Data Protection and Security Policy
Last Updated: 29 May 2023
Introduction
At Rosnil Technology Private Limited (“APELABS”), we are committed to protecting the privacy and security of personal data entrusted to us. This Data Protection and Security Policy outlines our practices and procedures to ensure compliance with applicable data protection laws and safeguard the confidentiality, integrity, and availability of personal and sensitive data.
Scope
This policy applies to all employees, contractors, and third-party service providers who handle personal or sensitive data on behalf of APELABS. It covers all data processing activities conducted within our organization, including the collection, storage, use, disclosure, and disposal of personal data.
Compliance with Data Protection Laws
We are committed to complying with all applicable data protection laws, regulations, and standards, including but not limited to the General Data Protection Regulation (GDPR) and any other applicable national or regional data protection laws. We will take all necessary measures to ensure that personal data is processed lawfully, transparently, and for legitimate purposes.
Data Collection and Use
We will collect and process personal data only for specified, legitimate purposes and will ensure transparency in data collection practices.
Data Minimization
We will only collect and process personal data that is necessary for the specified purposes. We will avoid collecting excessive or irrelevant data.
Lawful Basis
We will ensure that personal data is processed based on a lawful basis, such as consent, contractual necessity, legal obligation, vital interests, legitimate interests, or other applicable legal grounds.
Purpose Limitation
Personal data will only be processed for the purposes for which it was collected, unless we obtain explicit consent or as required by law.
Data Accuracy
We will take reasonable steps to ensure that personal data is accurate, complete, and up to date. Data subjects have the right to request correction of any inaccurate or incomplete data.
Data Retention
Personal data will be retained for no longer than necessary to fulfill the purposes for which it was collected, unless a longer retention period is required by law or for legitimate business purposes.
Data Security
We will implement appropriate technical and organizational measures to protect personal data against unauthorized access, disclosure, alteration, or destruction. These measures may include encryption, access controls, secure storage, regular backups, and staff training.
Confidentiality
We will ensure that personal data is treated as confidential and access is limited to authorized personnel on a need-to-know basis.
Incident Response
In the event of a data breach or security incident, we will promptly assess and mitigate the impact, notify affected individuals and relevant authorities as required by law, and take steps to prevent similar incidents in the future.
Data Subject Rights
We respect the rights of data subjects and will provide them with the necessary means to exercise their rights under applicable data protection laws. This includes the right to access, rectify, erase, restrict processing, data portability, and object to the processing of their personal data.
Third-Party Data Processors
When engaging third-party service providers to process personal data on our behalf, we will conduct due diligence to ensure their ability to provide sufficient data protection measures. We will establish appropriate data processing agreements and monitor their compliance with this Policy and applicable data protection laws.
Training and Awareness
We will provide regular training and awareness programs to ensure that employees and relevant stakeholders are knowledgeable about data protection principles, their roles and responsibilities, and the importance of maintaining data security and confidentiality.
Policy Review and Updates
This Data Protection and Security Policy will be reviewed periodically and updated as necessary to reflect changes in our data processing activities, legal requirements, and best practices in data protection and security.
Contact Information
For inquiries or concerns regarding data protection and security, data subjects and stakeholders can contact our designated Data Protection Officer:
Data Protection Officer:
Name: Nilesh Jagtap
Email: Nilesh.jagtap@apeitnow.com
Phone: +91 8691903999
Data Protection Responsibilities
Management Responsibility
APELABS management is responsible for establishing and implementing data protection policies, procedures, and controls to ensure compliance with applicable data protection laws.
Employee Responsibility
All employees and contractors are responsible for handling personal data in accordance with this policy, attending data protection training, and reporting any data protection concerns or incidents to the appropriate channels.
Third-Party Responsibility
Third-party service providers that process personal data on behalf of APELABS are responsible for adhering to the data protection requirements set out in their agreements and complying with applicable data protection laws.
Policy Acknowledgment
By using APELABS services or accessing the APELABS website, individuals acknowledge that they have read, understood, and agree to comply with this Data Protection and Security Policy. Failure to comply with this policy may result in disciplinary action, including termination of employment or contractual relationships.
This Data Protection and Security Policy is effective as of the last updated date mentioned at the beginning of this document and supersedes any previous versions. Any updates or modifications to this policy will be communicated through appropriate channels and made available to all relevant stakeholders. This policy is subject to the laws and regulations of the jurisdiction in which APELABS operates. In case of any conflict between this policy and applicable laws, the provisions of the relevant laws shall prevail.
Signed:
Authorized Representative of APELABS