Data Protection

Introduction

Clean Exit accords very high priority to data protection and this policy statement is an assurance of data protection processes followed at Clean Exit, by the management as well as employees. Through this declaration, we convey commitment to full compliance with the applicable Data Protection Regulations and relevant legislations.

The use of this website and its Internet pages, as well as any other Internet pages linked to this website which are controlled by Clean Exit, is voluntary and any person unwilling to volunteer may opt to log out. Further continuation is an endorsement of the willingness. A data principal would be able to utilize the services offered by the Clean Exit by submitting the Clean Exit through process the personal data. This is considered as a consent for the personal data processing.

The processing of personal data, such as name, address, e-mail address, or telephone number or other details of a data principal shall always be in line with the Data Protection Regulation applicable to Clean Exit. Through this data protection declaration, we would like to inform everyone concerned and the general public of the nature, scope, and purpose of the personal data we collect, use and process. Furthermore, data principals are informed, by means of this data protection declaration, of the rights to which they are entitled.

As the controller, Clean Exit has implemented numerous technical and organizational measures to ensure comprehensive protection of personal data processed through this website. Adequate security measures are put in place from time to time towards bridging identified gap in security. However, Internet-based data transmissions may generally have security gaps. Thus, absolute protection cannot be guaranteed. For this reason, every data principal is free to transfer personal data to us via alternative means, e.g. by telephone or letter or in person. Clean Exit assures of its highest commitment to data protection.

Definitions

In this data protection statement the following terms will be used by Clean Exit and will have the meaning given below:

In relation to personal data, means the irreversible process of transforming or converting personal data to a form in which a data principle cannot be identified.

Anonymized Data

Means data which has undergone the process of anonymization.

Consent

Consent of the data principal is given freely and willingly. It is specific, informed and unambiguous indication of the data principal’s wishes by which he or she conveys agreement to the processing of personal data relating to him or her through this consent given to Clean Exit.

Controller or controller responsible for the processing

Controller or controller responsible for the processing is a natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes, platform and means of the processing of personal data when so nominated.

Data

Data means and includes a representation of information, facts, concepts, opinion or instructions in a manner suitable for communication, interpretation or processing by human or by automated means.

Data Fiduciary

A Data Fiduciary is an entity or individual who decides the means and purposes of processing personal data.

Data Principal

Data principal is any identified or identifiable natural person, whose personal data is processed by the controller responsible for the processing.

Personal Data

Personal data means any information relating to an identified or identifiable natural person (“data principal”). An identifiable natural person is someone who can be identified, directly or indirectly, in particular by reference to an identifier such characteristics, traits, or attributes of identity or as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, biological, economic, cultural or social identity of that natural person.

Processing

Processing is any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, collation, recording, organising, structuring, storing, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction or analysis or extrapolation.

Processor

Processor is a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.

Profiling

Profiling means any form of processing of personal data consisting of the use of personal data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that natural person’s performance and / or conduct at work, economic situation, health, personal preferences, interests, reliability, behaviour, location or movements.

Recipient

Recipient is any natural or legal person, public authority, agency or another body, to which personal data are disclosed, whether a third party or not.

Note: Public authorities which may receive personal data in accordance with the applicable law shall not be regarded as recipients; the processing of the data by the public authorities shall be in compliance with the applicable data protection rules according to the purposes of the processing.

Third party

Third party is a natural or legal person, public authority, agency or body other than the data principal, controller, processor and persons who, under the direct authority of the controller or processor, are authorised to process personal data.

Name and Address of the controller

Clean Exit Consultancy Services Ltd.

319A, Logic Technova, Sector 132, Noida – 231 304, U.P., India

Telephone – +91-120-4186499, +918527465252

Email – support [at] cleanexit.io

Website – www.cleanexit.io

Name and Address of the Data Protection Officer

Mr. Rajshekhar P.

Clean Exit Consultancy Services Ltd.

319A, Logic Technova, Sector 132, Noida – 231 304, U.P., India

Telephone – +91-120-4186499, +918527465252

Email – dataprotection [at] cleanexit.io 

Website – www.cleanexit.io

Any data principal or any concerned person may contact Data Protection Officer directly regarding suggestions or queries concerning data protection.

Use of Cookies

Clean Exit uses cookies which are text files that are stored in a computer system via an Internet browser. The objective is to provide more user-friendly services that may not be possible without the cookie settings.

The data principal may at any time prevent or change the setting of cookies through our website by means of corresponding settings of the Internet browser used, and may thus permanently deny the setting of cookies. Furthermore, already set cookies may be deleted at any time via an Internet browser or other software programs. This is possible in all popular Internet browsers. If the data principal deactivates th e setting of cookies in the Internet browser used, some of the functions may not be available on our website.

Registration on Clean Exit website

The data principal has the option to register on Clean Exit website. What personal data are transmitted to the controller is determined by the respective input option used for the registration. The personal data entered by the data principal are collected and stored exclusively for internal use by the controller.

By registering on the website of the controller, the IP address—assigned by the Internet service provider (ISP) and used by the data principal—date, and time of the registration are also stored. The storage of this data takes place against the background that this is the only way to prevent the misuse of our services, and, if necessary, to make it possible to investigate offences committed, if any. This data is not passed on to third parties unless there is a statutory obligation to pass on the data, or if the transfer serves the aim of criminal prosecution or for the objectives of consent.

The registration of the data principal, with the voluntary indication of personal data, is intended to enable the controller to offer the data principal contents or services that may only be offered to registered users. Registered persons are free to change the personal data specified during the registration at any time, or to have them completely deleted from the data stock of the controller.

The data controller shall, at any time, provide information upon request to each data principal as to what personal data are stored about the data principal. In addition, the data controller shall correct or erase personal data at the request or indication of the data principal, insofar as there are no statutory storage obligations. The entirety of the controller’s employees is available to the data principal in this respect as contact persons.

Communication possibility via the website

The website of Clean Exit contains information that enables a quick electronic contact to our company, as well as direct communication with us, which also includes a general address of the so-called electronic mail (e-mail address). If a data principal contacts the controller by e-mail or via a contact form, the personal data transmitted by the data principal are automatically stored. Such personal data transmitted on a voluntary basis by a data principal to the data controller are stored for the purpose of processing or contacting the data principal. 

Comments function in the blog on the website

Clean Exit may offer users the possibility to leave individual comments on individual blog contributions on a blog, which may be on the website of the controller. A blog is a web-based, publicly-accessible portal, through which one or more people called bloggers or web-bloggers may post articles or write down thoughts in so-called blogposts. Blogposts may usually be commented by third parties.

If a data principal leaves a comment on the blog published on this website, the comments made by the data principal are also stored and published, as well as information on the date of the comment and on the user name or pseudonym chosen by the data principal. In addition, the IP address assigned by the Internet service provider (ISP) to the data principal is also logged. This storage of the IP address takes place for security reasons, and in case the data principal violates the rights of third parties, or posts illegal content through a given comment. The storage of these personal data is, thus, of interest to both the controller and the data principal in order to prove compliance with laws against illegal contents. This collected personal data will not be passed to third parties, unless such a transfer is required by law or serves the legal defense of the data controller or to meet the objective of consent.

Routine erasure and blocking of personal data

The data controller shall process and store the personal data of the data principal only for the period necessary to achieve the purpose of storage or as required by law to which the controller is subject to.

If the storage purpose is not applicable as per consent, or if a storage period prescribed by the applicable law expires, the personal data are routinely blocked or erased in accordance with legal requirements.

Rights of the data principal

Right to confirmation

Each data principal shall have the right granted by the applicable law to obtain from the controller the confirmation as to whether or not personal data concerning him or her are being processed. If a data principal wishes to exercise this right of confirmation, he or she may, at any time, contact any employee of the controller.

Right to access

Each data principal shall have the right granted by the applicable law to obtain from the controller free information about his or her personal data stored at any time and a copy of this information. Furthermore, the data principal shall have the right to obtain from the data fiduciary a brief summary of processing activities undertaken with respect to the personal data of the data principal.

Right to correction

Data principal shall have the right to correct or rectify any inaccurate personal data concerning him or her without undue delay. The data principal shall also have the right to have the incomplete personal data completed, including by means of providing a supplementary statement. The data controller may seek necessary documentary proof if the data being corrected is based on inputs made available by the data principal earlier.

If a data principal wishes to exercise this right to correction or completion, he or she may, at any time, contact the controller or the concerned employee. The request in this regard from the data principal shall be in writing.

Right to be forgotten

Data principal shall have the right to restrict or prevent continuing disclosure of personal data by a data fiduciary where such disclosure:

  • has served the purpose for which it was made or is no longer required
  • when the consent has since been withdrawn
  • was made contrary to the law

If a data principal exercise his right to be forgotten he or she may contact the concerned employee or the controller. Where the controller has made personal data public and is obliged to erase the personal data, the controller, taking account of the available technology and the cost of implementation, shall take reasonable steps to erase the data as requested. The request in this regard from the data principal shall be in writing.

Right of restriction of processing

Data principal shall have the right to obtain from the controller restriction of processing in the following conditions:

  • The accuracy of the personal data is contested by the data principal, for a period enabling the controller to verify the accuracy of the personal data.
  • The processing is unlawful and the data principal opposes the erasure of the personal data and requests instead the restriction of its use.
  • The controller no longer needs the personal data for the purposes of the processing, but they are required by the data principal for the establishment, exercise or defence of legal claims.

 

If a data principal exercise his right to restriction of processing he or she may contact the concerned employee or the controller. The request in this regard from the data principal shall be in writing.

Right to data portability

Data principal shall have the right to receive the personal data concerning him or her which was provided to the controller, in a commonly used machine-readable format. Anonymized data shall be exempt from the portability. The controller may continue to retain the data even after portability in case of anonymization.

If a data principal exercise his right to data portability he or she may contact the concerned employee or the controller. The request in this regard from the data principal shall be in writing.

Right to object

Data principal shall have the right to object, on grounds prevalent after consent, at any time, to processing of personal data concerning him or her before withdrawing consent.

Clean Exit shall no longer process the personal data in the event of the objection, unless we can demonstrate compelling legitimate grounds for the processing which override the interests, rights and freedoms of the data principal, or for the establishment, exercise or defence of legal claims.

In addition, the data principal has the right, on grounds relating to his or her particular situation, to object to processing of personal data concerning him or her by Clean Exit for scientific or historical research purposes, unless the processing is necessary for the performance of a task carried out for reasons of public interest.

If a data principal exercise his right to object he or she may contact the concerned employee or the controller. The request in this regard from the data principal shall be in writing.

Right to withdraw data protection consent

The Data principal shall have the right to withdraw his or her consent to processing of his or her personal data at any time.

If a data principal exercise his right to withdraw data protection consent he or she may contact the concerned employee or the controller. The request in this regard from the data principal shall be in writing.

Conditions for the exercise of rights mentioned above

It is clarified that Clean Exit is collecting and processing the data as a result of contract entered between the data principal and Clean Exit.

(b)     The data provided by the data principal shall be true and authentic. Submission of false data will not give rise to any rights mentioned above and in addition appropriate action may be initiated by Clean Exit for provision of false data.

(c)     The Clean Exit may charge appropriate fee to be paid for actioning the above rights except towards withdrawal of consent.

(d)     All requests from data principal in this regard shall be in writing and will be actioned within a reasonable time as notified by Clean Exit.

(e)     In case of refusal in response to a request, Clean Exit may convey reasons for such refusal.

(f)      Clean Exit is not obliged to accede to the request where compliance to such request would harm the right of any other data principal.

(g)     Clean Exit may not oblige to comply with the request if necessary documentary evidence is not provided by the data principal while making any request.

(h)     Processing of data for the purposes of legitimate interest including wellbeing of majority stakeholders or especially in case of benefit to the data principal in case of medical emergencies would be permissible at the discretion of Clean Exit.

Use of Analytics

Clean Exit shall have the option to deploy and use appropriate analytics tools and associated technologies, applications, platforms and / or service providers.

Clean Exit shall have the option of integrating components of other data analytics on the Clean Exit website.

Period of Storage

The data collected shall be stored on as required basis to meet the objectives of the consent or as required by law.

Use of AI, ML and similar technologies in supported decision making

Clean Exit does not use automated decision making. However, the emerging and new technologies will be deployed to support decision making.

Reach Us

Feel free to reach us for any further information.

Table of Contents