This Privacy and Data Protection Policy (“Policy”) specifies the Privacy Principles followed by Qbic Catalyst Partners Pvt. Ltd and its employees with regards to the collection, use, transfer, storage and destruction of personal information/personally identifiable information.
Throughout this Policy, “QCP” refers to Qbic Catalyst Partners Pvt. Ltd (also referred to as “we”, “us”, or “our”).
QCP’s commitment to these policy requirements reflects the value it places for complying with existing Data Protection regulations/legislations and simultaneously maintaining the trust of the employees, clients, business partners, and others whose personal information or other confidential information is shared with us in the course of our business operations.
This Policy aims to facilitate “Privacy-by-Design” principles in implementation of systems and processes by QCP.
This policy document applies to QCP’s a) Information, b) Information Systems, c) Employees and d) Third-Party Staff.
This Policy applies to the collection, storage, processing, transfer, and use of personal information concerning its clients, business partners, employees, former employees, applicants for employment and may include other personal information not specifically listed here also. Personal information may be collected from individuals through a variety of means, including, for example, through websites, other ordering channels, and service or employment processes.
The collection, storage, processing, transfer, and use of personal information by QCP for its business operations shall be governed by the following security controls:
The following security controls shall apply to fair and lawful processing of personal information:
Notice: Provide timely and appropriate notice to Data Subjects (Refers to any information relating to an identified or identifiable natural person) about its data processing practices as required by applicable laws and regulations or, from time to time as necessary.
Choice: Not use personal information with third parties or provide personal information to third parties without giving the Data Subject(s) an opportunity to choose whether their information can be disclosed for such use, unless otherwise permitted or required by law or regulation.
Consent: Process personal information only with an individual’s consent, which may be express or implied, depending on the sensitivity of the personal information and the individual’s reasonable expectations, unless otherwise permitted or required by law or regulation.
The following security controls shall apply to purpose limitation on the collection, use and disclosure of personal information:
Purpose
Data Minimization
Onward Transfer
The following security controls shall apply to purpose limitation on the collection, use and disclosure of personal information:
Accuracy/Integrity: Take all legally required and commercially reasonable steps to ensure that personal information(s)
Access: Maintain processes to give Data Subjects reasonable access to their personal information and, as appropriate, the ability to correct, delete, or update inaccurate or incomplete information.
Security: Take all legally required and commercially reasonable measures proportional to the associated risk to protect personal information from loss, misuse, unauthorized access or disclosure, alteration and destruction. Additionally, ensuring appropriate levels for the protection of information considered to be sensitive personal information.
Retention: Keep personal information in a form that permits identification of Data Subjects for no longer than is necessary for the purposes for which the personal information is processed. Personal information may be stored for longer periods and will be processed solely for archiving purposes in the public interest, or scientific, historical, or statistical purposes and subject to the implementation of appropriate safeguards.
The following security controls shall apply to accountability and enforcement of this policy and data protection regulations and legislations that governs the collection, use and disclosure of personal information:
Accountability: The Director is responsible for and shall demonstrate compliance with this Policy requirements. The Director on a need basis shall designate individuals within the organization to be accountable for compliance with privacy and data protection laws and related policies.
Data Subject Access Requests, Complaints, and Dispute Resolution: The Director shall provide points of contact and communication channels to raise access requests, to initiate data protection and privacy-related complaints, or to pursue dispute resolution, including a fair process to investigate and resolve requests and complaints and to communicate the progress and status of requests or complaints to Data Subjects.
Education and Awareness: QCP on a need basis shall make available training and programs to educate and raise awareness among employees, regarding legal, regulatory, and contractual responsibilities concerning the processing of personal information.
Compliance: The Director is charged with the responsibility to implement and enforce this policy, to promulgate additional privacy related policies as may be required, and to provide strategically coordinated privacy-related compliance, function as Data Protection Officer, as and when required. All covered under this policy shall ensure compliance and adherence of this Policy and controls stipulated therein. Any violation of the Policy may result in disciplinary action which may include suspension, restriction of access or more severe penalties up to and including termination of employment.
Exception: Exceptions to this policy must be approved by the Director.
Violations: Any employee who knowingly violates or attempts to violate this policy shall be subject to disciplinary action, up to and including separation from QCP, subject to applicable local employment laws and regulations. Where illegal activities or an attempt to by-pass security control are suspected, QCP may report such event to the applicable local authorities.
At the point of creating this Policy there are no authorized waivers or exceptions. All waiver and exception requests should be submitted to the Director who will provide a decision and where necessary, instruct updates to the policy documentation.
Any grievance, complaint query or comments, in relation to this Policy, should be sent to QCP in writing to the following contact email ID. Grievance and related queries shall be redressed as expeditiously as possible. The contact information: privacy@qbiccatalyst.com.