FIJOYA PRIVACY POLICY

HOW WE SHARE YOUR PERSONAL INFORMATION

We may share your Personal Information as follows:

1. The information Fijoya gathers is shared with our partners and other third parties.
2. We may also share information with our affiliated companies about you.
3. We may use third party service providers to process your information for the purposes outlined above, including, without limitation:

1. With cloud service providers for hosting purposes;
2. With websites and web content creation platforms in order to help us manage our Website and/or App;
3. With email providers, marketing, CRM, other similar tool providers;
4. With payment service providers (such as Stripe, Intercom and GCP); Information shared with Stripe will be kept in accordance with their privacy policy; and
5. With analytic companies, in order to help us understand and analyze information we collect in accordance with this policy.

1. In the case of PHI, we may share it with the relevant covered entity and as further permitted by HIPAA.
2. To the extent necessary, with regulators, courts, banks or competent authorities, to comply with applicable laws, regulations and rules (including, without limitation, federal, state or local laws), and requests of law enforcement, regulatory and other governmental agencies or if required to do so by court order, as well as for internal compliance procedures and to protect the safety, security, and integrity of Fijoya, our services, customers, employees, property, and the public..
3. If, in the future, we sell or transfer, or we consider selling or transferring, some or all of our business, shares or assets to a third party, we will disclose your information to such third party (whether actual or potential) in connection with the foregoing events (including, without limitation, our current or potential investors). In the event that we are acquired by, or merged with, a third party entity, or in the event of bankruptcy or a comparable event, we reserve the right to transfer, disclose or assign your information in connection with the foregoing events.
4. Where you have otherwise provided your consent to us for sharing or transferring your information.
   ‍

ADDITIONAL INFORMATION REGARDING TRANSFERS OF PERSONAL DATA

1. Internal transfers: Transfers within the Fijoya group will be covered by an internal processing agreement entered into by members of the Fijoya group (an intra-group data processing agreement) which contractually obliges each member to ensure that Personal Data receives an adequate and consistent level of protection wherever it is transferred to.
2. External transfers: Where we transfer your Personal Data outside of India/EU/EEA (for example to third parties who provide us with services) and/or the UK, we will generally obtain contractual commitments from them to protect your Personal Data. When Fijoya engages in such transfers of personal information, it relies on i) Adequacy Decisions as adopted by European Commission on the basis of Article 45 of Regulation (EU) 2016/679 (GDPR), or ii) Standard Contractual Clauses issued by the European Commission. Fijoya also continually monitors the circumstances surrounding such transfers in order to ensure that these maintain, in practice, a level of protection that is essentially equivalent to the one guaranteed by the GDPR.

YOUR PRIVACY RIGHTS.

1. The following rights (which may be subject to certain exemptions or derogations) shall apply to certain individuals (some of which only apply to individuals protected by specific laws):

1. You have the right to withdraw consent to the processing, where consent is the basis of processing.
2. You have the right to access the personal information that we hold and request further details about how we process it, under certain conditions.
3. You have the right to demand rectification of inaccurate personal information about you. We will promptly correct any information found to be incorrect.
4. You have the right to object to unlawful data processing under certain conditions.
5. You have the right to the erasure of past data about you (your “right to be forgotten”) under certain conditions.
6. You have the right to demand that we restrict the processing of your personal information, under certain conditions, if you believe we have exceeded the legitimate basis for processing, the processing is no longer necessary, or if you believe your personal information is inaccurate.
7. You have the right to data portability of personal information concerning you that you provided us in a structured, commonly used, and machine-readable format, subject to certain conditions.
8. You also have a right to request certain details of the basis on which your Personal Information is transferred outside the European Economic Area and/ or the United Kingdom, but data transfer agreements and/or other details may need to be partially redacted for reasons of commercial confidentiality;
9. You have a right to lodge a complaint with your local data protection supervisory authority (i.e., your place of habitual residence, place or work or place of alleged infringement) at any time or before the relevant institutions in your place of residence. We ask that you please attempt to resolve any issues with us before you contact your local supervisory authority and/or relevant institution
10. The personal information we collect is not used for automated decision-making but may be used for profiling, and for automated processes in the context of marketing. As stated above, you can opt out of direct marketing by Fijoya by contacting Fijoya directly or by following the instructions through the unsubscribe options in our email messages.

1. You can exercise your rights by contacting us at privacy@fijoya.io. Subject to legal and other permissible considerations, we will make every reasonable effort to honor your request promptly in accordance with applicable law or inform you if we need further information in order to fulfil your request. When processing your request, we may ask you for additional information to confirm or verify your identity and for security purposes, before processing and/or honoring your request. We reserve the right to charge a fee where permitted by law, for instance if your request is manifestly unfounded or excessive. In the event that your request would adversely affect the rights and freedoms of others (for example, would impact the duty of confidentiality we owe to others) or if we are legally entitled to deal with your request in a different way than requested, we will address your request to the maximum extent possible, all in accordance with applicable law.
2. Marketing emails – opt-out: You may choose not to receive marketing email you should contact our support team at support@fijoya.io and request your right to opt-out. Please note that the email must come from the email account you wish to block OR if you receive an unwanted email from us, you can use the unsubscribe link found at the bottom of the email to opt out of receiving future emails, and we will process your request within a reasonable time after receipt.
3. Deleting your account: Should you ever decide to delete your account, you may do so by emailing support@fijoya.io. If you terminate your account, any association between your account and Personal Data we store will no longer be accessible through your account. However, given the nature of sharing on certain services, any public activity on your account prior to deletion will remain stored on our servers and will remain accessible to the public.

USE BY CHILDREN

We do not offer our products or services for use by children and, therefore, we do not knowingly collect Personal Information from, and/or about children under the age of eighteen (18). If you are under the age of eighteen (18), do not provide any Personal Information to us without involvement of a parent or a guardian. In the event that we become aware that you provide Personal Information in violation of applicable privacy laws, we reserve the right to delete it. If you believe that we might have any such information, please contact us at support@fijoya.io.

LINKS TO AND INTERACTION WITH THIRD PARTY PRODUCTS.

We enable you to interact with third party websites, mobile software applications and products or services that are not owned or controlled by us (each a “Third Party Service”). We are not responsible for the privacy practices or the content of such Third-Party Services. Please be aware that Third Party Services can collect Personal Data from you. Accordingly, we encourage you to read the terms and conditions and privacy policies of each Third-Party Service.

SPECIFIC PROVISIONS APPLICABLE UNDER CALIFORNIA PRIVACY LAW

9.1. California Privacy Rights: California Civil Code Section 1798.83 permits our customers who are California residents to request certain information regarding our disclosure of information to third parties for their direct marketing purposes. To make such a request, please send an email to privacy@fijoya.io. Please note that we are only required to respond to one request per customer each year.

9.2. Our California Do Not Track Notice (Shine the Light): We do not currently respond or take any action with respect to web browser “do not track” signals or other mechanisms that provide consumers the ability to exercise choice regarding the collection of personally identifiable information about an individual consumer’s online activities over time and across third-party web sites or online services. We may allow third parties, such as companies that provide us with analytics tools, to collect personally identifiable information about an individual consumer’s online activities over time and across different web sites when a consumer uses the Website.

9.3. Marketing emails – opt-out: You may choose not to receive marketing emails from us, you should contact our support team at support@fijoya.io and request your right to opt-out. Please note that the email must come from the email account you wish to block from receiving marketing communications.

SPECIFIC PROVISIONS APPLICABLE UNDER HIPAA

1. Fijoya may be considered a "Business Associate" under HIPAA in some scenarios where we collect, hold, maintain or otherwise process PHI on behalf of a covered entity. In order to comply with our obligations, when applicable, as a Business Associate, Fijoya implements appropriate technical, organizational and security measures designed to protect the confidentiality, integrity and security of your PHI. In order to demonstrate the foregoing, we have obtained some industry standard security certifications (such as SOC 2 Type 2). HIPAA may grant you additional rights, when applicable. If you want to exercise such rights, where applicable, and/or request more information about the covered entity on whose behalf we collect or from which we received your PHI, copies of your PHI, please contact us at privacy@fijoya.io.
2. Please note that we do not sell or share any PHI, nor do we use PHI for marketing purposes.

SPECIFIC PROVISIONS APPLICABLE UNDER BRAZILIAN PRIVACY LAW

1. This additional Privacy Policy Under Brazilian Privacy Protection Laws (“LGPD Policy”) and applies if the Brazilian General Data Privacy Law (Lei Geral de Proteção de Dados Pessoais; the “LGPD“) applies to our processing of personal data related to you. Our general privacy policy describes what categories of personal data we collect, the sources from which we obtain it, the purposes of processing it, the situations where we will share it, and with whom. This LGPD Policy supersedes any contradicting provisions under our general privacy policy where related to individuals protected by the LGPD. Under the LGPD, we assume the position of a “controller”, as defined under Section 5 of the LGPD. We have the competence to make decisions about the processing of personal data related to you.
2. Types of Processing. We process personal data related to you for the lawful grounds stated in Section 1 of our privacy policy, and are as follows:

1. Based on your consent.
2. For compliance with our statutory or regulatory obligation.
3. When necessary for the performance of agreements or preliminary procedures relating to agreements to which you are a party to, following your request.
4. For our regular exercise of rights in lawsuits, administrative or arbitration proceedings.
5. For protection of the life or of the physical safety of you or third parties.
6. When necessary to serve our relevant third parties’ legitimate interests or our own legitimate interests, in accordance with the LGPD, except for cases in which your fundamental rights and liberties prevail.

1. Our Main Responsibilities under the LGPD

1. It’s our responsibility to engage with all its processors (service providers who have access to personal data related to you) to protect personal data related to you in a suitable and secure manner and to indicate where personal data related to you is stored or processed.
2. In addition, we are responsible to provide you, where applicable, with the following privacy rights

CONTACT US

If you have any questions, concerns or complaints regarding our compliance with this notice and the data protection laws, or if you wish to exercise your rights, we encourage you to first contact us at privacy@fijoya.io.