This policy applies to employees, partners, contractors, associates, consultants, vendors, retainers, clients of Nexdigm Pvt. Ltd. and visitors to our website.
We are committed to the protection and responsible use of your personal data and promotion of individual privacy rights. Through the use of appropriate administrative, physical, and technical safeguards, we strive to protect personally identifiable information that we maintain or disseminate to ensure that it is not obtained by unauthorized individuals or used in unauthorized ways.
We may collect, store, process, use, transfer and disclose such information about individuals (“Data Subjects”) which may constitute Personal Information including Sensitive Personal Data or Information under the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 or Personal Data under the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016) (“GDPR”) or any other applicable law. This policy explains the practices we follow with respect to collection, use, disclosure, transfer, security and protection of Personal Information, rights of Data Subjects, breach management and other related aspects.
"Personal Data" means any data relating to a Data Subject which is capable of identifying such Data Subject directly or indirectly such as name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that Data Subject. Personal Data will include Sensitive Personal Information and Special Categories of Personal Information unless otherwise stated. We will strive to ensure that Personal Data collected by us is adequate, relevant and limited to what is necessary in relation to the intended purpose.
We or any person or entity duly authorized on our behalf may collect a variety of Personal Data as required by us to fulfill our responsibilities and obligations as an employer, associate, client or service provider. Such Personal Data may be collected or received by us when you interact with us on our website, e-mail, mobile apps or other web-based applications or by way of personal, telephonic or audio-visual meetings or when you provide to us any documents containing your Personal Information. The Personal Data collected by us could include one or more of the following:
Where processing of Personal Data requires consent, we will obtain your written consent to collect, use and process your Personal Data. With respect to Personal Data disclosed to us by a data controller, we will contractually obligate the data controller to ensure compliance with all legal requirements relating to obtaining of consent. We will maintain and protect the appropriate security, integrity and confidentiality of such Personal Information. In case you refuse to provide the required Personal Data or withdraw your consent at any point of time, we shall have the discretion to discontinue, refuse or withdraw our services for which the information was sought. In case of our employees, associates, partners, consultants, contractors and retainers, we may terminate the employment or service contract or modify the terms of employment or service contract.
The Personal Data collected or received by us may be used or processed by us or any person or entity duly authorised by us for purposes including:
Processing for the purposes of this policy refers to online and offline processing and includes activities such as copying, filing, and feeding information into a database. We maintain Personal Data in an organised and easily accessible manner. We will use the Personal Data only for the purpose for which it has been collected.
We may at times disclose and/or transfer Personal Data to third parties in cases where it is necessary for discharging our contractual obligations and/or providing services to you and/or if you have consented for the same. We may, on a need basis, disclose and/or transfer Personal Data to:
If we outsource the processing of your Personal Data to third parties or provide your Personal Data to third party service providers, we will oblige those third parties to protect your Personal Data with appropriate security measures and prohibit them from using your Personal Data for their own purposes or from disclosing your Personal Data to others. We will adhere to consent and intimation requirements where your Personal Data is being shared with third parties.
We will take all reasonable steps to ensure that Personal Data is stored in a secure environment and protected from unauthorized access, modification or disclosure. We strive to keep the Personal Data secure through implementation of the security practices and controls.
Personal Data is stored using systems which have restricted access and which are housed in facilities with physical security measures. We have a comprehensive information security programmed documented in the form of our Information Security Policy (ISMS/Nexdigm SKP/CSP_0501) which contains managerial, technical, operational and physical security control measures. Our offices are ISO 27001, ISO 29100 and BS10012 certified to manage the security of Personal Data.
We have a designated Chief Information Security Officer responsible for operation and maintenance of our security programmed and controls to enforce the security policy and for providing advice and guidance on its implementation and maintenance.
We strive to keep our records updated with latest and updated Personal Information. To enable this, you can ask us to update or change any Personal Data collected by us to enable us to meet the objectives stated above.
We will retain Personal Data only for such period as may be required to observe, perform and comply with our obligations or as otherwise required under applicable law or practice.
Under GDPR (if applicable to you), you as a Data Subject have a number of rights with regard to your Personal Data that we want to summarily make you aware of:
You may exercise your rights by writing to us at email@example.com. Exercise of the above rights shall be in accordance with GDPR and other applicable regulations.
Our Chief Information Security Officer (CISO) is also our Data Protection Officer and may be contacted at firstname.lastname@example.org.
We have an established Security and Privacy Incident Policy to outline various threats and vulnerabilities that may lead to breach of security and privacy of Personal Data and processes to guide and implement response to such incidents. In case of any privacy related concerns, feedback or grievance, you may contact us at email@example.com.