Privacy Policy

Last Updated July 2025
7 min read

This Privacy Policy explains how Karnival Technologies Private Limited (“Karnival”, “we”, “us”, or “our”) collects, uses, discloses, and protects the personal data of visitors, customers, and users of our website and services. Please read this policy carefully to understand your rights and how we handle your information. If you have questions or concerns, you may contact our Grievance Officer (see the “Grievance Officer” section below). By accessing or using our website or Karnival services (the “App”), you acknowledge that you accept the practices described in this policy. If you do not agree with this Policy, we advise you to discontinue use of the App immediately.

Types of Users and Data Collected
Visitor:
If you browse the Karnival website without registering, we may collect:
1- Location Data: Your approximate geographic location as determined by your IP address or device.
2-Website Usage: Pages you visit, duration of visits, navigation paths, and similar engagement metrics.
3- Device Information: Details about the device you use (e.g. device type, operating system, browser type).
4- Cookies and Tracking Data: Information stored by cookies or web beacons on your browser.
5- Contact Information: Your name and email address, if you voluntarily provide them (e.g., through contact forms).
Customer: If an organization (“Customer”) registers for Karnival services, we may collect:
1-Representative Details: The name and email of the individual who registers or signs up on behalf of your organization.
2-Payment Information: Billing details such as credit/debit card information or other payment data, which we use to verify financial qualifications, prevent fraud, and process service payments. (Payment processing is handled by trusted third-party payment processors; they are only permitted to use this data to process payments on our behalf and not to store it beyond that purpose.)
User: If you are an authorized user of Karnival’s platform or services (e.g. an employee of a Customer), we may collect:
1-Account Information: Your name and email address.
2-Usage Data: How you use the platform and its features (e.g. pages or modules accessed, actions performed).
3-Device Details: Information about the device used to access the App (similar to Visitor device information).
4-Cookies and Usage Data: Tracking information to understand how the App is used.

How and Why We Use Personal Data
We use personal data we collect for various business and operational purposes, including to provide and improve our services:
1-Service Delivery: We process your data to register and manage accounts, verify eligibility for services, and fulfill our contractual obligations. For example, we use Customer payment information to facilitate billing and prevent fraud through secure third-party processors.
2-Website and App Functionality: We analyze Visitor and User behavior (such as pages viewed and time spent) to improve the usability, content, and functionality of our website and applications. This helps us optimize the user experience.
3-Communications: If you consent, Karnival may send you newsletters, service updates, or marketing communications via email about Karnival products or services. You may opt out of these communications at any time by contacting us.
4-Support and Troubleshooting: When you report an issue with our App, Karnival may collect diagnostic or log information related to your session. In limited cases, with your permission or as needed to troubleshoot a specific problem, we may record or monitor your session on the App to resolve technical issues more effectively.
5-Legal Compliance and Protection: We use data as necessary to comply with legal obligations, enforce our terms of service, and protect the rights, privacy, safety, or property of Karnival, our users, and others. This includes internal analytics for security and legal risk management.

Our use of data is always governed by applicable law. We do not use Visitor or User data for purposes unrelated to the services without your consent. For example, we will not use your personal data for profiling, or new purposes beyond what is described here, unless we inform you and obtain any required consent in advance. You may withdraw any consent you have given at any time (see the “Your Rights” section below).

Google API Data
If you use any feature of our App that connects to Google services (e.g. Google account sign-in or integration with Google Workspace), Karnival may receive information from Google. Karnival’s use of any data obtained via Google APIs strictly complies with Google’s API Services User Data Policy, including the Limited Use requirements. We will never transfer or use such data in a manner not authorized by Google’s policies.

Anonymized and Aggregated Data
For clarity: Karnival may anonymize or aggregate personal data (removing all identifying elements) for analytical purposes. Once data is anonymized and aggregated, it is no longer considered personal data, and Karnival may use it freely for any purpose (subject to applicable laws). If Karnival wishes to use your personal data in an identifiable form for purposes other than providing the service (e.g. for research, product development beyond service delivery), we will obtain your explicit consent beforehand, and you may withdraw that consent at any time.

Data Subject Rights (GDPR and Other Laws)
If you are an individual whose personal data is processed by Karnival (for example, an EU resident or anyone whose data is handled in jurisdictions with similar rights), you have the following rights under applicable data protection laws (subject to certain limitations):
1-Right to be Informed: You have the right to know how your personal data is collected, used, and shared. We fulfill this by providing this Privacy Policy.
2-Right of Access: You may request a copy of the personal data we hold about you.
3-Right to Rectification: If your personal data is inaccurate or incomplete, you can ask us to update or correct it.
4-Right to Erasure: You can request the deletion of your personal data in certain circumstances.
5-Right to Restrict Processing: You may ask us to limit how we use your personal data in specific situations.
6-Right to Object: You have the right to object to our processing of your personal data for certain reasons. In particular, you have an absolute right to object if we process your personal data for direct marketing purposes (in which case we will stop processing immediately).
7-Right to Data Portability: You can request a copy of your personal data in a structured, commonly used electronic format, and you may transmit that data to another service provider if desired.
8-Right not to be Subject to Solely Automated Decisions: You have the right not to be subject to any decision that is based solely on automated processing (including profiling) that produces legal effects concerning you, unless permitted by law.

To exercise any of these rights, please contact our Grievance Officer (see “Grievance Officer” below) with your request. Karnival will respond within the timeframes required by applicable law. If you believe Karnival has not respected your rights, you may file a complaint with a relevant data protection authority in your jurisdiction.

Lawful Bases for Processing
Karnival relies on the following legal bases to process personal data:
1-Consent: Where you have explicitly agreed (opted in) to a specific use of your personal data (e.g. signing up for marketing communications). You can withdraw consent at any time.
2-Contractual Necessity: When processing is necessary to perform a contract to which you are a party, or to take steps requested by you prior to entering into a contract (e.g. registering you for service or enabling a feature you requested).
3-Legal Obligation: When processing is necessary for Karnival to comply with applicable laws, regulations, or legal proceedings.
4-Legitimate Interests: When Karnival has a valid business reason (other than carrying out a contract or complying with law) for processing your data, and doing so does not unduly infringe on your rights and freedoms. For example, improving our services, ensuring network and information security, or preventing fraud may qualify as legitimate interests.

The specific basis may vary depending on the type of data and how we use it. If you have questions about the basis on which we process your data in a particular case, please contact us.

Special Categories of Personal Data
Karnival does not collect or process any “special categories” of personal data (also known as sensitive personal data) as defined by the EU General Data Protection Regulation. This includes data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, health or genetic information, biometric data for identification, sexual orientation, and similar sensitive information. If you are a Karnival customer or user, you agree not to use our services to collect or transmit any special category personal data about any individual. If such data is provided to us by mistake, please notify us immediately so we can securely delete it.

Your Rights under CCPA (California)
If you are a California resident, Karnival complies with the California Consumer Privacy Act (CCPA) by providing the following rights:
1-Right to Know: You have the right to know what categories of personal information Karnival collects, the sources of that information, the purpose for collecting it, and the categories of third parties with whom it is shared.
2-Right to Access: You may request access to the specific pieces of personal information Karnival has collected about you.
3-Right to Delete: You can request that Karnival delete personal information collected from you, subject to certain exceptions (e.g. if we need it for legal compliance).
4-Right to Opt-Out of Sale: You have the right to opt out of any sale of your personal information. Karnival does not sell personal information of our visitors, users, or customers.
5-Right to Non-Discrimination:
You have the right to exercise your CCPA rights without being treated differently (e.g. service quality or pricing cannot be changed because you exercised your privacy rights). Karnival will not discriminate against you for exercising any privacy rights.

Karnival will not ask you to waive any of your rights under CCPA. If you want to exercise any of the above rights, please contact our Grievance Officer (see below).

Your Rights under India’s SPDI Rules 2011
For Indian users, Karnival adheres to the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011. Under these rules:
1-Right to Be Informed (Consent): We will clearly explain what personal information we collect, why we need it, and how we will use it. We will only collect your sensitive personal data with your explicit consent.
2-Right of Access: You have the right to request a copy of your personal information that Karnival holds. You may review and verify its accuracy.
3-Right to Correction: You may ask us to correct or update any personal information we hold about you if it is incorrect or incomplete.
4-Right to Withdraw Consent: You can withdraw your consent to Karnival processing your personal data at any time. After withdrawal, we will stop processing your data for the purpose to which you had originally consented, unless required by law to continue.
To exercise any of the above rights under Indian law, please contact our Grievance Officer.

Retention of Personal Information
Karnival will retain your personal data only for as long as necessary to fulfill the purposes for which it was collected, including providing the requested services, complying with legal obligations, resolving disputes, and enforcing our agreements. This may include:
1-Service Period: We keep account and usage information for the duration that you or your organization use Karnival’s services.
2-Performance and Improvement: We may retain certain data (even after you stop using our services) to analyze trends, improve our products, or investigate issues, as long as it aligns with our legitimate interests and legal requirements.
3-Legal Compliance: We may retain data to meet legal obligations (tax, accounting, regulatory) or for period required by law.
4-Dispute and Enforcement: We may keep data to defend against potential legal claims or to enforce our rights.
If you request deletion of your data, we will delete your personal data from active systems unless we are required to keep it for legitimate business or legal reasons. Customers of Karnival are responsible for informing their own end-users (e.g. leads or employees) about how their data is collected, processed, and retained in connection with Karnival’s services. After termination of our services, Karnival may delete all personal data we have collected or processed on your behalf, unless retaining it is legally required.

Third-Party Tools and Integrations
Customers may integrate Karnival’s App with third-party or proprietary tools (for example, analytics platforms, email services, CRM systems). If you choose to use any such tools, you are solely responsible for compliance with applicable laws and privacy notices. You must inform any individuals whose personal data is collected or processed by those tools and ensure that those tools’ data practices are lawful. Karnival is not responsible for the data practices of third-party services, and we encourage you to review their privacy policies before integration.

International Transfers of Data
Karnival is based in [Country], and we may transfer personal data to other countries for business purposes (such as to data centers, disaster recovery sites, or third-party service providers). Whenever we transfer personal data internationally, we will implement appropriate safeguards:
1-Adequacy Decisions: If transferring data from the EU/EEA, we rely on adequacy decisions or use standard contractual clauses when necessary.
2-Data Protection Agreements: We may require recipients in other countries to sign data protection addendums or agreements to ensure they protect your personal data according to applicable laws.
3-Security Measures: Data may be encrypted in transit and at rest, and access to cross-border data is limited to authorized personnel.
Even if your data is processed or stored abroad, Karnival ensures that your rights under this Policy remain in effect. In summary, your data may be stored or processed in other countries, but we take steps to maintain the same level of protection as if the data were kept locally.
We also may share your data with trusted third parties (e.g. cloud hosting providers, data processors, payment processors, analytics and marketing services) located in or outside your country. Examples include:
1-Payment Processing: We may share payment details with external payment gateways to complete transactions.
2-Cloud and Infrastructure: Your data may be stored on servers or cloud services in other jurisdictions for availability and backup.
3-Business Operations: We may share data with subcontractors for functions like data analysis, email communication, customer support, or marketing.
Before sharing, we require all third parties to comply with privacy and security obligations. For any international transfer to entities outside jurisdictions deemed “adequate,” we will use legal contracts or other appropriate safeguards and only permit the minimum necessary data to be transferred.

Compelled Disclosure
Karnival may disclose personal data when required to do so by law or to protect legal rights. In particular, we may share your personal information if:
1-Legal Process: We receive a court order, subpoena, warrant, or other legal demands (in any jurisdiction).
2-Safety and Security: It is necessary to protect the safety or rights of Karnival, our users, or the public (e.g., to prevent fraud, in the context of national security or law enforcement).
3-Legal Claims: We are defending or enforcing our legal rights in a dispute or investigation.
We will seek to limit any disclosure to the minimum required and, where possible, notify you of any forced disclosure so you can seek legal protection, unless prohibited by law.

Security of Your Personal Information
Karnival takes data security seriously and employs industry-standard measures to protect your data:
1-Access Controls: Access to personal data is restricted to authorized employees and contractors who require it to perform their job functions. All access is logged and monitored.
2-Encryption: We use strong encryption (e.g. AES-256 or equivalent) to protect sensitive data both in transit (using TLS/SSL) and at rest on our servers.
3-Network Security: We maintain secure network infrastructure with firewalls, intrusion detection systems, and regular vulnerability assessments to guard against unauthorized access.
4-Regular Audits and Assessments: We conduct periodic security audits, penetration tests, and risk assessments to identify and mitigate potential vulnerabilities.
5-Incident Response: We have established procedures to detect, report, and respond to any data security incidents. In the event of a data breach, we will follow legal breach notification requirements.
6-Employee Training: All employees handling personal data receive training on data privacy and security best practices. They are bound by confidentiality obligations.
7-Third-Party Security: We require all service providers and partners who process data for us to maintain equivalent security standards and comply with confidentiality agreements.
8-Physical Security: Our physical locations and data centers use measures like access badges, security cameras, and on-site guards to prevent unauthorized physical access.
9-Business Continuity: We maintain backup systems and disaster recovery plans to ensure personal data is protected and available in case of system failures.
10-Compliance Standards: Karnival follows recognized security frameworks (such as ISO/IEC 27001) and aligns with applicable security regulations.
Despite these measures, no method of transmission or storage is 100% secure. We strive to protect your data to the best of our ability, and we review our security practices regularly.

Grievance Officer
Karnival has designated a Grievance Officer to address privacy concerns and to handle requests related to this Policy. You may contact the Grievance Officer at any time regarding questions, requests, or complaints about data privacy.
Grievance Officer: dataofficer@karnival.com
Data Protection Officer: prasenjeet@karnival.com
Postal Address: 3rd Floor, Landmark Cyber Park, Sector 67, Gurugram, Haryana 122101
Changes to This Privacy Policy: Karnival may update this Policy from time to time to reflect changes in our practices or relevant laws. The “Effective Date” at the top indicates when the current version took effect. We will notify you of material changes by posting the new policy on our website. Your continued use of Karnival’s services after any revisions indicates your acceptance of the updated policy.
Contact Information: contact@karnival.com