This Cookie Policy explains how Nhancesmart (“Company “, “we “, “us“, and “our“) uses cookies and similar technologies to recognize you when you visit our websites at www.Nhancesmart.com, (“Website“). It explains what these technologies are and why we use them, as well as your rights to control our use of them.

In some cases, we may use cookies to collect personal information, or that becomes personal information if we combine it with other information.

What are cookies?

Cookies are small data files that are placed on your computer or mobile device when you visit a website. Cookies are widely used by website owners in order to make their websites work, or to work more efficiently, as well as to provide reporting information.

Cookies set by the website owner (in this case, Nhancesmart) are called “first party cookies”. Cookies set by parties other than the website owner are called “third party cookies”. Third party cookies enable third party features or functionality to be provided on or through the website (e.g. like advertising, interactive content and analytics). The parties that set these third party cookies can recognize your computer both when it visits the website in question and also when it visits certain other websites.

Why do we use cookies?

We use first- and third-party cookies for several reasons. Some cookies are required for technical reasons in order for our websites to operate, and we refer to these as “essential” or “strictly necessary” cookies. Other cookies also enable us to track and target the interests of our users to enhance the experience on our Online Properties. Third parties serve cookies through our Websites for advertising, analytics and other purposes. This is described in more detail below.

The specific types of first and third party cookies served through our Websites and the purposes they perform are described below (please note that the specific cookies served may vary depending on the specific Online Properties you visit):

How can I control cookies?

You have the right to decide whether to accept or reject cookies. You can exercise your cookie rights by setting your preferences in the Cookie Consent Manager. The Cookie Consent Manager allows you to select which categories of cookies you accept or reject. Essential cookies cannot be rejected as they are strictly necessary to provide you with services.

The Cookie Consent Manager can be found in the notification banner and on our website. If you choose to reject cookies, you may still use our website though your access to some functionality and areas of our website may be restricted. You may also set or amend your web browser controls to accept or refuse cookies. As the means by which you can refuse cookies through your web browser controls vary from browser-to-browser, you should visit your browser's help menu for more information.

Third-Party Service Providers and Data Sharing

1. Amazon Web Services (AWS)

To securely host our software application, all associated data, and infrastructure. AWS provides the necessary technical environment for the availability and security of our services.

2. Payment Gateway

To process payments for our services, manage billing, and conduct related financial transactions.

3. Google Analytics,

To collect and analyze data on user behavior to understand and improve the performance, features, and user experience of our software.

4. CRM/Support Platform

To manage customer interactions, provide support, and process user inquiries efficiently.

Note : We may use other third-party vendors for specific functions (such as email delivery, SMS services, or specialized integrations), and we maintain a list of all data processors and sub-processors with whom we share data as part of our internal compliance records. We will not share your Personal Data with third parties for their direct marketing purposes without your explicit consent.

Grievance Redressal and Contact Information

In compliance with the provisions of the Digital Personal Data Protection Act, 2023 (DPDP Act) and the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011, we have appointed a Grievance Officer to address any discrepancies and grievances you may have regarding the processing of your personal data.

We use the information we collect for various business and commercial purposes, based on the principle of 'Consent' or 'Legitimate Use' as defined under India’s Digital Personal Data Protection (DPDP) Act, 2023.

1. To Provide, Maintain, and Secure the Core Service

This is the primary purpose of data processing, necessary for the performance of our contract with your organization.

• Account Management: To create, maintain, and service your user accounts, and provide customer support.
• Service Delivery: To execute the software's core functions, such as processing payroll, managing employee records, tracking compliance tasks, and generating reports.
• Security and Fraud Prevention: To protect our services and users by detecting and preventing fraud, unauthorized access, and other malicious activities.
• Compliance with Legal Obligations: To comply with any applicable laws, court orders, or governmental regulations (e.g., maintaining financial records for tax purposes)..

2. For Product Improvement and Analysis

We use data to ensure our software remains reliable, secure, and meets user needs.

• Analytics and Research: To monitor and analyze usage and activity trends, measure the success of new features, and understand which parts of the service are most effective.
• Troubleshooting: To diagnose and fix technological problems, and to improve the speed and performance of our applications and infrastructure.

3. For Communication, Marketing, and Events

This processing requires your specific consent, which you have the right to withdraw at any time.

• Direct Communication: To send you service announcements, security alerts, and administrative messages.
• Marketing & Promotional Content (Consent-Based): To send you newsletters, special offers, or information about new features, products, or services that we believe may be of interest to you, based on your stated preferences or website activity.
• Event Management: To register you for events (like webinars or conferences), share event-related communications, and follow up afterward.
• Targeted Advertising (Consent-Based): To measure the effectiveness of our advertising campaigns and to deliver relevant advertisements to you on our platform or third-party websites, based on the Marketing & Event Data collected (via cookies and other trackers).

Disclosure and Sharing of Your Personal Data

We, as the Data Processor (or Data Fiduciary in certain contexts) for our clients (your employers, the primary Data Fiduciaries), are committed to protecting the personal data entrusted to us. We will only disclose or share your Personal Data and Sensitive Personal Data or Information (SPDI) as described in this section, and strictly in accordance with your employer's instructions, your consent, and applicable Indian laws, including the DPDP Act.

1. Disclosures to Data Processors and Service Providers

We engage trusted third-party companies and individuals to perform specific functions necessary for the operation and provision of the Nhancesmart platform and related services ("Data Processors").

• Purpose of Disclosure: To facilitate the provision of our HR management services, including, but not limited to:
• Cloud hosting and infrastructure services (for data storage and operation).
• Email and communication services (for notifications and alerts).
• Security and data analytics services (for improving service functionality and security).
• Analytics and performance monitoring services.
• Data Shared: Only the Personal Data or SPDI strictly necessary for the Data Processor to perform their contracted function (e.g., your name and email for a notification service).
• Safeguards: Our contracts with these Data Processors require them to:
• Process your data solely for the purposes for which we hired them.
• Implement and maintain reasonable security safeguards in line with Indian law.
• Adhere to our data protection and confidentiality standards.

2. Disclosures to Your Employer/Client (The Data Fiduciary)

As our primary client and your employer, they are the main Data Fiduciary responsible for determining the purpose and means of processing your data.

• Purpose of Disclosure: Your data is continuously made available to and shared with your employer as part of the normal operation of the Nhancesmart HR platform. This includes, for example, making your leave applications, performance reviews, payroll information, and personal details accessible to your employer's authorised HR and management personnel.

3. Disclosures for Business Operations

We may share your information with Affiliates, Group Companies, or Third Parties for legitimate business interests, provided such sharing complies with the purposes notified to you and the DPDP Act.

• For Corporate Transactions: If Nhancesmart is involved in a merger, acquisition, sale of assets, or other change of ownership, your Personal Data may be transferred to the new entity. We will notify you via email and/or a prominent notice on our website of any such change in ownership or control.
• For Legal and Regulatory Compliance: We may disclose your data where we believe it is necessary to:
• Comply with a legal obligation, such as responding to a subpoena, court order, or other lawful governmental request (e.g., tax or law enforcement authorities).
• Protect our rights, property, or safety, or that of our clients or others.
• Investigate fraud, security issues, or enforce our policies and contracts.

4. Disclosures with Your Consent

We may disclose your Personal Data for any other purpose with your explicit, specific, informed, and unambiguous consent (clear affirmative action), as required by the DPDP Act.