Privacy Policy

Privacy Policy

POLICY STATEMENT

Monstarlab Enterprise Solutions LImited believes in prioritizing transparency and security. A fundamental part of earning that trust means being clear about how we use your information and protecting your right to privacy. We take pride in possessing the ISO 27001 certification, which outlines and assures the specifications for a robust Information Security Management System (ISMS)

This Privacy Policy describes how Monstarlab Enterprise Solutions LImited (“we,” “us,” or “MLES”), process personal information in relation to your use of our Platform and applies to its employees, vendors, contractors, partners, potential customers, potential recruits and  website visitors.

Please review the supplemental information describing how we process personal information the following  “Privacy Policy” 

DEFINITIONS
“Data” means any personal, derivative or usage Information collected throughout the process. “Personal data” means the personal information that may be collected while using the site, which includes but is not limited to: Personally Identifiable Information (PII) such as- Names, addresses, email addresses,Protected Health Information (PHI) etc.
“Usage Data” means the information collected automatically while using the site which may include information such as your Device’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our site that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

“Sensitive data” means special category data that reveals a subject’s information. as mentioned in GDPR which includes but not limited to: financial or commercial data; health data, both physical or mental including medical records or information as to the health of an individual; genetic data; biometric data etc.

“Commercial Data” includes your product and service history with us, along with correspondence sent to a designated mailbox or through electronic communication, including AI-supported channels.

“Cookies” is a small file placed on your device. We may collect visitors’ information such as IP address, details etc by using cookies. Find more about “Cookie Policy”.
“Recruitment or Employment Data” includes Personal and contact details, Education information and professional or employment-related information, Financial Information for payroll and benefit, Talent management information etc. that are required for recruitment and submitted by you.

“Data subject”means a person who is the subject of the data hereby referred to as “you, your”.

“Consent” ” means any freely given and specific indication of the data subject’s wishes by which the data subject, by a statement or by clear affirmative action, signifies agreement to the processing of data.

“Data Controller” Monstarlab Enterprise Solutions Limited is the entity who makes the decisions regarding the retention and processing of data, hereby referred to as “MLES, us, our, the company”.

OUR APPROACH

In handling personal data, including sensitive information, MLES adheres to key principles for maximum data protection. This includes ensuring transparent and informed collection with the subject’s consent, processing data fairly and in compliance with legal provisions. Maintaining data integrity involves collecting accurate, relevant information, and only retaining it for authorized periods. MLES prioritizes data quality, granting subjects access or correction rights. Security measures are implemented to prevent unauthorized access, damage, or disclosure. The company strictly complies with legal requirements, including bilateral and multilateral agreements, assessing and mitigating associated risks in data processing and transfer.

• Consent Management: You have choices when it comes to the technology you use and the data you share. When we ask you to provide personal data, you can decline. Some products require personal data for service; if not provided, you can’t use the feature. When required by law or contract, failure to provide data may result in non-compliance or suspension of existing services. Optional data sharing impacts features like personalization. We’ll notify you about essential data requirements and their consequences.
• Data Collection: MLES acting as a data controller only collects data from data subjects with their consent and through just and legal means, only for the purpose as mentioned and disclosed at the time of collecting the data.

We might collect data from other sources in a prescribed manner without consent where,

1. The data contained in the public record
2. The data subject has deliberately made the data public
3. The data subject has consented to the collection of the data from another authorized source
4. Personal privacy is not compromised
5. The collection of any data necessary for the prevention, detection, investigation of an offense or for national security.

• Use of Information: We only use data for lawful purposes and when it is necessary for the following reasons:
• We process data to run our business and to ensure its continuity.
• To follow through on a request with a view to entering into a contract and for the performance of a contract.
• We provide services to customers and  in order to  manage customers and provide services to customers we  may collect, manage and process personal data to ensure the fulfillment of our commitments to them. 
• We process data in order to manage our workforce and human resources
• To comply with legal obligations where the company is the subject
• To protect vital interests such as matters relating to life, death or security etc.
• For treatment, public health, medical or research purposes or to respond to any medical emergency involving a threat to life or  health of any other individual.
• In order to comply with court order or any legal, judicial compliance matter or exercise of any function conferred by law

• Data Security:
  The security, integrity and confidentiality of your data is very important to us. We have implemented technical, administrative and physical security measures to protect information from unauthorized access, disclosure, use or modification.We adopt the highest security measures to protect your personal data which includes but not limited to-
  • We operate in Bangladesh and we abide by all the relevant rules, laws and regulations of this country when handling, processing and retaining data.
  • We commit to follow the international standard of privacy protection and hence we commit to comply with existing national and international legislation while  serving globally by ensuring compliance with GDPR, CCPA,HIPAA and other relevant legislation of that region.
  • We hold an ISO27001 certification, which indicates that we adhere to the highest and strictest information security standards.

 DATA STORAGE, RETENTION AND DELETION
We keep your personal data only as long as necessary, guided by records management policies. Data is retained during our ongoing relationship or while your account is active, ensuring service provision. Additionally, we retain data as required to fulfill global legal and contractual obligations, deleting it after a reasonable time per our policies.

We will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our site, or We are legally obligated to retain this data for longer time periods. We make sure that all redundant data is permanently deleted and can not be accessed or retrieved.

YOUR RIGHTS
You may exercise any of the rights as mentioned below if consistent with your applicable jurisdiction:

• Information Management- You can access and modify certain personal information within your Account settings. It is your responsibility to ensure the accuracy and currency of your personal information.
• Account Deletion and Deactivation: You can cease your consent by permanently deleting your account or deactivating your account for some reasonable time.
• Access & Portability-  In certain jurisdictions, you may be entitled to request copies of your personal information, details about how we handle it, and receive the information you provided in a structured, machine-readable format. You can also ask us to transmit this data to another service provider, where technically possible, as per applicable law.
• Erasure-Some jurisdictions may allow you to request that your personal information be removed. Please be aware that if you request deletion of your personal information, or if your account is suspended, terminated, or voluntarily closed:
• Objection in processing of data- You can request the company to stop processing your personal data if  processing such data can cause unwanted substantial damage to you. Upon receiving such a request MLES will stop processing such data in required legal reasonable time.

General conditions for the exercise of the rights- To exercise the rights under this heading you need to fill out this [FORM]  with adequate details to verify your identity to us. Upon verifying the identity MLES may send a notice of recipient and acknowledgement of such request to you  within a reasonable time. 

Fee: Certain requests may be subject to fees, informed by notice.

Note: We may not be able to fulfill your request if the information that you have provided us is not adequate and complete or if we can not verify your identity.

Your rights shall not affect:

• Legitimate Business Interest: Personal information as required for our legitimate business interests, including but not limited to preventing money laundering, detecting and preventing fraud, and enhancing safety.
• Legal, Tax, Audit, and Reporting Purpose: Personal information retained to the extent necessary for compliance with legal, tax, reporting, and auditing obligations.
• Shared Information: Information shared with others, such as reviews and forum postings as it may continue to be publicly visible even if you cancel your account.

THIRD PARTY INTEGRATION AND SERVICE TERM:

• We may share personal data with service providers, advisors, authorities, affiliates, or third parties in line with our business operations, including corporate transactions and client service provision.
• Our site may also contain links to other websites that are not operated by us. If you click on a third party link, you will be directed to that third party’s site. We strongly advise you to review the Privacy Policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies or practices of any such third party sites or services.

DATA BREACH & REMEDIES

In the event of any data breach, MLES will notify you and applicable authority, whenever necessary and required by law, the relevant data authority of your region about the data breach and the severity and impact of it within a legally reasonable time and will try to rectify the situation as soon as possible. MLES has implemented high security measures and security standards to prevent such data breaches. To learn more about security measures please check our [Information Security Policy]

UPDATE TO THIS POLICY
As we are committed to improving our privacy standard, with that goal in mind  we may publish updates to this policy from time to time. We  will inform you about  such updates by notification.

CONTACT US

If you have any questions about this privacy policy, you can contact us,

You can contact through our website:

On our email address: [EMAIL ADDRESS ]

Call us on: [CONTACT NUMBER]

The Privacy Policy was last updated on [DATE].