In today’s landscape, safeguarding sensitive data like PII, and SPII is top most priority for an organization. The organization, committed to building trust and ensuring compliance, establishes this policy to define rigorous procedures for protecting such data throughout its lifecycle.
This policy applies across all stages, from software development in the cloud to crucial support functions like Operations, sales, marketing, and HR. Also this policy describes how a IET employee, contractor or someone who is authorized to access personal data on behalf of source can use personal data in accordance with standards, privacy best practices
Confidential information generally consists of non-public information about a person or an entity. This policy covers all employees, contractors, and third parties involved in handling any PII, or SPII within the organization, and on behalf of IET regardless of their role or location, including the cloud environment. It applies to all stages of data handling, from collection and storage to processing and disposal.
"Automated Decisions" are defined as decisions about individuals that are based solely on the automated processing of data and that produce legal effects that significantly affect the individuals involved.
"Controller" means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.
"Data Subject" means an individual for whom Ielektron Processes Personal Data.
"Employee" means any current, former or prospective employee, temporary worker, intern or other non-permanent employee of Ielektron
"Personal Information or Personal Data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity and includes information, that (i) relates to an identified or identifiable Customer, Employee or Supplier’s representative; (ii) can be linked to that Customer, Employee or Supplier’s representative; (iii) is recorded in any form.
"Processing" is defined as any action that is performed on Personal Data, whether in whole or in part by automated means, such as collecting, modifying, using, disclosing, or deleting such data. This Policy does not cover data rendered anonymous or where pseudonyms are used that do not allow for, directly or indirectly, the identification of an individual. The use of pseudonyms involves the replacement of names or other identifiers with substitutes, so that identification of individual persons is either impossible or at least rendered considerably more difficult. This Policy shall apply again if the protections offered through anonymization no longer apply.
"Sensitive Personal Data" means Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership or concerning health or sex, and the commission or alleged commission of any offense, any proceedings for any offense committed or alleged to have been committed by the individual or the disposal of such proceedings, or the sentence of any court in such proceedings.
"Supplier" means any supplier, vendor or other third party that provides services or products to Ielektron.
"Information that we collect and Legitimate purpose – for the collection of PII" The personal information Ielektron collect depends on the nature of your dealings. The personal information we collect about you may include below details,
Consent
Ielektron respects the privacy of Data Subjects and is committed to protecting Personal Data. Ielektron will observe the following principles when processing Personal Data:
Ielektron processes Personal Data for legitimate purposes related mostly to direct marketing in a business-to-business context. Ielektron does not process for purposes of marketing to individual consumers. In addition, Ielektron may process Personal Data for business operational purposes. The foregoing limited purposes will be taken into consideration before any type of processing of Personal Data occurs For customer/supplier-specific Personal Data, the purposes of processing may include: Management of Ielektron relationships with its customers and suppliers, Carrying out Ielektron obligations under its contracts with customers and suppliers.
Ielektron is committed to implementing and maintaining appropriate technical, physical and organizational measures to protect Personal Data against unauthorized access, unlawful processing, accidental loss or damage and unauthorized destruction.
Ielektron will take reasonable steps to ensure that the personal information that we hold about you is kept confidential and secure, including by:
This Policy is designed to provide compliance with all relevant applicable data protection laws in particular the General Data Protection Regulation ("GDPR"). Ielektron will also handle Personal Data in accordance with local law at the place where the Personal Data is processed.
Ielektron may use personal information in accordance with law and our customer contracts to carry out our operational or other purposes, as necessary to provide the services. Retention of personal information relationship with us unless we are required to retain your personal information to comply with applicable laws, for example record-keeping obligations. We retain your personal data as long as it is necessary to fulfil the purpose for which it was needed, or longer required to fulfil legal and contractual obligations. After expiration of the retention period, your personal data will be deleted.
Any person has the right to be provided with information as to the nature of the Personal Data stored or processed about him or her by Ielektron and may request deletion or amendments. Data Subjects may contact the Privacy Officer Ielektron at [email protected] to review, update, and revise their Personal Data. If access is denied, the Data Subject has the right to be informed about the reasons for denial. The person affected may contact any competent regulatory body or authority to resolve the issue. Ielektron will handle in a transparent and timely manner any type of complaint resolution or inquiry about Personal Data. If any information is inaccurate or incomplete, the Data Subject may request that the data be amended. If the Data Subject demonstrates that the purpose for which the data is being processed in no longer legal or appropriate, the data will be deleted, unless applicable laws require otherwise. IET will attempt to respond to your requests within one month.
Depending on relationship Ielektron and in line with local data protection laws, data subject may have several rights in relation to your Personal Data such as access, rectification, erasure, restriction of processing, objection, withdrawal of consent, not to be subject to decisions based on automated processing, opt out of marketing communications, etc. Please note, these rights are subject to exemptions and may not apply in all circumstances. In order to exercise the data subject rights or any actions required at the Ielektron team, please reach out to privacy team at [email protected]. If you have any comments or inquiries, you may contact privacy team at [email protected]
We maintain Data Subject Access Request tracker for any modification, deletion of PII data for all users.
We store data within India. Whereas the client’s data is stored in the client's data storage environment as per the project requirements.
Ielektron does not use cookies and thus we do not collect any cookie data
Ielektron may disclose your personal information to third parties like third party service providers (for example, our IT providers); our marketing providers; professional services advisors as appropriate and required
The Website is not directed at nor intended for use by children under the age of 13. If you have reason to believe that a child under the age of 13 has provided Personal Information to us, we encourage the child’s parent or guardian to contact us by email at [email protected] to request that we remove the information from our systems. If we learn that we have received Personal Information or Automatically Collected Information from a child under either the age of 13 we will delete that information from our files. In certain circumstances, we may process Personal Information of individuals under the age of 18 when it is necessary to perform a service requested by the individual providing us with the information, such as for online order fulfilment based on parent’s or guardian’s consent.
We may transfer any and all Personal Information and Automatically Collected Information to a third party if Ielektron is involved in a merger, acquisition, reorganization, restructuring, or other sale or transfer of all or any portion of its assets or business, whether as a going concern or as part of bankruptcy, liquidation, or similar proceedings in which information of Users is among the assets transferred. In this event, we will, if allowed, use reasonable efforts to notify you when your Personal Information and Automatically Collected Information is transferred to any third party under this paragraph by posting such notice on the Website and/or by contacting you via the Personal Information you have provided us, if any. In the event of a transfer of Personal Information as described in this section, we will instruct the third-party recipient that absent your permission to do otherwise it may only use your Personal Information covered by this Privacy Statement in accordance with this Privacy Statement, even after the transfer. However, following such transfer we cannot guarantee or enforce that any such third-party will abide by Ielektron. instruction, and any new information you provide after the transfer will likely be subject to a new policy, and you should review that policy.
The specifics of data breach reporting procedures and timeframes in a privacy policy can vary depending on the jurisdiction and applicable regulations. Please also refer to incident management process for reporting and incident management.
Ielektron being a data processor if experience a data breach have obligations to report the breach to the data controller within 48 hrs or as mentioned in contractual agreement who, in turn, may have obligations to report to regulatory authorities and affected individuals. Incident manager along with privacy ops shall prepare a comprehensive breach report for the data controller, including details of the incident, the nature of the breach, types of data affected, and any measures taken or planned for remediation. Cooperate with the data controller in conducting a thorough impact assessment to understand the potential consequences of the breach on data subjects. Comply with any contractual obligations related to breach reporting timelines set out in the data processing agreement. Collaborate with the data controller in preparing and sending notifications to affected individuals, if required by law. Provide necessary information to the data controller for inclusion in individual notifications.
Ielektron shall keep detailed records of the breach, actions taken, and communications related to the incident. Maintain documentation to demonstrate compliance with data protection obligations. Establish a communication plan for ongoing updates and coordination between the processor and the data controller throughout the incident response process. Work with the data controller to implement additional security measures and remediation steps to prevent similar incidents in the future.
In case of any queries to raise against Data Breach, Pls reach out to [email protected]
There is no International Data Transfer involved.
For complaints about how Ielektron handles, processes or manages your personal information, We may require proof of your identity and full details of your request before we can process your complaint. Please reach out to [email protected] Please allow up to 30 days to respond to your complaint
With respect to employee data and associated rights please review Ielektron privacy notice for more information
Ielektron will amend this Privacy Policy from time to time subject to change in applicable laws
It is essential that all Ielektron policies are adhered to by employees and contractors. Violations may result in disciplinary action as described in HR Disciplinary action process.