Privacy Policy

Last updated on August 21, 2024

Any capitalized words used henceforth shall have the meaning accorded to them under this agreement. Further, all headings used herein are only for the purpose of arranging the various provisions of the agreement. Neither the user nor the creators of this privacy policy may use the heading to interpret the provisions contained within it in any manner.

We, Wit By Bit Pvt Ltd, having its registered office at 811, 8th Floor, Merlin Infinite DN-51, Sector 5, Kolkata, West Bengal, India, hereinafter referred to as the “Company” (where such expression shall, unless repugnant to the context thereof, be deemed to include its respective representatives, administrators, permitted successors and assigns).

The creator of this Privacy Policy ensures a steady commitment to Your privacy with regards to the protection of your and your organization’s invaluable information.

This privacy policy contains information about the Web applications www.decorum.work and customer.decorum.work, and Mobile Applications Decorum, Decorum CRM, and Decorum Sales (hereinafter referred to as the “Platform”).

To provide You with Our uninterrupted use of services, We may collect information about you with your permission. To ensure better protection of Your privacy, We provide this notice explaining Our information collection and disclosure policies, and the choices You make about the way Your information is collected and used.

Information we collect

We are committed to respecting Your privacy. We further recognize Your need for appropriate protection and management of any Personal or Company Information You share with us. The following types of information may be collected:

  1. Personal Data: This includes, but is not limited to, your name, email address, mobile number, password, and other contact information.
  2. Precise Location Data: We collect precise location data in certain instances:
    1. In the Decorum-Sales mobile app, location data is captured in both the foreground and background if the company enables automatic location tracking. In the foreground, the location is captured during check-ins where a salesperson records their customer visits. In the background, location data is recorded every 15 minutes once the salesperson clicks 'Start Day' and stops when they click 'End Day'. This data is shared with the company's management and stored securely via HTTPS.
    2. In the Decorum-CRM mobile app, location data is captured in the foreground only, during specific activities, if enabled by the company. This data is also shared with the company's management and stored securely via HTTPS.
    3. Location tracking is not mandatory, and users can choose to use the app without granting background location access.
  3. Sensitive Personal Information: Depending on the services you use, we may collect sensitive personal information, including precise location data, device identifiers, IP addresses and any other information you choose to provide through the use of our Platform which may include photos attached with orders, dispatches, check-ins, expenses, opportunities, or activities. This information is essential for providing our services, including sales tracking, order management, and customer relationship management. We ensure that this data is securely stored and used solely for the purposes described in this policy.
  4. Product Images: We store product images in a publicly accessible storage bucket for faster access and better integration with other services. These images are stored securely, but please note that they may be accessible by anyone with the appropriate URL.
  5. Tracking Information: We may collect tracking information such as your device's IP address and device ID when connected to the internet. This may also include the URL you came from, the URL you next go to, your device's browser information, and other details associated with your interaction with the Platform.
  6. Usage Data: We collect details of Platform usage for analytics, including information like your browsing behavior, pages viewed, etc. This applies even if you are not a registered member of the Platform.

This privacy policy also applies to data we collect from users who are not registered as members of this Platform, including, but not limited to, browsing behavior, pages viewed etc. We also collect and store personal information provided by You from time to time on the Platform. We only collect and use such information from you that we consider necessary for achieving a seamless, efficient and safe experience, customized to your needs including:

  1. To enable the provision of services opted by you
  2. To enable the viewing of content in your interest
  3. To communicate the necessary account and service related information from time to time
  4. To allow you to receive quality customer care services and data collection
  5. To comply with applicable laws, rules and regulations

Where any service requested by You involves a third party, such information as is reasonably necessary by the Company to carry out Your service request may be shared with such third party. The Company may use contact information internally to direct its efforts for service improvement but shall immediately delete all such information upon withdrawal of your consent for the same.

To the extent possible, we provide You with the option of not divulging any specific information that you wish for us not to collect, store or use. You may also choose not to use a particular service or feature on the Platform and opt-out of any non-essential communications from the platform.

Further, transacting over the internet has inherent risks which can only be avoided by you following security practices yourself, such as not revealing account/login related information to any other person and informing our customer care team about any suspicious activity where your account may have been compromised.

Our use of your information

The information provided by you shall be used to provide and improve the service for you and all users of your organization:

  1. For maintaining internal record
  2. For enhancing the services provided

For more details about the nature of such communications, please refer to our Terms of Use. Further, your personal data may be collected and stored by us for internal record.

We gather information such as IP addresses, device ID, stack trace if you encounter any error during the usage of our app via Firebase Crashlytics or Sentry. By using these services, we are able to fix errors quickly.

We will not sell, license or trade Your personal information under any circumstances. We will not share your personal or organization information with others unless they are acting under our instructions or we are required to do so by law.

Information collected via Our server logs includes users' IP addresses and the pages visited. This will be used to manage the web system and troubleshoot problems. We also use third-party analytics, tracking, optimization and targeting tools to understand how users engage with our Platform.

The product images you upload may be stored in a public storage bucket, which allows for efficient access and retrieval. While this storage method facilitates a better user experience, it also means that these images could be accessed by anyone with the appropriate URL. We implement access controls and monitoring to protect against unauthorized access.

Information collection

You have the right to request the Company to elucidate the purpose of collection of said personal or organization information. We will collect and use your personal or organization information solely to fulfill those purposes specified by us, within the scope of the consent of the individual or entity concerned or as required by law. We will only retain personal or organization information as long as necessary for the fulfillment of those purposes. We will collect personal or organization information by lawful and fair means and with the knowledge and consent of the individual or entity concerned.

Personal data should be relevant to the purposes for which it is to be used, and, to the extent necessary for those purposes, should be accurate, complete, and up-to-date.

Information is also collected through permissions taken during the accessibility of the Application such as those collected with Camera and Location Permission.

Cookies

We use data collection devices such as “cookies” on certain pages of our Websites. “Cookies” are small files sited on your hard drive that assist us in providing customized services. Cookies can help us provide information which is targeted to your interests. Cookies may be used to identify logged in or registered users. Our Application uses session cookies to ensure that you have a good experience. These cookies contain a unique number, your 'session ID', which allows our server to recognize your computer and 'remember' what you've done on the site. The benefits of this are:

  1. You only need to log in once if you're navigating secure areas of the site
  2. Our server can distinguish between your computer and other users, so you can see the information that you have requested.

You can choose to accept or decline cookies by modifying your browser settings if you prefer. This may prevent you from taking full advantage of the application’s services. We also use various third-party cookies for usage and behavioural analytics and preferences data. The following are the different types of cookies used on the Website:

  1. Authentication cookies: To identify the user and share the content that he or she requested
  2. Functionality cookies: For the customized user experience and resuming past course progress
  3. Tracking, optimization, and targeting cookies: To capture usage metric on the device, operating system, browser, etc. To capture behavioral metrics for better content delivery.

Your rights

Unless subject to an exemption, you have the following rights concerning your data:

  1. The right to request a copy of your data which we possess
  2. The right to request for any correction to any personal data if it is found to be inaccurate or out of date
  3. The right to withdraw your consent to the storing of your data at any time
  4. The right to complain to a supervisory authority
  5. The right to obtain information as to whether personal data is transferred to a third country or an international organization.

Where you hold an account with any of our services, you are entitled to a copy of all personal data which we hold concerning you. You are also entitled to request that we restrict how we use your data in your account when you log in.

If you are concerned about the storage of product images in a public bucket or wish to request the removal of such images, you can contact us at [email protected].

If you’re not happy with how we are managing your data, please let us know by sending an email to [email protected]. We will review and investigate your complaint, and try to get back to you within a reasonable time frame.

California Consumer Privacy Act (CCPA) Rights

If you are a resident of California, you have the following rights under the CCPA:

  • The right to know what personal information is collected, used, shared, or sold.
  • The right to delete personal information held by us.
  • The right to opt out of the sale of your personal information.

To exercise these rights, please contact us at [email protected].

Virginia Consumer Data Protection Act Rights

Add a section that references the rights under the Virginia Consumer Data Protection Act (VCDPA):

Virginia Consumer Data Protection Act (VCDPA) Rights If you are a resident of Virginia, you have the following rights under the VCDPA:

  • The right to access your personal data.
  • The right to correct inaccuracies in your personal data.
  • The right to delete your personal data.
  • The right to opt out of the processing of personal data for targeted advertising.

To exercise these rights, please contact us at [email protected].

Data Sharing, Selling, and Opt-Out Rights (Applicable to Virginia Residents)

This section applies specifically to users who are residents of Virginia, as per the Virginia Consumer Data Protection Act (VCDPA).

We do not share, sell, or trade your personal data with third parties for their marketing purposes. Your data is used solely to provide and improve our services as described in this policy.

Targeted Advertising:
We do not engage in targeted advertising practices. However, if this policy changes in the future, we will notify you and provide a clear mechanism to opt out.

Profiling:
We do not use profiling that produces legal or similarly significant consequences. Should this change, we will inform you and offer the opportunity to opt out of such practices.

Opt-Out Rights:
Since we do not currently participate in data sharing, selling, targeted advertising, or profiling, there is no need for an opt-out mechanism. However, we will inform you of any changes to this policy and provide options to manage your preferences.

Confidentiality

You acknowledge that the Platform may contain information which is designated confidential by us and that you shall not disclose such information without our prior written consent. Your information is regarded as confidential and therefore will not be divulged to any third party, unless legally required to do so to appropriate authorities. We will not sell, share, or rent your personal information to any third party or use your email address for unsolicited mail. Any emails sent by us will only be in connection with the provision of agreed services, and you retain sole discretion to seek for discontinuation of such communications at any point of time.

Other information collectors

Except as otherwise expressly included in this Privacy Policy, this document only addresses the use and disclosure of information we collect from you. To the extent that you disclose your information to other parties, whether they are on our Platform or other sites throughout the internet, different rules may apply to their use or disclosure of the information you disclose to them. To the extent that we use third party services, they adhere to their privacy policies. Since we do not control the privacy policies of the third parties, you are subject to ask questions before you disclose your personal information to others.

Disclosure of your information

Information collected will not be considered as sensitive if it is freely available and accessible in the public domain or is furnished under the Right to Information Act, 2005, any rules made thereunder or any other law in force for the time being.

Due to the existing regulatory environment, we cannot ensure that all of your private communications and other personally identifiable information will never be disclosed in ways not otherwise described in this Privacy Policy. By way of example (without limiting and foregoing), we may be forced to disclose information to the government, law enforcement agencies or third parties. Therefore, although we use industry-standard practices to protect your privacy, we do not promise, and you should not expect, that your personally identifiable information or private communications would never be shared with the government. We do however assure you that any disclosure of your personally identifiable information shall be personally intimated to you through an email.

As a matter of policy, we do not sell or rent any personally identifiable information about you to any third party. However, the following describes some of the ways that your personally identifiable information may be disclosed:

  1. External Service Providers
    There may be several services offered by external service providers that help you use our Platform. As you use these services to get a full experience of our Platform, you disclose information to the external service providers, and/or permit them to collect information about you. Then their use of your information is governed by their privacy policy.
  2. Law and Order
    We cooperate with law enforcement inquiries, as well as other third parties to enforce laws, such as intellectual property rights, fraud and other rights. We can (and you authorize us to) disclose any information about you to law enforcement and other government officials as we, in our sole discretion, believe necessary or appropriate, in connection with an investigation of fraud, intellectual property infringements, or other activity that is illegal or may expose us or you to legal liability.

Accessing, reviewing and changing your profile

Following company setup, you can review and change the information you submitted at the stage of registration. An option for facilitating such change shall be present on the Platform and such change shall be facilitated by the User. If you change any information, we may or may not keep track of your old information. We will not retain in our files information you have requested to remove for certain circumstances, such as to resolve disputes, troubleshoot problems and enforce our terms and conditions. Such prior information shall be completely removed from our databases, including stored ‘back up’ systems. If you believe that any information we are holding on you is incorrect or incomplete, or to remove your profile so that others cannot view it, the User needs to remediate, and promptly correct any such incorrect information.

Control of your password

The platform can be accessed using Google login, Microsoft login or password-less email login. In all 3 cases, we do not have access to your account’s password. Hence, it is your responsibility to maintain the confidentiality of your password. You must protect it against unauthorized access of your account and information by choosing your password carefully and keeping your password and computer secure by signing out when necessary.

You agree not to use the account, username, email address or password of another member at any time or to disclose your password to any third party. You are responsible for all actions taken with your login information and password. If you lose control of your password, you may lose substantial control over your personal and organization information and may have to take legally binding actions. Therefore, if your password has been compromised for any reason, you should immediately change it. You agree to notify us immediately if you suspect any consistent unauthorized use of your account or access to your password even after changing it.

Security

We treat data as an asset that must be protected against loss and unauthorized access. We employ many different security techniques to protect such data from unauthorized access by members inside and outside the Company. We follow generally accepted industry standards to protect the personal and organization information shared or made available on the Platform.

Although product images are stored in a public bucket to enhance performance and availability, we utilize industry-standard security measures such as access control lists (ACLs), encryption, and monitoring to safeguard these images. However, as with any publicly accessible resource, there is a risk that someone could access these images if they obtain the correct URL.

However, as effective as encryption technology is, no security system is impenetrable. Our Company cannot guarantee 100% security of our database.

Severability

Each paragraph of this Privacy Policy shall be and remain separate from and independent of and severable from all and any other paragraphs herein except where otherwise expressly indicated or indicated by the context of the agreement. The decision or declaration that one or more of the paragraphs are null and void shall not affect the remaining paragraphs of this privacy policy.

Amendment

Our Privacy Policy may change from time to time. The most current version of the policy will govern our use of your information. Any amendments to this Policy shall be deemed as accepted by the User on their continued use of the Platform.

Automated decision making

As a responsible Company, we do not use automatic decision-making or profiling.

Consent withdrawal, data download & data removal requests

To withdraw your consent, or to request the download or delete your data with us at any time, please email us at [email protected].

Data Controller

The data controller responsible for your personal information is Wit By Bit Pvt Ltd, with its registered office at 811, 8th Floor, Merlin Infinite DN-51, Sector 5, Kolkata, West Bengal, India. For any questions or concerns regarding your data, please contact us at [email protected].

Data Protection Officer

Our Data Protection Officer (DPO) is responsible for overseeing the protection of your data. You can reach our DPO at:

Name: Nikhil Agarwal

Email: [email protected]

Contact us

If you have any questions or concerns regarding this privacy policy, you should contact us by sending an email to [email protected]