PERSONAL DATA PROTECTION POLICY
The purpose of this Personal Data Protection Policy is to protect all personal data collected, stored, processed and/or transferred by, Trigyn Technologies Limited and its subsidiaries (ìTrigynî) in accordance with internationally recognized standards for data protection in particular: General Data Protection Regulation (GDPR) effective 25th May, 2018.
To give people control over how their data is used and to protect ìfundamental rights and freedoms of natural personsî. 2. To collect, store, process and transfer personal data in a lawful manner. 3. Treatment of Personal Data is consistent throughout Trigyn entities and operations. 4. Transfer Personal Data to Trigyn entities and other enterprises that use this data in a manner consistent with the data privacy norms set at Trigyn.
This policy applies to the following individuals / entities under the Trigyn operations that collect, store and/or process personal data:
- → Trigyn Employees;
- → Trigyn Contractors;
- → Trigyn Working Partners
4. Policy Statement
Trigyn shall ensure that Personal Data relating to natural persons including employees (current as well as former), suppliers and customers, are obtained and processed fairly, in accordance with the data subjectsí rights under Data Protection Laws and Regulations. Trigyn respects the privacy and is committed to promoting the responsible use of personal information and protecting individualís privacy rights.
5. Policy Guidelines
- → Trigyn as a data controller and processor, shall establish the specific purposes for which Personal Data is being collected and that itís processing is done in a manner consistent with those purposes.
- → Trigyn shall collect and process only such Personal Data as is adequate, relevant and limited in scope and for a length of time to what is necessary for the stated purposes of its use.
- → Utilize IT systems and applications that have the ability to comply with Data Protection Laws and Regulations including providing appropriate security for storage and transmission of Personal Data.
- → Where required by the GDPR, perform Data Protection Impact Assessments. Report breaches promptly and in line with the personal data breach notification process.
- → Record, investigate, analyze and report data protection-related complaints and
- → Ensure that data protection training is undertaken by all employees.
6. Data Collection, Transfer & Processing
Trigyn may collect, store, use and disclose information about data subjects which may constitute personal data (including sensitive personal data) as per GDPR ,for lawful, explicit and legitimate business and contractual purposes and for further processing of personal data consistent with those purposes. The personal data may be processed for purposes including, without limitation,
- → Administering relationships services.
- → Operational purposes.
- → Conducting market or customer satisfaction research.
- → Providing individuals with information concerning products and services which Trigyn believes to be of interest.
- → Compliance with any requirement of law, regulation, associations, codes that Trigyn decides to adopt.
- → For the detection, investigation, monitoring and prevention of fraud and other crimes or malpractice.
- → For the purpose of, or in connection with, any legal proceedings (including prospective legal proceedings), for obtaining legal advice or for establishing, exercising or defending legal rights or any other purpose connected to or incidental to the purposes as stated above.
Trigyn shall obtain consent from the data subject willingly prior to collecting, storing and processing of personal data. Trigyn shall not utilize an individual's personal data beyond this scope without prior consent from the individual, and shall take measures to ensure that this principle is observed. An individual's personal data shall not be provided or otherwise disclosed to third parties other than Trigyn affiliates, investigators, or law enforcement personnel when consent has been obtained from the individual in question or when disclosure is legally mandated. To the extent permitted by applicable law, Trigyn may record and monitor electronic and voice communications to ensure compliance with the legal and regulatory obligations and internal policies and for the purposes outlined above.
7. Confidentiality and Security
Trigyn takes prudent steps to safeguard the confidentiality and security of all personal data including taking procedural and organizational steps to protect personal data from accidental or unlawful destruction and disclosure. These steps include entering into written agreements with all its vendors, subcontractors who process personal data. Trigyn strives to protect personally identifiable information by using appropriate administrative, physical, and technical safeguards that it maintains or disseminates, so it is not obtained by unauthorized individuals or used in unauthorized ways.
8. Data Subject Access, Correction & Deletion
Trigyn recognizes the right of data subjects at reasonable intervals to seek / request a copy of the personal data held in relation to them by Trigyn. If any personal data is found to be wrong, the individual concerned has the right to ask us to amend, update or delete it, as appropriate. In some circumstances individuals also have a right to object to the processing of their personal data as per the prevailing laws. If Trigyn undertake transactions or other services that involve the disclosure of personal data on behalf of any of its client or counterparty, it shall be the responsibility of such client or counterparty to ensure that they have all necessary authority to permit Trigyn to process and disclose the personal data accordingly. Privacy consent can be withdrawn easily and at any time by the data subject by informing the appropriate authority within Trigyn. The privacy data shall be deleted from the system based on evaluation of compliance with a legal obligation or business process and technologies available to erase individual data. Evaluation will be done by Trigynís Data Protection Officer.
9. Breach Notification
Any personal data breach shall be reported to the concerned authorities. Measures shall be taken to mitigate and minimize the breach. All personnel of Trigyn handling personal data have a responsibility to report any data privacy breach related incidents in case of violation of the data protection policy.
This policy shall be reviewed periodically (at least once a year) and whenever necessitated by changes within Trigyn, to ensure the policyís appropriateness for the companyís business objectives.
- → Trigyn is the data controller for the purpose of Data Protection laws and are obliged to keep personal data secure and process it fairly and lawfully.
- → HR department shall either obtain data subjectís consent for Trigyn use of his/her personal data or send out a privacy notice in accordance with this policy.
- → The Data Protection Officer (DPO) shall facilitate implementation of this policy through the appropriate policies and procedures. The DPO shall ensure protection of personal data in each country where Trigyn has an office.
- → All personnel of Trigyn handling personal data shall take reasonable measures for protection of personal data.
Enforcement of this policy is mandatory & violations of this policy will be reported through the Breach Notification process and Information Security Council Team. The action taken after a violation is as follows:
- → All violations will be reported to the DPO.
- → The defaulter will be issued a warning or will face stricter action depending upon prevailing circumstances during which the incident occurred.
- → A repeat violation on part of the same person would result in strict disciplinary action up to termination of employment.
Data subject refers to any individual person who can be identified, directly or indirectly, via an identifier such as a name, an ID number, location data, or via factors specific to the person’s physical, physiological, genetic, mental, economic, cultural or social identity. In other words, a data subject is an end user whose personal data can be collected.
- → a name, identification number, image, location data, an online identifier.
- → one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
- → Employee personal details like birth date, address, personal phone number.
- → personal email address, race, nationality, ethnicity, origin, colour, religious or political beliefs or associations, age, sex, sexual orientation, marital status, family status, identifying number, code, finger prints, blood type, inherited, characteristics, health care history including information on physical/mental.
- → disability, educational, financial, criminal, history. Photographs of employee and internal gatherings.
Lawful processing means that the activity is conducted in accordance with applicable national or international laws.
Specified purpose means being clear from the outset about why we are collecting personal data and are transparent about our purposes with the individuals concerned.
Accurate means that the data collected and stored are correct and their integrity is protected.
Adequate, relevant and not excessive means that data should be sufficient for the intended purpose and that we should not hold more data than necessary for that purpose.
Data Protection Laws and Regulations means, in the European Union, the General Data Protection Regulation(GDPR) 2016 / 679 and the national statutory legislation passed in each Member State implementing this Directive, as well as national law that exists outside the EU in each country.
European Union – means the current EU Member State countries of:
Austria, Belgium, Bulgaria, Croatia, Cyprus, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, Netherlands, Poland, Portugal, Romania, Slovakia, Slovenia, Spain, Sweden, and the United Kingdom.