Effective date: Jan 9, 2022
Kula Technologies Inc. having its registered office at 3500 South Dupont Highway, City of Dover, Delaware, United States of America – 19901 and having its place of business at 340 S Lemon Ave #6070 Walnut , CA 91789, USA and also at #32-01, 80 Raffles Place, UOB Plaza Tower 1, Singapore – 048 624 (hereinafter referred to as “Kula”/ “We”/ “us”/ “our”), on behalf of itself and its affiliates/group companies under the brand ‘Kula’, operates the website and the application ‘Kula’ (together referred to as “Platform”). This Privacy Policy (hereinafter referred to as “Policy”), helps you in using/accessing the Platform, the Services therein, our websites and all our products, service offerings and other related applications and to understand the type of information collected; the purpose for which the information is collected; how the information is used; the intended recipients of such information; when it might be disclosed and how you can control the collection, correction and/or deletion of your information and how the information is protected. We take protection and proper use of your information seriously and are committed to protecting such information in our possession. We advise you to read this Policy carefully prior to your access of Platform, use of Services, or creation of an Account on the Platform, as the case may be. If you do not agree to this Policy, please do not access our Platform, use our Services, or create an Account in our Platform.
If we learn that we have collected the Personal Information (defined below) from a subscriber who is under the age of 16 that was not provided under the supervision and consent of the minor’s parents or guardians, we will promptly delete such information. If you believe that we have collected Personal Information from someone under the age of 16, please contact us at privacy@kula.ai.
This Policy is published and shall be construed to be in accordance with the provisions of the General Data Protection Regulation 2016/679 (“GDPR”), United Kingdom’s Data Protection Act 2018 (“DPA”), UK General Data Protection Regulation (“UKGDPR”), California Consumer Protection Act (“CCPA”), Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data of Information) Rules, 2011 (“SPDI”) under the Information Technology Act, 2000, Personal Data Protection Act, 2012 (“PDPA”), broadly aligning with the Australian Privacy Act 1988 (“Australian Privacy Act”), Privacy Act, 2020 (“NZ Privacy Act”) and the other applicable data protection /data privacy statutes, if any, rules, regulations and other bye-laws in force made thereunder, in the territories of UK, Europe, USA, India, Singapore, Australia and New Zealand (collective referred as “Applicable Laws”) that require publishing of the privacy notice for collection, usage, storage, disclosure and transfer of sensitive personal data or information to the extent we collect and process the personal information as a business and/or service provider.
Kula’s services are intended for use by businesses. Where the service(s) are made available to you through a subscriber, that business is the Controller of your Personal Information. Your data privacy questions and subject access requests should be submitted to Kula’s Subscriber in its capacity as your Controller. If you are an individual who interacts with a Subscriber using our Services, then you will be directed to contact our Subscriber for assistance with any requests or questions relating to your Personal Information. Kula is not responsible for Subscribers’ privacy or security practices which may be different from this Policy. Subscribers to our Services are solely responsible for establishing policies for and ensuring compliance with all applicable laws and regulations, as well as all privacy policies, agreements or other obligations, relating to the collection of Personal Information in connection with the use of our Services by End users. We collect information under the direction of our Subscribers and have no direct relationship with individuals whose Personal Information we process in connection with our Subscriber’s use of our Services. With the exception of Personal Information collected when you register for an account to access or utilize Kula’s Services and other information, this Policy does not apply in connection with access and use of Kula’s Service(s). Kula’s Platform, Website(s) and Service(s) may contain links to other Websites. If you click on a third-party link, you should read their privacy policy. Kula encourages you to review the privacy statements of any such other websites to understand their personal data practices.
If you are a resident of the European Union (“EU”) or United Kingdom (“UK”), you shall be referred as Data Subject as per the relevant provisions of GDPR, DPA or UK GDPR, respectively, when we collect and process your Personal Information for providing the Services. If you are a resident of California, U.S.A, You shall be referred as Consumer as per the relevant provisions of CCPA when we collect and process your Personal Information for providing the Services.If you are a resident of Australia or New Zealand or Singapore, you shall be referred as Individual as per the relevant provisions of Australian Privacy Act or NZ Privacy Act, or PDPA, respectively, when we collect and process your Personal Information for providing the Services. Further, our collection, use, and disclosure of your Personal Information is limited to the processing permitted in our Terms of use, Master Services Agreement (if subscribed to our Services) in case you Subscribe to our Services and Data Processing Agreement executed between you and us in order to render our Services.
DEFINITIONS
The capitalized terms used in this Policy shall have the meaning as provided herein below. Other capitalized terms used in this Policy shall have the meaning respectively assigned to them elsewhere in this Policy.
Is Kula a data processor or a data controller?
Data Controller
A “data controller” is the party that alone or jointly with others determines the purposes and means of the processing of personal data, and processes the personal data for its own purposes. While using Kula to engage with candidates, our customers(Subscribers) are the data controllers because they determine the purpose (e.g. recruiting a candidate) and the means (using Kula) of processing the personal data. Separately, Kula is a data controller for the personal data associated with customers’ Kula account (e.g. your business contact information) because we control the means and purposes of this processing for our use: invoicing, to communicate information about their account and for other administrative functions.
Data Processor
Kula is the “data processor” because we process personal data of candidates on behalf of our customers(Subscribers) under an agreement in which they tell us what data to process, for what purpose(s), how long we can keep that data, and any restrictions they impose on our use of their data.
WHAT KIND OF INFORMATION DO WE COLLECT?
When you create an account with us or access our Platform and/or use the Services provided by us, we shall collect certain information from you, the details of which are provided below.
Personal Information
Any information that relates to you as a natural person, which, either directly or indirectly, in combination with other information available or likely to be available to a body corporate, is capable of identifying you and any further information, including, without limitation, provided by you to us when you
(a) subscribe for any of Kula’s Services/Platform by signing-up such as complete name and address, contact number, email address, social media credentials and any other identifiers and any other sensitive/personal information as defined under the Applicable Laws as amended from time to time;
(b) use or view Kula’s Platform which may result in personal information/data being collected via your browser’s Cookies;
(c) submit web forms on our Platform or as you use interactive features of the Platform, including participation in surveys, contests, promotions, sweepstakes,
(d) request customer support, or otherwise communicate with us; or
(e) when you use the Services, Kula automatically collects information on the type of device you use, and the operating system version, to perform our agreement with you (“Personal Information”).
Usage Information Any information that is not Personal Information, but information collected in relation to your use of the Platform or information required for the proper functioning and development of the Platform, including, without limitation: (i) time, date and extent of your usage of the Platform; (ii) your usage and search history within the Platform, (iii) device settings; (iv) time zone, language, screen resolution, and other usage preferences you select when using the Platform; (v) the URL or advertisement that may have directed you to the Platform; (vii) other device and Platform access information viz., your IP address, operating system, browser type, referring/exit pages, and other unique device identifiers, as well as your push notification token.
Behavioural Information we shall collect information which is connected with your activity on the Platform and opt-ins and communication preferences.
Location Data Information about your location when accessing and/or using the Platform.
Cookies
We, our service providers and business partners set essential cookies that enable core functionality such as security, network management, and accessibility. you may not opt-out of these cookies. However, you may disable these by changing your browser settings, but this may affect how the Platform functions. We, our service providers and business partners use Google Analytics cookies to help and improve our Platform by collecting and reporting information on how you use the platform, services or websites. The cookies collect information in a way that does not directly identify anyone. we also set cookies to collect information that is used either in aggregate form to help us understand how our Platform is being used or how effective their marketing campaigns are, to help customise the Platform for you or to make advertising messages more relevant to you. Further, subject to this Clause, you shall also agree to our Cookie Policy
Transaction and Payment Information:
We or our authorised payment gateway solution providers, as the case may be, collect information such as billing address, credit/debit card number, its expiration date or any other payment instrument details and transaction details or any other third-party payment information of you.
Third party Information
Information about you that we may receive from third parties services, such as advertising partners, data providers and analytics providers.We may collect your third-party social media networks information including your contact lists for these Services and information relating to your use of the Platform in relation to these Services, if you choose to link or sign up using a third-party social network or login service (such as Facebook, Twitter, Instagram, or Google). If you link your Account in our Platform to another service, we may receive information about your profile information from that service.
HOW DO WE USE YOUR INFORMATION?
As explained below, we use your information to improve, support and administer the Platform and our Services, to allow you to use its functionalities, and to fulfil and enforce our Terms of use. We may also use your information to, among other things, show you suggestions, promote the Platform, and customize your ad experience.We generally use the information we collect for the following purposes: to structure the Services provided to the Subscribers through the Platform- to fulfill requests for Services, Platform functionality, support and information for internal operations, including troubleshooting, data analysis, testing, research, statistical, and survey purposes; To communicate with you, including to notify you about changes in our services; quality assurance purposes - to improve and develop our Platform and conduct service development - to customize the Services, you see when you use the Platform, to enforce our terms, conditions, and policies - to prove your identity in order to use certain features - to combine all the information, we collect or receive about you for any of the foregoing purposes - to maintain security and help us detect abuse, fraud, and illegal activity on the Platform - to understand how you use the Platform, including across your devices- to support the social functions of the Platform - to make suggestions and provide a customized ad experience - to send promotional materials from us or on behalf of our affiliates and trusted third parties - to measure and understand the effectiveness of the advertising we serve to you and others and to deliver advertising; consistent with your permissions, to provide you with location-based services, such as advertising and other personalized content- for any other purposes disclosed to you at the time we collect your information or pursuant to your consent. However, If you have given us your information, we shall use all the data collected to: (i) Contact you for taking Services feedback and (ii) Processing payment instructions including those through independent third party service providers such as payment gateways, banking and financial institutions, pre-paid instrument and wallet providers for processing of payment transaction or deferral of payment facilities. We shall not sell or rent your Personal Information to anyone, for any reason, at any time. However, for legitimate business reasons, we might share your Personal Information with our service providers, business partners or processors. If we need to process your Personal Information for an incompatible purpose not discussed in this Policy, we will provide notice to you and, if required by law, seek your consent. We may process your Personal Information without your knowledge or consent only where required by Applicable Laws on a Legitimate legal basis. To the extent you are a resident of the EU or UK, we do not subject your Personal Information to automated decision-making as per the provisions of GDPR, DPA or UK GDPR. The purposes listed in the above clauses may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a period of 90 days from the date of such termination or alteration (including, where applicable, a period to enable us to enforce our rights under any contract with you).
WITH WHOM DO WE SHARE YOUR INFORMATION?
When we disclose the Personal Information for a business purpose as mentioned above, we enter into a contract that describes the purpose and requires the recipient to keep both confidential and Personal Information and not use it for any purpose except performing the contract. We want you to understand when and with whom we may share the information we collect for business purposes. Your information is shared with others who have a legitimate purpose for processing or accessing it in the following ways:
Legal Reasons - we may disclose any of the information we collect to respond to summons, court orders, legal process, law enforcement requests, legal claims, or government inquiries, and to protect and defend the rights, interests, safety, and security of us, the Platform, our affiliates, users, or the public. We may also share any of the information we collect to enforce any terms applicable to the Platform, to exercise or defend any legal claims, and comply with any applicable laws.
Sale, Merger, or Other Business Transfer - We may share all of the information we collect in connection with a substantial corporate transaction, such as the sale of a Platform, a merger, consolidation, asset sales, or in the unlikely event of bankruptcy.
Service Providers, Business Partners
We share the categories of Personal Information listed above with service providers and business partners (including those located outside your country) to help us perform business operations and for business purposes, including research, payment processing and transaction fulfilment, database maintenance, administering contests and special offers, technology services, deliveries, sending communications, advertising, analytics, measurement, data storage and hosting, disaster recovery, search engine optimization, marketing, and data processing. These service providers and business partners may include: advertising, marketing, and analytics vendors, who may receive the information you choose to provide, the information we obtain from other sources, and the information we collect automatically but would not receive your payment information or message data. Payment processors and transaction fulfilment providers, who may receive the information you choose to provide, the information we obtain from other sources, and the information we collect automatically but who do not receive your message data.Cloud providers, who may receive the information you choose to provide, the information we obtain from other sources, and the information we collect automatically. Research providers, who may receive the information you choose to provide, the information we obtain from other sources, and the information we collect automatically but would not receive your payment information or message data. Customer and technical support providers, who may receive the information you choose to provide, the information we obtain from other sources, and the information we collect automatically.
Third Parties
We may share aggregated usage information and may otherwise disclose non-Personal Information that we collect to third parties. However, absent your prior consent, we will share your Personal Information with third parties only in the ways that are described in this Policy, including as set forth below.
We may use third parties to outsource one or more aspects of our business and/or Platform operations (such as email or customer service functions, data processing, web analytics, maintenance, online advertising, and security execution and clearing services), in which case, we may provide your Personal Information to such third parties in connection with the performance of such activities. Such third parties will only use your Personal Information to the extent necessary to perform their functions and will be contractually bound to process your Personal Information only on our behalf and in compliance with our requests. We will also share your information with any member, subsidiary, parent or affiliate of our corporate group, to assist in the improvement and optimization of the Platform, in order to prevent illegal uses, increase subscriber numbers, development, engineering and analysis of information or for our internal business purposes.In the unlikely event of our bankruptcy, insolvency, reorganisation, receivership, or assignment for the benefit of creditors, or the application of laws or equitable principles affecting creditors’ rights generally, we may not be able to control how your Personal Information is treated, transferred, or used.
For Gmail & Google Calendar users, Kula needs permissions to some restricted/sensitive scopes and the usage of each are explained below
mail.google.com permission: mail.google.com permission will be used to send and receive Flow emails and also delete Flow emails from the Sender’s mailbox.
gmail.readonly permission: gmail.readonly permission will be used to receive and read the email replies of a candidate to an Flow and update the Flow stages and allow the recruiter to follow-up with the candidate. This permission is used for customers who allow only restrictive control over their mailbox.
gmail.compose permission: gmail.compose permission will be used to send emails to candidates added to an Flow. This permission is used for customers who allow only restrictive control over their mailbox.
calendar.readonly permission: calendar.readonly permission will be used to access the calendars of the users to get to know the interview invites. This permission is used for customers who allow only restrictive control over their calendar.
calendar.events permission: calendar.events permission will be used to access the events in the calendars of the users and use it for getting the interview recording. This permission is used for customers who allow only restrictive control over their calendar.
userinfo.email permission: userinfo.email permission will be used to allow recruiters to sign-in using Google OAuth2.
userinfo.profile permission: userinfo.profile permission will be used to allow recruiters to sign-in using Google OAuth2 and get details like their name from Google.
All the data collected through the Google OAuth restricted scopes will not be shared to any third parties and the association will be removed when the user is deactivated. Kula's use of information received, and App's transfer of information to any other app, from Google APIs will adhere to Google's Limited use Requirements.
Gmail API Disclosure: Kula’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services user Data Policy, including the Limited use requirements.
WHAT LEGAL BASIS DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?
Our legal basis for collecting, using and sharing the Personal Information described above will depend on the Personal Information concerned and the context in which we collect it. However, we will normally collect and/or process your Personal Information pursuant to one or more of the following legal bases:
In some limited cases, we may need the Personal Information to protect your vital interests or those of another person; for example, we may need to share your Personal Information with third parties for security reasons (when we believe in good faith that disclosure is necessary to protect our rights, protect your or others’ safety, to investigate fraud, or respond to a related government request). If we ask you to provide Personal Information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and let you know whether the provision of your Personal Information is mandatory or not (as well as the possible consequences if you do not provide it). Similarly, if we collect and use your Personal Information in reliance on our legitimate interests (or those of a third party) that are not listed above, we will make clear to you at the relevant time what those legitimate interests are. If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Information, please contact us using the contact details provided in the “Contact us” section below.
EUROPEAN UNION AND UNITED KINGDOM – RESIDENT SPECIFIC RIGHTS UNDER GDPR, DPA AND UK GDPR
If you are a resident of EU, or UK, you have the following data protection rights regarding your Personal Information collected by us:
Your Right to Access
If you ask us, we will confirm whether we are processing your Personal Information and, if so, provide you access to the following information: the purpose of processing, categories of data processed, the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations, where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period, the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the Data Subject or to object to such processing; the right to lodge a complaint with a supervisory authority; where the personal data are not collected from the Data Subject, any available information as to their source; the existence of automated decision-making, including profiling. A copy of that Personal Information undergoing processing and the same shall be provided in commonly used electronic form unless otherwise requested by you at free of cost. If you require additional copies, we may charge a reasonable fee for producing those additional copies.
Your Right to Rectification
If the Personal Information we hold about you is inaccurate or incomplete, you are entitled to have it rectified. If we have shared your Personal Information with others, we will let them know about the rectification where possible. If you ask us, where possible and lawful to do so, we will also tell you who we have shared your Personal Information with so that you can contact them.
Your right to erasure
Subject to the provisions of the GDPR, DPA and UK GDPR, you can ask us to delete or remove your Personal Information in some circumstances, such as where we no longer need it or where you withdraw your consent (where applicable). If we have shared your Personal Information with others, we will take reasonable endeavours including technical measures to erase the personal data and let them know about the request of erasure from you of any links, copy or replication of Personal Information where possible. If you ask us, where it is possible and lawful for us to do so, we will also tell you who we have shared your Personal Information with so that you can contact them directly. However, you understand that we shall not be obligated to erase the Personal Information to the extent that processing is necessary for (i) exercising the right to freedom of expression and information (ii) for compliance with legal obligation which requires processing by law to which we are subject to and for the performance of a task carried out in public interest (iii) for the establishment, exercise or defence of legal claims.
Your right to restrict processing
You can ask us to “block” or suppress the processing of your Personal Information in certain circumstances such as where you contest the accuracy of that Personal Information, or you object to us processing it for a particular purpose. This may not mean that we will stop storing your Personal Information but, where we do keep it, we will tell you if we remove any restriction that we have placed on your Personal Information to stop us processing it further. If we have shared your Personal Information with others, we will let them know about the restriction where it is possible for us to do so. If you ask us, where it is possible and lawful for us to do so, we will also tell you who we have shared your Personal Information with so that you can contact them directly. However, with your prior consent process the data restricted by you for the establishment, exercise, defence of legal claims for the protection of the rights of another legal person or for the reasons of public interest.
Your right to data portability
You have the right, in certain circumstances, to obtain Personal Information you have provided to us (in a structured, commonly used, and machine-readable format) and to reuse it elsewhere or to ask us to transfer it to your chosen third party.
Your right to object
You can ask us to stop processing your Personal Information, and we will do so, if we are: (i) relying on our own or someone else’s legitimate interest to process your Personal Information, except if we can demonstrate compelling legal grounds for the processing; or (ii) processing your Personal Information for direct marketing purposes.Your rights in relation to automated decision-making and profiling– You have the right not to be subject to a decision when it is based on automatic processing, including profiling, if it produces a legal effect or similarly significantly affects you, unless such profiling is necessary for the entering into, or the performance of, a contract between you and us.
Your right to withdraw consent
If we have collected and processed your Personal Information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information conducted in reliance on lawful processing grounds other than consent.
Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within ten (10) business days of receiving it.
Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue the Services to you and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing in the manner described in clause 9(c)(i) above. Please note that withdrawing consent does not affect our right to continue to collect, use and disclose your Personal Information where such collection, use and disclose without consent is permitted or required under PDPA.
Your right to opt out of marketing communications
You have the right to opt-out of marketing communications we send you at any time. you can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing emails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), please contact us using the contact details provided in the “Contact us” clause below.
Your right to lodge a complaint with the supervisory authority
If you have a concern about any aspect of our privacy practices, including the way we have handled your Personal Information, please contact us using the contact details provided in the “Contact us” clause below. You also have the right to complain to a data protection authority in the member state of your residence or the place of the alleged infringement. You can find a list of contact details for all EU supervisory authorities at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. The UK data protection regulator is the Information Commissioner’s Office and contact details can be found at https://ico.org.uk. If you wish to exercise any of the above-mentioned rights in relation to your Personal Information (hereinafter referred to as a “Request”), you can do so at any time by contacting us using the details in ‘Contact us’ clause below. We will deal with your Request with special care to ensure your rights can be exercised effectively. You understand that we shall only process your Request after we have verified your identity which may mean requesting further information from you. We shall endeavour to respond to your Request and inform you on the actions taken, within one 1 month from your Request or within a reasonable timeframe in accordance with GDPR, DPA or UK GDPR. However, you must be aware that, in particular cases (for instance, due to legal requirements) we may not be able to make your Request effective right away. However, your enforcement of the rights as a Data Subject can be exercised subject to the provisions under the GDPR, DPA or UK GDPR.
CALIFORNIA – RESIDENT SPECIFIC RIGHTS UNDER CCPA
CCPA provides the Consumer with specific rights regarding their Personal Information. Right to Request Access and Data Portability. You have the right to request access to the Personal Information that we collected from you and that we disclose such information to you about our collection and use of your personal information over the past 12 months. You shall submit a verifiable consumer request to access the information. Once such verifiable request form is approved by us, we shall disclose to you the following in a usable format which can be transferred by you to other entities without hindrance.
We can provide you the Personal Information at any time but shall not be required to provide Personal Information to you more than twice in a 12-month period according to CCPA. As per CCPA, we are not required to do the following: Retain any personal information about a Consumer collected for a single one-time transaction if, in the ordinary course of business, that information about the Consumer is not retained. Reidentify or otherwise link any data that, in the ordinary course of business, is not maintained in a manner that would be considered personal information. Deletion Request Rights You have the right to delete any of your Personal Information provided to us.
You may submit a verifiable consumer request to delete the Personal Information provided to us and also to direct the service providers with whom we have shared your Personal Information from their records. However, we shall not be required to comply to your request of deletion if is necessary for us or for our service provider to maintain your Personal Information in order to: Complete the transaction for which the personal information was collected, provide a good or service requested by the Consumer, or reasonably anticipated within the context of a business’s ongoing business relationship with the Consumer, or otherwise perform a contract between the business and the Consumer. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity. Debug to identify and repair errors that impair existing intended functionality. Exercise free speech, ensure the right of another Consumer to exercise his or her right of free speech, or exercise another right provided for by law. Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the businesses’ deletion of the information is likely to render impossible or seriously impair the achievement of such research, if the Consumer has provided informed consent. To enable solely internal uses that are reasonably aligned with the expectations of the Consumer based on the Consumer’s relationship with the business. Comply with a legal obligation.Otherwise use the Consumer’s personal information, internally, in a lawful manner that is compatible with the context in which the Consumer provided the information. Personal Information Sales Opt-Out Rights You shall, at any time, have the right to direct us to not to sell your Personal Information to any third parties. we do not sell Your Personal Information and will not sell it without your prior consent. However, You can enforce Your Opt-Out Right by clicking “DO NOT SELL MY INFORMATION” on the homepage of our Platform. Non-Discrimination we shall not discriminate against you for exercising your rights under CCPA. we shall not: Deny you goods or services. Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.Provide you a different level or quality of goods or services. Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services. However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA - permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.
Exercising Access, Portability and Deletion Rights in order to exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by sending an email to privacy@kula.ai. A verifiable consumer request related to you can only be made by you or any of your legal representatives. The request for access or data portability can be only made twice within a 12-month period. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. Through the verifiable request form you must provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorised representative and to properly understand, evaluate, and respond to it. Please note that we will not be able to your request or provide you with the Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. It is clarified that you need not create an Account with us to make a verifiable consumer request. we shall endeavour to deliver and disclose to you the required information within forty-five (45) days of receipt of verifiable consumer request. we shall reasonably notify you in case we need more time (up to 90 days) for disclosing information to you. If you have an Account with us, we shall deliver the information to your Account in a readable format which you can transmit to other entities without hindrance.
INDIA – RESIDENT SPECIFIC RIGHTS UNDER SPDI
In certain circumstances, you have the right to access the Personal Information that we hold about you and to correct, update, or request deletion of your Personal Information. Prior to the fulfilment of your request concerning your Personal Information, we will ask you to verify your identity before we can act upon your request. You have the following rights:The right to request proper rectification, removal, or restriction of your Personal Information;The right to require free of charge (1) confirmation of whether we process your Personal Information and (2) access to a copy of the Personal Information retained;The right to take legal actions in relation to any breach of your rights regarding the processing of the Personal Information, as well as to lodge complaints before the competent data protection regulators.The right not to be subject to any automatic individual decisions which produces legal effects on you or similarly significantly affects you;Where the processing of your Personal Information is based on your consent, the right to withdraw your consent at any time without impact to data processing activities that have taken place before such withdrawal or to any other existing legal justification of the processing activity in question;Where processing of your Personal Information is either based on your consent or necessary for the performance of a contract with you and processing is carried out by automated means, the right to receive the Personal Information concerning you in a structured, commonly used, and machine-readable format or to have your Personal Information transmitted directly to another company, where technically feasible (data portability);As far as we process your Personal Information on the basis of our legitimate interests, you can object to processing at any time. You can find a detailed description of our processing activities and the legal basis in the clauses above. If you object to such processing, we ask you to state the grounds of your objection in order for us to examine the processing of your Personal Information and decide whether to adjust the processing accordingly.
AUSTRALIA AND NEW ZEALAND – RESIDENT SPECIFIC RIGHTS UNDER AUSTRALIAN PRIVACY ACT AND NZ PRIVACY ACT
We broadly align Australian and New Zealand Privacy Principles, put forth by the respective governments. Australian and New Zealand Privacy Principles emphasise on appropriate treatment of Personal Information as per the below principles and practices.Right to access and correction of Personal InformationIf you wish to make: an access request for access to a copy of the Personal Information which we hold about you or information about the ways in which we use or disclose your Personal Information, ora correction request to correct or update any of your Personal Information which we hold about you, you may submit your request in writing or via email at the contact details provided in the “Contact us” clause below.You can also make an urgent request to access and/or correct your Personal Information. However, you are required to state the reason why such a request should be treated as urgent. Please note that a reasonable fee may be charged for an access or correction request. If so, we will inform you of the fee before processing your request.We will respond to your request within the timelines prescribed under the Applicable Laws, as the case may be, from the date of receiving your access or correction requestor as soon as reasonably possible. If we are unable to provide you with any Personal Information or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the Australian Privacy Act and NZ Privacy Act).Please note that depending on the request that is being made, we will only need to provide you with access to your Personal Information contained in the documents requested, and not to the entire documents themselves. In those cases, it may be appropriate for us to simply provide you with confirmation of your Personal Information that we have on record, if the record of your Personal Information forms a negligible part of the document.Right to complaintYou shall also have a right to make a complaint to the Commissioner under the Australian Privacy Act and NZ Privacy Act, if you have issues with fee charged by us for an access or correction request or if your access or correction request has not been responded by us or If your access or correction request has been refused by us.Other rightsYou are also entitled to other rights and interest pertaining to your Personal Information under the Australian Privacy Act and NZ Privacy Act. Right to object direct marketing we will only use your Personal Information for direct marketing after obtaining your consent. You shall, at any time, have the right to direct us to not to use your Personal Information for direct marketing under Australian Privacy Act.
SPECIFIC RIGHTS AND PROVISIONS UNDER SINGAPORE – PERSONAL DATA PROTECTION ACT (PDPA) We generally do not collect your Personal Information unless:it is provided to us voluntarily by you directly or via a third party who has been duly authorised by you to disclose your Personal Information to us (your “Authorised Representative”) after:you or your Authorised Representative have been notified of the purposes for which the your Personal Information is collected, and you or your Authorised Representative have provided written consent to the collection and usage of your Personal Information for those purposes, or collection and use of your Personal Information without your consent is permitted or required by the PDPA. Further, if necessary, we shall also seek your consent before collecting any other additional Personal Information.
We may collect or use your Personal Information, or disclose existing Personal Information for secondary purposes that differ from the primary purpose which it had originally collected for pursuant to clauses 1, 2 and 3 above. If we intend to rely on deemed consent by notification for such secondary purposes, we will notify you of the proposed collection, use or disclosure of your Personal Information through appropriate mode(s) of communication.
Before relying on deemed consent by notification, we will assess and determine that the collection, use and disclosure of the your Personal Information will not likely have an adverse effect on you.You will be given a reasonable period to inform us if you wish to opt-out of the collection, use and disclosure of your Personal Information for such purposes.
After the lapse of the opt-out period, you may notify us that you no longer wish to consent to the purposes for which your consent was deemed by notification by withdrawing your consent for the collection, use or disclosure of your Personal Information in relation to those purposes.
If you wish to make: an access request for access to a copy of the Personal Information which we hold about you or information about the ways in which we use or disclose your Personal Information, ora correction request to correct or update any of your Personal Information which we hold about you, you may submit your request in writing or via email to our Data Protection Officer at the contact details provided below.Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.We will respond to your request as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any Personal Information or to make a correction requested by you, we shall generally inform You of the reasons why we are unable to do so (except where we are not required to do so under the PDPA)Please note that depending on the request that is being made, we will only need to provide you with access to your Personal Information contained in the documents requested, and not to the entire documents themselves. In those cases, it may be appropriate for us to simply provide you with confirmation of your Personal Information that we have on record, if the record of your Personal Information forms a negligible part of the document.Please note that your right to access the Personal Information shall be subject to the provisions under PDPA.
TRANSFER AND INTERNATIONAL TRANSFER
We or our appointed service providers shall collect, use, process, store and disclose your Personal Information outside your home countries, to provide our Services. Such outside countries may have data protection and privacy laws that are different from the laws of your home countries. We only transfer Personal Information to another country in accordance with the Applicable Laws, provided there are legally adequate protections in place for the Personal Information.
Further, transfer of your Personal Information also include:
a) In the event that we undergo reorganisation, are sold to, or merged with a third party, or sell all or substantially all of our assets, any Personal Information we hold about you may be transferred to that re-organized entity or third party in compliance with applicable law;
b) In the unlikely event of our bankruptcy, insolvency, reorganisation, receivership, or assignment for the benefit of creditors, or the application of laws or equitable principles affecting creditors’ rights generally, we may not be able to control how your Personal Information is treated, transferred, or used.
In certain situations, we may be required to disclose your Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We strive to keep our processing activities with respect to your Personal Information as limited as possible.
For EU and UK’s Data Subjects: For your Personal Information transferred from the EU, or UK to us in other countries, and for onward transfers of your Personal Information to our appointed services providers, we and our appointed service providers will protect your Personal Information when it is transferred from the EU, or UK to other countries by: Processing your Personal Information in a territory which the EU and/or UK authorities (or other relevant governmental authority) has determined provides an adequate level of protection for Personal Information or Implementing appropriate safeguards to protect your Personal Information, including through the use of Standard Contractual Clauses(SCCs) or another lawful transfer mechanism approved by the EU and/or UK authorities (or other relevant governmental authority). For other international transfers of your Personal Information from the EU, and the UK, we shall implement such measures as are necessary to ensure that appropriate safeguards are provided to your transferred Personal Information, as agreed with you.
RETENTION OF PERSONAL DATA/ INFORMATION
We shall retain your Personal Information or other information (“Your Data”) for a period of 90 days from the date of deletion of your Account as per our Data Deletion Policy (wherein, the said policy shall be shared only upon the request placed by you to us) and/or for a period as long as we need it to fulfil the purpose for which we have collected it and/or if applicable, as long as required by statutory retention requirements and/or according to the timeframes set forth under the Applicable Laws. Thereafter, Your Personal Information shall be permanently removed (except when required by law to retain). We make no representation or warranty with respect to any duty to permanently store any information you may provide or that we otherwise collect about you except as required under the Applicable Laws. Please note that statutory storage obligations or the need for legal actions that may arise from misconduct within the Platform can lead to a longer retention of your Personal Information. By using the Platform and providing us with information (including Personal Information), you waive any claims that may arise under your own or any other local or national laws, rules or regulations or international treaties. we may from time-to-time transfer or merge your information collected off-line to our online databases or store off-line information in an electronic format.
PROTECTION OF PERSONAL DATA/ INFORMATION
We follow generally accepted standards to protect the Personal Information submitted to us, both during transmission and once we receive it. Since no method of transmission over the Internet, or method of electronic storage, is 100% secure, therefore, we cannot guarantee its absolute security. If you have any questions about security on our Platform, you can contact us at privacy@kula.ai. We use a combination of firewalls, encryption techniques and authentication procedures, among others, to maintain the security of your online session and to protect our online accounts and systems from unauthorised access.
When you register for the Services, we require a password from you for your privacy. We transmit information such as your login credentials for Platform or account credentials securely. Our servers are in secure facilities(through our processor, Amazon Web Services).
Our databases are protected from general employee access both physically and logically. we encrypt your Service password so that your password cannot be recovered, even by us. All backup drives also are encrypted.
We enforce physical access controls to our buildings. No employee can put Personal Information on any insecure machine (i.e., nothing can be taken from the database and put on an insecure laptop). We permit only authorised employees who are trained in the proper handling of customer information, to have access to aforesaid Personal Information.
PRIVACY OF CHILDREN
Kula recognizes the importance of children's safety and privacy and is sensitive to these issues. Kula does not request, or knowingly collect, any Personal Data from children under the age of 18. If a parent or guardian becomes aware that his or her child has provided us with Personal Data, they should write to us at the email privacy@kula.ai.
LINK TO THIRD PARTY WEBSITES
The Platform may include links to other websites, mobile applications, or services (“Third Party Sites”), whose privacy practices may differ from those set forth herein. Such links are not an endorsement by us of those third-party Sites and/or the products or services they offer. If you visit Third Party Sites or submit Information to any of those Third-Party Sites, your visit and Information is governed by their privacy policy. We encourage you to carefully read the privacy policy of any Third-Party Site you visit, as it may differ substantially from that of this Policy. we make no representations or warranties with respect to, nor are we responsible for the privacy policies of, any Third-Party Sites. If you decide to click on any such links or access any Third- Party Sites appearing on the Platform, you do so at your own risk.
INTIMATION BY YOU REGARDING CHANGE IN PERSONAL INFORMATION
We generally rely on Personal Information provided by you. In order to ensure that your Personal Information shall be current, complete and accurate.If your Personal Information provided to us when you had registered Yourself in our Platform changes, you must update it as soon as possible. To review and update your Personal Information through the “Edit” option in our Platform.
Note. If you wish to cancel your account or request that we no longer use your information to provide you Services, you can request us to delete the Account. However, we shall retain your information subject to clause 11 of this Policy. For Singapore’s residents:If there are changes to your Personal Information, please update us by informing our Data Protection Officer in writing or via email at the contact details provided below. Further, you also have an option to review and update your Personal Information through the “Edit” option in our Platform.
EMAIL NOTIFICATIONS AND OPT – OUT
We maintain a strict “no-spam” policy. Unless you requested otherwise in your account settings at the time of your initial registration or specifically opt out as provided herein, by accepting the Terms of use and this Policy, you expressly agree that we may use your information to contact you by email in order to deliver you information that is relevant to your use of the Platform such as administrative notices, product/service enhancements or “newsletters”, or that, in some cases, is targeted to your interests, such as information about Service/functionalities offerings that we believe you may be interested in learning more about. In the event of an intellectual property claim, we may transfer your contact details with the claimant for contacting you to resolve the infringement claim directly with you. You may choose to stop receiving these email communications from us by following the “unsubscribe” instructions included in such communications. If a third-party vendor provides such newsletters, you may unsubscribe in accordance with the instructions provided by such a third party. If you are having problems unsubscribing, please contact us at privacy@kula.ai (and you will be removed within seven (7) business days. Please note that we will not process any unsubscribe requests submitted as direct replies to any newsletter.
CONFIDENTIALITY OF YOUR LOGIN ID AND PASSWORD
You are responsible for maintaining the security of your login ID and Password and must not provide these credentials to any third party. If you believe that they have been stolen or been made known to others, you must contact us immediately at security@kula.ai. We are not responsible if someone else accesses your account through the login credential they have obtained from you or through a violation by you of this Policy or our Terms of use. If you have any security related concerns, please contact us at security@kula.ai. We will work closely with you to ensure a rapid and personal response to your concerns.
PRIVACY OFFICER/ DATA PROTECTION OFFICER
In case of any complaints, or concerns with regards to the use, processing and disclosure of Personal Information provided by you; any enquiries or feedback on our personal data protection policies and procedures; and/or any breach of this Policy or any applicable law should immediately be informed to the designated Privacy Officer / Data Protection Officer, as the case may be mentioned below:
Name - Achuthanand Tanjore Ravi
Email - privacy@kula.ai
CHANGES TO POLICY
We may update this Policy from time to time. When we update the Policy, we will notify you by updating the “Last Updated” date at the top of this Policy and posting the new Policy and providing any other notice required by applicable law.
CONTACT US
In the event that you wish to make a complaint or request concerning your Personal Information or our privacy practices, or have questions, concerns, or comments about this Policy, please contact us in the first instance at privacy@kula.ai and we will endeavour to deal with your request as soon as possible. This is without prejudice to your right to launch a claim with your data protection authority or follow the dispute process set forth in the Terms of use.
Kula Technologies Inc. having its registered office at 3500 South Dupont Highway, City of Dover, Delaware, United States of America – 19901 and having its place of business at 340 S Lemon Ave #6070 Walnut , CA 91789, USA and also at #32-01, 80 Raffles Place, UOB Plaza Tower 1, Singapore – 048 624 (hereinafter referred to as “Kula”/ “We”/ “us”/ “our”), on behalf of itself and its affiliates/group companies under the brand ‘Kula’, operates the website and the application ‘Kula’ (together referred to as “Platform”). This Privacy Policy (hereinafter referred to as “Policy”), helps you in using/accessing the Platform, the Services therein, our websites and all our products, service offerings and other related applications and to understand the type of information collected; the purpose for which the information is collected; how the information is used; the intended recipients of such information; when it might be disclosed and how you can control the collection, correction and/or deletion of your information and how the information is protected. We take protection and proper use of your information seriously and are committed to protecting such information in our possession. We advise you to read this Policy carefully prior to your access of Platform, use of Services, or creation of an Account on the Platform, as the case may be. If you do not agree to this Policy, please do not access our Platform, use our Services, or create an Account in our Platform.
If we learn that we have collected the Personal Information (defined below) from a subscriber who is under the age of 16 that was not provided under the supervision and consent of the minor’s parents or guardians, we will promptly delete such information. If you believe that we have collected Personal Information from someone under the age of 16, please contact us at privacy@kula.ai.
This Policy is published and shall be construed to be in accordance with the provisions of the General Data Protection Regulation 2016/679 (“GDPR”), United Kingdom’s Data Protection Act 2018 (“DPA”), UK General Data Protection Regulation (“UKGDPR”), California Consumer Protection Act (“CCPA”), Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data of Information) Rules, 2011 (“SPDI”) under the Information Technology Act, 2000, Personal Data Protection Act, 2012 (“PDPA”), broadly aligning with the Australian Privacy Act 1988 (“Australian Privacy Act”), Privacy Act, 2020 (“NZ Privacy Act”) and the other applicable data protection /data privacy statutes, if any, rules, regulations and other bye-laws in force made thereunder, in the territories of UK, Europe, USA, India, Singapore, Australia and New Zealand (collective referred as “Applicable Laws”) that require publishing of the privacy notice for collection, usage, storage, disclosure and transfer of sensitive personal data or information to the extent we collect and process the personal information as a business and/or service provider.
Kula’s services are intended for use by businesses. Where the service(s) are made available to you through a subscriber, that business is the Controller of your Personal Information. Your data privacy questions and subject access requests should be submitted to Kula’s Subscriber in its capacity as your Controller. If you are an individual who interacts with a Subscriber using our Services, then you will be directed to contact our Subscriber for assistance with any requests or questions relating to your Personal Information. Kula is not responsible for Subscribers’ privacy or security practices which may be different from this Policy. Subscribers to our Services are solely responsible for establishing policies for and ensuring compliance with all applicable laws and regulations, as well as all privacy policies, agreements or other obligations, relating to the collection of Personal Information in connection with the use of our Services by End users. We collect information under the direction of our Subscribers and have no direct relationship with individuals whose Personal Information we process in connection with our Subscriber’s use of our Services. With the exception of Personal Information collected when you register for an account to access or utilize Kula’s Services and other information, this Policy does not apply in connection with access and use of Kula’s Service(s). Kula’s Platform, Website(s) and Service(s) may contain links to other Websites. If you click on a third-party link, you should read their privacy policy. Kula encourages you to review the privacy statements of any such other websites to understand their personal data practices.
If you are a resident of the European Union (“EU”) or United Kingdom (“UK”), you shall be referred as Data Subject as per the relevant provisions of GDPR, DPA or UK GDPR, respectively, when we collect and process your Personal Information for providing the Services. If you are a resident of California, U.S.A, You shall be referred as Consumer as per the relevant provisions of CCPA when we collect and process your Personal Information for providing the Services.If you are a resident of Australia or New Zealand or Singapore, you shall be referred as Individual as per the relevant provisions of Australian Privacy Act or NZ Privacy Act, or PDPA, respectively, when we collect and process your Personal Information for providing the Services. Further, our collection, use, and disclosure of your Personal Information is limited to the processing permitted in our Terms of use, Master Services Agreement (if subscribed to our Services) in case you Subscribe to our Services and Data Processing Agreement executed between you and us in order to render our Services.
DEFINITIONS
The capitalized terms used in this Policy shall have the meaning as provided herein below. Other capitalized terms used in this Policy shall have the meaning respectively assigned to them elsewhere in this Policy.
Is Kula a data processor or a data controller?
Data Controller
A “data controller” is the party that alone or jointly with others determines the purposes and means of the processing of personal data, and processes the personal data for its own purposes. While using Kula to engage with candidates, our customers(Subscribers) are the data controllers because they determine the purpose (e.g. recruiting a candidate) and the means (using Kula) of processing the personal data. Separately, Kula is a data controller for the personal data associated with customers’ Kula account (e.g. your business contact information) because we control the means and purposes of this processing for our use: invoicing, to communicate information about their account and for other administrative functions.
Data Processor
Kula is the “data processor” because we process personal data of candidates on behalf of our customers(Subscribers) under an agreement in which they tell us what data to process, for what purpose(s), how long we can keep that data, and any restrictions they impose on our use of their data.
WHAT KIND OF INFORMATION DO WE COLLECT?
When you create an account with us or access our Platform and/or use the Services provided by us, we shall collect certain information from you, the details of which are provided below.
Personal Information
Any information that relates to you as a natural person, which, either directly or indirectly, in combination with other information available or likely to be available to a body corporate, is capable of identifying you and any further information, including, without limitation, provided by you to us when you
(a) subscribe for any of Kula’s Services/Platform by signing-up such as complete name and address, contact number, email address, social media credentials and any other identifiers and any other sensitive/personal information as defined under the Applicable Laws as amended from time to time;
(b) use or view Kula’s Platform which may result in personal information/data being collected via your browser’s Cookies;
(c) submit web forms on our Platform or as you use interactive features of the Platform, including participation in surveys, contests, promotions, sweepstakes,
(d) request customer support, or otherwise communicate with us; or
(e) when you use the Services, Kula automatically collects information on the type of device you use, and the operating system version, to perform our agreement with you (“Personal Information”).
Usage Information Any information that is not Personal Information, but information collected in relation to your use of the Platform or information required for the proper functioning and development of the Platform, including, without limitation: (i) time, date and extent of your usage of the Platform; (ii) your usage and search history within the Platform, (iii) device settings; (iv) time zone, language, screen resolution, and other usage preferences you select when using the Platform; (v) the URL or advertisement that may have directed you to the Platform; (vii) other device and Platform access information viz., your IP address, operating system, browser type, referring/exit pages, and other unique device identifiers, as well as your push notification token.
Behavioural Information we shall collect information which is connected with your activity on the Platform and opt-ins and communication preferences.
Location Data Information about your location when accessing and/or using the Platform.
Cookies
We, our service providers and business partners set essential cookies that enable core functionality such as security, network management, and accessibility. you may not opt-out of these cookies. However, you may disable these by changing your browser settings, but this may affect how the Platform functions. We, our service providers and business partners use Google Analytics cookies to help and improve our Platform by collecting and reporting information on how you use the platform, services or websites. The cookies collect information in a way that does not directly identify anyone. we also set cookies to collect information that is used either in aggregate form to help us understand how our Platform is being used or how effective their marketing campaigns are, to help customise the Platform for you or to make advertising messages more relevant to you. Further, subject to this Clause, you shall also agree to our Cookie Policy
Transaction and Payment Information:
We or our authorised payment gateway solution providers, as the case may be, collect information such as billing address, credit/debit card number, its expiration date or any other payment instrument details and transaction details or any other third-party payment information of you.
Third party Information
Information about you that we may receive from third parties services, such as advertising partners, data providers and analytics providers.We may collect your third-party social media networks information including your contact lists for these Services and information relating to your use of the Platform in relation to these Services, if you choose to link or sign up using a third-party social network or login service (such as Facebook, Twitter, Instagram, or Google). If you link your Account in our Platform to another service, we may receive information about your profile information from that service.
HOW DO WE USE YOUR INFORMATION?
As explained below, we use your information to improve, support and administer the Platform and our Services, to allow you to use its functionalities, and to fulfil and enforce our Terms of use. We may also use your information to, among other things, show you suggestions, promote the Platform, and customize your ad experience.We generally use the information we collect for the following purposes: to structure the Services provided to the Subscribers through the Platform- to fulfill requests for Services, Platform functionality, support and information for internal operations, including troubleshooting, data analysis, testing, research, statistical, and survey purposes; To communicate with you, including to notify you about changes in our services; quality assurance purposes - to improve and develop our Platform and conduct service development - to customize the Services, you see when you use the Platform, to enforce our terms, conditions, and policies - to prove your identity in order to use certain features - to combine all the information, we collect or receive about you for any of the foregoing purposes - to maintain security and help us detect abuse, fraud, and illegal activity on the Platform - to understand how you use the Platform, including across your devices- to support the social functions of the Platform - to make suggestions and provide a customized ad experience - to send promotional materials from us or on behalf of our affiliates and trusted third parties - to measure and understand the effectiveness of the advertising we serve to you and others and to deliver advertising; consistent with your permissions, to provide you with location-based services, such as advertising and other personalized content- for any other purposes disclosed to you at the time we collect your information or pursuant to your consent. However, If you have given us your information, we shall use all the data collected to: (i) Contact you for taking Services feedback and (ii) Processing payment instructions including those through independent third party service providers such as payment gateways, banking and financial institutions, pre-paid instrument and wallet providers for processing of payment transaction or deferral of payment facilities. We shall not sell or rent your Personal Information to anyone, for any reason, at any time. However, for legitimate business reasons, we might share your Personal Information with our service providers, business partners or processors. If we need to process your Personal Information for an incompatible purpose not discussed in this Policy, we will provide notice to you and, if required by law, seek your consent. We may process your Personal Information without your knowledge or consent only where required by Applicable Laws on a Legitimate legal basis. To the extent you are a resident of the EU or UK, we do not subject your Personal Information to automated decision-making as per the provisions of GDPR, DPA or UK GDPR. The purposes listed in the above clauses may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a period of 90 days from the date of such termination or alteration (including, where applicable, a period to enable us to enforce our rights under any contract with you).
WITH WHOM DO WE SHARE YOUR INFORMATION?
When we disclose the Personal Information for a business purpose as mentioned above, we enter into a contract that describes the purpose and requires the recipient to keep both confidential and Personal Information and not use it for any purpose except performing the contract. We want you to understand when and with whom we may share the information we collect for business purposes. Your information is shared with others who have a legitimate purpose for processing or accessing it in the following ways:
Legal Reasons - we may disclose any of the information we collect to respond to summons, court orders, legal process, law enforcement requests, legal claims, or government inquiries, and to protect and defend the rights, interests, safety, and security of us, the Platform, our affiliates, users, or the public. We may also share any of the information we collect to enforce any terms applicable to the Platform, to exercise or defend any legal claims, and comply with any applicable laws.
Sale, Merger, or Other Business Transfer - We may share all of the information we collect in connection with a substantial corporate transaction, such as the sale of a Platform, a merger, consolidation, asset sales, or in the unlikely event of bankruptcy.
Service Providers, Business Partners
We share the categories of Personal Information listed above with service providers and business partners (including those located outside your country) to help us perform business operations and for business purposes, including research, payment processing and transaction fulfilment, database maintenance, administering contests and special offers, technology services, deliveries, sending communications, advertising, analytics, measurement, data storage and hosting, disaster recovery, search engine optimization, marketing, and data processing. These service providers and business partners may include: advertising, marketing, and analytics vendors, who may receive the information you choose to provide, the information we obtain from other sources, and the information we collect automatically but would not receive your payment information or message data. Payment processors and transaction fulfilment providers, who may receive the information you choose to provide, the information we obtain from other sources, and the information we collect automatically but who do not receive your message data.Cloud providers, who may receive the information you choose to provide, the information we obtain from other sources, and the information we collect automatically. Research providers, who may receive the information you choose to provide, the information we obtain from other sources, and the information we collect automatically but would not receive your payment information or message data. Customer and technical support providers, who may receive the information you choose to provide, the information we obtain from other sources, and the information we collect automatically.
Third Parties
We may share aggregated usage information and may otherwise disclose non-Personal Information that we collect to third parties. However, absent your prior consent, we will share your Personal Information with third parties only in the ways that are described in this Policy, including as set forth below.
We may use third parties to outsource one or more aspects of our business and/or Platform operations (such as email or customer service functions, data processing, web analytics, maintenance, online advertising, and security execution and clearing services), in which case, we may provide your Personal Information to such third parties in connection with the performance of such activities. Such third parties will only use your Personal Information to the extent necessary to perform their functions and will be contractually bound to process your Personal Information only on our behalf and in compliance with our requests. We will also share your information with any member, subsidiary, parent or affiliate of our corporate group, to assist in the improvement and optimization of the Platform, in order to prevent illegal uses, increase subscriber numbers, development, engineering and analysis of information or for our internal business purposes.In the unlikely event of our bankruptcy, insolvency, reorganisation, receivership, or assignment for the benefit of creditors, or the application of laws or equitable principles affecting creditors’ rights generally, we may not be able to control how your Personal Information is treated, transferred, or used.
For Gmail users, Kula needs permissions to some restricted scopes and the usage of each are explained below
mail.google.com permission: mail.google.com permission will be used to send and receive Flow emails and also delete Flow emails from the Sender’s mailbox.
gmail.readonly permission: gmail.readonly permission will be used to receive and read the email replies of a candidate to an Flow and update the Flow stages and allow the recruiter to follow-up with the candidate. This permission is used for customers who allow only restrictive control over their mailbox.
gmail.compose permission: gmail.compose permission will be used to send emails to candidates added to an ouFlowtreach. This permission is used for customers who allow only restrictive control over their mailbox.
userinfo.email permission: userinfo.email permission will be used to allow recruiters to sign-in using Google OAuth2.
userinfo.profile permission: userinfo.profile permission will be used to allow recruiters to sign-in using Google OAuth2 and get details like their name from Google.
All the data collected through the Google OAuth restricted scopes will not be shared to any third parties and the association will be removed when the user is deactivated. Kula's use of information received, and App's transfer of information to any other app, from Google APIs will adhere to Google's Limited use Requirements.
Gmail API Disclosure: Kula’s use and transfer to any other app of information received from Google APIs will adhere to Google API Services user Data Policy, including the Limited use requirements.
WHAT LEGAL BASIS DO WE RELY ON TO PROCESS YOUR PERSONAL INFORMATION?
Our legal basis for collecting, using and sharing the Personal Information described above will depend on the Personal Information concerned and the context in which we collect it. However, we will normally collect and/or process your Personal Information pursuant to one or more of the following legal bases:
In some limited cases, we may need the Personal Information to protect your vital interests or those of another person; for example, we may need to share your Personal Information with third parties for security reasons (when we believe in good faith that disclosure is necessary to protect our rights, protect your or others’ safety, to investigate fraud, or respond to a related government request). If we ask you to provide Personal Information to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and let you know whether the provision of your Personal Information is mandatory or not (as well as the possible consequences if you do not provide it). Similarly, if we collect and use your Personal Information in reliance on our legitimate interests (or those of a third party) that are not listed above, we will make clear to you at the relevant time what those legitimate interests are. If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Information, please contact us using the contact details provided in the “Contact us” section below.
EUROPEAN UNION AND UNITED KINGDOM – RESIDENT SPECIFIC RIGHTS UNDER GDPR, DPA AND UK GDPR
If you are a resident of EU, or UK, you have the following data protection rights regarding your Personal Information collected by us:
Your Right to Access
If you ask us, we will confirm whether we are processing your Personal Information and, if so, provide you access to the following information: the purpose of processing, categories of data processed, the recipients or categories of recipient to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisations, where possible, the envisaged period for which the personal data will be stored, or, if not possible, the criteria used to determine that period, the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data concerning the Data Subject or to object to such processing; the right to lodge a complaint with a supervisory authority; where the personal data are not collected from the Data Subject, any available information as to their source; the existence of automated decision-making, including profiling. A copy of that Personal Information undergoing processing and the same shall be provided in commonly used electronic form unless otherwise requested by you at free of cost. If you require additional copies, we may charge a reasonable fee for producing those additional copies.
Your Right to Rectification
If the Personal Information we hold about you is inaccurate or incomplete, you are entitled to have it rectified. If we have shared your Personal Information with others, we will let them know about the rectification where possible. If you ask us, where possible and lawful to do so, we will also tell you who we have shared your Personal Information with so that you can contact them.
Your right to erasure
Subject to the provisions of the GDPR, DPA and UK GDPR, you can ask us to delete or remove your Personal Information in some circumstances, such as where we no longer need it or where you withdraw your consent (where applicable). If we have shared your Personal Information with others, we will take reasonable endeavours including technical measures to erase the personal data and let them know about the request of erasure from you of any links, copy or replication of Personal Information where possible. If you ask us, where it is possible and lawful for us to do so, we will also tell you who we have shared your Personal Information with so that you can contact them directly. However, you understand that we shall not be obligated to erase the Personal Information to the extent that processing is necessary for (i) exercising the right to freedom of expression and information (ii) for compliance with legal obligation which requires processing by law to which we are subject to and for the performance of a task carried out in public interest (iii) for the establishment, exercise or defence of legal claims.
Your right to restrict processing
You can ask us to “block” or suppress the processing of your Personal Information in certain circumstances such as where you contest the accuracy of that Personal Information, or you object to us processing it for a particular purpose. This may not mean that we will stop storing your Personal Information but, where we do keep it, we will tell you if we remove any restriction that we have placed on your Personal Information to stop us processing it further. If we have shared your Personal Information with others, we will let them know about the restriction where it is possible for us to do so. If you ask us, where it is possible and lawful for us to do so, we will also tell you who we have shared your Personal Information with so that you can contact them directly. However, with your prior consent process the data restricted by you for the establishment, exercise, defence of legal claims for the protection of the rights of another legal person or for the reasons of public interest.
Your right to data portability
You have the right, in certain circumstances, to obtain Personal Information you have provided to us (in a structured, commonly used, and machine-readable format) and to reuse it elsewhere or to ask us to transfer it to your chosen third party.
Your right to object
You can ask us to stop processing your Personal Information, and we will do so, if we are: (i) relying on our own or someone else’s legitimate interest to process your Personal Information, except if we can demonstrate compelling legal grounds for the processing; or (ii) processing your Personal Information for direct marketing purposes.Your rights in relation to automated decision-making and profiling– You have the right not to be subject to a decision when it is based on automatic processing, including profiling, if it produces a legal effect or similarly significantly affects you, unless such profiling is necessary for the entering into, or the performance of, a contract between you and us.
Your right to withdraw consent
If we have collected and processed your Personal Information with your consent, then you can withdraw your consent at any time. Withdrawing your consent will not affect the lawfulness of any processing we conducted prior to your withdrawal, nor will it affect processing of your Personal Information conducted in reliance on lawful processing grounds other than consent.
Upon receipt of your written request to withdraw your consent, we may require reasonable time (depending on the complexity of the request and its impact on our relationship with you) for your request to be processed and for us to notify you of the consequences of us acceding to the same, including any legal consequences which may affect your rights and liabilities to us. In general, we shall seek to process your request within ten (10) business days of receiving it.
Whilst we respect your decision to withdraw your consent, please note that depending on the nature and scope of your request, we may not be in a position to continue the Services to you and we shall, in such circumstances, notify you before completing the processing of your request. Should you decide to cancel your withdrawal of consent, please inform us in writing in the manner described in clause 9(c)(i) above. Please note that withdrawing consent does not affect our right to continue to collect, use and disclose your Personal Information where such collection, use and disclose without consent is permitted or required under PDPA.
Your right to opt out of marketing communications
You have the right to opt-out of marketing communications we send you at any time. you can exercise this right by clicking on the “unsubscribe” or “opt-out” link in the marketing emails we send you. To opt-out of other forms of marketing (such as postal marketing or telemarketing), please contact us using the contact details provided in the “Contact us” clause below.
Your right to lodge a complaint with the supervisory authority
If you have a concern about any aspect of our privacy practices, including the way we have handled your Personal Information, please contact us using the contact details provided in the “Contact us” clause below. You also have the right to complain to a data protection authority in the member state of your residence or the place of the alleged infringement. You can find a list of contact details for all EU supervisory authorities at http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm. The UK data protection regulator is the Information Commissioner’s Office and contact details can be found at https://ico.org.uk. If you wish to exercise any of the above-mentioned rights in relation to your Personal Information (hereinafter referred to as a “Request”), you can do so at any time by contacting us using the details in ‘Contact us’ clause below. We will deal with your Request with special care to ensure your rights can be exercised effectively. You understand that we shall only process your Request after we have verified your identity which may mean requesting further information from you. We shall endeavour to respond to your Request and inform you on the actions taken, within one 1 month from your Request or within a reasonable timeframe in accordance with GDPR, DPA or UK GDPR. However, you must be aware that, in particular cases (for instance, due to legal requirements) we may not be able to make your Request effective right away. However, your enforcement of the rights as a Data Subject can be exercised subject to the provisions under the GDPR, DPA or UK GDPR.
CALIFORNIA – RESIDENT SPECIFIC RIGHTS UNDER CCPA
CCPA provides the Consumer with specific rights regarding their Personal Information. Right to Request Access and Data Portability. You have the right to request access to the Personal Information that we collected from you and that we disclose such information to you about our collection and use of your personal information over the past 12 months. You shall submit a verifiable consumer request to access the information. Once such verifiable request form is approved by us, we shall disclose to you the following in a usable format which can be transferred by you to other entities without hindrance.
We can provide you the Personal Information at any time but shall not be required to provide Personal Information to you more than twice in a 12-month period according to CCPA. As per CCPA, we are not required to do the following: Retain any personal information about a Consumer collected for a single one-time transaction if, in the ordinary course of business, that information about the Consumer is not retained. Reidentify or otherwise link any data that, in the ordinary course of business, is not maintained in a manner that would be considered personal information. Deletion Request Rights You have the right to delete any of your Personal Information provided to us.
You may submit a verifiable consumer request to delete the Personal Information provided to us and also to direct the service providers with whom we have shared your Personal Information from their records. However, we shall not be required to comply to your request of deletion if is necessary for us or for our service provider to maintain your Personal Information in order to: Complete the transaction for which the personal information was collected, provide a good or service requested by the Consumer, or reasonably anticipated within the context of a business’s ongoing business relationship with the Consumer, or otherwise perform a contract between the business and the Consumer. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity; or prosecute those responsible for that activity. Debug to identify and repair errors that impair existing intended functionality. Exercise free speech, ensure the right of another Consumer to exercise his or her right of free speech, or exercise another right provided for by law. Comply with the California Electronic Communications Privacy Act pursuant to Chapter 3.6 (commencing with Section 1546) of Title 12 of Part 2 of the Penal Code. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the businesses’ deletion of the information is likely to render impossible or seriously impair the achievement of such research, if the Consumer has provided informed consent. To enable solely internal uses that are reasonably aligned with the expectations of the Consumer based on the Consumer’s relationship with the business. Comply with a legal obligation.Otherwise use the Consumer’s personal information, internally, in a lawful manner that is compatible with the context in which the Consumer provided the information. Personal Information Sales Opt-Out Rights You shall, at any time, have the right to direct us to not to sell your Personal Information to any third parties. we do not sell Your Personal Information and will not sell it without your prior consent. However, You can enforce Your Opt-Out Right by clicking “DO NOT SELL MY INFORMATION” on the homepage of our Platform. Non-Discrimination we shall not discriminate against you for exercising your rights under CCPA. we shall not: Deny you goods or services. Charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties.Provide you a different level or quality of goods or services. Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services. However, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels. Any CCPA - permitted financial incentive we offer will reasonably relate to your personal information’s value and contain written terms that describe the program’s material aspects. Participation in a financial incentive program requires your prior opt in consent, which you may revoke at any time.
Exercising Access, Portability and Deletion Rights in order to exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by sending an email to privacy@kula.ai. A verifiable consumer request related to you can only be made by you or any of your legal representatives. The request for access or data portability can be only made twice within a 12-month period. You may only make a verifiable consumer request for access or data portability twice within a 12-month period. Through the verifiable request form you must provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorised representative and to properly understand, evaluate, and respond to it. Please note that we will not be able to your request or provide you with the Personal Information if we cannot verify your identity or authority to make the request and confirm the Personal Information relates to you. It is clarified that you need not create an Account with us to make a verifiable consumer request. we shall endeavour to deliver and disclose to you the required information within forty-five (45) days of receipt of verifiable consumer request. we shall reasonably notify you in case we need more time (up to 90 days) for disclosing information to you. If you have an Account with us, we shall deliver the information to your Account in a readable format which you can transmit to other entities without hindrance.
INDIA – RESIDENT SPECIFIC RIGHTS UNDER SPDI
In certain circumstances, you have the right to access the Personal Information that we hold about you and to correct, update, or request deletion of your Personal Information. Prior to the fulfilment of your request concerning your Personal Information, we will ask you to verify your identity before we can act upon your request. You have the following rights:The right to request proper rectification, removal, or restriction of your Personal Information;The right to require free of charge (1) confirmation of whether we process your Personal Information and (2) access to a copy of the Personal Information retained;The right to take legal actions in relation to any breach of your rights regarding the processing of the Personal Information, as well as to lodge complaints before the competent data protection regulators.The right not to be subject to any automatic individual decisions which produces legal effects on you or similarly significantly affects you;Where the processing of your Personal Information is based on your consent, the right to withdraw your consent at any time without impact to data processing activities that have taken place before such withdrawal or to any other existing legal justification of the processing activity in question;Where processing of your Personal Information is either based on your consent or necessary for the performance of a contract with you and processing is carried out by automated means, the right to receive the Personal Information concerning you in a structured, commonly used, and machine-readable format or to have your Personal Information transmitted directly to another company, where technically feasible (data portability);As far as we process your Personal Information on the basis of our legitimate interests, you can object to processing at any time. You can find a detailed description of our processing activities and the legal basis in the clauses above. If you object to such processing, we ask you to state the grounds of your objection in order for us to examine the processing of your Personal Information and decide whether to adjust the processing accordingly.
AUSTRALIA AND NEW ZEALAND – RESIDENT SPECIFIC RIGHTS UNDER AUSTRALIAN PRIVACY ACT AND NZ PRIVACY ACT
We broadly align Australian and New Zealand Privacy Principles, put forth by the respective governments. Australian and New Zealand Privacy Principles emphasise on appropriate treatment of Personal Information as per the below principles and practices.Right to access and correction of Personal InformationIf you wish to make: an access request for access to a copy of the Personal Information which we hold about you or information about the ways in which we use or disclose your Personal Information, ora correction request to correct or update any of your Personal Information which we hold about you, you may submit your request in writing or via email at the contact details provided in the “Contact us” clause below.You can also make an urgent request to access and/or correct your Personal Information. However, you are required to state the reason why such a request should be treated as urgent. Please note that a reasonable fee may be charged for an access or correction request. If so, we will inform you of the fee before processing your request.We will respond to your request within the timelines prescribed under the Applicable Laws, as the case may be, from the date of receiving your access or correction requestor as soon as reasonably possible. If we are unable to provide you with any Personal Information or to make a correction requested by you, we shall generally inform you of the reasons why we are unable to do so (except where we are not required to do so under the Australian Privacy Act and NZ Privacy Act).Please note that depending on the request that is being made, we will only need to provide you with access to your Personal Information contained in the documents requested, and not to the entire documents themselves. In those cases, it may be appropriate for us to simply provide you with confirmation of your Personal Information that we have on record, if the record of your Personal Information forms a negligible part of the document.Right to complaintYou shall also have a right to make a complaint to the Commissioner under the Australian Privacy Act and NZ Privacy Act, if you have issues with fee charged by us for an access or correction request or if your access or correction request has not been responded by us or If your access or correction request has been refused by us.Other rightsYou are also entitled to other rights and interest pertaining to your Personal Information under the Australian Privacy Act and NZ Privacy Act. Right to object direct marketing we will only use your Personal Information for direct marketing after obtaining your consent. You shall, at any time, have the right to direct us to not to use your Personal Information for direct marketing under Australian Privacy Act.
SPECIFIC RIGHTS AND PROVISIONS UNDER SINGAPORE – PERSONAL DATA PROTECTION ACT (PDPA) We generally do not collect your Personal Information unless:it is provided to us voluntarily by you directly or via a third party who has been duly authorised by you to disclose your Personal Information to us (your “Authorised Representative”) after:you or your Authorised Representative have been notified of the purposes for which the your Personal Information is collected, and you or your Authorised Representative have provided written consent to the collection and usage of your Personal Information for those purposes, or collection and use of your Personal Information without your consent is permitted or required by the PDPA. Further, if necessary, we shall also seek your consent before collecting any other additional Personal Information.
We may collect or use your Personal Information, or disclose existing Personal Information for secondary purposes that differ from the primary purpose which it had originally collected for pursuant to clauses 1, 2 and 3 above. If we intend to rely on deemed consent by notification for such secondary purposes, we will notify you of the proposed collection, use or disclosure of your Personal Information through appropriate mode(s) of communication.
Before relying on deemed consent by notification, we will assess and determine that the collection, use and disclosure of the your Personal Information will not likely have an adverse effect on you.You will be given a reasonable period to inform us if you wish to opt-out of the collection, use and disclosure of your Personal Information for such purposes.
After the lapse of the opt-out period, you may notify us that you no longer wish to consent to the purposes for which your consent was deemed by notification by withdrawing your consent for the collection, use or disclosure of your Personal Information in relation to those purposes.
If you wish to make: an access request for access to a copy of the Personal Information which we hold about you or information about the ways in which we use or disclose your Personal Information, ora correction request to correct or update any of your Personal Information which we hold about you, you may submit your request in writing or via email to our Data Protection Officer at the contact details provided below.Please note that a reasonable fee may be charged for an access request. If so, we will inform you of the fee before processing your request.We will respond to your request as soon as reasonably possible. Should we not be able to respond to your request within thirty (30) days after receiving your request, we will inform you in writing within thirty (30) days of the time by which we will be able to respond to your request. If we are unable to provide you with any Personal Information or to make a correction requested by you, we shall generally inform You of the reasons why we are unable to do so (except where we are not required to do so under the PDPA)Please note that depending on the request that is being made, we will only need to provide you with access to your Personal Information contained in the documents requested, and not to the entire documents themselves. In those cases, it may be appropriate for us to simply provide you with confirmation of your Personal Information that we have on record, if the record of your Personal Information forms a negligible part of the document.Please note that your right to access the Personal Information shall be subject to the provisions under PDPA.
TRANSFER AND INTERNATIONAL TRANSFER
We or our appointed service providers shall collect, use, process, store and disclose your Personal Information outside your home countries, to provide our Services. Such outside countries may have data protection and privacy laws that are different from the laws of your home countries. We only transfer Personal Information to another country in accordance with the Applicable Laws, provided there are legally adequate protections in place for the Personal Information.
Further, transfer of your Personal Information also include:
a) In the event that we undergo reorganisation, are sold to, or merged with a third party, or sell all or substantially all of our assets, any Personal Information we hold about you may be transferred to that re-organized entity or third party in compliance with applicable law;
b) In the unlikely event of our bankruptcy, insolvency, reorganisation, receivership, or assignment for the benefit of creditors, or the application of laws or equitable principles affecting creditors’ rights generally, we may not be able to control how your Personal Information is treated, transferred, or used.
In certain situations, we may be required to disclose your Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We strive to keep our processing activities with respect to your Personal Information as limited as possible.
For EU and UK’s Data Subjects: For your Personal Information transferred from the EU, or UK to us in other countries, and for onward transfers of your Personal Information to our appointed services providers, we and our appointed service providers will protect your Personal Information when it is transferred from the EU, or UK to other countries by: Processing your Personal Information in a territory which the EU and/or UK authorities (or other relevant governmental authority) has determined provides an adequate level of protection for Personal Information or Implementing appropriate safeguards to protect your Personal Information, including through the use of Standard Contractual Clauses(SCCs) or another lawful transfer mechanism approved by the EU and/or UK authorities (or other relevant governmental authority). For other international transfers of your Personal Information from the EU, and the UK, we shall implement such measures as are necessary to ensure that appropriate safeguards are provided to your transferred Personal Information, as agreed with you.
RETENTION OF PERSONAL DATA/ INFORMATION
We shall retain your Personal Information or other information (“Your Data”) for a period of 90 days from the date of deletion of your Account as per our Data Deletion Policy (wherein, the said policy shall be shared only upon the request placed by you to us) and/or for a period as long as we need it to fulfil the purpose for which we have collected it and/or if applicable, as long as required by statutory retention requirements and/or according to the timeframes set forth under the Applicable Laws. Thereafter, Your Personal Information shall be permanently removed (except when required by law to retain). We make no representation or warranty with respect to any duty to permanently store any information you may provide or that we otherwise collect about you except as required under the Applicable Laws. Please note that statutory storage obligations or the need for legal actions that may arise from misconduct within the Platform can lead to a longer retention of your Personal Information. By using the Platform and providing us with information (including Personal Information), you waive any claims that may arise under your own or any other local or national laws, rules or regulations or international treaties. we may from time-to-time transfer or merge your information collected off-line to our online databases or store off-line information in an electronic format.
PROTECTION OF PERSONAL DATA/ INFORMATION
We follow generally accepted standards to protect the Personal Information submitted to us, both during transmission and once we receive it. Since no method of transmission over the Internet, or method of electronic storage, is 100% secure, therefore, we cannot guarantee its absolute security. If you have any questions about security on our Platform, you can contact us at privacy@kula.ai. We use a combination of firewalls, encryption techniques and authentication procedures, among others, to maintain the security of your online session and to protect our online accounts and systems from unauthorised access.
When you register for the Services, we require a password from you for your privacy. We transmit information such as your login credentials for Platform or account credentials securely. Our servers are in secure facilities(through our processor, Amazon Web Services).
Our databases are protected from general employee access both physically and logically. we encrypt your Service password so that your password cannot be recovered, even by us. All backup drives also are encrypted.
We enforce physical access controls to our buildings. No employee can put Personal Information on any insecure machine (i.e., nothing can be taken from the database and put on an insecure laptop). We permit only authorised employees who are trained in the proper handling of customer information, to have access to aforesaid Personal Information.
PRIVACY OF CHILDREN
Kula recognizes the importance of children's safety and privacy and is sensitive to these issues. Kula does not request, or knowingly collect, any Personal Data from children under the age of 18. If a parent or guardian becomes aware that his or her child has provided us with Personal Data, they should write to us at the email privacy@kula.ai.
LINK TO THIRD PARTY WEBSITES
The Platform may include links to other websites, mobile applications, or services (“Third Party Sites”), whose privacy practices may differ from those set forth herein. Such links are not an endorsement by us of those third-party Sites and/or the products or services they offer. If you visit Third Party Sites or submit Information to any of those Third-Party Sites, your visit and Information is governed by their privacy policy. We encourage you to carefully read the privacy policy of any Third-Party Site you visit, as it may differ substantially from that of this Policy. we make no representations or warranties with respect to, nor are we responsible for the privacy policies of, any Third-Party Sites. If you decide to click on any such links or access any Third- Party Sites appearing on the Platform, you do so at your own risk.
INTIMATION BY YOU REGARDING CHANGE IN PERSONAL INFORMATION
We generally rely on Personal Information provided by you. In order to ensure that your Personal Information shall be current, complete and accurate.If your Personal Information provided to us when you had registered Yourself in our Platform changes, you must update it as soon as possible. To review and update your Personal Information through the “Edit” option in our Platform.
Note. If you wish to cancel your account or request that we no longer use your information to provide you Services, you can request us to delete the Account. However, we shall retain your information subject to clause 11 of this Policy. For Singapore’s residents:If there are changes to your Personal Information, please update us by informing our Data Protection Officer in writing or via email at the contact details provided below. Further, you also have an option to review and update your Personal Information through the “Edit” option in our Platform.
EMAIL NOTIFICATIONS AND OPT – OUT
We maintain a strict “no-spam” policy. Unless you requested otherwise in your account settings at the time of your initial registration or specifically opt out as provided herein, by accepting the Terms of use and this Policy, you expressly agree that we may use your information to contact you by email in order to deliver you information that is relevant to your use of the Platform such as administrative notices, product/service enhancements or “newsletters”, or that, in some cases, is targeted to your interests, such as information about Service/functionalities offerings that we believe you may be interested in learning more about. In the event of an intellectual property claim, we may transfer your contact details with the claimant for contacting you to resolve the infringement claim directly with you. You may choose to stop receiving these email communications from us by following the “unsubscribe” instructions included in such communications. If a third-party vendor provides such newsletters, you may unsubscribe in accordance with the instructions provided by such a third party. If you are having problems unsubscribing, please contact us at privacy@kula.ai (and you will be removed within seven (7) business days. Please note that we will not process any unsubscribe requests submitted as direct replies to any newsletter.
CONFIDENTIALITY OF YOUR LOGIN ID AND PASSWORD
You are responsible for maintaining the security of your login ID and Password and must not provide these credentials to any third party. If you believe that they have been stolen or been made known to others, you must contact us immediately at security@kula.ai. We are not responsible if someone else accesses your account through the login credential they have obtained from you or through a violation by you of this Policy or our Terms of use. If you have any security related concerns, please contact us at security@kula.ai. We will work closely with you to ensure a rapid and personal response to your concerns.
PRIVACY OFFICER/ DATA PROTECTION OFFICER
In case of any complaints, or concerns with regards to the use, processing and disclosure of Personal Information provided by you; any enquiries or feedback on our personal data protection policies and procedures; and/or any breach of this Policy or any applicable law should immediately be informed to the designated Privacy Officer / Data Protection Officer, as the case may be mentioned below:
Name - Achuthanand Tanjore Ravi
Email - privacy@kula.ai
CHANGES TO POLICY
We may update this Policy from time to time. When we update the Policy, we will notify you by updating the “Last Updated” date at the top of this Policy and posting the new Policy and providing any other notice required by applicable law.
CONTACT US
In the event that you wish to make a complaint or request concerning your Personal Information or our privacy practices, or have questions, concerns, or comments about this Policy, please contact us in the first instance at privacy@kula.ai and we will endeavour to deal with your request as soon as possible. This is without prejudice to your right to launch a claim with your data protection authority or follow the dispute process set forth in the Terms of use.
Effective date: August 11, 2022
KULA TECHNOLOGIES INC., HAVING ITS REGISTERED OFFICE AT 3500 SOUTHDUPONT HIGHWAY, CITY OF DOVER, DELAWARE, USA- 19901 AND HAVING ITS PLACE OF BUSINESS AT 340S, LEMON AVE #6070, WALNUT, CA 91789, USA AND ALSO AT #32-01, 80 RAFFELS PLACE, UOB PLAZA TOWER 1, SINGAPORE – 048 624 (HEREINAFTER REFERRED TO AS “KULA”, “WE”, “US” OR “OUR”), ON BEHALF OF ITSELF AND ITS AFFILIATES/GROUP COMPANIES UNDER THE BRAND ‘KULA’, OWNS AND OPERATES THE WEBSITE ‘WWW.KULA.AI’ AND THE APPLICATION ‘KULA’ (TOGETHER REFERRED TO AS “PLATFORM”).
THIS DOCUMENT IS A LEGALLY BINDING DOCUMENT AMONG REGISTERED OR UNREGISTERED USER OF THE PLATFORM (HEREINAFTER REFERRED TO AS “YOU”/ “YOUR”/ “YOURSELF”) AND US IN RELATION TO THE USE OF THE PLATFORM AND SET FORTH THE TERMS AND CONDITIONS BY WHICH YOU MAY ACCESS AND USE THE PLATFORM AND OUR RELATED SERVICES (DEFINED BELOW).
1. Definition
1. Account means any accounts created/registered by You or on Your behalf for access and use of the Services.
2. API means the application programming interfaces developed, enabled by, or licensed to Kula that permits certain functionalities provided by the Services.
3. Customer Data means all electronic data, text, messages, personal data or other materials, including without limitation Personal Data of Users and End Users, submitted to the Services by You through Your Account in connection with Your use of the Services.
4. Confidential Information means all information disclosed by one Party to the other Party which is in orally, in writing, and/or transmitted electronically whether or not labelled “confidential”(or with a similar legend) and which a reasonable person would understand to be confidential given the nature of the information and circumstances of disclosure. Notwithstanding the foregoing, Confidential Information shall not include any information which (a) was publicly known and made generally available in the public domain prior to the time of disclosure by the disclosing party; (b) becomes publicly known and made generally available after disclosure by the disclosing party to the receiving party through no action or inaction of the receiving party; (c) is already in the possession of the receiving party at the time of disclosure by the disclosing party as shown by the receiving party’s files and records prior to the time of disclosure; (d) is obtained by the receiving party from a third-party without a breach of such third-party’s obligations of confidentiality; (e) is independently developed by the receiving party without use of or reference to the disclosing party’s Confidential Information, as shown by documents and other competent evidence in the receiving party’s possession; or (f) is required by law to be disclosed by the receiving party, provided that the receiving party shall, to the extent legally permitted, give the disclosing party written notice of such requirement prior to disclosing so that the disclosing party may seek a protective order or other appropriate relief.
5. Documentation means any written or electronic documentation, images, video, text or sounds specifying the functionalities of the Services provided or made available by Kula to You or Your Users through the Services or otherwise.
6. DPA means the Data Processing Agreement.
7. End User: means any person or entity other than You or Your Users with whom You interact using the Service(s).
8. Order Form means any service order form specifying the Services provided, which shall be executed between You and Us, particular features and functionalities in the Services that You wish to avail.
9. Personal Data means any information relating to an identified or identifiable natural person that is submitted by You to the Services as part of Customer Data.
10. Platform shall mean cloud-based proprietary collaborative HR onboarding platform of Kula operated through the website ‘www.kula.ai’ and the application ‘Kula’ owned by Kula.
11. Process means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.
12. Sensitive Personal Information means information that relates to an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person's sex life or sexual orientation. It also includes information about an individual's criminal offences or convictions, as well as any other information deemed sensitive under applicable data protection laws.
13. Services means the recruitment platform and any new services that Kula may introduce from time to time as a Service to which You may subscribe to, and any updates, modifications, or improvements thereto, including individually and collectively, the API, Software and any Documentation.
14. Software means any software provided by Us (either by download or access through the internet) that allows You to use any functionality in connection with the Service(s).
15. Subscription Fee means all charges associated with Your Account and use of the Services.
16. Subscription Plan means the pricing plan and any limitations for the Services that the You have subscribed to.
17. Subscription Term means the period during which You have agreed to subscribe to the Services as specified in the relevant Order Form or as mentioned in a relevant Subscription Plan.
18. Taxes mean and include any taxes, levies, duties, or similar governmental assessments, including value-added, sales, use or withholding taxes assessable by any local, state, provincial or foreign jurisdiction.
19. Third Party Services shall mean third-party application(s) or service(s) integrating with the Services through APIs or otherwise enabled through the Services.
20. User means a designated user within the Services, including an Account administrator, employee, shareholder, auditor, lawyer, founder, and other designated users.
2. Acceptence of terms
THE TERMS OF THIS DOCUMENT WILL BE EFFECTIVE UPON YOUR ACCEPTANCE OF THE SAME (DIRECTLY OR INDIRECTLY IN ELECTRONIC FORM, BY CLICKING ON THE "I AGREE" TAB OR BY USE OF THE PLATFORM AND/OR BY CREATING AN ACCOUNT ON THE PLATFORM AND WILL GOVERN THE RELATIONSHIP BETWEEN YOU AND US FOR YOUR USE OF THE PLATFORM AND THE SERVICES RENDERED THEREIN. THIS DOCUMENT IS AN ELECTRONIC RECORD IN TERMS OF THE RELEVANT APPLICABLE LAWS. THIS ELECTRONIC RECORD IS GENERATED BY A COMPUTER SYSTEM AND DOES NOT REQUIRE ANY PHYSICAL OR DIGITAL SIGNATURES.
THIS DOCUMENT IS PUBLISHED IN ACCORDANCE WITH THE RELEVANT APPLICABLE LAWS THAT REQUIRE PUBLISHING INTER ALIA THE TERMS OF USE, AND PRIVACY POLICY FOR ACCESS OR USAGE OF THE PLATFORM AND THE SERVICES RENDERED THEREUNDER. PLEASE READ THIS DOCUMENT CAREFULLY. BY USING THE PLATFORM, YOU INDICATE THAT YOU UNDERSTAND, AGREE AND CONSENT TO THIS DOCUMENT. IF YOU DO NOT AGREE WITH THE TERMS OF THIS DOCUMENT, PLEASE DO NOT USE THIS PLATFORM. YOU HEREBY PROVIDE YOUR UNCONDITIONAL CONSENT OR AGREEMENTS TO ME AS PROVIDED UNDER THE RELEVANT APPLICABLE LAWS TO ACCESS AND USE YOUR PERSONAL INFORMATION THAT YOU HAVE VOLUNTARILY PROVIDED TO ME IN CONNECTION WITH THE USE OF THE PLATFORM AND THE SERVICES.
By providing Us Your information or by making use of the Platform and the Services provided therein, You hereby consent to the collection, storage, processing, and transfer of any or all Personal Information (Defined in Our Privacy Policy) and Non-Personal Information by Us as specified under this Terms of Use and further agree that such collection, use, storage, and transfer of information shall not cause any loss or wrongful gain to You or any other person. This Terms of Use as well as the Services provided by Us are intended for organisations, entities, companies and, in general, for legal persons only. Any individuals qualifiable as consumers i.e., any natural person acting outside the scope of an economic activity and for purposes different from trade, business, craft, or profession is excluded.
You must be at least eighteen (18) years or older to access and use this Platform. A minor (i.e., below the age of 18 years) shall not be entitled to avail the Services of this Platform. Your entity or organization on behalf of which You are accessing the Platform and availing the Services should have been incorporated as per the applicable laws. If You are using the Services as an employee, agent, or contractor of a corporation, partnership, or similar entity, then You represent and warrant that You have the authority to sign for and bind such entity in order to accept this Terms of Use.
Your access to the Platform and use of Our Services is also subject to Our Privacy Policy, the terms in the privacy policy can be found directly on the Platform and are incorporated herein by reference. You agree that all agreements, notices, disclosures, and other communications We provide to You electronically satisfy any legal requirement that such communications be in writing.
Before You use or subscribe to, and/or begin participating in or using the Platform, it is represented and warranted that You as the User of the Platform has or have fully read, understood, and accept the Terms of Use as updated from time to time without any notice to You. You are advised to review this Terms of Use periodically for any updates. We shall take reasonable efforts to notify You regarding the amendments to the Terms of Use through a notice on the Platform. Your continued access to the Platform and/or use of the Services from the date of updated Terms of Use shall be deemed to Your acceptance of the updated Terms of Use. If You do not agree to or wish to be bound by the updated Terms of Use, You may not access to or otherwise access the Platform or use the Services. We may, from to time, release new versions of the Platform, or release/introduce new and additional scope of Services which will be subject to these Terms of Use, and any additional terms of Service as may apply to such additional new versions or Services.
If You wish to subscribe to Our Subscription Plan and avail the Services available on the Platform, in addition to this Terms of Use, You shall also agree and execute the Order Form which shall be provided to You by Us upon request.
3. Third Party Services
You acknowledge and agree that the Service operates on or with or using APIs) and/or Third- Party Services. Such Third-Party Services will be subject to the terms and conditions and privacy policies of such third-parties. We are not responsible/liable for Your enablement, access or use or operation of any Third-Party Services, nor the availability or operation of the Services (including for processing of Customer Data by such third-party) to the extent such availability and operation is dependent upon Third Party Services. You are solely responsible for procuring any and all rights necessary to access Third Party Services and for complying with any applicable terms or conditions or the privacy policies thereof. We do not make any representations or warranties with respect to Third Party Services. Any exchange of data or other interaction between you and Third-Party Services is solely between You and such third party and is governed by such third party’s terms and conditions. You should contact that Third-Party Service provider for any issues arising in connection with use of such Third-Party Services.
4. Your Obligations
1. Your Account: Your access and use of the Service(s) is restricted to the specified number of individual Users mentioned in the relevant Order Form executed between Yourself and Kula. Each User shall be identified using unique login information such as usernames and passwords (“User Login”) and such User Login shall be used only by one individual.
2. Acceptable Use: You agree not to (a) license, sublicense, sell, resell, rent, lease, transfer, assign, distribute, time share or otherwise commercially exploit or make the Services available to any third-party, other than Users in furtherance of your internal business purposes as expressly permitted by these Terms; (b) modify, adapt, translate, reverse engineer, disassemble, decompile or create any derivative works of the Services or any content included therein or hack the Services or otherwise attempt to gain or gain unauthorized access to the Services or related systems or networks, including any files, tables or documentation (or any portion thereof) or determine or attempt to determine any source code, algorithms, methods or techniques embodied by the Services or any derivative works thereof; (c) violate any law or regulation, including, without limitation, any applicable export control laws, privacy laws or any other purpose not reasonably intended by Kula; (d) use the Services to store or process any content that infringes upon any person’s intellectual property rights or is unlawful, racist, hateful, abusive, libelous, obscene, or discriminatory; or (e) “crawl,” “scrape,” or “spider” any page, data, or portion of or relating to the Services (through use of manual or automated means); Further, You agree to not use the Platform to: (a) disrupt the normal flow of dialogue, cause a screen to "scroll" faster than other Users of the Service are able to type, or otherwise act in a manner that negatively affects other Users' ability to engage in real time exchanges or to utilize the service on an as is basis as provided by Us;(b) interfere with or disrupt the Platform or servers or networks connected to the Platform, or disobey any requirements, procedures, policies, or regulations of networks connected to the Platform; (c)commit any fraudulent or unlawful act, whether in relation to any third-party provider of products and services on the Service or otherwise (d) use the Platform/Services, without our express written consent, for any commercial or unauthorized purpose, including communicating or facilitating any commercial advertisement or solicitation or spamming (e) incorporate the Services or any portion thereof into any other program or product. In such case, We shall have the right to terminate the Service and Your Accounts or limit access to the Services, as the case may be, in our sole discretion (f)impersonate, or falsely state or otherwise misrepresent Your affiliation with any person; (g)use or attempt to another User’s/ Account, service, or system, or create a false identity on the Services (h) use the Services to (i) sell any advertising, sponsorships, or promotions placed on, around, or within the Service or content, other than those allowed by Us; or (ii) sell advertising, sponsorships, or promotions on any page of any website or application that only contains content from the Services or where content from the Service is the primary basis for such sales.
3. You represent and warrant to Kula that You own or have the necessary rights to transmit the Customer Data to Kula and that doing so does not violate any applicable law, proprietary or privacy rights. You further agree that you shall comply with the applicable data protection laws while processing the Customer Data through the Platform.
5. Termination to Platform Access & Deletion of Account
We reserve the right to disable/suspend Your Account at any time a) if You have failed to comply with any of the provisions of these Terms of Use and Our Privacy Policy, other policies and such other documents executed; b) if You have failed to pay the Subscription Fee duly; c) if activities occur on Your Account which, in Our sole discretion, would or might cause damage to Us and/or the Platform; d) impair the Services or infringe or violate any third-party rights, or violate any applicable laws or regulations; e) if You have engaged in conduct that We determine to be inappropriate or unacceptable in Our sole discretion; f) or for any other reason whatsoever.
We may also disable Your Account or suspend or terminate Your access to the Platform if You file any claim against Us or file any claim that involves the Platform. We also reserve the right, in Our sole discretion, to seek and obtain any other remedies available to Us pursuant to any applicable laws and regulations or at equity as a result of Your breach of this Terms of Use or any other act or omission by You that gives rise to a claim by Us, and Our disabling of Your Account or suspension or termination of Your use of, or access to, the Platform shall be without prejudice to, and shall not be deemed a waiver of, the foregoing.
If We terminate, limit, or suspend Your right to use the Platform, You are prohibited, without Our prior written consent, from registering and creating a new Account under Your name, a fake or borrowed name, or the name of any third party, even if You may be acting on behalf of the third party. In the event Your right to use the Platform terminated, limited, or suspended, this Terms of Use will remain in effect and enforceable against You.
In addition to suspension for late payment or non-payment of Subscription Fee, Kula may in its discretion, suspend or terminate Your access to and use of the Your Account or the Services if You are in violation of the terms of these Terms of Use. Kula will notify You of activities that violate these Terms of Use and provide You with a period of thirty (30) days to cure or cease such activities (“Cure Period”). If You do not cure or cease such activities within the said Cure Period or if Kula believes that Your breach of these Terms of Use cannot be cured, Your Account shall be terminated immediately. Further, Kula also reserves the right to terminate Your Account at any time by written notice due to business reasons which shall include discontinuation of the Services.
You may terminate your Account and subscription to the Services at any time but will remain liable for all Subscription Fee for the Subscription Term. However, the Personal Information, Non-Personal Information, and the Customer Data (“Your Data”) given by You to Us during the time of registration of the Account or such other time while availing Our Services shall be retained by Us for a period of 90 days from the date of deletion of Your Account and will be permanently removed thereafter (except when required by law to retain). For further clarification in relation to Your Data deletion process, You can access Our Data Deletion Policy, which shall be provided only upon the request placed by You to Us.
Notwithstanding anything contained herein, either Kula and You may terminate these Terms of Use with notice if the other party becomes insolvent, makes or has made an assignment for the benefit of creditors, is the subject of proceedings in voluntary or involuntary bankruptcy instituted on behalf of or against such party (except for involuntary bankruptcies) which are dismissed within sixty (60) days, or has a receiver or trustee appointed for substantially all of its property.
Notwithstanding anything contained in this Terms of Use, all clauses of this Terms of Use which by their nature should survive the expiration or termination shall continue in full force and effect subsequent to, and notwithstanding the expiration or termination of this Terms of Use.
6. Subscription Plan
In case You are interested in availing the Services rendered by Us through the Platform, You can choose an appropriate Subscription Plan as set forth on the Platform’s pricing page in order to use the Platform and avail the Services contained therein. Further, You agree to pay the applicable Subscription Fee in advance on monthly basis, unless otherwise agreed in the Order Form. All such payment terms shall be stipulated under the Order form.
You shall also acknowledge that the Subscription Plan which You choose may be updated from time to time and, it shall be Our responsibility to notify You such changes in Subscription Plan. The payment obligations under this Terms of Use, the Order Form are non-cancelable, regardless of utilization of the Platform/Services by You and except as expressly permitted in this Terms of Use, the Subscription Fee paid are non-refundable. However, You can cancel Your chosen Subscription Plan in between the Subscription Term, and however, it is to be noted that even if You cancel the Subscription Plan, Your account shall be active till the expiry of the Subscription Term.
Renewal. Your subscription to the Services will renew automatically unless the Account is terminated, or You give a written notice of non-renewal at least thirty (30) days prior to the expiration of the relevant Subscription Term.
Late Payments/Non-payment of Subscription Fee: Kula will notify You if Kula does not receive payment towards the Subscription Fee within the due date for Your Account. All the terms pertaining to the late payments/non-payments of Subscription Fee shall be agreed between Yourself and Kula under the relevant Order Form, as the case may be.
Taxes. The Subscription Fee do not include Taxes. You agree to pay applicable direct or indirect Taxes associated with the purchase of Subscription Plan hereunder, which, to the extent We are legally required to collect the same, will be itemized on the invoice.
Upgrades and Downgrades. You may upgrade or downgrade between the Subscription Plan. You understand that downgrading may cause loss of features or capacity of the Services as available to You before downgrading Your Subscription Plan. We will not be liable for such loss. When You upgrade or downgrade, the new Subscription Fee become immediately applicable. Upon upgrade, the new Subscription Fee for the subsisting month/year would be charged on a pro-rated basis and shall be payable in accordance with this Terms of Use. Subsequent months/years will be charged in full according to the new Subscription Fee and any credits will be adjusted appropriately.
7. Personal Data Protection and Data Privacy
Our obligation for the use of Personal Data will be restricted within the scope of the purpose of collecting and processing such Personal Data, subject to Our Privacy Policies.
Subject to this Terms of Use, to the extent that We receive the Customer Data as a result of rendering Services, We agree that We will (a) not disclose or use any of the Customer Data except to the extent necessary to carry out Our obligations hereinunder and for no other purpose, (b) not disclose the Customer Data to any third party, including Our third party service providers without the Your prior written consent and subject to the further requirements of this clause, (c) employ administrative, technical and physical safeguards to prevent unauthorized use or disclosure of the Customer Data, (d) promptly provide such information regarding its privacy and information security systems, policies and procedures as You may request relating to its due diligence and oversight obligations under applicable laws and regulations, (e) in the event of any accidental or unlawful destruction, loss, alteration, actual or apparent theft, unauthorized use or disclosure or access of any of the Customer Data processed by us immediately commence all reasonable efforts to investigate and correct the causes and remediate the results thereof, and (f) as soon as practicable following discovery of any event described in sub-clause (e) hereof, provide You a notice thereof, and such further information and assistance as may be reasonably requested. We shall reasonably assist You, at Your expense, in meeting Your obligations under applicable data protection laws.
Our treatment of the Customer Data is also governed by the Data Processing Agreement (DPA) in case any Personal Data that originates from the territories of European Economic Area (EEA), United Kingdom and/or Switzerland, the copy of the same shall be made available only upon the request placed by You. Kula may perform analytics on Customer Data to improve, enhance, support, and operate the Services and compile statistical reports and record insights. You shall not disclose (and shall not permit any individual to disclose) any Sensitive Personal Information to Us for Processing.
8. Intellectual Property Rights And Platform License
The copyright, database right , patents, inventions, trademarks (including Kula Marks), domain names, trade secrets or know-how and other intellectual property rights in the Platform, products and Services including without limitation all content included on the Platform including but not limited to , texts, graphics, logos, button icons, images, audios, clips, digital downloads, software, data compilations and technology used or appearing or transmitted through it except the Customer Data (“Intellectual Property”), belongs to Us or Our affiliates or licensors and are protected by the laws of California and/or the applicable foreign countries. We and Our licensors reserve all rights not expressly granted in these Terms of Use. The Software used on the Platform and the Documentations are Our Intellectual Property and is protected by the applicable international copyright laws and shall remain exclusively with Kula.
Subject to this Terms of Use and solely within the limits permitted by the Us herein, We grant You a limited, non-exclusive, revocable, royalty-free, non-transferable, non-assignable, non-sublicensable, right and license to access and make personal use of the Platform, the Services provided in the Platform. This license does not include any redistribution of resale or commercial use of the Platform. You shall not re-utilise the Services of Our Platform or systematically extract any part of the content, use any robots, data mining or extraction tools for reutilization of Our Platform. Further, You shall not create publish anything that features parts of Our Platform (for example Our Services and its prices) without our prior written permission. You own the rights to the Customer Data that You provide to Kula. Kula does not claim ownership over such Customer Data. Kula shall have a right and license to incorporate into the Services or otherwise use any suggestions, enhancement requests, recommendations, or other feedback it receives from You. Kula reserves its rights to re-use any and all techniques and know-how gathered by Kula while providing the Services to You. All rights not expressly provided to You herein are reserved.
9. Confidentiality
Each Party acknowledges and agrees that in the performance of this Terms of Use it may have access to or may be exposed to, directly or indirectly, Confidential Information of the other Party. Each Party acknowledges and agrees that: (a) all Confidential Information shall remain the exclusive property of the Disclosing Party; (b) it shall not use Confidential Information of the other Party for any purpose except in furtherance of the Agreement; (c) it shall not disclose Confidential Information of the other Party to any third party, except to its employees, officers, contractors, agents and service providers on a need to know basis in connection with the Agreement, provided such permitted persons are bound in writing to obligations of confidentiality and non-use of Confidential Information no less protective than the terms hereof; and (d) it shall return or destroy all Confidential Information of the Disclosing Party upon the termination of the Agreement or at the request of the Disclosing Party (subject to applicable law and, with respect to Us and Our internal record-keeping requirements). The provisions of this Clause shall supersede any non-disclosure agreement by and between Yourself and Kula entered prior to these Terms of Use that would purport to address the confidentiality of any Confidential Information and such agreement shall have no further force or effect with respect to the Confidential Information.
10. Disclaimer of Warranties
YOUR USE OF THE PLATFORM AND OUR SERVICES IS ENTIRELY AT YOUR OWN RISK. TO THE EXTENT NOT OTHERWISE SET IN THIS TERMS OF USE AND TO THE FULLEST EXTENT PERMITTED UNDER LAW, THE PLATFORM IS PROVIDED ON AN “AS IS” BASIS WITHOUT WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, WARRANTIES OF (A) MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT. WE MAKE NO WARRANTIES OR REPRESENTATIONS ABOUT THE ACCURACY, CURRENTESS, COMPLETENESS OR RELIABILITY OF ANY SERVICES PROVIDED THROUGH THE PLATFORM OR THIRD PARTY SERVICES LINKED TO THE PLATFORM AND ASSUME NO LIABILITY OR RESPONSIBILITY FOR ANY ERRORS, MISTAKES, OR INACCURACIES OF SERVICE, (B) PERSONAL INJURY OR PROPERTY DAMAGE, OF ANY NATURE WHATSOEVER, RESULTING FROM YOUR ACCESS TO AND USE OF THE PLATFORM, (C) ANY UNAUTHORIZED ACCESS TO OR USE OF OUR SECURE SERVERS AND/OR ANY AND ALL PERSONAL INFORMATION STORED THEREIN (D) YOUR USE OF THE SERVICES WILL MEET YOUR REQUIREMENTS (E) ANY INFORMATION OBTAINED BY YOU AS A RESULT OF YOUR USE OF THE SERVICES WILL BE ACCURATE OR RELIABLE AND DEFECTS IN THE OPERATION OR FUNCTIONALITY OF ANY SOFTWARE PROVIDED TO YOU AS PART OF THE SERVICES WILL BE CORRECTED. WE DO NOT WARRANT, ENDORSE, GUARANTEE OR ASSUME RESPONSIBILITY FOR ANY SERVICE ADVERTISED OR OFFERED BY A THIRD PARTY THROUGH THE PLATFORM OR ANY HYPERLINKED WEBSITE OR FEATURED IN ANY BANNER OR OTHER ADVERTISING AND WE WILL NOT BE A PARTY TO OR IN ANY WAY BE RESPONSIBLE FOR MONITORING ANY TRANSACTION BETWEEN YOU AND THIRD-PARTY PROVIDERS OF PRODUCTS OR SERVICES, OTHER THAN AS PROVIDED HEREIN. AS WITH THE PURCHASE OF A PRODUCT OR SERVICE THROUGH ANY MEDIUM OR IN ANY ENVIRONMENT, YOU SHOULD USE YOUR BEST JUDGMENT AND EXERCISE CAUTION WHERE APPROPRIATE.
WITHOUT LIMITING THE FOREGOING, NEITHER US NOR OUR AFFILIATES OR LICENSORS WARRANT THAT ACCESS TO THE PLATFORM WILL BE UNINTERRUPTED OR THAT THE PLATFORM WILL BE ERROR-FREE, OR THAT DEFECTS WILL BE CORRECTED OR THAT IT WILL ALWAYS BE ACCESSIBLE; NOR WE MAKE ANY WARRANTY AS TO THE RESULTS THAT MAY BE OBTAINED FROM THE USE OF THE PLATFORM, OR AS TO THE TIMELINESS, ACCURACY, RELIABILITY, COMPLETENESS OR, INFORMATION OR MATERIALS OR SERVICES PROVIDED THROUGH OR IN CONNECTION WITH THE USE OF THE PLATFORM. NEITHER US NOR OUR AFFILIATES OR LICENSORS IS RESPONSIBLE FOR THE CONDUCT, WHETHER ONLINE OR OFFLINE, OF ANY USER. WE, OUR AFFILIATES AND LICENSORS DO NOT WARRANT THAT THE PLATFORM IS FREE FROM VIRUSES, WORMS, TROJAN HORSES, OR OTHER HARMFUL COMPONENTSAND DO NOT GUARANTEE THAT ANY PERSONAL INFORMATION SUPPLIED BY YOU WILL NOT BE MISAPPROPRIATED, INTERCEPTED, DELETED, DESTROYED OR USED BY OTHERS.WE MAY CHANGE, SUSPEND, WITHDRAW OR RESTRICT THE AVAILABILITY OF ALL OR ANY PART OF OUR PLATFORM FOR BUSINESS AND OPERATIONAL REASONS AT ANY TIME WITHOUT NOTICE.
11. Limitation of Liability
UNDER NO CIRCUMSTANCES WILL WE, OUR AFFILIATES, LICENSORS, OR ANY OF SUCH PARTIES’ AGENTS, EMPLOYEES, OFFICERS, DIRECTORS, CORPORATE PARTNERS, OR PARTICIPANTS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, SPECIAL OR EXEMPLARY DAMAGES ARISING IN CONNECTION WITH YOUR USE OF OR INABILITY TO USE THE PLATFORM, EVEN IF ADVISED OF THE POSSIBILITY OF THE SAME INCLUSING BUT NOT LIMITED TO ANY LOSS OF PROFIT (WHETHER INCURRED DIRECTLY OR INDIRECTLY), ANY LOSS OF GOODWILL(C), ANY LOSS OF OPPORTUNITY, LOSS OF PROFIT, LOSS OF BUSINESS, LOSS OF GOODWILL OR BUSINESS REPUTATION, INTERRUPTION, OR ANY LOSS OF DATA SUFFERED BY YOU.
TO THE FULLEST EXTENT PERMITTED BY LAW, ANY DISPUTE YOU HAVE WITH ANY THIRD PARTY ARISING OUT OF YOUR USE OF THE SERVICES, INCLUDING, BY WAY OF EXAMPLE AND NOT LIMITATION, ANY CARRIER, COPYRIGHT OWNER OR OTHER USER, IS DIRECTLY BETWEEN YOU AND SUCH THIRD PARTY, AND YOU IRREVOCABLY RELEASE US AND OUR AFFILIATES FROM ANY AND ALL CLAIMS, DEMANDS AND DAMAGES (ACTUAL AND CONSEQUENTIAL) OF EVERY KIND AND NATURE, KNOWN AND UNKNOWN, ARISING OUT OF OR IN ANY WAY CONNECTED WITH SUCH DISPUTES.
WITHOUT LIMITING THE FOREGOING, NEITHER US NOR OUR AFFILIATES OR LICENSORS WARRANT THAT ACCESS TO THE PLATFORM WILL BE UNINTERRUPTED OR THAT THE PLATFORM WILL BE ERROR-FREE, OR THAT DEFECTS WILL BE CORRECTED OR THAT IT WILL ALWAYS BE ACCESSIBLE; NOR WE MAKE ANY WARRANTY AS TO THE RESULTS THAT MAY BE OBTAINED FROM THE USE OF THE PLATFORM, OR AS TO THE TIMELINESS, ACCURACY, RELIABILITY, COMPLETENESS OR, INFORMATION OR MATERIALS OR SERVICES PROVIDED THROUGH OR IN CONNECTION WITH THE USE OF THE PLATFORM. NEITHER US NOR OUR AFFILIATES OR LICENSORS IS RESPONSIBLE FOR THE CONDUCT, WHETHER ONLINE OR OFFLINE, OF ANY USER. WE, OUR AFFILIATES AND LICENSORS DO NOT WARRANT THAT THE PLATFORM IS FREE FROM VIRUSES, WORMS, TROJAN HORSES, OR OTHER HARMFUL COMPONENTSAND DO NOT GUARANTEE THAT ANY PERSONAL INFORMATION SUPPLIED BY YOU WILL NOT BE MISAPPROPRIATED, INTERCEPTED, DELETED, DESTROYED OR USED BY OTHERS.WE MAY CHANGE, SUSPEND, WITHDRAW OR RESTRICT THE AVAILABILITY OF ALL OR ANY PART OF OUR PLATFORM FOR BUSINESS AND OPERATIONAL REASONS AT ANY TIME WITHOUT NOTICE.
12. Indemnity
You hereby indemnify, defend, and hold Us, Our affiliates, licensors, distributors, agents, representatives and other authorized representatives, harmless from and against any and all losses, damages, liabilities and costs arising from or in connection with a) use of the Platform; b) the Your breach of any terms, obligations, representations and warranties under this Terms of Use; c) any claim that the provision or use of the Services infringes any third party rights; and d) breach of applicable laws. Nothing in these Terms of Use shall exclude or limit Our liability for any liability which cannot be excluded or limited under applicable laws in force and any such claim arising out of the gross negligence or wilful misconduct of Kula. Your statutory rights as a User are not affected by this Terms of Use.
13. Limitation on time to file claims
Any cause of action or claim You may have arising out of or relating to these Terms of Use or the Platform or Services must be commenced within one (1) year after the cause of action accrues, otherwise, such cause of action or claim is permanently barred.
14. Frequent asked questions ("FAQ")
We also provide You Frequently Asked Question (FAQ) on the Platform where We shall address certain common questions that You as a User shall have while accessing the Platform and using Our Services.
15. Publicity Rights: You hereby grant Kula the right to identify Yourself as Kula’s customer on Kula’s websites and/or marketing collateral and to include Your use of the Services in case studies.
16. Force Majeure
We shall be relieved of all Our responsibilities, if any, in the event of failure of performance resulting directly or indirectly from an act of force majeure or causes beyond our reasonable control including, without limitation, acts of god, war, equipment and technical failures, electrical power failures or fluctuations, strikes, labour disputes, riots, civil disturbances, shortages of labour or materials, epidemics, pandemics, lockdown(state-wise or nation-wide), natural disasters, orders of domestic or foreign courts or tribunals, non-performance of third parties, or any reasons beyond Our reasonable control. You further acknowledge and agree that We are not responsible or liable for (a) any incompatibility between the Platform and any other website, service, software, or hardware or (b) any delays or failures You may experience with any transmissions or transactions relating to the Platform in an accurate or timely manner.
17. General
All notices to be provided by Kula to You under these Terms of Use may be delivered in writing (i) by nationally recognized overnight delivery service (“Courier”) or to the contact mailing address provided by You on any Order Form while subscribing to the Services; or (ii) electronic mail to the e-mail address provided for Your Account. Kula’s address for a notice to Kula in writing by Courier is 340S, LEMON AVE #6070, WALNUT, CA 91789, USA with a CC to hello@kula.ai__ for electronic mail. All notices shall be deemed to have been given immediately upon delivery by electronic mail, or if otherwise delivered upon receipt or, if earlier, two (2) business days after being deposited in the mail or with a Courier as permitted above. Any waiver of Our rights or remedy under these Terms of Use shall only be effective if it is in writing, executed by Our duly authorized representative, and shall be applicable only to the circumstances for which it is given. Our failure to exercise or enforce any right or remedy under these Terms of Use shall not operate as a waiver of such right or remedy, nor shall it prevent any future exercise or enforcement of such right or remedy. No single or partial exercise of any right or remedy shall preclude or restrict the further exercise of any such right, or remedy, or other rights or remedies.
This Terms of Use, together with Our Privacy Policies, Order Forms incorporated herein by reference, constitute the entire agreement between the parties with respect to the subject matter. In case of a conflict between these Terms of Use and other documents/policies, these Terms of Use shall prevail. The clause titles in these Terms of Use are for convenience only and have no legal or contractual effect. The words “including” and “includes” means “including without limitation”.
The provision(s) of these Terms of Use shall be sought to be harmoniously interpreted with each other, as well as applicable Laws (including the applicable laws based on the jurisdiction of the User’s) and upheld to the fullest extent permissible under applicable Laws. Further, the provisions contained in this Terms of Use shall be enforceable independent of each other, and their validity shall not be affected, if any other provision(s) are held to be invalid. If any provision(s) of these Terms of Use are, for any reason, held to be invalid or unenforceable, the other provisions of these Terms of Use will be unimpaired (to the maximum extent permissible), and the invalid or unenforceable provision(s) will be deemed modified so that they are valid and enforceable to the maximum extent permitted by applicable Laws. Further, if any of those provision(s) are void, but would be valid if some part of the provision(s) were deleted, the provision(s) in question shall apply with such modification as may be necessary to make them valid. You confirm that You do not have an employment, contractor, agency, or partnership relationship with Us. We are merely providing You the Services on your request. Further, You are acting on either on Your own or behalf of another person, in the manner stated in the Terms of Use.
These Terms of Use and any dispute or claim arising out of or in connection with their subject matter or formation (including non-contractual disputes or claims) shall be governed by and construed in accordance with the Laws prevalent in Singapore. You agree that the courts of Singapore shall have exclusive jurisdiction to settle any dispute, or claim, arising out of, or in relation to, these Terms of Use.
Effective date: January 8, 2023
This Data Processing Agreement (the “DPA”) constitutes a legally binding agreement between You and Us. You are required to read this DPA carefully as this DPA forms an integral part of the terms of use available at https://www.kula.ai/terms-of-use (the “Terms'') and is applicable where We are the Processors of Your Personal Data.
DEFINITIONS
Terms not specifically defined herein shall have the meaning ascribed thereto in the Terms.
In this DPA, the following terms shall have the following meanings:
“CCPA” shall mean the California Consumer Privacy Act of 2018.
“Data Protection Laws” shall mean the data protection laws of the country in which You are established and any data protection laws applicable to You in connection with the Terms, including but not limited to (a) laws and regulations applicable to the GDPR, (b) in respect of the UK, the GDPR as saved into United Kingdom by virtue of section 3 of the United Kingdom European Union (Withdrawal) Act 2018 (“UK GDPR”) and the Data Protection Act, 2019 (c) the Swiss Federal Data Protection Act and its implementing regulations (“Swiss DPA”) in each case, as may be amended, superseded or replaced.
“GDPR” shall mean the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the Processing of personal data and on the free movement of such data and repealing Directive 95/46/EC (General Data Protection Regulation).
“Personal Data” shall mean any information relating to an identified or identifiable natural person processed by Kula as part of providing the services to You as described in an Appendix.
“Restricted Transfer” means: (i) where the GDPR applies, a transfer of Personal Data from the EEA to a country outside the EEA which is not subject to an adequacy determination by the European Commission; (ii) where the UK GDPR applies, a transfer of Personal Data from the UK to any other country which is not based on adequacy regulations pursuant to Section 17A of the Data Protection Act 2018; and (iii) where the Swiss DPA applies, a transfer of Personal Data to a country outside of Switzerland which is not included on the list of adequate jurisdictions published by the Swiss Federal Data Protection and Information Commissioner.
“Standard Contractual Clauses” or “SCCs” means (i) where the GDPR applies, the standard contractual clauses as approved by the European Commission (Implementing Decision (EU) 2021/914 of 04 June 2021) Implementing Decision (EU) 2021/914 of 04 June 2021) and available at https://eur-lex.europa.eu/legal-content/EN/TXT/HTML/?uri=CELEX:32021D0914 (“EU SCCs”); (ii) where the UK GDPR applies, the International Data Transfer Addendum to the EU SCCs issued by the UK Information Commissioner, Version B1.0, in force from 21 March 2022 set forth as Appendix IV (“UK SCCs”) and (iii) where the Swiss DPA applies, the applicable standard data protection clauses issued, approved or recognized by the Swiss Federal Data Protection and Information Commissioner (the “Swiss SCCs”) (in each case, as updated, amended or superseded from time to time).
“Sensitive Personal Information” means information that relates to an individual’s racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a natural person's sex life or sexual orientation. It also includes information about an individual's criminal offences or convictions, as well as any other information deemed sensitive under applicable data protection laws
“Controller”, “Data Subject”, “Personal Data Breach”, “Processor” and “Process” shall have the meaning given to them in the GDPR.
2.Scope and Responsibilities
2.1.This DPA applies to Processing of Personal Data forming a part of the Customer Data.
2.2. Kula’s scope and responsibilities as both “Data Controller” and a “Data Processor”
2.2.1 Kula as a “Data Controller” - A “data controller” is the party that alone or jointly with others determines the purposes and means of the processing of personal data, and processes the personal data for its own purposes. While using Kula to engage with candidates, our customers(You) are the data controllers because you determine the purpose (e.g. recruiting a candidate) and the means (using Kula) of processing the personal data. Separately, Kula is a data controller for the personal data associated with customer’s(Your) Kula account (e.g. your business contact information) because we control the means and purposes of this processing for our use: invoicing, to communicate information about their account and for other administrative functions.
2.2.2 Kula as a “Data Processor” - Kula is the “data processor” because we process personal data of candidates on our customers(Subscribers) behalf under an agreement in which they tell us what data to process, for what purpose(s), how long we can keep that data, and any restrictions they impose on our use of their data.
2.3.Within the scope of the Terms, each party shall be responsible for complying with its respective obligations as Controller and Processor under Data Protection Laws.
3.Term and Termination
3.1.This DPA becomes effective upon You subscribing to the Services by agreeing to the Terms. It shall continue to be in full force and effect as long as Kula is Processing Personal Data pursuant to the Terms and shall terminate automatically thereafter.
3.2.Where amendments are required to ensure compliance of this DPA or an Appendix with Data Protection Laws, the Parties shall make reasonable efforts to agree on such amendments upon Your request. Where the Parties are unable to agree upon such amendments, either party may terminate the Terms in accordance with the termination procedure contained therein.
4.Processing Instructions
4.1.Kula will Process Personal Data in accordance with Your instructions. This DPA contains Your initial instructions to Kula. The Parties agree that You may communicate any change in your initial instructions to Kula by way of amendment to this DPA, which shall be signed by the Parties.
4.2.For the avoidance of doubt, any instructions that would lead to Processing outside the scope of this DPA (e.g. because a new Processing purpose is introduced) will require a prior agreement between the Parties.4.3.Kula shall without undue delay inform You in writing if, in Kula's opinion, an instruction infringes Data Protection Laws, and provide a detailed explanation of the reasons for its opinion in writing.
5.Processor Personnel
5.1.Kula will restrict its personnel from Processing Personal Data without authorization. Kula will impose appropriate contractual obligations upon its personnel, including relevant obligations regarding confidentiality, data protection and data security.
6.Disclosure to Third Parties; Data Subjects Rights
6.1.Kula will not disclose Personal Data to any government agency, court, or law enforcement except with Your written consent or as necessary to comply with applicable mandatory laws. If Kula is obliged to disclose Personal Data to a law enforcement agency, then Kula agrees to give You reasonable notice of the access request prior to granting such access, to allow You to seek a protective order or other appropriate remedy. If such notice is legally prohibited, Kula will take reasonable measures to protect the Personal Data from undue disclosure as if it were Kula’s own confidential information being requested and shall inform You promptly as soon as possible if and when such legal prohibition ceases to apply.
6.2.In case You receive any request or communication from Data Subjects which relate to the Processing of Personal Data ("Request"), Kula shall reasonably provide You with full cooperation, information and assistance ("Assistance") in relation to any such Request where instructed by You.6.3.Where Kula receives a Request, Kula shall (i) not directly respond to such Request, (ii) forward the Request to You within five (5) business days of identifying the Request as being related to You and (iii) provide Assistance according to further instructions from You.
7.Technical and Organizational Measures
7.1.Kula shall implement and maintain appropriate technical and organizational security measures to ensure that Personal Data is Processed according to this DPA, to provide assistance and to protect Personal Data against a Personal Data Breach ("TOMs") as specified in Appendix II hereto.
8.Assistance with Data Protection Impact Assessment
8.1.Under the General Data Protection Regulation (GDPR), a data protection impact assessment (DPIA) is required if a data processing activity is likely to result in a high risk to the rights and freedoms of individuals. Kula doesn’t get access to such high-risk or data that is deemed profiling and so a DPIA is not required. Nevertheless, where a Data Protection Impact Assessment ("DPIA") is required under applicable Data Protection Laws for the Processing of Personal Data, Kula shall provide upon request to You any information and assistance reasonably required for the DPIA including assistance for any communication with data protection authorities, where required, unless the requested information or assistance is not pertaining to Kula's obligations under this DPA.
8.2.You shall pay Kula reasonable charges for providing the assistance in clause 8, to the extent that such assistance cannot be reasonably accommodated within the normal provision of the Services.
9.Information Rights and Audit
9.1.Kula shall, in accordance with Data Protection Laws, make available to You on request in a timely manner such information as is necessary to demonstrate compliance by Kula with its obligations under the Data Protection Laws.
9.2.Kula shall, upon reasonable notice, allow for and contribute to audits of Kula's Processing of Personal Data, as well as the TOMs (including data Processing systems, policies, procedures and records), during regular business hours and with minimal interruption to Kula's business operations. Such audits shall be conducted by You, Your affiliates or an independent third party on Your behalf (which will not be a competitor of Kula) that is subject to reasonable confidentiality obligations.
9.3.You shall pay Kula reasonable costs of allowing or contributing to audits or inspections in accordance with clause 9.2 where You wish to conduct more than one audit or inspection every twelve (12) months. Kula will immediately refer to You any requests received from national data protection authorities that relate to Kula’s Processing of Personal Data.
9.4.Kula undertakes to reasonably cooperate with You in its dealings with national data protection authorities and with any audit requests received from national data protection authorities.
10.Personal Data Breach Notification
In respect of any Personal Data Breach (actual or reasonably suspected), Kula shall:
10.1.notify You of a Personal Data Breach involving Kula or a subcontractor without undue delay and it shall be Your responsibility to inform the supervisory authority of such breach within seventy-two (72) hours of notice by Kula;
10.2.provide reasonable information, cooperation and assistance to You in relation to any action to be taken in response to a Personal Data Breach under Data Protection Laws, including regarding any communication of the Personal Data Breach to Data Subjects and national data protection authorities.
11.Subcontracting
11.1.You consent to Kula engaging third party sub-processors as indicated in Appendix 1 to Process Personal Data to fulfil its obligations under the Terms provided that, Kula will provide at least fifteen (15) days’ notice to Your account administrator prior to the appointment or replacement of any sub-processor. You may object to Kula's appointment or replacement of a sub-processor prior to its appointment or replacement, provided such objection is based on reasonable grounds relating to data protection. In such an event, Kula will either not appoint or replace the sub-processor or, if this is not possible, You or Kula may suspend or terminate the Service(s) (without prejudice to any fees incurred by You prior to such suspension or termination).
11.2.Where Kula, with Your consent, subcontracts its obligations and rights under this DPA it shall do so only by way of a binding written contract with the sub-processor which imposes essentially the same obligations according to Art. 28 GDPR especially with regard to instructions and TOMs on the sub-processor as are imposed on Kula under this DPA.
11.3.Where the sub-processor fails to fulfil its data protection obligations under the subcontracting agreement, Kula shall remain fully liable to You for the fulfilment of its obligations under this DPA and for the performance of the sub-processor 's obligations.
12.International Data Transfers
12.1.The Parties agree that when the transfer of Personal Data from You to Kula is a Restricted Transfer and applicable Data Protection Laws require that appropriate safeguards are put in place, such transfer shall be subject to the appropriate Standard Contractual Clauses, which shall be deemed incorporated into and form part of this DPA as follows:
12.1.In relation to transfers of Personal Data originating from the EEA and subject to the GDPR, the EU SCCs shall apply, completed as follows:
12.1.a.i Module 2 (Controller to Processor) shall apply where You are a Controller and Kula is a Processor;
12.1.a.ii in Clause 7, the optional docking clause will apply;
12.1.a.iii in Clause 11, the optional language will not apply;
12.1.a.iv in Clause 17, Option 1 will apply, and the EU SCCs will be governed by Irish law;
12.1.a.v in Clause 18(b), disputes shall be resolved before the courts of Ireland;
12.1.a.vi Annex I of the EU SCCs shall be deemed completed with the information set out in Appendix I to this DPA;
12.1.a.vii Annex II of the EU SCCs shall be deemed completed with the information set out in Appendix II to this DPA; and
12.1.a.viii Annex III of the EU SCCs shall be deemed completed with the information set out in Appendix III to this DPA
12.1.b In relation to transfers of Personal Data originating Switzerland and subject to the Swiss DPA, the EU SCCs as implemented under sub-paragraph (a) above will apply with the following modifications and constitute the Swiss SCCs:
12.1.b.i references to Regulation (EU) 2016/679; shall be interpreted as references to the Swiss DPA;
12.1.b.ii references to specific Articles of Regulation (EU) 2016/679; shall be replaced with the equivalent section of the Swiss DPA;
12.1.b.iii references to “EU”, “Union”, “Member State”, and “Member State law” shall be replaced with references to “Switzerland” or “Swiss law”;
12.1.b.iv the term “member state” shall not be interpreted in such a way as to exclude data subjects in Switzerland from the possibility of suing for their rights in their place of habitual residence (i.e., Switzerland);
12.1.b.v Clause 13(a) and Part C of Annex I are not used and the “competent supervisory” is the Swiss Federal Data Protection Information Commissioner;
12.1.b.vi references to the “competent supervisory authority” and “competent courts” shall be replaced with references to the “Swiss Federal Data Protection Information Commissioner” and “applicable courts of Switzerland”;
12.1.b.vii in Clause 17, the Standard Contractual Clauses shall be governed by the laws of Switzerland; and
12.1.b.viii Clause 18(b) shall state that disputes shall be resolved before the applicable courts of Switzerland.
12.1.b.ix Annex I of the Swiss SCCs shall be deemed completed with the information set out in Appendix I to this DPA;
12.1.b.x Annex II of the Swiss SCCs shall be deemed completed with the information set out in Appendix II to this DPA; and
12.1.b.xi Annex III of the Swiss SCCs shall be deemed completed with the information set out in Appendix III to this DPA
12.1.c In relation to transfers of Personal Data originating from the UK and subject to the UK GDPR, the UK SCCs shall apply.
12.1 For the purposes of descriptions in the SCCs, You agree that You are the “data exporter” and Kula is the “data importer”.12.2 The Parties agree that if the Standard Contractual Clauses are replaced, amended or no longer recognized as valid under Data Protection Laws, or if a Supervisory Authority and/or Data Protection Laws requires the adoption of an alternative transfer solution, the data exporter and data importer will: (i) promptly take such steps requested including putting an alternative transfer mechanism in place to ensure the processing continues to comply with Data Protection Laws; or (ii) cease the transfer of Personal Data and at the data exporter’s option, delete or return the Personal Data to the data exporter.
13.Deletion or Return of Personal Data
Upon termination of Your Account, Kula may delete all Customer Data, including Personal Data in accordance with the procedure set forth in the Terms. This requirement shall not apply to the extent that Kula is permitted by applicable law to retain some or all of the Personal Data, in which event Kula shall isolate and protect the Personal Data from any further processing except to the extent as required by such law.
14.CCPA Undertaking
You acknowledge and agree that it is the Business and Kula is the Service Provider with respect to any Personal Information of Consumers (as those terms are understood under the CCPA) forming part of Your Data. Kula will not sell, retain, use, or disclose Personal Information of Consumers that Kula processes on Your behalf when providing the Services under the Terms for any purpose other than for the specific purpose of providing the Services in accordance with the Terms and as part of the direct relationship between Kula and You. Kula certifies that it understands the restrictions in this clause 14 and will comply with such restrictions.
15.Miscellaneous
15.1.In case of any conflict, the provisions of this DPA shall take precedence over the Terms or provisions of any other agreement with Kula. In case of any conflict between the DPA and the SCCs, the SCCs shall take precedence over the provisions of the rest of the DPA.
15.2.No party shall receive any remuneration for performing its obligations under this DPA except as explicitly set out herein or in another agreement.
15.3.Where this DPA requires a “written notice” such notice can also be communicated per email to the other party. Notices shall be sent to the contact persons set out in Appendix 1.
15.4.Any supplementary agreements or amendments to this DPA must be made in writing and signed by both Parties.
15.5.Should individual provisions of this DPA become void, invalid or non-viable, this shall not affect the validity of the remaining conditions of this DPA.
The following Appendices forms an integral part of this DPA:
APPENDIX 1
A. LIST OF PARTIES UNDER THE SCCS
Data exporter(s): The Data Exporter is the entity that has subscribed to the Terms and their contact details are as provided by them while subscribing to the Terms. Signature & Date: By entering into the Agreement, Data Exporter is deemed to have signed these SCCs incorporated herein, including their Annexes, as of the Effective Date of the Agreement.
Role: Controller
Data importer(s):
Name : Kula Technologies Inc.
Address: 3500 S DUPONT HWY, Dover, Delaware, 19901, United States
Contact person’s name,
position and contact details: Name: Achuthanand Tanjore Ravi Email: privacy@kula.ai
Activities relevant to the data transferred under these Clauses: As specified in Part B.
Signature and data: By entering into the Agreement, Data Importer is deemed to have signed these SCCs incorporated herein, including their Annexes, as of the Effective Date of the Agreement.
Role (Controller / Processor): Processor
B. DESCRIPTION OF TRANSFER
Categories of data subjects whose personal data is transferred
Unless provided otherwise by the data exporter, transferred Personal Data relates to the following categories of Data Subjects: employees, contractors, business partners or other individuals having Personal Data stored, transmitted to, made available to, accessed or otherwise processed by the data importer.
Categories of personal data transferred
The transferred Personal Data concerns the following categories of data:
Customer determines the categories of data and/or data fields which could be transferred per Kula’s Services as stated in the relevant Agreement. The transferred Personal Data typically relates to the following categories of data: name, phone numbers, e-mail address, address data, system access / usage / authorization data, company name, contract data, invoice data, plus any application-specific data transferred by authorised personnel.
Sensitive data transferred (if applicable) and applied restrictions or safeguards that fully take into consideration the nature of the data and the risks involved, such as for instance strict purpose limitation, access restrictions (including access only for staff having followed specialised training), keeping a record of access to the data, restrictions for onward transfers or additional security measures.
No Sensitive Personal Information transferred. The data exporter shall not disclose (and shall not permit any individual to disclose) any Sensitive Personal Data to the data importer for processing.
The frequency of the transfer (e.g., whether the data is transferred on a one-off or continuous basis)
Data is transferred on a continuous basis
Nature of the processing
Collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction of data (whether or not by automated means).
Purpose(s) of the data transfer and further processing
Personal Data is transferred in the course of access and use of the data exporter’s Service so that the data importer may provide, support, maintain and improve the Service.
The data importer may further transfer personal data to third-party service providers that host and maintain the data importer’s applications, backup, storage, payment processing, analytics and other services as specified in the section on sub-processors below. These third-party service providers may have access to or process personal data for the purpose of providing these services to the data importer.
The period for which the personal data will be retained, or, if that is not possible, the criteria used to determine that period
Upon termination or expiry of the Terms, Kula shall delete all Customer Data including Personal Data in accordance with the procedure contained in the Terms. This requirement shall not apply to the extent that Kula is required by applicable law to retain some or all of the Personal Data, in which event Kula shall isolate and protect the Personal Data from any further processing except to the extent required by such law.
For transfers to (sub-) processors, also specify subject matter, nature and duration of the processing
COMPETENT SUPERVISORY AUTHORITY
In respect of the SCCs:
Module 2: Transfer Controller to Processor
Where Customer is the data exporter, the supervisory authority shall be the competent supervisory authority that has supervision over the Customer in accordance with Clause 13 of the SCCs.
Appendix II – Technical and Organisational Security Measures
Kula has implemented and shall maintain a security program in accordance with industry standards. Kula has implemented and will maintain appropriate TOMS to protect Service Data from a Personal Data Breach. Reach out to us at privacy@kula.ai for our security policy document.
Appendix III – List of Sub-processors
As set out in Part B to Appendix I.
Appendix IV: UK SCCs
These UK SCCs shall stand included as an addendum to the EU SCCs set implemented under Clause 12.1 (a) of this DPA.
Part 1: Tables
For data transfers from the United Kingdom that are subject to the UK SCCs, the UK SCCs will be deemed entered into (and incorporated into this Data Processing Addendum by this reference) and completed as follows:
(a) In Table 1 of the UK SCCs, the Parties’ details and key contact information shall be as set forth in Schedule A.A.
(b) In Table 2 of the UK SCCs, information about the version of the Approved EU SCCs, modules and selected clauses which this UK SCC is appended to shall be as set forth in Clauses 11.1 and 12.1(a)(i), (ii), (iii), (iv) of this DPA.
(c) In Table 3 of the UK SCCs:
i Annex 1A: List of Parties: Parties are as set forth in Appendix I.A.
ii Annex 1B: Description of Transfer: Description of Transfer is as set forth in Appendix I.B.
iii Annex II: Technical and organisational measures including technical and organisational measures to ensure the security of the data: TOMs are as set forth in Appendix II.
iv Annex III: List of Sub processors: Sub processors are as set forth in Appendix I.B.
(d) In Table 4 of the UK SCCs, both the data importer and the data exporter may end the UK SCCs in accordance with the terms of the UK SCCs.
Part 2: Mandatory ClausesMandatory Clauses of the Approved Addendum, being the template Addendum B.1.0 issued by the ICO and laid before Parliament in accordance with s119A of the Data Protection Act 2018 on 2 February 2022, as it is revised under Section 18 of those Mandatory Clauses.