1. ACCOUNT Terms & conditions

    This Privacy Policy explains our policy regarding the collection, use, disclosure and transfer of your information by Karpaga Assessment App Matrix Services Pvt. Ltd, doing business as, Lyron, Lyron is a state-of-the-art online skill assessment portal provide Test and Video Resume feature. and/or its subsidiary(ies) and/or affiliate(s) (collectively referred to as the Company), which operates the website (“Site”), mobile applications (App) and other services including but not limited to delivery SMS, mobile application developed with the aim to connect companies with potential candidates and improve placements for colleges and related content via the site and application, any mobile or internet connected device or otherwise (collectively the “App Service”).



    The Company respects the privacy of the users of the Lyron platform Services and is committed to reasonably protect it in all respects. The information about the user as collected by the Company is: (a) information supplied by users and (b) information automatically tracked while using a mobile device having Lyron platform Services enabled (collectively referred to as Information).



    It is the policy of Lyron to comply with all applicable laws and regulatory requirements for the use, access and disclosure of Sensitive Information, to ensure the confidentiality and protection of Sensitive Information, and to prevent and mitigate any privacy incidents.



    All members of the Workforce shall be required to comply with this Policy and it is applicable to all Lyron global operations. Individuals who violate these requirements are subject to disciplinary action, up to and including termination or dismissal.



    1. Information Supplied by Users

      To avail certain services of Lyron, users are required to provide some personally identifiable information for the registration process which may include:- a) your name, b) email address, c) phone number, d) access to your phone’s SMS inbox records d) bank account details e) Aadhaar details, f) PAN g) residential address etc. and any other such information as required. The Information as supplied by the users enables us to improve the services and provide you the most user-friendly experience. All required information is service dependent and the Company may use the above said user Information to maintain, protect, and improve the services and for developing new services.



      We may also use your phone number, email address or other personally identifiable information to send commercial or marketing messages without your consent [with an option to subscribe/unsubscribe (where feasible)]. We may, however, use your email address and phone number without further consent for non-marketing or administrative purposes (such as notifying you of major changes, for customer service purposes, providing information about updates to services, billing, etc.).



      Any personally identifiable information provided by you will not be considered as sensitive if it is freely available and/or accessible in the public domain. Further, any reviews, comments, messages, blogs posted/uploaded/conveyed/communicated by users on the public sections of the Site becomes published content and is not considered personally identifiable information subject to this Privacy Policy.



      In case you choose to decline to submit personally identifiable information on the App/Site, we may not be able to provide certain services on the App/Site to you. We will make reasonable efforts to notify you of the same at the appropriate time. In any case, we will not be liable and or responsible for the denial of certain services to you for lack of you providing the necessary personal information.



      When you register with the Lyron services, we may contact you from time to time about updation of your personal information to provide such features that we believe may benefit/interest you.



    2. Information automatically tracked while using the App or Site

      SMS Inbox Information: The Lyron platform also access the User’s SMS inbox only for reading the OTP.The Lyron platform accesses business messages that originate from senders. The Lyron platform may read personal and OTP messages only if the SMS feature is privilege enabled, No personal SMSes or OTPs are backed up. The collection of such information is only limited to the extent that such data is available in the relevant messages. Lyron may also record the identity of the product or service and the price or fee paid or payable in respect thereof.



      Demographic and Related Information:We may reference other sources of demographic and other information in order to provide you with more targeted communications and promotions. We use Google Analytics, among others, to track user behaviour on our website.



      Google Analytics specifically has been enabled to support display advertising to help us gain an understanding of our users’ Demographics and Interests. The reports are anonymous and cannot be associated with any individual personally identifiable information that you may have shared with us.



      Log File Information: Our Servers automatically collect limited information about your device’s connection to the Internet, including your IP address, when you visit our Site or use the App. We automatically receive and log information from the App and/or your browser including but not limited to IP address, your device or computer’s name, and your operating system. We may also collect log information from your device, including but not limited to your location, IP address, your device’s name, device’s serial number or unique identification number (e.g. UDiD on your iOS device, Android ID or ADID on your Android Device), your device operating system, browser type and version, CPU speed, and connection speed etc.



      Cookies: To improve the responsiveness of the Site for our users, we may use “cookies”, or similar electronic tools to collect information to assign each visitor a unique, random number as a User Identification (User ID) to understand the user’s individual interests using the identified computer. Our partners may also assign their own cookies to your browser, a process that we do not control.



    3. Links to Third Party Sites/Ad-Servers.

      The Site may include links to other websites. Such sites are governed by their respective privacy policies, which are beyond our control. Once you leave our servers (you can tell where you are by checking the URL in the location bar on your browser), use of any information you provide is governed by the privacy policy of the operator of the site you are visiting. That policy may differ from ours. If you can’t find the privacy policy of any of these sites via a link from the site’s homepage, you should contact the site directly for more information.



    4. Information Sharing

      The Company may share sensitive personal information with any third party without obtaining the prior consent of the User in the following limited circumstances:



      1. When it is requested or required by law or by any court or governmental agency or authority to disclose, for the purpose of verification of identity, or for the prevention, detection, investigation including cyber incidents, or for prosecution and punishment of offences. These disclosures are made in good faith and belief that such disclosure is reasonably necessary for enforcing these Terms or for complying with the applicable laws and regulations.



      2. No personally identifiable data of an individual user such as name, phone number, email address, spends data, card details etc. would be shared with any other User and/or third party – unless explicitly approved by the concerned individual user in order to avail of certain services. However, if this conflicts with conditions mentioned in the immediate point above, this condition would become null and void.



      3. The Company may also present information related to user spends, patterns and user data tracked by the company only in the form of aggregated statistics on data such as user spends by category, date, time, bank balances, etc. within our app/site or to our partners.



    5. Accessing and Updating Personal Information

      When you use the Lyron platform Services Site (or any of its sub sites), we make efforts in good faith to provide you, as and when requested by you, with access to your personal information and shall further ensure that any personal information or sensitive personal data or information found to be inaccurate or deficient shall be corrected or amended as feasible, subject to any requirement for such personal information or sensitive personal data or information to be retained by law or for legitimate business purposes



      We ask individual users to identify themselves and the information requested to be accessed, corrected or removed before processing such requests, and we may decline to process requests that are unreasonably repetitive or systematic, require disproportionate technical effort, jeopardize the privacy of others, or would be extremely impractical (for instance, requests concerning information residing on backup tapes), or for which access is not otherwise required.



      In any case, where we provide information access and correction, we perform this service free of charge, except if doing so would require a disproportionate effort. Because of the way we maintain certain services, after you delete your information, residual copies may take a period of time before they are deleted from our active servers and may remain in our backup systems.



    6. Information Storage and backup

      If enabled from the app, we take a backup of your data on Lyron platform on our Cloud database according to country specific compliance requirements. This is done for the purpose of enabling users to get their data back in case their phone’s data becomes unusable, if the phone is lost, or the user moves to a new phone device.



      We also use this backup to provide useful insights and information related to Active/inactive Loans and repayments.



    7. Information Security

      We take appropriate security measures to protect against unauthorised access to or unauthorised alteration, disclosure or destruction of data. These include internal reviews of our data collection, storage and processing practices and security measures, including appropriate encryption and physical security measures to guard against unauthorised access to systems where we store personal data. All information gathered on the Lyron platform is securely stored within the controlled database. Access to the servers is password-protected and is strictly limited.



  2. Exceptions to this Privacy Policy

    Exceptions to this Privacy Policy may be granted by the Privacy and Security Steering Committee (“PSSC”) or Information and Security Steering Committee(ISSC).



  3. Privacy Principles

    Lyron has implemented the following fair information privacy principles that support individual rights and set guidelines for the protection of Sensitive Information:



    1. Notice. Lyron shall provide notice regarding its privacy policies and procedures and include the purposes for which Sensitive Information is accessed, collected, used, retained, and disclosed. Notice may occur in a variety of formats including publication on Lyron’ internal and external websites and specified in internal and external contracts and agreements.



    2. Choice and Consent. Where practical or required by law or contract, Lyron shall provide individuals with opportunity to consent to or authorize Lyron’ access, collection, use, retention, and disclosure of Sensitive Information. Consent or authorization may be explicit or implicit depending upon the specific circumstances, and the PSSC shall advise the Business Units as to appropriate means of obtaining consent or authorization.



    3. Limited Collection. Sensitive Information shall only be collected for the purposes identified in the notice.



    4. Limited Use and Disclosure. Sensitive Information shall only be used and/or disclosed to third parties for the purposes identified in the notice



    5. Limited Retention. Sensitive Information may be retained only as long as necessary, including, but not limited to, as may be required by law or contract, to fulfill a valid business purpose.



    6. Accuracy. Lyron shall maintain the accuracy and integrity of the Sensitive Information under its care.



    7. Right to Inspect/Correction. Individuals may request access to their Sensitive Information and request amendment to that Sensitive Information if such information is believed to be inaccurate. Lyron shall review and respond to requests for access and amendment in a timely manner. The PSSC shall provide guidance to Business Units regarding individual rights to access and/or amend Sensitive Information upon request by the Business Unit.



    8. Disposal. Lyron shall dispose and destroy Sensitive Information, at the end of the applicable retention period, in a manner that prevents the likelihood of restoration of the Sensitive Information or in a manner required by law or contract.



    9. Training. Workforce members shall be provided training on this Privacy Policy.



    10. Breach Notification. Actual or suspected breaches of Sensitive Information shall be immediately reported in accordance with the Privacy and Security Incident Reporting Policy.



    11. Accountability. Violations of this Privacy Policy may result in discipline up to and including termination, in compliance with Human Resources policies.



  4. Privacy Policy Requirements

    Exceptions to this Privacy Policy may be granted by the Privacy and Security Steering Committee (“PSSC”) or Information and Security Steering Committee(ISSC).



    1. Policy Availability

      This Privacy Policy shall be made available to the Workforce through Lyron management, the Intranet, formal training programs, and other appropriate mechanisms.



    2. Review Cycle

      1. The PSSC shall review the privacy requirements for the organization. The PSSC shall be responsible for conducting an annual review of this Privacy Policy and all related corporate policies, standards, and procedures. The PSSC may grant an exception for an annual review of this Privacy Policy. A review shall also occur each time there is a significant and material change in laws or regulations regarding the privacy of Sensitive Information. The PSSC shall submit material changes or modifications for approval to the Senior Management, the CISO, and Legal team for review prior to presentation for final review and approval by the Privacy and Security Steering Committee (PSSC).



      2. Requests for changes or modifications to this Privacy Policy may be submitted by a member of the Workforce in writing to the PSSC. The PSSC and the CISO shall determine whether the requested change or modification should be included in the Privacy Policy.



    3. Policy Retention

      This Privacy Policy, as well as any procedures supporting this Privacy Policy, and all previous versions shall be maintained for a minimum of six (6) years after the latest effective date, even if superseded, or longer if required by a legal, regulatory, or contractual requirement



  5. Privacy Requirements

    1. Executive Commitment

      Lyron’ executive leadership agrees that maintaining the privacy and security of Lyron, the Workforce, PII, PD, PI, Personal Health Information, and other Sensitive Information is essential to Lyron’ business and reputation and to operating in a responsible, compliant manner. Accordingly, the Executive Leadership affirmatively approves and supports this Privacy Policy, including the designation of a Privacy Officer.



    2. Workforce Responsibilities

      Each member of the Lyron workforce is responsible for the security of Sensitive Information in his or her workspace. Workforce members take reasonable and appropriate precautions to safeguard access to Sensitive Information including, without limiting the generality of the following, compliance with security measures required by the Security Policy and other guidance issued by the Privacy and Security Steering Committee and Chief Information Security Officer.



      Each Workforce member shall be responsible for:



      1. Reading and understanding the contents of this Privacy Policy and its related policies and procedures;



      2. Ensuring that his or her actions comply with the requirements of this Privacy Policy and its related policies and procedures;



      3. Demonstrating his or her understanding of and compliance with this Privacy Policy and its related policies and procedures through the completion of annual training and certification or through any other means used by Lyron for such certification;



      4. Collaborating with all levels of the Lyron organization to ensure that an effective privacy program is implemented and maintained;



      5. Seeking assistance if uncertain how to comply with the requirements of this Privacy Policy and its related policies and procedures;



      6. Complying with the Security Policy and related policies and procedures and implementing and maintaining the Security Program;



      7. Reporting any violations of this Privacy Policy, related policies or procedures or the law or regulations to the PSSC, CISO, Human Resources representative, Lyron management,



    3. Managers’ Responsibilities

      In addition to responsibilities as a member of the Workforce, each Lyron manager shall be also be responsible for:



      1. Ensuring that all members of the Workforce reporting directly or indirectly to such manager have read, understand, been trained on, and comply with, this Privacy Policy and its related policies and procedures;



      2. Ensuring all members of the Workforce who report directly or indirectly to such manager have completed the required privacy training;



      3. Ensuring that this Privacy Policy, and its related policies and procedures, are fully implemented in his or her functional area of responsibility;



      4. Requesting guidance from Human Resources or the PSSC on implementing this Privacy Policy as a manager if needed.



    4. Business Units and Functional Areas

      In addition to responsibilities as a member of the Workforce, each Business Unit or functional area leader shall also be responsible for:



      1. Identifying any privacy-related contractual requirements mandated or requested by external clients or third-party vendors, and not previously approved by the legal team and the PSSC, and providing those requirements or requests to the legal team and the PSSC prior to contract execution;



      2. Identifying where Sensitive Information is located, and providing such information to the PSSC and/or CISO;



      3. Maintaining a list of all Workforce members who have access to Sensitive Information and approving access by Workforce members to any Sensitive Information in a manner consistent with such Workforce members’ duties and responsibilities;



      4. Documenting and maintaining procedures to implement this Privacy Policy within its own Business Unit.



    5. Privacy and Security Steering Committee

      The Privacy and Security Steering Committee shall be responsible for:



      1. Developing, implementing and maintaining this Privacy Policy and related policies and procedures;



      2. Coordinating with the CISO in the development and maintenance of security policies and programs to ensure that appropriate physical, administrative and technical safeguards are in place to protect the privacy and security of Sensitive Information;



      3. Upon request, reviewing, guiding, and approving Standard Operating Procedures (SOPs) for Business Units and functions, relating to Sensitive Information;



      4. In collaboration with Human Resources, designing and ensuring the provision of adequate training to all Workforce members, including to every new hire as a part of the on-boarding process, on this Privacy Policy, related policies and procedures, and the privacy and security laws and regulations of applicable jurisdictions;



      5. Receiving and reviewing complaints related to this Privacy Policy and related procedures or the requirements for the handling of Sensitive Information under any applicable law, including documenting the complaint and disposition thereof;



      6. Coordinating with Human Resources to recommend appropriate discipline for violations of this Privacy Policy;



      7. Reviewing and responding to requests from law enforcement and regulatory agencies for access to Sensitive Information, in coordination with others to the extent permitted and as appropriate;



      8. Ensuring that Lyron complies with applicable privacy laws, regulations, and contractual privacy requirements;



      9. May designate another individual to function in his/her capacity with regards to the requirements set forth in this Policy.



    6. Human Resources

      Human Resources shall be responsible for:



      1. Together with the PSSC, designing, documenting, and enforcing a progressive disciplinary policy for non-compliance with or violation of this Privacy Policy and related policies and procedures;



      2. Ensuring that Workforce members reporting violations of this Privacy Policy, related policies or procedures or the law are protected from retaliation;



      3. Collaborating with hiring managers to ensure privacy and security obligations are specified in Lyron job and roles descriptions;



      4. Communicating job status changes, including termination of Workforce members, to IT Operations, so that access to systems with Sensitive Information is appropriately modified;



  6. Permitted Uses and Disclosures of Sensitive Information

    All members of the Workforce shall safeguard the confidentiality of and protect any Sensitive Information in accordance with the requirements of this Privacy Policy, other applicable policies and procedures, relevant contractual requirements, and as required by law.



    1. Consent and Authorization to Use Sensitive Information



      1. Limited Collection. Workforce members shall only collect, request, or access the minimum amount of Sensitive Information necessary to serve a valid business purpose and in accordance with the requirements of this Privacy Policy, other applicable policies and procedures, relevant contractual requirements, and as required by law.



      2. Limited Use. Lyron Workforce members shall only access, use, and disclose Sensitive Information in accordance with:



        1. the requirements of the consent or authorization provided by the subject or owner of the Sensitive Information;



        2. the requirements of this Privacy Policy, or other applicable policies and procedures;



        3. relevant contractual requirements; and



        4. as required by law.



      3. All access, use and disclosure of Sensitive information shall be limited to the minimum amount of Sensitive Information necessary to accomplish a valid business purpose



      4. All requests to limit or cease using Sensitive Information shall be directed to the PSSC for review



    2. De-Identified Sensitive Information

      1. In certain cases, Lyron may receive consent or authorization to de-identify Sensitive Information. In these cases, once the Sensitive Information has been de-identified, Workforce members may use and disclose the de-identified Sensitive Information in accordance with the consent or authorization.



      2. Requests to de-identify Sensitive Information must be submitted, in writing, to the PSSC or her/his designee who will evaluate the scope and purpose of the request and the means of de-identification to ensure a low likelihood of re-identification of Sensitive Information and that applicable legal, contractual, and industry-standard requirements are met.



    3. Disclosures Required by Law



      Lyron may use or disclose Sensitive Information as required by law.



  7. Privacy Risk Assessment

    Lyron shall assess Privacy Risk annually pursuant to Lyron’ Risk Management Policy.



  8. Reporting and Handling of Privacy Complaints and Incidents

    For the purposes of this Privacy Policy, all privacy complaints and incidents shall follow Privacy and Security Incident Response Policy.



  9. Disposal of Sensitive Information

    All electronic media and paper copies containing Sensitive Information shall be retained in accordance with Lyron Records Management Policy and Retention Schedule, and properly disposed of once the intended use has been completed in accordance with the Lyron Information Classification and Handling Policy. All media or copies containing Sensitive Information from a client is either to be returned to the client, or destroyed, in accordance with the contractual agreement with the client.



  10. Human Resources Privacy Requirements

    1. Human Resources is responsible for ensuring that Workforce Members’ Sensitive Information is appropriately identified and protected in accordance with this Privacy Policy, contractual requirements, applicable laws and regulations of Government of India.



    2. For countries like United States, European Union Lyron Human Resources will protect any health-related Sensitive Information obtained as a result of providing health-related benefits to employees in accordance with this Privacy Policy, applicable laws, regulations, and contractual requirements.



  11. Complaints and Grievances

    In case you have any complaints and/or grievances in relation to the processing of your Personal Information you can send this via e-mail to our Data Protection Officer [email protected]



    We will be revert back to you on your clarification or requests or queries or complaints or grievance with in 48 working hours but not more than 72 working hours.



  12. Definitions

    1. “Business Unit” is a formally defined area of Lyron representing a specific business function (such as Finance, Solutions Development, Sales, Support, etc.). This could be a department or subset of a department.



    2. “PSSC” means the Privacy and Security Steering Committee who is also the Chief Privacy Officer.



    3. “CISO” means the Chief Information Security Officer



    4. “Information” is considered databases, data files, contracts, agreements, system documentation, research information, user manuals, training material, standard operating procedures, business continuity plans, disaster recovery plans, third-party data, audit trails, and archived information.



    5. “Privacy Guidelines” are documents that support this Privacy Policy but are not directive in nature. Guidelines are designed to provide members of the Workforce a recommended path to achieve compliance with Lyron’ policy.



    6. “Privacy Policy” refers to this formal statement by Lyron’ executive management outlining the overall intention and direction of the safeguarding and protection of Sensitive Information for Lyron, including, but not limited to, affiliates of Lyron. It is not intended to be detailed, but rather to serve as a capstone principle supported by subordinate documents (including, but not limited to, the Privacy Procedures and Privacy Standards).



    7. “Privacy Procedures” directly support this Privacy Policy and are a detailed set of instructions for various groups of individuals, such as the general Workforce, management, Human Resources, and Business Units. These procedures outline the detailed steps, establish timelines, and document specific behaviors for all Workforce members who are bound within this Privacy Policy’s scope to be in compliance.



    8. “Privacy Standards” support this Privacy Policy by providing specific boundaries. Privacy Standards are focused and serve to establish a set of mandatory decision criteria for systems and processes. Privacy Standards are intended for a limited audience and are mandatory by definition. Privacy Standards do not normally require executive management approval and therefore are more fluid and may adapt to technology changes.



    9. “Sensitive Information” is a class of data, that relates to an identified or identifiable individual or entity that is sensitive, confidential, or proprietary to such person or entity and may potentially cause harm to such person or entity if lost or accessed, or used or disclosed by unauthorized persons, either internal or external to Lyron. “Sensitive Information” includes, but is not limited to, Protected Health Information, Personal Information, Personal Health Information, Personal Data, and Personally Identifiable Information including other sensitive KYC (Know Your Customer) information collected as a part of OVD (Officially valid document (OVD) the passport, the driving license, the Permanent Account Number (PAN) Card, the Voter's Identity Card issued by the Election Commission of India, job card issued by NREGA (as those terms are defined in applicable law).



    10. “Systems” are any computing assets that may create, access, or store sensitive data, including those used internally and those developed and sold as a product.



    11. “Workforce” means full-time or temporary employees, contractors, third-party users, volunteers, interns, trainees, agents, and other persons whose conduct, in the performance of work for Lyron, is under the direct control of Lyron, whether they are on-site or off-site, and whether or not they are paid by Lyron.