FFITINDIA , Your Portal to Cross-Border Tax Expertise. FFITINDIA is a not-for-profit foundation with offices in India. Further information and contact details at www.FFITINDIA.com
Last updated: 09 March 2021
FFITINDIA values its relationship with you and considers it of great importance that your personal data is handled with the utmost care. This Privacy Statement informs you of why and how FFITINDIA collects, processes and discloses your personal data, and what FFITINDIA undertakes to protect it.
FFITINDIA may unilaterally modify or update this Privacy Statement without prior notice. For this reason, we encourage you to regularly review the Privacy Statement. However, if substantive adjustments are made, a clear notification will be made available on our website.
Privacy and Data Protection at FFITINDIA
Responsibility : FFITINDIA is the Foundation for International Taxation, India. Responsibility for the processing and protection of your personal data lies with FFITINDIA ’s head office 622, Maker Chambers V, 6th Floor, 221 Nariman Point, Mumbai, Maharashtra, Pin 400021, India.
FFITINDIA complies with the requirements of the General Data Protection Regulation (Regulation (EU) 2016/679) of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons in the European Economic Area (EEA) with regard to the processing of personal data and the free movement of such data. As required by the GDPR, FFITINDIA maintains a comprehensive register of its data processing activities in electronic form. FFITINDIA has assigned a privacy officer who deals with all matters related to data protection.
In the event that ownership of (parts of) FFITINDIA is transferred to a third party, your personal data may be transferred to that third party. FFITINDIA will inform you of this upfront, whereby you will be given the opportunity to object to such transfer of data.
Definitions: Personal data: Any information that relates to a living individual who can be identified from that data.
Different pieces of information that can lead to the identification of a particular person when they are collected together also constitute personal data (e.g. an IP address in combination with a name).
Data subject: The identifiable person whose personal data is collected.
Data controller: A person or organization that decides why and how the collected personal data is processed, and is responsible for the protection of that data. Unless otherwise stated, FFITINDIA is a data controller for personal data we collect through the services subject to this statement. FFITINDIA , Your Portal to Cross-Border Tax Expertise
Data processor: An external person or organization that processes the personal data on behalf of the data controller.
Data processing: Any operation or set of operations that is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
Cookies: Small text files (up to 4KB) created by a website that are stored on the user’s device, either temporarily in the web browser for that session only, or permanently on the hard disk (‘persistent cookie’). Cookies provide a way for a website to recognize you when you return to it, and keep track of your preferences. Cookies are ‘passive’ as they contain retrievable information, but do not contain programmes, viruses or malicious software.
Personal Data Collection
We may collect the following personal data from you:
- Your personal contact details (name, postal address, e-mail address and telephone number);
- Your professional contact details (company, position, postal address, e-mail address and
- telephone number);
- Your device’s Internet Protocol (IP) address;
- Your user ID’s and passwords;
- Your invoice and payment details, including your credit card number;
- Your reported interests and preferences;
- Your ordered products or subscriptions;
- Information regarding the equipment you use, such as a unique device ID, the version of your
- operating system and the settings of the device you use to gain access to a product or service;
- Information regarding the use of a product or service, such as the type of product or service you
- use and the specific time you use it;
- Location details derived from your device or IP address, that may be automatically transferred
- when you use a product or service;
- Information that is available via external sources, such as your social media profile;
- Information that is transferred via external sources, for example when you access a product or
- service via another company’s website.
We do not collect or process any of the personal data classified in the Regulation as ‘special categories’, such as race, political opinions or religious beliefs (See Article 9 of the GDPR for a full list). We do collect and process ‘sensitive’ financial and location data, to fulfil our obligations towards authors, customers and suppliers.
When we collect personal data: Your personal data may be collected in the following situations: FFITINDIA , Your Portal to Cross-Border Tax Expertise FFITINDIA is a not-for-profit foundation with offices in Amsterdam, Beijing, Kuala Lumpur and Washington D.C. Further information and contact details at www.FFITINDIA.com
- When you take out a subscription to an FFITINDIA product or service, either from FFITINDIA or via a third party;
- When you purchase a single FFITINDIA product or service, either from FFITINDIA or via a third party;
- When you use one of FFITINDIA ’s websites or online platforms (incl. social media), either directly or via a third party;
- When you create a personal account to one of FFITINDIA ’s websites or platforms;
- When you sign up for one or more of FFITINDIA ’s free services, such as newsletters or mailings;
- When you participate in a panel or survey conducted by FFITINDIA or one of FFITINDIA ’s trusted partners;
- When you register for one of FFITINDIA ’s digital products or services, such as an online course or webinar;
- When you send documents, images and other content containing personal data to FFITINDIA ;
- When you sign into FFITINDIA ’s Library and Information Centre;
- When you contact FFITINDIA .
How we collect personal data: We collect personal data through various channels:
- We obtain some of the data from you directly, for example when you subscribe to a product,
- create a My Account or sign up to a newsletter;
- We get some of it by recording how you interact with our products, for example by using cookie
- technology or obtaining usage data through web analytics;
- We obtain some personal data from third parties, such as social media platforms and trusted partners
Personal Data Processing
Why we process personal data At FFITINDIA , we process personal data for the basic purposes we must achieve to operate our business: to provide our products and services, and to send communications about our products and services. We need to process personal data for these purposes, to be able to provide you with the products and services outlined in your agreement(s) with us (e.g. Customer Relationship Management), to keep you up-to-date on the products and services of your interest (e.g. marketing communications), and to continuously improve our products and services and your experiences with them (e.g. usage analytics).
We also process personal data for certain carefully considered purposes (‘legitimate interests’), which are in the interest of our business and our customers, as they enable us to fulfil our contractual obligations, enhance the services we provide and protect your privacy. The processing of data for these purposes occurs with the highest regard for your rights and interests. You have the right to object to these forms of processing, but keep in mind that this may affect our ability to carry out certain tasks for your benefit.
We process personal data based on the following (non-accumulative) bases for ‘lawful processing’:
Consent: You have consented to the processing by means of an affirmative statement or clear action, such as by ticking a checkbox in your My Account in order to receive a certain FFITINDIA newsletter. FFITINDIA , Your Portal to Cross-Border Tax Expertise FFITINDIA is a not-for-profit foundation with offices 622, Maker Chambers V, 6th Floor, 221 Nariman Point, Mumbai, Maharashtra, Pin 400021, India at www.FFITINDIA.com
You can withdraw your consent at any time, e.g. by un-ticking the afore-mentioned checkbox or by informing us by telephone; please allow 30 days for your request to be processed. Note that we may not be able to comply with such a request in all cases, as we still may need to process your personal data on a different legal basis (see below).
Contractual necessity: Processing is necessary for the performance of a contract, or to take steps to enter into a contract.
Legal obligation: Processing is necessary for compliance with a legal obligation to which FFITINDIA may be subject as data controller, such as a court order.
Legitimate interests: Processing is necessary for purposes of legitimate interests pursued by FFITINDIA or a third party used by FFITINDIA , except where such interests are overridden by your interests, rights or freedoms.
Legitimate interests for which FFITINDIA processes personal data are:
- Fraud detection and prevention;
- IT security measures to protect FFITINDIA ’s network and information systems, e.g. to prevent data
- breaches or leaks;
- Intra-organization transfer of data, such as for the processing of orders and payments by FFITINDIA ’s
- headquarters that come in via other FFITINDIA locations or third parties;
- Employment relationship management, for operational, administrative, HR and recruitment
- Corporate operations and due diligence, such as business intelligence, risk assessment, strategy
- planning and reporting;
- Credit management, such as the transfer of data to a debt collection agency in case of nonpayment;
- Product development and enhancement, such as monitoring website usage and conducting
- analytics (e.g. pages and links clicked, time at page, navigation patterns, devices used, where users
- are coming from) to improve our products and services;
- Communications, marketing and intelligence, such as for personalized services and
- communications, direct marketing, targeted advertizing, event planning, and conducting profiling
- and business intelligence analytics to e.g. create trend reports, analyse the effectiveness of a
- marketing campaign or determine the most effective channels and messages.
How we process and use personal data: Your personal data is stored in dedicated Content Management Systems, such as for processing subscriptions, orders and payments, providing customer and author support, and workflow processin for our publications. We process only the minimum amount of personal data necessary to achieve our purposes. This makes it easier for us to keep data accurate and up-to-date, and limits the amount of data accessible to an unauthorized party in the event of a data breach. We may combine data we collect to enhance or personalize your user experience, for example based on a course you followed or a previous purchase.FFITINDIA , Your Portal to Cross-Border Tax Expertise FFITINDIA is a not-for-profit foundation with offices in Amsterdam, Beijing, Kuala Lumpur and Washington D.C. Further information and contact details at www.FFITINDIA.com. At FFITINDIA , we do not use ‘automated decision-making’: we may use profiling – i.e. gathering data about an individual, or group of individuals, and evaluating their characteristics and behaviour patterns to analyze or make predictions about their interests or behaviour –, for example to improve or personalize our offering, but we do not base decisions or actions solely on this automatically generated information. Financial information (‘sensitive data’) is processed solely for payment processing, debt collection fraud prevention and financial audits.
Personal Data Sharing : Why we share personal data: We have agreements with third parties that may receive your personal data, as they need it to carry out certain business activities for us. As FFITINDIA in its role of data controller is responsible for the personal data we collect from you, we only work with parties that are GDPR-compliant. We (will) have detailed data processing agreements in place with these parties, that outline that any personal data obtained from FFITINDIA is to be kept confidential, and that personal data may only be processed at the direct and precise instruction of FFITINDIA and solely for the purpose defined by FFITINDIA . In case such an agreement is terminated, any personal data in the possession of the third party is either returned to FFITINDIA or deleted.
Recipients of your personal data can be other data controllers, data processors, third party licensees, third countries and international organizations.
Who we share personal data with : Other data controllers FFITINDIA has concluded content licenses with other organizations, whom we provide with our published material. The organizations provide us with the personal data of their users (e-mail or IP addresses) that we require to fulfil our obligations, and we provide FFITINDIA content to these end users.
If the content license specifies that FFITINDIA shall determine the means and purpose of the processing of the users’ data, then FFITINDIA is the data controller for the personal data of the organizations’ users.
Note to the end user: If you use an e-mail or IP address provided by an organization you are affiliated with, e.g. your employer, to access FFITINDIA products and services, that organization may access and process your personal data. FFITINDIA may report to your organization on your usage of our products and services. Please direct your privacy inquiries to your organization’s administrator.
Data processors : FFITINDIA makes use of various types of companies that process data on behalf of FFITINDIA to help us with our daily operations. As stated above, FFITINDIA has concluded or will conclude a GDPR-compliant data processing agreement with such companies.
Categories of data processors used by FFITINDIA :FFITINDIA , Your Portal to Cross-Border Tax Expertise
FFITINDIA is a not-for-profit foundation with offices in Amsterdam, Beijing, Kuala Lumpur and Washington D.C. Further information and contact details at www.FFITINDIA.com.
- Printing companies
- Distributors (for delivery of print content)
- Marketing agencies
- IT service providers
- Hosting companies
- Web analytics services
- Translation agencies
- Legal consultants
- HRM administration companies
- Debt collecting agencies
Third party licensees: FFITINDIA has license agreements with several carefully selected third parties, allowing them to use or sell FFITINDIA content in order to attain a wide spread of FFITINDIA ’s information and maximum exposure for its authors. Vice versa, FFITINDIA has agreements in place with third parties that deliver content to FFITINDIA for further use or distribution. These parties may need to obtain personal data from FFITINDIA , or send personal data to FFITINDIA , for example for the purpose of order fulfilment.
Categories of third parties licensed by FFITINDIA :
- Publishing companies
- Academic institutions
- Online training developers
FFITINDIA will not share your personal data with any third parties other than those we have license agreements with, without your prior consent.
Third countries and international organizations: As an international organization with offices in four countries and with a global network of clients (e.g. customers, third party licensees) and suppliers (e.g. authors, printers), FFITINDIA may need to transfer your personal data to (international organizations operating in) countries outside the European Economic Area (EEA).
The countries in the EEA are covered by the GDPR: they all have to comply with the data protection principles set out in the Regulation, which guarantees the protection of your personal data when transferred between EEA countries. The European Commission (EC) has declared that the transfer of data to countries outside the EEA may only take place if the level of protection guaranteed by the GDPR is not undermined.
The EC has taken a number of ‘adequacy decisions’ for non-EU countries that the EC considers to have an adequate level of protection: a full list can be found here. To enable the transfer of data to countries that have not (yet) been labeled ‘safe’, the European Commission has established a number of Standard Contractual Clauses that can be used in agreements with parties in these countries, in order to safeguard the protection of your personal data.
In cases where FFITINDIA may need to transfer your personal data to (international organizations operating in) third countries, we will ensure that an agreement is in place that includes the relevant Standard FFITINDIA , Your Portal to Cross-Border Tax Expertise FFITINDIA is a not for-profit foundation with offices in Amsterdam, Beijing, Kuala Lumpur and Washington D.C. Further information and contact details at www.FFITINDIA.com. Contractual Clauses and outlines precisely which data may be processed, how it may be processed and for which purpose, and which laws and regulations apply.
Cookies are small text files that are placed on your computer by websites that you visit. They are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site. The overview below explains the cookies we use and why.
Functional cookies: These are used to make our websites function well, for example to offer such functionality as Single Sign On and our shopping cart.
A cookie can be classified by its lifespan and the domain to which it belongs.
By lifespan, a cookie is either a session cookie, which is erased when the user closes the browser, or a persistent cookie, which remains on the user’s computer/device for a pre-defined period of time.
FFITINDIA does not use third-party cookies and will therefore not collect any data from sites other than FFITINDIA ’s own websites and platforms.
Please note that if you disable cookies in your browser, some of FFITINDIA ’s services may no longer be available to you.
Personal Data Retention: We do not store personal data for longer than is necessary for the purposes for which the personal data is processed. We have a regular review process in place to cleanse our databases of obsolete personal data.
Once we no longer need personal data for the purpose for which it was collected, we will delete it unless we are obligated by law to keep it. We may archive a minimum amount of personal data for historical, statistical or research purposes, for example to defend possible future legal claims or to comply with employment law or financial audits. FFITINDIA , Your Portal to Cross-Border Tax Expertise FFITINDIA is a not-for-profit foundation with offices in Amsterdam, Beijing, Kuala Lumpur and Washington D.C. Further information and contact details at www.FFITINDIA.com.
FFITINDIA uses both session cookies and persistent cookies. Session cookies are stored for the duration of the user’s session on an FFITINDIA website. Persistent cookies used for website statistics are stored for no more than two years; persistent cookies used for the FFITINDIA web shop expire after one day. Job application information is deleted 4 weeks after the application procedure is finalized, unless the applicant has given us permission to retain the information for future reference, in which case the information is stored for a maximum of one year.
We are obligated by law to store payroll records for a minimum of 7 years. This also applies for author payments into private accounts.
FFITINDIA does not retain credit card information.
Personal Data Protection: Information security at FFITINDIA is based on generally accepted ‘good practices’ in Information Security. Risk Management. Information security refers to the ways and means to protect printed, electronic, or any other form of confidential, private and sensitive information or data from unauthorized access, use, misuse, disclosure, destruction, modification, or disruption.
Data security: FFITINDIA offers its services and processes personal data both on its premises and in data centres. All connections to such data centres are secured by encryption (VPN) and where possible restricted to parts of the organization via a Virtual Local Area Network (VLAN). All data centres FFITINDIA uses are ISO certified (e.g. ISO 27001). Within FFITINDIA , all possible measures to protect information, both technical and organizational, are implemented:
- Multi-tier firewall protection (main firewall, ‘Intrusion Detection System’ in the network, firewalls on all servers) ensures an overall protection from external threats, as well as a limitation in potential damage;
- VLAN’s are used for logical and technical separation of access rights and risks;
- The wireless access to resources is separated from the main internal network;
- Virus scanners are used within the network and on all workstations and servers;
- Remote access to the offices can only be gained via VPN;
- Development, test and acceptation environments are fully separated from production environments;
- Where possible, data used in non-production environments is encrypted and pseudonimized and additional security measures are implemented to prevent the risks of data loss or data breach in these environments.
Organizational measures include, but are not limited to, a security officer, security policies including a patch and password policy, separation of duties and access, monitoring and communication policies.
Accountability: FFITINDIA ensures that our security controls remain effective in protecting data and mitigating existing threats over time. Log files are checked on a daily basis, our processing operations and security tools are regularly monitored and we perform yearly audits and security tests. FFITINDIA , Your Portal to Cross-Border Tax Expertise FFITINDIA is a not-for-profit foundation with offices in Amsterdam, Beijing, Kuala Lumpur and Washington D.C. Further information and contact details at www.FFITINDIA.com. An IT audit is performed each year by our accountants, whereby all IT processes (e.g. backups, restores, user management) are audited. In addition, a yearly security test (also known as a ‘penetration test’) is executed by external specialists.
Data breaches : FFITINDIA has breach detection, investigation and reporting procedures in place.
The procedure in case of a data breach consists of the following steps, worked out in detail in the FFITINDIA
Data Breach Policy:
- Determine the likeliness of a high risk to the rights and freedoms of the data subjects;
- If relevant, notify without undue delay, but no later than 72 hours after becoming aware of the
- breach, the supervisory authority. FFITINDIA has agreements in place with all Data Processors to
- ensure that this period can also be met when the breach occurs at a Data Processor’s location;
- Inform the affected data subjects;
- Take all necessary measures to limit any damage caused by the breach and prevent further damage or the breach from happening again.
The Data reach Policy is published internally and FFITINDIA staff is made aware of this policy. FFITINDIA maintains an internal data breach register.
How we handle and protect sensitive data: In case FFITINDIA does process sensitive data, this is done by qualified and trained staff only, and proper technical (role-based access) and organizational measures (e.g. segregation of duties) are implemented to secure such data.
How to Access and Control Your Personal Data: The GDPR provides you, the data subject, with various rights to guarantee the fair and correct processing of personal data. In case you wish to exercise any of these rights, please get in touch with us (See Chapter 9. Contact Us). Your request will be assessed in light of the standards and recommendations outlined in the GDPR.
In case you disagree with the outcome or the way FFITINDIA has handled your request, or with the way FFITINDIA processes your personal data, you can lodge a complaint or request for arbitration with the supervisory authority in the Netherlands, the ‘Autoriteit Persoonsgegevens’.
Data subject rights pertaining to the personal data collected by FFITINDIA
At all times, you have the right to: FFITINDIA , Your Portal to Cross-Border Tax Expertise
FFITINDIA is a not-for-profit foundation with offices in Amsterdam, Beijing, Kuala Lumpur and Washington D.C. Further information and contact details at www.FFITINDIA.com.
- Request that FFITINDIA allows you to inspect your personal data;
- Request that FFITINDIA provides you with an electronic copy of your personal data;
- Request that FFITINDIA rectifies your personal data (within 30 days);
- Request that FFITINDIA erases your personal data (within 30 days).
- 2. Data subject rights pertaining to the processing of the personal data collected by FFITINDIA
- At all times, you have the right to:
- Request that FFITINDIA provides you with information regarding the processing of your personal data;
- Request that FFITINDIA applies a (temporary) restriction to the processing of your personal data;
- Request that FFITINDIA does not base decisions solely on automated processing of your personal data, including profiling;
- Object to the processing of your personal data.
Inquiries concerning this Privacy Statement and FFITINDIA ’s data protection policy can be made to FFITINDIA ’s privacy officer:
Admin FFITINDIA , IT department
Registered Office is :
FOUNDATION FOR INTERNATIONAL TAXATION
622, Maker Chambers V, 6th Floor,
221 Nariman Point, Mumbai, Maharashtra, Pin 400021, India
Tel.: +91-22-2202 4259/60/61
EMAIL ADDRESS: firstname.lastname@example.org / email@example.com