Personal Information SatisFIND Collects

SatisFIND collects various types of personal information to provide you with tailored services and enhance your user experience. These include:

• Information You Provide

  • Contact information: such as name, company, job title, address, email, and phone number.
  • Additional details: to better understand you, like gender, age, nationality, professional associations, product usage, and demographics.
  • Interactions: comments, questions, requests, orders, and preferences, including preferred communication methods and product interests.
  • Shopping and lifestyle preferences: to match mystery shoppers with relevant projects.

• Information Automatically Gathered from Your Device:

  • Device and browser information: type, IP address, operating system, and identifier.
  • Usage data: content viewed, features used, links clicked, emails opened, and interaction timestamps.
  • Location information: precise real-time data or imprecise data derived from IP addresses or postal codes. SatisFIND Apps require permission for precise real-time location data.

• Cookies and Similar Technologies:

  • SatisFIND Internet Sites use cookies for personalized experiences and functionality, such as session cookies for browsing and persistent cookies for saved preferences.
  • Users can adjust cookie settings in their browsers; however, some functionalities may be limited if certain cookies are rejected.
  • Third-party services may place cookies for analytics and advertising purposes.

• Information from Business Partners and Third Parties:

  • Personal information obtained through Business Partners or third-party sources may include contact details and relevant identifiers.

• Your Choices:

  • You have the option not to provide certain information requested by SatisFIND, but this may affect our ability to deliver relevant services or features.

How SatisFIND Uses Your Personal Information

SatisFIND uses your personal information for various purposes, including but not limited to:

Developing and Managing Relationships:

• Delivering services or transactions requested by you or our Business Partners.
• Providing information about SatisFIND products, services, and transactions that may interest you.
• Enhancing your experience by understanding how you use and interact with SatisFIND platforms.
• Managing contractual relationships with our Business Partners.

Communication:

• Informing you of relevant SatisFIND products, services, and promotions.
• Providing information about pricing, technical data, shipping, warranties, or product improvements.
• Responding to inquiries and providing customer support.
• Inviting you to participate in surveys or market research activities.

Providing and Improving Services:

• Customizing platforms to your preferences or interests.
• Maintaining security and protecting platforms.
• Developing new SatisFIND platforms, products, and services.

Legal Compliance and Protection:

• Retaining business records as required by law.
• Establishing, exercising, or defending legal claims.
• Complying with legal obligations, regulations, court orders, or legal processes.
• Detecting, preventing, and responding to fraud, intellectual property infringement, or violations of law.
• Protecting rights, property, health, safety, welfare, or interests of SatisFIND, you, or others.

SatisFIND may also use your personal information for other purposes consistent with the context of its collection or with your consent.

Additionally, SatisFIND may anonymize or aggregate collected information for research and product development purposes, ensuring individual identification is not possible.

When SatisFIND May Share Your Personal Information:

SatisFIND will only disclose your personal information under the following circumstances:

Sharing with Other SatisFIND Entities:

• SatisFIND may share your personal information with other SatisFIND entities, including those in different countries. These entities will use your information in a manner consistent with this Policy, any applicable Specific Privacy Statements, and all applicable privacy and data protection laws.

Third-Party Service Providers:

• SatisFIND may share your personal information with third parties hired to perform support services. These parties are required to use the information solely for performing services on our behalf and to adhere to all applicable privacy and data protection laws.

Business Partners:

• Personal information may be shared with third parties, such as SatisFIND Pro Partners, who collaborate with us to provide products and services. Our Business Partners must use this information in line with this Policy, any applicable Specific Privacy Statements, and all relevant privacy and data protection laws.

Legal Compliance and Protection:

• SatisFIND may share your personal information in instances where disclosure is necessary to comply with laws, regulations, court orders, or other legal processes. This includes situations involving fraud prevention, intellectual property protection, or ensuring the safety and rights of SatisFIND, you, or others.

Business Transactions:

• Your personal information may be shared in connection with the sale, purchase, merger, reorganization, or dissolution of SatisFIND or a business unit, or under similar circumstances. In such cases, appropriate measures will be taken to safeguard your personal information.

With Your Consent:

• SatisFIND may share your information with third parties if you provide permission or make a request for such sharing.

Anonymized or Aggregated Information:

• SatisFIND may share anonymized or aggregated information internally or with third parties for various purposes. Such information will not identify you individually.

Security of Your Personal Information

Your personal information is primarily stored in SatisFIND databases or databases managed by our service providers. Many of these databases are hosted on servers located in the United States and Singapore. SatisFIND employs appropriate measures, including contractual agreements, to ensure the adequate protection of personal information disclosed to third parties or transferred to other countries, including transfers within SatisFIND.

SatisFIND maintains reasonable safeguards to uphold the confidentiality, security, and integrity of your personal information. While we implement security measures to safeguard your personal information against unauthorized disclosure, misuse, or alteration, it's important to note that, like all computer networks connected to the Internet, we cannot guarantee the absolute security of information transmitted over the Internet. Therefore, we cannot be held responsible for breaches of security beyond our reasonable control.

Links to Third-Party Internet Sites and Plugins:

SatisFIND Internet Sites and Apps may feature links to websites or mobile apps that are not operated by SatisFIND, as well as plugins from social media platforms and other third parties. Examples of social media plugins include the Facebook “Like” button. These links and plugins are provided for convenience, and their inclusion does not imply endorsement of the activities or content of the associated websites, apps, or social media platforms, nor any affiliation with their operators.

To understand the data collection practices of these third-party websites, apps, and plugins, we recommend reviewing their respective privacy policies. We encourage you to familiarize yourself with the privacy policies of the websites, apps, and social media platforms you visit before using them or providing any personal information.

Access to Your Personal Information:

You have the right to review, correct, and update the personal information you have provided to us. You can do so by utilizing the feedback mechanisms available on a specific SatisFIND Internet Site or App. Alternatively, you can reach out to us in writing at the following address:

SatisFIND Pte. Inc.
Data Protection Officer
21 Tan Quee Lan Street, #02-04 Heritage Place
Singapore 188108

You can also contact us via email at dpo@satisfind.com

Retention of Your Personal Information

The retention period for your personal information varies depending on the purpose and usage of the collected data. Legal requirements may mandate specific retention periods for certain types of data. Otherwise, we retain the information for no longer than necessary for the purposes for which it was collected. For details on our Data Deletion policy, please refer to our Data Deletion Policy

• Children:

  Our Service is not intended for individuals under the age of 18 (“Children”). We do not knowingly collect personally identifiable information from anyone under the age of 18. If you are a parent or guardian and become aware that your child has provided us with Personal Data, please contact us. If we discover that we have collected Personal Data from children without verification of parental consent, we take steps to remove that information from our servers.

Privacy Compliance Program (PDPA) Singapore

1. Introduction:

Privacy is a fundamental right, and compliance with data protection laws is essential for ensuring the protection of individuals' personal data. This Privacy Compliance Program outlines SatisFIND's commitment to compliance with the Personal Data Protection Act (PDPA) and other relevant regulations in Singapore. By implementing this program, SatisFIND aims to safeguard the privacy and security of personal data collected, processed, and stored by the organization.

2. Legal Framework:

The Privacy Compliance Program is based on the PDPA, which governs the collection, use, and disclosure of personal data in Singapore. SatisFIND also adheres to regulations, guidelines, and advisories issued by the Personal Data Protection Commission (PDPC) to ensure compliance with the law.

3. Scope:

This Privacy Compliance Program applies to all personal data collected, processed, and stored by SatisFIND, including data relating to customers, employees, and other individuals. It covers all activities and processes involving personal data within the organization.

4. Roles and Responsibilities:

• Data Protection Officer (DPO): [Name] is designated as the Data Protection Officer and is responsible for overseeing compliance with data protection laws, implementing data protection policies and procedures, and serving as the point of contact for data protection inquiries.
• Employees: All employees are responsible for ensuring compliance with data protection policies and procedures in their respective roles and activities.

5. Data Inventory and Mapping:

SatisFIND conducts a comprehensive data inventory to identify all personal data collected, processed, and stored by the organization. Data mapping exercises are conducted to understand data flows within the organization and with third parties.

6. Data Protection Policies and Procedures:

SatisFIND has developed and implemented data protection policies and procedures aligned with PDPA requirements. These policies cover areas such as data collection, use, disclosure, retention, and disposal, ensuring that personal data is handled responsibly and in accordance with the law.

7. Data Protection Impact Assessments (DPIAs):

SatisFIND conducts Data Protection Impact Assessments (DPIAs) to identify and mitigate privacy risks associated with new projects or initiatives that involve the processing of personal data.

8. Consent Management:

SatisFIND has established procedures for obtaining valid consent for the collection, use, and disclosure of personal data. Transparency is ensured in the consent process, and individuals are provided with clear information about the purposes for which their data will be used.

9. Vendor Management:

SatisFIND assesses the data protection practices of third-party vendors and includes data protection requirements in contracts to ensure the security and confidentiality of personal data. Vendor management procedures also include periodic audits and reviews of vendor compliance with data protection obligations.

10. Incident Response:

SatisFIND has detailed procedures in place for responding to privacy incidents, including data breaches. These procedures include:

• Immediate notification and escalation of incidents to the Data Protection Officer (DPO).
• Investigation of the incident to determine the cause and extent of the breach.
• Mitigation measures to contain the breach and prevent further unauthorized access.
• Notification of affected individuals and the Personal Data Protection Commission (PDPC) in accordance with legal requirements.
• Review and analysis of the incident to identify areas for improvement and implementation of corrective actions.

11. Continuous Improvement:

SatisFIND has mechanisms in place for the continuous monitoring, review, and improvement of the Privacy Compliance Program. This includes:

• Regular audits and assessments of privacy compliance.
• Periodic reviews of data protection policies and procedures to ensure alignment with evolving legal and regulatory requirements.
• Training and awareness programs to keep employees informed about changes to privacy laws and best practices.
• Feedback mechanisms to solicit input from stakeholders and address any privacy concerns or suggestions for improvement.

SatisFIND B2B Services

Some of SatisFIND's products, services, Internet Sites, and Apps are designed for use by our Business Partners, including our business customers ("SatisFIND B2B Services"). Your usage of these services is governed by your company. Consequently, authorized personnel at your company may access the personal information collected through these SatisFIND B2B Services, and your company may have policies that apply to your usage of them.

SatisFIND does not bear responsibility for the data privacy and security policies and practices of our Business Partners, which may differ from this Privacy Policy and any applicable Specific Privacy Statements. If your company manages your utilization of a SatisFIND B2B Service, please direct any privacy inquiries regarding your usage of that service to your company. In the event of a conflict between this Policy and an agreement between SatisFIND and its Business Partner for a SatisFIND B2B Service, the agreement between SatisFIND and its Business Partner shall prevail.

Additional Information for EU Residents

Data controller and contact information

The data controller for personal data collected under this Privacy Policy is the relevant SatisFIND entity in your country, and, as applicable, SatisFIND Pte. Inc., located at 21 Tan Quee Lan Street, #02-04 Heritage Place, Singapore 188108. If you are using SatisFIND B2B Services administered by your company, your company may act as the controller for personal data collected by those SatisFIND B2B Services. Please contact your company for further information.

You can reach SatisFIND’s European data protection officer at:

Attn. EU Data Protection Officer, SatisFIND EU operations

Email: privacy_EU@satisfind.com

SatisFIND’s Lawful Basis for Processing Your Personal Data

The lawful basis for SatisFIND’s processing of your personal data depends on the purposes of the processing. For most personal data processing activities covered by this Privacy Policy, the lawful basis is that the processing is necessary for SatisFIND’s legitimate business interests. Where we process personal data in relation to a contract, or a potential contract, with you, the lawful basis is that the processing is necessary for the performance of our contract with you or to take steps at your request prior to entering into a contract. When we are required to share personal data with law enforcement agencies or other governmental bodies, we do so on the basis that we are under a legal obligation to do so. We will also use consent as the legal basis where we deem appropriate or to the extent required by applicable law, for example, before we collect precise location data from your mobile device.

More Information

Processing on the Basis of Legitimate Business Interests

When we process personal information on the basis that the processing is necessary for our legitimate business interests, such interests include:

• Providing, improving, and promoting SatisFIND Internet Sites, Apps, products, and services.
• Communicating with current and potential customers, other Business Partners, and their individual points of contact.
• Managing our relationships with our customers and other Business Partners, and their individual points of contact.
• Other business development purposes.
• Sharing information within the SatisFIND group, as well as with service providers and other third parties.
• Maintaining the safety and security of our products, services, and employees, including fraud protection.

Processing on the Basis of Performance of a Contract

Examples of situations in which we process personal information as necessary for performance of a contract include e-commerce transactions in which you purchase a product or service from SatisFIND through a SatisFIND Internet Site or App.

Processing on the Basis of Consent

Examples of processing activities for which SatisFIND uses consent as its legal basis include:

• Collecting and processing precise location information from your mobile device.
• Sending promotional emails when consent is required under applicable law.
• Processing personal data on SatisFIND Internet Sites or Apps through cookies and similar technologies when consent is required by applicable law.

Processing Because SatisFIND Is Under a Legal Obligation to Do So

Examples of situations in which SatisFIND must process personal data to comply with its legal obligations include:

• Payment of taxes and other government levies.
• Providing your personal data to law enforcement agencies and other governmental bodies when required by applicable laws.
• Retaining business records required to be retained by applicable laws.
• Complying with court orders or other legal processes.

Additional Information About the Retention of Your Personal Data

To determine the period for which your personal data will be retained in accordance with this Policy, SatisFIND considers criteria such as:

• Any applicable legal requirements to retain data for a certain period of time.
• Any retention obligations related to actual or potential litigation or government investigations.
• Any retention requirements in relevant agreements with our Business Partners.
• The date of your last interaction with SatisFIND.
• The length of time between your interactions with SatisFIND.
• The sensitivity of the data.
• The purposes for which the data was collected.

Your Individual Rights

In accordance with applicable laws in the European Union, you have the following rights with respect to your personal data, which apply differently in different circumstances:

Right of Access

You have the right to ask SatisFIND to confirm whether we process your personal data. If we do, you have the right to request access to your personal data that we process and the following information:

• The purposes of the processing.
• The categories of personal data we process.
• The recipients or categories of recipients of your personal data.
• The envisaged retention period of the data where possible, or the criteria we use to determine the retention period.
• Your right to request rectification or erasure of your personal data, or restriction of the processing of such data.
• Your right to file a complaint with a supervisory authority.
• If we have not collected the data from you, any information we have available about the source of the data.
• Whether we use your personal data to make any automated decisions that have legal or other similar significant effects on you.

Right to Rectification

You have the right to have SatisFIND correct your personal data if they are inaccurate. Taking into account the purposes of the processing, you may also have the right to have incomplete personal data about you completed, including by providing a supplementary statement to SatisFIND.

Right to Object to Processing for SatisFIND’s Legitimate Business Interests

You have the right to object to SatisFIND processing your personal data when that data is processed on the basis of SatisFIND’s legitimate business interests. SatisFIND will honor your objection and stop processing the relevant personal data unless:

• We have compelling legitimate grounds for the processing that override your interests, rights, and freedoms; or
• We need to continue processing your personal data to establish, exercise, or defend a legal claim.

Right to Object to Processing for Direct Marketing

If SatisFIND processes your personal data for direct marketing purposes, you have the right to object to this processing. If you exercise this right, SatisFIND will stop processing your personal data for direct marketing purposes.

Right to Restrict Processing

You have the right to request that SatisFIND restrict the processing of your personal data in the following circumstances:

• For the period of time SatisFIND needs to verify the accuracy of your personal data when you contest its accuracy.
• When the processing of your personal data is unlawful and you oppose the erasure of the data, and instead request that SatisFIND restrict the use of the data.
• When SatisFIND no longer needs your personal data for the purposes of processing, but you need the data to establish, exercise, or defend a legal claim.
• For the period of time SatisFIND needs to verify if it has compelling legitimate grounds for processing that override your interests, rights, and freedoms when you object to the processing of your personal data for SatisFIND’s legitimate business interests.

If following your request SatisFIND restricts the processing of your personal data, SatisFIND will store your data and otherwise process it only with:

• Your consent.
• To establish, exercise, or defend a legal claim.
• To protect the rights of another natural or legal person.
• For reasons of important public interest of the European Union or a Member State. SatisFIND will also inform you before lifting the restriction of processing.

Right to Erasure

The right to erasure is also called the “right to be forgotten.” You may ask SatisFIND to delete your personal data. This right is not absolute. SatisFIND is required to delete your personal data upon your request only in the following circumstances:

• Your personal data is no longer necessary for the purposes for which SatisFIND collected or processed them.
• If SatisFIND processes your personal data on the basis of consent, you withdraw your consent, and no other legal ground exists for SatisFIND to continue processing your personal data.
• If SatisFIND processes your personal data for its legitimate business interests, you object to the processing, and there are no overriding legitimate grounds for SatisFIND to continue processing your personal data.
• If SatisFIND has processed your personal data unlawfully.
• The personal data must be erased to comply with a legal obligation under European Union or Member State law to which SatisFIND is subject.

SatisFIND is not required to erase your personal data to the extent that SatisFIND needs to process them to:

• Exercise its right of freedom of expression and information.
• Comply with a legal obligation under European Union or Member State law to which SatisFIND is subject.
• To establish, exercise, or defend a legal claim.

Right to Data Portability

You have the right to receive personal data you provided to SatisFIND when:

• The processing of the data is based on your consent or is necessary for the performance of a contract between you and SatisFIND.
• SatisFIND’s processing of your personal data is carried out by automated means.
• Complying with your request will not adversely affect the rights and freedoms of others.

If you have the right to receive such personal data and request that SatisFIND provide it, SatisFIND will provide it to you in a structured, commonly used, and machine-readable format.

Right to Lodge a Complaint With a Supervisory Authority

SatisFIND will use its best efforts to address and settle any requests or complaints brought to its attention. In addition, you have the right to approach the competent data protection authority with requests or complaints. This can be the supervisory authority in the country or federal state where you live. The overall competent supervisory authority for SatisFIND in Europe is:

Commission for the Protection of Privacy

Rue de la Presse 35, 1000 Brussels

Telephone: +32 (0)2 274 4800

Email: commission@privacycommission.be

Website: www.privacycommission.be

The Philippines Addendum to the SatisFIND Global Privacy Policy

This addendum supplements, details, or modifies the SatisFIND Global Privacy Policy in accordance with the Philippine Data Privacy Act of 2012 (R.A. No. 10173), its implementing rules and regulations, and related issuances of the National Privacy Commission (collectively referred to herein as the "Law").

This addendum applies to the processing of personal information and sensitive personal information (collectively, "Personal Data") by SatisFIND. For this purpose, the term “processing” shall include, but not be limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure, or destruction of personal data.

Personal Information

Philippine law defines personal information as any information, whether recorded in a material form or not, from which the identity of an individual is apparent or can be reasonably and directly ascertained by the entity holding the information, or when put together with other information would directly and certainly identify an individual.

The personal information collected by SatisFIND may include, but is not limited to, the following:

• Name, title, address;
• Personal identification and/or passport number;
• Telephone number;
• Email address and online passwords;
• Records of communications with SatisFIND, responses to market surveys, mystery shopping, customer experience surveys, and contests conducted by SatisFIND or on its behalf;
• Credit card or debit card information;
• Camera or video footage that identifies individuals (including CCTV footage) installed at some parts of SatisFIND’s premises and/or those that are part of its security infrastructure and those present at the mystery shopping locations;
• Username, password, and other identifiers when you register at SatisFIND’s website.

Sensitive Personal Information

Definition of Sensitive Personal Information

Under Philippine law, sensitive personal information refers to personal information:

• About an individual’s race, ethnic origin, marital status, age, color, and religious, philosophical, or political affiliations;
• About an individual’s health, education, genetic or sexual life of a person, or to any proceeding for any offense committed or alleged to have been committed by such person, the disposal of such proceedings, or the sentence of any court in such proceedings;
• Issued by government agencies peculiar to an individual which includes, but is not limited to, social security numbers, previous or current health records, licenses or its denials, suspension, or revocation, and tax returns;
• Specifically established by an executive order or an act of Congress to be kept classified.

Processing of Sensitive Personal Information

We will only process sensitive personal information upon the express consent of the data subject and only for purposes it was provided or in accordance with the law.

In processing sensitive personal information, SatisFIND will inform data subjects of the sensitive personal information that is necessary to fulfill the core functionality of the product or service and the consequences of refusal to the processing, for the purpose of allowing the data subjects to decide whether or not to give consent.

Collection, Purpose of Collection, and Processing of Personal Data

Personal data will generally only be collected and used for the primary purposes of:

• Communicating with employees, customers, contractors, suppliers, agents, or any other individuals;
• Conducting, improving, maintaining, and developing a business relationship and/or for employment purposes;
• General HR administration and information required for the management of the employment relationship;
• Processing, servicing, or enforcing transactions and sending related communications;
• Identifying and verifying individuals that have been supplied with any SatisFIND services or products;
• Administering customer orders or managing projects;
• Responding to an individual’s queries;
• Administering contests, mystery shopping, or surveys conducted by SatisFIND or on SatisFIND’s behalf;
• Marketing (such as providing individuals with information about SatisFIND products and promotional notices and offers);
• Processing your purchase, application, inquiry, or request;
• Ensuring IT security and resource management;
• Ensuring site security;
• Compliance with applicable laws and regulations of regulatory authorities and enforcement agencies;
• Administrative purposes such as billing, payment, and debt collection;
• Responding to any claim and/or legal process;
• Improving SatisFIND’s website.

Disclosure

SatisFIND discloses personal data:

• For the primary purpose for which it was collected;
• For purposes that a reasonable person will consider appropriate in the circumstances;
• Where the individual has consented;
• For direct marketing by SatisFIND where consent has been given, but individuals will be given the opportunity to opt out of such direct marketing. SatisFIND includes its contact details in any direct marketing;
• Where permitted by law;
• To SatisFIND’s parent, related, affiliate, and/or associate company;
• In any court of law or any relevant party in connection with any claim or legal proceedings, legal firms and/or advisors, debt collection agencies, credit reporting agencies, and/or credit providers;
• To any payment agencies, including, but not limited to, financial institutions for purposes of maintaining financial records, assessing or verifying credit, and facilitating payment;
• Regulatory authorities and enforcement agencies;
• Third-party service providers, consultants, insurers, underwriters, auditors, and advisors as well as their respective agents and/or contractors on a need-to-know basis;
• Any actual or potential assignee, transferee, or acquirer of any of SatisFIND’s business in connection with any corporate exercise.

SatisFIND does not disclose your personal data for any secondary purposes unless your consent has been previously obtained in accordance with the law.

SatisFIND will not sell or license any personal data that it collects from an individual.

In situations where SatisFIND processes personal data outside reasonable expectations, SatisFIND will require your consent prior to processing.

Cross-border Disclosure

Any personal data provided to SatisFIND may be transferred to, stored by, or disclosed to an overseas recipient. For example, SatisFIND may use a server hosted overseas to store data, which may include your personal data.

Your personal data may also be processed by employees or by other third parties operating outside of the Philippines in countries like the United States of America or in the European Union, India, and Singapore who work for SatisFIND, or by the representatives and employees of SatisFIND’s parent company and affiliates.

SatisFIND will take reasonable steps, in the circumstances, before your personal data is disclosed to an overseas recipient, to ensure that the overseas recipient does not breach privacy laws in relation to your personal data.

Data Breach

Where a suspected data breach has occurred, SatisFIND will act in accordance with its data breach response plan. In the event that SatisFIND has determined that a data breach has occurred, we will notify the National Privacy Commission and affected data subject (s) in accordance with the law.

Anonymity

SatisFIND gives individuals the option not to identify themselves when dealing with it, where practicable. However, if you do not provide us with the personal data that we request, our ability to handle your inquiry, request, complaint, or application may be diminished.

Consent and Limitation in the Processing of Personal Data

You may choose whether or not to provide your personal data, and, if already provided, you may choose to exercise your right to object, block, or remove such personal data as provided by law. If you would like to exercise your right to object, block, or remove your consent, please contact SatisFIND using the contact details below.

In this case, however, we may not be able to adequately provide you the assistance or services you requested.

When you object, block or remove your consent, SatisFIND shall no longer process your personal data, except in cases allowed or required by law.

If you would like to update, correct, or access your personal data, please contact us using the contact details below.

Inquiries and Complaints

If you have any queries or concerns about SatisFIND’s privacy policy, this addendum, or about our use of your personal data, you may write to us using the following contact details:

Email: privacy_ph@satisfind.com

SatisFIND

Attn: Data Protection Officer

SatisFIND Pte. Inc. 21 Tan Quee Lan Street, #02-04 Heritage Place Singapore 188108

The India Addendum to the SatisFIND Global Privacy Policy

This addendum supplements, details, or modifies the SatisFIND Global Privacy Policy in accordance with the applicable laws of India, including but not limited to the Information Technology Act, 2000, and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 (collectively referred to herein as the "Indian Laws").

This addendum applies to the processing of personal information and sensitive personal data or information (collectively, "Personal Data") by SatisFIND Entity in India, known as SatisFIND Technology Private Limited ("STPL" or "we" hereinafter). For this purpose, the term “processing” shall include, but not be limited to, the collection, recording, organization, storage, updating or modification, retrieval, consultation, use, consolidation, blocking, erasure, or destruction of personal data.

Personal Information

Indian law defines personal information as any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person.

The personal information collected by SatisFIND may include, but is not limited to, the following:

• Name, title, address;
• Personal identification and/or passport number;
• Telephone number;
• Email address and online passwords;
• Records of communications with SatisFIND, responses to market surveys, mystery shopping, customer experience surveys, and contests conducted by SatisFIND or on its behalf;
• Credit card or debit card information;
• Camera or video footage that identifies individuals (including CCTV footage) installed at some parts of SatisFIND’s premises and/or those that are part of its security infrastructure and those present at the mystery shopping locations;
• Username, password, and other identifiers when you register at SatisFIND’s website.

Sensitive Personal Data or Information

Definition of Sensitive Personal Data or Information

Under Indian law, sensitive personal data or information includes:

• Passwords;
• Financial information such as bank account or credit card or debit card or other payment instrument details;
• Physical, physiological, and mental health condition;
• Sexual orientation;
• Medical records and history;
• Biometric information;
• Any detail relating to the above clauses as provided to a body corporate for providing service;
• Any of the information received under the above clauses by a body corporate for processing, stored or processed under lawful contract or otherwise.

Processing of Sensitive Personal Data or Information

We will only process sensitive personal data or information upon the express consent of the data subject and only for purposes it was provided or in accordance with the law.

In processing sensitive personal data or information, SatisFIND will inform data subjects of the sensitive personal data or information that is necessary to fulfill the core functionality of the product or service and the consequences of refusal to the processing, for the purpose of allowing the data subjects to decide whether or not to give consent.

Collection, Purpose of Collection, and Processing of Personal Data

Personal data will, generally, only be collected and used for the primary purposes of:

1. Communicating with employees, customers, contractors, suppliers, agents, or any other individuals;
2. Conducting, improving, maintaining, and developing a business relationship and/or for employment purposes;
3. General HR administration and information required for the management of the employment relationship;
4. Processing, servicing, or enforcing transactions and sending related communications;
5. Identifying and verifying individuals that have been supplied with any SatisFIND services or products;
6. Administering customer orders or managing projects;
7. Responding to an individual’s queries;
8. Administering contests, mystery shopping, or surveys conducted by SatisFIND or on SatisFIND’s behalf;
9. Marketing (such as providing individuals with information about SatisFIND products and promotional notices and offers);
10. Processing your purchase, application, inquiry, or request;
11. Ensuring IT security and resource management;
12. Ensuring site security;
13. Compliance with applicable laws and regulations of regulatory authorities and enforcement agencies;
14. Administrative purposes such as billing, payment, and debt collection;
15. Responding to any claim and/or legal process;
16. Improving SatisFIND’s website.

Disclosure

SatisFIND discloses personal data:

• For the primary purpose for which it was collected; or
• For purposes that a reasonable person will consider appropriate in the circumstances; or
• Where the individual has consented; or
• For direct marketing by SatisFIND where consent has been given, but individuals will be given the opportunity to opt out of such direct marketing. SatisFIND includes its contact details in any direct marketing; or
• Where permitted by law;
• To SatisFIND’s parent, related, affiliate, and/or associate company;
• In any court of law or any relevant party in connection with any claim or legal proceedings, legal firms and/or advisors, debt collection agencies, credit reporting agencies and/or credit providers;
• To any payment agencies including, but not limited to, financial institutions for purposes of maintaining financial records, assessing or verifying credit, and facilitating payment;
• Regulatory authorities and enforcement agencies;
• Third-party service providers, consultants, insurers, underwriters, auditors and advisors as well as their respective agents and/or contractors on a need-to-know basis; and
• Any actual or potential assignee, transferee, or acquirer of any of SatisFIND’s business in connection with any corporate exercise.

SatisFIND does not disclose your personal data for any secondary purposes unless your consent has been previously obtained in accordance with the law.

Cross-border Disclosure

Any personal data provided to SatisFIND may be transferred to, stored by or disclosed to an overseas recipient. For example, SatisFIND may use a server hosted overseas to store data, which may include your personal data.

Your personal data may also be processed by employees or by other third parties operating outside of India in countries like the United States of America or in the European Union, India, and Singapore who work for SatisFIND, or by the representatives and employees of SatisFIND’s parent company and affiliates.

SatisFIND will take reasonable steps, in the circumstances, before your personal data is disclosed to an overseas recipient, to ensure that the overseas recipient does not breach privacy laws in relation to your personal data.

Data Breach

Where a suspected data breach has occurred, SatisFIND will act in accordance with its data breach response plan. In the event that SatisFIND has determined that a data breach has occurred, we will notify the National Privacy Commission and affected data subject(s) in accordance with law.

Anonymity

SatisFIND gives individuals the option not to identify themselves when dealing with it, where practicable. However, if you do not provide us with the personal data that we request, our ability to handle your inquiry, request, complaint, or application may be diminished.

Consent and Limitation in the Processing of Personal Data

You may choose whether or not to provide your personal data, and, if already provided, you may choose to exercise your right to object, block, or remove such personal data as provided by law. If you would like to exercise your right to object, block, or remove your consent, please contact SatisFIND using the contact details below.

In this case, however, we may not be able to adequately provide you the assistance or services you requested.

When you object, block, or remove your consent, SatisFIND shall no longer process your personal data, except in cases allowed or required by law.

If you would like to update, correct or access your personal data, please contact us using the contact details below.

Inquiries and Complaints

If you have any queries or concerns about SatisFIND’s privacy policy, this addendum, or about our use of your personal data, you may write to us using the following contact details:

Email: privacy_in@satisfind.com

SatisFIND

Attn: Data Protection Officer

Taraporewalas’s Mansion, Plot No 26 B, Road No 12, Banjara Hills,

MLA Colony Hyderabad, Telangana, 500034. India.