Data Protection and Privacy Policy
1. Purpose:
The purpose of this policy is to safeguard personal, sensitive, and business-critical data by defining principles and practices to ensure confidentiality, integrity, and compliance with applicable data protection laws.
2. Scope:
This policy applies to all employees, contractors, vendors, and third parties who access, process, or manage data owned by Sunbeam Elastomers Pvt. Ltd. It covers all personal, customer, employee, and business data in digital or physical formats.
3. Objectives:
- a) To protect personal and business data from unauthorized access, misuse, or breaches.
- b) To comply with applicable data protection laws, such as the Indian IT Act, 2000, and the Data Protection Bill.
- c) To establish accountability and transparency in handling sensitive information.
4. Policy Guidelines:
Data Collection and Usage:
- a) Data will only be collected for legitimate business purposes.
- b) The company will ensure that individuals providing data are informed of the purpose and usage.
- c) Consent will be obtained before collecting sensitive personal data, where required.
Data Storage and Security:
- a) All data will be stored in secure systems, adhering to encryption and access control standards.
- b) Sensitive data will have restricted access based on roles and responsibilities.
- c) Physical records will be stored in locked cabinets with access limited to authorized personnel.
Data Sharing and Transfers:
- a) Data will only be shared with third parties under a written agreement ensuring compliance with this policy.
- b) Cross-border data transfers, if required, will comply with applicable laws.
Employee Data:
- a) Employee personal data (e.g., addresses, bank details) will only be used for legitimate HR and payroll purposes.
- b) Employees have the right to access, update, or delete their personal data, subject to company and legal requirements.
Data Breach Management:
- a) Any suspected or actual data breach must be reported immediately to the IT Department.
- b) Affected individuals will be informed of breaches involving their personal data within 72 hours of detection.
- c) Breach investigations will be conducted, and corrective actions will be taken promptly.
5. Roles and Responsibilities:
Data Protection Officer (DPO):
- a) Oversee compliance with data protection laws and this policy.
- b) Conduct audits and employee training on data protection practices.
- c) Serve as the point of contact for data-related inquiries and complaints.
IT Department:
- a) Implement and maintain secure systems for data storage and processing.
- b) Monitor data access logs and identify potential vulnerabilities.
Employees:
- a) Adhere to data protection practices, including safeguarding login credentials and handling sensitive data responsibly.
- b) Report any data breaches or security incidents immediately.
6. Key Provisions:
1. Access Control:
a) Data access will be granted on a need-to-know basis only.
b) Multi-factor authentication will be implemented for critical systems.
2. Retention Policy:
a) Data will be retained only as long as necessary for the purpose it was collected.
b) Regular reviews will be conducted to securely dispose of outdated or redundant data.
3. Monitoring and Compliance:
a) Regular audits will be conducted to ensure compliance with this policy and applicable laws.
7. Employee Rights:
- 1. Employees and stakeholders have the right to:
a) Access their personal data.
b) Request corrections or deletions, where applicable.
c) Be informed about how their data is being used.
8. Review and Amendments:
This policy will be reviewed annually or as required by changes in data protection laws. Amendments will be recommended by the DPO and approved by the Board of Directors.
Approval:
This Data Protection and Privacy Policy has been approved by the Board of Directors of Sunbeam Elastomers Pvt. Ltd. on 1st January 2025.
This policy ensures secure and responsible data management at Sunbeam Elastomers Pvt. Ltd., safeguarding both employee and business interests.