On this page
Terminology
Customer
An entity (not an individual) that signs up to use one or more of our products.
Personal Data
Any information relating to an identified or identifiable individual; an identifiable individual is one who can be identified, directly or indirectly, by reference to an identifier such as a name, an identification number, location data, an online identifier, or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural, or social identity of that individual.
Data Fiduciary
Under India's Digital Personal Data Protection Act 2023 (DPDP Act), a Data Fiduciary is any person who, alone or in conjunction with others, determines the purpose and means of processing of digital personal data. Naapbooks Limited acts as a Data Fiduciary in respect of data it collects directly from its Customers and website visitors.
Data Processor / Data Principal
When VizMan processes personal data of end-visitors (individuals who check in at premises using the VizMan platform) on behalf of our Customers, VizMan acts as a Data Processor (GDPR) or sub-Data Fiduciary. The individual whose data is processed is the Data Principal under the DPDP Act.
Grievance Officer
The designated officer appointed by Naapbooks Limited to receive and resolve data privacy complaints in accordance with the DPDP Act 2023 and other applicable law. Contact details are in Section 12.
Data Collection
| 2.1 |
Identifiers Identifiers include information like your name or email address. VizMan uses identifiers to provide you with an account to use the Services, to communicate with you regarding your use of the Services, to communicate with you regarding your possible purchase of a subscription, to send you marketing communications, or to debug and repair errors with the Services. Legal Basis (GDPR): Performance of a contract (Art. 6(1)(b)) for account and service delivery; Consent (Art. 6(1)(a)) for marketing communications; Legitimate interests (Art. 6(1)(f)) for error diagnosis and service improvement. |
| 2.2 |
Internet Activity Information Internet Activity includes information describing how you interact with the Services, such as how long you use the services and what you tap or click on. VizMan uses your Internet Activity to debug and repair errors with the Services, to determine how to improve the Services, and to improve the effectiveness of our marketing practices. Legal Basis (GDPR): Legitimate interests (Art. 6(1)(f)) — improving service quality and security. You may object to processing based on legitimate interests at any time (see Section 7). |
| 2.3 |
Audio or Visual Information This category includes pictures or videos of you. VizMan uses this information to display a photograph of you in the Services, or to keep track of discussions with you that occur during the sales process. Where VizMan processes photographs of individuals visiting premises managed by our Customers, this is done on behalf of the Customer as described in Section 8. Legal Basis (GDPR): Performance of a contract (Art. 6(1)(b)) for account-related display; Consent (Art. 6(1)(a)) where photographs are collected voluntarily during the sales process. |
| 2.4 |
Professional Information Professional Information includes your employer. VizMan sells to businesses and will use your Professional Information to determine what business may be purchasing the Services and to send marketing communications to the business. Legal Basis (GDPR): Legitimate interests (Art. 6(1)(f)) — understanding the professional context of prospective customers; Consent (Art. 6(1)(a)) for direct marketing communications. |
| 2.5 |
Inferences Drawn from Collected Information VizMan may use the information in the categories listed above to make inferences about you, including determining what products or services you may be interested in or likely to purchase, or how you prefer to use the Services. These inferences are used solely for improving our service recommendations and are not used to make any automated decisions that produce legal or similarly significant effects on you. You have the right to obtain human review of any such profiling that affects you — see Section 7. Legal Basis (GDPR): Legitimate interests (Art. 6(1)(f)) — tailoring service offerings. No solely automated decision-making with legal effect is carried out (Art. 22 GDPR). You may object to this processing at any time. |
Collection Sources
VizMan may collect your information from the following categories of sources:
|
VizMan Website
|
Mobile Applications
|
Direct Communications
|
|
Social Media
|
Sales & Marketing Tools
|
VizMan Subsidiaries
|
VizMan may also collect your data through VizMan subsidiaries through the above sources. VizMan has intercompany data sharing agreements with its subsidiaries that ensure the transfer of personal data into India complies with data privacy law.
Data Usage
When you have provided your consent, VizMan uses the information it collects from you to:
| Deliver marketing communications and advertisements related to our Services to you (Legal basis: Consent) |
| Analyze potential customers to improve marketing initiatives (Legal basis: Legitimate interests) |
| For any other purpose that you have specifically consented to (Legal basis: Consent) |
If you are a representative of a current or prospective customer, VizMan requires your information, and will use it, to provide our Services. In the context of that business relationship we use your information to:
| Communicate with you during the sales process (Legal basis: Legitimate interests / Pre-contractual steps) |
| Provide support (Legal basis: Performance of contract) |
| Create and administer accounts necessary to use the Services (Legal basis: Performance of contract) |
| Deliver transactional communications about the operation of the Services (Legal basis: Performance of contract) |
| Communicate with you about payment or other legal obligations (Legal basis: Legal obligation / Contract) |
VizMan is capable of using your information for these purposes only by utilizing services provided by other companies. These companies provide us with sales operations tools, marketing tools, web and application hosting, communication services, and data analysis. VizMan has an agreement with each of these companies that limits their use of your Personal Data to the specific purposes described in this section. These agreements also include standardized provisions to ensure your data is appropriately safeguarded when transferred across international borders (e.g., Standard Contractual Clauses).
VizMan also shares (but does not sell) Identifiers with companies who provide us with additional information about you so that we can tailor our sales and marketing to your particular interests. If you do not want us to use your Personal Data for these purposes, you may opt-out by sending an email to privacy@vizman.app.
Transactions
| 5.1 |
Payment Information Collection When you make a purchase or payment through our Services, we collect payment information such as your name, billing address, and payment method details (e.g., credit card number, expiration date). This data is processed securely through our third-party payment gateway provider, and we do not store your credit card information on our servers. |
| 5.2 |
Use of Payment Information We use your payment information to process transactions, manage your account, and detect and prevent fraud or unauthorized access to our Services. (Legal basis: Performance of contract; Legal obligation for financial record-keeping) |
| 5.3 |
Third-Party Payment Processors We partner with third-party payment processors that comply with applicable security and privacy standards. These processors are responsible for managing your payment transactions, and their use of your payment information is governed by their privacy policies. |
| 5.4 |
Refund Policy If you request a refund in accordance with our Terms and Conditions, we may collect additional information necessary to process your refund. This may include transaction details, payment method, and other relevant data to verify your eligibility for a refund. |
| 5.5 |
Data Retention We retain payment and transaction data for as long as necessary to fulfill the purposes for which it was collected, including compliance with legal obligations and dispute resolution. |
| 5.6 |
Security We implement appropriate technical and organisational security measures to protect your payment information from unauthorized access, alteration, disclosure, or destruction. However, no security system is impenetrable, and we cannot guarantee the security of your payment data. In the event of a personal data breach, we will act in accordance with our obligations under Section 10. |
Retention
VizMan may store your information for the following durations:
|
||
|
||
|
User Rights
You have the following rights regarding the Personal Data that we collect. Where GDPR applies, these rights are set out in Articles 15–21. Where the DPDP Act 2023 applies, these rights are set out in Sections 11–14 of that Act.
|
Access Request a copy of the Personal Data we hold about you (GDPR Art. 15 / DPDP Sec. 11) |
Correction Request correction of inaccurate or incomplete data (GDPR Art. 16 / DPDP Sec. 12) |
|
Deletion / Erasure Request deletion of your Personal Data where it is no longer necessary or where consent is withdrawn (GDPR Art. 17 / DPDP Sec. 13) |
Restriction of Processing Request that we restrict the processing of your data in certain circumstances, e.g. while accuracy is contested (GDPR Art. 18) |
|
Data Portability Receive your Personal Data in a structured, commonly used, machine-readable format and transmit it to another controller (GDPR Art. 20) |
Right to Object Object at any time to processing of your data based on legitimate interests, including profiling and direct marketing (GDPR Art. 21) |
|
Withdraw Consent Withdraw consent at any time where processing is based on consent, without affecting the lawfulness of prior processing |
Lodge a Complaint Lodge a complaint with a supervisory authority (EU: your local Data Protection Authority; India: the Data Protection Board of India) |
If we can verify that you are authorised to make the request, we will endeavour to fulfil your request within 45 days. In some circumstances we are not required to comply because of exceptions provided by law. If we do not comply, we will notify you with reasons.
| 7.1 |
How can you exercise your rights? To exercise any of the rights listed above, please email us at privacy@vizman.app or contact our Grievance Officer (see Section 12). If you interacted with our Services through your employer, a business you provided services to, or through a company you visited, please contact that company for information on your rights. We cannot accept your request directly in these circumstances because we process your Personal Data on behalf of that company (our Customer). However, if you believe our Customer is not complying with data privacy laws, please let us know. |
End-User Notice
Who this section applies to: If you are an individual who has checked in at a facility, office, hospital, school, event, or other premises using the VizMan visitor management platform — and you are not a Customer or Customer representative — this section applies to you.
| 8.1 |
Who Controls Your Data The organisation whose premises you visited (VizMan's Customer) is the primary controller or Data Fiduciary for the data collected about you during your visit. VizMan processes that data only on behalf of and as directed by that organisation. For questions about how your data is used, please contact the organisation directly. If you believe that organisation is not meeting its privacy obligations, you may also notify VizMan at privacy@vizman.app. |
| 8.2 |
What Data May Be Collected About You Depending on the configuration chosen by the host organisation, the VizMan platform may collect: your full name; contact number or email address; photograph; identity document details; purpose of visit; host contact name; date and time of arrival and departure; and any other fields configured by the host organisation. The exact data collected will be presented to you at the point of check-in. |
| 8.3 |
Purpose and Legal Basis for Processing Your visit data is collected to manage premises security, track visitor access, enable host notification, and comply with the host organisation's legal or regulatory obligations. The legal basis is typically the legitimate interests of the host organisation (physical security), legal obligation, or your consent provided at check-in. VizMan does not use visitor check-in data for its own marketing purposes. |
| 8.4 |
Retention of Visitor Data Visitor check-in records are retained for the period set by the host organisation in their VizMan account. VizMan requires its Customers to set retention periods that are proportionate and legally compliant. Upon Customer account termination, visitor data is deleted in accordance with our data processing agreement with that Customer. |
| 8.5 |
Your Rights as a Visitor You have the right to access, correct, and request deletion of your visitor check-in data. As VizMan processes this data on behalf of the host organisation, requests must be directed to that organisation in the first instance. If you are unable to reach them or believe your rights are not being respected, you may contact VizMan's Grievance Officer (Section 12) and we will direct your request appropriately. |
Minor Safeguarding
VizMan is committed to protecting the privacy of children. Under the DPDP Act 2023 (India), a child means a person under the age of 18 years. Under GDPR and applicable EU member-state law, the age threshold for digital services consent ranges from 13 to 16 years depending on jurisdiction.
| 9.1 |
No Direct Collection from Children VizMan does not knowingly collect Personal Data directly from children through its website, marketing activities, or account sign-up process. Our products are intended for use by business organisations and their adult representatives. If we become aware that we have inadvertently collected Personal Data from a child in this context, we will delete it promptly. |
| 9.2 |
Visitor Check-In by Children Where VizMan's platform is deployed at premises that may receive visitors under the age of 18 (e.g., schools, hospitals, event venues), VizMan contractually requires its Customers to: (a) obtain verifiable parental or guardian consent prior to collecting the child's Personal Data; (b) configure the platform to collect only the minimum data necessary; (c) refrain from enabling profiling or behavioural tracking for child visitors; and (d) retain child visitor data for no longer than the minimum period required. |
| 9.3 |
No Tracking or Profiling of Children VizMan does not conduct behavioural tracking, profiling, or targeted advertising directed at children. Any inference or analytics features (see Section 2.5) are disabled in relation to data that has been identified as belonging to a minor. If a parent or guardian believes their child's data has been processed without appropriate consent, they should contact VizMan's Grievance Officer as described in Section 12. |
Incident Response
VizMan maintains technical and organisational measures to prevent personal data breaches. In the event that a breach occurs, VizMan will act in accordance with all applicable law, including the GDPR and the DPDP Act 2023.
| 10.1 |
Notification to Supervisory Authorities Where VizMan acts as a data controller or Data Fiduciary and a breach is likely to result in a risk to the rights and freedoms of individuals, VizMan will notify the relevant supervisory authority — the Data Protection Board of India (under the DPDP Act) and/or the applicable EU Data Protection Authority (under GDPR) — without undue delay and, where feasible, within 72 hours of becoming aware of the breach. |
| 10.2 |
Notification to Affected Individuals Where a breach is likely to result in a high risk to individuals' rights and freedoms, VizMan will communicate the breach to affected individuals without undue delay. The communication will describe the nature of the breach, the likely consequences, the measures taken or proposed, and how to contact VizMan for further information. |
| 10.3 |
Notification to Customers (as Processors) Where VizMan acts as a Data Processor on behalf of a Customer and becomes aware of a breach affecting that Customer's data, VizMan will notify the Customer without undue delay so that the Customer can meet its own notification obligations to regulators and affected individuals. |
| 10.4 |
Reporting a Suspected Breach If you suspect that your Personal Data has been compromised, please contact VizMan immediately at privacy@vizman.app with the subject line DATA BREACH REPORT. We will acknowledge your report within 24 hours and investigate promptly. |
Tracking
Our website uses cookies. When you visit our website, we will ask for your consent to use any cookies that are not essential. A cookie is a file stored by your browser that enables us to identify you, typically, via a string of numbers and letters.
Non-essential cookies are only set after obtaining your explicit consent. You can manage cookie preferences at any time through your browser settings.
Get in Touch
Grievance Officer — DPDP Act 2023
Data Protection & Grievance Officer
Naapbooks Limited, Ahmedabad, Gujarat, India
|
||
|
If you are not satisfied with the resolution of your complaint, you may escalate to the Data Protection Board of India (for DPDP Act matters) or your local Data Protection Authority (for GDPR matters).
For privacy enquiries, you may also contact Naapbooks Limited directly.