Drip provides lines of credit which can be used to pay for raw material, inventory or other short term needs and help small businesses fulfill customer orders. These lines of credit can help you grow your business and take on orders from larger buyers.
This policy has been developed to support Drip Capital’s (further referred to as ‘DC’ or organization) direction, and for establishing policy, procedures and controls for privacy, in order to establish a Privacy Information Management System (PIMS) in line with all applicable regulatory, operational and contractual requirements.
To provide adequate protection for its customers’ personal information, DC has built a strong PIMS in alignment with identified requirements from British Standard BS 10012:2018 and ISO 27701.
DC will implement necessary controls and practices at all levels to protect personal information stored and processed on its systems and ensure that such information is carefully protected.
DC requires all employees to ensure that they have read and understood Drip’s privacy policies and strictly adhere to them.
Policy Statement and Objectives
The privacy of individuals, including its customers and clients, is of utmost importance to DC. DC and its businesses in the US, India and Mexico adhere to several privacy management policies and practices as part of a global commitment to protecting personal information. In particular, this policy explains how DC, its employees, partners and vendors will collect, use, store, share, transmit, delete or otherwise process (collectively “process”) personal information in accordance with its Data Protection & Privacy Principles.
Scope and Applicability
This Policy covers personal information that DC collects directly from Customers / business associates of DC and all its subsidiaries.
This policy applies to information security across all internal and business Information Systems, services and related practices in all locations where DC conducts business.
Information covered within Policy
In this Policy, the term “Personal Information” implies any personally identifiable information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such a person.
The term, “Data Subject” refers to the person whose data is being collected or processed by DC.
In this Policy, the term “Sensitive Personal Information” means Personal Information that also comprises information relating to:
Sensitive Personal Information does not include information that is freely available or accessible in the public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force.
DC fully supports and adheres to the Principles of Data Protection and respects the rights of individuals as set out in the Standard and shall ensure that the personal information for which it is responsible will:
Notice of Collection of Information
As part of your agreement with DC, the company will collect, store and process your private information for fair, legal business and operational purposes.
This Notice sets out the basis upon which DC may collect, use, disclose or otherwise process personal and financial data of its customers and business associates in accordance with the applicable acts and regulations.
DC may collect personal information in the context of your agreement with DC, including, without limitation, your:
Consent of customers will be sought and received, for any collection and processing of all categories of data.
The above information may be collected and processed by the company directly or by an authorized representative of the company:
Restricted Collection of Information
If you would like to know the name and address of agencies, which are associated with DC to collect and retain your Information, you can contact firstname.lastname@example.org.
Access & Modification to Information
Customers can, at any time, request for their personal information being stored or processed by DC, in accordance with regional applicable laws. DC will respond to your request as per the established procedures. DC has reasonable procedures in place, to enable you to access the information being stored and/or processed by us.
To provide you access to information quickly and easily, the information requested will be provided in the prescribed format as per DC’s internal guidelines. Access will be restricted when the request is made without sufficient grounds.
Contact email@example.com to know more about how to access your personal information with DC.
You can also exercise your right to amend inaccurate or incomplete personal information, in accordance with regional applicable laws. The rationale for providing the Information Provider with the right of correction is to ensure that the data quality of their information is maintained and DC will take all reasonable steps to ensure this. In case DC refuses to amend your personal information, on request, DC will provide you reasons for the rejection.
Contact firstname.lastname@example.org to know more about how to request an amendment to your personal information stored with DC.
However, it should be noted that the privacy statement is only applicable to the personal information being shared by the data subject and does not apply to information interpreted for offering business services to you. DC also reserves the right not to share the information being collected from other sources, such as background check agencies, credit agencies, etc.
Option to Consent
The consent to personal information is always voluntary, informed and current. DC gives customers an option to withdraw consent, in accordance with regional applicable laws, for using your personal information being granted to us. In that case, you may approach email@example.com. However, in such cases, DC may not be able to continue to provide you with the business services for which the personal information was provided by you.
DC also gives customers the option of having their personal information included or removed from marketing lists and bulk mailers used for marketing. This includes product and service offers from us and those made in conjunction with our business partners.
Processing and Use of Information
Generally, DC collects and processes personal information for the following purposes:
In addition to the above-listed purpose, DC may process your personal information to be compliant with existing or new legal or regulatory requirements without any explicit approval from you regarding the same.
Your personal information that is collected will be processed /used by DC for the following purposes and DC may disclose your personal information to authorized and designated third parties where necessary as a part of the following purposes:
The purposes listed in the above clauses may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with you).
Recipients of Personal Information
DC may share your personal information with the following:
Security & Confidentiality of Information
DC will keep your personal information confidential and limit access to those who specifically need it to conduct their business activities, except as otherwise permitted by applicable law. DC refers to industry standards and uses reasonable administrative, technical and physical security measures to protect your personal information from unauthorized access, destruction, use, modification or disclosure.
A robust information Security Management system (ISMS) is being established within DC that governs the systems and practices. This ISMS is being established and managed in alignment with global best practices and certified towards ISO/IEC 27001:2013 standard. The system is subject to strong controls including ongoing monitoring, periodic Security testing, internal/external audits and verifications. DC also ensures that any business associates/ subcontractors/ subsidiaries/ third party agencies DC engages to access/ process/ store your personal information also adhere to the reasonable security practices to protect your personal information to provide the same level of protection for data as required under the Principles and applicable laws and regulations.
Integrity & Retention of Information
DC uses appropriate technology and well-defined employee practices to process your data promptly and accurately. DC will not keep your personal information longer than is necessary, except as otherwise required by applicable law.
DC destroys all personal information that is no longer needed for the purposes for which DC collected it unless its retention is required to satisfy legal, regulatory or accounting requirements, to protect our interests or for auditory purposes. DC ensures to take reasonable steps to destroy or permanently de-identify personal information if it is no longer needed for any purpose.
Personal Information Handling
Every DC employee/business associate/relevant individual, who deals with or comes into contact with personal information of a customer regardless of its origin, shall have a responsibility to comply with the applicable law concerning data privacy, this policy and specific privacy practices.
The Relevant Individual should seek advice in the event of any ambiguity while dealing with personal information or in understanding this Policy.
The processing of personal information is defined as encompassing everything that DC does with personal information including the sharing, transferring or disclosing of personal information to another organization or internally.
DC ensures that its employees/relevant Individuals shall be diligent and extend caution while dealing with personal information of customers, in the course of performance of their duties and shall also, at all times, will:
Sharing & Disclosure of Information
All the personal information within the context of DC will be disclosed to and be accessible by only limited, designated personnel within DC, as per DC’s organizational policies and applicable acts/regulations. These personnel could be part of any of the registered companies within the organization.
DC may share your personal information with third parties where it is necessary to provide you with products or services or as part of the nature of our relationship with you. DC will only share the personal information where DC has previously informed or been authorized by you, in connection with efforts to reduce fraud or criminal activity or as permitted by law.
DC will disclose personal information with third parties only when you have given us your prior permission or where it’s part of our contractual arrangements with you. In certain circumstances like but not limited to, requests from the Government Agencies mandated to receive such information or as an obligation under an order of Law, DC will not seek your permission to disclose your personal information.
DC has established procedures which will reasonably ensure that your personal information will not be disclosed by us or any agencies/ third party associated with us, any further than absolutely required.
Transfer of Information
DC is committed to ensuring that personal information is stored in respective regions as much as possible, in alignment with the applicable laws and regulations.
However, in certain scenarios, DC might need to transfer and store the data in the US or in India or in another region/country in alignment with the corporate information and technology architecture and practices. Whenever such a need for inter-country transfer arises, the company will ensure adequate compliance with the laws and regulations through measures such as ensuring:
Privacy Grievance Redressal
Any concerns, disputes, discrepancies or grievances with respect to the processing of personal information can be referred to the directed to firstname.lastname@example.org. The privacy team will redress the grievance within 45 days from the date of receipt of any such grievance. This channel is specific for Privacy related grievances. All anonymous or third-person grievances would not be registered / acted upon.
DC may also continue to notify you from time to time about any new/changed aspects in the processing of your personal information.
If you have any questions or need further information regarding this policy, you may contact us via the means provided in this document.
These terms and conditions shall be governed by and construed in accordance with the laws of India and any dispute shall be referred to email@example.com.
Enforcement and Compliance
Currently, there are no exceptions established within DC for this Policy.
Any exception to this policy should be authorized by the DC Management or Privacy Officer or any person specifically designated and authorized by the Management.
DC may collect information about how you use or connect to our Website, or the types of other websites, social media services, content and ads that you view to customize the ads on our Website, that are visible to you when you visit our Website or use our products or services.
Customer’s rights on their Personal Information - California-US residents only
In accordance with applicable privacy law, you have the following rights in respect of your personal information that DC holds:
Californian customers can exercise said rights by reaching out to firstname.lastname@example.org.
However, it should be noted that the privacy statement is only applicable to the Personal Information being shared by the data subject and not relating to information interpreted for offering the business services. DC reserves the right not to share the information being collected from other sources, such as background check agencies, credit agencies, etc.
DC may not be able to continue to provide you with the business services for which the personal information was provided by you if execution of all/any of the above rights leads to the disruption of DC’s business.
DC may automatically collect information relating to such matters as the total number of visits to this website, the number of visitors to each page of this website, the Internet Protocol (IP) addresses of our visitors, and the time spent on this Website. DC may use this information, which is collected in and remains in aggregate form, to understand how our visitors use this Website so that DC can improve it. DC may also use your IP address to help diagnose problems with our servers and for purposes of system administration. From time to time, DC may share aggregated, non-personal information with our agents, business partners, consultants, or other third parties. Some non-personal information may be collected through cookies. Cookies are used by most major websites. A cookie is a text file stored on a user’s computer hard drive containing information about the user. Cookies can enable us to track the interests of our users to enhance their experience on this Website and to deliver content specific to a user’s interests. DC may place a cookie in the browser file of your computer when you visit this Website. These cookies are generally not linked to personal information. If you request that the Website store your username and/or password, the cookie will be linked to your username and/or password, and hence will track your navigation path around the Website. You may delete or decline the cookie using the tools in your web browser. Although you may still use this website without the cookie, some parts of the website may not work properly for you.