This policy applies to employees, partners, contractors, associates, consultants, vendors, retainers, clients of SKP Business Consulting LLP and visitors to our website.
3. POLICY STATEMENT
We are committed to the protection and responsible use of your personal data and promotion of individual privacy rights. Through the use of appropriate administrative, physical, and technical safeguards, we strive to protect personally identifiable information that we maintain or disseminate to ensure that it is not obtained by unauthorized individuals or used in unauthorized ways.
We may collect, store, process, use, transfer and disclose such information about individuals (“Data Subjects”) which may constitute Personal Information including Sensitive Personal Data or Information under the Information Technology (Reasonable security practices and procedures and sensitive personal data or information) Rules, 2011 or Personal Data under the General Data Protection Regulation (Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016) (“GDPR”) or any other applicable law. This policy explains the practices we follow with respect to the collection, use, disclosure, transfer, security, and protection of Personal Information, rights of Data Subjects, breach management and other related aspects.
5. MEANING AND COLLECTION OF PERSONAL DATA
“Personal Data” means any data relating to a Data Subject which is capable of identifying such Data Subject directly or indirectly such as name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that Data Subject. Personal Data will include Sensitive Personal Information and Special Categories of Personal Information unless otherwise stated. We will strive to ensure that Personal Data collected by us is adequate, relevant and limited to what is necessary for relation to the intended purpose.
We or any person or entity duly authorized on our behalf may collect a variety of Personal Data as required by us to fulfill our responsibilities and obligations as an employer, associate, client or service provider. Such Personal Data may be collected or received by us when you interact with us on our website, e-mail, mobile apps or other web-based applications or by way of personal, telephonic or audio-visual meetings or when you provide to us any documents containing your Personal Information. The Personal Data collected by us could include one or more of the following:
- Name, birthdate, phone numbers, mailing address, email addresses, contact details, education documents, reference letters, relieving certificates, photographs, passwords to our portal, passport information;
- Financial information such as bank account details, financial statements, permanent account number, annual income, details regarding payment instruments, tax deducted at source, service tax registration;
- Physical, physiological and mental health condition, medical records and history;
- Information gathered through the use of biometrics such as fingerprints, eye retina, iris, voice patterns, facial recognition;
- Professional certifications and registrations;
- Disciplinary and grievance procedures, the results of credit and criminal background checks,
- Voicemails, emails, correspondence and other work product and communications created, stored or transmitted by an employee using our computer or communications equipment;
- Driving license number, vehicle registration number;
- Information captured on security systems, including CCTV and key card entry systems;
- Information provided by way of participation in surveys, inquiries, subscriptions and job applications
6. CONSENT FOR PERSONAL DATA
Where processing of Personal Data requires consent, we will obtain your written consent to collect, use and process your Personal Data. With respect to Personal Data disclosed to us by a data controller, we will contractually obligate the data controller to ensure compliance with all legal requirements relating to obtaining of consent. We will maintain and protect the appropriate security, integrity, and confidentiality of such Personal Information.
In case you refuse to provide the required Personal Data or withdraw your consent at any point of time, we shall have the discretion to discontinue, refuse or withdraw our services for which the information was sought. In case of our employees, associates, partners, consultants, contractors, and retailers, we may terminate the employment or service contract or modify the terms of employment or service contract.
7. USE OF PERSONAL DATA
The Personal Data collected or received by us may be used or processed by us or any person or entity duly authorised by us for purposes including:
- Administrative, operational and business purposes;
- To execute our contractual obligations;
- To process and respond to requests and queries;
- Conducting market or customer satisfaction research;
- Payment of salaries, fees or reimbursements into bank accounts;
- Verification of certain information;
- Providing individuals with information concerning products and services which we believe will be of interest;
- Detection, investigation and prevention of fraud and other crimes or malpractice;
- Providing Personal Data to any person or entity engaged by us to render services relating to payment, human resources, accounting etc. to support our business activities on a ‘need to know’ basis;
- Dealing with requests, inquiries or complaints and other client-related activities;
- Carrying out activities connected with the running of our business such as personnel training, quality control and in connection with the transfer of any part of our business
- Addressing network integrity and security issues;
- Protecting our networks and security systems, including monitoring and detection of potential threats, such as hacking, virus dissemination and other security vulnerabilities;
- Making available Personal Data to governmental or regulatory authorities or to a court or judicial officer as may be required under applicable law;
- Carrying out any activity in connection with a legal, governmental or regulatory requirement, for the purpose of compliance of a legal obligation in connection with legal proceedings under applicable law including cyber incidents, prosecution, and punishment for offences, protecting and defending our rights or property or to protect another person’s safety, or to help investigations, monitor or prevent or take action regarding unlawful and illegal activities, suspected fraud, potential threat to the safety or security of any person;
- Recording and monitoring electronic communications, to the extent permitted by applicable law, to ensure compliance with our legal and regulatory obligations and internal policies and for the purposes outlined above;
- evaluate applications for employment;
- manage all aspects of an employee’s employment relationship, including, but not limited to, payroll, benefits, corporate travel and other reimbursable expenses, development and training, absence monitoring, performance appraisal, disciplinary and grievance processes and other general administrative and human resource related processes;
- develop manpower and succession plans;
- protect the safety and security of staff and property including taking measures to facilitate assistance and support in case of emergency such as inserting contact numbers, blood group details on identity cards
- administer formalities with respect to termination of employment;
- provide and maintain references;
- maintain emergency contact and beneficiary details.
Processing for the purposes of this policy refers to online and offline processing and includes activities such as copying, filing, and feeding information into a database. We maintain Personal Data in an organized and easily accessible manner. We will use the Personal Data only for the purpose for which it has been collected.
8. DISCLOSURE OF PERSONAL DATA
We may at times disclose and/or transfer Personal Data to third parties in cases where it is necessary for discharging our contractual obligations and/or providing services to you and/or if you have consented for the same. We may, on a need basis, disclose and/or transfer Personal Data to:
- associates, affiliates, partners, other persons or bodies corporate to enable them to provide services to you on our behalf or provide services to us or assist us in client engagements which involves receipt and collection of, receiving, processing, storing, dealing or handling personal information.
- any relevant entity in the event of a reorganization, merger or sale;
- any third party pursuant to a requirement of a governmental or regulatory body or an order of a court of competent jurisdiction or as may be required under applicable law.
If we outsource the processing of your Personal Data to third parties or provide your Personal Data to third party service providers, we will oblige those third parties to protect your Personal Data with appropriate security measures and prohibit them from using your Personal Data for their own purposes or from disclosing your Personal Data to others. We will adhere to consent and intimation requirements where your Personal Data is being shared with third parties.
9. SECURITY PRACTICES AND CONTROLS
We will take all reasonable steps to ensure that Personal Data is stored in a secure environment and protected from unauthorized access, modification or disclosure. We strive to keep the Personal Data secure through the implementation of the security practices and controls.
Personal Data is stored using systems which have restricted access and which are housed in facilities with physical security measures. We have a comprehensive information security programme documented in the form of our Information Security Policy (ISMS/SKP/CSP_0501) which contains managerial, technical, operational and physical security control measures. Our offices are ISO 27001, ISO 29100 and BS10012 certified to manage the security of Personal Data.
We have a designated Chief Information Security Officer responsible for operation and maintenance of our security programme and controls to enforce the security policy and for providing advice and guidance on its implementation and maintenance.
10. UPDATION OF PERSONAL DATA
We strive to keep our records updated with latest and updated Personal Information. To enable this, you can ask us to update or change any Personal Data collected by us to enable us to meet the objectives stated above.
11. RETENTION OF PERSONAL DATA
We will retain Personal Data only for such period as may be required to observe, perform and comply with our obligations or as otherwise required under applicable law or practice.
12. RIGHTS OF DATA SUBJECTS
Under GDPR (if applicable to you), you as a Data Subject have a number of rights with regard to your Personal Data that we want to summarily make you aware of:
- Right to Access: As a Data Subject, you have the right to access your Personal Data being processed by us and understand the purpose, recipients to whom your Personal Data has been disclosed and the envisaged period of retention of Personal Information.
- Right to Rectification: You have the right to rectify any inaccuracy in your Personal Data obtained and being processed by us.
- Right to Erasure: You have the right to get your Personal Data erased on grounds of completion of purpose, withdrawal of consent, unlawful processing of data or pursuant to exercise of the right to restrict processing or any statutory requirement.
- Right to Restriction of Processing: You have the right to require us to restrict processing of your Personal Data on grounds where you contest the accuracy of the Personal Data being processed and in case of unlawful processing among others.
- Right to Data Portability: You have the right to receive your Personal Data collected and being processed by us in a structured, commonly used and machine-readable format and have the right to transmit such Personal Data to another controller without any hindrance from us when processing of Personal Data is based on consent and where processing is carried out by automated means.
- Right to object to processing: You have the right to object to the processing of your Personal Data on grounds and if such Personal Data is being processed for direct marketing purposes.
- Right to lodge complaint: Where you believe that we have violated or presented a potential risk to your right to privacy, you have the right to lodge a complaint with the supervisory authority under the applicable regulations.
- Right to withdrawal consent: You may at any time withdraw your consent by writing to us at the below-mentioned e-mail address.
You may exercise your rights by writing to us at email@example.com. The exercise of the above rights shall be in accordance with GDPR and other applicable regulations.
13. DATA PROTECTION OFFICER
Our Chief Information Security Officer (CISO) is also our Data Protection Officer and may be contacted at firstname.lastname@example.org.
14. BREACH MANAGEMENT
We have an established Security and Privacy Incident Policy to outline various threats and vulnerabilities that may lead to the breach of security and privacy of Personal Data and processes to guide and implement a response to such incidents. In case of any privacy-related concerns, feedback or grievance, you may contact us at email@example.com.
We Use Common Tracking Technologies
We collect personal information about users over time and across different websites when you use this site or service. We also have third parties that collect personal information this way. To do this, we use several common tracking tools. These may include browser cookies. We may also use web beacons, flash cookies, and similar technologies. Our vendors may also use these tools. In this policy “we” and “us” refers to both SKP and our vendors.
We Use Tracking Technologies For a Variety of Reasons
- To recognize new visitors to our websites.
- To recognize past customers.
- To store your password if you are registered on our site.
- To improve our website and better understand your visits on our platforms.
- To integrate with third-party social media websites.
- To serve you with interest-based or targeted advertising (see below for more on interest-based advertising).
- To observe your behaviors and browsing activities over time across multiple websites or other platforms.
- To better understand the interests of our customers and our website visitors.
We Engage in Interest-Based Advertising
We and our partners display interest-based advertising using information gathered about you over time across multiple websites or other platforms. This might include apps.
Interest-based advertising or “online behavioral advertising” includes ads served to you after you leave our website, encouraging you to return. They also include ads we think are relevant based on your browsing habits or online activities. These ads might be served on websites or on apps. They might also be served in emails. We might serve these ads, or third parties may serve ads. They might be about our products or other companies’ products. Where legally required we get consent to engage in interest-based advertising.
How Do We Gather Relevant Information About You for Interest-Based Advertising?
To decide what is relevant to you, we use the information you make available to us when you interact with us, our affiliates, and other third parties. We gather this information using the tracking tools described above. For example, we or our partners might look at your browsing behaviors. We might look at these activities on our platforms or the platforms of others. We work with third parties who help gather this information.
You Can Control Certain Tracking Tools
Your browser may give you the ability to control cookies. How you do so depends on the type of cookie. Certain browsers can be set to reject browser cookies. To find out more about how to enable, disable, or delete cookies from your web browser, please visit here and here. To control flash cookies, which we may use on certain websites from time to time, you can go here. Why? Because flash cookies cannot be controlled through your browser settings.
Our Do Not Track Policy: Some browsers have a “Do Not Track” feature that allows you to tell a website not to track you. These features are not all uniform. We do not currently respond to those signals. If you block cookies, certain functionality on our sites may not work. If you block or reject cookies, not all of the tracking described here will stop. Certain options you select are browser and device specific.
You Can Opt-Out of Online Behavioral Advertising
The Self-Regulatory Program for Online Behavioral Advertising provides consumers with the ability to opt-out of having their online behavior recorded and used for advertising purposes. To opt out of having your online behavior collected for advertising purposes, visit www.aboutads.info/choices.
Some of the tracking technologies we may use do not participate in the Self-Regulatory Program for Online Behavioral Advertising. This means you will not be opted out by following the instructions above. Instead, click on the following link to get more information about how to opt-out of that tracker’s cookies: Twitter. Certain choices you make are both browser and device-specific.
We Use Specific Tracking Technologies
Here is more information about the tracking technologies and cookies we currently use. We use all of these tracking technologies to improve our site and the experience of our visitors:
- Adobe Dynamic Tag Management and Omniture (Adobe Analytics): We use Adobe Analytics to track user behavior, traffic analysis, and marketing optimization.
- Adobe Test & Target: Adobe Test & Target is a testing and optimization tool that allows us to create different variations of our websites so we can track the effectiveness of and traffic on each one. This also allows us to use information about your web-browsing activities so we can increase the effectiveness of our web pages.
- Bing Ads: Bing Ads allows us to have our advertisements appear at the top of the results page for certain search engines. We also use this tool to track visitors that click on our ads and visit our site. This helps us direct users to our website and determine the effectiveness of our online campaigns in terms of sales and user activity on our sites.
- DoubleClick: DoubleClick allows us to capture and report on the actions of users who visit our website after viewing or clicking on one of our paid ads. This allows us to determine the effectiveness of our online campaigns in terms of both sales and user activity on our sites.
- Facebook Connect: We use this technology to allow users to share their experiences with our websites on Facebook and to track visitors to our sites who have interacted with our ads or posts on Facebook. For example, we may collect your browser information, demographic data, and interaction data. This allows us to determine the effectiveness of our marketing efforts on Facebook.
- Facebook Custom Audience: We use Facebook Custom Audience to deliver ads on Facebook to a certain group of users.
- Google AdWords Conversion: We use conversion tracking to help us understand how effective our digital campaigns are.
- Google Analytics: We use Google Analytics to collect information about how visitors use our website. For example, we collect details of the site where the visitor has come from and the total number of times a visitor has been to our website. This allows us to determine the effectiveness of our online campaigns in terms of sales and user activity on our sites. Google Dynamic Remarketing: We use these tracking tools to track user behavior over time and across third party sites to improve the effectiveness of our online advertising. We collect information about what ads users view and whether they click on the ads. We use this information to improve and customize our advertising.
- Google Tag Manager: We use Google Tag Manager to measure what features on our site are interesting to our users. It also helps us understand what portions of our site users clicked on during a certain time and how users arrived on our site. This allows us to determine the effectiveness of our online campaigns in terms of sales and user activity on our sites.
- Twitter: Twitter is an online social networking service that enables users to send and read short messages. We use the Twitter cookies to enable social sharing buttons on our sites, as well as to track social media and other web browsing behavior in order to target ads and promotions to your interests. For more information on how to opt-out of Twitter cookies, you can go here.
- LeadSquared: We use this tool to track users that have interacted with our email communications and visited our website. We may use this information to improve our emails and customize user experiences. We also use information collected through this tool to determine the effectiveness of our online campaigns in terms of sales and user activity on our sites.
- LinkedIn: We use LinkedIn cookies to enable social sharing buttons on our sites, as well as to track social media and other web browsing behavior in order to target ads and promotions to your interests.
16. CHANGES TO POLICY