Effective Date: March 23, 2025
Last Updated: March 23, 2025
This Privacy Policy describes how Certifyi (“we,” “us,” or “our”) collects, uses, discloses, and protects your personal information in compliance with Nepal’s data protection laws, including the Individual Privacy Act, 2075 (2018), the Electronic Transactions Act, 2063 (2008), and the Constitution of Nepal.
1. Information We Collect
a) Personal Information You Provide:
Contact Information: Name, email, phone number, job title, and organization when you inquire about our services.
Account Data: Username, password, and profile details if you create an account.
Compliance Data: Information related to your organization’s governance, risk, and compliance activities.
b) Information Collected Automatically:
Usage Data: IP address, browser type, device information, pages visited, and timestamps.
Cookies: We use cookies to enhance website functionality. You can disable cookies via your browser settings.
c) Data from Third Parties:
We may receive information from partners, vendors, or publicly available sources to verify compliance requirements.
2. Legal Basis for Processing
We process your data under Nepal’s Individual Privacy Act, 2075 and only:
With your explicit consent (e.g., for marketing communications).
To fulfill contractual obligations (e.g., providing GRC services).
For legitimate business interests (e.g., improving our platform).
3. How We Use Your Information
Provide Services: Deliver GRC tools, automate compliance workflows, and generate reports.
Communication: Respond to inquiries, send updates, and notify you of policy changes.
Security: Protect against fraud, unauthorized access, and cyber threats.
Compliance: Meet legal obligations under Nepalese law.
4. Data Sharing and Disclosure
We do not sell your data. We may share it with:
Service Providers: Third parties assisting with hosting, analytics, or customer support (bound by confidentiality agreements).
Legal Requirements: To comply with court orders, government requests, or applicable laws.
Business Transfers: During mergers, acquisitions, or asset sales.
5. Your Rights Under Nepalese Law
You have the right to:
Access: Request a copy of your personal data.
Correct: Update inaccurate or incomplete information.
Delete: Ask us to erase your data unless retention is legally required.
Object: Refuse processing for direct marketing or legitimate interests.
Withdraw Consent: Revoke consent at any time (e.g., unsubscribe from emails).
To exercise these rights, contact us at [email protected]
6. Data Security
We implement safeguards required by the Electronic Transactions Act, 2063, including:
Encryption of sensitive data.
Regular security audits.
Access controls and authentication protocols.
7. Data Retention
We retain personal data only as long as necessary for the purposes stated or required by law (e.g., audit records under Nepal’s tax regulations).
8. International Data Transfers
Data may be transferred to and processed in Nepal or other countries. We ensure such transfers comply with Nepal’s privacy laws and use contractual safeguards where applicable.
9. Data Breach Notification
In case of a breach that risks your rights, we will notify you promptly and take steps to mitigate harm, as required under the Individual Privacy Act.
10. Children’s Privacy
Our services are not intended for users under 16. We do not knowingly collect data from minors.
11. Governing Law and Disputes
This policy is governed by Nepal’s laws. Privacy-related disputes may be filed in Nepalese courts under the National Penal Code, 2074.
12. Updates to This Policy
We may update this policy to reflect legal changes. Updates will be posted on our website with a revised effective date.
13. Contact Us
For questions, requests, or complaints:
Certifyi
Email: [email protected]
Note: This policy complies with Nepal’s data protection framework. If you are subject to other jurisdictions (e.g., GDPR for EU users), additional terms may apply.