This document is an electronic record in terms of Applicable Law (as defined below). This electronic record is generated by a computer system and does not require any physical or digital signatures.
(i) “Applicable Law” shall include all laws, statutes, ordinance, regulations, guidelines, policies and other pronouncements having the effect of law of all or any applicable jurisdictions by state, municipality, court, tribunal, government, ministry, department, commission, arbitrator or board or such other body which has the force of law in all or any applicable jurisdiction, including but not limited to the General Data Protection Regulations (“GDPR”). In addition, Users shall also be governed by the applicable data protection / privacy laws of User’s country of residence.
(ii) “Content” shall include, without limitation, data, text, written posts, comments, software, scripts, interactive features generated, graphics, images, photos, documents, audio, video, location data, nearby places and all other forms of information or data.
(iv) “Portal” shall mean the internet portal located at URL – www.gricaa.com(“Website”).
(v) “Principal Advisor” shall mean groups of professionals and consultants in various industries and specialties who educate and share insights with financial and business leaders and other organizations and professionals (“Clients”).
(vi) “Services” is in respect of the Principal Advisor providing his expert advice to its Clients in the following areas but not limited to of either strategy, marketing, human resources, financial advisory, governance, risk, compliance, internal audit or assurance advisory through the Portal.
(viii) “TSPs” shall mean, third party service providers, as applicable, whose services are used in addition to or in conjunction with the Services of the Company.
(x) “User Content” shall mean any Content that the User saves, submits, posts, displays, uploads, shares, transmits, through or in their CXOEngage profile, including but not limited to, images, photos, documents and contact details saved therein by the User, profile information, and any other Content or information that User stores or makes available on the Portal.
(i) all of the Company’s policies (including but not limited to Terms of Service, available at www.gricaa.com, Principal Advisor Terms & Conditions and Client Terms & Conditions, as amended from time to time);
(ii) any plan limits, product disclaimers or other restrictions presented to User on the Services page of the Company’s Portal;
(iii) all agreements, guidelines, policies, practices, procedures, registration requirements or operational standards of the top-level domain ("TLD") in which User register any domain (“Registry Policies”); and
(iv) any applicable Third - Party Privacy Policies.
1.6. User also acknowledges and agrees that with respect to certain activities, the collection, transfer, storage, and processing of User information may be undertaken by trusted third party partners or affiliates or agents of Company such as credit card processors, web hosting providers, communication services, and web analytic providers, to help facilitate Company in providing certain functions.
2. Collection and use of Personal Information
2.1.1. Information Company Collects Directly from User.
When User browses or transacts on the Portal, Company collects information from the User, including but not limited to Personal Information. For example, Company collects information from the User when the User creates an online Account with Company, signs up for the Services, makes a purchase, requests information, submits a Feedback or Support ticket, participates in a contest or survey, or otherwise contacts Company. The type of information that Company collects depends on the User’s interaction with Company, but may include, where permitted by Applicable Laws, the following:
- age / birthdate,
- e-mail address,
- name of country of residence,
- telephone number,
- professional biography,
- complete physical address, and
- any other information that User chooses to provide.
2.1.3. Information Company Collects Automatically.
Company automatically collects the following information about Users use of the Portal or online Services through cookies, web beacons, log files and other technologies, as enumerated below:
- User’s unique device identifiers,
- User’s domain name,
- User’s browser type and operating system,
- web pages the User views,
- links the User clicks,
- User’s IP address,
- the length of time User visits the Portal or uses the Services,
- User’s activities on the Portal or use of the Services (including User’s movement through the Portal), and
- the referring URL or the webpage that led the User to Company’s Portal.
When a User visits the Company Portal, the Company sends one or more cookies i.e. a small file containing a string of characters, to the User’s computer that uniquely identifies the User’s browser. Cookies make it easier for the User to log on to and use the Portal during future visits. The User can configure their browser to accept all cookies, reject all cookies, or notify them when a cookie is set. (Each browser is different, so the User is to check the "Help" menu of their browser to learn how to change their cookie preferences.
2.2. Company shall collect and use User’s information, including Personal Information only through the Portal. However, it may collect and use Principal Advisor’s information through the Client and other third parties.
2.3. Company may use and retain the information, including Personal Information, that the Company collects from the User in an aggregated form or Company may associate it with User’s Username and other Personal Information that Company collects about the User. Company may also combine information collected about the User on the Portal with information collected through User’s use of Company’s Services for the same purposes as Company would use such information in non-combined form.
2.4. Company does not, at any time, collect information about the User, such as name, contact, or demographic information from third party sources, such as research service providers.
2.5. Company may use and retain such information, including Personal Information to send User any communication including but not limited to notifications related to the User’s Account, announcements about updates/additions/variations to the Services that Company may offer from time to time, reminders about the User’s registration, towards renewing the said registration, that maybe expiring.
2.6. Company may occasionally hire other companies to provide limited services on its behalf, including answering User questions about Services and sending postal mail. Company will only provide those companies the information they need to deliver the Service, and they are prohibited from using that information for any other purpose.
2.7. Company may also use Personal Information for internal purposes such as auditing, data analysis, and research to improve the Services.
2.8. Company may conduct optional online surveys towards analysing User experiences on the Portal and may use the information shared by the User with the Company to tailor User experience on the Portal and in relation to the Services. Such information shared by the User will not be shared by the Company with any third parties.
3. Sensitive Personal Information
3.1. ‘Sensitive Personal Information’ refers to Personal Information revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health or data concerning a natural person’s sex life or sexual orientation.
3.2. The Company does not require / collect / process Sensitive Personal Information of the User.
4. Manner of dealing with Personal Information
4.1. Company uses the information that Company gathers about User for the following purposes:
4.1.1. To provide Company’s Services, to communicate with the User about User’s use of Company’s Services. The Company facilitates the Principal Advisor by providing the Principal Advisor with opportunities to participate as a Principal Advisor, to assist with required approvals and consents for participation in an engagement with the Client, to comply with applicable laws and Client compliance policies, and to keep you up to date with new developments on the Portal.
4.1.2. For the purpose for which User specifically provided the information to Company, including, to respond to User’s inquiries and for providing customer service.
4.1.3. Company may use User’s information, such as User’s email address, phone number, or mailing address to contact User with newsletters, special offers and promotions.
4.1.4. Company gathers some information automatically and stores it in log files. This information includes Internet Protocol (IP) addresses, browser type and language, Internet Service Provider (ISP), referring and exit pages, operating system, date/time stamp, and clickstream data.
4.1.5. As the Company operates in a global scenario, the Company shall use this information to understand and analyse trends in an anonymised fashion, to administer the Portal, to gather demographic information about Company User base as a whole and also towards administering, monitoring and improving the Portal and Services. Company may use this information for internal purposes, and for other research and analytical purposes. Company shall have the exclusive rights towards all reports/analysis created by it on the basis of the Personal Information of the User.
4.1.6. Company uses Personal Information to provide Services requested by the User. Company uses User’s Personal Information to resolve disputes; troubleshoot problems; help promote a safe service; measure consumer interest in Services, inform the User about online and offline offers, Services, and updates; customize User experience; detect and protect Company against error, fraud and other criminal activity; enforce Company’s terms and conditions; and as otherwise described to the User at the time of collection.
4.1.7. Under no circumstances does the Company either sell or share a User’s Personal Information with third parties for marketing purposes. The Portal and trusted third parties process your information only for the purposes for which it was collected.
5.2. Personal Information of Principal Advisor
5.2.1. The Company may disclose the Principal Advisor Personal information to Clients.
5.2.2. The Company may disclose User’s information to third parties, such as current and former employers and companies that the Principal Advisor has provided services to or contracted with, for the purpose of confirming any consents or approvals that the Principal Advisor may need to participate as a Principal Advisor or in specific engagements.
5.2.3. The Company reserves the right to conduct background checks on the Principal Advisor, including through a third-party service. The Company may seek to verify the employment history, education credentials and check for any criminal history of the Principal Advisor. The Company may seek to verify the duration and accurate invoicing and description of the engagements that have been conducted by the Principal Advisor for the Clients.
5.2.4. The Company may share Principal Advisor’s Personal Information with non-Client third parties for the purpose of promoting the Company’s business, including without limitation by displaying such information on the Portal, the Company’s third party partner websites, print media and other materials (collectively, "Marketing Materials"), subject to the Principal Advisor’s right to opt-out.
5.3.2. The Company may also provide and/or disclose such information to any other trusted businesses or persons for the purpose of processing Personal Information on behalf of the Company.
5.3.4. It may be necessary by Applicable Laws, legal process, litigation, and/or requests from public and government authorities for Company to disclose User’s Personal Information. Company may also disclose information about the User if it determines that for purposes of national security, law enforcement, or other issues of public importance, disclosure is necessary or appropriate.
5.3.5. Company may also disclose information about the Users if it determines that disclosure is reasonably necessary to enforce Company terms and conditions or protect its operations or Users or to protect the Company against third-party claims.
5.3.6. In the event of a reorganization, merger, or sale or if substantially all of Company’s assets are transferred to another company (which may include as part of bankruptcy proceedings), Company may transfer any and all Personal Information that Company collects to the relevant third party with intimation to the User.
6. Protection of Personal Information
6.1. User’s Personal Information is never shared outside Company without User permission, except under conditions explained above. Within the Company, Personal Information is stored in password-controlled servers with limited access to the members and other personnel or consultants on a need-to-know basis.
6.2. Company employs security measures to protect your information both online and offline from access by unauthorized persons and against unlawful processing, accidental loss, destruction and damage.
6.3. Company’s service providers and agents are contractually bound to maintain the confidentiality of Personal Information and may not use the information for any unauthorized purpose.
6.4. To ensure safety of User’s Personal Information, Users are advised against sharing their account information with anyone. Users should take steps to protect against unauthorized access to User’s password, phone and computer by, among other things, signing off after using a shared computer, choosing a unique and robust password that nobody else knows or can easily guess, and keeping User’s Username and password, secure. Company is not responsible or liable for any lost, stolen or compromised passwords, or for any activity on user’s account via unauthorized password.
7. Transfer of Personal Information across Geographies
7.1. Company may transfer certain Personal Information across geographical borders to Company’s other entities within the group or service providers in other countries working on Company’s behalf in accordance with Applicable Laws.
7.2. By providing Company with information or using the Portal, User consents to the collection, international transfer, storage, and processing of User’s information.
7.4. These transfers are governed by common law, standard contractual clauses or equivalent data transfer agreements to protect the security and confidentiality of Personal Information.
8. Access and updation of Personal Information
Users are entitled to see their Personal Information held by the Company, subject to the Company’s confidentiality obligations to its Clients. The User may review, update or correct their Personal Information in the ‘Settings’ tab on the Portal to ensure that their Personal Information is correct and current. Users may update this information, change their passwords and other details related to their profile at any time by logging into their account. The Principal Advisors are required to regularly update the biographical and employment information on the Portal.
The Portal and/or the Services are not intended for use of any person under the age of 16 years. Company does not knowingly collect any Personal Information from any person under the age of 16 years or market to or solicit information from any person under the age of 21 years. If Company becomes aware that a person submitting Personal Information is under the age of 16 years, Company shall delete such User’s account and any related information immediately. If any persons believe that they may have any information from or about a child under the age of 16 years using the Portal and/or Services, please contact Company at [email protected]
11.2. In the event the User accesses and/or uses any third-party websites, links to which may be contained in the Company’s Portal and/or the Company’s Services, User is aware that such linked websites shall be governed by the privacy policies of those third parties. Company shall not be responsible for the information practices of such third parties.
12. Communications from the Company
12.1. From time to time, Company shall communicate with Users, who register on the Portal to its Services, via email or text message or telephone calls. It is hereby clarified that the Company shall only be sending Services related transactional and/or promotional communications to the User and shall not be sending any unsolicited commercial email or spam.
12.2. In the event that the User wishes to unsubscribe from receiving any promotional communication from the Company, the User may click on the ‘Unsubscribe’ link that is provided at the bottom of each such communication mail. Services related transactional communications cannot be unsubscribed.
12.3. The Principal Advisors may opt-out of membership as a Principal Advisor, whereupon the Company will use reasonable efforts to cease contacting such persons.
13. Limitation of Liability
13.1. Company is not responsible for any breach of security or for any actions of any third parties that receive the User’s Personal Information.
13.3. A “Force Majeure Event” shall mean any event that is beyond the reasonable control of Company and shall include, without limitation, sabotage, fire, flood, explosion, acts of God, civil commotion, strikes, lockouts or industrial action of any kind, riots, insurrection, war, acts of government, computer hacking, civil disturbances, unauthorised access to computer data and storage device, computer crashes, breach of security and encryption, and any other similar events not within the control of Company and which Company is not able to overcome.
14. Compliance with GDPR
14.1. Company recognizes that protection of data is increasingly important to individuals, organizations and stakeholders. Accordingly, Company must earn the User’s trust for User to share its Personal Information with Company. Company currently processes and manages Personal Information in accordance with Applicable Laws, including but not limited to applicable privacy laws, specifically, in accordance with the EU Data Protection Directive, which is regarded as one of the highest and strictest in the world.
14.2. Company has already embedded and will continue to embed data protection principles even more deeply into its business processes, with the objective that technical and organizational security measures limit, by default, the amount and use of Personal Information to what is specifically required.
15. For Users in the European Union or Swiss
15.1. Access to Personal Information
15.1.1. Where applicable, User shall have the right to obtain from the Company, a confirmation as to whether or not User’s Personal Information is being processed. In addition, where such processing is confirmed, and User requests for the same, the Company shall arrange access to the Personal Information and the following information:
a. the categories of Personal Information concerned;
b. the recipients or categories of recipient to whom the Personal Information have been or will be disclosed;
c. where possible, the envisaged period for which the Personal Information will be stored, or, if not possible, the criteria used to determine that period;
d. the existence of the right to request from the Registrar, rectification or erasure of Personal Information or restriction of processing of personal data concerning the data subject or to object to such processing;
e. the right to lodge a complaint with a supervisory authority;
f. where the Personal Information was not collected from the User by the Company, any available information as to its source (e.g. referral program etc.); and
g. the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) of the GDPR and, at least in those cases, meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing for the data subject.
15.1.2. Where User’s Personal Information is transferred to a third country, User shall also have the right to be informed of the appropriate safeguards the Company have put in place pursuant to Article 46 of the GDPR relating to the transfer.
15.1.3. Copies of the information: The Company shall be happy to provide, where requested, a copy of the information, relating to the User, which are being processed, subject to the restrictions as noted in Article 23 of the GDPR.
All Personal Information held by the Company is that Personal Information which the User has provided the Company. To review, update or correct this Personal Information, User should log in to Portal and access the ‘Settings’ tab. If this is deemed insufficient, or if the User is experiencing any difficulties in making the required updates, User should contact the Company at [email protected].
15.3. Deletion / Erasure
In the event that the User, as the data subject, wishes to erase Personal Information concerning the User, the Company will fulfil this request should one of the following grounds apply:
a. the Personal Information is no longer necessary in relation to the purposes for which it was collected or otherwise processed, e.g. the provision of the Company’s Services;
b. where processing is based solely upon User’s required consent, and User withdraws the consent on which the processing is based;
c. where the User objects to the processing, and where there are no overriding legitimate grounds for the processing;
d. where User can demonstrate that the Personal Information has been unlawfully processed;
e. where User provides notice that the Personal Information must be erased for compliance with a legal obligation as contained in a stated Union or Member State law to which the controller is subject; or
f. where the Company is unable to demonstrate proper reliance on an exception under 17 (3) of the GDPR.
15.4. Right to be Forgotten
In the event that the Company has disclosed User’s data to a third party and where User has made a valid request to erase User’s Personal Information, the Company will, upon receipt of request thereto from the User, taking into account the available technology and the cost of implementation, take reasonable steps, including technical measures, to inform any such third parties which are processing that Personal Information, of User’s request for erasure.
16. Data Protection Authority
16.1. If User is a resident of the European Economic Area (EEA) and believes that the Company maintains User’s Personal Information subject to GDPR, User may direct questions or complaints to User’s local supervisory authority or the Company’s lead supervisory authority, the UK's Information Commissioner’s Office, as noted below:
Information Commissioner’s Office
Water Lane, Wilmslow
Phone: 0303 123 1113
17. Content Forwarding
The Company may provide tools on the Portal to forward Content from the Portal to others through e-mail or other means. E-mail address(es) that the User supplies for Content forwarding will be used for that purpose only.
18. Refer a Colleague
The User may use the "Refer a Colleague" feature to send an e-mail to a colleague who has consented to being contacted by the Company. The User’s name shall appear as the sender on the referral e-mail. The referral e-mail offers recipients the ability to opt-out of receiving further referral e-mails. The Company may store referral information in order to present other opportunities to the colleagues of the Users. It is clarified that the User shall provide a telephone number only if the User’s colleague has consented to being contacted by the Company by phone.