Privacy Policy

Our Privacy Statement was first published on February 7, 2014, and was last updated on November 26, 2022. It governs the privacy terms of our website(s), located at isrgrajan.com, isrg.in, isrg.me, isrg.co.in and the services and utilities we provide you (the “Website” or the “Service”). Any capitalised terms not defined in our Privacy Policy have the same meaning as specified in our Terms of Service, accessible at isrgrajan.com/tos. The terms, “we” and “our” as used in this document refer to Isrg KB.

Table of Content

Your Privacy

Our website follows all legal requirements to protect your privacy. Our Privacy Policy is a legal statement that explains how we may collect information from you, how we may share your information, and how you can limit our sharing of your information. You will see terms in our privacy policy that are capitalized. These terms have meanings as described in the definitions section below:

Definitions

  • Personal Data: Personal data refers to information about a living person who can be identified from that information (or from that information and other information in our possession or likely to come into our possession).
  • Usage Data: Usage Data is information that is automatically collected while using a service or from the service infrastructure (for example, the time of a page visit, your IP address, your browser user agent, the language of your device, and so on).
  • Cookies: Cookies are small blocks of data created by a web server while a user is browsing a website and placed on the user’s computer or other device by the user’s web browser. Cookies are placed on the device used to access a website, and more than one cookie may be placed on a user’s device during a session.
  • Data Controller: “Data Controller” means a natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed. For the purpose of this privacy policy, we are a data controller of your data.
  • Data Processors (or Service Providers): “Data Processor” (or Service Provider) means any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of various service providers in order to process your data more effectively.
  • Data Subject: A “data subject” is any living individual who is the subject of personal data.
  • User: The “User” is the individual using our service. The user corresponds to the data subject, who is the subject of personal data.

Information Collection and Use

We collect several different types of information for various purposes to provide and improve our service to you.

Types of Data Collected

  • Personal Data
    While using our service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information may include, but is not limited to, an email address, name, address, state, province, zip code or postal code, city, cookies, and usage data. We may use your personal data to contact you with SMS, newsletters, marketing or promotional materials, and other information that may be of interest to you. You can opt out of receiving any or all of these communications from us by clicking the unsubscribe link or following the instructions included in any email we send. Registered users can further modify, alter, and delete their personal information by logging into their accounts.
  • Comments
    When visitors leave comments on the site, we collect the data shown in the comment form and also the visitor’s IP address and browser user agent string to help with spam detection. An anonymized string created from your email address (also called a hash) may be provided to the Gravatar service to see if you are using it. The Gravatar service privacy policy is available at automattic.com/privacy. After approval of your comment, your profile picture is visible to the public in the context of your comment. We also use third-party tools and services for managing comments and their privacy policy is available at facebook.com/privacy/policy.
  • Media
    We take the necessary steps to clear and remove the EXIF data from uploaded images, but in some cases, it may still contain embedded data like the device name, location information, etc. Users are encouraged to clean and remove personalised EXIF data before uploading to the website because visitors to the website can download and extract any location data from images on the website.
  • Contact forms
    While filing contact forms on the website, we collect specified and provided personal details which further subject to the collection of the personal information as specified above under section Personal Data.
  • Embedded content from other websites
    Articles on this site may include embedded content (e.g., videos, images, articles, social media posts, etc.). Embedded content from other websites behaves in the exact same way as if the visitor had visited the other website. These websites may collect data about you, use cookies, embed additional third-party tracking, and monitor your interaction with that embedded content, including tracing your interaction with the embedded content if you have an account and are logged in to that website.
  • Usage Data
    We may also collect information on how the service is accessed and used (“Usage Data”). This usage data may include information such as your computer’s Internet Protocol address (e.g., IP address), browser type, browser version, the pages of our service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, and other diagnostic data.

Cookies Policy

Cookies and similar tracking technologies are used to track activity on our service and store certain information. Cookies are files with a small amount of data, which may include a unique anonymous identifier. Cookies are sent to your browser from a website and stored on your device. Beacons, tags, and scripts are also tracking technologies used to collect and track information and to improve and analyse our service. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our service. Examples of cookies we use are session cookies (we use these cookies to operate our service) and preference cookies (we use these cookies to remember your preferences and various settings).You can instruct your web browser to stop storing cookies using the cookie setting options available in the web browser’s preferences.

Use of Data

We use the collected data for various purposes, including:

  • To provide and maintain our service.
  • To notify you about changes to our service.
  • To allow you to participate in interactive features of our service when you choose to do so.
  • To provide customer support.
  • To gather analysis or valuable information so that we can improve our service.
  • To monitor the usage of our service.
  • To detect, prevent, and address technical issues.
  • Unless you have opted not to receive such information, we will send you news, special offers, and general information about other goods, services, and events that we offer that are similar to those you have already purchased or inquired about.

Retention of Data

We will retain your personal data only for as long as is necessary for the purposes set out in this privacy policy. We will retain and use your personal data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

We will also keep usage data for internal analysis. Usage Data is generally retained for a shorter period of time, unless it is used to strengthen the security or functionality of our Service, or we are legally required to retain this data for a longer period of time.

Transfer of Data

Your information, including personal data, may be transferred to and maintained on computers located outside of your state, province, country, or other governmental jurisdiction, where the data protection laws may differ from those in your jurisdiction.

We will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this privacy policy, and no transfer of your personal data will take place to an organisation or a country unless there are adequate controls in place, including the security of your data and other personal information.

Your consent to this privacy policy, followed by your submission of such information, represents your agreement to that transfer.

Disclosure of Data

  • Business Transaction: If we are involved in a merger, acquisition, or asset sale, your personal data may be transferred. We will provide notice before your personal data is transferred and becomes subject to a different privacy policy.
  • Disclosure for Law Enforcement: Under certain circumstances, we may be required to disclose your personal data if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).

Security of Data

The security of your data is important to us, but remember that no method of transmission over the Internet or method of electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your personal data, we cannot guarantee its absolute security.

Legal Basis for Processing Personal Data Under General Data Protection Regulation (GDPR)

If you are from the European Economic Area (EEA), the legal basis for collecting and using the personal information described in this privacy policy depends on the personal data we collect and the specific context in which we collect it.

We may process your Personal Data because:

  • We need to perform a contract with you.
  • You have given us permission to do so.
  • The processing is in our legitimate interests, and it’s not overridden by your rights.
  • For payment processing purposes.
  • To comply with the law.

Your Data Protection Rights Under General Data Protection Regulation (GDPR)

If you are a resident of the European Economic Area (EEA), you have certain data protection rights. We aim to take reasonable steps to allow you to correct, amend, delete, or limit the use of your personal data.

If you wish to be informed of what personal data we hold about you and if you want it to be removed from our systems, please contact us.

In certain circumstances, you have the following data protection rights:

  • The right to access, update, or to delete the information we have on you.
  • The right of rectification: You have the right to have your information rectified if that information is inaccurate or incomplete.
  • The right to object: You have the right to object to our processing of your Personal Data.
  • The right of restriction: You have the right to request that we restrict the processing of your personal information.
  • The right to data portability: You have the right to be provided with a copy of your personal data in a structured, machine-readable, and commonly used format.
  • The right to withdraw consent: You may also withdraw your consent at any time if we rely on it to process your personal information.

Please note that we may ask you to verify your identity before responding to such requests.

You have the right to complain to a Data Protection Authority about our collection and use of your personal data. For more information, please contact your local data protection authority in the European Economic Area (EEA).

Service Providers

We may employ third-party companies and individuals to facilitate our service (“Service Providers”), to provide the service on our behalf, to perform service-related services, or to assist us in analysing how our service is used.

These third parties have access to your personal data only to perform these tasks on our behalf and are obligated not to disclose or use it for any other purpose.

Analytics

We may use third-party service providers to monitor and analyse the use of our service.

  • Google Analytics: Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our service. This data is shared with other Google services. Google may use the collected data to contextualise and personalise the ads in its own advertising network. You can prevent Google Analytics from tracking your activity on the Service by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, gtm.js, and dc.js) from sharing information with Google Analytics about visits and activity. For more information on the privacy practises of Google, please visit the Google Privacy and Terms web page: http://www.google.com/intl/en/policies/privacy/
  • Yandex Metrika: Yandex Metrica is a free web analytics service offered by Yandex that tracks and reports website traffic. Yandex Metrica may deploy tags to collect audience, traffic, and behaviour data for the website. For more information on the privacy practises of Yandex, please visit the Yandex Privacy and Terms web page: yandex.com/legal/metrica_termsofuse
  • Cloudflare: We use Cloudflare as our DNS provider, data processors, CDN provider and its various services like Monitoring, Security, and analytics etc. to provide high-quality and seamless services. The Privacy Policy of Cloudflare is accessible at cloudflare.com/privacypolicy.
  • StachPath: We use StachPath as CDN provider which further offers various services like traffic monitoring, security, traffic routing etc. The Privacy Policy of StackPath is accessible at stackpath.com/legal.

Payments

We may provide paid products and/or services within the Service. In that case, we use third-party services for payment processing (e.g., payment processors).

We will not store or collect your payment card details. That information is provided directly to our third-party payment processors whose use of your personal information is governed by their Privacy Policy. These payment processors adhere to the standards set by PCI-DSS as managed by the PCI Security Standards Council, which is a joint effort of brands like Visa, Mastercard, American Express, and Discover. PCI-DSS requirements help ensure the secure handling of payment information.

The payment processors we work with are:

Advertisements

Advertising keeps our website and many of the websites and services you use free of charge. We and our advertising agencies work hard to make sure that ads are safe, unobtrusive, and as relevant as possible. We ensure no ads contain malware, ads for counterfeit goods, or ads that attempt to misuse your personal information. You may opt out of personalized advertising by visiting www.aboutads.info. The Privacy Policy and Terms of Services of the advertising agencies that we use are available at: policies.google.com and taboola.com/policies/privacy-policy.

Links to other sites

Our Service may contain links to other sites that are not operated by us. If you click on a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies, or practices of any third party sites or services.

Family Educational Rights and Privacy Act (FERPA)

Our services comply with all applicable provisions of the Family Educational Rights and Privacy Act (FERPA) (20 U.S.C. § 1232g; 34 CFR Part 99). We receive Student Data from School Customers as a “school official” under FERPA and only process Student Data for educational purposes. In the event we receive a subpoena or judicial order for the disclosure of education records, we will notify the associated School Customer(s) prior to fulfilling the request in accordance with §99.31(a)(9). For additional information on FERPA, please visit the U.S. Department of Education’s Privacy Technical Assistance Center.

Children’s Online Privacy Protection Act (COPPA)

Our services comply with all applicable provisions of the Children’s Online Privacy Protection Act (COPPA) (15 USC 6501 et seq.) To the extent COPPA applies to information we collect, we process such information for educational purposes only, at the direction of the partnering School Customer and on the basis of educational institution consent. For additional information on COPPA and educational institution consent, please refer to the Federal Trade Commission’s Complying with COPPA: Frequently Asked Questions.

Our COPPA & New York Section 2-D Compliance Policies

We takes student data privacy seriously. In alignment with U.S. Federal Law and Article 1 – Section 2D of the Laws of New York, we take the following actions to ensure student data privacy:

  1. We limits access to students’ education records to teachers and administrators who are named employees of the institutions with whom we partner, and only for legitimate educational interests.
  2. We does not use the education records for any purpose other than those explicitly authorized in our contract.
  3. Except for our authorised representatives, to the extent they are carrying out the contract, we do not disclose any personally identifiable information to any other party without the prior written consent of the parent or eligible student, or unless required by statute or court order, and the party provides a notice of the disclosure to the department, district board of education, or institution that provided the information no later than the time the information is disclosed, unless providing notice of the disclosure is expressly prohibited by the statute or court order.
  4. We maintain reasonable administrative, technical, and physical safeguards to protect the security, confidentiality, and integrity of personally identifiable student information in our custody.
  5. We use encryption technology to protect data while in motion or in our custody from unauthorised disclosure using a technology or methodology specified by the secretary of the United States Department of Health and Human Services in guidance issued under Section 13402(H)(2) of Public Law 111-5.

Information Technology Rules, 2021

The Information Technology (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021 is secondary or subordinate legislation that suppresses India’s Intermediary Guidelines Rules 2011. The 2021 rules have stemmed from section 87 of the Information Technology Act, 2000 and are a combination of the draft Intermediaries Rules, 2018 and the OTT Regulation and Code of Ethics for Digital Media.

We collect personal data in compliance with the Indian IT Act. 2000 and IT Rules 2021 only after the user’s consent. We further inform the user in advance and prior to the data collection about the usage, storage and processing of the provided data. We further provide the option to the registered users to limit, restrict, and modify the provided data in compliance with the Privacy Policy, Terms of Services, and Contributor’s Guidelines.

Unregistered users, on the other hand, can use their web browser’s settings to opt out of storing cookies, session, or similar data on their computer or device; which may lead to poor user experience and unexpected website functionality or behavior.

Brazilian General Data Protection Law (LGPD)

If you reside in the Federative Republic of Brazil (“Brazil”), we will be the controller of your Personal Data provided to, collected by or for, or processed by in connection with our Services.

Legal Basis for Processing Personal Data (LGPD) Brazil

If you are a Customer, Site Visitor, or User from Brazil, under the Lei Geral de Proteção de Dados federal law 13,709/2018 (the “LGPD”), our legal basis for collecting and using the Personal Data described above (also referred to in this Section 5.4 as “Brazil Data”) will depend on the Personal Data concerned and the specific context in which we collect it.

However, we will normally collect Personal Data from you only (i) where we have your consent to do so, (ii) where we need the Personal Data to perform a contract with you, or (iii) where the processing is in our legitimate interests and not overridden by your data protection interests or fundamental rights and freedoms. In some cases, we may also have a legal obligation to collect Personal Data from you or may otherwise need the Personal Data to protect your vital interests or those of another person.

If we ask you to provide Personal Data to comply with a legal requirement or to perform a contract with you, we will make this clear at the relevant time and advise you whether the provision of your Personal Data is mandatory or not (as well as of the possible consequences if you do not provide your Personal Data).

Similarly, if we collect and use your Personal Data in reliance on our legitimate interests (or those of any third party), a notice will be provided to you in our disclosure statement.

If you have questions about or need further information concerning the legal basis on which we collect and use your Personal Data, including if you would like to better understand how our legitimate interests to process your data are balanced against your data protection rights and freedoms, please contact us.

Your Rights to Your Personal Data (Brazil)

You have the right to request that we (i) confirm whether we are processing your Personal Data, (ii) provide you with access to the Personal Data we hold about you, (iii) disclose the public and private entities with which we have shared use of your Personal Data, (iv) correct your Personal Data, (v) export your Personal Data, for your own use or use by another controller (vi) anonymize, block, or delete any unnecessary or excessive data, (vii) delete all your Personal Data, and (vii) cease or restrict processing of your Personal Data. If you are a User and would like to understand what Personal Data and behavioral information we holds about you, specifically, and how you can exercise any of your rights with respect to your Personal Data, please visit your account. Customers may also submit a data subject access request by contacting us so that we may either respond with the relevant information or, if applicable, direct this request to, and cooperate with, your employer to respond.

The Canadian Consumer Privacy Protection Act (CPPA)

In any organization, failure to protect personal information can increase the risk of a privacy breach. These privacy breaches can lead to things such as reputational harm, fraud or identity theft.

We will protect personal information from loss or theft, unauthorized access, use or disclosure, modification or destruction through appropriate administrative, technical and physical security measures and safeguards.

The level of safeguards used to protect personal information will depend on the:

  • sensitivity of the personal information;
  • amount, distribution and format of the information;
  • method of storage.

We follow the Government of Canada’s Security Policy and any other direction or guidance on information technology security received from the relevant federal agencies.

Consent
Wherever possible, we seek a person’s consent before we collect their personal information. The form of consent may vary depending on the circumstances and the type of information being requested. Consent can be express or implied, and can be provided directly by the individual or by an authorized representative.

Express consent is preferred. Express consent can be given orally, electronically or in writing. Implied consent may be reasonably inferred from a person’s action or inaction. For example, providing a name and address to receive a publication or providing a name and telephone number to receive a response to a question. When determining the appropriate form of consent, we take into account the sensitivity of the personal information, the reasons we are collecting it, and the reasonable expectations of the person. When using personal information for a new purpose, we will document that new purpose and ask for consent again.

During our investigations, it may not always be possible to obtain a person’s consent to collect, use, or disclose their personal information. Both the Privacy Act and PIPEDA allow for the disclosure of personal information during the course of an investigation if it is necessary to carry out that investigation.

We will not use your personal information without your consent unless it is either:

  • for the same purpose for which the information was originally collected or compiled,
  • consistent with that purpose,
  • for a purpose that may be disclosed under section 8(2) of the Privacy Act.

The California Consumer Privacy Act (CCPA)

For California Residents Only. We may disclose your Personal Information to our subsidiaries or other third parties who may use that information to market directly to you. As a California resident, you have the right to opt-out of having your Personal Information licensed to such third parties. We will not share your information after we have received your notification that you are opting out. If you wish to opt-out you can contact us.

Changes to this Privacy Policy

We may update our privacy policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.

We will let you know via email and/or a prominent notice on our service, prior to the change becoming effective, and update the “effective date” at the top of this Privacy Policy.

You are advised to review this privacy policy periodically for any changes. Changes to this privacy policy are effective when they are posted on this page.

Contact us

If you have any questions about this Privacy Policy, please contact us by using the contact information we provided on our Contact page.