Privacy Policy

  • Home
  • Privacy Policy

Privacy Policy

Effective date : 10th June 2023


Introduction

In today’s landscape, safeguarding sensitive data like PII, and SPII is top most priority for an organization. The organization, committed to building trust and ensuring compliance, establishes this policy to define rigorous procedures for protecting such data throughout its lifecycle. This policy applies across all stages, from software development in the cloud to crucial support functions like Operations, sales, marketing, and HR. Also this policy describes how a IET employee, contractor or someone who is authorized to access personal data on behalf of source can use personal data in accordance with standards, privacy best practices


Scope

Confidential information generally consists of non-public information about a person or an entity. This policy covers all employees, contractors, and third parties involved in handling any PII, or SPII within the organization, and on behalf of IET regardless of their role or location, including the cloud environment. It applies to all stages of data handling, from collection and storage to processing and disposal.


Definitions

"Automated Decisions" are defined as decisions about individuals that are based solely on the automated processing of data and that produce legal effects that significantly affect the individuals involved.

"Controller" means a person or organization which, alone or jointly with others, determines the purposes and means of the processing of Personal Data.

"Data Subject" means an individual for whom Ielektron Processes Personal Data.

"Employee" means any current, former or prospective employee, temporary worker, intern or other non-permanent employee of Ielektron.

"Personal Information or Personal Data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity and includes information, that (i) relates to an identified or identifiable Customer, Employee or Supplier’s representative; (ii) can be linked to that Customer, Employee or Supplier’s representative; (iii) is recorded in any form.

"Processing" is defined as any action that is performed on Personal Data, whether in whole or in part by automated means, such as collecting, modifying, using, disclosing, or deleting such data. This Policy does not cover data rendered anonymous or where pseudonyms are used that do not allow for, directly or indirectly, the identification of an individual. The use of pseudonyms involves the replacement of names or other identifiers with substitutes, so that identification of individual persons is either impossible or at least rendered considerably more difficult. This Policy shall apply again if the protections offered through anonymization no longer apply.

"Sensitive Personal Data" means Personal Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership or concerning health or sex, and the commission or alleged commission of any offense, any proceedings for any offense committed or alleged to have been committed by the individual or the disposal of such proceedings, or the sentence of any court in such proceedings.

"Supplier" means any supplier, vendor or other third party that provides services or products to Ielektron.

"Legitimate purpose – for the collection of PII" The personal information Ielektron collect depends on the nature of your dealings. The personal information we collect about you may include: name; mailing or street address; date of birth; email address; phone number Ielektron shall collect your sensitive information only with consent, if it is necessary to prevent a serious and imminent threat to life or health, or as otherwise required or authorised by law, and we take appropriate measures to protect the security of this information. Ielektron may also collect your personal information from third parties or through publicly available.


PRINCIPLES FOR PROCESSING PERSONAL DATA

Ielektron respects the privacy of Data Subjects and is committed to protecting Personal Data. Ielektron will observe the following principles when processing Personal Data:


PURPOSES FOR PERSONAL DATA PROCESSING

Ielektron processes Personal Data for legitimate purposes related mostly to direct marketing in a business-to-business context. Ielektron does not process for purposes of marketing to individual consumers. In addition, Ielektron may process Personal Data for business operational purposes. The foregoing limited purposes will be taken into consideration before any type of processing of Personal Data occurs For customer/supplier-specific Personal Data, the purposes of processing may include: Management of Ielektron relationships with its customers and suppliers, Carrying out Ielektron obligations under its contracts with customers and suppliers.


Data protection, security and confidentiality

Ielektron is committed to implementing and maintaining appropriate technical, physical and organizational measures to protect Personal Data against unauthorized access, unlawful processing, accidental loss or damage and unauthorized destruction.

Ielektron will take reasonable steps to ensure that the personal information that we hold about you is kept confidential and secure, including by:


APPLICATION OF DATA PROTECTION LAWS

This Policy is designed to provide compliance with all relevant applicable data protection laws in particular the General Data Protection Regulation ("GDPR"). Ielektron will also handle Personal Data in accordance with local law at the place where the Personal Data is processed.


Use and Retention of Personal information

Ielektron may use personal information in accordance with law and our customer contracts to carry out our operational or other purposes, as necessary to provide the services. Retention of personal information relationship with us unless we are required to retain your personal information to comply with applicable laws, for example record-keeping obligations. We retain your personal data as long as it is necessary to fulfil the purpose for which it was needed, or longer required to fulfil legal and contractual obligations. After expiration of the retention period, your personal data will be deleted.


RIGHTS OF DATA SUBJECTS

Any person has the right to be provided with information as to the nature of the Personal Data stored or processed about him or her by Ielektron and may request deletion or amendments. Data Subjects may contact the Privacy Officer Ielektron at [email protected] to review, update, and revise their Personal Data. If access is denied, the Data Subject has the right to be informed about the reasons for denial. The person affected may contact any competent regulatory body or authority to resolve the issue. Ielektron will handle in a transparent and timely manner any type of complaint resolution or inquiry about Personal Data. If any information is inaccurate or incomplete, the Data Subject may request that the data be amended. If the Data Subject demonstrates that the purpose for which the data is being processed in no longer legal or appropriate, the data will be deleted, unless applicable laws require otherwise.

Depending on relationship Ielektron and in line with local data protection laws, data subject may have several rights in relation to your Personal Data such as access, rectification, erasure, restriction of processing, objection, withdrawal of consent, not to be subject to decisions based on automated processing, opt out of marketing communications, etc. Please note, these rights are subject to exemptions and may not apply in all circumstances. If you have any comments or inquiries, you may contact privacy team at [email protected]


Cookies

Ielektron does not use cookies and thus we do not collect any cookie data


Disclosure of personal information to third parties

Ielektron may disclose your personal information to third parties like third party service providers (for example, our IT providers); our marketing providers; professional services advisors as appropriate and required


Data breach procedure and reporting time period

The specifics of data breach reporting procedures and timeframes in a privacy policy can vary depending on the jurisdiction and applicable regulations. Please also refer to incident management process for reporting and incident management.

Ielektron being a data processor if experience a data breach have obligations to report the breach to the data controller with 48 hrs or as mentioned in contractual agreement who, in turn, may have obligations to report to regulatory authorities and affected individuals. Incident manager along with privacy ops shall prepare a comprehensive breach report for the data controller, including details of the incident, the nature of the breach, types of data affected, and any measures taken or planned for remediation. Cooperate with the data controller in conducting a thorough impact assessment to understand the potential consequences of the breach on data subjects. Comply with any contractual obligations related to breach reporting timelines set out in the data processing agreement. Collaborate with the data controller in preparing and sending notifications to affected individuals, if required by law. Provide necessary information to the data controller for inclusion in individual notifications.

Ielektron shall keep detailed records of the breach, actions taken, and communications related to the incident. Maintain documentation to demonstrate compliance with data protection obligations. Establish a communication plan for ongoing updates and coordination between the processor and the data controller throughout the incident response process. Work with the data controller to implement additional security measures and remediation steps to prevent similar incidents in the future.


Inquiries and complaints

For complaints about how Ielektron handles, processes or manages your personal information, We may require proof of your identity and full details of your request before we can process your complaint. Please reach out to [email protected] Please allow up to 30 days to respond to your complaint


Employee Privacy

With respect to employee data and associated rights please review Ielektron privacy notice for more information


UPDATES TO THE PRIVACY POLICY:

Ielektron will amend this Privacy Policy from time to time subject to change in applicable laws


Policy compliance and Enforcement

It is essential that all Ielektron policies are adhered to by employees and contractors. Violations may result in disciplinary action as described in HR Disciplinary action process.