Privacy Policy & GDPR
1. Introduction
As a globally integrated company, Suventure Services Pvt. Ltd.’s business processes increasingly go beyond the borders of one country. This globalization demands not only the availability of communication and information systems across the Suventure Services Pvt. Ltd. group of companies, but also the world-wide processing, sharing and use of multiple types of information including information about an individual whose identity is apparent (either directly and indirectly), or can be reasonably be ascertained from the information available or likely to be available (Personal Information).
This Policy letter sets forth the general principles which underlie Suventure’s specific practices for collecting, using, disclosing, storing, retaining, disposing, accessing, transferring or otherwise processing Personal Information.
2. Applicability
This Policy applies to all Suventure personnel, operating units, and wholly owned subsidiaries worldwide and (as transferred and agreed) with suppliers/business partners who must act consistently with the principles contained in the policy. Country and industry-specific laws and regulations shall take precedence over this policy, to the extent applicable. The application of these principles is more particularly described in the applicable Suventure Services Pvt. Ltd. Corporate Instructions (and any accompanying implementation Guidelines) relating to processing Personal Information. Please read this policy along with the company guidelines for use and processing of Personal Information to understand how Suventure plans to achieve the set principles.
3. Privacy Policy Statement
Suventure remains committed to protecting the privacy and confidentiality of Personal Information of its Employees (including prospects and contractors), Clients, Client Customers, Business Partners and other identifiable individuals that it may receive, use, access, process, transfer or store as part of its business. Uniform practices for collecting, using, disclosing, storing, retaining, disposing, accessing, transferring or otherwise processing such information assists Suventure to process Personal Information fairly and appropriately.
Suventure may collect personal information from various persons as part of the services it may render to them, or in the course of its business. Based on the information being collected and nature of services or requirement, Suventure will apply suitable mechanisms to ensure that Suventure has a lawful basis for receiving, accessing, using, processing, transferring, storing and/or disposing such personal information.
4. General Privacy Principles
These general principles apply to the processing of Personal Information world wide by Suventure Services Pvt. Ltd.
A. Accountability:
Suventure understands its accountability and responsibility for any Personal Information that it may receive, use, process, and store as part of its business. Accordingly, it will:
I. have appropriate corporate instructions, guidelines and other measures to be able to demonstrate that Personal Information is used/ stored / processed / retained / disposed / transferred in compliance with applicable law and other applicable guidelines;
II. Designate an individual or individuals who are accountable for the organization’s compliance with the Privacy principles; and
III. Ensure the availability of required policies, procedures and contacts for management of personal information; these being reviewed at a minimum annually or as and when there is a change warranted.
B. Fairness and Purpose:
Suventure will collect adequate, relevant and necessary Personal Information, and will process such information fairly and lawfully for the purpose it is collected. The purpose of collection will be specified not later than at the time of data collection, or on each occasion of change of purpose.
C. Accuracy:
Suventure will keep Personal Information as accurate, complete and up-to- date as is necessary for the purpose for which it is processed; and provide appropriate channels for the same.
D. Disclosure and Data Sharing:
Suventure will make Personal Information available inside or outside Suventure under appropriate circumstances for business purpose only or as authorized by law. This may require Suventure to transfer personal information to countries other than Suventure operation’s country of business (including transfer to other entities or third parties).
Suventure will implement privacy principles for the use / processing/ transfer / storing/ disposal of personal information as may be prescribed under applicable laws.
E. Cross-Border Data Flows:
When conducting business, working on Company projects, or implementing new processes or systems, an operation may require the transfer of personal information to other entities or third parties that are located outside of the Suventure operation’s country of business. While permissible data transfer mechanisms are defined by applicable law or regulation, examples include:
i. a data transfer agreement with the party who will access or obtain the personal information; or
ii. notice to and/or approval from a country’s local data protection authority; or
iii. notice to and/or consent from the individual whose data is to be transferred.
F. Security:
Suventure will implement reasonable technical and organizational measures to safeguard Personal Information and instruct third parties processing Personal Information on behalf of Suventure to process and manage it in a manner which is consistent with Suventure standards (for Suventure Services Pvt. Ltd. owned information) or Suventure Client standards (for Client information), as may be applicable.
G. Access:
Upon request, Suventure will, within a reasonable time, manner, and in a readily intelligible form provide individuals appropriate access to Personal Information retained by Suventure. Suventure has the right to deny the request; however, the reasons of denial will be provided. Suventure will erase, rectify, complete, or amend the data pursuant to a justified request.
H. Retention and Disposal:
Suventure will retain Personal information in a form that permits identification for no longer than as necessary for the fulfillment of the stated purpose, and should be disposed thereafter.
I. Transparency:
Suventure will be transparent, and make readily available to individuals, specific information related to management of Personal Information.
J. Custodianship:
Suventure will follow appropriate policies and practices agreed with its clients for the safe handling of Personal Information that it processes on behalf of its clients.
5. Data Collection Transfer & Processing
Suventure may collect, store, use and disclose information about individuals which may constitute personal data (including sensitive personal data) under various Government Laws (for e.g. Indian IT Act Privacy rules, GDPR, etc.), lawful, explicit and legitimate purposes and for further processing of personal data consistent with those purposes.
The personal data may be processed for purposes including, without limitation,
1. Administering relationships services.
2. Operational purposes.
3. Conducting market or customer satisfaction research.
4. Providing individuals with information concerning products and services which Suventure believes to be of interest.
5. Compliance with any requirement of law, regulation, associations, codes that
Suventure decides to adopt.
6. For the detection, investigation, monitoring and prevention of fraud and other crimes or malpractice.
7. For the purpose of, or in connection with, any legal proceedings (including prospective legal proceedings), for obtaining legal advice or for establishing, exercising or defending legal rights or Any other purpose connected to or incidental to the purposes as stated above.
8. Privacy data collected at website – cookies may be used in website to track user behavior, etc., and/or user name, address, email, phone number is collected for marketing or research purposes.
Suventure shall obtain consent from the data subject in free manner prior to collecting, storing and processing of personal data.
Suventure shall not utilize an individuals personal data beyond this scope without prior consent from the individual and shall take measures to ensure that this principle is observed. An individuals personal data shall not be provided or otherwise disclosed to third parties other than Suventure affiliates, investigators, or law enforcement personnel when consent has been obtained from the individual in question or when disclosure is legally mandated.
To the extent permitted by applicable law, Suventure may record and monitor electronic and voice communications to ensure compliance with the legal and regulatory obligations and internal policies and for the purposes outlined above. Any transfer of personal data to a third party shall take place only if, all provisions of Data protection are applied by the third party in order to ensure that the level of protection of personal data is guaranteed.
Data shall be encrypted and anonymized wherever necessary.
6. Enforcement and Redressal
Suventure will provide appropriate robust mechanisms for assuring compliance with the Principles, and address grievance and / or provide recourse for individuals who are affected by non-compliance with the Principles.
For any addressal please contact us on: info@suventure.in