Always give a job hundred percent and you’ll never have to second-guess yourself.

iTechWorks Technology Solutions Private Limited

Global Data Privacy Policy

This Global Data Privacy Policy (Policy) outlines how iTechWorks Technology Solutions Private Limited and its affiliated entities (iTechWorks) collects, processes and uses personal information in compliance with applicable laws and regulations.

Personal data is any information concerning a specific or definable natural person

iTechWorks respects the personal data entrusted to us by our clients, vendors, suppliers, contractors, and employees and are committed to ensuring its security through fair and transparent practices.

Statutory Regulations

This Policy includes the minimum standards for data privacy applicable to iTechWorks.

However, where applicable, iTechWorks tries to exceed these standards to ensure compliance with stringent local laws.

Privacy Principles

iTechWorks performs the roles of a data controller and data processor during the course of business. As a data controller, we determine the purposes and manner in which personal data is processed. As a data processor, we process personal information on behalf of another group company or a third party.


iTechWorks informs individuals of the purpose for which it collects, processes, stores and/or discloses their information through a notice. At the bare minimum, the notice includes:

  • The type of personal data collected;
  • The purpose for which it is collected;
  • The legal requirement to collect this personal data (if applicable);

Global Data Privacy Policy

  • How the personal data will be used or processed;
  • How individuals can access their personal data and amend it for accuracy;
  • An explanation of third party involvement in processing personal data (if applicable);
  • The consequences, if any, for not providing the requested personal data;
  • An option for individuals to indicate a preferred means of contact.

The notice is drafted in simple and clear language in a format that is consistent across the organization. The document also contains the geographic area, office locations, jurisdiction and name of the iTechWorks entity that issues the notice.

Choice and Consent

Where required by law, iTechWorks obtains consent from individuals to collect, use, retain or disclose their personal data. Individuals are given the choice to opt-in or opt-out of this procedure. If applicable, we inform individuals of the consequences for failing to consent or provide their personal data and the process to alter their consent decisions.

iTechWorks verifies that the use of personal data is consistent with the consent obtained. If personal data will be used for a purpose other than that originally disclosed to the individual, we acquire additional consent.


iTechWorks collects personal data in a fair, transparent, and lawful manner.

As such, we adhere to the following guidelines:

  • Collect the minimum personal data required to support a iTechWorks business activity or as mandated by law;
  • Collect personal data in a fair and non-deceptive manner;
  • Collect personal data directly from the individual, when possible;

Where required by local law, obtain explicit consent from individuals, prior to the collection of sensitive personal information (e.g. race, ethnic origin, health details, sexual orientation etc.);

Verify that personal data collected from third parties is reliable and legally obtained.

Furthermore, iTechWorks monitors the involvement of third parties during collection and conducts due diligence to ensure their compliance with our Policy.

Global Data Privacy Policy

Use, Retention and Disposal

All personal data collected by iTechWorks is used expressly for legitimate business activities and for purposes consented to by the individual. iTechWorks only uses personal data in strict adherence to contractual, regulatory and applicable laws.


iTechWorks does not retain personal data any longer than is absolutely necessary. The retention period for personal data is determined by:

  • The purpose of the data collected,
  • The fulfillment of that purpose,
  • Mandatory adherence to local, state and national regulations.

As part of our retention practices, iTechWorks documents and tracks:

  • Retention periods, as mandated by any contractual and/or regulatory requirements;
  • The mode of storage, archival and back up of personal data collected;
  • Approval-based disposal procedures (e.g. destruction and redaction) and exceptions to these procedures.

Disposal, Destruction and Redaction of Personal Data

iTechWorks’s Data Retention and Disposal Policy require managerial approval for the disposal, destruction and deletion of any personal data. Our disposal, destruction and redaction procedures prevent the recovery, theft, misuse or unauthorized access of personal data. For more information regarding this process, please refer to the iTechWorks Data Retention and Disposal Policy.


All individuals are given access to review, update or correct their personal data. The mode of access to this information is clearly communicated to the individual within an appropriate timeframe. Where required by law, iTechWorks will respond to requests from individuals to provide them with information relating to the personal data, we hold about them.

Furthermore, iTechWorks authenticates individuals before granting access to personal data. Access to personal data may be denied if an unreasonable request is made, subject to local laws. If access is denied, iTechWorks provides the reason and a point of contact for further inquiry to the individual.

Disclosure to Third Parties

iTechWorks may disclose personal data to third parties as a part of normal business operations. Such third parties must enter into a written contract with us containing appropriate privacy clauses. Third parties are mandated to handle all personal data in accordance with the following:

  • Third parties must ensure equal care and adequate levels of protection;
  • Appropriate security measures must be implemented to safeguard the personal data;
  • The personal data must only be processed in accordance with iTechWorks’s instructions.

iTechWorks will ensure that international transfers of personal data are afforded with an adequate level of protection, as required by local law.

Protection of Personal Data in the Possession of Third Parties

iTechWorks conducts appropriate due diligence checks prior to and during the selection of third parties who process personal data on behalf of iTechWorks.

iTechWorks requires third parties to strictly adhere to contractual terms and guidelines on data protection to the extent such third parties have access to or are otherwise processing personal data on behalf of iTechWorks. Furthermore, iTechWorks retains the audit rights to monitor and supervise all iTechWorks provided personal data that is processed or handled during the performance of services by a third party contractor.

Finally, iTechWorks maintains a well-defined mitigation and remediation plan in the event that any harm may result due to third party misusing or improperly processing such iTechWorks provided personal data in violation of contractual and statutory obligations.


iTechWorks has implemented physical, administrative and technical security measures across the organization which are designed to prevent data loss, unauthorized access to personal data and misuse, disclosure, alteration, damage or destruction of personal data.

We fully understand that the personal data collected from individuals is under our guardianship. Therefore, we train our employees on the privacy policy as well as information security procedures regarding the appropriate access, use, and disclosure of personal data. iTechWorks also conducts periodic risk assessments on our processes, information systems and third parties, including audits of third party facilities and information systems.

iTechWorks has in place an incident response plan with trained personnel to respond to, investigate and mitigate the impact of any incident. iTechWorks also maintains adequate plans for business continuity management, as well as disaster recovery processes for testing databases, servers, information systems and processes that handle personal data.


iTechWorks informs individuals that they have a responsibility to provide accurate, complete and relevant information in order to maintain the quality and integrity of all personal data. Individuals may contact our designated personnel for any updates or corrections. Individuals may verify and challenge the accuracy and completeness of their personal data and have it amended or deleted if appropriate. Additionally, iTechWorks has a system in place to record the date, edits, validation and verification of all personal data collected, maintained and updated.

Compliance and Reporting

iTechWorks is committed to monitoring and enforcing compliance with this Policy and with applicable privacy laws, regulations and obligations. We have documented procedures for:

  • Addressing and resolving any data privacy grievance;
  • Implementing a remediation process for any data privacy breach;
  • Identifying a third party arbitrator for dispute resolution, if necessary.

In addition, employees, customers and third parties are welcome to submit questions, concerns or complaints about iTechWorks’s privacy practices to our compliance helpline (Contact Us Portal). Any potential or actual violation of this Policy is immediately reported to the concerned department and personnel.

Compliance Review

iTechWorks conducts regular audits of our compliance with applicable privacy policies, procedures, laws, regulations, contracts and standards. During compliance review, we:

  • Document the processes for resolution of issues and vulnerabilities, as well as corrective action plans;
  • Record the results of compliance reviews and regularly submit material findings to the concerned department and personnel;
  • Follow up on recommendations for improvement/remediation plans based on the results of the compliance review.

All iTechWorks directors, officers, employees, agents and contractors are expected to fully comply with this Policy. Violations of this Policy are investigated, and failure to comply with this Policy may result in disciplinary action up to and including termination of employment or contract.

Effective Date: September, 2018