NEELAM COMMUNICATION Privacy Policy

1) Definitions

• Service: Means the Mobile Device Management (MDM) platform, including all related software, systems, features, and services, that are owned, managed, and provided by NEELAM COMMUNICATION
• Personal Data: Any information that pertains to a living individual who can be identified either directly through that information alone, or in combination with other data we hold or may acquire in the future.
• Usage Data: Data collected automatically through your interaction with the Service or generated by the underlying infrastructure for example, the time a user spends on a particular page.
• Data Controller: An individual, legal entity, authority, agency, or other body that alone or jointly with others determines the purposes and means by which Personal Data is processed.
• Processing: Any operation or set of operations performed on personal data, including but not limited to collection, recording, organisation, structuring, storage, alteration, retrieval, consultation, use, disclosure, dissemination, alignment, combination, restriction, or erasure. The terms "Process" and "Processed" carry the same meaning.
• Data Processor (or Service Provider): A natural or legal person that processes data on behalf of the Data Controller. We may work with various Service Providers to assist us in handling your data efficiently.
• Sub-processor: Any third-party subcontractor appointed by us or our affiliates to assist in delivering our Services under the applicable agreement. This does not include employees or consultants of NEELAM COMMUNICATION.
• Data Subject (or User): Any living individual who makes use of our Service and whose personal data is subject to processing.
• Personal Data Breach: A security incident resulting in the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to personal data processed by us or our subcontractors during the provision of our Services. This definition does not cover unsuccessful attempts or incidents that do not actually compromise the security of personal data such as failed login attempts, pings, port scans, denial-of-service attacks, or comparable network-level events.

2) What is Personal Data?

The notion of "personal data" lies at the heart of how privacy laws are applied it becomes relevant whenever a data processing activity involves information about an individual. Personal data encompasses any information that relates to an identified or identifiable natural person. This includes details that identify you directly, or that can be combined by us or our service partners to identify you, such as your full name, email address, home address, phone number, location data, IP address, cookie ID, or photograph. It may further include details such as your age or financial information when these are associated with you. Behavioural data such as whether you opened one of our promotional emails or how you browse our website may also constitute personal data when it can be linked to you as an individual.

3) The Information We Collect

A. Personal data provided by the user for which NEELAM COMMUNICATION is Data Controller:

• Account Information: This covers your email address, first and last name, company address, company phone number, company name, country, billing email address, and the email address associated with Google API Services.
  • Purpose: To provide the Service, including account login, billing management, and access to Google APIs.
  • Storage Period: All personal data is deleted 6 months after account closure, allowing for account recovery in the event of an error. Primary contact details will be retained for 5 years following account deletion for billing record purposes, where applicable.

B. Personal data collected automatically and for which TWIETO PRIVATE LIMITED is Data Controller:

• Dashboard Action Logs:
  • Purpose: To maintain and oversee the security of your account.
  • Storage Period: Removed 6 months after the account is closed.
• Company ID for Google API Service:
  • Purpose: To facilitate the use of Google APIs as part of the Service.
  • Storage Period: Removed 6 months after account closure.
• Devices: Includes manufacturer details, technical identifiers, IP address, SIM-related identifiers (ICCID, IMEI, phone number), installed applications, OS version, system signature, and GPS status.
  • Purpose: To facilitate the monitoring and management of enrolled devices as part of the Service.
  • Storage Period: Deleted immediately upon a successful device reset; anonymised 6 months after account closure, with all personal data references removed.

C. Personal data provided by the Customer and for which TWIETO PRIVATE LIMITED is a Data Processor (see our DPA):

• Managers' Contact: Manager's email address.
  • Purpose: To allow multiple managers to access the account and to support account security.
  • Storage Period: Deleted immediately when the Customer removes the Manager; deleted 6 months after account closure.
• Devices (Naming): The name assigned to a particular device.
  • Purpose: To associate a named device with a specific user.
  • Storage Period: Deleted immediately upon a successful device reset; anonymised 6 months after account closure, with all personal references removed.
• Wi-Fi Networks: A record of corporate Wi-Fi networks, including passwords and EAP certificates.
  • Purpose: To allow enrolled devices to connect to company Wi-Fi networks.
  • Storage Period: Deleted immediately when the network entry is removed; deleted 6 months after account closure.
• Policies (Configurations): Configuration preferences selected and saved for a group of devices.
  • Purpose: To maintain visibility and control over registered devices.
  • Storage Period: Deleted immediately when the policy is removed; anonymised 6 months after account closure, with all personal data references removed.
• Users: Email address, name, directory name, linked device, and any custom fields.
  • Purpose: To associate devices with identified individuals.
  • Storage Period: Deleted immediately if the Customer removes the user; anonymised 6 months after account closure, with all personal references removed.
• Applications on the Store: Data used to manage internal applications outside of the Google Play Store.
  • Purpose: To support the management of private applications.
  • Storage Period: Deleted immediately when the application is removed; deleted 6 months after account closure.

D. Retailer and Customer Data

We are committed to being fully transparent about how data is managed within the Emi Vault ecosystem, particularly in relation to the Emi Vault App.
Emi Vault App Data: We do not collect, store, or process any personal or business data belonging to the retailer through the Emi Vault App. This means that information such as the retailer's device data, usage behaviour, or in-app activity is not captured or retained by us in any capacity.
Customer Data via the Emi Vault App: The only data we collect pertains to the end customer, and is strictly limited to information that the customer voluntarily provides through forms within the Emi Vault App. This may include details such as the customer's name, contact information, or other inputs required to complete a transaction or service request.
In short, any data collection that takes place through the Emi Vault App is entirely customer-initiated and form-specific we only receive what the customer actively chooses to submit, and nothing more.

4) Difference between Personal and Company-Owned Mobile Devices

If your employer has asked you to set up a work profile on your personal device, we will not collect any personal information relating to your private use of the device outside of that work profile.

5) Purposes of Processing Personal Data

• To Provide and Improve the Service: We use your account information and customer data to deliver our products and Services. For example, the email address you supply at registration is used to create your user account. We also monitor and analyse how our products and Services are used in order to continuously improve and develop them.
• To Secure and Protect Our Products and NEELAM COMMUNICATION Users: Your account information may be used to investigate and help prevent security incidents. We may also rely on this data to meet legal obligations, verify user identities, detect misuse, and prevent unauthorised registrations.
• To Provide Technical Support as Part of a Support Ticket: Authorised support agents, working from approved workstations, may access your console via a secure password to help you resolve technical issues. Our support team will never request your login credentials or password. You have the right to object to this form of access by notifying the support team, though doing so may limit our capacity to assist you directly.
• To Communicate with You About the Services: We use the information provided at registration to reach you by email or in-app notification regarding billing, account management, event invitations, newsletters, technical and sales materials, updates to our Terms of Use or other legal agreements, and security alerts.
• To Improve Our Customer Relationship Management: We may monitor and record interactions with you such as phone calls and emails for quality assurance, staff training, fraud prevention, and regulatory compliance purposes.
• To Facilitate Social Networking: Our websites may incorporate social networking features, such as the LinkedIn or YouTube "Like" and share buttons, which may collect your IP address and track your browsing activity. These features are either hosted by third-party providers or embedded directly on our websites and are governed by the respective privacy policies of those providers.

7) Security Measures for Personal Data

We treat the privacy, confidentiality, and integrity of all personal and business data processed through our services with the utmost seriousness. To safeguard user information and protect against unauthorised access or data breaches, we have implemented the following security measures:

Physical and Technical Safeguards

• • Secure data centres with restricted access and around-the-clock monitoring
• • Firewalls, intrusion detection systems, and resilient server infrastructure
• • End-to-end encryption for data at rest and in transit using SSL/TLS protocols

Access Control & Authorization

• • Role-based access controls to ensure individuals can only view information relevant to their role
• • Multi-factor authentication (MFA) enforced for all administrator and user accounts
• • Activity logs and audit trails to track and review data access and usage

Data Privacy & Handling

• • Access to customer data is limited exclusively to authorised personnel
• • Certified team members are required to comply with internal data confidentiality policies
• • Personal data is never shared with or sold to third parties without the user's explicit consent

Backup & Disaster Recovery

• • Automated daily backups stored across multiple secure locations
• • Regular testing of disaster recovery and data restoration procedures
• • A 99.9% uptime commitment to ensure ongoing business continuity

Compliance & Audits

• • Periodic security audits, penetration testing, and risk assessments
• • Compliance with applicable data protection regulations, including GDPR and industry-specific requirements
• • Policies are regularly reviewed and updated to align with evolving security standards

Incident Response & Monitoring

• • Continuous system monitoring and real-time threat detection
• • A dedicated security response team on hand to address vulnerabilities promptly
• • Immediate alerts and remediation actions triggered upon detection of any suspicious activity or potential breach

Account Deletion

Retailers may request the deletion of their account at any time, either through the account deletion option available within the platform or by reaching out to our support team at support@emivault.in. Upon receiving such a request, we will promptly remove all associated data.

Note: While we follow industry-leading security practices, users are equally responsible for keeping their credentials safe and adhering to recommended best practices on their own devices.

For detailed documentation, compliance certifications, or to report a security concern, please contact our security team directly.

8) Use of Cookies

Cookies are small text files stored in your browser that help website operators understand how visitors use their site, recognise returning users, and save user preferences. They are among the primary tools that enable us to deliver secure and dependable Services. Essential cookies are required for the basic functionality of our Site and Services, such as page navigation and secure login. Preference cookies allow us to remember your settings and identify you on future visits. Statistical cookies give us insight into how visitors engage with our Services. Marketing cookies are used to display advertisements that are relevant and tailored to our users.

You may turn off cookies at any time, except for those that are strictly essential to the functioning of our Services. Please be aware that disabling cookies may affect certain features of our Site or Services.

9) Changes

This Privacy Policy may be updated from time to time for a variety of reasons. Any revisions will be made available by publishing the updated Privacy Policy on this page. We encourage you to check this policy periodically, as your continued use of our Services following any amendments will be taken as acceptance of the revised terms.