top of page

Data Privacy Policy

Definition


A privacy policy is a statement or a legal document (in privacy law) that discloses information about how a party gathers, uses, discloses, and manages a customer or client's data. It adheres to a legal requirement to protect a customer's or client's privacy
 
Purpose of Privacy Policy
 
▪ Privacy policy protects users’ rights
▪ A Privacy policy on your website is a legal document informing users about how you collect and handle their personal data, who you share it with, if you sell it, and any other relevant details
▪ Privacy policy describes policies and procedures on the collection, use and disclosure of the information when use the services and tells about privacy rights and how the law protects you
▪ We use your personal data to provide and improve the service. By using the service, you agree to the collection and use of information in accordance with this Privacy Policy
▪ Almost every business that collects data through a website, mobile app, or desktop app must publish a privacy policy due to one or all of the following:
1. Data privacy laws
2. Third-party service requirements
3. Maintaining trust and transparency between your business and customers
 
VB implements physical and logical access controls across its networks, IT systems and services to provide authorized, and appropriate user access, and to ensure appropriate preservation of data confidentiality, integrity and availability in accordance with the Information Security Policy requirement of the client. Access control systems are in place to protect the interests of all authorized users of V B Associates by providing a safe, secure and accessible environment in which to work.
 
We are committed to maintaining the accuracy, confidentiality, and security of your personally identifiable information ("Personal Information"). As part of this commitment, our privacy policy governs our actions as they relate to the collection, use and disclosure of Personal Information
 
This Policy Covers Network, IT Systems, Data & Authorized Users
 
VB will provide all employees, with on-site access to the information they need to carry out their responsibilities in an effective and efficient manner as possible.
 
Generic or group IDs shall not normally be permitted as means of access to your data.
 
Authorization for the user is provided explicitly, Post completion & documentation by the Proprietor, and then the access credentials are created for the respective user. The Administrator and the support team guard against issuing privilege rights to entire team to prevent potential losses of confidentiality and / or integrity (such as may happen via Ransom ware attacks, which typically are able to encrypt user data after silently installing on a machine over which the user has admin privileges
 
Maintaining Data Security Level
 
Every user should understand the sensitivity of their data and treat them accordingly. Even if technical security mechanisms fail, every user should still attempt to maintain the security of data commensurate to their sensitivity. The Information Classification enables users to classify data appropriately and gives guidance on how to store it, irrespective of security mechanisms.
Users are consequently responsible for any such situations for ensuring that appropriate access to the data are maintained in accordance with the Information Security Policy and any other contractual obligations they may have to meet
 
Access Control Authorization
 
Access to VB systems is given through unique user account and password with the required complexity
 
No Access to the third party is given with authentication, and the third party is escorted by the process staff/supervisor
 
By default, staff access/accounts will be deactivated post resignation and complete documentation of the access is recorded as per the Exit Process.
 
Passwords 
 
Password issuing, strength requirements, and control will be managed through formal processes which are controlled by administrator, Password length, complexity and expiration times will be controlled through Windows Active Directory & Password Policy. Password Policy is further elaborated under Sensitive information handling Policy
 
Access to Confidential, Restricted and Internal Use information Access
 
‘Confidential’, ‘Restricted’ and ‘Internal Use’ information will be limited to authorized persons such as supervisors and back-end whose job or study responsibilities require it, as determined by law, contractual agreement or the Information Security Policy. The responsibility to implement access restrictions lies with the data and systems owners. Role-based access control will be used as the method to secure access. There are no restrictions on the access to ‘Public’ information.

Information Security Program 
 
The objectives of this Information Security Program (“Program”) are as follows:
• Ensure the security and confidentiality of customer information. 
• Protect against any anticipated threats or hazards to the security and/or integrity of the customer information.
• Protect against unauthorized access to or use of the customer information that could result in substantial harm or inconvenience to any customer 
 
Retention of Your Personal Data
 
VB will retain Your Personal Data only as long as is necessary for the purposes set out in this Privacy Policy. We will retain and use Your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.
VB will also retain Usage Data for internal analysis purposes. Usage Data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of Our Service, or We are legally obligated to retain this data for longer time periods
 
Transfer of Your Personal Data
 
Your information, including Personal Data, is processed at the Company's operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of Your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction.
Your consent to this Privacy Policy followed by your submission of such information represents your agreement to that transfer.
The Company will take all steps reasonably necessary to ensure that Your data is treated securely and in accordance with this Privacy Policy and no transfer of Your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of Your data and other personal information
 
Changes to this Privacy Policy
 
We may update Our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.
We will let you know via email and/or a prominent notice on Our Service, prior to the change becoming effective and update the "Last updated" date at the top of this Privacy Policy.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page
 
The Proprietor of VB is the coordinator or the owner of the Program 

bottom of page