer , Chrome, Firefox, Safari) allow you to manage your cookies by either accepting or rejecting all cookies or only agreeing to certain types of cookies. The procedure for managing and deleting cookies can be found in the help function of your browser. If you change your cookie settings, certain cookies will be blocked. You may not be able to take full advantage of some features of our websites. We may also not be able to provide some content that you have previously viewed or used.
You can also object to the use of performance and statistics cookies: However, this unfortunately does not tell us what you like or dislike about our website so that we can subsequently make improvements. Please note that we cannot delete third-party cookies. If you wish to delete all third-party cookies, you must do so in your browser settings. By the way: If you revoke your consent to advertising cookies, this does not mean that you will see less advertising as a result. Rather, it means that the advertising you see is not tailored to your individual needs.
How do we collect your data?
On the one hand, your data is collected by you providing it to us. This may, for example, be data that you enter in a contact form (See below).
Other data is collected automatically by our IT systems when you visit the website or use our software products. This is mainly technical data (e.g. internet browser, operating system, device ID or time of use). This data is collected automatically during use (See above).
What do we use your data for?
The data transmitted by you to make use of our range of goods and/or services is processed by us for the purpose of processing the contract and is necessary to this extent. Conclusion and processing of the contract are not possible without the provision of your data. The legal basis for the processing is Art. 6 para. 1 lit. b) GDPR.
Part of the data is collected to ensure error-free provision of the website or our software products. Other data may be used to analyse your user behaviour and to send you information.
The data provided by you to make use of our range of goods and/or services is processed by us for the purpose of contract processing and is necessary to this extent. Conclusion and processing of the contract are not possible without the provision of your data. The legal basis for the processing is Art. 6 Para. 1 lit. b) GDPR.
Specifically, the following data in particular are processed for the purpose of providing contractual services, service and customer care, marketing, advertising and market research from our customers, interested parties and business partners:
- Identification data (e.g. name, address and contact details).
- Data in connection with the performance of the business relationship (e.g. order data, bank details, contract data, payment data, logs on remote maintenance)
- Tax-relevant data
- Correspondence (e.g. correspondence)
- Advertising and sales data
- Data from publications (e.g. internet presence)
- Within the framework of contract processing, we pass on your data to the transport company commissioned with the delivery of the goods or to the financial service provider, insofar as the transfer is necessary for the delivery of the goods or for payment purposes.
Contacting us by e-mail or via a contact form
When you contact us by e-mail or via a contact form (e.g. contact or appointment), the data you provide (your e-mail address, first name, last name, company, postcode, city, optionally telephone, reason for contact) will be stored by us in order to answer your questions or to arrange an appointment. We delete the data accruing in this context after the storage is no longer necessary or restrict the processing if there are legal obligations to retain data.
Logging in to our website and app
You can log in/register in certain areas of our website and app to use and subscribe to our services. We will only use the data entered for this purpose and for the purpose of using the particular offer or service for which you have registered. The mandatory information requested during registration must be provided in full. Otherwise we may reject the registration.
In the event of important changes, for example in the scope of the offer or in the event of technically necessary changes, we will use the e-mail address provided during registration to inform you in this way.
The processing of the data entered during registration is based on your consent (Art. 6 para. 1 lit. a GDPR). You can revoke your consent at any time. For this purpose, an informal communication by e-mail to us is sufficient. The legality of the data processing already carried out remains unaffected by the revocation.
The data collected during registration will be stored by us for as long as you are registered on our website/ app and will then be deleted. The legal retention periods remain unaffected.
When you apply for a job
Handling of applicant data
We offer you the opportunity to apply for a position with us (e.g. by e-mail or via an online application form). We assure you that the collection, processing and use of your data will be carried out in accordance with applicable data protection law and all other legal provisions and that your data will be treated in strict confidence.
Scope and purpose of data collection
When you send us an application, we process your associated personal data (e.g. contact and communication data, application documents, notes taken during interviews, etc.) insofar as this is necessary to decide on the establishment of an employment relationship. The legal basis for this is Art. 6 para. 1 lit. b GDPR (general initiation of a contract) and - if you have given your consent - Art. 6 para. 1 lit. a GDPR. The consent can be revoked at any time. Your personal data will only be passed on within our company to persons involved in processing your application.
If your application is successful, the data you submitted will be stored in our data processing systems on the basis of Art. 6 (1) lit. b GDPR for the purpose of implementing the employment relationship.
Retention period of the data
If we are unable to make you a job offer, if you reject a job offer or withdraw your application, we reserve the right to retain the data you have submitted for up to 6 months from the end of the application process (rejection or withdrawal of the application) on the basis of our legitimate interests (Art. 6 para. 1 lit. f GDPR). The data will then be deleted and any physical application documents (if any) destroyed. This storage serves in particular as evidence in the event of a legal dispute. If it is evident that the data will be required after the 6-month period has expired (e.g. due to an impending or pending legal dispute), the data will only be deleted when the purpose for further storage no longer applies. Longer storage may also take place if you have given your consent (Art. 6 para. 1 lit. a GDPR) or if legal storage obligations prevent deletion.
Inclusion in the applicant pool
If we do not make you a job offer, it may be possible to include you in our applicant pool. If you are accepted, all documents and details from your application will be transferred to the applicant pool so that we can contact you in the event of suitable vacancies.
Inclusion in the applicant pool is based exclusively on your express consent (Art. 6 para. 1 lit. a GDPR). The provision of consent is voluntary and is not related to the current application process. The person concerned can revoke his/her consent at any time. In this case, the data from the applicant pool will be irrevocably deleted, unless there are legal reasons for retention.
The data from the applicant pool will be irrevocably deleted no later than two years after consent has been given.
Data collection within our apps and software products
Types of data processed
When working with hardware and software solutions offered by us, you will be given the opportunity to collect information relevant to the handling of your own business processes within a software-based system. This includes the following personal information such as:
- Inventory data (e.g. names, addresses)
- Contact data (e.g. e-mail, telephone numbers)
- Content data (e.g. text entries)
- Usage data (e.g. access times, logins)
- Profile data (e.g. user names, passwords)
- Meta/communication data (e.g. device information, IP addresses)
For the following groups of persons, information can be collected within the solutions offered:
When using our apps & software products, there is no obligation for you to provide personal data. The provision of personal data is not required by law or contract and you are not obliged to provide data. We will inform you during the input process if the provision of personal data is required for the respective service (e.g. by designating it as a "mandatory field"). In the case of required data, failure to provide it will mean that the service in question cannot be provided. Otherwise, failure to provide the data may mean that we are unable to provide our services in the same form and quality.
Collection of access data and log files
Rakt Innovations (OPC) Pvt. Ltd collects data on every access to our website on the basis of legitimate interests within the meaning of Art. 6 Para. 1 lit. f. GDPR, Rakt Innovations (OPC) Pvt. Ltd collects data about every access to servers on which our software solutions are located (server log files). The access data includes the name of the software accessed, file, date and time of access, volume of data transferred, notification of successful access, browser type and version, the user's operating system, referrer URL (the previously visited page), IP address and the requesting provider.
Log file information is stored for the maintenance of the software and for security reasons (e.g. to clarify misuse) for a period of 30 days. Data whose further storage is required for evidentiary purposes is exempt from deletion until the respective incident has been finally clarified.
Purpose of processing
On the basis of the following legal basis and for the purposes listed below, collected data may be processed by solutions and software packages offered by us.
For the handling of business processes of the customer
Data is processed within the scope of the respective solution/product used to handle the customer's business processes.
For the fulfilment of contractual obligations (Art. 6 para. 1 lit. b GDPR)
Data is processed for the execution of orders and contracts with our customers. The purposes of data processing depend in detail on the specific product and the contract documents.
Within the framework of the balancing of interests (Art. 6 para. 1 lit. f GDPR)
Data may also be used on the basis of a balancing of interests to safeguard legitimate interests. This is done for the following purposes:
- General business management
- Further development of services, systems and products
- Fulfilment of internal requirements and requirements for auditing or administrative purposes
- Ensuring IT security and IT operations
- Enforcement of legal claims and defence in legal disputes.
- Our interest in the respective processing results from the respective purposes and is otherwise of an economic nature (efficient fulfilment of tasks, sales, avoidance of legal risks).
Protection of stored data
In order to protect the security of information during transmission, Secure Sockets Layer software (SSL) is used. This software encrypts the transmitted information from forms and input masks. Rakt Innovations (OPC) Pvt. Ltd maintains physical, electronic and procedural safeguards in connection with the collection, storage and disclosure of our customers' personal information. Critical inputs such as passwords are stored in encrypted form.
Platform Integration and Multi-Channel Support
Online Payment, Secure data transmission and Credit card information
The transmission of your personal information during an order transaction is encrypted using industry standard Secure Socket Layer ("SSL") technology, (SSL encryption version 3). Any credit card information you provide will not be stored by us, but will be encrypted and collected directly from our payment service provider via hypertext transfer protocol secure ("https").
We may share information with our payment service provider, and you may need to provide credit or debit card information directly to the provider in order to process payment details and authorise payment following a secure link. The information which you supply to in such cases is not within our control and is subject to our payment service provider’s own Privacy Notice and Terms and Conditions.
We will only retain your personal data for as long as necessary to fulfil the purposes we collected it for, the data processed by us will be deleted or restricted in their processing in accordance with Art. 17 and 18 GDPR. If the data is not deleted because they are required for other and legally permissible purposes, their processing is restricted. This means that the data is blocked and not processed for other purposes. This applies, for example, to data that must be retained for commercial or tax law reasons.
When do we disclose your Personal Data?
We may share your information with organisations that help us provide the services described in this policy and who may process such data on our behalf and in accordance with this policy, to support our online offer and our services. If you wish to learn more about how the relevant provider process your personal data, please follow the link embedded in the above mentioned providers name.
Typically and unless otherwise stated in this policy, data may be shared on the basis of our contractual and pre-contractual obligations, in accordance with Art. 6 para. 1 lit. b) GDPR. Equally, if you have consented to it, or where there we have a legal obligation to do so or on the basis of our legitimate interests (e.g. when using agents, hosting providers, tax, business and legal advisors, customer care, accounting, billing and similar services that allow us to perform our contractual obligations, administrative tasks and duties efficiently and effectively).
If we commission third parties to process data on the basis of a so-called "processing agreement", this is done on the basis of Art. 28 GDPR.
In relation to meta data obtained about you, we may share a cookie identifier and IP data with analytic service providers to assist us in the improvement and optimisation of our website which is subject to our Cookies Policy.
We may also disclose information in other circumstances such as when you agree to it or if the law, a Court order, a legal obligation or regulatory authority ask us to. If the purpose is the prevention of fraud or crime or if it is necessary to protect and defend our right, property or personal safety of our staff, the website and its users.
Integration Of Services And Contents Of Third Parties
We use within our online offer on the basis of our legitimate interests (Art. 6 para. 1 lit. f. GDPR), content or services offered by third-party providers in order to integrate their content and services.
This always requires that the third-party providers of this content are aware of your IP address, since the content or service could not send to your browser without the IP address. The IP address is thus required for the display of this content and we endeavor to use providers that only use your IP address for the delivery of the content or services. However, Third-party providers may also use so-called pixel tags (invisible graphics, also known as "web beacons") for statistical or marketing purposes. The "pixel tags" can be used to evaluate information such as visitor traffic on the pages of this website. The pseudonymous information may also be stored in cookies on the user's device and may contain, among other things, technical information about the browser and operating system, referring websites, time of visit and other information about the use of our online offer, as well as be linked to such information from other sources.
Use of Google Analytics
This website uses Google Analytics, a web analytics service provided by Google, Inc. ("Google"). Google Analytics uses "cookies", which are text files placed on your computer, to help the website analyse how users use the site. The information generated by the cookie about your use of this website is usually transmitted to a Google server in the USA and stored there. In the event that IP anonymisation is activated on this website, however, your IP address will be truncated beforehand by Google within member states of the European Union or in other contracting states to the Agreement on the European Economic Area. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. On behalf of the operator of this website, Google will use this information for the purpose of evaluating your use of the website, compiling reports on website activity and providing other services relating to website activity and internet usage to the website operator.
The IP address transmitted by your browser as part of Google Analytics will not be merged with other Google data.
This website uses Google Analytics with the extension "_anonymizeIp()". This means that IP addresses are processed in a shortened form, thus excluding the possibility of personal references. If the data collected about you is related to a person, this is immediately excluded and the personal data is deleted immediately.
Our website is not intended for children and we do not knowingly collect data relating to children. If you become aware that your Child has provided us with Personal Data, without parental consent, please contact us and we take the necessary steps to remove that information from our server.
We may transfer your personal information outside the European Economic Area (EEA). For example, our Websites are hosted on servers within Europe and the United States of America, and our third party service providers operate around the world. We will only transfer your personal information outside the EEA if adequate protection measures are in place. To ensure that your personal information does receive an adequate level of protection outside the EEA we use the following protection measures:
• Transferring to countries approved by the European Commission.
• Using model contractual clauses and standard contractual clauses approved by the European Commission.
Further details in respect of protective measures used outside of the EEA are available on request.
Links to other Internet pages
This policy and our commitment to protecting the privacy of your personal data can result in changes to this policy . Please regularly review this policy to keep up to date with any changes.
Queries and Complaints
Any comments or queries on this policy should be directed to us. If you believe that we have not complied with this policy or acted otherwise than in accordance with data protection law, then you should notify us.