Privacy Policy

 

At Keka Inc (including its affiliated companies, henceforth also referred as ‘Keka’, ‘we’ or the ‘Company’), we understand that you are trusting us with confidential information and we believe that you have a right to know our practices regarding the information we may collect and use when you use our service or interact with us in any manner. Keka is a cloud-based web platform that enables organizations to manage their human resources and process payroll. Keka Mobile Apps are also part of the same offering. In addition, Keka also operates Keka.com website. A user may be either an entity, for example an employer which has executed an agreement with Keka or with Keka’s resellers or distributors who provide Keka’s services (“Customer “) or a Customer’s users for example a Customer’s employees, of the Services or users of the Website (“end user(s) “) (Customer and end user shall collectively be referred to as “users” or “you “). 

This Privacy Policy describes the policies and procedures of Keka on the collection, use, access, correction, and disclosure of your personal information on Keka.com (the “Site”) and our Mobile Apps. This privacy policy does not relate to any personal information that Keka collects on behalf of, or under the direction, of its clients. When you log on to the Site you will have access to the privacy policy of the employer/prospective employer that is a client of Keka, which shall explain how they process your personal information and your rights in relation to such information. We may be asked by our clients to amend, update, or delete your personal information on behalf of our clients in which case we will do so in accordance with the terms of our contract with our clients. 

Your personal information will include any information which, either alone or with other data, is reasonably available to us and relates to you (“Personal Information”). This Privacy Policy also covers any of your Personal Information which is provided to us and which is used in connection with the marketing of the services, features or content we offer (the “Services”) to our Clients and/or the support that we may give you in connection with the provision of our Services and the Mobile Apps. 

This Privacy Policy does not apply to any third-party applications or software that can be accessed from the Site, the Services or the Mobile Apps, such as external applicant tracking systems, social media websites or partner websites (“Third Party Services”). 

By using our Services, you acknowledge you have read and understood this privacy policy. For the purposes of EU GDPR (General Data Protection Regulation), the data controller of the data processed through the Service is the customer of Keka who makes available and permits end users to access and use the service or anyone on its behalf. For data collected directly on its website (for marketing and communication purposes), Keka is the “Data Controller”. 

Information we collect and how we use it

We generally collect and process the following types of Personal Information: 

Personal Information which is being gathered through the Service consists of any personal details provided consciously and voluntarily by our customer (Employer), end user or the Customer’s administrator or through your use of the Keka platform. This may include your name (first and last), nickname, birthdate, gender, nationality, job title, phone number(s), date you first started working for your employer, department you work in, employee ID/ national security number, address, country, city, postcode, family status, spouse’s and other dependents name, gender and birth date, your bank account details (bank name, account number, branch address), details regarding your salary and work (pay period, payment frequency, base salary, gross salary, overtime, bonuses, commissions, statutory payments such as sick, maternity/paternity leave, salary payment currency, credential regarding the right to work in your jurisdiction, tax code, emergency contact details (name, relation, phone number(s), email address(es), city, country, post code), termination date, termination reason, probation end date, status in the system and in the workplace, IP address and other unique identifiers, user’s information relating to tax declarations, information the customer chooses to collect and other information user may choose to provide to Keka and to its employee. 

Location Information We do not ask you for, access, or track any location-based information from your mobile device at any time while downloading or using the Mobile Apps. However, if you are using the Keka Mobile App, you acknowledge, consent and agree that your employer would be able to enable location tracking technology for time keeping purposes. The GDPR legal basis for processing this information is the contractual obligation to your employer to perform the Services. If you apply for a job at Keka through the Site, you may provide us with your location information by selecting the “Locate me” button. You agree, consent and acknowledge that we use this information to present to you available jobs near your current location. The GDPR legal basis for processing this information is your explicit consent.

Attendance Logs If our Customer (Employer) chose to utilize the optional Time and Attendance Software, we shall retain and process biometric device logs of the users for the purposes of calculating attendance and payroll using the rules configured by the Customer. The information collected consists of employee or attendance id along with timestamps of punches (in and out entries). 

Contact Information When you express an interest in obtaining additional information about the Services, the Site, or Mobile Apps, Keka may ask you to provide your personal contact information, such as your name, email address, and phone number. You agree, consent and acknowledge that this information is used to communicate with you by responding to your requests, comments and questions. The GDPR legal basis for processing this information is the legitimate interest in communicating with you and answering your questions. 

Device Information When using the Mobile Apps, we may request access to your device’s camera and photo storage. This allows you to take and upload pictures and such access would only be used in ways you choose. You may at any time revoke access at the device level. We do not access your device’s camera and photo storage without your permission. We use mobile analytics software to allow us to better understand the functionality of our Mobile Apps on your phone. This software may record information such as how often you use the application, the events that occur within the application, aggregated usage, performance data, and where the application was downloaded from. We do not link the information We store within the analytics software to any Personal Information you submit within the Mobile Apps. When you download and use the Mobile Apps, we automatically collect your device information such as operating system version, type, hardware usage statistics, etc. The GDPR legal basis for processing this information is the contractual obligation to your employer to perform the Services. 

Data Collected as a Service Provider As a service provider, Keka systems only collects information as per the Customer (employer’s) requirement. our Master Subscription Agreement governs the delivery, access, and use of the Services and Mobile Apps, including the processing of Personal Information and data submitted through Services accounts. The Customer (e.g., your employer) controls their Platform and any associated client data. If you have any questions about specific Platform settings, the processing of Personal Information in the Platform, or its privacy practices, please contact the Customer administrator of the Platform you use. 

Customer data shall be used by Keka in accordance with the Customer’s instructions, applicable terms in the Master Service Agreement, Customer’s use of Services functionality, and as required by applicable law. Under applicable GDPR, Keka is a processor of Customer data and Customer is the controller. 

Sharing of your Information

At times, you may be able to access other Third-Party Services/websites through the Site, for example by clicking on links to those Third-Party Services from within the Site. We are not responsible for the privacy policies and/or practices of these Third-Party Services, and you are responsible for reading and understanding those Third-Party Services’ privacy policies. 

You agree, consent and acknowledge that we may share your information with third parties who provide services to us. These third parties are authorized to use your Personal Information only as necessary to provide these services to us. These services may include the provision of (i) email services to send marketing communications, (ii) mapping services, (iii) customer service or support, and (iv) providing cloud computing infrastructure. 

We employ and contract with people and other entities that perform certain tasks on our behalf and who are under our control such as an email service provider to send emails on our behalf, mapping service providers, and customer support providers our “Sub-Processors”). We may need to share Personal Information with our Sub-Processors to provide Services to you. Unless specified otherwise, our Sub-Processors do not have any right to use Personal Information or other information We share with them beyond what is necessary to assist us. Transfers to subsequent third parties are covered by onward transfer agreements between Keka and each Sub-Processor. A list of Keka Sub-Processors that process Personal Information of individuals located in the EU can be found here. 

Name Purpose
OneSignal For sending push notifications to mobile
FreshChat For chat support
Freshdesk For email support and communication to customers related to support requests
HubSpot CRM for tracking leads, signups and potential customers
RChilli Resume parser API, helps in parsing resumes of candidates uploaded by customers
Google Cloud For rendering google maps in the browser to mark employee location associated with their attendance.
Google App Google meet and Google Calendar shall be used for scheduling purposes. This shall depend upon the preferences set by the customer.
Microsoft Azure For hosting Keka Applications
AWS For email communication
Msg91 For sending SMS notifications like OTP to employees
Mailchimp For email communication to prospects
Calendly Customer information is shared/received
Smartkarrot Customer information (including usage/revenue details/employee information) is shared
Razorpay For receiving Keka subscription related payments
Cashfree For processing payments
Rocketlane Customer onboarding

In some cases, we may choose to buy or sell assets. In these types of transactions, user information is typically one of the transferred business assets. Moreover, if we, or substantially all of our assets, were acquired, or if we go out of business or enter bankruptcy, user information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of us or our assets may continue to use your Personal Information as set forth in this Privacy Policy. You will be notified via email and/or a prominent notice on our site of any change in the legal owner or uses of your Personal Information, as well as any choices you may have regarding your Personal Information. 

In certain situations, we may be required to disclose Personal Information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We also reserve the right to access, read, preserve, and disclose any information as We reasonably believe is necessary to (i) satisfy any applicable law, regulation, legal process or governmental request (ii) enforce this Privacy Policy, including investigation of potential violations hereof, (iii) detect, prevent, or otherwise address fraud, security, or technical issues; (iv) respond to user support requests; or (v) protect our rights, property, or safety. This includes exchanging information with other companies and organizations for fraud protection and spam/malware prevention. We require all third parties to respect the security of your Personal Information and to treat it in accordance with applicable laws. We do not allow third party service providers and Sub-Processors We share your Personal Information with to use it for their own purposes and only permit them to process your Personal Information for specified purposes in accordance with our instructions. Except as set forth above, you will be notified when your Personal Information is shared with third parties, and will be able to prevent the sharing of this information. Unless We otherwise have your consent, we will only share your Personal Information in the ways that are described in this Privacy Policy. 

Keka has developed a functionality that allows its customers to connect their google account using Oauth with our products. Connecting your Google account to your Keka products allows Keka to view your personal information mentioned in your Google Account and to transmit the Service Data to Keka products that you integrate with your G-Account. 

Keka use and transfer of information received from Google APIs shall adhere to Google API Services User Data Policy’s App’s, including the Limited Use requirement. 

Data Retention

Any Customer may request information regarding the storage and retention of data (“Audit”) by contacting us. Keka shall make reasonable efforts to respond to the Audit in a reasonable time and subject to applicable law and to the protection of Keka’s trade secrets (Customer’s personnel may be required to executed a non-disclosure agreements). 

Keka will retain data it processes on behalf of its customers only for as long as required to provide the Service to its Customers and as necessary to comply with its legal obligations, resolve disputes and enforce its agreements. The data in Keka is backed up for system continuity purposes and each backup file may be stored for 30 days. 

After a termination of services by a customer, an automated process will begin that permanently deletes the data in the next cycle (One cycle per quarter). Once begun, this process cannot be reversed and data will be permanently deleted. In cases where we delete a single user data, some data will not be deleted and shall be kept in an anonymized manner. 

You agree, consent and acknowledge that Keka collects and retains metadata and statistical information concerning the use of the service which are not subject to the deletion procedures in this policy and may be retained by Keka for no more than required to conduct its business. Some data may be retained also on our third-party service providers’ servers in accordance with their retention policies. You will not be identifiable from this retained metadata or statistical information. 

Customer may retain Personal Information and other Data about an end user which the Controller owns and the end user may have no access to. If you have questions about the Customer’s right to retain and process your Personal Information, you should raise this directly with them. You hereby agree not to assert any claim against Keka this regard and waive any rights regarding such Data and Personal Information including the right to view and control such Data and Information. 

Anonymized aggregated data may be retained by Keka for as long it is required to provided its services. Contracts and billing information may be retained as required by Keka but at least 5 years from termination or expiration of the relationship with the applicable Customer or party. 

The Data we collect is hosted on the Azure Cloud in USA, Central India, North Europe, UAE data centers etc. which provides advanced security features and is compliant with ISO 27001 and other privacy and security standards.  

Therefore, in providing your Personal Information to Keka, your Personal Information will be sent to the Central India, Central US, North Europe, South East Asia, UAE (or otherwise outside of the European Union), where the local applicable law may provide you with less protection than under European Union law. However, any transfer of Personal Information from the European Union to these other locations will be strictly in accordance with applicable EU GDPR. 

Where your Data is transferred outside of the EEA (European Economic Area), we will take all steps reasonably necessary to ensure that your Data is subject to appropriate safeguards, such as relying on a recognized legal adequacy mechanism, and that it is treated securely and in accordance with this privacy policy. 

We take great care in implementing, enforcing and maintaining the security of the Service, and our users’ Personal Information. Keka implements, enforces and maintains security policies to prevent the unauthorized or accidental access to or destruction, loss, modification, use or disclosure of personal data and monitor compliance of such policies on an ongoing basis. Keka is certified under the ISO 27001:2022. 

Keka limits access to personal data to those of its personnel who: (i) require access in order for Keka to fulfil its obligations under this Privacy Policy and agreements executed with Keka and (ii) have been appropriately and periodically trained on the requirements applicable to the processing, care and handling of the Personal Information (iii) are under confidentiality obligations as required under applicable law. Keka takes steps to ensure that its staff who have access to personal data are honest, reliable, competent and periodically properly trained. 

Keka shall act in accordance with its policies to promptly notify Customer in the event that any personal data processed by Keka on behalf of Customer is lost, stolen, or where there has been any unauthorized access to it subject to applicable law and instructions from any agency or authority. Furthermore, Keka undertakes to co-operate with Customer in investigating and remedying any such security breach. In any security breach involves Personal Information, Keka shall promptly take remedial measures, including without limitation, reasonable measures to restore the security of the Personal Information and limit unauthorized or illegal dissemination of the Personal Information or any part thereof. 

Keka maintains documentation regarding compliance with the requirements of the law, including without limitation documentation of any known breaches and holds reasonable insurance policies in connection with data security. 

The Service may, from time to time, contain links to external sites. We are not responsible for the operation, privacy policies or the content of such sites. 

Your Rights associated with your information

In certain countries (for example in the UK and EU) you may have the right under applicable local law to request access, change or delete certain personal data that we hold in relation to you, or to object to or restrict the processing of certain personal information, receive personal information in a usable electronic format and transmit it to a third party (also known as the right of data portability), and lodge a complaint with a local data protection authority. 

We will contact you if we need additional information from you in order to honour your requests. 

If you want to update the information that we hold about you or if you no longer desire our Service, you may correct, delete inaccuracies, or modify the information we hold by sending an inquiry to grievances@keka.com. Given the nature of the services that we provide we may have shared your personal information with employers and other third parties. You may need to make requests to such third parties in accordance with the instructions in their privacy policies if you require them to update the records that they hold about you. If you want to discuss or exercise any of your rights under this policy, please contact  grievances@keka.com. 

Changes to the privacy policy

The terms of this Privacy Policy will govern the use of the Service and any information collected in connection therewith, however, Keka may amend or update this Privacy Policy from time to time. The most current version of this Privacy Policy will always be posted at: https://www.keka.com/privacy-policy. Unless otherwise agreed with the Customer, we will endeavor to provide notice of material changes to this policy on the homepage of the website and (if applicable) via an e-mail. Such material changes will take effect seven (7) days after such notice was provided on our website or sent by email. Otherwise, all other changes to this Privacy Policy are effective as of the stated “Last Revised” date and your continued use of Services will constitute your active acceptance of, and agreement to be bound by, the changes to the Privacy Policy. 

If you have any questions (or comments) concerning this Privacy Policy, you are welcome to send us an email or otherwise contact us at support@keka.com and we will make an effort to reply within a reasonable timeframe, and not over 30 business days. 

THE FOLLOWING IS ONLY APPLICABLE TO USERS LOCATED IN CALIFORNIA, NEVADA AND DELAWARE

Privacy Notice for California, Nevada, and Delaware Residents (“Privacy Notice”). The California Consumer Privacy Act of 2018 (“CCPA”), and its implementing regulations, as well as Nevada Revised Statutes Chapter 603A.300 et seq and Delaware Online and Personal Privacy Protection Act, require us to make certain disclosures regarding our privacy practices. 

This Privacy Notice applies to personal information of California and Nevada residents that we collect, use, and disclose on the Site as part of the Service. Keka employees are subject to a separate privacy policy. 

For the purposes of this section only, “personal information” means any information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household.” “Personal information” does not include publicly available information that is lawfully made available to the general public from federal, state, or local government records. 

We may hold data on you in our role as a service provider to a client company, and we may hold data about you on our own behalf. We collect, use, and disclose personal information as follows: 

Categories of Personal Information We May Collect

Identifiers: name, postal address, online identifier, internet protocol address, email address, phone number. 

Commercial information: products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. 

Internet or other electronic network activity information: browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement 

Audio and Video: if you visit our facilities that employ CCTV, we may capture your likeness on video as you pass through secured areas. 

How We Collect Personal Information

We have collected the above categories and types of personal information directly from individuals through our website or during customer support contact, directly from our business customers, and through business documents such as our contracts and other shared documents. We also collect personal information automatically using cookies and similar trackers. 

Please refer to our cookie policy for further details. 

How We Use Personal Information

We may use your personal information for the following business purposes:

providing the Service to our business customers.

  • fulfilling your requests.
  • communicating with you about our Services or the Site.
  • conducting business together.
  • protecting our legal interests and abiding by our legal obligations.
  • protecting the security of our systems and facilities.
  • analysing our business and web site performance; and marketing to you (with your consent, as required by applicable law).

 

How We Use Personal Information

We may disclose your personal information with third parties for a business purpose. These third parties include analytics providers and other service providers under contract to us. These service providers are prohibited from using your personal information except at our direction. We may also disclose your personal information to government entities or other third parties associated with legal or tax requirements, or in the case of a proposed merger, acquisition, asset sale, or other corporate transaction. 

If you are a California resident, you have certain rights (subject to certain limits under California law), such as: 

Right to Know and Right to Request Information

You may have the right to request that we disclose what personal information we collect, use, disclose or sell. You have the right to request information about the personal information we’ve collected about you within the last twelve months. You may request to know if we have collected, sold, or shared with third parties for a business purpose the following information: 

  • The categories of personal information we have collected about you; 
  • The categories of sources of personal information we collected about you; 
  • Our business or commercial purpose for collecting or selling personal information about you; 
  • The categories of third parties with whom we share personal information; 
  • The specific pieces of personal information we have collected about you; 
  • Whether we have sold your personal information and if so the categories of personal information that each category of recipient purchased; and 
  • Whether we have disclosed your personal information for a business purpose and if so, the categories of personal information that each category of recipient received. 

If we find the requests repetitive, excessive or unfounded in a calendar year, we may refuse to act on your request. Hence, it is requested to submit your request consciously. 

Right to Request Deletion

You have the right to request that we delete the personal information we have collected about you. Under certain circumstances we may be unable to delete your personal information; for example, to comply with legal obligations, or for our legitimate business purposes. 

Right to Opt-Out of the Sale of Personal Information

The CCPA provides California residents the right to opt out of sales of their personal information to third parties. We do not engage in sales of personal information and have not sold the personal information of California or Nevada residents in the preceding twelve months. We also do not sell the personal information of minors under the age of 16 years of age. This fact notwithstanding, you can submit a request to be opted out of any future data sales by sending a request to grievances@keka.com 

Right to Non-Discrimination

You have a right not to receive discriminatory treatment for exercising your privacy rights under the CCPA. 

To exercise your rights as a California resident, you may make a request in the following ways: 

When you submit a request, we will verify your request and identity, and we reserve the right to take additional steps necessary for verification. For example, we may seek to establish your identity by requesting additional information from you that we can match with information that we have in our records. 

You may designate an authorized agent to make a request to know or a request to delete your personal information by providing the authorized agent written permission to do so; and by verifying your own identity with us directly. We will deny any requests from agents that do not submit proof of authorization. Requests submitted via authorized agents will be subject to similar verification processes as direct requests. 

If you wish to exercise your rights pertaining to the personal information we may hold about you as a service provider to a client company, please direct your request(s) to that company.

 

GRIEVANCE OFFICER

DPO OFFICER

If you have any further concerns about data protection, feel free to contact dpo@keka.com

 

cookie image

By clicking “Accept", you consent to our website's use of cookies to give you the most relevant experience by remembering your preferences and repeat visits. You may visit "cookie policy” to know more about cookies we use.