PRIVACY POLICY

This Privacy Policy governs the manner in which KP Corporate Solutions Limited (“ESOP DIRECT”) collects, uses, maintains and discloses information collected from users (each, a “User”) of this website (“Site”). This privacy policy applies to the Site and all products and services offered by ESOP DIRECT.

Please read this policy carefully

We, KP Corporate Solutions Ltd) (“we”, “us”, “our”) with our principal place of business at S.No. 256/254, Bungalow No. 2, Green Park Society, Behind Anand Park, Baner, Pune: 411007, are the owners of this Site (“Website”) which showcases all products and services offered by us.

We respect the data privacy rights and are committed to protecting privacy and security of your personal information collected on the Website. This privacy policy (“Privacy Policy”) sets forth the privacy practices we follow to protect the personal information accessed through our various platforms viz., My ESOPs, My Insider, ESOP ezee and ESOP leap (hereinafter collectively referred to as “Platforms”).

1. What Qualifies as Personal Information

For the purposes of this Privacy Policy, any information (including but not limited to name, email id, phone number, location, IP address, Permanent Account Number (“PAN”), and Demat account details etc.) provided by you, as a result of your use / access of the Website, that can identify you as a person or identify any other person such as your nominee or other third parties shall be referred to as “Personal Information”. Sensitive personal data or information (“SPDI”) is such personal information that is collected, received, stored, transmitted or processed by ESOP Direct, consisting of:

  • Password;
  • Financial information such as bank account or credit card or debit card or other payment instrument details;
  • Physical, physiological and mental health condition;
  • Sexual orientation;
  • Medical records and history;
  • Biometric information;
  • Any detail relating to the above personal information categories as provided to ESOP Direct for providing service; and
  • Any of the information received under above personal information categories by ESOP Direct for processing, stored or processed under lawful contract or otherwise.
    Please note that any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal information.

For sake of clarity the terms not specifically defined here shall bear the same meaning as provided under the SEBI (Share Based Employee Benefits) Regulations 2014, as amended from time to time available at https://www.sebi.gov.in/legal/regulations/apr-2017/securities-and-exchange-board-of-india-share-based-employee-benefits-regulations-2014-last-amended-on-april-17- 2020-_34689.html and under Companies (Share Capital and Debenture) Rules, 2014 available at https://www.mca.gov.in/Ministry/pdf/NCARules_Chapter4.pdf

2. Applicability of GDPR

Residents of the European Union (“EU”) should note that this Privacy Policy has been updated in accordance with the requirements of the GDPR. As per the provisions of the GDPR we shall be considered the Processors of the Personal Information collected as a result of your use / access of the Website and Platforms.
For non-EU residents, this Privacy Policy has been updated as per the applicable data privacy laws of the respective region. By continuing to use or access the Website and/or Platforms, you agree to this Privacy Policy. If you do not agree to this Privacy Policy, you may not use or access the Website and /or Platforms.

3. GDPR Principles

ESOP Direct complies with the principles of GDPR. The six overall guiding principles are –

  1. Lawfulness, fairness, and transparency
  2. Purpose limitation
  3. Data minimization
  4. Accuracy
  5. Storage limitation
  6. Integrity and confidentiality

This policy also covers the processing, storage and access to Information as required under lawful and/or contractual activities with ESOP Direct or otherwise required in the normal course of business. It describes ESOP Direct’s policies and procedures on the collection, usage and disclosure of Information provided/received by natural persons and meets the requirements established under:

  • The Information Technology Act, 2000 – Section 43A;
  • The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011.

4. What Personal/ Non-Personal Information do we Collect?

The Personal Information we collect falls into two categories: information you actively provide (for instance when you create an account), and information we collect through your use of our Website and/ or Platforms, and through third party sources such as your employer as further described below.

4.1. Information you provide to us

4.1.1. Registration and Profile Information

When you register for an account, we will ask for your full name, PAN, information about your demat account, email and physical address, a phone number and location. We will also collect Personal Information of your nominee such as their name, their relationship with you, information about their Demat account details, PAN, (if any) and email id etc. when you participate in ESOP scheme through your employer.
We may also have access to the Personal Information provided to us by your employer. Once you submit the required information on our Website or through our Platforms, you thereby express your consent to process your personal information for the purpose communicated to you by your employer.
To request for a free demo, subscribe to our newsletter/alerts or to get in touch with us through the form available on our ‘contact us’ section, you would need to provide us with Personal Information such as your name, designation, department, telephone number, organization name, location and e-mail address.

4.1.2. Reporting

We may also collect, store and use your Personal Information when you access our Website and/or Platforms to submit various forms to the various regulatory bodies including but not limited to Securities and Exchange Board of India (“SEBI”).

4.2. Information we receive from your use of Platforms and / or Website 4.2.1. Content you provide through our Website and/or Platforms

We may also collect and store Personal Information when you use our Website and/or Platforms. This includes any information about you that you may choose to include while using My ESOPs including how you interact with the Website and/ or Platforms and, how you use the features present in it.

4.2.2. Cookies

We may also collect Personal Information through cookies, for example, to validate your login credentials, to remember session allowing you to continue the session in case of time-out and to prevent unauthorized use of Platforms. You hereby agree to provide your consent to collect such information through cookies. We will not collect information through cookies, which are non
essential, without your consent. Cookies are small encrypted files, that the Website and/or Platforms transfers to the device through which you access our Website and/or Platforms. We may also collect information whenever you visit our Website and/or Platforms to improve the usability and functionality of the Website and/or Platforms. Such information may be collected through third party services.

4.3. Accuracy of information.

Please make sure that any Personal Information you share with us is accurate and upto date information. You are required by relevant Companies (Share Capital and Debenture) Rules 2014 and SEBI ((Share Based Employee Benefits) Regulations 2014 to disclose information about third parties such as your nominee to your employer.

5. Information of third party located in the EU:

If you share any Personal Information of any third party who is located in EU, you must ensure that you notify him/her about you are sharing such person’s Personal Information with us. This should be done no later than 2 weeks from the date you share their information with us. You may provide such person a link or a copy of this Privacy Policy to help the person understand how his/ her Personal Information is handled by us and for what purpose.

6. What do we do with your Personal Information?

We use the Personal Information for the following purposes:
(i) to authenticate your account or information on our Website and/or Platforms;
(ii) to provide you with our services under Platforms including planning, designing, managing, administering and implementation of ESOP plans/schemes;
(iii) to generate various ESOP Scheme documentations and reports such as grant consolidated report, grant summary report, exercise report, cancellation report, vest wise report, lapse report, individual options summary report, personal status report and any other system based / customized reports;
(iv) to enable you to generate ESOP exercise form and manage your ESOPs; (v) to communicate you with regards to change in the ESOP Plan management process;
(vi) to assist you and your employer with documentation of disclosure as per Companies (Share Capital and Debenture) Rules 2014 and SEBI (Employee Stock Option Scheme and Employee Stock Purchase Scheme) guidelines;
(vii) to assist in valuation of ESOP schemes for example calculating intrinsic and fair value of options as per Indian GAAP;
(viii) to assist you and your employer in accounting of employee stock options;
(ix) to assist you and your employer with statutory disclosures and compliances relating to ESOPs with various government regulatory authorities;
(x) to send email alerts prior to vesting, lapse of options and share price reaching a target level; (xi) To advise your employer of your registration;
(xii) to provide you and your employer information about Platforms;
(xiii) to assist you in the event you need any additional support;
(xiv) for creation or development of business intelligence or data analytics in relation to our Website and/or Platforms provided by us;
(xv) to assess queries, requirements, and process requests for Platforms; (xvi) to improve usability of the Website and/ or Platforms and its maintenance; (xvii) to prevent fraud and abuse;
(xviii) to enhance the security of the Website and/or Platforms;
(xix) to ensure that content from the Website and/or Platformsis presented in the most effective manner for you and for your computer;
(xx) to create brand awareness;
(xxi) to provide you information that we may believe may be of your interest; (xxii) for internal record keeping; and
(xxiii) to comply with our legal or statutory obligations.

Basis: We will not process your Personal Information without a lawful basis to do so. We will process your Personal Information only on the legal bases of consent contract [as provided in Art. 6 (1) (b) of the GDPR], or on the basis of our legitimate interests [as provided in Art. 6 (1) (f) of the GDPR], provided that such interests are not overridden by your privacy rights and interests.

7. Whom do we Disclose Your Data to?

We do not sell, rent, share, distribute, lease or otherwise provide your Personal Information to third parties, without your prior consent. Keeping this in mind, we may disclose your Personal Information in the following cases:

  • Your Employer: We may share your Personal Information with your employer, your employer internal or external auditor to meet their internal and external audit and various administrative and compliance requirements.
  • Merger or Acquisition: We may transfer your Personal Information with your prior consent, if we are acquired by another entity, or if we merge with another company or transfer a part of our business, including the Website, to a third party. Any such third party or resultant entity that receives your Personal Information shall have the right to continue to use your Personal Information in line with the purposes set out herein.
  • Legal and Regulatory Authorities: We may disclose your Personal Information in order to comply with our legal obligations/ court orders/ requests by Government authorities.

8. Transfer of Your Personal Information Across Borders (for EU Residents)

We have a presence through our regional sales or delivery centers across India. The Personal Information we collect (of EU residents) might be processed outside the EU at a secure centers in India and Microsoft Azure servers located in India. With regards to the Personal Information governed by provisions of the GDPR and SPDI Rules and IT Act, we collect and transfer Personal Information outside the EU in accordance with the provisions of the applicable laws. If you have questions, please contact us as at [info@esopdirect.com].

9. How Long do we Retain Your Personal Information?

9.1. We endeavour to only collect such Personal Information that is necessary for the purposes indicated here, and to retain such data for no longer than is necessary for such purposes while following the applicable laws as mentioned above. The length of time Personal Information is retained, and criteria for determining that time, are dependent on the nature of the Personal Information and the purpose for which it was provided/ collected.

9.2. Subject to this section, we retain your Personal Information unless your employer revokes our access or deletes your account i.e. should you wish for us to delete your Personal Information in our records, you may request your company’s representative to have your account with us deleted. Please note, however, that there might be latency in deleting Personal Information from our servers and backed-up versions might exist even after deletion. For more information on
where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact [info@esopdirect.com].

10. Our Security Measures

We store your Personal Information in India and also on our Microsoft Azure servers located in India and this information is accessible to our personnel across our offices. We also implement a variety of security measures to maintain the safety of your Personal Information such as transmission of Personal Information in an encrypted form and protected using SSL technology or storing only specific Personal Information and in a secure environment where access is restricted.

11. Your Rights

A. (For EU Residents)

You have the right to request us to let you know what Personal Information belonging to you do we hold in our possession, right to have us rectify or modify any such Personal Information except for email id, right to have us erase/delete your Personal Information, right to restrict us from processing such Personal Information, right to object to our use of your Personal Information. If you would like to exercise any of these rights, you may contact us through the Compliance Officer, and accordingly we shall comply with your request.

B. (For indian residents)

  • Right of access to data/copies of data
  • Right to rectification of errors in respect of any inaccuracies or deficiencies under the SPDI rules
  • Right to withdraw consent given to body corporate at any time.
  • Right to complain to the compliance officer/grievance officer

12. Links to Other Websites

Our Website may contain links to other of your interest. Unless the third-party websites/ applications are owned by members of ESOP Direct, we do not have any control over them, and you will be accessing them at your own risk. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such websites/applications. You should exercise caution and look at the privacy policy applicable to such websites/applications.

13. Limitation of Liability

To the extent permissible under the law, we shall not be liable for any direct, indirect, incidental, special, consequential or exemplary damages, including but not limited to, damages for loss of profits, goodwill, data, information, or other intangible losses (even if we have been advised of
the possibility of such damages), arising out of this Privacy Policy on your use of Website or Platforms. Notwithstanding the foregoing, we shall be solely liable to your employer in case of any deviations in the obligations mentioned under this Privacy Policy.

14. Governing Laws and Disputes

This Privacy Policy shall be construed and governed by the laws of India without regard to principles of conflict of laws. Any dispute arising, between you and us shall be submitted to the arbitration to be conducted in India in English language, in accordance with the provisions of Arbitration and Conciliation Act of 1996, by a sole arbitrator (appointed by us), and the award made in pursuance thereof shall be binding. Subject to the arbitration provisions, you agree that the courts in Pune, India shall have an exclusive jurisdiction over such disputes.
For any EU residents, this Privacy Policy shall be governed by the provisions of the GDPR.
For non-EU residents, this Privacy Policy shall be governed by the applicable data privacy laws of the respective region.

15. Changes to This Policy

We may update this Privacy Policy from time to time. You are encouraged to check this Privacy Policy on a regular basis to be aware of the changes made to it.
This Privacy Policy was last modified on January 31, 2022.

16. Contact Us

If you have any questions or concerns or grievances regarding this Privacy Policy, you can email us at [info@esopdirect.com].