Please read this policy carefully
We, KP Corporate Solutions Ltd) (“we”, “us”, “our”) with our principal place of business at S.No. 256/254, Bungalow No. 2, Green Park Society, Behind Anand Park, Baner, Pune: 411007, are the owners of this Site (“Website”) which showcases all products and services offered by us.
1. What Qualifies as Personal Information
- Financial information such as bank account or credit card or debit card or other payment instrument details;
- Physical, physiological and mental health condition;
- Sexual orientation;
- Medical records and history;
- Biometric information;
- Any detail relating to the above personal information categories as provided to ESOP Direct for providing service; and
- Any of the information received under above personal information categories by ESOP Direct for processing, stored or processed under lawful contract or otherwise.
Please note that any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal information.
For sake of clarity the terms not specifically defined here shall bear the same meaning as provided under the SEBI (Share Based Employee Benefits) Regulations 2014, as amended from time to time available at https://www.sebi.gov.in/legal/regulations/apr-2017/securities-and-exchange-board-of-india-share-based-employee-benefits-regulations-2014-last-amended-on-april-17- 2020-_34689.html and under Companies (Share Capital and Debenture) Rules, 2014 available at https://www.mca.gov.in/Ministry/pdf/NCARules_Chapter4.pdf
2. Applicability of GDPR
3. GDPR Principles
ESOP Direct complies with the principles of GDPR. The six overall guiding principles are –
- Lawfulness, fairness, and transparency
- Purpose limitation
- Data minimization
- Storage limitation
- Integrity and confidentiality
This policy also covers the processing, storage and access to Information as required under lawful and/or contractual activities with ESOP Direct or otherwise required in the normal course of business. It describes ESOP Direct’s policies and procedures on the collection, usage and disclosure of Information provided/received by natural persons and meets the requirements established under:
- The Information Technology Act, 2000 – Section 43A;
- The Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Information) Rules, 2011.
4. What Personal/ Non-Personal Information do we Collect?
The Personal Information we collect falls into two categories: information you actively provide (for instance when you create an account), and information we collect through your use of our Website and/ or Platforms, and through third party sources such as your employer as further described below.
4.1. Information you provide to us
4.1.1. Registration and Profile Information
When you register for an account, we will ask for your full name, PAN, information about your demat account, email and physical address, a phone number and location. We will also collect Personal Information of your nominee such as their name, their relationship with you, information about their Demat account details, PAN, (if any) and email id etc. when you participate in ESOP scheme through your employer.
We may also have access to the Personal Information provided to us by your employer. Once you submit the required information on our Website or through our Platforms, you thereby express your consent to process your personal information for the purpose communicated to you by your employer.
To request for a free demo, subscribe to our newsletter/alerts or to get in touch with us through the form available on our ‘contact us’ section, you would need to provide us with Personal Information such as your name, designation, department, telephone number, organization name, location and e-mail address.
We may also collect, store and use your Personal Information when you access our Website and/or Platforms to submit various forms to the various regulatory bodies including but not limited to Securities and Exchange Board of India (“SEBI”).
4.2. Information we receive from your use of Platforms and / or Website 4.2.1. Content you provide through our Website and/or Platforms
We may also collect and store Personal Information when you use our Website and/or Platforms. This includes any information about you that you may choose to include while using My ESOPs including how you interact with the Website and/ or Platforms and, how you use the features present in it.
We may also collect Personal Information through cookies, for example, to validate your login credentials, to remember session allowing you to continue the session in case of time-out and to prevent unauthorized use of Platforms. You hereby agree to provide your consent to collect such information through cookies. We will not collect information through cookies, which are non
essential, without your consent. Cookies are small encrypted files, that the Website and/or Platforms transfers to the device through which you access our Website and/or Platforms. We may also collect information whenever you visit our Website and/or Platforms to improve the usability and functionality of the Website and/or Platforms. Such information may be collected through third party services.
4.3. Accuracy of information.
Please make sure that any Personal Information you share with us is accurate and upto date information. You are required by relevant Companies (Share Capital and Debenture) Rules 2014 and SEBI ((Share Based Employee Benefits) Regulations 2014 to disclose information about third parties such as your nominee to your employer.
5. Information of third party located in the EU:
6. What do we do with your Personal Information?
We use the Personal Information for the following purposes:
(i) to authenticate your account or information on our Website and/or Platforms;
(ii) to provide you with our services under Platforms including planning, designing, managing, administering and implementation of ESOP plans/schemes;
(iii) to generate various ESOP Scheme documentations and reports such as grant consolidated report, grant summary report, exercise report, cancellation report, vest wise report, lapse report, individual options summary report, personal status report and any other system based / customized reports;
(iv) to enable you to generate ESOP exercise form and manage your ESOPs; (v) to communicate you with regards to change in the ESOP Plan management process;
(vi) to assist you and your employer with documentation of disclosure as per Companies (Share Capital and Debenture) Rules 2014 and SEBI (Employee Stock Option Scheme and Employee Stock Purchase Scheme) guidelines;
(vii) to assist in valuation of ESOP schemes for example calculating intrinsic and fair value of options as per Indian GAAP;
(viii) to assist you and your employer in accounting of employee stock options;
(ix) to assist you and your employer with statutory disclosures and compliances relating to ESOPs with various government regulatory authorities;
(x) to send email alerts prior to vesting, lapse of options and share price reaching a target level; (xi) To advise your employer of your registration;
(xii) to provide you and your employer information about Platforms;
(xiii) to assist you in the event you need any additional support;
(xiv) for creation or development of business intelligence or data analytics in relation to our Website and/or Platforms provided by us;
(xv) to assess queries, requirements, and process requests for Platforms; (xvi) to improve usability of the Website and/ or Platforms and its maintenance; (xvii) to prevent fraud and abuse;
(xviii) to enhance the security of the Website and/or Platforms;
(xix) to ensure that content from the Website and/or Platformsis presented in the most effective manner for you and for your computer;
(xx) to create brand awareness;
(xxi) to provide you information that we may believe may be of your interest; (xxii) for internal record keeping; and
(xxiii) to comply with our legal or statutory obligations.
Basis: We will not process your Personal Information without a lawful basis to do so. We will process your Personal Information only on the legal bases of consent contract [as provided in Art. 6 (1) (b) of the GDPR], or on the basis of our legitimate interests [as provided in Art. 6 (1) (f) of the GDPR], provided that such interests are not overridden by your privacy rights and interests.
7. Whom do we Disclose Your Data to?
We do not sell, rent, share, distribute, lease or otherwise provide your Personal Information to third parties, without your prior consent. Keeping this in mind, we may disclose your Personal Information in the following cases:
- Your Employer: We may share your Personal Information with your employer, your employer internal or external auditor to meet their internal and external audit and various administrative and compliance requirements.
- Merger or Acquisition: We may transfer your Personal Information with your prior consent, if we are acquired by another entity, or if we merge with another company or transfer a part of our business, including the Website, to a third party. Any such third party or resultant entity that receives your Personal Information shall have the right to continue to use your Personal Information in line with the purposes set out herein.
- Legal and Regulatory Authorities: We may disclose your Personal Information in order to comply with our legal obligations/ court orders/ requests by Government authorities.
8. Transfer of Your Personal Information Across Borders (for EU Residents)
We have a presence through our regional sales or delivery centers across India. The Personal Information we collect (of EU residents) might be processed outside the EU at a secure centers in India and Microsoft Azure servers located in India. With regards to the Personal Information governed by provisions of the GDPR and SPDI Rules and IT Act, we collect and transfer Personal Information outside the EU in accordance with the provisions of the applicable laws. If you have questions, please contact us as at [firstname.lastname@example.org].
9. How Long do we Retain Your Personal Information?
9.1. We endeavour to only collect such Personal Information that is necessary for the purposes indicated here, and to retain such data for no longer than is necessary for such purposes while following the applicable laws as mentioned above. The length of time Personal Information is retained, and criteria for determining that time, are dependent on the nature of the Personal Information and the purpose for which it was provided/ collected.
9.2. Subject to this section, we retain your Personal Information unless your employer revokes our access or deletes your account i.e. should you wish for us to delete your Personal Information in our records, you may request your company’s representative to have your account with us deleted. Please note, however, that there might be latency in deleting Personal Information from our servers and backed-up versions might exist even after deletion. For more information on
where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact [email@example.com].
10. Our Security Measures
We store your Personal Information in India and also on our Microsoft Azure servers located in India and this information is accessible to our personnel across our offices. We also implement a variety of security measures to maintain the safety of your Personal Information such as transmission of Personal Information in an encrypted form and protected using SSL technology or storing only specific Personal Information and in a secure environment where access is restricted.
11. Your Rights
A. (For EU Residents)
You have the right to request us to let you know what Personal Information belonging to you do we hold in our possession, right to have us rectify or modify any such Personal Information except for email id, right to have us erase/delete your Personal Information, right to restrict us from processing such Personal Information, right to object to our use of your Personal Information. If you would like to exercise any of these rights, you may contact us through the Compliance Officer, and accordingly we shall comply with your request.
B. (For indian residents)
- Right of access to data/copies of data
- Right to rectification of errors in respect of any inaccuracies or deficiencies under the SPDI rules
- Right to withdraw consent given to body corporate at any time.
- Right to complain to the compliance officer/grievance officer
12. Links to Other Websites
13. Limitation of Liability
To the extent permissible under the law, we shall not be liable for any direct, indirect, incidental, special, consequential or exemplary damages, including but not limited to, damages for loss of profits, goodwill, data, information, or other intangible losses (even if we have been advised of
14. Governing Laws and Disputes
15. Changes to This Policy
16. Contact Us