Drip provides lines of credit which can be used to pay for raw material, inventory or other short term needs and help small businesses fulfill customer orders. These lines of credit can help you grow your business and take on orders from larger buyers.
This Privacy Policy describes the information that Drip Capital Inc. and its affiliates (“Drip Capital”) collects about you, how we use and protect this information, and the choices you can make about how we use this information. This policy applies to information, including any information that can be used to identify an individual (“Personal Information”), collected about you by Drip Capital in different methods, including via the website. Your privacy matters to us, so please get to know our privacy practices and contact us with any questions.
Introduction
This policy has been developed to support Drip Capital’s (further referred to as ‘DC’ or organization) direction, and for establishing policy, procedures and controls for privacy, in order to establish a Privacy Information Management System (PIMS) in line with all applicable regulatory, operational and contractual requirements.
To provide adequate protection for its customers’ personal information, DC has built a strong PIMS in alignment with identified requirements from British Standard BS 10012:2018 and ISO 27701.
Responsibility
DC will implement necessary controls and practices at all levels to protect personal information stored and processed on its systems and ensure that such information is carefully protected.
DC requires all employees to ensure that they have read and understood Drip’s privacy policies and strictly adhere to them.
Policy Statement and Objectives
This privacy policy sets out how DC securely collects, stores, processes, transfers, shares and uses data that identifies or is associated with you (“Personal Information”) when you use DC’s website or services or generally interact with DC.
The privacy of individuals, including its customers and clients, is of utmost importance to DC. DC and its businesses in the US, India and Mexico adhere to several privacy management policies and practices as part of a global commitment to protecting personal information. In particular, this policy explains how DC, its employees, partners and vendors will collect, use, store, share, transmit, delete or otherwise process (collectively “process”) personal information in accordance with its Data Protection & Privacy Principles.
Scope and Applicability
This Policy covers personal information that DC collects directly from Customers / business associates of DC and all its subsidiaries.
This policy applies to information security across all internal and business Information Systems, services and related practices in all locations where DC conducts business.
Information covered within Policy
In this Policy, the term “Personal Information” implies any personally identifiable information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such a person.
The term, “Data Subject” refers to the person whose data is being collected or processed by DC.
In this Policy, the term “Sensitive Personal Information” means Personal Information that also comprises information relating to:
Sensitive Personal Information does not include information that is freely available or accessible in the public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force.
DC fully supports and adheres to the Principles of Data Protection and respects the rights of individuals as set out in the Standard and shall ensure that the personal information for which it is responsible will:
Notice of Collection of Information
As part of your agreement with DC, the company will collect, store and process your private information for fair, legal business and operational purposes.
This Notice sets out the basis upon which DC may collect, use, disclose or otherwise process personal and financial data of its customers and business associates in accordance with the applicable acts and regulations.
DC may collect personal information in the context of your agreement with DC, including, without limitation, your:
Consent of customers will be sought and received, for any collection and processing of all categories of data.
The above information may be collected and processed by the company directly or by an authorized representative of the company:
Restricted Collection of Information
If you would like to know the name and address of agencies, which are associated with DC to collect and retain your Information, you can contact privacy@dripcapital.com.
Access & Modification to Information
Customers can, at any time, request for their personal information being stored or processed by DC, in accordance with regional applicable laws. DC will respond to your request as per the established procedures. DC has reasonable procedures in place, to enable you to access the information being stored and/or processed by us.
To provide you access to information quickly and easily, the information requested will be provided in the prescribed format as per DC’s internal guidelines. Access will be restricted when the request is made without sufficient grounds.
Contact privacy@dripcapital.com to know more about how to access your personal information with DC.
You can also exercise your right to amend inaccurate or incomplete personal information, in accordance with regional applicable laws. The rationale for providing the Information Provider with the right of correction is to ensure that the data quality of their information is maintained and DC will take all reasonable steps to ensure this. In case DC refuses to amend your personal information, on request, DC will provide you reasons for the rejection.
Contact privacy@dripcapital.com to know more about how to request an amendment to your personal information stored with DC.
However, it should be noted that the privacy statement is only applicable to the personal information being shared by the data subject and does not apply to information interpreted for offering business services to you. DC also reserves the right not to share the information being collected from other sources, such as background check agencies, credit agencies, etc.
Option to Consent
The consent to personal information is always voluntary, informed and current. DC gives customers an option to withdraw consent, in accordance with regional applicable laws, for using your personal information being granted to us. In that case, you may approach privacy@dripcapital.com. However, in such cases, DC may not be able to continue to provide you with the business services for which the personal information was provided by you.
DC also gives customers the option of having their personal information included or removed from marketing lists and bulk mailers used for marketing. This includes product and service offers from us and those made in conjunction with our business partners.
Processing and Use of Information
Generally, DC collects and processes personal information for the following purposes:
In addition to the above-listed purpose, DC may process your personal information to be compliant with existing or new legal or regulatory requirements without any explicit approval from you regarding the same.
Your personal information that is collected will be processed /used by DC for the following purposes and DC may disclose your personal information to authorized and designated third parties where necessary as a part of the following purposes:
The purposes listed in the above clauses may continue to apply even in situations where your relationship with us (for example, pursuant to a contract) has been terminated or altered in any way, for a reasonable period thereafter (including, where applicable, a period to enable us to enforce our rights under any contract with you).
Recipients of Personal Information
DC may share your personal information with the following:
Security & Confidentiality of Information
DC will keep your personal information confidential and limit access to those who specifically need it to conduct their business activities, except as otherwise permitted by applicable law. DC refers to industry standards and uses reasonable administrative, technical and physical security measures to protect your personal information from unauthorized access, destruction, use, modification or disclosure.
A robust information Security Management system (ISMS) is being established within DC that governs the systems and practices. This ISMS is being established and managed in alignment with global best practices and certified towards ISO/IEC 27001:2013 standard. The system is subject to strong controls including ongoing monitoring, periodic Security testing, internal/external audits and verifications. DC also ensures that any business associates/ subcontractors/ subsidiaries/ third party agencies DC engages to access/ process/ store your personal information also adhere to the reasonable security practices to protect your personal information to provide the same level of protection for data as required under the Principles and applicable laws and regulations.
Integrity & Retention of Information
DC uses appropriate technology and well-defined employee practices to process your data promptly and accurately. DC will not keep your personal information longer than is necessary, except as otherwise required by applicable law.
DC destroys all personal information that is no longer needed for the purposes for which DC collected it unless its retention is required to satisfy legal, regulatory or accounting requirements, to protect our interests or for auditory purposes. DC ensures to take reasonable steps to destroy or permanently de-identify personal information if it is no longer needed for any purpose.
Personal Information Handling
Every DC employee/business associate/relevant individual, who deals with or comes into contact with personal information of a customer regardless of its origin, shall have a responsibility to comply with the applicable law concerning data privacy, this policy and specific privacy practices.
The Relevant Individual should seek advice in the event of any ambiguity while dealing with personal information or in understanding this Policy.
The processing of personal information is defined as encompassing everything that DC does with personal information including the sharing, transferring or disclosing of personal information to another organization or internally.
DC ensures that its employees/relevant Individuals shall be diligent and extend caution while dealing with personal information of customers, in the course of performance of their duties and shall also, at all times, will:
Sharing & Disclosure of Information
All the personal information within the context of DC will be disclosed to and be accessible by only limited, designated personnel within DC, as per DC’s organizational policies and applicable acts/regulations. These personnel could be part of any of the registered companies within the organization.
DC may share your personal information with third parties where it is necessary to provide you with products or services or as part of the nature of our relationship with you. DC will only share the personal information where DC has previously informed or been authorized by you, in connection with efforts to reduce fraud or criminal activity or as permitted by law.
DC will disclose personal information with third parties only when you have given us your prior permission or where it’s part of our contractual arrangements with you. In certain circumstances like but not limited to, requests from the Government Agencies mandated to receive such information or as an obligation under an order of Law, DC will not seek your permission to disclose your personal information.
DC has established procedures which will reasonably ensure that your personal information will not be disclosed by us or any agencies/ third party associated with us, any further than absolutely required.
Transfer of Information
DC is committed to ensuring that personal information is stored in respective regions as much as possible, in alignment with the applicable laws and regulations.
However, in certain scenarios, DC might need to transfer and store the data in the US or in India or in another region/country in alignment with the corporate information and technology architecture and practices. Whenever such a need for inter-country transfer arises, the company will ensure adequate compliance with the laws and regulations through measures such as ensuring:
Privacy Grievance Redressal
Any concerns, disputes, discrepancies or grievances with respect to the processing of personal information can be referred to the directed to privacy@dripcapital.com. The privacy team will redress the grievance within 45 days from the date of receipt of any such grievance. This channel is specific for Privacy related grievances. All anonymous or third-person grievances would not be registered / acted upon.
Changes to Privacy Policy
DC reserves the right to update this privacy policy at any time, as a part of our continual improvement and as part of our objective to align with applicable laws and regulations.
DC will notify you about any future changes in the privacy policy and provide you with access to the new/changed privacy policy as and when DC makes any substantial updates.
DC may also continue to notify you from time to time about any new/changed aspects in the processing of your personal information.
Further questions
If you have any questions or need further information regarding this policy, you may contact us via the means provided in this document.
These terms and conditions shall be governed by and construed in accordance with the laws of India and any dispute shall be referred to privacy@dripcapital.com.
Enforcement and Compliance
This privacy policy is enforced effectively in the organization through practices and measures such as:
Exception
Currently, there are no exceptions established within DC for this Policy.
Any exception to this policy should be authorized by the DC Management or Privacy Officer or any person specifically designated and authorized by the Management.
Targeted Advertising
DC may collect information about how you use or connect to our Website, or the types of other websites, social media services, content and ads that you view to customize the ads on our Website, that are visible to you when you visit our Website or use our products or services.
Customer’s rights on their Personal Information - California-US residents only
In accordance with applicable privacy law, you have the following rights in respect of your personal information that DC holds:
Californian customers can exercise said rights by reaching out to privacy@dripcapital.com.
However, it should be noted that the privacy statement is only applicable to the Personal Information being shared by the data subject and not relating to information interpreted for offering the business services. DC reserves the right not to share the information being collected from other sources, such as background check agencies, credit agencies, etc.
DC may not be able to continue to provide you with the business services for which the personal information was provided by you if execution of all/any of the above rights leads to the disruption of DC’s business.
Cookies
DC may automatically collect information relating to such matters as the total number of visits to this website, the number of visitors to each page of this website, the Internet Protocol (IP) addresses of our visitors, and the time spent on this Website. DC may use this information, which is collected in and remains in aggregate form, to understand how our visitors use this Website so that DC can improve it. DC may also use your IP address to help diagnose problems with our servers and for purposes of system administration. From time to time, DC may share aggregated, non-personal information with our agents, business partners, consultants, or other third parties. Some non-personal information may be collected through cookies. Cookies are used by most major websites. A cookie is a text file stored on a user’s computer hard drive containing information about the user. Cookies can enable us to track the interests of our users to enhance their experience on this Website and to deliver content specific to a user’s interests. DC may place a cookie in the browser file of your computer when you visit this Website. These cookies are generally not linked to personal information. If you request that the Website store your username and/or password, the cookie will be linked to your username and/or password, and hence will track your navigation path around the Website. You may delete or decline the cookie using the tools in your web browser. Although you may still use this website without the cookie, some parts of the website may not work properly for you.
Third-Party Websites
As a convenience to you, DC may provide links to other websites maintained by independent third parties. DC is not responsible for the privacy practices of independent third parties. DC encourages you to be aware when you leave this Website and to read the privacy policies of any other websites that you may visit. Our Website includes social media features, such as the Facebook log-in or interactive mini-programs that run on our Website. These features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the feature to function properly. These social media features and widgets are either hosted by a third party or hosted directly on our Website. Your interactions with these features are governed by the privacy policy of the company providing them.