Data Privacy Policy
1 Introduction
1.1 Scope
-
This Policy sets the minimum standard and shall guide all Immergro Technologies Pvt. Ltd.(Digiledge)
employees and
Agents even if local law is less restrictive.
-
Supplemental policies and practices will be developed as needed to meet the local, legal or departmental
requirements. Supplemental policies and practices may provide for more strict or specific privacy
and protection standards than are set forth in this Policy.
1.2 Terms and Definitions
-
“staff” and “users” means all of those who work under our control, including employees,
contractors, interns etc.
-
“we” and “our” refer to Immergro Technologies Pvt. Ltd.(Digiledge).
-
“Agent” means any third party that collects and/or uses Personal Information provided
by
Immergro Technologies Pvt. Ltd.(Digiledge) to perform tasks on behalf of and under the instructions of
Immergro
Technologies Pvt. Ltd.(Digiledge).
-
“Immergro Technologies Pvt. Ltd.(Digiledge)” is Immergro Technologies Pvt.
Ltd.(Digiledge),
Inc. and all of its subsidiaries.
-
“Controller” means a person or organization which, alone or jointly with others,
determines the
purposes and means of the Processing of Personal Information.
-
“Human Resource Data” means Personal information concerning Immergro Technologies Pvt.
Ltd.(Digiledge) employees or prospective employees.
-
An “Identified” or “Identifiable” individual is one who can be identified, directly or
indirectly, in particular by reference to an identification number or to one or more factors specific to
the
person’s physical, physiological, mental, economic, cultural or social identity.
-
“Personal Information” is information or data about an “Identified” or “Identifiable”
(see
definition above) individual. It does not include information that is anonymous, aggregated or in
circumstances
where the individual is not readily identifiable.
-
“Policy” means this Data Privacy Policy, as revised.
-
“Processing” or “Process” means any operation or set of operations which is performed
on
Personal Information or on sets of Personal Information, whether or not by automated means, such as
collection,
recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use,
disclosure by transmission, dissemination or otherwise making available, alignment or combination,
restriction,
erasure or destruction.
2 Data Privacy Policy
2.1 Policy Statement
Immergro Technologies Pvt. Ltd.(Digiledge) is committed to protecting the privacy and confidentiality of
Personal
Information about its employees, customers, business partners and other identifiable individuals. Immergro
Technologies
Pvt. Ltd.(Digiledge)’s policies, guidelines and actions support this commitment to protecting Personal
Information. Each
employee bears a personal responsibility for complying with this Policy in the fulfillment of their
responsibilities at
Immergro Technologies Pvt. Ltd.(Digiledge).
2.2 Policy Details
-
Immergro Technologies Pvt. Ltd.(Digiledge) respects the privacy of its employees and third parties
such as customers,
business partners, vendors, service providers, suppliers, former employees and candidates for employment
and recognizes
the need for appropriate protection and management of Personal Information. Immergro Technologies Pvt.
Ltd.(Digiledge)
is guided by the following principles in Processing Personal Information:
-
Notice
-
Choice
-
Accountability for onward transfer
-
Security
-
Data integrity and purpose limitation
-
Access
-
Recourse, Enforcement and Liability
-
Notice. When collecting Personal Information directly from individuals, Immergro Technologies Pvt.
Ltd.(Digiledge)
strives to provide clear and appropriate notice about the:
-
Purposes for which it collects and uses their Personal Information
-
Types of non-Agent third parties to which Immergro Technologies Pvt. Ltd.(Digiledge) may
disclose that information,
and
-
Choices and means, if any, Immergro Technologies Pvt. Ltd.(Digiledge) offers individuals for
limiting the use and
disclosure of their Personal Information.
-
Choice. Generally, Immergro Technologies Pvt. Ltd.(Digiledge) offers individuals a choice regarding how
we Process
Personal Information, including the opportunity to choose to opt-out of further Processing or, in
certain circumstances,
to opt-in. However, explicit consent from individuals is not required when Processing Personal
Information for:
-
Purposes consistent with the purpose for which it was originally collected or subsequently
authorized by the
individual,
-
Purposes necessary to carry out a transaction relationship,
-
Purposes necessary to comply with legal requirements, or
-
Disclosure to an Agent.
-
Accountability for Onward Transfer. In regard to the transfer of Personal Information to either an Agent
or
Controller, Immergro Technologies Pvt. Ltd.(Digiledge) strives to take reasonable and appropriate steps
to:
-
Transfer such Personal Information only for specified purposes and limit the Agent or
Controller’s use of that
information for those specified purposes,
-
o Obligate the Agent or Controller to provide at least the same level of privacy protection as
is required by this
Policy,
-
Help ensure that the Agent or Controller effectively Processes the Personal Information in a
manner consistent with
its obligations under this Policy,
-
Require the Agent or Controller to notify Immergro Technologies Pvt. Ltd.(Digiledge) if the
Agent or Controller
determines it can no longer meet its obligation to provide the same level of protection as is
required by this Policy,
and
-
Upon notice from the Agent or Controller, take further steps to help stop and remediate any
unauthorized Processing
-
Security. Immergro Technologies Pvt. Ltd.(Digiledge) takes reasonable and appropriate measures to
protect Personal
Information from loss, misuse and unauthorized access, disclosure, alteration and destruction, taking
into due account
the risks involved in the Processing and the nature of the Personal Information.
-
Data Integrity and Purpose Limitation. Immergro Technologies Pvt. Ltd.(Digiledge) will only Process
Personal
Information in a way that is compatible with the purpose for which it has been collected or subsequently
authorized by
the individual. Immergro Technologies Pvt. Ltd.(Digiledge) shall take steps to help ensure that Personal
Information is
accurate, reliable, current and relevant to its intended use.
-
Access. Immergro Technologies Pvt. Ltd.(Digiledge) provides individuals with reasonable access to their
Personal
Information for purposes of correcting, amending or deleting that information where it is inaccurate or
has been
Processed in violation of the Immergro Technologies Pvt. Ltd.(Digiledge) data privacy principles.
-
Recourse, Enforcement and Liability. Violation of this Policy by an employee or contractor of Immergro
Technologies
Pvt. Ltd.(Digiledge) will result in appropriate discipline up to and including termination. Violation by
an Agent,
Controller or other third party of this Policy or Immergro Technologies Pvt. Ltd.(Digiledge)’s privacy
requirements will
result in the exercise of appropriate legal remedies available at law or in equity including termination
for material
breach of contract.
2.3 Purpose of Collecting and Use of Personal Information
Immergro Technologies Pvt. Ltd.(Digiledge) may from time to time Process certain Personal Information from
or about
employees and third parties such as customers, business partners, vendors, service providers, suppliers,
former
employees and candidates for employment, including information recorded on various media as well as
electronic data.
Immergro Technologies Pvt. Ltd.(Digiledge) will use that Personal Information to provide customers, business
partners,
vendors, service partners and suppliers with information and services and to help Immergro Technologies Pvt.
Ltd.(Digiledge) personnel better understand the needs and interests of these customers, business partners,
vendors,
service partners and suppliers. Specifically, Immergro Technologies Pvt. Ltd.(Digiledge) uses information to
help
complete a transaction or order, to facilitate communication, to market and sell products and services, to
deliver
products/services, to bill for purchased products/services, and to provide ongoing service and support.
Occasionally
Immergro Technologies Pvt. Ltd.(Digiledge) personnel may use Personal Information to contact customers,
business
partners, vendors, service partners and suppliers to complete surveys that are used for marketing and
quality assurance
purposes.
Immergro Technologies Pvt. Ltd.(Digiledge) may also share Personal Information with its business partners,
vendors,
service providers and suppliers to the extent needed to support the customers' business needs. Suppliers are
required to
keep confidential Personal Information received from Immergro Technologies Pvt. Ltd.(Digiledge) and shall
not use it for
any purpose other than as originally intended or subsequently authorized or permitted.
Immergro Technologies Pvt. Ltd.(Digiledge) also collects Human Resources Data in connection with
administration of its
Human Resources programs and functions and for the purpose of communicating with its employees. These
programs and
functions may include compensation and benefit programs, employee development planning and review,
performance
appraisals, training, business travel expense and tuition reimbursement, identification cards, access to
Immergro
Technologies Pvt. Ltd.(Digiledge) facilities and computer networks, employee profiles, internal employee
directories,
Human Resource record keeping, and other employment related purposes. Immergro Technologies Pvt.
Ltd.(Digiledge) also
collects and uses Personal Information to consider candidates for employment opportunities within Immergro
Technologies
Pvt. Ltd.(Digiledge). Human Resources Data may be shared with third party vendors and service providers for
the purpose
of enabling the vendor or service provider to provide service and/or support to Immergro Technologies Pvt.
Ltd.(Digiledge) in connection with these Human Resources programs and functions. Immergro Technologies Pvt.
Ltd.(Digiledge) will not share Human Resources Data with third parties for non-employment related purposes.
Immergro
Technologies Pvt. Ltd.(Digiledge) requires third parties receiving Personal Information to apply the same
level of
privacy protection as contained in this Policy and as required by applicable law.
2.4 Administration
-
Roles and Responsibilities. Responsibility for compliance with this Policy rests with the heads of the
individual
functions, business units and departments together with any individual employees collecting, using or
otherwise
Processing Personal Information. Business unit, function and department heads, in coordination with the
Legal
Department, are responsible for implementing further standards, guidelines and procedures that uphold
this Policy, and
for assigning day-to-day responsibilities for privacy protection to specific personnel for enforcement
and monitoring.
-
Implementation. This Policy is meant to be implemented in conjunction with supplementary data privacy
policies
specific to a region, country or department, if required. These supplementary data privacy policies will
account for
differences in data protection requirements by jurisdiction or function and will specify individual
roles and
responsibilities. Immergro Technologies Pvt. Ltd.(Digiledge) business units, functions or facilities
will implement
supplementary data privacy policies as required to be in compliance with applicable laws.
-
Interpretation. In the event of any conflict between this Policy and any supplemental data privacy
policy, this Policy
will supersede the supplemental data privacy policy to the extent that the supplemental data privacy
policy is less
restrictive. Local data privacy policies may provide for stricter data privacy and protection standards
than are set
forth in this Policy. In the event local data privacy law provides for stricter data privacy and
protection than this
Policy, the local data privacy law will supersede this Policy in that jurisdiction to the extent
necessary to comply
with stricter local law.
3 Data Masking
To limit the exposure of sensitive data including PII, and to comply with legal, statutory, regulatory and
contractual
requirements
-
The organization shall consider hiding PII data by using techniques such as data masking,
pseudonymization or
anonymization.
-
When using pseudonymization or anonymization techniques, it shall be verified that data has been
adequately
pseudonymized or anonymized.
-
Pseudonymization shall be configured by a secret key so that only the authorized people have access to
and
pseudonymize PII, thus denying access to external attackers.
-
Immergro Technologies Pvt. Ltd.(Digiledge) shall also follow various other techniques such as
encryption, masking,
deletion of characters, substitution, and hashing.
-
PII in resource identifiers and their attributes [e.g. file names, uniform resource locators (URLs)]
should be either
avoided or appropriately anonymizedLegal requirements, if any on data masking or redacting shall also be
considered
4 Privacy and protection of PII
Purpose
The purpose is to ensure compliance with legal, statutory, regulatory and contractual requirements related to
the
information security aspects of the protection of PII. However, all personal records shall be maintained as
hard or soft
copies and classified as ‘Confidential’.
Policy Statement
-
Information Owners shall document and implement policies for privacy and the protection of personal
information.
-
The policy shall be communicated to all employees involved in the processing of personal information
-
Privacy Impact Assessment and Security Threat and Risk Assessment process documents for all operations
areas that are
collecting, processing and storing personal information shall be developed.
-
The organization shall refer to its Privacy Policy, Data Protection Policies and other supporting
Privacy policies,
procedures and guidelines for ensuring maximum protection to PII and sensitive information.