Aparajitha (i.e. the Aparajitha Group inclusive of all the various legal entities or related companies) respects the need for Privacy (individual and organizational) while providing services and developing technology that gives the most powerful and safe experienceThe privacy requirements of various stakeholders such as Aparajitha’s employees, clients, clients’ employees & contractors and vendors/suppliers, who provide or share information, are suitably and appropriately addressed through this policy.
This Privacy Statement applies to the entire Aparajitha Group comprising of various legal entities, and governs, including but not limited to data/information collection, its storage and usage in accordance with the prevailing laws of the country.
This Privacy Statement is applicable to and governs the various services and products offered by Aparajitha. Aparajitha Corporate Services (P) Ltd., and its subsidiaries are in the business of HR Legal Compliance Services. Different lines of services cater to various sizes of organizations across all industries across the length and breadth of India. Aparajitha’s services cover compliances of Establishments/ Factories/ Mines/ Project-sites/ Contract Labour Compliances/ Payroll and its compliances, and Audit and Consultation for M&A. Compfie is a SaaS based compliance tracking tool.
Please refer the following URLs for details of services and products offered by Aparajitha: (1) www.aparajitha.com/our-services.html, (2) www.compfie.com and (3) www.compfielaw.com. Given the nature of services of Aparajitha, it is necessarily imperative to have access to personally identifiable information and sensitive personally identifiable information of various stakeholders for the benefit of whom the services are delivered.
Coverage / Scope
This policy refers to all the internal and external stakeholders such as employees, clients, employees and contractors of clients, vendors/suppliers to Aparajitha, who provide information to Aparajitha and to whom Aparajitha provides information to carry out agreed upon business operations. Employees of all the companies belonging to Aparajitha Group must follow this policy. Contractors, consultants, partners and any other external entities are also covered. Generally, the policy refers to anyone the company collaborates with for any business reason.
TYPES OF INFORMATION COLLECTED
Aparajitha collects different types of sensitive and non-sensitive information of individuals and organizations, including Personally Identifiable Information (PII), Sensitive Personally Identifiable Information (SPII), as defined by IT Act 2000 and IT Rules 2011. An illustrative list is as follows: Name, Gender, Date of Birth, Father’s name, Parents/Spouse’s/Children’s/siblings name and age, Address, Marital Status, Designation, Company’s name, UAN, IP number, Aadhar, Bank Account Details, Mobile number, Salary details with breakup.
All such data are not necessarily obtained from all stakeholder groups.
From Aparajitha Employees: Personally Identifiable Information (PII), Sensitive Personally Identifiable Information (SPII), as defined by IT Act 2000 and IT Rules 2011. These details are directly obtained from the employees and their consent is obtained at the time of joining. This data is primarily used for complying with the statutory provisions of the applicable laws pertaining to employment.
From Clients: Personally Identifiable Information (PII), Sensitive Personally Identifiable Information (SPII), as defined by IT Act 2000 and IT Rules 2011, of the client’s employees, and the employees of the contractors who the serve the client. Such information is required to meet the deliverables agreed upon with the client primarily to ensure statutory compliance. Consent for sharing such details to
Aparajitha will be governed by the Master Service Agreement between Aparajitha and the client. Client will be responsible for obtaining the consent from its employees and contractors. In case anyone of them would like to withdraw the consent and choose not to disclose such details, client may at its discretion decide not to include such individual/entity from the scope of services outsourced to Aparajitha. In such cases client shall ensure compliance of such individuals/entities From Vendors/Suppliers: Personally Identifiable Information (PII), Sensitive Personally Identifiable Information (SPII), as defined by IT Act 2000 and IT Rules 2011, of the suppliers and/or supplier’s employees. Aparajitha seeks such information from suppliers primarily to ensure that the vendor/supplier is compliant.
From Visitors: Name, Affiliation/organization, Origin Location, Mobile Number, Purpose of Visit and Signature/Initials. These details are being collected only from the perspective of security if and when they are allowed to enter into the premises beyond the reception of the office.
PURPOSE OF COLLECTION
Aparajitha will collect personal data only for identified and lawful purposes connected with its business;
- (i) Statutory Compliance
- (ii) Organization’s internal operations and functions
- (iii) Stated functions / purpose towards delivery of services/products
- (iv) As per contract/agreement
- (v) Security
Purpose of collecting the data is also illustrated against each stakeholder group for clarity. Aparajitha may also contact its existing clients and or prospective clients via surveys to conduct research about Aparajitha’s services/products and or of potential new services/products that may be offered as part of the internal R&D purposes.
INFORMATION – USAGE
All the data/information used in and by Aparajitha will be used towards running of its businesses; to deliver services/products in a manner that is lawful, fair and compatible with the purpose for which the data/information was collected, and will not be shared with any third party.
INFORMATON – STORAGE & RETENTION
The information provided to Aparajitha will be stored primarily in India, with the exception of countries wherein the law may stipulate storage of data of such entities operating in that country to be stored in the same country or continent or other country or continent, Aparajitha shall do so in discussion with such stakeholders as required.
The information provided to or collected by Aparajitha will be retained based on the nature/type of information as per statutory and/or contractual requirements.
Aparajitha will retain personal data only:
- i. To the extent and for so long as necessary in connection with the purpose for which Aparajitha processes the personal data
- ii. As required by professional standards or Policies
- iii. As required or permitted by any law.
- (a) Conform to the edicts of the law or comply with legal process served on Aparajitha
- (b) Protect and defend the rights or property of Aparajitha
- (c) Act under exigent circumstances to protect the personal safety of users of Aparajitha or the public.
- I. Third parties must ensure equal care and adequate levels of protection; and
- II. Appropriate security measures must be implemented to safeguard the personal data; and
- III. The personal data must only be processed in accordance with Aparajitha’s instructions. Third parties shall not further disclose any information shared with them to any other stakeholder without the written consent of Aparajitha.
- IV. In the event of any breach of agreement on disclosure of any information shared by Aparajitha, the supplier shall be terminated and black listed.
- i. The state of the art/ industry standards and best practices
- ii. The cost of implementation
- iii. The nature, scope, context, purpose and processing of data / information
- iv. The risk posed to information security
- 1) Aparajitha reserves its full rights to modify or revise or add or delete any clause(s)/provision(s) of this Privacy Statement without prior notice. If any provision is held invalid, the offending clause will be modified so as to be enforceable and, as modified, shall be fully enforced, and the remainder of the Privacy statement will continue in full force and effect.
- 3) Anyone who becomes aware of any breach of security shall immediately notify Aparajitha through the established agreed upon processes in case of being a stakeholder directly involved in the course of business operations; alternatively one can notify the grievance officer Dr S.Venkatesh, who can be reached through the email id: firstname.lastname@example.org. The use of Aparajitha’s website(s) or services or products implies the acceptance of the Privacy Statement.
Aparajitha will delete, destroy or permanently anonymise all other personal data it processes as per the agreement/contract.
CONSENT AND RELATED
Aparajitha does not use or disclose sensitive personal information, such as race, religion, or political affiliations, without the explicit consent of the data/information provider (individual or entities as the case may be).
Where required by applicable law, Aparajitha will obtain appropriate consent from the provider of the data/information before collection, storage or processing of the data/information for the stated purpose. Aparajitha will acquire additional consent from the provider of data / information, if the personal data / information is to be used for any other purposes that is not within the scope of the already agreed upon business transactions.
Provider of data/information will have a choice to withdraw the consent, which shall be communicated to Aparajitha in writing (by any means, physically or electronically) by the providers who wish to withdraw the consent. Upon receiving any withdrawal notice Aparajitha will delete, destroy or permanently anonymise, as the case may be, data/information pertaining to that particular provider who wishes to withdraw consent. In case of employees such withdrawal of consent for all such data will amount to withdrawal of employment and in such cases Aparajitha shall reserve the right to retain the data as stipulated by any of the statutes. In case of any stakeholders related to the client such withdrawal of consent shall be handled upon and in accordance with the instruction given by the client.
Aparajitha may disclose personal information, only if required to do so by law or in the good faith that such action is necessary to:
Aparajitha does not outsource their core business services to any third party.
Aparajitha may engage qualified vendors/suppliers for any of the activities that may be incidental but important to the business such as Security services, internal audit etc.
Aparajitha may disclose personal data to such third parties as a part of normal scope of services agreed upon with the supplier. The disclosure to any third party will be undertaken only upon entering into a legally enforceable contract. The contract shall contain appropriate privacy clauses. Third parties are mandated to handle all personal data in accordance with the following:
TRANSFER OF INFORMATION
Aparajitha does not transfer, sell, rent or lease its customers data to third parties (refer to the Section on Disclosure for potential exemptions).
Aparajitha does not outsource any of its core businesses. Data/Information collected by and provided to Aparajitha is not transferred to any third party without the knowledge or consent, as the case may be, of the provider of data/information.
Aparajitha has put in place appropriate and applicable controls to preserve the Confidentiality, Integrity and Availability of information to a reasonable extent in-line with industry standards. Aparajitha has implemented adequate technical and organisational measures to protect personal data against unauthorised or unlawful processing (including unauthorised disclosure, access, loss, alteration, damage and destruction).
The following key aspects are considered while arriving at appropriate measures:
Aparajitha will take commercially viable and reasonable steps to update, correct, complete or delete (as appropriate) any personal data shown to be out of date, inaccurate or incomplete, to the extent required by applicable privacy laws.
Aparajitha has restricted access to personal data to those personnel with a need to know, and process it only on Aparajitha’s instructions or to comply with a requirement of Law. The personnel having access to personal data are bound to maintain the confidentiality and security of the personal data
Aparajitha conducts appropriate due diligence checks prior to and during the selection of third parties, and during engagement of their services, as applicable.
COMMUNICATION & PUBLICATION