Privacy Policy

Nexval Infotech Private Limited and our affiliated companies worldwide (“Nexval”, “us”, “we”, or “our”) are technology-enabled outsourcing firms focused on offering various products designed for the mortgages and fintech space to meet today’s demands for software that automates and simplifies processes across all task-intensive activities for our clients. This privacy policy describes our approach towards privacy, why we collect your personal data, what data we are collecting, how we process it, and how you can manage it, and how you can request for the deletion of it.

In this privacy policy, we also provide information about higher or different standards that apply in certain jurisdictions.

Nexval is a data controller or its equivalent under privacy laws where it decides how and why personal data is used. Where we act as a data processor or its equivalent in our capacity of providing services to a client, we will only use Personal Data (defined hereinbelow) in accordance with specific written instructions from our client. In those cases, the client is the data controller or its equivalent for that personal data and will be responsible to data subjects for the way in which their personal data is processed. Where applicable and in accordance with privacy laws, we shall assist the relevant data controller in complying with your privacy rights.

If you have any questions or concerns about this privacy policy or your personal data, please contact us at [•].

1. Data Collection.

2. Purpose and lawful basis for processing personal data.

3. Data Security.

4. Data Sharing.

5. International transfer of Personal Data and transfer of data to the affiliates.

6. Data storage and Retention.

7. Existence of Automated Profiling.

8. Data Subject/Principal rights:

  • a. Residents of California
  • b. Residents of [insert name of the relevant U.S. State]
  • c. Residents of Europe
  • d. Residents of Australia

9. Contact us and information regarding complaints.

10. Changes to our privacy policy.

11. Product wise deviations.

1. Data Collection.

Nexval collects the following personal data in one or more of the following ways.

· Your name or other unique identifier: Nexval uses certain personally identifiable information that can be used to contact or identify you (“Personal Data”) in response to your request to do so or to receive marketing communications. The Personal Data includes but does not limit the following:

  • Employee Name
  • E-mail ID
  • Mobile Number
  • Employee ID
  • Designation
  • Gender
  • Work Phone
  • Date of Birth
  • Address
  • Site Location
  • Job Role
  • Date of Joining
  • Profile Image
  • Official Address with Proof
  • Official ID Proof
  • Profile Documents
  • GPS Location
  • Face Recognition Data
  • Date & Time
  • Attendance Data

· Contact Information including Personal Data: Nexval uses the contact information you submit on our website to enable us to respond to a general or business inquiry made by you, or on behalf of the company that you represent.

· Internet and network activity when you visit our website: Nexval may use cookies and/or web beacons to collect data on how you use our websites, including your IP address, pages visited, and length of time spent on the site. Please see our Cookies Notice for further information and to customize your cookie preferences.

· Our career portal: Nexval collects education and employment information when you submit an application for a role at Nexval via our career portal.

· Email communications: If you receive our marketing communications, we will track when you receive, open, click a link in, or share an e-mail you receive from Nexval. To unsubscribe from Nexval marketing communications, please click here or send us an email at info@nexval.com.

· Information from other sources: Depending on your relationship with Nexval, Nexval may receive information about you from other sources, including but not limited to data vendors, insurance providers, auditors, travel service providers, consulting firms, background check service providers, and social media to ensure the accuracy and completeness of your personal data.

2. Processing of personal data - Purpose

Where we require your consent, you will find opt-in mechanisms and you will have the ability to withdraw consent at all times.

Nexval uses the Personal Data it has collected from you in the following ways:

  • · To facilitate, operate, and provide our services under a contract that we are about to enter or have entered into with you;
  • · To authenticate the identity of our users, and to allow them to access our Services;
  • · To gain a better understanding on how users evaluate, use and interact with our Service, and how we could improve their and others’ user experience, and continue improving our products, offerings and the overall performance of our services;
  • · Developing new line of product/services;
  • · To facilitate, sponsor and offer certain events, contests and promotions;
  • · When you access our website with a device, the usage data will be stored that may include information such as the type of device you use, your device unique ID, the IP address of your device, your device operating system, the type of Internet browser you use, unique device identifiers and other diagnostic data.

· Use of data under legal or regulatory obligations: For maintaining records, performing compliance screening (such as anti-money laundering, financial or credit checks, fraud and crime prevention and detection analysis, and screening for compliance with domestic and international trade sanctions and embargo laws), we may store and / or process your Personal Data. This use also includes automated checks of your Personal Data provided by you about your identity against relevant databases and contacting you to confirm your identity or making records of our communications with you for compliance purposes.

· Legitimate interests: Where it is necessary for our legitimate interests or those of a third party and your interests and fundamental rights do not override those interests. Our legitimate interest will include, for example, market research purposes, marketing purposes and appropriate controls to ensure our website, processes and procedures are running effectively, for the prevention and detention of against fraud and for Information Technology (IT) security purposes. You can contact us for further information about how we assess our legitimate interests against any potential impact on you in respect of specific activities at info@nexval.com.

If processing Personal Data is subject to any other data protection laws, then the lawful basis for the processing of the Personal Data will be based on the applicable national or state laws.

Nexval shall only process the received information to pursue our legitimate business interests. Legitimate business interests include screening resumes of prospective candidates, establishing communication with prospective customers (whom you represent) and personnel with general/business inquiries, and to enhance our user experience.

You also have the option to subscribe/opt-in to receive newsletters, thought leadership content and/or marketing materials. You can always opt out by writing to info@nexval.com. Nexval shall adhere to your preferences.

3. Security.

Nexval implements industry standard security measures to keep your personal data secure and confidential, including but not limited to:

  • · Restriction of access to your personal data to Nexval employees strictly on a need-to-know basis, such as responding to an inquiry or request.
  • · Implementation of physical, electronic, administrative, technical and procedural safeguards that comply with applicable rules, laws, legislation and regulations to protect your personal data from unauthorized or inappropriate access, alteration, disclosure and/or destruction.
  • · Prompt disciplinary action against Nexval employees who misuse personal data, which is a violation of Nexval policies.
  • While Nexval maintains the best efforts to ensure the security of your data, it is important that you also make every effort to protect your password and computer from unauthorized access. Be sure to sign off when you are finished using a shared computer.

4. Sharing of your personal data.

  • · The Personal Data collected by Nexval from you is stored in one or more databases hosted by third parties. These third parties do not use or have access to your Personal Data for any purpose other than cloud storage and retrieval. Sometimes Nexval engages third parties to respond to certain queries raised by you or to establish business communications, including marketing communications, to prospective customers.
  • · Nexval shares your Personal Data with service providers, which, depending on your relationship with Nexval, may include but is not limited to payroll processors, cloud service providers, and administration support providers. Personal data shared with these service providers is for business purposes only.
  • · Where required or permitted by law, information may be provided to others, such as, but not limited to regulators and enforceable government directives.
  • · From time to time, Nexval will consider corporate transactions such as a merger, acquisition, reorganization, asset sale, or similar transaction. In these instances, we may transfer or allow access to information to enable the assessment and undertaking of that transaction. If we buy or sell any business or assets, Personal Data may be transferred to third parties involved in the transaction. In these instances, Nexval will continue to ensure your Personal Data is protected and Nexval will provide any impacted data subjects notice before any personal data is transferred or subject to a different privacy policy.
  • · Our service providers shall be deemed as ‘Data Processors’ in circumstances where Nexval assumes the role of ‘Data Controller’; and where Nexval acts as the Data Processor for our Customer, the Service Provider shall be deemed our ‘Sub-Processor’.

5. International transfer of Personal Data and transfer of data to affiliates.

We have affiliates across countries including India and we transfer Personal Data concerning you to countries across the globe. Safeguards are put in place under applicable data protection laws to ensure

the safe transfer of data between regions. We transfer Personal Data between our affiliates and data centers for the purposes described above.

Your personal data will be stored in databases located in regions across the globe including India. The databases are controlled by our administrative staff located outside of the European Union including in India and can be accessed electronically.

Specific transfer mechanisms outside of the European Union under the GDPR: Where we transfer Personal Data outside the EU and between our affiliates, we either transfer personal data to countries that provide an adequate level of protection as determined by the European Commission, or use alternative safeguards. Standard contractual clauses are used as the appropriate safeguards. You can read more about standard contractual clauses here.

Where Protection of Personal Information Act (“POPIA”) applies and we transfer personal data outside of the country in which Nexval is established, we only transfer Personal Data to countries that provide an adequate level of protection and/or we ensure that we have appropriate safeguards in place to cover these transfers, as permitted under the applicable data protection legislation.

If you would like more information on any of the data transfer mechanisms we rely on, please contact us at info@nexval.com.

6. Data storage and Retention.

Nexval shall retain your Personal Data pursuant to the business purposes and in line with our data retention policies. Your Personal Data will only be retained by us for as long as is reasonably necessary taking into consideration the purposes outlined above or to comply with legal, accounting or reporting requirements under the applicable law(s).

In order to determine the appropriate retention period for Personal Data, we consider the following:

  • · quantum, inherent nature, and sensitivity of the Personal Data;
  • · the potential risk of harm that might result from the unauthorized use or disclosure of your Personal Data;
  • · the purposes for which we process the Personal Data; and
  • · whether we can achieve those purposes through any other means, and the applicable legal requirements.

For more information on where and how long your personal data is stored, please contact us at info@nexval.com.

7. Automated Profiling.

Nexval uses automated profiling in a limited manner relating to email campaigns or any other targeted campaigns. As part of these campaigns, we track when you receive, open, click a link in, or share an e-mail you receive from Nexval using a Nexval managed automated solution. The automated solution profiles the information tracked to evaluate your interest in respect of Nexval ’s service offerings and/or promotions. The objective of this is to identify and target potential customers and/or business partners and aims to provide you with relevant and timely content based on your indicated interests.

8. Data Subject/Principal Rights.

You may have certain rights as the data subject/ principal in relation to your Personal Data pursuant to data protection laws in your jurisdiction. To exercise such rights, please contact info@nexval.com. The rights for certain jurisdictions are explained in further detail below.

Residents of California, United States of America:

  • · Right to know what information the business collects, discloses, and if applicable, sells (as the term is defined in section 1798.140(t) of the California Consumer Privacy Act (CCPA)).
  • · Right to access what personal information has been collected about you by making a proper Verifiable Consumer Request (“VCR”). Through a VCR, you may request:
  • the categories of personal information collected about you in the preceding 12 (twelve) months;
  • the categories of sources from which personal information is collected; the business or commercial purpose for collecting personal information;
  • the categories of various third parties with whom Nexval shares personal information;
  • specific pieces of personal information collected about you.
  • · If the business has “sold” (as that term is defined in section 1798.140(t) of the CCPA) or disclosed your personal information for a business purpose, you have the right to request an itemized list of the categories of personal information:
  • collected about you
  • sold about you (this includes categories of third parties to whom information was sold and what categories of personal information for each third party);
  • disclosed about you for a business purpose.
  • · Right to opt out of the sale of your personal information to a third party at any time.
  • · Right to request deletion of personal information that has been collected about you, subject to certain exceptions.
  • · Right to request that your personal information be transferred to a third party.
  • · Right to non-discrimination against you for exercising any of the rights listed above.

Nexval does not sell personal information as defined in section 1798.140(t) of the CCPA. Nexval also does not sell the personal information of children under age 16 without affirmative authorization.

To exercise your rights with respect to your personal information, you may submit a Verifiable Consumer Request through this link or by sending an email to info@nexval.com.

Nexval will respond to a Verifiable Consumer Request within 45 days. Should we require more time, Nexval will notify you of the extension period and the reason for the extension in writing. To the extent possible, we will provide you with your personal information in a format that you can share with other businesses.

Residents of Europe:

  • · The right to request access to your personal data and request details of the processing activities conducted by Nexval.
  • · The right to erasure of your personal data under certain circumstances.
  • · The right to request that your personal data is rectified if it is inaccurate or incomplete.
  • · The right to request restriction of the processing of your personal data in certain circumstances.
  • · The right to object to the processing, including the sale or commercial use, of your personal data in certain circumstances.
  • · The right to receive your personal data provided to us as a controller in a structured, commonly used and machine-readable format in certain circumstances.
  • · The right to object to, and not to be subject to a decision based solely on, automated processing (including profiling), which produces legal effects or significantly affects you.
  • · The right to withdraw your consent provided at any time by contacting us.

In accordance with the General Data Protection Regulation (GDPR), we will respond to your request within 1 (one) month upon the receipt of your request. Where we are unable to progress your response, we will contact you. In certain circumstances, Nexval may extend the timeline of our response to 3 (three) months in accordance with applicable law.

To exercise your rights with respect to your personal data, you can submit a data subject request by [•].

Residents of Australia:

Nexval recognizes that individuals must have the option to not identify themselves, or to use a pseudonym when liaising with Nexval. We seek to provide this option to the extent possible. However, due to the nature of Nexval ’s business operations, it is impracticable in most cases for Nexval to deal with individuals who have not identified themselves or who use a pseudonym.

As a resident of Australia, you have the following rights:

  • · The right to have your personal information de-identified and/or destroyed.
  • · The right to require that any personal information held by Nexval is accurate, up-to-date, and complete.
  • · If the information is inaccurate, incomplete and/or out-of-date, you have the right to request that it is corrected.
  • · The right to know when and how your personal information is collected, used and disclosed.
  • · The right to “opt out” of your personal information being used for direct marketing purposes.
  • · The right to request Data Holders and accredited bodies to share information relating to yourself, with consent, in a standardized machine-readable format.

If you would like to exercise any of the above rights, please contact info@nexval.com.

9. Contact us and information regarding complaints.

Contact us:

Please contact us with any concerns you may have. You can contact us by writing to us at info@nexval.com.

Complaints: Some data protection laws, such as the European GDPR, give you the right to lodge a complaint with a supervisory authority, in particular in the Member State where you work, normally live, or where any alleged infringement of data protection laws has occurred.

For other data protection laws, where applicable, you can contact the nominated data protection supervisory body in that jurisdiction.

10. Changes to our privacy policy

This privacy policy was last updated on 26.11.2021 and Nexval will notify you of changes we may make to this privacy policy where required. However, we would recommend that you revisit the privacy policy from time to time to check for any updates.

11. Product wise deviations

This privacy policy broadly applies to all the products and solutions offered by Nexval. However, the data collection and storage processes differ from one product to the other. Certain key practices and processes pertaining to the collection and storage of data for various Nexval products are given below:

  • i. NexAEI
  • Nexval operates a mobile-based attendance capturing system, NexAEI (“NexAEI”) that helps an entity manage the decentralized attendance of its hybrid workforce
  • We collect the following data for services provided through NexAEI:
  • Employee ID; First Name; Last Name; Address; Work Phone; Cell Phone; E-mail Address; Site Location; Date of Joining; Employment Type; Gender; Designation; and Date of Birth.
  • The personal data collected for NexAEI is stored on Google Cloud Platform in the Mumbai Region.
  • ii. Paycalq
  • Paycalq is a smart pay slip generation application that helps organizations in defining salary structures and in performing salary calculations easily.
  • We collect the following data for services provided through Paycalq:
  • Employee Code; Name; Address; Gender; Date of Birth; Branch; Grade; Department; Designation; Date of Joining; Release Date; Bank Name; Bank Account Number; Provident Fund Number; Permanent Account Number; Employee State Insurance Company Number; and Universal Account Number.
  • The personal data collected by us is stored on Google Cloud Platform in the Mumbai Region.
  • iii. NexAEI Hourly
  • NexAEI Hourly (“Hourly”) is a technological solution that helps team managers and business owners to increase productivity among remote teams. It tracks computer activity logs, application usage, and off-screen time on a real-time basis. Managers get actionable intelligence through alerts & notifications, dashboards, and customizable reports that help them to gain visibility and build digital trust with their decentralized workforce.
  • We collect the following data for services provided through Hourly:
  • Employee ID; Domain Name; and User Name.
  • The user specific information synced from cloud, collected by us is stored on Google Cloud Platform in the Mumbai Region.
  • iv. DocuChief
  • DocuChief (“DC”) is Nexval's flagship technology product. It helps in automating and simplifying document processing across industries, with particular focus on the US mortgage banking industry. DC can be implemented both as a cloud solution or as a hybrid solution. DC leverages machine learning / artificial intelligence algorithms and deep learning for document indexing (classification) and data extraction.
  • We collect the following data for services provided through Hourly:
  • Employee ID; First Name; Last Name; and E-mail Address.
  • The data collected by us is stored on an Amazon Web Services sever located in Singapore Region.
  • v. Inscript
  • Inscript is an open platform for writers and readers to coexist and share insightful ideas and thoughts. Inscript aspires to be a community of writers and readers who come together on our platform for deeper understanding of the World through this new model of digital publishing.
  • We collect the following data for services provided through Hourly:
  • Name; E-mail Address; Contact Information; Preferred Language; Hobby; Topic/Category Interest; Social Profile Details; Bank Details; Know Your Customer Details; and Tax Information.
  • The user specific information collected by us is stored on an Amazon Web Services sever located in Singapore Region
  • vi. ARC (Audit, Risk & Compliance)
  • ARC is a workflow-enabled, template based, software providing a consolidated organization-wide view of an entity’s audit, risk management and compliance programs using a single technology.
  • We do not store or access any of the client data or information, as ARC is a role based application. The client keeps all the data and is in control of all of their information.
  • All data, which are used in ARC are stored in data center in the United States of America maintained by our hosting vendor LIQUIDWEB