PRIVACY POLICY

  1. Introduction

Welcome to Holistic Gains (“we,” “us,” or “our”). We are committed to protecting the privacy and security of your personal information. This Privacy Policy outlines how we collect, use, disclose, and safeguard your personal information when you interact with our services.

  1. Information We Collect

We may collect the following types of personal information from you:

2.1. Information you provide directly:

  • Contact information (e.g., name, email address, phone number)
  • Account registration information
  • Payment and billing information
  • Communications and correspondence with us

2.2. Information collected automatically:

  • Log data (e.g., IP address, browser type, operating system)
  • Usage data (e.g., pages visited, actions taken)
  • Cookies and similar technologies (please refer to our Cookie Policy for more information)

2.3. Information from third-party sources (if applicable):

  • Social media platforms and other online services
  1. How We Use Your Information

We may use your personal information for the following purposes:

  • To provide and improve our products and services
  • To process transactions and payments
  • To communicate with you about our products, services, and promotions
  • To personalize your experience and recommend relevant content
  • To comply with legal and regulatory obligations
  1. Disclosure of Your Information

We may share your personal information with:

  • Service providers and business partners who assist us in delivering our services
  • Legal authorities, when required by law or to protect our rights and safety
  • Other parties with your consent
  1. Your Rights

You have the following rights regarding your personal information:

  • Access: You can request access to the personal information we hold about you.
  • Rectification: You can request that we correct inaccurate or incomplete information.
  • Erasure: You can request the deletion of your personal information under certain circumstances.
  • Objection: You can object to the processing of your personal information.

To exercise these rights, please contact us at [contact email or address].

  1. Security

We implement reasonable security measures to protect your personal information. However, no method of transmission or storage is completely secure. We cannot guarantee the security of your data.

  1. Changes to this Privacy Policy

We may update this Privacy Policy to reflect changes in our practices or for other operational, legal, or regulatory reasons. We will notify you of any material changes via email or through our website.

  1. Contact Us

If you have any questions or concerns about this Privacy Policy or our data practices, please contact us [email protected]

Additional Privacy Policy

By using our services, you consent to the terms of this Privacy Policy.

1.1. VDAR

Refers to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 concerning the protection of individuals with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC (General Data Protection Regulation).

1.2. Personal Data

Any information concerning an identified or identifiable natural person; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that natural person.

1.3. Processing of Personal Data

Any operation or set of operations which is performed upon Personal Data or sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination, or otherwise making available, alignment or combination, restriction, erasure, or destruction.

1.4. Controller

Refers to Holistic Gains, a natural or legal person who, alone or jointly with others, determines the purposes and means of the processing of personal data.

1.5. Processor

A natural or legal person, public authority, agency, or other body which processes personal data on behalf of the controller.

1.6. Customer

A natural or legal person who, whether acting in person or remotely, utilizes the services provided by Holistic Gains.

1.7. Cooperation Partner

A natural or legal person who offers services to Holistic Gains and does not process the Personal Data held by Holistic Gains on behalf of the Company.

1.8. Data Subject

A directly or indirectly identified or identifiable natural person, encompassing all Holistic Gains Customers, Cooperation Partners, their designated contact persons or authorized individuals, as well as all potential and current Employees of Holistic Gains with whom an employment or company agreement has been established or concluded.

General Provisions

2.1. Scope

This Privacy Policy, henceforth referred to as the “Policy,” delineates the Company’s guidelines aimed at elucidating the objectives of the Company’s processing of Personal Data, its legal bases, scope, protection, processing, retention period, sources of Personal Data, recipients of Personal Data, and the rights of the data subject concerning the acquisition and processing of personal data.

2.2. Applicability

The Policy is applicable to ensuring the privacy and protection of Personal Data concerning:

  • Natural persons, specifically the Company’s Customers, Processors, Employees, as well as third parties identified as contact persons or authorized individuals during the provision of services or cooperation offered by the Company;
  • Legal persons, if their designation contains data pertaining to natural persons or according to the information provided by them, direct or indirect identification of a natural person is feasible.

2.3. Data Formats and Environments

The Policy applies to the processing of Personal Data regardless of the format and/or environment in which the Data Subject provides Personal Data (in written form, by telephone, on a website, in physical format, or via email, etc.), and the Company systems or forms in which it is processed.

2.4. Legal Framework

Legal framework governing the processing of the Company’s Personal Data includes:

  • VDAR;
  • Civil Law of the Republic of India;
  • Advertising Law;
  • Personal Data Processing Law;
  • Commercial Law;
  • Labor Law;
  • Labor Protection Law;
  • Law “On Accounting”;
  • Cabinet of Ministers 21.10.2003 regulations no. 585 “Regulations on Accounting and Organization”.

Information about the Data Controller

3.1. Company Details

The Data Controller is the Company: Holistic Gains, Ward No 5, C/O Jagroop Singh Pathania, Gangath, Himachal Pradesh, India, MSME NO: UDYAM-HP-04-0026238, email address: [email protected].

3.2. Inquiries

For inquiries concerning the processing of Personal Data by the Company, please contact the Company’s designated person responsible for Personal Data Processing at the following email address: [email protected]. Utilizing this contact information, the Data Subject may submit a request for the exercise of their rights.

Legal Basis for Processing Personal Data

4.1. Grounds for Processing

The Company processes Personal Data based on the following legal grounds as outlined in Article 6 of the GDPR:

  • Contractual necessity: to enable the Company to provide the advertising agency services requested by the Client, conduct service sales transactions, draft, conclude, and fulfill a valid contract, including employment agreements, contracts with Employees, execution or modification of service contracts with Clients subsequent to contract execution, and termination of relevant contractual obligations;
  • Legal obligations: to adhere to statutory obligations under the regulatory enactments of the Republic of India and the EU, thereby ensuring compliance with legal obligations towards the Company, the Data Subject, governmental and municipal institutions, and third parties, including the determination of Employee salaries, additional remuneration, allowances, social contributions, and taxes, as well as statutory leave entitlements, and to maintain appropriate and safe working conditions and environment, and to terminate legal employment relationships in accordance with statutory procedures;
  • Legitimate interests: to pursue the Company’s legitimate interests arising from contractual obligations between the Company and the Data Subject, encompassing:
    • Ensuring and enhancing the quality of the service requested by the Customer;
    • Facilitating efficient financial and business accounting and analytics, and enhancing Company management processes;
    • Mitigating unjustified financial risks;
    • Preventing fraud and theft;
    • Implementing the Company’s direct and digital marketing strategies, and analyzing and documenting outcomes;
    • Authenticating the identity of the Data Subject prior to contract execution;
    • Guaranteeing fulfillment of contractual obligations;
        • Seeking recourse from state administration, operational activities, and judicial institutions to safeguard the Company’s interest.

Purposes of Personal Data Processing and Categories of Processed Personal Data

5.1. Data Processing Purposes

The Company may possess and process the following Personal Data of the Data Subject, along with other information furnished by the Data Subject, deemed as Personal Data when direct or indirect identification of the Data Subject is feasible, for the following purposes:

      • Facilitating, executing, or amending agreements with the Data Subject, namely the Customer or the Cooperation Partner, post-contract conclusion, invoicing, and communication with the Data Subject during the initiation and execution of services or cooperation:
        • Name and surname of the Customer, Cooperation Partner, or their designated contact person or authorized individual;
        • Personal identification code of the Customer, Cooperation Partner, or their designated contact person or authorized individual;
        • Email address of the Customer, Cooperation Partner, or their designated contact person or authorized individual;
        • Telephone number of the Customer, Cooperation Partner, or their designated contact person or authorized individual;
        • Declared or actual residential address of the Customer, Cooperation Partner, or their designated contact person or authorized individual;
        • Name of the Client or Cooperation Partner, if a legal entity;
        • Registration number of the Client or Cooperation Partner, if a legal entity;
        • Legal address of the Client or Cooperation Partner, if a legal entity;
        • Name and surname of the Customer or Cooperation Partner, if a legal entity, representative, or authorized individual;
        • Position of the Client or Cooperation Partner, if a legal entity, representative, or authorized individual;
        • Telephone number of the Customer or Cooperation Partner, if a legal entity, representative, or authorized individual;
        • Email address of the Customer or Cooperation Partner, if a legal entity, representative, or authorized individual;
        • Written signature of the Customer or Cooperation Partner, or their representative or authorized individual, as indicated on executed agreements, their addenda, or amendments;
      • Initiating legal employment relations, entailing employee identification, development, execution, and substantiation of employment or company agreements, provision of information to the State Revenue Service or other public administration institutions as specified in regulatory enactments:
        • Name and surname of the employee;
        • Employee personal identification code;
        • Actual or declared residential address of the employee;
        • Employee’s position in the Company and specialty per the Classification of Professions;
        • Date of commencement of the employee’s employment relationship;
        • Employee’s salary amount;
        • Employee’s bank details for salary disbursement;
        • Written signature of the employee, as indicated on executed agreements and other internal Company documents;
        • Information pertaining to the Employee’s dependents or the Employee’s disability for tax relief determination purposes;
      • Maintaining legal employment relations, ensuring requisite work conditions, fulfilling Company’s legitimate interests, and meeting obligations outlined in external regulatory enactments as an employer and per agreement concluded with the Employee, beyond the data specified in 5.1.2.:
        • Information regarding the employee’s accrued, utilized, and remaining vacation entitlement;
        • Information concerning the health status of the Employee or their family members, childbirth, and the number of children in the family, statutory absences including incapacity for work, parental and paternity leave, additional leave, and entitlement to benefits.

Processing of Special Categories of Personal Data

6.1. Legal Compliance

To ensure compliance with legal requirements and fulfill the Company’s legal obligations as an employer, the Company may process special categories of Personal Data including:

      • Information regarding the health status of the Employee or their family members, childbirth, and the number of children in the family, statutory absences including incapacity for work, parental and paternity leave, additional leave, and entitlement to benefits.

Sources of Personal Data Acquisition

7.1. Data Sources

Personal Data held by the Company pertaining to the Data Subject is obtained from the following sources based on the legal bases of data processing specified in Paragraph 4:

      • Personal data provided by the Data Subject in person or remotely, including through the Company’s website or other communication channels;
      • Personal data provided by the Customer or the Cooperation Partner regarding their representative, authorized individual, or designated contact person during service or cooperation provision;
      • Personal Data provided by the Processor or their authorized individual for the conclusion and execution of agreements with the Processor;
      • Information supplied by third parties, where such receipt is mandated by regulatory enactments.

Processing of Personal Data within the Company

8.1. Principles of Data Processing

Personal Data is processed equitably, lawfully, and transparently to the Data Subject, utilizing organizational, financial, and technical resources reasonably accessible to the Company.

      • Personal Data is collected for specific, explicit, and legitimate purposes and not further processed in a manner incompatible with those purposes.
      • Personal Data is retained in a manner enabling the identification of the Data Subject for no longer than necessary for the purposes for which the data were obtained or processed. The Company’s Personal Data retention periods are specified in Clause 11 of the Policy.
      • Personal Data is acquired in line with the principle of data minimization, signifying that the data are adequate, relevant, and restricted to what is necessary for the purposes of processing.
      • The Company ensures the accuracy of Personal Data and, if necessary, updates the data in accordance with current information or deletes it.
      • Personal Data is processed to ensure adequate security, protecting against unauthorized or unlawful processing, accidental loss, destruction, or damage.
      • To fulfill obligations to the Data Subject, the Company may engage external service providers, authorizing them to perform specific activities on the Company’s behalf. If, in carrying out these tasks, the Company’s authorized personnel process Personal Data held by the Company, the performers of the respective task are deemed Processors of Personal Data held by the Company, and the Company retains the right to transfer Personal Data processing activities to these Processors.

8.7.1. Processor Authorization

When authorizing Processors to perform a designated task, both the Company and the Processors ensure the protection of Personal Data processing in compliance with GDPR requirements, and refrain from utilizing Personal Data for purposes beyond fulfilling established obligations to the Data Subject.

Processors of Personal Data held by the Company

9.1. Data Subject Requests

Upon receipt of a Data Subject’s request, the Company shall furnish information on the Personal Data of the Data Subject and the sub-processors of the Processors under its control, as per Article 12.2 of the Policy.

Protection of Personal Data

10.1. Security Measures

The Company safeguards Data Subject Personal Data utilizing modern technologies, considering extant privacy risks, and the organizational, financial, and technical resources reasonably available, including:

      • Securing Personal Data stored in IT systems against unauthorized access, through password protection of internal systems, electronic mail, and databases used by the Company;
      • Limiting access to the Company’s office premises to employees only;
      • Employing firewalls and antivirus programs;
      • Ensuring personnel handling Personal Data have proper training and clear instructions on data processing, including security instructions detailed in the Policy;
      • Preventing the public disclosure or sharing of Personal Data without permission.

Personal Data Storage Terms

11.1. Data Processing Duration

The Company processes Personal Data as long as the following conditions are met:

      • While executing the services provided by the Company;
      • During the validity period of concluded contractual obligations with the Data Subject;
      • As long as necessary for the purpose received;
      • To realize legitimate interests of the Company or the Data Subject, such as enabling either party to file objections or legal actions, while the defendant defends their rights;
      • As long as either party has a legal obligation to retain the data, per Civil Law, Commercial Law, or Accounting Law.

11.2. Data Deletion

Upon expiration of conditions in 11.1., Personal Data is deleted.

11.3. Paper Document Retention

Paper documents are retained as per statutory deadlines, but not exceeding 5 years, and in specific cases, to safeguard Company interests, including contractual obligations, debt collection, potential litigation, or limitation

periods.

Data Subject Rights and Access to Personal Data

12.1. Rights

The Data Subject retains rights to information regarding Personal Data under the Company’s control, concerning the processing of their Personal Data. They can request access, rectification, supplementation, or deletion of their Personal Data, restrict data processing, object to processing, including that based on Company legitimate interests, and exercise data portability rights, to the extent technically feasible. These rights are exercised within the bounds of Company obligations specified in regulatory enactments.

12.2. Request Submission

Data Subjects may initiate requests to exercise their rights by submitting a completed form to the Company’s contact person for personal data processing matters, at the email address: [email protected]

12.3. Request Handling

Upon receiving a request to exercise Data Subject rights, the Company verifies the Data Subject’s identity, assesses the request, and executes it per regulatory enactments.

12.4. Response Time

The Company responds to Data Subject requests within 30 days of receiving them by the Company’s contact person for Personal Data Processing, either via email or by registered post. If further clarification or in-depth investigation is necessary, responses may exceed 30 days, not exceeding 60 days based on request content.

12.5. Data Deletion Requests

Requests for Personal Data deletion may not be fulfilled if data processing is mandated by regulatory enactments, contractual obligations, or Company legitimate interests. Data Subjects are informed of this within 30 days of the request receipt. If a valid request for deletion is received, Personal Data is appropriately erased within 30 days.

12.6. Dispute Resolution

Disputes concerning Personal Data processing are resolved through negotiation between the Data Subject and the Company. If the Data Subject believes their Personal Data processing violates applicable laws and regulations, they may appeal to the Data State Inspectorate or another supervisory authority to protect their rights.

Personal Data Transfer

13.1. Data Transfer Conditions

Personal Data is not transferred to third parties without prior Data Subject consent, except as mandated by regulatory enactments or specified in the Policy.

13.2. Third-Party Transfers

To ensure service provision or Company legitimate interests, Personal Data may be transferred to third parties processing Personal Data of the Company’s Customers or Cooperation Partners on its

behalf.

13.3. Third-Party Responsibilities

The Company disclaims responsibility for Personal Data processing by third parties to whom Company Customer or Cooperation Partner Personal Data is transferred, as such third parties act as independent data controllers, processing Personal Data in line with their privacy policies.

Cookie Policy

14.1. Cookie Usage

The Company’s website may utilize cookies to enhance browsing experiences and analyze website traffic. By continuing to use the website, users consent to cookie usage in accordance with the Privacy Policy.

14.2. What are Cookies?

Cookies are small text files stored on users’ computers or mobile devices when visiting a website. They help the website remember actions and preferences across visits, eliminating the need for re-entry.

14.3. Types of Cookies

Cookies can be “persistent” or “session” cookies. Persistent cookies remain when offline, while session cookies expire upon browser closure.

14.4. Cookie Functions

Persistent cookies remember login details, eliminating repeated entry. Session cookies track website activity for personalized content delivery.

14.5. Google Analytics

The website employs Google Analytics, a service by Google, Inc., using cookies to analyze user site usage. Information, including IP addresses, is transmitted to Google servers in the United States. Google uses this data to evaluate site usage, compile reports, and provide related services. Google may transfer data to third parties per legal obligations or for processing on Google’s behalf. Google does not associate IP addresses with other data held.

14.6. Cookie Management

Users can prevent Google Analytics tracking by disabling cookies. Visit Google Analytics for more information and opt-out instructions.

Final Provisions

15.1. Policy Effectiveness

The Policy becomes effective upon Company approval and publication on its website, www.myholisticgains.com.

15.2. Amendments

The Policy may be amended by the Company in part or whole, at any time, by publishing a new version on its website. Amendments are deemed communicated to Data Subjects upon new version publication.

15.3. Annual Review

The Policy is reviewed annually or when significant changes occur in Company Personal Data processing systems, procedures, or technologies.

15.4. Change Notification

Data Subjects are informed of Policy changes via the Company website or email notification.

15.5. Data Subject Responsibility

Data Subjects are responsible for regularly reviewing the Policy and seeking additional information from the Company’s contact person for Personal Data Processing when needed.

15.6. Consent

Continued use of Company services post-Policy amendment publication or email notification constitutes Data Subject consent to Policy changes.

15.7. Dispute Resolution

Disputes arising from Policy implementation are settled through negotiation. If unresolved, they are resolved per Indian legislation.

Bimla Sharma
Sole Proprietor
Holistic Gains
Date: 31-03-2024