Data Privacy and Protection Policy
The purpose of this Data Privacy and Protection Policy (“Policy”) is to maintain the privacy of and protect the Personal Data(See Annexure-11 for definition) of employees, contractors, vendors, interns, associates, customers and business partners of Iipsaa holdings Pvt.ltd(“ipsaa. This Data Protection Policy is based on globally accepted, basic principles on data protection and provides one of the necessary framework conditions for cross-border data transmission.
All employees, contractors, consultants, temporary, and other employees at ipsaa must comply with this Policy, including all personnel affiliated with third parties who may have access to any data shared by ipsaa. The Policy applies globally to ipsaa’s processing of Personal Data, whether by electronic or manual means (i.e., in hard copy, paper, or analogue form). This Policy applies to any Personal Data that is created, collected, processed, used, shared, or destroyed by ipsaa.
2.1 Privacy and Data Protection Principles
- The following sets out high-level principles that underlie ipsaa’s practices for collecting, using, disclosing, storing, securing, accessing, transferring, or otherwise processing Personal Data.
- Fairness: ipsaashall process Personal Data lawfully, fairly, and in a transparent manner.
- PurposeLimitation: ipsaa shall only collect Personal Data for a specific, explicit, and legitimate purpose(s). Any subsequent processing should be compatible with such purpose(s), unless ipsaa has obtained the individual’s consent or the processing is otherwise permitted by
- Proportionality: ipsaa shall only process Personal Data that is adequate , relevant , and not excessive for the purpose(s) for which it is
- Data Integrity: ipsaa shall keep Personal Data accurate, complete, and up-to-date as isreasonably necessary for the purpose(s) for which it is processe
- DataRetention: ipsaa shall keep Personal Data in a form that is personally identifiable for no longer than necessary to accomplish the purpose(s,)or other permitted purpose(s), for which the Personal Data was obtained.
- DataSecurity: ipsaa shall implement appropriate and reasonable technical and organizational measures to safeguard Personal Data against accidental or unlawful destruction or accidental loss, alteration, unauthorized disclosure, use, or ipsaa shall instruct and contractually require third parties processing Personal Data on behalf of ipsaa, if any, to:
- process it only for purposes consistent with ipsaa’spurpose(s) for processing; and
- implement appropriate technical and organizational measures to safeguard the Personal Data.
- IndividualRights: ipsaa shall process Personal Data in a manner that respects individuals’ rights under applicable data protection laws.
- Accountability:ipsaa shall implement appropriate policies, processes, controls, and other measures necessary to enable it to demonstrate that its processing of Personal Data is in accordance with applicable data protection laws
2.2 Updates to this Policy
ipsaa may from time to time review and revise its data protection practices, policies, and procedures including this Policy. If any significant changes are made, ipsaa shall:
- take reasonable steps to inform all Koan entities, business partners, and other data subjectsaffected by the amendments; and
- postappropriate notices referring to the changes on the relevant websites, as appropriate .
- Any organization or individual that engages with ipsaa shall note and comply with the applicable data protection and privacy laws and take note of the relevant guidelines andindustry codes of practices and
- Compliance shall be indicated by individual and organizational adherence to therequirements and procedures of this Poli
- All data privacy and protection related incidents shall be reported immediately to therelevant authority.
In order to fulfil applicable laws and regulations, ipsaa reserves the right to disclose an individual’s Personal Data to law enforcement agencies, regulatory bodies and, government agencies as required by law or for statutory compliances.
Annexure-1: Personal Data
Personal Data shall mean any information that, when used alone or combined with other data, may be used to identify a living individual. This includ es, but is not limited to:
an individual’s first and last name; e-mail address;
mailing and/or residential addresses; telephone number;
birth date; gender; occupation;
credit card or bank information;
biographical information (where it 1s combined with information that identifies someone);
nation al insurance number; social security numbers; race;
ethnic origin; sexual orientation; political opinions;
religious or philosophical beliefs; criminal records; or
legal investigations and proceedings, etc.