This policy aims to ensure that everyone handling personal data is aware of the requirements and acts in accordance with data protection procedures.
This policy applies to all staff employees and business partners, implementers, and our consultants.
The Indian Information Technology Act 2000 mandates the secure processing of personal information and prevention of misuse of Information. On April 11, 2011, India's Ministry of Communications and Information Technology passed the Information Technology (Reasonable Security Practices, Procedures and Sensitive Personal Data or Information) Rules which deals with practices and procedures for protection and maintenance of Personal Information.
Cyber Managers Software Services Pvt Ltd needs to keep certain information about its clients' data, business partners and employees to carry out its day-to-day operations, to meet its objectives and to comply with legal obligations.
The organization is committed to ensuring any personal data will be dealt with in line with the relevant data protection & privacy regulations. To comply with the law, personal information will be collected and used fairly, stored safely and not disclosed to any other person unlawfully.
This document also highlights key data protection procedures within the organization.
In line with the relevant Data Protection & Privacy principles, Cyber Managers Software Services Pvt Ltd will ensure that personal data will:
Personally Identifiable Information means any information that relates to a natural person, which either directly or indirectly, in combination with other information available or likely to be available with the organization, can identify such a person.
Refers to any action performed on PII / personal data such as collecting, recording, organizing, storing, transferring, modifying, using, disclosing, uploading or deleting.
Under the Indian IT Rules 2011, sensitive personal data means such personal data which consists of information relating to:
Provided that any Information that is freely available or accessible in public domain or furnished under the Right to Information Act 2005 or any other law for the time being in force will not be Sensitive Personal Data
"Employee" means a Cyber Managers Software Services Pvt Ltd current or former employee. As far as it applies to employees, the Policy covers all stages of the employment cycle including recruitment and selection, promotion, evaluation, and training.
"Relevant Individual" means an employee, customer / client / stakeholder, contractor and/or any other third party working on Cyber Managers Software Services Pvt Ltd behalf and job applicants.
This code suggests five key principles of good data governance on which best practice is based. The organization will seek to abide by this code in relation to all the personal data it processes, i.e.
Cyber Managers Software Services Pvt Ltd processes the following information:
Groups of people within the organization who will process personal information are: Only those individuals (Cyber Managers Software Services Pvt Ltd employees and non-employees) designated with approved access and signed confidentiality & non-disclosure agreements.
Cyber Managers Software Services Pvt Ltd as a corporate body is the governing body to control the distribution of and access of personal data to the rest of the staff and its business partners and consultants on a need-to-know basis.
The governing body will delegate tasks to a manager who deals with day-to-day Data Protection matters, such as subject access requests, and is a point of contact for issues relating to Data Protection contacts and is responsible for:
All staff employees and business partners or implementors and vendors who process personal information must ensure they not only understand but also act in line with this policy and the data protection principles.
To meet our responsibilities, we will:
We will ensure that:
Training and awareness raising about any relevant Data Protection regulations and how it is followed in this organization will take the following forms:
On induction: At the time of engagement with an employee, we sign the "offer letter and employment terms" document which has data privacy terms & conditions.
General training & awareness: ISO/IEC 27001 based ISMS awareness training provided to employees will include data privacy & security topics.
Throughout the relationship with the Relevant Individual, Cyber Managers Software Services Pvt Ltd needs to collect Personal Data. The type of Information that may be collected includes (but is not limited to), where relevant:
Cyber Managers Software Services Pvt Ltd may collect, process and disclose Personal Data of the Relevant Individual for purposes connected with its business activities including the following purposes, hereinafter the "Agreed Purposes":
Cyber Managers Software Services Pvt Ltd only collects users and discloses Personal Data for purposes that are reasonable and legitimate. Such Personal Data shall be processed in a manner compatible with the Agreed Purposes; unless the Relevant Individuals have consented to it being processed for a different purpose or the use for a different purpose is permitted by applicable law. There may be circumstances, when the Relevant Individual may have volunteered personal information and given explicit/fully informed consent to its processing (for example by submission of a CV)
Only those Employees who "need-to-know" or require access to function in their role should have access to Personal Data. Cyber Managers Software Services Pvt Ltd will not disclose Personal Data to any person outside Cyber Managers Software Services Pvt Ltd except for the Agreed Purposes, or with the Relevant Individuals' consent, or with a legitimate interest or legal reason for doing so, such as where Cyber Managers Software Services Pvt Ltd reasonably considers it necessary to do so and where it is permitted by applicable law. In each instance, the disclosed Personal Data will be strictly limited to what is necessary and reasonable to carry out the Agreed Purposes.
When Cyber Managers Software Services Pvt Ltd works with third parties which may have access to Personal Data in the course of providing their services, Cyber Managers Software Services Pvt Ltd contractually requires third party to process Personal Data only on Cyber Managers Software Services Pvt Ltd instructions and consistent with Cyber Managers Software Services Pvt Ltd Data Privacy policies and applicable Data Protection laws.
Cyber Managers Software Services Pvt Ltd may, from time to time, disclose and/or transfer the Relevant Individuals' Personal Data to third parties (including but not limited) listed below:
Notwithstanding anything contained elsewhere, any Personal or Sensitive Personal Data may be disclosed by Cyber Managers Software Services Pvt Ltd to any third party as required by a Court of Law or any other regulatory or any other law enforcement agency established under a statute, as per the prevailing law without the Relevant Individual's consent
As Cyber Managers Software Services Pvt Ltd is part of a larger group of companies operating internationally, it may transfer Personal Data for the Agreed Purposes described above to its own operations, or to other subsidiaries or affiliated companies located in other jurisdictions. Such transfer is justified on the basis that there is a "need-to-know" and it is reasonable and legitimate to allow Cyber Managers Software Services Pvt Ltd companies and businesses to operate effectively and competitively. Personal information is only transferred to another country, including within the Cyber Managers Software Services Pvt Ltd Group, only in as far as a reasonable level of data protection is assured in the recipient country.
When using external data processers or transferring personal data to external third parties, Cyber Managers Software Services Pvt Ltd shall enter into agreements with appropriate contractual clauses for protection of Personal Data and confidentiality including requirements to process the Personal Data only in accordance with instructions from Cyber Managers Software Services Pvt Ltd and to take appropriate technical and organizational measures to ensure that there is no unauthorized or unlawful processing or accidental loss or destruction of or damage to Personal Data.
It is Cyber Managers Software Services Pvt Ltd policy to retain certain Personal Data of the Relevant Individuals when they cease to be employed/ engaged by Cyber Managers Software Services Pvt Ltd. This Personal Data may be required for Cyber Managers Software Services Pvt Ltd legal and business purposes, including any residual activities relating to the employment/engagement, including for example, provision of references, processing of applications for re-employment/re-engagement, matters relating to retirement benefits (if applicable) and allowing Cyber Managers Software Services Pvt Ltd to fulfil any of its contractual or statutory obligations.
All Personal Data of the Relevant Individuals may be retained for periods as prescribed under law or as per Cyber Managers Software Services Pvt Ltd policy from the date the Relevant Individuals cease to be employed/engaged by Cyber Managers Software Services Pvt Ltd. The Personal Data may be retained for a longer period if there is a subsisting reason that obliges Cyber Managers Software Services Pvt Ltd to do so, or the Personal Data is necessary for Cyber Managers Software Services Pvt Ltd to fulfil contractual or legal obligations. Once Cyber Managers Software Services Pvt Ltd no longer requires Personal Data, it is destroyed appropriately and securely or anonymized in accordance with the law.
Cyber Managers Software Services Pvt Ltd takes reasonable security measures to protect Personal Data against loss, misuse, unauthorized or accidental access, disclosure, alteration and destruction. Cyber Managers Software Services Pvt Ltd has implemented policies and maintains appropriate technical, physical, and organizational measures and follows industry practices and standards in adopting procedures and implementing systems designed for securing and protecting Personal Data from unauthorized access, improper use, disclosure and alteration.
Cyber Managers Software Services Pvt Ltd shall implement data masking techniques for protection of PII such as:
Cyber Managers Software Services Pvt Ltd aims to keep all Personal Data as accurate, correct, up-to-date, reliable and complete as possible. However, the accuracy depends to a large extent on the data the Relevant Individuals provide.
Relevant individuals / employees have the right to request details of their personal data that Cyber Managers Software Services Pvt Ltd holds on them by submitting a Subject Access Request.
The Human Resource Department and top management are responsible for this policy.
This policy and relevant specific policies and procedures shall be published in the company's Shared Drive and communicated to all employees and relevant external parties.
This policy shall be reviewed on a yearly basis or if significant changes occur to ensure its continuing suitability, adequacy, and effectiveness.
The core ISMS team would review this Policy, the compliance and implementation status, effectiveness of controls and their implementation, considering Internal Audit Reports, idents, suggestions and feedback from related parties and make appropriate recommendations for improvements.
Non-compliance or violation of this policy shall result in disciplinary action as per the Human Resources Security Policy and other such rules prevalent at the time of violation.