Skip links

Privacy

Privacy Policy

Introduction

Sumantra Tech (“Sumantra”, “we” or “us”) offers a suite of integrated apps that are used by our customers to seamlessly manage their business decisions. This Privacy Policy (“Policy”) provides information on how we collect, utilize, disclose, and safeguard personal data while acting as a Controller, and it applies to all our Customers as well as website visitors.

This Policy outlines what choices you have as Data Subjects. We are committed to providing the highest level of protection regarding the processing of your personal data based on the applicable data protection laws.

Please note that this Policy does not address the processing of personal data when we handle any Personal data on behalf of our Customers or employees. Typically, our Customers serve as Controllers for any personal data that they upload on our applications, and Sumantra Tech generally acts as a Processor as outlined in applicable service and/or data processing agreements. For more details, including the specific obligations of the Controller and Processor, please refer to the respective agreements.

Definitions

In this Privacy Notice, the following terms shall have the meanings ascribed to them below:

  • “Customers” are persons and entities, such as companies, who have entered into contractual agreements or commercial relationships with us to avail of our Services.
  • “Data Controller” or “Controller” refers to a party that determines the purposes and means of processing Personal data.
  • “Data Processor” or “Processor” refers to a party that processes Personal data on behalf of the Controller.
  • “Data Subject” is the individual to whom Personal data relates. It has the same meaning as a “Data Subject” under the EU-GDPR and the South African POPIA, and “Data Principal” under the Indian DPDPA.
  • “Service Providers” are businesses, merchants, or service providers who collaborate with us to accept payments, offer services, or participate in our ecosystem.
  • “Personal Data” is any data about an individual identifiable by or in relation to such data – for example, name, contact information, identification numbers, etc.
  • “Process” or “Processing”, in relation to Personal data, means operation/s performed on Personal data, such as collection, recording, organisation, structuring, storage, adaptation, retrieval, use, alignment or combination, indexing, sharing, disclosure by transmission, dissemination or otherwise making available, restriction, erasure or destruction.
  • “Services”: Sumantra Tech operates a suite of web-based applications (PE Front Office). All our products, applications, and website(s) are collectively referred to as “Services” in this Policy.
  • “Users/Visitors” are individuals who visit our website or reach out to us for the provision of any Services we provide.
  • “Website” refers collectively to www.pefrontoffice.com as well as the other websites that we operate and that link to this Policy.

 

Our Services

It is our policy to respect your privacy regarding any information we may collect while using our Services. A link to this Policy is also available in the “My Profile” section of our PE Front Office application.

We process two main types of personal data.

  • “Customer Data” – Personal data that forms part of data that is uploaded by our customers and their end-users on our PE Front Office application.
  • “Other Data” – Personal data about our Customers, Visitors and other individuals that is collected and processed directly by us.

Our Customers are the controller of the Customer Data that they upload on our platform, while we are the processor of such data. For any data that we collect and process, we are the Data Controller.

Information we collect

Customer Data
Customer Data may be processed by us as a result of our Customers, or their end-users, uploading information into our application. For example, Customers who use our applications may upload Customer Data about themselves, their employees or their end-users. This data may include name, email address, phone number, landline number, and job titles.

We do not process any such data uploaded by our Customers on our application apart from providing technical assistance, or as per the service and/or data processing agreement we may enter with such Customers. For more details, including the specific obligations, please refer to the respective agreements.

Other Data
Customers provide us with data that is necessary to create user accounts. For the creation of user accounts, we collect your name, email address, password, telephone number and correspondence address. You also provide billing details for invoicing purposes.

Additionally, we also collect data when you use our applications and websites.

  • Log Data – Our servers automatically collect information, such as your IP Address, when you access or use our applications and Services. This data is recorded in log files.
  • Mobile Application – When you download and use our Services, we automatically collect information on the type of device you use and your operating system version.
  • Subscription Data – You provide personal data to us as part of signing up for our newsletter on our websites. We may also collect personal data from you when you use interactive features of our websites, promotions, requesting customer support, or otherwise communicating with us.
  • Contact Us Data – When you enquire about our products and services, we collect and store this data to communicate with you and respond to your enquiry.

Data from Third-Party Sources
When obtaining email addresses or contact information from trusted third parties for the purpose of reaching out to individuals about our Services, we ensure that such information is acquired following applicable data protection laws & regulations. We use this information solely to contact individuals regarding our Services and do not share it with any other parties without explicit consent.

We may also acquire information that is not personal data concerning your organization’s name, structure, industry, and comparable characteristics from third-party data sets to enhance or update the personal data we currently possess. Sumantra Tech may also receive your data from sources where information has been made manifestly public, such as LinkedIn and other public websites.

Cookies
We use “cookies” to help us identify and track visitors, their usage of our website, and their website access preferences. A cookie is a small piece of data that our website stores on your computer, and accesses each time you visit, so we can understand how you use our website. For more details on how we process cookie data and your control over it, please refer to our Cookie Policy.

Users under 16 years of age
We do not knowingly collect personal data from users under the age of 16. If you are under the age of 16, you are not permitted to use our websites and Services, or to disclose any personal data. If we learn we have collected or received data from a child under 16, we will delete that information. If you believe we might have any information from or about a child under 16, please contact us using the details outlined at the end of this Privacy Policy and we will promptly take measures to delete such information.

How we use your data

How we use your personal data will depend on which Services you use and how you use those Services.
Lawful basis for processing
We process your personal data only when we have a lawful basis to do so as per applicable laws. Presently, we use the Performance of Contract (i.e., to deliver the services to our Customers) and consent as the lawful basis for processing. For certain processing, such as sharing promotional and marketing emails, we may also use legitimate interests to contact you.

In some cases, we may also have a legal obligation to collect personal data from you or may otherwise need the personal data to protect your vital interests or those of another person.

Please note that where you have consented to a particular processing, you have a right to withdraw the consent at any time.
How we use Customer data
If you are our Customer, we use the data that we have about you to provide our Services and provide additional support to you. In each case, we collect such information only in so far as is necessary or appropriate to fulfil the purpose of the interaction with our Services.

  • To send emails and other communications. We may send you service, technical and other administrative emails, messages and other types of communications. We may also contact you to inform you about changes in our Services and our Services offerings. These communications are considered a crucial part of our ongoing Services and you may not opt out of them without terminating the Service you have requested.
  • Customer Support. If you send us a request (for example via a support email or one of our feedback mechanisms), we respond to your request in order to assist you. We may also gain access to any data stored within our application by you as a result of the support.

Any data uploaded on our application by our Customers is used only in accordance with their instructions or as provided in the respective services and/or data processing agreement with us, or as per the applicable law.
How we use Other data
We may send you service-related messages or marketing / promotional materials. You may choose to restrict receiving any communication from us by contacting us anytime. We may also update you with improvements in our services, new features and from time to time also carry out direct marketing of our products and services. Direct marketing is carried out only if you consent to receiving such communications from us or if we have a legitimate purpose for doing so.

We may also process your data for any of the following purposes:

  • To enable you to customize or personalize your experience of our website by the use of cookies.
  • To contact and communicate with you in furtherance of any job applications we receive.
  • To manage our operations with our Service Providers.
  • To manage risks and security operations at our organization.
  • To improve our products and services.
  • To comply with any applicable laws.

 

Your Rights

We strive to give you ways to access, update/modify your data quickly or to delete it unless we have to keep that information for legal purposes. If you are our Customer, you may exercise these rights from our application. For all our other Visitors, to exercise these rights please reach out to us by filling out this form or using the contact details provided at the end of this Privacy Policy.
As Data Subjects, you have certain rights under the respective data protection laws. Depending on the circumstances, you may be entitled to the rights as provided by the European Union’s General Data Protection Regulation (the “EU GDPR”), the South African Protection of Personal data Act (the “SA POPIA”) and the Indian Digital Personal data Protection Act (the “Indian DPDPA”). As per your local laws and the exceptions provided in such laws, you may be entitled to the following rights:

  • The right to know what personal data is being collected and for what purpose.
  • The right to know if your personal data is being shared, for what purpose, and the categories of recipients.
  • The right to access your personal data. You also have the right for the data to be shared with you in a structured, commonly-used and machine-readable format.
  • The right to have your personal data corrected, rectified, or updated.
  • The right to have your personal data deleted, including from any third parties to whom your personal data has been shared, or disclosed.
  • The right to object to the processing of your personal data, including for direct marketing purposes.
  • The right not to be subjected to automated decision-making or profiling.
  • The right to reach out to the concerned regulatory body or supervisory authority under the applicable law, and the right to institute civil proceedings in South Africa if you are under the purview of SA POPIA law.

If you as a data subject are unable to reach out to us to exercise any of your rights as listed above, you may nominate a representative who may contact us on your behalf. We may require such a representative to provide adequate proof to confirm the request.

Data Retention

We retain your Personal data for varying durations based on its category and our relationship with you. We aim for data to be retained only for as long as is strictly necessary to fulfil the purposes as outlined in this Privacy Policy or as required by law. Once data is no longer needed, it is securely deleted or anonymized.
When you choose to close your account with us, we generally delete your personal data within 30 days of the closure of your account. For the data we process based on your consent, if you withdraw your consent at any time, we delete your information as soon as your request is verified.
Some information that is necessary for statutory obligations such as records of payment processing and invoicing data may be retained as required under applicable laws.

Your information shared with others

Recipients of your data
Your data may be required to be shared with other recipients to provide you with Services. While we aim to limit the sharing of your data, at times, it is necessary to share your data with certain Service Providers, including data center / hosting services, email marketing services, etc.
The following categories of recipient will most likely receive your data in order for us to provide services to you:

  • AWS as Third Party Data Center Services
  • Vtiger for Sales / Marketing purposes
  • OneDrive for internal content collaboration
  • Microsoft Office 365 for other administrative services
  • Outlook and Google connectors are used to import data from your email applications and as such the data is temporarily shared with these connector companies.

To Comply with Laws – If we receive a request for information, we may disclose if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process.
Cross-Border Data Transfers
We are an international company headquartered in India. Therefore, your personal data may be accessed or processed from around the world, such as countries where we, our affiliates or processors operate.
If you are our Customers, your data will be processed in the region of your choice, e.g. the EU region, or South Africa. Your data will be processed in third-party data centres in such specific regions as will be agreed between us in our service agreements.
For all our other data subjects, your data may be processed within third-party data centres in countries outside your local jurisdiction.
Please be aware that some countries where we process data may not have laws that provide the same level of protection as your own country, and there are inherent risks associated with such transfers. However, we have implemented suitable measures to protect your privacy, fundamental rights, freedoms, and the exercise of your rights. For instance, when transferring personal data to another country, we use appropriate data transfer solutions, such as entering into standard contractual clauses with the data importer and ensuring that the data importer is compliant with applicable data protection laws and best industry practices. These measures ensure that your personal data is protected to the same standards as is required within your jurisdiction.

Security measures to protect your data

Security Measures
We implement security controls to prevent breaches and unauthorised access to your data. We maintain reasonable and appropriate security measures to protect Customer Data and Other Data from loss, misuse, unauthorized access, disclosure, alteration, and destruction. Such security measures include physical access controls, HTTPS, restricted access to data, monitoring for threats and vulnerabilities etc.
Protection of personal data
Our Websites and Services use commercial efforts to maintain safeguards for protection of your Personal data. Sumantra Tech takes all measures reasonably necessary to protect against the unauthorized access, use, alteration or destruction of potentially personally-identifying and personally-identifying information.

Acceptable use of our application

The intended use of services provided by us is to access, store, share and manage content only by the authorized users. The Services are not meant as backup solution, replacement for a file server or to store non-business documents such as systems software.

Change to this Privacy Policy

We may change this Privacy Policy from time to time, at our sole discretion. We encourage you to frequently check this page for any changes to its Privacy Policy. We will notify you of material changes in advance by email or by notice when you log in to our website or applications.
This Privacy Policy was last updated on: 11th March 2024.

Contact Information

If you have questions or complaints regarding this Policy or the use of our services, you may contact usthrough an email at [email protected] or through phone at +91-124-405-4474. You may also contact us at our mailing address below:

Sumantra Tech Services Pvt Ltd,
312, Vipul Trade Centre, Sector 48,
Sohna Road, Gurgaon-122018
Haryana, India.

 

Read License

Please note that our PE Front Office Application software is a collective work consisting of the following major Open-Source components: Apache software, MySQL server, PHP, SugarCRM, ADOdb, Smarty, PHPMailer, phpSysinfo, MagpieRSS, vTiger and others, each licensed under a separate Open-Source License. sumantratech.com is not affiliated with nor endorsed by any of the above providers.