This EU/EEA Privacy Policy Addendum (“EU Addendum“) supplements the Privacy Policy of MASIN PROJECTS PRIVATE LIMITED (“MASIN AI“, “we”, “us”, or “our”) and applies to the processing of Personal Data of individuals located in the European Union and European Economic Area (collectively, the “EU Area“).
This EU Addendum forms part of, and is incorporated into, the Privacy Policy. In the event of any conflict or inconsistency between this EU Addendum and the Privacy Policy, this EU Addendum shall prevail for individuals located in the EU Area.
For enterprise customers, the Data Processing Addendum (“DPA“) governs the processing of Customer Personal Data.
For the purposes of this EU Addendum:
1.1 “Controller” means the natural or legal person which, alone or jointly with others, determines the purposes and means of the processing of Personal Data. References to “Data Fiduciary” in the Privacy Policy shall be read as references to “Controller” for EU Customers.
1.2 “Data Subject” means an identified or identifiable natural person whose Personal Data is processed.
1.3 “GDPR” means Regulation (EU) 2016/679 of the European Parliament and of the Council (General Data Protection Regulation).
1.4 “Personal Data” means any information that identifies or can be used to identify a living individual, whether directly (such as a name) or indirectly (such as an identification number, location data, or online identifier). This includes system-generated technical or usage data (such as IP addresses or device identifiers) where such data can be linked to an identifiable individual.
1.5 “Processor” means a natural or legal person which processes Personal Data on behalf of the Controller. References to “Data Processor” in the Privacy Policy shall be read as references to “Processor” for EU Customers.
1.6 “Special Category Data” means Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health, or data concerning a natural person’s sex life or sexual orientation.
1.7 “Supervisory Authority” means an independent public authority established by an EU Member State pursuant to Article 51 GDPR.
3.1 MASIN AI acts as Controller in respect of Personal Data that we collect directly from you for our own purposes, including:
3.2 MASIN AI acts as Processor in respect of Customer Personal Data processed on behalf of enterprise customers pursuant to a Data Processing Addendum. In such cases, the enterprise customer is the Controller.
3.3 MASIN AI acts as an independent Controller for such processing where it processes Personal Data through cookies and similar technologies for authentication, security, preferences, analytics, and performance (as described in Article 10.4 of the Terms and Conditions);
3.4 MASIN AI may act as either a Controller or Processor depending on the context of processing.
3.5 Third-Party Service Integrations. The Platform allows you to integrate with third-party services (such as cloud storage providers, communication tools, or other business applications). When you enable such integrations, we may receive information from those third-party services as necessary to provide the integration functionality. We process such information in accordance with this EU Addendum and the Terms and Conditions. Please note that third-party services are governed by their own privacy policies, and we are not responsible for their data practices.
4.1 Under the GDPR, we must have a lawful basis for processing your Personal Data. The three principal bases we rely upon are:
(a) Performance of a Contract (Article 6(1)(b) GDPR): We process your personal data when it is necessary to provide our Platform and Services to you.
(b) Legitimate Interests (Article 6(1)(f) GDPR): We may process your personal data when it is necessary for our legitimate business interests, provided your rights and freedoms are not overridden.
(c) Consent (Article 6(1)(a) GDPR): Where you have given your specific, informed agreement to the processing. We rely on this basis for marketing communications. You may withdraw consent at any time without affecting the lawfulness of prior processing.
4.2 We also rely on legal obligation (Article 6(1)(c) GDPR) where processing is necessary to comply with a legal obligation to which we are subject, including compliance with legal obligations and responding to lawful requests from authorities. The legal bases we rely upon for each purpose are summarised in the table below:
Purpose of Processing | Legal Basis (Article 6 GDPR) |
Providing and operating the Platform and Services | Performance of a contract (Article 6(1)(b)) |
Account creation and authentication | Performance of a contract (Article 6(1)(b)) |
Processing payments and billing | Performance of a contract (Article 6(1)(b)) |
Customer support and communication | Performance of a contract (Article 6(1)(b)) |
Security, fraud prevention, and abuse detection | Legitimate interests (Article 6(1)(f)) |
Service improvement and analytics | Legitimate interests (Article 6(1)(f)) |
Marketing communications | Consent (Article 6(1)(a)) |
Compliance with legal obligations | Legal obligation (Article 6(1)(c)) |
Responding to lawful requests from authorities | Legal obligation (Article 6(1)(c)) |
4.3 Where we rely on legitimate interests, such processing is undertaken in connection with the operation, maintenance, security, and improvement of the Platform and Services. In accordance with Articles 3.1 and 3.2 of the Terms and Conditions, the Platform and all content are provided on an “as is” basis for informational purposes only and do not constitute legal, professional, or other advice. You are responsible for exercising independent judgement and obtaining advice from qualified professionals where appropriate.
4.4 Where we rely on consent, you have the right to withdraw your consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out before withdrawal.
4.5 We do not process Special Category Data unless strictly necessary and with your explicit consent or another lawful basis under Article 9 GDPR.
5.1 In addition to the rights set out in the Privacy Policy, if Data Subjects are located in the EU Area, they have the following rights under the GDPR:
Right | Description |
Right of Access | You have the right to obtain confirmation of whether we process your Personal Data and, if so, to request access to that data. Where permitted under applicable law, we may provide you with a copy of your Personal Data. Your right of access may be subject to the rights and freedoms of others; where providing a copy would adversely affect such rights, we may redact or withhold certain information |
Right to Rectification | You have the right to have inaccurate Personal Data corrected and incomplete Personal Data completed. |
Right to Erasure (“Right to be Forgotten”) | You have the right to request deletion of your Personal Data in certain circumstances, including where the data is no longer necessary for the purposes for which it was collected, where you withdraw consent, or where the processing is unlawful. |
Right to Restriction of Processing | You have the right to request that we restrict the processing of your Personal Data in certain circumstances, including where you contest the accuracy of the data or where the processing is unlawful but you do not want erasure. |
Right to Data Portability | You have the right to receive your Personal Data in a structured, commonly used, and machine-readable format and to transmit it to another controller (where technically feasible), where processing is based on consent or contract and carried out by automated means. |
Right to Object | You have the right to object to processing based on legitimate interests or for direct marketing purposes. Where you object to direct marketing, we will cease processing for that purpose. |
Rights Related to Automated Decision-Making | You have the right not to be subject to decisions made solely by automated means that significantly affect you. This right applies to the extent MASIN AI engages in such automated decision-making. |
5.2 To exercise any of these rights, please contact us using the details in Section 11 below. We will respond to your request within one (1) month, which may be extended by a further two (2) months where necessary, taking into account the complexity and number of requests.
5.3 We may request proof of identity before processing your request.
5.4 There is no fee for exercising your rights, unless your request is manifestly unfounded or excessive, in which case we may charge a reasonable fee or refuse to act on the request.
6.1 When you use the Platform, your Personal Data may be transferred to and processed in India.
6.2 All sub-processors engaged by MASIN AI are located in India. A full list of sub-processors is available in Annex 2 to the Data Processing Addendum.
6.3 For transfers of Personal Data from the EU Area to India, we implement appropriate safeguards, including Standard Contractual Clauses (SCCs). We enter into the European Commission’s Standard Contractual Clauses (adopted 4 June 2021) with data importers to ensure Personal Data is protected to EU standards.
6.4 You may request a copy of the Standard Contractual Clauses and other transfer safeguards we have implemented by contacting us using the details in Section 11 below.
7.1 We retain your Personal Data only for as long as necessary to fulfil the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements.
7.2 The retention periods applicable to different categories of Personal Data are:
Category of Data | Retention Period |
Account information | Duration of your account plus 180 days after termination |
Support ticket data | 30 days after ticket closure |
Payment and billing records | As required by applicable law |
Security logs and access records | As necessary for security and compliance purposes |
Marketing preferences | Until you withdraw consent or object |
Cookies and technical data | As specified in the Cookie Policy |
7.3 Where MASIN AI acts as Processor in respect of Customer Personal Data processed on behalf of enterprise customers, different retention periods apply:
(a) MASIN AI shall delete or return all Customer Personal Data within thirty (30) days of termination of the applicable agreement, unless applicable law requires further storage.
(b) MASIN AI shall provide written certification of data deletion within thirty (30) days of completing the deletion process, and in any event no later than one hundred and eighty (180) days after termination, in accordance with Section 5.10 of the Data Processing Addendum.
7.4 Where we process Customer Personal Data as a Processor, retention is governed by the Data Processing Addendum and the Controller’s instructions.
8.1 Our use of cookies is described in our Cookie Policy and Article 10.4 of the Terms and Conditions.
8.2 In accordance with Article 10.4 of the Terms and Conditions, we may use cookies, pixels, and similar technologies for authentication, security, preferences, analytics, and performance. In the event of any inconsistency between the Cookie Policy and the Terms and Conditions regarding the scope of cookies used, the Terms and Conditions shall prevail.
8.3 For cookies that are not strictly necessary (such as analytics cookies), we will obtain your consent before placing such cookies, in accordance with applicable ePrivacy requirements.
8.4 You may withdraw your consent or manage your cookie preferences at any time through your browser settings or, where available, through the Platform’s cookie management interface.
8.5 Do-Not-Track Signals. Some web browsers transmit “Do-Not-Track” (DNT) signals to websites. As there is no uniform standard for interpreting DNT signals, we do not currently respond to DNT browser signals. If a standard is adopted that we must follow, we will update this EU Addendum accordingly.
9.1 If you are located in the EU Area and believe that our processing of your Personal Data infringes the GDPR, you have the right to lodge a complaint with a Supervisory Authority.
9.2 You may lodge a complaint with the Supervisory Authority in the EU Member State of your habitual residence, place of work, or place of the alleged infringement;
9.3 We would, however, appreciate the opportunity to address your concerns before you approach a Supervisory Authority, and we invite you to contact us first using the details in Section 11 below.
10.1 The Platform is not intended for individuals under the age of 16 years. We do not knowingly collect Personal Data from children under 16. If you are under 16, please do not provide any Personal Data to us.
10.2 If we become aware that we have collected Personal Data from a child under 16 without verification of parental consent, we will take steps to delete that information.
11.1 Data Protection Enquiries (EU Area):
For all enquiries relating to the processing of your Personal Data under EU data protection law, including to exercise your rights, please contact:
Data Protection Officer: Himanshu Kashyap
Email: [email protected]
11.2 General Contact:
MASIN PROJECTS PRIVATE LIMITED
Plot 847, Phase V, Udyog Vihar, Sector 19 Gurugram, Haryana 122008, India
Email: [email protected]
12.1 We may update this EU Addendum from time to time to reflect changes in our practices or applicable law.
12.2 Where we make material changes, we will notify you by posting the updated EU Addendum on the Platform. Where required by law, we will seek your consent to material changes.
12.3 We encourage you to review this EU Addendum periodically.
