Privacy Policy

This Privacy Notice ("Notice") explains how DVIEW TECHNOLOGIES PRIVATE LIMITED and its affiliates (collectively, "Dview", "we", "us", or "our") collect, use, share, and protect personal data when you visit https://dview.io and any related subdomains (the "Website"), interact with our marketing programs and events, request a demo, register for an account, or use our cloud-based data engineering and data fabric platform (collectively, the "Services").

We have written this Notice to be clear and easy to navigate. Below you will find a description of the personal data we collect, how we use and share it, the rights available to you, and how to contact us.

What this Notice does not cover

When our customers use the Services to process personal data of their own end users, employees, or other individuals, those customers are the "controller" of that data and are responsible for handling it in accordance with their own privacy notice and applicable law. We process such data only as a "processor" on behalf of, and under the documented instructions of, the customer, pursuant to a Data Processing Agreement ("DPA"). If you have questions about how a Dview customer processes your personal data, please contact that customer directly.

By accessing or using the Website or the Services, you acknowledge that you have read and understood this Notice. If you do not agree with any part of this Notice, please do not use the Website or the Services.

This Notice applies to personal data that Dview collects, processes, and uses as a controller. It covers personal data we collect about visitors to our Website, prospects, customer points of contact, attendees at our events, recipients of our marketing communications, job applicants, and individuals who otherwise interact with us.

The following definitions apply throughout this Notice:

• "Personal Data" means any information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual or household.
• "Sensitive Personal Data" means categories of Personal Data afforded heightened protection under applicable law, including (where applicable) account credentials, financial account information, government identifiers, health data, biometric data, and information about racial or ethnic origin, religious beliefs, or sexual orientation.
• "Processing" means any operation performed on Personal Data, including collection, recording, storage, use, disclosure, transfer, and deletion.
• "Controller" means the entity that determines the purposes and means of Processing Personal Data.
• "Processor" means an entity that Processes Personal Data on behalf of a Controller.
• "Customer Data" means data, including Personal Data, that our customers and their authorized users submit to or generate using the Services. We Process Customer Data as a Processor.
• "Services" means the Dview cloud-based data engineering, data fabric, and analytics platform and any associated software, APIs, applications, and services we make available to customers.
• "Website" means https://dview.io and any related subdomains, microsites, and online properties operated by Dview.

How we Process Personal Data depends on the context. We act in two distinct capacities:

Dview as a Controller

When you visit the Website, attend a Dview event, sign up for marketing communications, request a demo, register for an account on the Website, or contact us, Dview acts as the Controller of your Personal Data. This Notice describes how we Process Personal Data in this capacity.

Dview as a Processor

When our customers use the Services to Process Customer Data, those customers are the Controller and Dview is the Processor. We Process Customer Data only in accordance with the customer's documented instructions and the DPA. If you are an end user of one of our customers and you have questions or wish to exercise rights with respect to that Customer Data, please contact the relevant customer (the Controller) directly.

We collect Personal Data directly from you, automatically through your interaction with the Website and Services, and from third-party sources. Depending on how you interact with us, the categories of Personal Data we collect include:

Identity and contact data

Name, employer, job title, business email address, business phone number, postal address, and similar identifiers you provide when you create an account, request a demo, subscribe to communications, attend an event, or contact us.

Account data

Account credentials (such as username and a hashed password), authentication tokens, account preferences, and a record of your interactions with our support and success teams.

Marketing and communications data

Your preferences for receiving marketing from us, content you have downloaded, events you have registered for or attended, and engagement metrics for emails we send (such as opens and clicks).

Technical and device data

Internet protocol (IP) address, device type, operating system and version, browser type and language, time zone, referring and exit URLs, and similar information collected through cookies and analogous technologies.

Usage data

Information about how you navigate the Website, including pages viewed, links clicked, search terms entered, time spent on pages, and aggregate session telemetry.

Recruitment data

If you apply for a position with Dview, we Process information you provide as part of your application, such as your resume or CV, employment history, education, references, work eligibility, and any information you choose to share during the recruitment process. See Section 12 for additional detail.

Information from third parties

We may receive Personal Data about you from publicly available sources, our service providers, business partners (such as joint marketing partners and event co-hosts), data enrichment providers, and social media platforms when you interact with our pages or content there.

Sensitive Personal Data

We do not intentionally seek to collect Sensitive Personal Data through the Website. To the extent you choose to share such data with us — for example, in correspondence — we Process it only to respond to your request and in accordance with applicable law.

We Process Personal Data for the purposes set out below. Where required by law (such as the EU and UK GDPR), we identify the legal basis on which we rely:

• Operate, maintain, and improve the Website and Services. Legal basis: performance of a contract; our legitimate interests in running our business.
• Authenticate users, manage accounts, and provide customer support. Legal basis: performance of a contract.
• Communicate with you regarding the Website, Services, security alerts, billing, and changes to our terms or this Notice. Legal basis: performance of a contract; compliance with legal obligations.
• Send marketing communications that we believe will be of interest, including invitations to events, whitepapers, and product updates. Legal basis: consent (where required) or legitimate interests, subject to your right to opt out at any time.
• Personalize and improve our marketing and the Website experience, including by inferring interests from usage data. Legal basis: legitimate interests; consent for non-essential cookies where required.
• Conduct analytics and research to develop new features and improve existing ones. Legal basis: legitimate interests.
• Detect, investigate, and prevent fraud, security incidents, abuse, and violations of our terms. Legal basis: legitimate interests; compliance with legal obligations.
• Comply with applicable laws, regulations, and legal processes, and respond to requests from public authorities. Legal basis: compliance with legal obligations.
• Establish, exercise, or defend legal claims. Legal basis: legitimate interests.
• Carry out corporate transactions, such as a merger, acquisition, financing, or sale of assets. Legal basis: legitimate interests.
• Any other purpose disclosed at the point of collection or with your consent. Legal basis: consent.

We do not engage in solely automated decision-making that produces legal or similarly significant effects on individuals.

We share Personal Data with the following categories of recipients, in each case under appropriate contractual and security safeguards:

• Affiliates and subsidiaries within the Dview group, for the purposes described in this Notice.
• Service providers and sub-processors that perform services on our behalf — including cloud hosting, identity management, customer support, email delivery, marketing automation, payment processing, analytics, and security tooling. These providers are contractually required to protect Personal Data and may use it only for the services they provide to us.
• Professional advisors such as accountants, auditors, and lawyers, where reasonably necessary.
• Public authorities, regulators, and law enforcement, where we are required to do so by law or to protect the rights, property, or safety of Dview, our customers, or others.
• Counterparties and their advisors in connection with a contemplated or actual merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or similar corporate transaction.
• Other parties with your consent or at your direction (for example, when you choose to share content via a social platform).

We do not sell your Personal Data

We do not sell Personal Data in exchange for monetary consideration, and we do not share Personal Data for cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act, as amended ("CCPA"). Our use of certain analytics and advertising cookies may, however, qualify as a "sale" or "share" under the broad definitions of some U.S. state laws; you can manage these choices through our cookie controls and your browser settings.

Dview is headquartered in India and operates globally. Personal Data we collect may be transferred to, stored, and Processed in India, the United States, the European Economic Area, the United Kingdom, and other countries where Dview, our affiliates, or our service providers maintain operations. Data protection laws in these jurisdictions may differ from those in your country of residence.

Where we transfer Personal Data across borders, we implement appropriate safeguards in accordance with applicable law, including:

• Standard Contractual Clauses approved by the European Commission and the UK Information Commissioner's Office, supplemented as necessary by additional technical and organizational measures.
• Adherence to data transfer mechanisms recognized under applicable law (such as adequacy decisions or, where applicable, the EU-U.S. Data Privacy Framework).
• For transfers from India, transfers permitted under the Digital Personal Data Protection Act, 2023 ("DPDP Act") to countries not restricted by notification of the Central Government.

You may request a copy of the relevant transfer safeguards by contacting us at governance@dview.io.

We and our service providers use cookies, pixels, web beacons, software development kits, and similar technologies (collectively, "Cookies") to operate the Website, remember your preferences, measure traffic and engagement, and tailor marketing.

We use the following categories of Cookies:

• Strictly necessary Cookies — required for the Website to function (for example, authentication, security, and load balancing).
• Performance and analytics Cookies — help us understand how visitors use the Website so we can improve it. We use Google Analytics 4 and Microsoft Clarity for this purpose.
• Functional Cookies — remember your preferences (such as language and region) to personalize your experience.
• Marketing Cookies — help us measure the effectiveness of our marketing campaigns and deliver relevant content. We use Google Tag Manager to manage these tags.

You can manage non-essential Cookies through your browser settings or, where available, through our cookie preference center on the Website. Disabling Cookies may affect the functionality of the Website.

We retain Personal Data for as long as necessary to fulfil the purposes described in this Notice, unless a longer retention period is required or permitted by law. The actual retention period depends on the type of Personal Data and the context, including:

• Account and Customer Data: for the duration of your account and for a reasonable period thereafter to comply with legal obligations, resolve disputes, and enforce our agreements.
• Marketing communications data: until you opt out, with reasonable archival retention to honor your suppression preferences.
• Website logs and analytics: typically retained for up to 14 months in identifiable form, after which they are aggregated or deleted.
• Recruitment data: for the duration of the recruitment process and, where local law permits, retained in our talent pool for future opportunities, subject to your consent and applicable retention limits.
• Tax, accounting, and other records: as required by applicable law (typically up to 7 years in India).

When Personal Data is no longer needed, we securely delete or anonymize it.

We implement administrative, physical, and technical safeguards designed to protect Personal Data against unauthorized access, disclosure, alteration, and destruction, in accordance with industry-recognized standards. These safeguards include:

• Encryption of Personal Data in transit using TLS 1.2 or higher and at rest using strong, industry-standard algorithms.
• Role-based access controls and the principle of least privilege, with multi-factor authentication required for administrative access.
• Network segmentation, intrusion detection, and continuous monitoring of our production environments.
• A formal vendor risk-management program that assesses the security and privacy posture of our service providers.
• Regular security training for our personnel and a documented incident-response plan.

Despite our efforts, no method of transmission over the Internet and no method of electronic storage is completely secure. If you believe your account or any Personal Data you have provided to us has been compromised, please contact us immediately at governance@dview.io.

Subject to applicable law and certain conditions, you may have rights with respect to your Personal Data, including the rights set out below. We will respond to verifiable requests within the timeframes required by applicable law.

Rights under the EU and UK GDPR

• Access — obtain confirmation of whether we Process Personal Data about you and a copy of that data.
• Rectification — have inaccurate or incomplete Personal Data corrected.
• Erasure — request deletion of your Personal Data in certain circumstances.
• Restriction — request that we limit the Processing of your Personal Data in certain circumstances.
• Objection — object to Processing based on our legitimate interests, including profiling, and to Processing for direct marketing.
• Portability — receive your Personal Data in a structured, commonly used, machine-readable format and transmit it to another controller.
• Withdraw consent — withdraw consent at any time, without affecting the lawfulness of Processing carried out before withdrawal.
• Lodge a complaint — file a complaint with your local supervisory authority.

Rights under U.S. state privacy laws (including California)

• Right to know what categories and specific pieces of Personal Data we have collected, the sources, and the purposes.
• Right to delete Personal Data we have collected, subject to certain exceptions.
• Right to correct inaccurate Personal Data.
• Right to opt out of any "sale" or "sharing" of Personal Data, as defined under California law.
• Right to limit the use and disclosure of Sensitive Personal Information, as defined under California law.
• Right not to receive discriminatory treatment for exercising any of these rights.

Rights under the India Digital Personal Data Protection Act, 2023

• Right to access information about Personal Data Processed by us.
• Right to correction and erasure of Personal Data.
• Right of grievance redressal in accordance with the DPDP Act and the Information Technology Act, 2000.
• Right to nominate another individual to exercise your rights in the event of your death or incapacity.

How to exercise your rights

To exercise any of the rights described above, please contact us at governance@dview.io. We may need to verify your identity before fulfilling certain requests. You may use an authorized agent to make a request on your behalf, where permitted by applicable law. We will not discriminate against you for exercising your rights.

The Website and the Services are intended for businesses and professionals and are not directed to children. We do not knowingly collect Personal Data from individuals under the age of 18. Where the DPDP Act applies, we do not knowingly process the Personal Data of children (defined as individuals under 18) without verifiable parental consent. If you believe a child has provided us with Personal Data, please contact us at governance@dview.io and we will take steps to delete the information.

If you apply for a role at Dview, we Process the Personal Data you submit (including your resume or CV, employment history, education, references, and any other information you choose to share) for the purpose of evaluating your application, conducting interviews, communicating with you, and complying with employment, immigration, and tax laws. The legal basis for this Processing is our legitimate interest in evaluating candidates, taking steps prior to entering into an employment contract, and complying with legal obligations.

We retain recruitment data for the duration of the recruitment process and, where permitted by applicable law and with your consent, in our talent pool for future opportunities. We do not use solely automated decision-making to make hiring decisions.

We engage carefully selected sub-processors to deliver the Services and our marketing programs. Sub-processors include providers of cloud infrastructure, customer relationship management, support tooling, analytics, payment processing, and similar functions. We require sub-processors to commit to data-protection obligations consistent with this Notice and applicable law, and we maintain a vendor risk-management program to assess them.

Customers can request our current list of sub-processors by contacting governance@dview.io.

We may update this Notice from time to time to reflect changes in our practices, our Services, or applicable law. When we make material changes, we will revise the date at the top of this Notice and, where appropriate, provide additional notice (such as by email or a prominent notice on the Website). We encourage you to review this Notice periodically. Your continued use of the Website or the Services following the posting of an updated Notice constitutes your acknowledgement of the updated Notice.

If you have questions or concerns about this Notice or our privacy practices, please contact us using the details below.

Privacy team / Data Protection Officer

Email: governance@dview.io

Registered office

DVIEW TECHNOLOGIES PRIVATE LIMITED 4th Floor, MN iHub, Karnataka Stage 1 Bengaluru, Karnataka 560096, India

Grievance Officer (India)

In accordance with the Information Technology Act, 2000 and the Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021, the Grievance Officer for the purpose of receiving and addressing complaints relating to this Notice or your Personal Data is:

Name: Grievance Officer, Dview Technologies Address: 4th Floor, MN iHub, Karnataka Stage 1, Bengaluru, Karnataka 560096, India Phone: +91 8170 449 100 Email: grievance@dview.io

The Grievance Officer will acknowledge complaints within 24 hours and use commercially reasonable efforts to resolve them within 15 days, in accordance with applicable law.