Policy


Information Management, Privacy and Security


Effective Date: 12 Feb 2018 | Revised: 18 Mar 2024

Data Privacy Laws Policy


1. Purpose

This policy outlines the principles and practices for ensuring compliance with data privacy laws relevant to Igile Technologies India Pvt Ltd. It aims to protect the privacy and confidentiality of personal data handled by the company, ensuring adherence to applicable regulations and standards.

2. Scope

This policy applies to all employees, contractors, and third-party service providers who handle or process personal data on behalf of Igile Technologies India Pvt Ltd. It covers all data privacy laws that are applicable within the jurisdictions where the company operates.

3. Definitions

4. Legal Framework

Igile Technologies India Pvt Ltd adheres to the following data privacy laws and regulations:

5. Data Privacy Principles

Igile Technologies India Pvt Ltd follows the core principles of data privacy:

6. Data Collection and Processing

Data Collection: Personal data must be collected in a manner that is lawful and fair. The data subject must be informed about the purpose of the data collection.

Data Processing: Personal data must be processed only for the purposes for which it was collected, and appropriate measures must be taken to ensure data accuracy and security.

7. Data Subject Rights

Data subjects have the following rights under applicable data privacy laws:

8. Data Protection Impact Assessments (DPIAs)

DPIAs must be conducted when processing operations are likely to result in a high risk to the rights and freedoms of data subjects. The assessment will evaluate the necessity, proportionality, and risks associated with the processing and identify measures to mitigate those risks.

9. Data Breach Management

In the event of a data breach, the following steps must be taken:

10. Training and Awareness

All employees must receive regular training on data privacy laws and the company's data protection practices. Awareness programs will be conducted to ensure understanding and compliance.

11. Data Protection Officer (DPO)

A Data Protection Officer will be appointed to oversee compliance with data privacy laws, handle data subject requests, and act as a point of contact for regulatory authorities.

12. Policy Review

This policy will be reviewed annually and updated as necessary to ensure ongoing compliance with data privacy laws and best practices.

13. Compliance and Enforcement

Failure to comply with this policy may result in disciplinary action, up to and including termination of employment. Compliance will be monitored through regular audits and assessments.