Privacy Policy
How Linkage IT Private Limited collects, processes, and protects your personal data
This Privacy Policy applies to ProTeamMate, a SaaS platform operated by Linkage IT Private Limited ("we", "us", "our"). It governs the collection, use, and protection of personal data in compliance with the Information Technology Act, 2000, the IT (SPDI) Rules, 2011, and the Digital Personal Data Protection Act, 2023 (DPDP Act).
Table of Contents
- Definitions
- Scope & Applicability
- Data We Collect
- How Data Is Collected
- Purpose of Processing
- Legal Basis for Processing
- Data Sharing & Disclosure
- Cross-Border Data Transfers
- Data Retention
- Security Practices
- Your Rights as a Data Principal
- Cookies Policy
- Children's Data
- Changes to This Policy
- Grievance Officer
- Contact Us
1. Definitions
For the purposes of this Privacy Policy, the following terms shall have the meanings ascribed below:
- "Company", "We", "Us", "Our" โ Linkage IT Private Limited, the operator of the ProTeamMate platform.
- "Platform" โ The ProTeamMate SaaS application, including the website at www.proteammate.com and all associated sub-domains and APIs.
- "Customer" โ Any business entity that subscribes to and uses the ProTeamMate platform.
- "User" โ Any individual accessing or using the Platform.
- "Data Principal" โ The individual to whom personal data relates.
- "Data Fiduciary" โ Linkage IT Private Limited.
- "Personal Data" โ Any data about an identifiable individual.
- "Sensitive Personal Data or Information (SPDI)" โ As defined under the IT (SPDI) Rules, 2011.
- "Processing" โ Any operation performed on personal data.
2. Scope & Applicability
This Privacy Policy applies to:
- Visitors to the ProTeamMate website.
- Registered Users of the ProTeamMate platform.
- Prospective customers and partners.
This Policy does not apply to candidate, vendor, or client data uploaded by Customers. In such cases, Linkage IT Private Limited acts solely as a Data Processor.
3. Data We Collect
3.1 Account & Registration Data
- Full name and designation
- Business email address
- Phone number
- Organisation details
- Encrypted credentials
3.2 Billing & Payment Data
- Billing address
- GSTIN
- Invoices and payment records
3.3 Usage & Technical Data
- IP address
- Browser information
- Usage logs
- Cookies
3.4 Communication Data
- Emails
- Support tickets
- Feedback submissions
3.5 Customer-Managed Data
Customers may upload candidate, vendor, or client information. We process such information only under customer instructions.
4. How Data Is Collected
We collect data through the following means:
- Directly from you โ when you register, subscribe, fill forms, contact support, or communicate with us.
- Automatically โ through cookies, server logs, and analytics tools when you access the Platform.
- From your organisation โ when your employer (a Customer) creates an account for you on the Platform.
- From third parties โ such as payment processors, identity verification services, and LinkedIn (with your consent).
5. Purpose of Processing
We process personal data for the following purposes:
- Account Management โ Creating, maintaining, and managing User accounts and subscriptions.
- Service Delivery โ Providing, operating, and improving the ProTeamMate platform and its features.
- Billing & Payments โ Processing invoices, collecting payments, and managing GST compliance.
- Customer Support โ Responding to queries, resolving issues, and providing technical assistance.
- Product Improvement โ Analysing usage patterns to enhance features, fix bugs, and develop new functionality.
- Security & Fraud Prevention โ Detecting, investigating, and preventing unauthorised access and misuse.
- Legal Compliance โ Meeting obligations under applicable Indian laws, including tax and regulatory requirements.
- Marketing & Communications โ Sending product updates, newsletters, and promotional communications (with consent and an opt-out option).
6. Legal Basis for Processing
Under the Digital Personal Data Protection Act, 2023, we process personal data on the following legal grounds:
- Consent โ Where you have provided free, specific, informed, and unambiguous consent (e.g., marketing communications). You may withdraw consent at any time.
- Contractual Necessity โ Processing necessary to perform the subscription agreement with a Customer or to provide services requested by you.
- Legal Obligation โ Processing required to comply with applicable Indian laws (e.g., tax records, regulatory reporting).
- Legitimate Interests โ Processing necessary for our legitimate business interests (e.g., security, fraud prevention, product improvement), provided such interests do not override your rights.
Under the IT (SPDI) Rules, 2011, where we collect Sensitive Personal Data or Information, we shall obtain express written consent prior to such collection and use.
7. Data Sharing & Disclosure
We do not sell, rent, or trade your personal data. We may share data in the following circumstances:
7.1 Service Providers & Sub-Processors
We engage third-party vendors to support platform operations, including cloud hosting (AWS), email delivery, payment processing, and analytics. These vendors act as sub-processors and are bound by data processing agreements that restrict them from using your data for any purpose other than providing the contracted service.
7.2 Customer Organisations
If you are a User registered under a Customer's account, the Customer (your employer or the subscribing organisation) may have access to your account activity and usage data within that account.
7.3 Legal & Regulatory Disclosures
We may disclose data if required to do so by law, court order, or government authority under Indian law, including the Information Technology Act, 2000, and its rules.
7.4 Business Transfers
In the event of a merger, acquisition, or sale of assets, personal data may be transferred to the acquiring entity, subject to the same privacy protections as described in this Policy.
7.5 Protection of Rights
We may share data where necessary to protect the rights, property, or safety of the Company, its Users, or the public, and to detect or prevent fraud and security incidents.
8. Cross-Border Data Transfers
ProTeamMate is hosted on Amazon Web Services (AWS) infrastructure, which may involve storage and processing of data in servers located outside India, including in countries such as the United States and Singapore.
Such transfers are conducted in accordance with the provisions of the DPDP Act, 2023 and applicable rules notified by the Government of India regarding cross-border data transfer. We implement appropriate safeguards, including contractual clauses and technical controls, to ensure that transferred data receives an equivalent level of protection as required under Indian law.
Where the Government of India restricts transfers to specific countries, we shall comply with such restrictions and notify affected Customers accordingly.
9. Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected or as required by applicable law:
- Account Data โ Retained for the duration of the subscription and for up to 3 years after account termination, unless a longer period is required by law.
- Billing & Financial Data โ Retained for a minimum of 8 years as required under the Companies Act, 2013, Income Tax Act, 1961, and GST legislation.
- Usage Logs & Technical Data โ Retained for up to 12 months for security and performance monitoring.
- Marketing Data โ Retained until you withdraw consent or opt out.
- Customer-Managed Data (Processor Role) โ Retained as directed by the Customer; deleted or returned upon written request within 30 days of termination.
Upon expiry of the retention period, data is securely deleted or anonymised so that it can no longer be attributed to any individual.
10. Security Practices
We implement industry-standard technical and organisational measures to protect personal data against unauthorised access, loss, disclosure, or destruction, in compliance with Section 43A of the Information Technology Act, 2000 and the IT (SPDI) Rules, 2011. These measures include:
- Data encryption in transit (TLS 1.2+) and at rest (AES-256)
- Role-based access controls and multi-factor authentication
- Regular vulnerability assessments and penetration testing
- Audit logs and access monitoring
- Incident response and breach notification procedures
- Regular employee training on data protection and security
- AWS infrastructure with SOC 2 compliance
In the event of a data breach that is likely to adversely affect you, we will notify affected individuals and, where required, the relevant authorities, in accordance with the timelines prescribed under applicable law.
11. Your Rights as a Data Principal
Under the Digital Personal Data Protection Act, 2023, you have the following rights with respect to your personal data:
- Right to Access โ Obtain a summary of the personal data we hold about you and the processing activities carried out.
- Right to Correction & Erasure โ Request correction of inaccurate or outdated data and erasure of data that is no longer necessary.
- Right to Grievance Redressal โ Raise concerns with our Grievance Officer and receive a response within the prescribed timeframe.
- Right to Withdraw Consent โ Withdraw consent previously given for any processing activity, without affecting the lawfulness of prior processing.
- Right to Nominate โ Nominate another individual to exercise your rights in the event of death or incapacity.
Additionally, under the IT (SPDI) Rules, 2011, you have the right to review and correct personal information provided to us.
To exercise any of these rights, please contact our Grievance Officer (see Section 15). We will respond to verifiable requests within 30 days. We may require identity verification before processing such requests. Certain rights may be limited where processing is required by law or for our legitimate business purposes.
12. Cookies Policy
We use cookies and similar tracking technologies on the ProTeamMate website to enhance user experience, analyse traffic, and support marketing. Types of cookies we use:
- Essential Cookies โ Necessary for the website and platform to function correctly. These cannot be disabled.
- Analytics Cookies โ Help us understand how visitors interact with the site (e.g., Google Analytics). Data is aggregated and anonymised.
- Preference Cookies โ Remember your settings and preferences across sessions.
- Marketing Cookies โ Track your online activity to deliver relevant advertising. Used only with your consent.
You may manage or disable cookies through your browser settings. Disabling essential cookies may affect the functionality of the Platform. On your first visit, we present a cookie consent banner through which you can accept or reject non-essential cookies.
13. Children's Data
ProTeamMate is a B2B SaaS platform intended exclusively for use by business entities and their adult employees. We do not knowingly collect personal data from individuals under the age of 18 years.
If we become aware that personal data of a minor has been inadvertently collected, we will take immediate steps to delete such data. If you believe we have received data from a minor, please notify our Grievance Officer immediately.
14. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or platform functionality. When we make material changes, we will:
- Update the "Last Updated" date at the top of this page.
- Notify registered Users and Customers via email or an in-platform notification at least 14 days before the changes take effect.
Continued use of the Platform after the effective date of the revised Policy constitutes acceptance of the updated terms. If you do not agree with the changes, you may terminate your subscription and request deletion of your data in accordance with Section 9.
15. Grievance Officer
Linkage IT Private Limited has designated a Grievance Officer to address concerns related to personal data processing.