Privacy Policy
Metta Social Solutions Private Limited (“Metta Social”, “we”, “us”, “our”) is a private limited company incorporated under the Indian Companies Act, 2013. Metta Social recognizes maintaining the privacy of its users (“User”, “you”, “your”, “yourself”) and the importance of maintaining the confidentiality of your information, in compliance with applicable law. We value the trust you place in us. That's why we insist upon the highest standards for secure transactions and User Information privacy. Please read the following policy to learn about our information collecting, processing, and dissemination practices. The following Privacy Policy should be read along with the Metta Social Terms of Use, for a full understanding of Metta Social's practices as well as the Users’ responsibilities when interacting with the site http://www.mettasocial.com/ (“Website”).
Part A of this Privacy Policy is published in accordance with the provisions of the Indian Information Technology Act, 2000 (“IT Act”) and the rules made thereunder, more specifically, the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. All terms used in this Privacy Policy will have the same meaning and definitions assigned to them in the IT Act and the rules made thereunder, or in our Terms of Use.
Additionally, if you are a natural person based in the European Economic Area (“EEA”), the provisions of Part B of this Privacy Policy will apply to how we process your personal information. Part B of the Privacy Policy is published in accordance with, and in compliance of, the provisions of the European Union General Data Protection Regulation (“EU GDPR”).
By visiting this Website, you agree to be bound by the terms and conditions of this Privacy Policy and the Terms of Use of the Website, as they apply to you. Please read this Privacy Policy carefully to understand how your personal information is handled and your rights in its regard. If you do not agree with any of the terms contained in this Privacy Policy or the Terms of Use, please do not use or access the Website.
You must be aged 18 years or over to avail of products and services offered on the Website. If you are aged below 18 years, please ensure your use of the Website is consented to by your parent or legal guardian.
PART A
1. Collection of your personal information and other identifiable information
1.1. When you use our Website, we collect and store your personal information about you, provided by you, from time to time.
1.2. Personal Information (“PI ”) under the IT Act is defined to include any information that relates to a natural person, which, either directly or indirectly, in combination with other information available, or likely to be available, is capable of identifying such person by a body corporate. Further, we may also collect certain information classified as sensitive personal data and information (“SPDI”) which, under Indian Privacy law constitutes information relating to (i) passwords; (ii) financial information; (iii) physical, physiological and mental health conditions; (iv) sexual orientation; (v) medical records and history; (vi) biometric information; (vii) any detail relating to the above, as provided to a body corporate for providing services; and (viii) any of the information received under the above by a body corporate, for processing or storing data under lawful contract, or otherwise. SPDI does not include any information that is freely available or accessible in the public domain, or that is furnished under any law.
1.3. We, or third parties on our behalf, may collect and use the following PI about you:
(i) Your name, including your title; (ii) Your contact number(s); (iii) Your e-mail address; (iv) Your postal address; (v) Your age; (vi) Your gender; (vii) Information provided when you correspond with us; (viii) Updates to the information you have already provided to us; (ix) PI we obtain from third-party sources (e.g. APIs, URLs); and/or (x) Technical and behavioural information about you regarding your use of the Website.
1.4. We may also collect SPDI pertaining to financial data (for example, cancelled cheques) and/or biometric data (Aadhar, PAN) about you, for compliance with Know Your Customer (KYC)/Anti Money Laundering (AML) requirements under applicable law. We will ensure this data is collected, stored, secured and processed in accordance with the IT Act and applicable law.
1.5. Our primary goal in doing so is to provide you with a safe, efficient, smooth and customized experience, which allows us to provide services and features that strive to meet your needs and make your experience safer and easier. More importantly, while doing so, we only collect PI and SPDI from you that we consider necessary for achieving this purpose and providing our Services. In general, you can browse the Website without providing us with information regarding who you are or without revealing any PI about yourself.
1.6. You provide us with your PI voluntarily. Once you provide your PI to us, either by signing up through our portal or signing in through an associate API (such as Google or Facebook), you are no longer anonymous to us. Where possible, we indicate which fields are required and which fields are optional for you to fill in. You always have the option to not provide us with your information by choosing not to use a particular service or feature on the Website. We may, however, automatically track desensitized information about you based on your behaviour on the Website. We use this information to do internal research on our User demographics, interests, and behaviour to better understand, protect and serve our Users. This information is compiled and analysed on an aggregated basis. This information may include the URL that you accessed our Website through (whether this URL is on our Website or not), which URL you next go to (whether this URL is on our Website or not), your internet browser information, and your IP address.
1.7. We use data collection devices such as “cookies” on the Website to help analyse our web page flow, measure promotional effectiveness and promote trust and safety. By continuing to browse our Website, you are agreeing to our use of cookies. To know more about how cookies are used by us, please refer to Part C below.
1.8. If you choose to post messages on our Message Boards, chatrooms, other message areas or if you choose to leave feedback, we will collect that information you provide to us. We retain this information as necessary to resolve disputes, provide User support and troubleshoot problems, as may be necessary, and as is permitted under applicable law.
1.9. If you send us personal correspondence, such as e-mails or letters, or if other users or third parties send us correspondence about you and your activities or postings on the Website, we may collect such information into a file specific to you.
1.10. We collect PI and SPDI from you when you set up an account with us/ register with us. While you can browse some sections of our Website without being a registered member, certain features (such as making a donation/contribution, creating a campaign) do require registration. We use the collected contact information to send you relevant information such as receipts, certificates, upcoming events, newsletters, etc.
1.11. We also provide certain data to the Campaigner, to interact with you and send you relevant or required information of the type aforementioned, as well as to complete certain transactions and fulfil commitments, such as but not limited to, rewards, updates, etc. After your data is made accessible to a Campaigner, the Campaigner may use your data to send you information about other similar campaigns, communication about an NGO represented by him and/or other causes such Campaigner may be supporting and inviting a donation of funds for.
2. Use of Demographic, Profile Data and Your Information
2.1. We use your personal information to provide you with the services you choose to avail of. To the extent we use your personal information for direct marketing purposes, we will provide you with the ability to opt-out of such uses, if you do not wish to receive such communication. To opt-out of being on such call, SMS, e-mail and/or other communication lists, you may e-mail us at support@mettasocial.com , and we will ensure you do not receive such communications in the future.
2.2. We may use your personal information to resolve disputes, troubleshoot problems, help promote a safe service, collect money either directly by us or through an authorized payment gateway facility, measure User-interest in Fundraisers hosted on the Website, inform you about updates, customize your experience, detect and protect us against error, fraud and other criminal activity, enforce our terms and conditions, and as otherwise described to you at the time of collection.
2.3. In our efforts to continually improve our product and service offerings, we collect and analyse demographic and user data about our Users' activity on our Website. We identify and use your IP address to help diagnose problems with our server and to administer our Website. Your IP address is also used to help identify you and to gather broad demographic information related to you.
3. Sharing your personal information
3.1. By providing us with your personal information, you consent to the information being shared with our group companies or third-party service providers, where it is in our legitimate interest to do so for administrative or business purposes (such as corporate strategy, auditing, and monitoring, quality assurance).
3.2. We will not share your SPDI, i.e., your password, biometric or financial information such as bank account or credit card or debit card or other payment instrument details, your sexual orientation etc. that is not essential for your continued use of the Website, with any third parties or disclose to it to any person other than as required by applicable law.
3.3. We may share your PI with our other corporate and/or associated entities and affiliates to (i) help detect and prevent identity theft, fraud and other potentially illegal acts and cybersecurity incidents, (ii) help and detect co-related/related or multiple accounts to prevent abuse of our services and (iii) facilitate joint or co-branded services that you request, where such services are provided by more than one associate entity. Those entities and affiliates may not directly market their products and/or services to you as a result of such sharing unless you explicitly opt-in.
3.4. Any third parties we share your information with are limited by law and contract in their ability to use your PI for any purpose, other than to provide services for and in connection with us. We will always ensure that third parties with whom we share information about our Users are subject to privacy and security obligations consistent with this Privacy Policy and applicable law.
3.5. We may disclose your PI or SPDI if required to do so by law or in the good faith belief that such disclosure is reasonably necessary to respond to summons, court orders, or any other legal process. We may disclose your PI to law enforcement offices, third party rights owners, or others as becomes necessary, in the good faith belief that such disclosure is reasonably necessary to: (i) enforce the Terms or this Privacy Policy; (ii) respond to claims that an advertisement, posting or other content violates the rights of a third party; or (iii) protect the rights, property or personal safety of our Users or the general public.
3.6. While transferring your PI to another body corporate or natural person, for purposes necessary to perform contractual obligations to you, we will make sure that, as is required by applicable laws, the same level of data protection adhered to by us is adhered to by such entity to whom the data is being transferred.
3.7. In the event we (or our assets) plan to merge with, or be acquired by any business entity, or for purposes such as re-organization, amalgamation or restructuring of our business, by using the Website and consenting to these Terms you also consent to us, and our affiliates, using, sharing, parting with and allowing such resulting/other business entity to use the personal information provided by you to Metta Social. Should such a transaction occur, that other business entity (or the new combined entity), will be required to adhere to this Privacy Policy, with respect to your personal information.
3.8. Only if it is essential, we may also share your PI with third parties in order to enforce or ensure application of our Terms of Use, other terms and conditions for Users, our policies, any other agreement in force, to respond to claims, to protect our rights or the rights of our employees and/or Users and/or a third party, to protect User safety or to prevent any illegal activity. This may include exchanging information with other organizations for fraud protection.
3.9. We may also disclose and use anonymized, aggregated reporting and statistics about Users of the Website and interaction with our products and services for reporting purposes, or for marketing and promotion purposes. None of these reports or statistics will enable our Users to be personally identified.
3.10. Save as expressly stated above, we will never share, sell or rent any of your PI to a third party without notifying you, and where necessary, obtaining your consent. If you have permitted us to use your PI in a certain way, but later change your mind, you can contact our Grievance Officer and we will stop doing so.
4. Retaining your information
4.1. We keep your PI and SPDI for no longer than is necessary for the purposes that your PI/SPDI was collected and processed. The length of time for which we retain your PI or SPDI depends on the purpose for which we collect and use it, and/or as is required to comply with applicable law and to establish, exercise or defend our legal rights.
5. Links to Other Sites
5.1. Our Website links to other websites that may collect personally identifiable information about you. Such other websites are not operated by Metta Social and are only provided for your convenience.
5.2. The links available do not imply Metta Social’s endorsement of activities of such third- party websites or Metta Social’s association with its operators. This Privacy Policy applies only to PI or SPDI collected, or PI received from third-party sources, by Metta Social. We are not responsible for PI about you that is collected and stored by third parties.
5.3. Third party websites have their own terms and conditions for use and collection and processing of data. You should read the terms of use and privacy policies of these websites carefully before submitting your information to these websites.
5.4. Metta Social is not responsible for the privacy practices or the content of those linked websites and does not endorse or accept responsibility or liability for the content of such third-party websites or third-party terms and conditions.
6. Changes to our Privacy Policy
6.1. We may update our Privacy Policy from time to time, any changes we make to our Privacy Policy will be posted on this page, as of the date mentioned above. Please check back frequently to see changes or updates to our Privacy Policy.
6.2. Where material changes are made to this Privacy Policy, or where deemed appropriate by Metta Social, you will be notified of such material change through your registered mode of communication (phone or e-mail).
7. Security Precautions/ Security Breach
7.1. Our Website has stringent security measures in place, as required under law, to protect the loss, misuse, and alteration of the information under our control. Whenever you change or access your account information, we offer the use of a secure server. Once your information is in our possession, we adhere to strict security guidelines, protecting it against unauthorized access. Our web hosts, transaction affiliates, etc., all use industry grade and standardized methods to protect your information from any misuse.
7.2. If any User has sufficient reason to believe their SPDI, which we explicitly do not share with third parties, has been compromised, or there has been a breach of security due to a cybersecurity incident, you may write to our Grievance Officer immediately at the contact details mentioned below in, so that we may take suitable measures to either rectify such a breach and inform the concerned authorities of a cybersecurity incident.
7.3. To report abuse on the Website, not being a cybersecurity incident, a User may click on the ‘Report Abuse’ tab found at the bottom of the page and provide details of the abuse. Upon receiving such information Metta Social will examine the abuse and take suitable and necessary steps to remedy it.
7.4. Where you have chosen a password, which enables you to access your online account with Metta Social, you have the responsibility to ensure that your password remains confidential and only you have access to your online account.
8. Advertisements on Mettasocial.com
8.1. We use third-party advertising companies to serve ads when you visit our Website. These companies may use information (not including your name, address, e-mail address, or telephone number and generally other information which may identify you personally) about your visits to this and other websites in order to provide advertisements about goods and services of interest to you.
8.2. You have the option to opt-out of receiving these advertisements by writing to our Grievance Officer on the details mentioned below.
9. Your Consent
9.1. By using the Website and/or by providing your information, you consent to the collection and use of the information you disclose on the Website in accordance with this Privacy Policy, including but not limited to your consent for sharing your information as per this Privacy Policy.
9.2. If we decide to change our privacy policy, we will post those changes on this page so that you are always aware of what information we collect, how we use it, and under what circumstances we disclose it.
9.3. The donors/contributors hereby permit Metta Social to share their PI such as their name, email address, contact information to the respective Campaigner and beneficiaries of the donations made by the donors via the Website.
10. Retention of Information
10.1. Information provided by you to Metta Social is processed, stored and retained through our servers and web hosts i.e., currently Amazon Web Services.
10.2. Our web hosts and agency managing your information are compliant with IS/ISO/IEC27001 or an equivalent in standards of Security Techniques and Information Security Management System Requirements.
11. Grievance Officer
In accordance with IT Act and rules made there under, we have appointed a Grievance Officer to handle any arising concerns are grievances. The contact details of the Grievance Officer are provided below: Name: Vishal Naik Pednekar Address: Metta Social Private Limited, The Senate ,1st Floor, Echoing Greens,Opp. Eden Garden, Near Hinjewadi Flyover,Wakad, Pune-57, India. Tel: +91 96739 98021 E-mail: contactus@mettasocial.com Time: Mon-Sat (09:00hrs – 18:00hrs)
12. Governing Law and Jurisdiction
12.1. This Privacy Policy, along with the Terms of Use, is governed by laws prevailing in India.
12.2. Only the courts in Pune, Maharashtra, India will have jurisdiction with regard to disputes arising from this Privacy Policy.
PART B
13. Additional provisions applicable to EU residents only
13.1. The terms and conditions contained herein are only applicable to Users of the Website located and residing in the EU (“EU Users”). This section is not applicable to Metta Social’s Users located and residing in India or other jurisdictions.
13.2. We consider that the legal basis for using your personal information, after you have provided your consent, as set out in this Privacy Policy is as follows: (i) Our use of your personal information is necessary to perform our obligations under any contract with you, or (ii) Our use of your personal information is necessary to comply with our legal obligations.
13.3. We will retain your data for such period of time as may be reasonably necessary to fulfil the purposes set out in the Privacy Policy and, if relevant, to deal with any claim or dispute that might arise in connection with any services which you avail of via our website.
13.4. With respect to the personal information you provide us with, you have certain rights that you may exercise:
(i) Right of access: you have the right to access the personal information we hold about you. (ii) Right to update: you have the right update information you may have provided to us that is out of date or incorrect. (iii) Right to delete: you have the right to ask us to delete any information we hold pertaining to you in specific circumstances. (iv) Right to restrict the use of your information: you have the right to ask us to restrict how we process your personal information in certain circumstances. (v) Right to stop marketing: you have the right to restrict us from using your personal information for direct marketing purposes. (vi) Right to data portability: you have the right to ask us to provide your personal information to a third-party provider of services. (vii) Right to object: you may ask us to consider any valid objections which you have to use of your personal information where we process your personal information on the basis of our, or another person’s legitimate interest.
13.5. If you would like to actively exercise any of your rights, or require more information regarding the steps we take to protect your personal information, you may contact our Grievance Officer. We will consider all your requests and provide our response to you within a reasonable period of time.
13.6. Your personal information is used, stored and accessed by staff operating and servers located outside the EEA. We may share personal information with our group entities and with third parties in accordance with the GDPR. Appropriate measures will be taken to ensure your personal information is protected adequately in accordance with this Privacy Policy.