ROOT ID Private Limited: Privacy Policy
At Root ID Pvt. Ltd. (including its subsidiaries or affiliated companies, henceforth also referred as ‘Root ID Pvt. Ltd.’, ‘we’ or the ‘Company’), we understand that you are trusting us with confidential information and we believe that you have a right to know our practices regarding the information we may collect and use when you use the our service or interact with us in any manner. Root ID Pvt. Ltd. is a cloud-based web platform that enables organizations to manage their human resources and process employee onboarding, identity, access control and attendance (building towards payroll), shifts, leaves and overtime, as well as facilities and visitors. Root ID Pvt. Ltd. Mobile Apps are also part of the same offering. In addition Root ID Pvt. Ltd. also operates Root ID Pvt. Ltd. .io website. A User may be either an entity, for example an employer which has executed an agreement with Root ID Pvt. Ltd. or with Root ID Pvt. Ltd.’s resellers or distributors who provide Root ID Pvt. Ltd.’s services (“Customer “) or a Customer’s users for example a Customer’s employees, of the Services or users of the Website (“End User(s)“) (Customer and End User shall collectively be referred to as “Users” or “you“). This Privacy Policy describes the policies and procedures of Root ID Pvt. Ltd. on the collection, use, access, correction, and disclosure of your personal information on Root ID Pvt. Ltd..com (the “Site”) and our Mobile Apps. Your personal information will include any information which, either alone or with other data, is reasonably available to Us and relates to you (“Personal Information”). This Privacy Policy also covers any of your Personal Information which is provided to Us and which is used in connection with the marketing of the services, features or content We offer (the “Services”) to Our Clients and/or the support that We may give you in connection with the provision of our Services and the Mobile Apps. This Privacy Policy does not apply to any third party applications or software that can be accessed from the Site, the Services or the Mobile Apps, such as external applicant tracking systems, social media websites or partner websites (“Third Party Services”). By using our Services, you acknowledge you have read and understood this privacy policy. For the purposes of GDPR or European Economic Area data protection law, (the “Data Protection Law“), the data controller of the data processed through the Service is the Customer who makes available and permits End Users to access and use the Service or anyone on its behalf. For data retained through the website or data processed not through the Service (i.e. contact detailed of potential customers or resumes sent to us from potential employees for the purpose of engagement with Root ID Pvt. Ltd.), Root ID Pvt. Ltd. is the controller (the “Controller”)..
Information we collect and how we use it
Non-personal Information
The first type of Data is non-identifiable and anonymous information (“Non-personal Information”). We are not aware of the identity of the User from which we have collected Non- Personal Information. Non-Personal Information is any unconcealed information which is available to us while Users are using the Service or the Website. Non-personal Information which is being gathered consists of technical information and behavioral information and which may include, the User’s Internet protocol (IP) address used to connect your computer to the Internet, your uniform resource locators (URL), operating system, type of browser, browser plug-in types and versions, screen resolution, Flash version, time zone setting, the User’s ‘click-stream’ on the Website and Services, the period of time the User visited a specific page on the Website or Service, methods used to browse away from a page.
Personal Information
We generally collect and process the following types of Personal Information:
Personal Information which is being gathered through the Service consists of any personal details provided consciously and voluntarily by a Customer (Employer), End User or the Customer’s administrator or through your use of the Root ID Pvt. Ltd. platform. This may include your name (first and last), nickname, birthdate, gender, nationality, job title, phone number(s), date you first started working for your employer, department you work in, employee ID/ national security number, address, country, city, postcode, family status, spouse’s and other dependents name, gender and birth date, your bank account details (bank name, account number, branch address), details regarding your salary and work (pay period, payment frequency, base salary, gross salary, overtime, bonuses, commissions, statutory payments such as sick, maternity/paternity leave, salary payment currency, credential regarding the right to work in your jurisdiction, tax code, emergency contact details (name, relation, phone number(s), email address(es), city, country, post code), termination date, termination reason, probation end date, status in the system and in the workplace, IP address and other unique identifiers, User’s information relating to tax declarations, information the Customer chooses to collect and other information User may choose to provide to Root ID Pvt. Ltd. and to its employee.
Location Information We do not ask you for, access, or track any location based information from your mobile device at any time while downloading or using the Mobile Apps. However, if you are using the Root ID Pvt. Ltd. Mobile App, your employer may enable location tracking technology for time keeping purposes. The GDPR legal basis for processing this information is the contractual obligation to your employer to perform the Services.
Attendance Logs our Customer (Employer) choses to utilize Time and Attendance module, we shall retain and process biometric device logs of the users for the purposes of calculating attendance and payroll using the rules configured by the Customer. The information collected consists of employee or attendance id along with timestamps of punches (in and out entries)
Contact Information When you express an interest in obtaining additional information about the Services, the Site, or Mobile Apps, Root ID Pvt. Ltd. may ask you to provide your personal contact information, such as your name, email address, and phone number. This information is used to communicate with you by responding to your requests, comments and questions. The GDPR legal basis for processing this information is the legitimate interest in communicating with you and answering your questions.
Device Information When using the Mobile Apps, We may request access to your device’s camera and photo storage. This allows you to take and upload pictures and such access would only be used in ways you choose. You may at any time revoke access at the device level. We do not access your device’s camera and photo storage without your permission. We use mobile analytics software to allow Us to better understand the functionality of Our Mobile Apps on your phone. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. We do not link the information We store within the analytics software to any Personal Information you submit within the Mobile Apps. When you download and use the Mobile Apps, We automatically collect your device information such as operating system version, type, hardware usage statistics, etc. The GDPR legal basis for processing this information is the contractual obligation to your employer to perform the Services.
Data Collected as a Service Provider As a service provider, Root ID Pvt. Ltd. systems only collects information as per the Customer (employer’s) requirement. Our Subscription Agreement governs the delivery, access, and use of the Services and Mobile Apps, including the processing of Personal Information and data submitted through Services accounts. The Customer (e.g., your employer) controls their Platform and any associated client data. If you have any questions about specific Platform settings, the processing of Personal Information in the Platform, or its privacy practices, please contact the Customer administrator of the Platform you use.
Customer data will be used by Root ID Pvt. Ltd. in accordance with the Customer’s instructions, applicable terms in the Master Subscription Agreement, Customer’s use of Services functionality, and as required by applicable law. Under applicable GDPR, Root ID Pvt. Ltd. is a processor of Customer data and Customer is the controller.
Sharing of your Information
Third Party Services
At times, you may be able to access other Third Party Services through the Site, for example by clicking on links to those Third Party Services from within the Site. We are not responsible for the privacy policies and/or practices of these Third Party Services, and you are responsible for reading and understanding those Third Party Services’ privacy policies.
Information Shared with Our Service Providers.
We may share your information with third parties who provide services to Us. These third parties are authorized to use your Personal Information only as necessary to provide these services to Us. These services may include the provision of (i) email services to send marketing communications, (ii) mapping services, (iii) customer service or support, and (iv) providing cloud computing infrastructure.
Information Shared with Our Sub-Processors
We employ and contract with people and other entities that perform certain tasks on Our behalf and who are under Our control such as an email service providers to send emails on Our behalf, mapping service providers, and customer support providers Our “Sub-Processors”). We may need to share Personal Information with Our Sub-Processors in order to provide Services to you. Unless We tell you differently, Our Sub-Processors do not have any right to use Personal Information or other information We share with them beyond what is necessary to assist Us. Transfers to subsequent third parties are covered by onward transfer agreements between Root ID Pvt. Ltd. and each Sub-Processor.
Information Disclosed Pursuant to Business Transfers
In some cases, We may choose to buy or sell assets. In these types of transactions, user information is typically one of the transferred business assets. Moreover, if We, or substantially all of Our assets, Were acquired, or if We go out of business or enter bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of Us or Our assets may continue to use your Personal Information as set forth in this Privacy Policy. You will be notified via email and/or a prominent notice on Our Site of any change in the legal owner or uses of your Personal Information, as Well as any choices you may have regarding your Personal Information.
Information Disclosed for Our Protection and the Protection of Others
In certain situations, We may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We also reserve the right to access, read, preserve, and disclose any information as We reasonably believe is necessary to (i) satisfy any applicable law, regulation, legal process or governmental request (ii) enforce this Privacy Policy, including investigation of potential violations hereof, (iii) detect, prevent, or otherwise address fraud, security, or technical issues; (iv) respond to user support requests; or (v) protect Our rights, property, or safety. This includes exchanging information with other companies and organizations for fraud protection and spam/malware prevention. We require all third parties to respect the security of your Personal Information and to treat it in accordance with applicable laws. We do not allow third party service providers and Sub-Processors We share your Personal Information with to use it for their own purposes and only permit them to process your Personal Information for specified purposes in accordance with Our instructions. Except as set forth above, you will be notified when your Personal Information is shared with third parties, and will be able to prevent the sharing of this information. Unless We otherwise have your consent, We will only share your Personal Information in the ways that are described in this Privacy Policy.
Data Retention
Any Customer may request information regarding the storage and retention of data (“Audit”) by contacting us. Root ID Pvt. Ltd. shall make reasonable efforts to respond to the Audit in a reasonable time and subject to applicable law and to the protection of Root ID Pvt. Ltd.’s trade secrets (Customer’s personnel may be required to executed a non-disclosure agreements).
Root ID Pvt. Ltd. will retain data it processes on behalf of its Customers only for as long as required to provide the Service to its Customers and as necessary to comply with its legal obligations, resolve disputes and enforce its agreements. The data in Root ID Pvt. Ltd. is backed up for system continuity purposes and each backup file may be stored for 90 days.
Each User must keep the appropriate backup of its data. Root ID Pvt. Ltd. shall not be responsible for any deletion of data or for any breach to database or for any erroneous data unless otherwise agreed with its Customer.
After a termination of services by a customer, an automated process will begin that permanently deletes the data in 30 days. Once begun, this process cannot be reversed and data will be permanently deleted. Some data will not be deleted and shall be kept in an anonymized manner.
Root ID Pvt. Ltd. collects and retains metadata and statistical information concerning the use of the Service which are not subject to the deletion procedures in this policy and may be retained by Root ID Pvt. Ltd. for no more than required to conduct its business. Some data may be retained also on our third-party service providers’ servers in accordance with their retention policies. You will not be identifiable from this retained metadata or statistical information.
Customer may retain Personal Information and other Data about an End User which the Controller owns and the End User may have no access to. If you have any questions about the right of the Customer to retain and process your Personal Information you should raise this directly with the Customer. You hereby agree not to assert any claim against Root ID Pvt. Ltd. this regard and waive any rights regarding such Data and Personal Information including the right to view and control such Data and Information.
Please note that some data will not be deleted and shall be kept in an anonymized manner. Some metadata and statistical information concerning the use of the Service are not subject to the deletion procedures in this policy and may be retained by Root ID Pvt. Ltd.. We will not be able to identify you from this data. Some data may also be retained on our third-party service providers’ servers until deleted in accordance with their privacy policy and their retention policy.
Anonymized aggregated data may be retained by Root ID Pvt. Ltd. for as long it is required to provide its services. Contracts and billing information may be retained as required by Root ID Pvt. Ltd. but at least 5 years from termination or expiration of the relationship with the applicable Customer or party.
Where do we store your Data?
The Data we collect is hosted on the AWS Cloud which provides advanced security features and is compliant with most required standards. Root ID Pvt. Ltd. headquarter is based in India from where we provide customer support services.
Therefore, in providing your Personal Information to Root ID Pvt. Ltd., your Personal Information will be sent via AWS servers (possibly outside of the European Union), where the local applicable law may provide you with less protection than under European Union law. However, any transfer of Personal Information from the European Union to these other locations will be strictly in accordance with applicable European Union data protection law.
Where your Data is transferred outside of the EEA, we will take all steps reasonably necessary to ensure that your Data is subject to appropriate safeguards, such as relying on a recognized legal adequacy mechanism, and that it is treated securely and in accordance with this privacy policy.
Security and storage of information
We take great care in implementing, enforcing and maintaining the security of the Service, and our Users’ Personal Information. Root ID Pvt. Ltd. implements, enforces and maintains security policies to prevent the unauthorized or accidental access to or destruction, loss, modification, use or disclosure of personal data and monitor compliance of such policies on an ongoing basis.
The Personal Information is hosted on the AWS Cloud Server, however, we do not guarantee that unauthorized access will never occur.
Root ID Pvt. Ltd. limits access to personal data to those of its personnel who: (i) require access in order for Root ID Pvt. Ltd. to fulfil its obligations under this Privacy Policy and agreements executed with Root ID Pvt. Ltd. and (ii) have been appropriately and periodically trained on the requirements applicable to the processing, care and handling of the Personal Information (iii) are under confidentiality obligations as required under applicable law. Root ID Pvt. Ltd. takes steps to ensure that its staff who have access to personal data are honest, reliable, competent and periodically properly trained.
Root ID Pvt. Ltd. shall act in accordance with its policies to promptly notify Customer in the event that any personal data processed by Root ID Pvt. Ltd. on behalf of Customer is lost, stolen, or where there has been any unauthorized access to it subject to applicable law and instructions from any agency or authority. Furthermore, Root ID Pvt. Ltd. undertakes to co-operate with Customer in investigating and remedying any such security breach. If a security breach involves Personal Information, Root ID Pvt. Ltd. shall promptly take remedial measures, including without limitation, reasonable measures to restore the security of the Personal Information and limit unauthorized or illegal dissemination of the Personal Information or any part thereof.
Root ID Pvt. Ltd. maintains documentation regarding compliance with the requirements of the law, including without limitation documentation of any known breaches and holds reasonable insurance policies in connection with data security.
The Service may, from time to time, contain links to external sites. We are not responsible for the operation, privacy policies or the content of such sites.
Your Rights associated with your information
If we are storing your personal information, you have the following rights to your information based on the services and your region.
In the event that you have provided Personal Information to Us on our website www.rootid.io, we will provide you with information about whether we hold any of your Personal Information. You may access, correct, or request deletion of your Personal Information by contacting Us at cs@rootid.io. We will respond to your request within a reasonable timeframe.
When acting as a service provider to our Customer, Root ID Pvt. Ltd. has no direct relationship with the individuals whose personal Information is provided to Root ID Pvt. Ltd. through the services. An individual who is or was employed by one of our customers and who seeks access to, or who seeks to correct, amend, object to the processing or profiling of, or to delete his/her Personal Information in the Platform, should direct his/her query to the HR department of the Customer Organization that uses the Platform and for which he/she works or used to work if he/she cannot make the appropriate changes via its access to the Platform provided by the Customer.
If located in the European Economic Area (“EEA”), you have the following rights regarding your Personal Information that we directly collect from you and we control. (This does not apply to data collected by our customer organizations):
Right of Access
You can request details of your Personal Information We hold. We will confirm whether We are processing your Personal Information and We will disclose additional information including the types of Personal Information, the sources it originated from, the purpose and legal basis for the processing, the expected retention period and the safeguards regarding data transfers to non-EEA countries, subject to the limitations set out in applicable laws and regulations. We will provide you free of charge with a copy of your Personal Information but We may charge you a fee to cover Our administrative costs if you request further copies of the same information.
Right of correction
At your request, We will correct incomplete or inaccurate parts of your Personal Information, although We may need to verify the accuracy of the new information you provide us.
Right to be forgotten
At your request, We will delete your Personal Information if:
it is no longer necessary for Us to retain your Personal Information;
you withdraw the consent which formed the legal basis for the processing of your Personal Information;
you object to the processing of your Personal Information (see below) and there are no overriding legitimate grounds for such processing;
the Personal Information was processed illegally;
the Personal Information must be deleted for Us to comply with Our legal obligations.
We will decline your request for deletion if processing of your Personal Information is necessary: 1. for Us to comply with Our legal obligations; 2. for the establishment, exercise or defense of legal claims; or 3. for the performance of a task in the public interest.
Right to restrict processing
At your request, We will restrict the processing of your Personal Information if:
you dispute the accuracy of your Personal Information;
your Personal Information was processed illegally and you request a limitation on processing rather than the deletion of your Personal Information;
We no longer need to process your Personal Information, but you need your Personal Information in connection with the establishment, exercise or defense of a legal claim;or
you object to the processing of your Personal Information (see below) pending verification as to whether an overriding legitimate ground for such processing exists.
We may continue to store your Personal Information to the extent required to ensure that your request to restrict processing is respected in the future.
Where We rely on Our legitimate interests (or that of a third party) to process your Personal Information, you have the right to object to this processing on grounds relating to your particular situation if you feel it impacts on your fundamental rights and freedoms. We will comply with your request unless We have compelling legitimate grounds for the processing which override your rights and freedoms, or where the processing is in connection with the establishment, exercise or defense of legal claims. We will always comply with your objection to processing your Personal Information for direct marketing purposes.
Right not to be subject to decisions based solely on automated processing.
You will not be subject to decisions with a legal or similarly significant effect (including profiling) that are based solely on the automated processing of your Personal Information, unless you have given Us your explicit consent or where they are necessary for the performance of a contract with Us.
Right to withdraw consent
You have the right to withdraw any consent you may have previously given Us at any time. In order to exercise your rights in this section We may ask you for certain identifying information to ensure the security of your Personal Information. To request to exercise any of the above rights, please contact Us at cs@rootid.io. We will respond to your request within 30 days or provide you with reasons for the delay.
Usually, We will not charge you any fees in connection with the exercise of your rights. If your request is manifestly unfounded or excessive, for example, because of its repetitive character, We may charge a reasonable fee, taking into account the administrative costs of dealing with your request. If We refuse your request We will notify you of the relevant reasons.
Changes to the privacy policy
The terms of this Privacy Policy will govern the use of the Service and any information collected in connection therewith, however, Root ID Pvt. Ltd. may amend or update this Privacy Policy from time to time. The most current version of this Privacy Policy will always be posted at: https://www.rootid.io/privacy-policy. Unless otherwise agreed with the Customer, we will endeavor to provide notice of material changes to this policy on the homepage of the website and (if applicable) via an e-mail. Such material changes will take effect seven (7) days after such notice was provided on our website or sent by email. Otherwise, all other changes to this Privacy Policy are effective as of the stated “Last Revised” date and your continued use of Services will constitute your active acceptance of, and agreement to be bound by, the changes to the Privacy Policy.
If you have any questions (or comments) concerning this Privacy Policy, you are welcome to send us an email or otherwise contact us at cs@rootid.io and we will make an effort to reply within a reasonable timeframe, and not over 30 business days.
Last Revised: September 10, 2021
Root ID Pvt Ltd
52, Prem Bhavan Bld, Jamshedbaug Compound, SBS Road, Colaba, Mumbai 400050, India
Click here for directions: