Privacy Policy
Objective.
This Privacy Policy (this “Policy”) applies to DEKRA India Private Limited (Formerly known as Chilworth Technology Private Limited), a private limited company incorporated under the Companies Act, 1956 and existing under Companies Act, 2013, having its registered office at Plot No. 3, B-2, Muskaan Complex, Vasant Kunj New Delhi-110070 (the “Company”). The purpose of this Policy is to maintain the privacy of and protect the personal information of employees, contractors, vendors, interns, associates, customers and business partners of the Company and to ensure the compliance with laws and regulations applicable to personal information including sensitive personal data or information.
Scope.
This Policy is applicable to all the employees, contractors, vendors, interns, associates, customers and business partners of the Company who may receive personal information, have access to personal information collected or processed, or who provide information to the organization, regardless of geographic location.
All employees of the Company are expected to support this Policy and principles when they collect and / or handle personal information, or are involved in the process of maintaining or disposing of personal information.
This Policy provides the information to successfully meet the organization’s commitment towards data privacy. All partner firms and any third-party working with or for the Company, and who have or may have access to personal information, will be expected to have read, understand and comply with this Policy.
No third party may access personal information held by the Company without having first entered into a confidentiality agreement.
1. General Definitions.
Reference to “you” or “your” in this Policy refers to any natural person (including the employees, contractors, vendors, interns, associates, customers, business partners of the Company and the visitors of the website of the Company) who provide to Company any information referred in Schedule- 1 of this Policy or any user(s) of Company’s website or business applications whether or not, you avail the Services offered by Company.
a) “Act” shall mean the Information Technology Act, 2000 and Rules thereunder as amended from time to time;
b) “Information” shall mean and include Personal Information and Sensitive Personal Data and Information as may be collected by Company;
c) “Personal Information (PI)” shall have the same meaning as under Rule 2 (i) of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 as amended from time to time. For ease of reference Rule 2 (i) of the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 is re-produced under Schedule-1;
d) “Rules” shall mean the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 as amended from time to time;
e) “Registered User” shall mean such user whose registration is accepted by Company;
f) “Sensitive Personal Data and Information (SPDI)” shall mean and include information under Rule 3 of the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 as amended from time to time. For ease of reference Rule 3 of the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 is re-produced under Schedule 1; and
g) “Services” for the purpose of this Policy shall mean any person who by way of registration has sought or in any manner has requested the services of Company.
b) “Information” shall mean and include Personal Information and Sensitive Personal Data and Information as may be collected by Company;
c) “Personal Information (PI)” shall have the same meaning as under Rule 2 (i) of the Information Technology (Reasonable Security Practices and Procedures and Sensitive Personal Data or Information) Rules, 2011 as amended from time to time. For ease of reference Rule 2 (i) of the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 is re-produced under Schedule-1;
d) “Rules” shall mean the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 as amended from time to time;
e) “Registered User” shall mean such user whose registration is accepted by Company;
f) “Sensitive Personal Data and Information (SPDI)” shall mean and include information under Rule 3 of the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 as amended from time to time. For ease of reference Rule 3 of the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 is re-produced under Schedule 1; and
g) “Services” for the purpose of this Policy shall mean any person who by way of registration has sought or in any manner has requested the services of Company.
All words and expressions used and not defined in this Policy but defined in the Act or the Rules shall have the meanings respectively assigned to them in the Act or the Rules. The Company is fully committed to respecting your privacy and shall ensure that your Information is safe. This Policy sets out the practices adopted in respect of Information, including the types of Information that is collected, how the Information is collected, how the Information is used, how long the Information is retained and with whom it is shared (“Policy”).
This Policy is published in compliance with the provisions of the Act and the Rules made thereunder that require publishing the privacy policy on Company’s website. The Company urges you to read this Policy carefully before you use or opt to access any Services of Company or decide to part with any Personal Information including the information listed under Schedule 1.
2. Collection of Information.
2.1. You may use Company’s website to access Information, learn about its products and services, read publications and check career opportunities etc. without providing any PI/SPDI;
2.2. Company may collect and process PI/ SPDI provided by you in the following forms:
a) Should you opt to access such Services of Company, which are available only to Registered Users, Information is required to be provided by you at registration such as your name, date of birth, address, email ID, gender and phone number. Providing additional information beyond what is required at the time of registration is entirely optional and can be altered or removed by you at any time. Registered Users are given access to the web portal/business applications based on the password based authentication which is chosen by them and securely stored in Company servers for the purpose of authentication of the Registered Users at the time of login;
b) Information that you provide directly to Company via email or electronic communication;
c) Information that you provide to Company over telephone. Company may make and keep a record of such information shared by you;
d) Information that you provide to Company in physical form whether sent through post or courier or handed over to a Company representative in person; and
e) PI/SPDI collected by Company from its employees, suppliers or onsite consultants for the purpose of employment, availing their services and recording their attendance etc. You will at all times have the option of not providing Company with PI/SPDI that Company seeks to collect. Even after you have provided Company with any PI/SPDI, you will have the option to withdraw the consent given earlier. In such cases, Company will have the right to not provide or discontinue the provision of any Service that is linked with such PI/SPDI.
b) Information that you provide directly to Company via email or electronic communication;
c) Information that you provide to Company over telephone. Company may make and keep a record of such information shared by you;
d) Information that you provide to Company in physical form whether sent through post or courier or handed over to a Company representative in person; and
e) PI/SPDI collected by Company from its employees, suppliers or onsite consultants for the purpose of employment, availing their services and recording their attendance etc. You will at all times have the option of not providing Company with PI/SPDI that Company seeks to collect. Even after you have provided Company with any PI/SPDI, you will have the option to withdraw the consent given earlier. In such cases, Company will have the right to not provide or discontinue the provision of any Service that is linked with such PI/SPDI.
3. Cookies.
3.1. Our website uses cookies to distinguish you from other users of our website. This helps us to provide you with a good experience when you browse the website of the Company and also allows the Company to improve its website.
3.2. The Company uses the following cookies:
3.2.1. Required cookies. These cookies are of essential importance for the functioning of our website. Examples are the assignment of anonymous session IDs for the bundling of several queries to a web server or the error-free functioning of logins and orders.
3.2.2. Comfort cookies. These cookies collect information so that certain content (e.g. videos, map services) can be provided to you. Cookies from third party providers are set in the process.
3.2.3. Statistics cookies. These cookies collect information about how you are using our website. They do not save any information that allows personal identification of the visitor. The information collected with these cookies is aggregated and thus anonymous. They help us improve the quality of our website on an ongoing basis.
3.2.4. Marketing cookies. These cookies are set by third parties to enable personalized advertising. The data collected concerning you is anonymous to us.
3.2.2. Comfort cookies. These cookies collect information so that certain content (e.g. videos, map services) can be provided to you. Cookies from third party providers are set in the process.
3.2.3. Statistics cookies. These cookies collect information about how you are using our website. They do not save any information that allows personal identification of the visitor. The information collected with these cookies is aggregated and thus anonymous. They help us improve the quality of our website on an ongoing basis.
3.2.4. Marketing cookies. These cookies are set by third parties to enable personalized advertising. The data collected concerning you is anonymous to us.
3.3. You can find more information about the individual cookies we use and the purposes for which we use them in the list of cookies in the
data privacy settings.
3.4. Please note that third parties (including, for example, advertising networks and providers of external services like web traffic analysis services) may also use cookies, over which we have no control. These cookies are likely to be analytical/performance cookies or targeting cookies.
3.5. You block cookies by activating the setting on your browser that allows you to refuse the setting of all or some cookies. However, if you use your browser settings to block all cookies (including essential cookies) you may not be able to access all or parts of our site.
4. Use of Information Collected.
4.1. Any information, if collected will be used in connection with the relevant purpose as per the contract and as under Clause 2.2. The provider of information availing any Services from Company shall be deemed to have consented to Company for the use of such information as under this Policy.
4.2. Employees, suppliers or consultants of Company shall be duly advised about the purpose for which any Information is being collected at the time of such collection.
5. Sharing of Information.
5.1. Where PI/SPDI is required to be shared, arising out of any contractual obligation, Company shall part with such PI/SPDI only in accordance with your consent for the same.
5.2. To the extent necessary to provide you the requested Services or to the extent required under applicable law, we may provide your PI/SPDI to the following Third Parties without notice to you:
5.2.1. Consultants (including auditors, authorized vendors) on a ‘need to know’ basis under a non-disclosure agreement; and
5.2.2. Governmental authorities, in such manner as permitted or required by applicable law.
5.2.2. Governmental authorities, in such manner as permitted or required by applicable law.
5.3. Legal proceedings. In the event, Company is required to respond to subpoenas, court orders or other legal process, your PI/SPDI may be disclosed pursuant to such court order or legal process, which may be without notice to you.
6. Security of Information.
6.1. Company strives to ensure the security, integrity and privacy of your PI/SPDI and to protect your Information against unauthorized access, alteration, disclosure or destruction. Stringent security measures (physical, electronic and managerial) are in place to protect against the loss, misuse, and alteration of the PI/SPDI under our control. Company’s servers are accessible only to authorized personnel and your Information is shared with employees and authorized personnel strictly on a 'need to know' basis.
6.2. The Company uses and has a comprehensive documented information security program and information security policies that contain managerial, technical, operational and physical security control measures that are commensurate with the Information being protected. Company periodically assesses, audits and updates its information security protocols and policies to achieve the highest standards on a continuous and ongoing basis.
6.3. You may review the Information you have provided to Company at any time. On your request, Company will ensure that any PI/SPDI notified to be inaccurate or deficient, shall be corrected or amended. However, Company shall not be responsible for the authenticity of the PI/ SPDI.
6.4. Notwithstanding anything contained in this Policy or elsewhere, Company shall not be held responsible for any loss, damage or misuse of your PI/SPDI, if such loss, damage or misuse is attributable to a force majeure event.
7. Retention and Revocation of Information.
7.1. Your PI/SPDI will be retained with Company as long as you avail the Services of Company or for such period as may be necessary under applicable law.
7.2. In the event, you wish to no longer avail the Services of Company or intend to request that Company no longer retain your PI/SPDI or where you intend to modify the current PI/ SPDI, you may contact Company as provided herein below.
8. Notification of Changes.
8.1. From time to time, Company may update this Policy. The Last Updated Date of this Policy, stated below (Clause 8.3), indicates the last time this Policy was revised or materially changed. Checking the effective date below allows you to determine whether there have been changes since the last time you reviewed the Policy.
8.2. In the event, if you object to any of the changes, and you no longer wish to use the Services or intend to revoke your consent to retain your PI/SPDI with Company, you may contact Company as provided hereunder.
8.3. Last Updated Date: Aug 28, 2020
9. Inquiries.
The Company respects and is sensitive to the rights as granted in the Act and Rules. Should you have questions about the Policy or Company’s information collection, use and disclosure practices, you may contact the Grievance Officer as per the details given herein below. Company will use reasonable efforts to respond promptly to requests, questions or concerns you may have regarding the use of your PI/SPDI.
10. Grievance Officer.
In accordance with the Act and the Rules made thereunder, the name and contact details of the Grievance Officer are provided below. You may contact the Grievance Officer to address any discrepancies and grievances you may have with respect to your Information with Company.
The Grievance Officer will redress your grievances expeditiously.
Schedule- 1
Rule 2
“Personal information” means any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person.
“Personal information” means any information that relates to a natural person, which, either directly or indirectly, in combination with other information available or likely to be available with a body corporate, is capable of identifying such person.
Rule 3
Sensitive personal data or information of a person means such personal information which consists of information relating to:-
Sensitive personal data or information of a person means such personal information which consists of information relating to:-
a) password;
b) financial information such as Bank account or credit card or debit card or other payment instrument details;
c) physical, physiological and mental health condition;
d) sexual orientation;
e) medical records and history;
f) Biometric information;
g) any detail relating to the above clauses as provided to body corporate for providing service; and
h) any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise: provided that, any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data or information for the purposes of these Rules.
b) financial information such as Bank account or credit card or debit card or other payment instrument details;
c) physical, physiological and mental health condition;
d) sexual orientation;
e) medical records and history;
f) Biometric information;
g) any detail relating to the above clauses as provided to body corporate for providing service; and
h) any of the information received under above clauses by body corporate for processing, stored or processed under lawful contract or otherwise: provided that, any information that is freely available or accessible in public domain or furnished under the Right to Information Act, 2005 or any other law for the time being in force shall not be regarded as sensitive personal data or information for the purposes of these Rules.