This Global Data Privacy Policy (Policy) outlines how iTechWorks Technology Solutions Private Limited and its affiliated entities (iTechWorks) collects, processes and uses personal information in compliance with applicable laws and regulations.
Personal data is any information concerning a specific or definable natural person
iTechWorks respects the personal data entrusted to us by our clients, vendors, suppliers, contractors, and employees and are committed to ensuring its security through fair and transparent practices.
This Policy includes the minimum standards for data privacy applicable to iTechWorks.
However, where applicable, iTechWorks tries to exceed these standards to ensure compliance with stringent local laws.
iTechWorks performs the roles of a data controller and data processor during the course of business. As a data controller, we determine the purposes and manner in which personal data is processed. As a data processor, we process personal information on behalf of another group company or a third party.
iTechWorks informs individuals of the purpose for which it collects, processes, stores and/or discloses their information through a notice. At the bare minimum, the notice includes:
The notice is drafted in simple and clear language in a format that is consistent across the organization. The document also contains the geographic area, office locations, jurisdiction and name of the iTechWorks entity that issues the notice.
Where required by law, iTechWorks obtains consent from individuals to collect, use, retain or disclose their personal data. Individuals are given the choice to opt-in or opt-out of this procedure. If applicable, we inform individuals of the consequences for failing to consent or provide their personal data and the process to alter their consent decisions.
iTechWorks verifies that the use of personal data is consistent with the consent obtained. If personal data will be used for a purpose other than that originally disclosed to the individual, we acquire additional consent.
iTechWorks collects personal data in a fair, transparent, and lawful manner.
As such, we adhere to the following guidelines:
Where required by local law, obtain explicit consent from individuals, prior to the collection of sensitive personal information (e.g. race, ethnic origin, health details, sexual orientation etc.);
Verify that personal data collected from third parties is reliable and legally obtained.
Furthermore, iTechWorks monitors the involvement of third parties during collection and conducts due diligence to ensure their compliance with our Policy.
Use, Retention and Disposal
All personal data collected by iTechWorks is used expressly for legitimate business activities and for purposes consented to by the individual. iTechWorks only uses personal data in strict adherence to contractual, regulatory and applicable laws.
Retention
iTechWorks does not retain personal data any longer than is absolutely necessary. The retention period for personal data is determined by:
As part of our retention practices, iTechWorks documents and tracks:
iTechWorks’s Data Retention and Disposal Policy require managerial approval for the disposal, destruction and deletion of any personal data. Our disposal, destruction and redaction procedures prevent the recovery, theft, misuse or unauthorized access of personal data. For more information regarding this process, please refer to the iTechWorks Data Retention and Disposal Policy.
All individuals are given access to review, update or correct their personal data. The mode of access to this information is clearly communicated to the individual within an appropriate timeframe. Where required by law, iTechWorks will respond to requests from individuals to provide them with information relating to the personal data, we hold about them.
Furthermore, iTechWorks authenticates individuals before granting access to personal data. Access to personal data may be denied if an unreasonable request is made, subject to local laws. If access is denied, iTechWorks provides the reason and a point of contact for further inquiry to the individual.
iTechWorks may disclose personal data to third parties as a part of normal business operations. Such third parties must enter into a written contract with us containing appropriate privacy clauses. Third parties are mandated to handle all personal data in accordance with the following:
iTechWorks will ensure that international transfers of personal data are afforded with an adequate level of protection, as required by local law.
iTechWorks conducts appropriate due diligence checks prior to and during the selection of third parties who process personal data on behalf of iTechWorks.
iTechWorks requires third parties to strictly adhere to contractual terms and guidelines on data protection to the extent such third parties have access to or are otherwise processing personal data on behalf of iTechWorks. Furthermore, iTechWorks retains the audit rights to monitor and supervise all iTechWorks provided personal data that is processed or handled during the performance of services by a third party contractor.
Finally, iTechWorks maintains a well-defined mitigation and remediation plan in the event that any harm may result due to third party misusing or improperly processing such iTechWorks provided personal data in violation of contractual and statutory obligations.
iTechWorks has implemented physical, administrative and technical security measures across the organization which are designed to prevent data loss, unauthorized access to personal data and misuse, disclosure, alteration, damage or destruction of personal data.
We fully understand that the personal data collected from individuals is under our guardianship. Therefore, we train our employees on the privacy policy as well as information security procedures regarding the appropriate access, use, and disclosure of personal data. iTechWorks also conducts periodic risk assessments on our processes, information systems and third parties, including audits of third party facilities and information systems.
iTechWorks has in place an incident response plan with trained personnel to respond to, investigate and mitigate the impact of any incident. iTechWorks also maintains adequate plans for business continuity management, as well as disaster recovery processes for testing databases, servers, information systems and processes that handle personal data.
iTechWorks informs individuals that they have a responsibility to provide accurate, complete and relevant information in order to maintain the quality and integrity of all personal data. Individuals may contact our designated personnel for any updates or corrections. Individuals may verify and challenge the accuracy and completeness of their personal data and have it amended or deleted if appropriate. Additionally, iTechWorks has a system in place to record the date, edits, validation and verification of all personal data collected, maintained and updated.
iTechWorks is committed to monitoring and enforcing compliance with this Policy and with applicable privacy laws, regulations and obligations. We have documented procedures for:
In addition, employees, customers and third parties are welcome to submit questions, concerns or complaints about iTechWorks’s privacy practices to our compliance helpline (Contact Us Portal). Any potential or actual violation of this Policy is immediately reported to the concerned department and personnel.
iTechWorks conducts regular audits of our compliance with applicable privacy policies, procedures, laws, regulations, contracts and standards. During compliance review, we:
All iTechWorks directors, officers, employees, agents and contractors are expected to fully comply with this Policy. Violations of this Policy are investigated, and failure to comply with this Policy may result in disciplinary action up to and including termination of employment or contract.
Effective Date: September, 2018