Collection of Personal Information
A. Information voluntarily provided directly to SaltScout
7. The User is not required to provide SaltScout directly with any personal information in order to view the Website. However, in order to access and/or use certain content and/or features and/or functions of and/or on the Website, for instance, registering with SaltScout and/or creating a SaltScout ID or making any payment on the Website, SaltScout may ask the User to provide certain information, including:
a. contact information, such as the User’s name, postal address, email address, phone number, mobile number and contact preferences;
b. username and password;
c. financial information for effecting payment, such as credit card information and in some cases, government issued identification, such as PAN card;
d. search queries conducted on the Website;
e. other content generated by the User or connected to the User’s account (such as adding items to basket);
f. correspondence; and
SaltScout may collect and retain information provided by User including User feedback on the Website, if any.
While the User is not required to provide the personal information requested, if the User chooses not to do so, in many cases SaltScout will be unable to provide the User with its products or services or respond to any queries that the User may have.
B. Non-personal information automatically collected when the User interacts with the Website
8. While the User may visit the Website without revealing any personal information, certain information may be collected by the Website automatically. Illustratively:
a. the User’s internet protocol address;
b. the User’s browser type and operating system;
c. webpages and advertisements viewed and/or clicked upon within the Website;
d bandwidth speed and software programs installed on the User’s computer;
e. standard server log information; and
f. information collected through data collection technologies in the nature of cookies and web beacons. Cookies are small files that are installed in your browser. The Website will be able to access only cookies installed by it and not those of any other website. Web beacons are codes that deliver graphic images onto the Website and that can recognize certain information on the User’s computer such as cookies, the time and date a page is viewed, etc.
Use of Information collected by SaltScout
A. Use of personal information directly provided by the User
9. The personal information provided by the User will be used by SaltScout to provide and improve its services, contact the User about their account and SaltScout services, provide customer services, prevent, mitigate and investigate fraudulent and/or illegal activities as also for internal research purposes. Illustratively,
b. Phone number: SaltScout may send promotional text messages and/or other notifications to the User. SaltScout may also contact the User over the phone in relation to a bid made.
c. Correspondence: Correspondence exchanged between the User and SaltScout may be stored with SaltScout for its record in a file exclusive to the User.
d. Payment information: In the event that the User is a successful bidder of an Item or purchases a Product, the payment information provided is processed by a third-party payment processor with whom the SaltScout has an agreement.
10. Additionally, the aforesaid personal information may also be used in order to ensure compliance with any legal and/or regulatory obligations, including requests if any, from law enforcement entities and/or to commence and/or defend any legal claim against the User.
11. It may be noted that there are specific legal basis for the aforesaid use of the personal information disclosed to SaltScout, inter alia including [a] enabling the performance of SaltScout’s contract with the User; and/or [b] otherwise its legitimate interests, which interests are unlikely to override the User’s interests or fundamental rights and freedoms that require the protection of the User’s personal data; and/or [c] where SaltScout requires the User’s personal information to comply with all statutory obligations such as the requirement of the User’s PAN Card in certain circumstances under the Income Tax Act, 1961; and/or [d] in the event that SaltScout wishes to intimate Users of any modifications and/or changes in the Agreement.
12. Users shall only receive marketing communications (at the contact information provided by him/her/it) unless the User has explicitly exercised the ‘opt-out’ option.
B. Use of non-personal aggregate information automatically collected when the User interacts with the Website
13. The non-personal information collected automatically on visiting and/or interacting with the Website may be used by SaltScout to run algorithms for its own internal analytics and research as to the demographics, interests, and behaviours of various users and to better understand and serve their interests.
14. Cookies are used for various purposes including:
a. allowing the User to enter the password for their account less frequently;
b. recognizing the browser of a previous User and saving any preferences set by the User;
c. customizing content and advertisements per User preferences and targeting user interests;
d. tracking User activity; and
e. to improve the Website services.
15. Web beacons enable advertising third parties to streamline and target advertisement as per the User’s interests or browsing history. These third parties may also place their own cookies, which cookies are not controlled by SaltScout.
16. All such information shall be used in aggregate form thereby ensuring User anonymity.
Disclosure and/or sharing of information by SaltScout
17. SaltScout will keep all personal user information confidential and will not rent and/or sell such information. Information will also not be shared by third party advertisers on the Website.
18. Personal User information may be shared and/or disclosed only in certain circumstances, including as below:
a. for any purpose mandated by law, including requirements of legal proceedings;
b. third parties may be appointed by SaltScout to carry out activities in relation to the Website, including general maintenance, marketing and/or data processing and may be provided access to information for the limited purpose of carrying out such functions;
c. third party agents may be provided the information for the limited purpose of carrying out certain specific tasks and providing certain limited services, illustratively, courier services; and
d. security and protection in any manner whatsoever of the User and/or other users of the Website and/or of the Website and/or of the employees of SaltScout, including unauthorised use and/or misuse of the Website.
19. Aggregated information is disclosed which does not identify the User may be shared with third parties who provide data analysis and/or marketing services for SaltScout and enable SaltScout to better customize the Website. SaltScout is not limited in their use of non-identifiable aggregate information.
20. Escalar Cart Pvt. Ltd. reserves the rights to transfer the personal details provided by the bidder or buyer at the time of registration and/or subsequent payment a successor-in-interest that may acquire rights to that information as a result of the sale or merger of Escalar Cart Pvt. Ltd.
Choice of the User
21. The User may deactivate their account at any time by sending an email for this purpose to email@example.com;and/or refuse to provide any of the information required by the Website. In such cases however, while the User may be able to view the Website, they would be unable to enter any bids.
22. The User may refuse to provide any of the information requested by the Website at any time. However, in such cases, the User may be prevented from using certain features of the Website that require such information.
23. Users may decline to permit the Website’s cookies if so permitted by their browser. In such cases however, Users may be unable to use certain features on the Website. Additionally, Users set their preferences as to acceptance of cookies from their browser or may delete all cookies from their browser at any time.
24. By default, by registering on the Website, Users will have deemed to have granted SaltScout permission to circulate to Users, promotional and other marketing material from time to time. The User may opt out of receiving any such promotional and/or marketing materials, by addressing an email in this regard to firstname.lastname@example.org.
25. The security of individual accounts is entirely the responsibility of the User and it is recommended that the User maintains the confidentiality of the account login credentials, including the password and does not share the same with any third party. For the purpose of password security, it is recommended that:
a. an alpha-numeric password is adopted, preferably using both upper-case and lower-case alphabets and symbols;
b. the User should avoid such passwords as are obvious, easily identifiable and/or easily predictable;
c. the password ought to be changed at regular intervals to ensure better security.
SaltScout and/or its employees and/or affiliates will never ask for the User’s password through any means of communication; the same is required to be entered into by the User on the Website interface alone. Should there be any concern of misuse and/or unauthorized access to the User’s account, the User may inform SaltScout immediately at email@example.com.
26. It is the responsibility of the User to ensure that irrespective of the nature of the device used by the User to access the Website, the same is secure and all necessary steps are taken to ensure that auto-fillers within the User’s browsers do not cause leakages of critical information.
27. The information provided to SaltScout is stored internally on SaltScout’s systems and the same is protected against unauthorised physical and electronic access including by way of encrypted data storage, password protected data access, firewall against spam attack and data back-up.
28. Financial information such as that of the User’s credit and/or debit cards will be dependent on third party payment gateways for security and storing information. The sharing of any and all credit and/or debit card information by the User is at the User’s sole risk.
30. SaltScout takes the security of the Website and User information seriously and will continue to enhance the same from time to time. However, given that by the very nature of transmission of information online, while SaltScout will take all reasonable measures to protect User information, SaltScout cannot guarantee the absolute security of the information provided to it, particularly in relation to compromise of data as a result of specified hacking. The User hereby absolves SaltScout of any liability for any leakage of data and/or information provided by him/her/it and confirms that SaltScout will not be held responsible for the same.
a. Access to personal information – The User may contact SaltScout at firstname.lastname@example.org and may request that the personal information disclosed to SaltScout be shared with the User;
b. Rectification of personal information – SaltScout will rectify any incorrect personal information held by it, at the request of the concerned User, addressed to SaltScout at email@example.com. It is the responsibility of the User to promptly inform SaltScout of any discrepancies in the personal information disclosed to SaltScout. However, there may be limitations to the nature and/or scope of the personal information that SaltScout can and/or will rectify and SaltScout reserves all rights in this regard. In certain cases, such as rectifications to name, date of birth etc., SaltScout may request the User to provide documentary support in respect of the same, to minimise the risk of unauthorised access. In the event that a User chooses to delete any personal information and/or modify it in a way that is not verifiable by SaltScout, or leads to such personal information being incorrect, SaltScout may be unable to provide such User with its services and such deletion and/or modification may be regarded as an intention on the part of the User to discontinue its services.
c. Lodging a complaint – A complaint may be lodged by emailing SaltScout at firstname.lastname@example.org; and the same will be addressed in accordance with best practice and applicable law.
32. A User under the GDPR (“Data Subject”), has the following additional rights:
a. Access to further information: the Data Subject may contact SaltScout at email@example.com and may request details of: the source of the personal information and/or the legal purpose of retaining such personal information and/or the entities to whom such personal information may be transferred by SaltScout and/or the safeguard/agreement under which the personal information of the Data Subject is being transferred outside of the European Union (in which case SaltScout reserves the right to redact certain information that the Data Subject is not privy to).
b. Erasing personal information: the Data Subject may contact SaltScout at firstname.lastname@example.org and may request that the personal information collected by SaltScout be erased from its records and/or servers. However, SaltScout shall not be bound to erase such information, in inter alia the following circumstances:
i.the information is required to be retained by SaltScout in compliance with applicable statutory regulations;
ii. to establish and/or defend a legal claim.
c. object the processing of personal information: the Data Subject may contact SaltScout at email@example.com and may request SaltScout to stop processing information; however, SaltScout is not bound by such request in the event that continuing to process the information, overrides the Data Subject’s own interests and/or that SaltScout is required to establish and/or defend a legal claim against it.
d. Restricting the processing of personal information: the Data Subject may contact SaltScout at firstname.lastname@example.org and may request that the processing of his/her/its personal information be restricted in circumstances inter alia such as: where the Data Subject contests the accuracy of such information and/or where such processing is unlawful and/or where such information is no longer required to be retained by SaltScout and/or where the Data Subject has objected to the processing and the said objection is under process. However, SaltScout shall not be bound by such request, in inter alia the following circumstances:
i. the accuracy of the information contested is in the process of being verified by SaltScout;
ii. to establish and/or defend a legal claim;
iii. where the User has not withdrawn its consent to SaltScout collecting and retaining such information;
iv. to protect the rights of another natural / legal person.
e. Portability of personal information: the Data Subject may contact SaltScout at email@example.com and may request that [i] SaltScout provide the Data Subject with his/her/its personal information in a structured, commonly used, machine-readable format; and [ii] the personal information be transmitted by SaltScout to another data controller, provided that: such transmission is based on the consent of the Data Subject / on the basis of a contract with the Data Subject and that such transmission is carried out by automated means.
f. Lodging of a complaint: the Data Subject may lodge a complaint, solely at his/her/its own cost and risk, with the relevant local supervisory authority regarding any objection of the Data Subject in relation to the manner in which the information is being processed by SaltScout.
g. Automated individual decision making: the Data Subject shall have the right not to be subject to a decision based solely on automated processing unless the said automated processing is necessary for the performance of the contract with the Data Subject / is pursuant to the Data Subject’s consent.
33. SaltScout may require certain additional information to ensure that a User falls under the ambit of the GDPR.
34. SaltScout shall make every reasonable effort to honour all requests of the Data Subject.
This document is published in accordance with the provisions of the Information Technology Act, 2000, the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 and the Information Technology (Intermediaries Guidelines) Rules, 2011. Additionally, it is also compliant with the General Data Protection Regulation in its application to Users in the EEA.