PRIVACY POLICY

This Privacy Policy governs the way KP Corporate Solutions Limited (“ESOP DIRECT”) collects,  uses, maintains and discloses information collected from users (each, a “User”) of this website  (“Site”). This privacy policy applies to the Site and all products and services offered by ESOP  DIRECT. 

Please read this policy carefully 

We, KP Corporate Solutions Ltd) (“we”, “us”, “our”) with our principal place of business at S.No.  256/254, Bungalow No. 2, Green Park Society, Behind Anand Park, Baner, Pune: 411007, are the owners of this Site (“Website”) which showcases all products and services offered by us. 

We respect the data privacy rights and are committed to protecting privacy and security of your personal information collected on the Website. This privacy policy (“Privacy Policy”) sets  forth the privacy practices we follow to protect the personal information accessed through our  various platforms viz., My ESOPs, My Insider, ESOP ezee and ESOP leap (hereinafter collectively referred to as “Platforms”) . 

1. What Qualifies as Personal Information 

For the purposes of this Privacy Policy, any information (such as name, email id, phone number,  location, IP address, Permanent Account Number (“PAN”), and Demat account details etc.)  provided by you, as a result of your use/access of the Website, that can identify you as a person or identify any other person such as your nominee or other third parties shall be referred to as  “Personal Information”. 

For sake of clarity the terms not specifically defined here shall bear the same meaning as provided  under the SEBI (Share Based Employee Benefits) Regulations 2014, as amended from time to time  available at https://www.sebi.gov.in/legal/regulations/apr-2017/securities-and-exchange-board-of-india-share-based-employee-benefits-regulations-2014-last-amended-on-april-17-2020-_34689.html and under Companies (Share Capital and Debenture) Rules, 2014 available  at https://www.mca.gov.in/Ministry/pdf/NCARules_Chapter4.pdf 

2. Applicability of GDPR 

Residents of the European Union (“EU”) should note that this Privacy Policy has been updated in accordance with the requirements of the GDPR. As per the provisions of the GDPR we shall be considered the Processors of the Personal Information collected as a result of your use/access of the Website and Platforms. 

For non-EU residents, by continuing to use or access the Website and/or Platforms, you agree to this Privacy Policy. If you do not agree to this Privacy Policy, you may not use or access the  Website and /or Platforms.

3. GDPR Principles 

ESOP Direct complies with the principles of GDPR. The six overall guiding principles are – 

  1. Lawfulness, fairness, and transparency 
  2. Purpose limitation 
  3. Data minimization 
  4. Accuracy 
  5. Storage limitation 
  6. Integrity and confidentiality 

4. What Personal/ Non-Personal Information do we Collect? 

The Personal Information we collect falls into two categories: information you actively provide  (for instance when you create an account), and information we collect through your use of our  Website and/ or Platforms, and through third party sources such as your employer as further described below4. 

4.1. Information you provide to us 

4.1.1. Registration and Profile Information 

When you register for an account, we will ask for your full name, PAN, information about your  Demat account, email and physical address, a phone number and location. We will also collect  Personal Information of your nominee such as their name, their relationship with you,  information about their Demat account details, PAN,(if any) and email id etc. when you participate in ESOP scheme through your employer. 

We may also have access to the Personal Information provided to us by your employer. Once you submit the required information on our Website or through our Platforms, your Consent to process personal information for the purpose communicated to you by your employer shall be implied.  

To request for a free demo, subscribe to our newsletter/alerts or to get in touch with us through the form available on our ‘contact us’ section, you would need to provide us with Personal  Information such as your name, designation, department, telephone number, organization name, location and e-mail address. 

4.1.2. Reporting

We may also collect, store and use your Personal Information when you access our Website and/or Platforms to submit various forms to the various regulatory bodies including but not limited to Securities and Exchange Board of India (“SEBI”). 

4.2. Information we receive from your use of Platforms and / or Website 4.2.1. Content you provide through our Website and/or Platforms 

We may also collect and store Personal Information when you use our Website and/or Platforms.  This includes any information about you that you may choose to include while using My ESOPs including how you interact with the Website and/ or Platforms and, how you use the features present in it. 

4.2.2. Cookies 

We may also automatically collect Personal Information through cookies, for example, to validate your login credentials, to remember session allowing you to continue the session in case of time out and to prevent unauthorized use of Platforms. Cookies are small encrypted files, that the  Website and/or Platforms transfers to the device through which you access our Website and/or  Platforms. We may also collect information whenever you visit our Website and/or Platforms to improve the usability and functionality of the Website and/or Platforms. Such information may be collected through third party services. 

4.3. Accuracy of information. 

Please make sure that any Personal Information you share with us is accurate and upto date information. You are required by relevant Companies (Share Capital and Debenture) Rules 2014  and SEBI ((Share Based Employee Benefits) Regulations 2014 to disclose information about third parties such as your nominee. 

5. Information of third party located in the EU: 

If you share any Personal Information of any third party who is located in EU, you must ensure that you notify him/her about you are sharing such person’s Personal Information with us. This should be done no later than 2 weeks from the date you share their information with us. You may provide such person a link or a copy of this Privacy Policy to help the person understand how his/ her Personal Information is handled by us and for what purpose. 

6. What do we do with your Personal Information? 

We use the Personal Information for the following purposes:

(i) to authenticate your account or information on our Website and/or Platforms; 

(ii) to provide you with our services under Platforms including planning, designing, managing,  administering and implementation of ESOP plans/schemes; 

(iii) to generate various ESOP Scheme documentations and reports such as grant consolidated  report, grant summary report, exercise report, cancellation report, vest wise report, lapse report,  individual options summary report, personal status report and any other system based/customized reports; 

(iv) to enable you to generate ESOP exercise form and manage your ESOPs; (v) to communicate you with regards to change in the ESOP Plan management process; 

(vi) to assist you and your employer with documentation of disclosure as per Companies (Share  Capital and Debenture) Rules 2014 and SEBI (Employee Stock Option Scheme and Employee  Stock Purchase Scheme) guidelines; 

(vii) to assist in valuation of ESOP schemes for example calculating intrinsic and fair value of  options as per Indian GAAP; 

(viii) to assist you and your employer in accounting of employee stock options; 

(ix) to assist you and your employer with statutory disclosures and compliances relating to ESOPs  with various government regulatory authorities; 

(x) to send email alerts prior to vesting, lapse of options and share price reaching a target level; (xi) To advise your employer of your registration; 

(xii) to provide you and your employer information about Platforms; 

(xiii) to assist you in the event you need any additional support; 

(xiv) for creation or development of business intelligence or data analytics in relation to our  Website and/or Platforms provided by us; 

(xv) to assess queries, requirements, and process requests for Platforms; (xvi) to improve usability of the Website and/ or Platforms and its maintenance; (xvii) to prevent fraud and abuse;

(xviii) to enhance the security of the Website and/or Platforms; 

(xix) to ensure that content from the Website and/or Platformsis presented in the most effective  manner for you and for your computer; 

(xx) to create brand awareness; 

(xxi) to provide you information that we may believe may be of your interest; (xxii) for internal record keeping; and 

(xxiii) to comply with our legal or statutory obligations. 

Basis: We will not process your Personal Information without a lawful basis to do so. We will process your Personal Information only on the legal bases of consent contract [as provided in Art.  6 (1) (b) of the GDPR], or on the basis of our legitimate interests [as provided in Art. 6 (1) (f) of the GDPR], provided that such interests are not overridden by your privacy rights and interests. 

7. Whom do we Disclose Your Data to? 

We do not sell, rent, share, distribute, lease or otherwise provide your Personal Information to third parties, without your prior consent. Keeping this in mind, we may disclose your Personal  Information in the following cases: 

  • Your Employer: We may share your Personal Information with your employer, your employer’s internal or external auditor to meet their internal and external audit and various administrative and compliance requirements. 
  • Merger or Acquisition: We may transfer your Personal Information if we are acquired by another entity, or if we merge with another company or transfer a part of our business,  including the Website, to a third party. Any such third party or resultant entity that receives your Personal Information shall have the right to continue to use your Personal  Information in line with the purposes set out herein. 
  • Legal and Regulatory Authorities: We may disclose your Personal Information in order to comply with our legal obligations/ court orders/ requests by Government authorities. 

8. Transfer of Your Personal Information Across Borders (for EU Residents) 

We have a presence through our regional sales or delivery centers across India. The Personal  Information we collect (of EU residents) might be processed outside the EU at a secure centers in India and Microsoft Azure servers located in India. With regards to the Personal Information governed by provisions of the GDPR, we collect and transfer Personal Information outside the EU  in accordance with the provisions of the GDPR. If you have questions, please contact us as at [info@esopdirect.com].

9. How Long do we Retain Your Personal Information? 

9.1. We endeavour to only collect such Personal Information that is necessary for the purposes indicated here, and to retain such data for no longer than is necessary for such purposes while following the GDPR Principles as mentioned above. The length of time Personal Information is retained, and criteria for determining that time, are dependent on the nature of the Personal  Information and the purpose for which it was provided/ collected. 

9.2. Subject to this section, we retain your Personal Information unless your employer revokes our access or deletes your account i.e. should you wish for us to delete your Personal Information in our records, you may request your company’s representative to have your account with us deleted. Please note, however, that there might be latency in deleting Personal Information from our servers and backed-up versions might exist even after deletion. For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact [info@esopdirect.com]

10. Our Security Measures 

We store your Personal Information in India and also on our Microsoft Azure servers located in  India and this information is accessible to our personnel across our offices. We also implement a  variety of security measures to maintain the safety of your Personal Information such as transmission of Personal Information in an encrypted form and protected using SSL technology or storing only specific Personal Information and in a secure environment where access is restricted. Although we provide appropriate firewalls and protections, we cannot warrant the security of any Personal Information transmitted as these systems are not hack proof. Data pilferage due to unauthorized hacking, virus attacks, technical issues is possible, and we assume no liability or responsibility for it. You are required to be careful to avoid “phishing” scams, where someone may send you an e-mail that looks like it is from us asking for your Personal Information. 

11. Your Rights (For EU Residents) 

You have the right to request us to let you know what Personal Information belonging to you do we hold in our possession, right to have us rectify or modify any such Personal Information except for email id, right to have us erase/delete your Personal Information, right to restrict us from processing such Personal Information, right to object to our use of your Personal Information. If you would like to exercise any of these rights, you may contact us through the Compliance  Officer, and accordingly we shall comply with your request. 

12. Links to Other Websites 

Our Website may contain links to other of your interest. Unless the third-party websites/  applications are owned by members of ESOP Direct, we do not have any control over them, and 

you will be accessing them at your own risk. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such websites/applications. You should exercise caution and look at the privacy policy applicable to such websites/applications. 

13. Limitation of Liability 

To the extent permissible under the law, we shall not be liable for any direct, indirect, incidental,  special, consequential or exemplary damages, including but not limited to, damages for loss of  profits, goodwill, data, information, or other intangible losses (even if we have been advised of  the possibility of such damages), arising out of this Privacy Policy on your use of Website or  Platforms. Notwithstanding the foregoing, we shall be solely liable to your employer in case of  any deviations in the obligations mentioned under this Privacy Policy.  

14. Governing Laws and Disputes 

This Privacy Policy shall be construed and governed by the laws of India without regard to principles of conflict of laws. Any dispute arising, between you and us shall be submitted to the arbitration to be conducted in India in English language, in accordance with the provisions of  Arbitration and Conciliation Act of 1996, by a sole arbitrator (appointed by us), and the award made in pursuance thereof shall be binding. Subject to the arbitration provisions, you agree that the courts in Pune, India shall have an exclusive jurisdiction over such disputes. 

For any EU residents, this Privacy Policy shall be governed by the provisions of the GDPR.

15. Changes to This Policy 

We may update this Privacy Policy from time to time. You are encouraged to check this Privacy  Policy on a regular basis to be aware of the changes made to it. 

This Privacy Policy was last modified on June 25, 2021. 

16. Contact Us 

If you have any questions or concerns or grievances regarding this Privacy Policy, you can email us at [info@esopdirect.com].